Improve the security of open UNIX platforms

This article will look at the use of a new method to improve the security of open UNIX shell) applications. This article provides a step-by-step analysis of the Code. The author's major fields are Web programming and cutting-edge network security development.

Malicious users who damage the system and gain super user permissions will be a nightmare for all system administrators. To protect the open UNIX platform, the following small shell applications will contribute to the open UNIX security barriers.

Both the open UNIX operating system FreeBSD and Linux Mandrake have a complete shell security system. The FreeBSD program is located at/etc/security. The Linux Mandrake security package can be found under/usr/share/msec. These standard tools are similar in functionality, But they restrict control over file system integrity to files with SUID and SGID signatures. The MD5 file checksum Calculation Method for Mandrake is different from that for FreeBSD.

Generally, the access permission of a running program to system resources corresponds to the permission of the program user. Setting the SGID and SUID flag changes this so that the access permission can be specified based on the permissions of the file owner. Therefore, no matter who the program user is, all executable programs running by the root user can access system resources without any restrictions. In this case, setting the SUID and SGID flag causes the permissions of the file owner and the permissions of the group owner to be inherited respectively.

Then, changing the privileges for a single runtime and a single program is usually an extension ). Other processes started by the application also inherit the permissions of the application. Therefore, set the SUID and SGID flag with caution, and only set for programs that cannot start any task.

MD5

MD5 is the message digest algorithm of the digital signature application, developed by Ronald L. Rivest in 1991. Refer to references later in this article to obtain the source code of the algorithm and more information.

Solution: using MD5 checksum and the SGID/SUID flag to track modifications to new system files is an extremely difficult task. However, with sufficient experience and caution, you can modify system services and settings without changing standard file attributes. Generally, administrators will pay attention to the date on which files are created and modified ). The following program performs an integrity test on the MD5 checksum disguised to prevent modification and tracks the modifications made to all files in the specified directory.

FreeBSD's files-diffs configuration and source code

Standard services are in the following directory: /etc *,/bin,/sbin,/modules,/usr/bin,/usr/sbin,/usr/lib *,/usr/libexec *,/usr/X11R6/ bin,/usr/X11R6/lib *,/usr/local/bin,/usr/local/etc *, and/usr/local/sbin. Such hierarchies track the integrity of standard services, but cannot track additional services, such as Perl, Web, and News, that are also compromised ). Directories marked with "*" contain additional layers and should also be tracked. It is a good idea to let the root user receive a daily email report on the modified files. Set our shell program:

Log on as a root user
[Cd/etc/periodic/daily]
Save the code to the files-diffs file.
[Chmod 755 files-diffs]
[Chown root: wheel files-diffs]
Listing 1. FreeBSD's files-diffs
#! /Bin/bash
#
# Checking files for modification
#
# Written by Igor B. Maximov, <= "mailto: uniug@cris.net"> uniug@cris.net
#
# Dirs with sub-folders checking
DeepDirs = "/boot/etc/lib/sbin/usr/bin/usr/lib/usr/libexec"

# Dirs without sub-folders checking
Dirs = "/bin/usr/local/sbin/usr/sbin"

TMP =/var/run/files-diff. $
LOG =/var/log/security

(
For j in $ DeepDirs
Do
Cd $ j
For I in '/usr/bin/find.-type f-or-type l-or-type s-or-type p-xdev'
Do
Echo $ {j} "/" '(/bin/ls-l $ I;/usr/bin/md5sum $ I )'
Done
Done

For j in $ Dirs
Do
Cd $ j
For I in '/usr/bin/find.-type f-or-type l-or-type s-or-type p-xdev-maxdepth 1'
Do
Echo $ {j} "/" '(/bin/ls-l $ I;/usr/bin/md5sum $ I )'
Done
Done

) >$ {TMP}

If [! -F $ {LOG}/files-diff.today]; then
(
Echo "No $ {LOG}/files-diff.today"
Cp $ {TMP }$ {LOG}/files-diff.today
) | Mail-sNo _ $ {LOG}/files-diff.today root

Fi

If cmp $ {LOG}/files-diff.today $ {TMP}>/dev/null; then:; else
(
Echo "files diffs :"
Diff-B $ {LOG}/files-diff.today $ {TMP}
Mv $ {LOG}/files-diff.today $ {LOG}/files-diff.yesterday
Mv $ {TMP }$ {LOG}/files-diff.today
) | Mail-sfiles-diff root

Fi

If [-f $ {TMP}]; then
Rm $ {TMP}
Fi

File-diffs configuration and source code of Linux manrake

The standard service is located in the following directory: /boot *,/etc *,/bin,/sbin *,/usr/bin *,/usr/sbin,/usr/lib *,/usr/libexec *,/usr /local/bin,/usr/local/etc *, and/usr/local/sbin. If you have installed the Mandrake security package on RPM:/System/Base/msec, follow these installation instructions:

Log on as a root user
[Cd/usr/share/msec]
Save the code to a files-diffs file.
[Chmod 755 files-diffs.sh]
[Chown root: root files-diffs.sh]
Open the Security. sh file and edit it and add the following strings to the end of the file:
./Usr/share/msec/files-diffs.sh
Listing 2. Linux Mandrake files-diffs
#! /Bin/sh
#
# Checking files for modification
#
# Written by Igor B. Maximov, <= "mailto: uniug@cris.net"> uniug@cris.net
#
# Dirs with sub-folders checking
DeepDirs = "/etc/usr/lib/usr/libexec/usr/X11R6/lib/usr/local/etc"

# Dirs without sub-folders checking
Dirs = "/bin/sbin/modules/usr/bin/usr/sbin/usr/X11R6/bin/usr/local/sbin"

TMP =/var/run/_ files-diffs. $
LOG =/var/log

(
For j in $ DeepDirs
Do

Cd $ j
For I in '/usr/bin/find.-type f-or-type l-or-type s-or-type p-xdev'
Do
Echo $ {j} "/" '(/bin/ls-l $ I;/sbin/md5 $ I )'
Done
Done

For j in $ Dirs
Do
Cd $ j
For I in '/usr/bin/find.-type f-or-type l-or-type s-or-type p-xdev-maxdepth 1'
Do
Echo $ {j} "/" '(/bin/ls-l $ I;/sbin/md5 $ I )'
Done
Done

) >$ {TMP}
If [! -F $ {LOG}/files-diffs.today]; then
(
Echo "No $ {LOG}/files-diffs.today"
Cp $ {TMP }$ {LOG}/files-diffs.today
) | Mail-sNo _ $ {LOG}/files-diffs.today root
Fi

If cmp $ {LOG}/files-diffs.today $ {TMP}>/dev/null; then:; else
(
Echo "files diffs :"
Diff-B $ {LOG}/files-diffs.today $ {TMP}
Mv $ {LOG}/files-diffs.today $ {LOG}/files-diffs.yesterday
Mv $ {TMP }$ {LOG}/files-diffs.today
) | Mail-sfiles-diffs root
Fi

If [-f $ {TMP}]; then
Rm $ {TMP}
Fi

Further Improvement

By using this program independently in a standard security system, you can further improve system stability. If you use this method, the program should be located in another directory, and temporary files and source code should be stored in different paths. In this way, the existence of the monitoring system is not obvious to malicious users, so it is not easy to avoid.