Getting started with Linux User security

The/etc/passwd file in UNIX systems contains information about each user that all systems need to know (the encrypted password may also be stored in the/etc/shadow file ).
/Etc/passwd contains the user's login name, encrypted password, user number, user group number, user comment, user main directory and shell program used by the user. The User ID (UID) and user group ID (GID) are used to uniquely identify the access permissions of users and users in the same group and in the UNIX system.
The encrypted passwords stored in/etc/passwd are calculated and compared with the passwords entered during user logon. logon is allowed if they match the passwords. Otherwise, logon is denied. You can use the passwd command to modify your own password. You cannot directly modify the password section in/etc/passwd.
A good password should be at least six characters long. Do not use personal information (such as birthday, name, reverse spelling login name, and what is visible in the room ), common English words are not good either (because dictionary attack can be used). It is better to have some non-letters (such as numbers, punctuation marks, and control characters) in the password, and remember some more, it cannot be written on paper or in a computer file. A good way to select a password is to connect two irrelevant words with a number or control character and cut them off to 8 characters. Of course, it would be better to remember 8 garbled characters.
The same password should not be used on different machines, especially for users of different levels, which may cause a full crash. The user should change the password periodically at least once every six months. The system administrator can force the user to change the password periodically.
To prevent easy-to-use attackers from stealing passwords, make sure that no one is there when entering the password.
2. File Permission
The file attribute determines the access permission of the file, that is, who can access or execute the file. Use ls-l to list detailed file information, such:
-Rwxrwxrwx 1 pat cs440 70 Jul 28 21:12 zombin
Including file license, number of file links, file owner name, file-related group name, file length, last access date and file name.
The file license consists of four parts:
-: Indicates the file type.
The first rwx indicates the access permission of the file owner.
The second rwx indicates the access permissions of users in the same group of files.
The third rwx indicates the access permissions of other users.
If a license is restricted, the corresponding letter is changed -.
The execution permission may contain other letters, s, S, t, and T. S and S can appear in the permitted mode locations of the owner and the same group of users, which is related to special licenses. We will discuss later that t and T can appear in the permitted mode locations of other users, it is related to "pasting bits" but not security. Lowercase letters (x, s, t) indicate that the execution permit is allowed, negative signs or uppercase letters (-, S or T) indicate that the execution permit is not allowed.
You can use the chmod command to change the license method and use the new license method and the file name as the parameter. The new licensing method is given in a three-digit octal number, where r is 4, w is 2, and x is 1. For example, rwxr-xr -- Is 754.
Other parameters of chmod can be directly modified for a group of parameters. For more information, see the online manual for UNIX systems.
File Permission can be used to prevent accidental rewriting or deletion of an important file (even the owner himself )!
The owner and group names of the file can be changed by chown and chgrp, but the original owner and group members cannot be modified after modification.
3. directory permission
In UNIX systems, a directory is also a file. When ls-l is used to list the attributes of a directory file, a d is added before the directory file. The directory license is similar to a file license, to use the ls column directory, you must have a read permission. To add or delete files in the directory, you must have a write permission to access the directory or use the directory as the path component, therefore, to use any file, you must have permission for the file and find all directory components in the file path. Only when you want to open a file, the file license starts to take effect. rm and mv do not require the file license as long as they have Directory Search and write licenses.
4. umask command
Umask sets the default blocking value for file creation in user files and directories. If you place this command in the. profile file, you can control the access permission for subsequent files created by the user. The umask command is the opposite of the chmod command, which tells the system not to grant any access permission when creating a file.
5. Set User ID and user ID permission for the same group
User ID license (SUID) settings and the same group user ID license (SGID) can be given to executable target files (only executable files make sense) when a process is executed, it is assigned four numbers to identify who the process belongs to. They are actual and valid UID, actual and valid GID respectively. Valid UID and GID are generally the same as actual UID and GID. Valid UID and GID are used by the system to determine the process's access permission for files. Setting SUID permission for an executable file will change the above situation. When SUID is set, the valid UID of the process is the valid UID of the owner of the executable file, instead of the valid UID of the user who executes the program, all created by the program have the same access permission as the owner of the program. In this way, the owner of the program will be able to publish information that is not allowed to be accessed by the public to a limited extent through the control of the program.
Similarly, SGID is a valid GID.
Use the chmod u + s file name and chmod u-s file name to set and cancel SUID settings. Use the chmod g + s file name and chmod g-s file name to set and cancel SGID settings.
When SUID and SGID are set in the file, the chown and chgrp commands cancel these permissions.
6. cp mv ln and cpio commands
When the cp copies a file, if the target file does not exist, the access permission of the source file will be copied simultaneously, including the SUID and SGID licenses. The newly copied file is owned by the copied user. Therefore, be careful when copying another object. Do not be damaged by another user's SUID program.
When a music video file is moved, the new file access permission is the same as that of the original file. The music video only changes the file name. As long as the user has a directory write and search permission, the SUID program of someone in the directory can be moved without changing the access permission. If the directory permission settings are incorrect, the user's SUID program can be moved to a directory that cannot be modified or deleted, and a security vulnerability may occur.
Ln creates a chain for an existing file, that is, a new name that references the same file. If the target file already exists, the file is deleted and replaced with a new link, or the existing target file cannot be written by the user. Then, the user is requested to confirm whether to delete the file, only built-in links in the same file system are allowed. To delete a SUID File, check the number of links to the file. Only one chain can ensure that the file is deleted. If the SUID File already has multiple links, one way is to change its access permission method. The access permission of all links will be modified at the same time, or the chmod 000 file name can be used, not only does SUID and SGID permission of the file be canceled, but all links of the file are also canceled. To find out who has established a link with your SUID program, do not immediately delete the program. The system administrator can use the ncheck command to find other links of the program.
The cpio command is used to copy the directory structure to a common file, and then you can use the cpio command to convert this common file into a directory structure. When the-I option is used, cpio reads files and directory names from the standard input device, and copies the content to the standard output device according to the file format. When the-o option is used, cpio reads the files created first from the standard input device and recreates the directory structure. Cpio commands use the following commands to create a complete directory system file:
Find fromdir-printcpio-o> archive
Run the following command to create a directory structure based on the archive file:
Cpio-id <archive

Cpio security conventions are as follows:
(1) Information of each file stored in an archive file, including the file owner, group users, last modification time, last access time, and file access permission method.
* Maintain the access permission for files created in the archives.
* The owner and group users of each file extracted from the file are set to the user running the cpio-I command, rather than to the owner and group users pointed out in the file.
* When the user running the cpio-I command is root, the owner and group user of the created file are indicated by the archive file.
* When the SUID/SGID File in the file is rebuilt, the SUID and SGID are allowed. If the user of the file is not root, the SUID/SGID license is the permission of the user/group indicated in the file.
(2) When an existing file has the same name as a file in the cpio file, if the existing file is newer than the file in the file, these files will not be overwritten.
(3) If the option U is modified, the existing file with the same name will be overwritten. A very strange thing may happen: for example, if a file to be rewritten has a chain with another file, the chain is not broken after the file is rewritten. In other words, the chain of the file will be maintained, therefore, all links of the file actually point to the files extracted from the file, run cpio to overwrite the existing files unconditionally, and change the link of the chain.
(4) the full path name or parent directory name in the cpio file.
7. su and newgrp commands
(1) su command: you can log on to the system as another user without having to cancel the account header. It starts a new shell and sets valid and actual UID and GID to another user. Therefore, the root password must be kept strictly confidential.
(2) newgrp command: similar to su, used to modify the name of the current group.
8. file encryption
The crypt command can be provided to users to encrypt files and use a keyword to encode the standard input information into unreadable and messy strings and send them to the standard output device. Use this command again to apply the same keyword to the encrypted file to restore the file content.
In general, after the file is encrypted, the original file should be deleted, leaving only the encrypted version, and the encryption keyword should not be forgotten.
In vi, encryption is generally enabled. You can use the vi-x command to edit the encrypted file. The selection rules for encryption keywords are the same as those for passwords.

Crypt programs may be used as Troy Trojans, so passwords cannot be used as keywords. It is best to compress the file with the pack or compress command before encryption.
9. Other Security Problems
(1) User's. profile file
The. profile file in the user's HOME directory is executed when the user logs on. If the file is writable to others, any user in the system can modify the file so that it can work as required. In this way, other users may have the same permissions.
(2) ls-
This command is used to list all files in the current directory, including files whose names start with, and view the access permission and owner of all files, any files that do not belong to you but exist in your own directories should be suspected and pursued.
(3). exrc File
To edit the initialization file of the program, first find $ HOME /. exrc file and. /. exrc file. If this file is found in the $ HOME directory, it can be like. profile also controls its access method. If you run the editing program in a directory that you cannot control, you may run other people's. exrc file, maybe this. exrc files exist in order to protect others' file security. To ensure the security of the edited files, it is recommended that you do not run any editing program in a directory not owned by yourself or another person.
(4) temporary files and directories
In UNIX systems, the temporary directories are/tmp and/usr/tmp. They are used by programmers and many system commands. If these directories are used to store temporary files, other users may destroy these files. It is best to define the file blocking value as 007 when using temporary files, but the safest way is to create your own temporary files and directories: $ HOME/tmp, do not store important files in public temporary directories.
(5) UUCP and other networks
The UUCP command is used to transmit files from one UNIX system to another UNIX system. The files transmitted through UUCP are usually stored in the/usr/spool/uucppublic/login directory, and login is the user's login name, the access permission for this directory is 777. files transmitted over the network and stored in this directory belong to UUCP, And the access permission for files is 666 and 777. Users should encrypt the files transmitted through UUCP, and move it to your directory as soon as possible. Other networks transmit files to the rjc directory under the user's HOME directory. This directory should be writable and searchable for others, but not readable. Therefore, the access permission for the user's rjc directory should be 733, allowing programs to create files in it. Similarly, the transmitted files should be encrypted and moved to their own directories as soon as possible.
(6) Special Anti-Trojan
In UNIX system security, a program is represented by teloeimima, which damages the security of users when a function with obvious intent is completed. If the PATH is set to search for the system directory first, the attack by the trojan will be greatly reduced. Crypt program as a modulo.
(7) Deception
Similar to a special Trojan, a user may leak some information. The difference is that it is executed by someone, waiting for users who are not alert to be fooled. Login as a modulo.
(8) Computer Viruses
Computer viruses can spread quickly by turning other programs into viruses, especially when the system administrator runs an infected program as root. Experiments show that a virus can obtain the root permission within one hour (on average less than 30 minutes.
(9) You must leave the terminal you have logged on.
Unless you can lock the terminal, you must cancel the account.

(10) smart terminals
Because the Smart terminal has a sequence of send and enter code exchanges, it tells the terminal to send the current row to the system, just as the user typed in. This is a dangerous capability. Other people may use the write command to send information to the user's terminal. If the information contains the following code changing sequence:
Move cursor to new line (line feed)
Display "rm-r *" on the screen *"
Send this row to the System
You can imagine the consequences.
To prohibit other users from sending messages, use the mesg command. mesg n does not allow other users to send messages, and mesg y allows other users to send messages. Even so, there is still a problem with the code-changing sequence. Any user can use the mail command to send the same set of Code-changing sequences. Different codes must be used! Rm-r * for rm-r *. mail will take! The line at the beginning is interpreted as a shell command, and the shell starts to explain other parts of the line. This is called shell code replacement. To prevent mail commands from sending code-changing sequences to your terminal, you can create a filter program. before reading the mail file, run the filter program to process the mail file:
Myname = "$ LOGNAME ";
Tr-d [01-07] [-13-37]> $ HOME/mailbox;
>/Usr/mail/$ myname;
Mail-f $ HOME/mailbox
Tr converts the characters in the standard input to the standard output. This is just a simple idea,
In principle, this program should be a C program to avoid damaging the files being sent, which can be implemented by locking the files.
(11) disconnect from the system
The user should see the system to confirm the user's login and logout before leaving, so that the user is not logged out by others.
(12) cu command
This command enables you to log on to another UNIX system from one UNIX system. In this case, you must enter "~ "And press enter to disconnect the connection between the cu and the remote system. Cu has two security issues:
* If the security of the local machine is weaker than that of the remote machine, it is not recommended to use cu to log on to the remote machine, so as to avoid affecting the safe remote machine due to the security of the local machine.
* Since the old version of cu processes "~ "The method is incomplete. When a system with strong security calls a system with weak security, the users of the weak system will use the cu of the strong system user to transmit the/etc/passwd file of the strong system, do not call a weak system unless you are sure that the cu you are using is in the correct version.
10. Key points to keep the account header secure
(1) Maintain password security
* Do not write down the password.
* Do not store the password in the string storage of the terminal function key or MODEM.
* Do not use plain information as a password.
* Do not let others know.
* Do not use two passwords.
* Do not use the same password on different systems.
* Do not let people see that they are entering a password.
(2) do not allow others to write their own files or directories.
* If you do not trust this group of users, set umask to 022.
* Make sure that your. profile cannot be read or written to others except yourself.
* It is best not to store important files in the temporary directory.
* Make sure that the HOME directory is not writable to anyone.
* Uucp files should be encrypted and private as soon as possible.
(3) If you do not want other users to read your own files or directories, you must prevent others from reading your files or directories.
* Umask is set to 006/007.
* If users in the same group are not allowed to access their files and directories, set umask to 077.
* The temporary files are set according to the current umask. Programs that store important data to the temporary files are written to ensure that the temporary files are not readable to other users.
* Make sure that the HOME directory is not readable to each user.
(4) do not write SUID/SGID programs.
(5) copy and remove files with caution.
* When copying a file, remember that the permission for the target file is the same as that for the file, including SUID/SGID. If the target file already exists, the access permission and owner of the target file remain unchanged.
* When you move a music video file, remember that the target file is licensed in the same way as the file, including SUID/SGID license. If you move a file in the same file system, the owner and group of the target file remain unchanged. Otherwise, the owner and group of the target file will set the valid UID and GID of the cost user.
* Use the cpio command with caution. It can overwrite files not in the current directory structure of the current user. The t option is used to list the files to be copied first.
(6) When deleting a SUID/SGID program, first check the number of links of the program. If there are multiple chains, change the access permission method to 000, and then delete the program, you can also enter the I node number of the program to the system administrator to find other links.
(7) Use crypt to encrypt files that are unwilling to be viewed by any user (including super users.
* Do not use keywords as command variables.
* Use ed-x or vi-x to edit the encrypted file.
(8) do not run programs of other users except trusted users.
(9) put the system directory in your PATH in front.
(10) do not leave the terminal you have logged on.
(11) If there is a smart terminal, it should be careful that the information from other users, including the write command, mail command and other user files, contains a code-changing sequence.
(12) after exiting with CTRL + D or exit, wait for the login to be viewed before disconnecting from the system: prompt.
(13) Pay attention to the cu version.
* Do not use cu to call a more secure system.
* Unless you are sure that the cu will not be tricked into sending files, do not use the cu to call a system with weak security.
(Source: ChinaUnix.net)