Linux security tools: Sxid and Skey

Article Title: Linux system security tools: Sxid and Skey. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

The following describes some security tools that can be used for Linux. These tools will play a role in curing your server and can solve various problems. Our focus is to let you know about these tools. We will not give a detailed introduction to the installation configuration and usage. Some security questions, such as what suid is and what buffer overflow is, are not covered in this article.

The purpose of introducing these tools is only to give you a prompt direction, not to let you stick to these tools. After all, security is a process, not a product.

　I. Sxid

Sxid is a system monitoring program. It can monitor the suid and sgid files in the system and the changes without the owner. Report the changes in an optional form. You can configure the configuration file to notify the changes by email, or directly display the changes on the standard output without using email. Suid, sgid, and unowned files may be Backdoor programs placed by others.

You can get sxid: ftp://marcus.seva.net/pub/sxid/ from the URL below

If you have installed other tools, you must install the tool, which has nothing special to install.

By default, the configuration file is/usr/local/etc/sxid. conf, which has obvious comments and is easy to understand. This file defines how sxid works. The default log file is/var/log/sxid. log. The number of cycles of the log file is defined in the sxid. conf file. After the configuration is fixed, you can set sxid. conf to unchangeable, and set sxid. log to add only (using the chattr command ).

You can use sxid-k and the-k option to perform the check. The check is flexible, and neither logs nor emails are sent. In this way, you can perform checks at any time. However, we recommend that you add the check to crontab and use crontab-e to edit and add the following entries:

0 4 ***/usr/bin/sxid

This program is executed at four o'clock A.M. every day.

For more details, refer:

Man sxid

Man 5 sxid. conf

Ii. Skey

Do you think your password is safe? Even if your password is long and has many special characters, it is difficult to crack the decryption tool, but your password is transmitted in plain text on the network, you can intercept your password by using an Ethernet sniffer. This technology can also be implemented in the exchange environment. In this case, skey is an option for you.

Skey is a one-time password tool. It is a client-server-based application. First, you can use the keyinit command on the server to create a skey customer for each user. This Command requires a secret password, and then a one-time password list can be generated for the client user. When you connect to the server through telnet or ftp, you can enter your password in the order of the password in the one-time password list. The password will be replaced by the next one in the list.

You can get the skey from the URL below: ftp://ftp.cc.gatech.edu/ac121/Linux/system/network/sunacm/other/skey

Follow these steps to use the skey on the server:

1. Use the following command to initialize user mary:

Keyinit mary

Each time keyinit generates 99 one-time passwords for users, this user will be created in the/etc/skeykeys file, which stores some information about the Server Side Computing the next one-time password. When the preceding keyinit command is used, the following record is found in/etc/skeykeys:

Mary 0099 to25065 be9406d891ac86fb Mar 11,200 1 04:23:12

In the above record, the usernames are displayed from left to right, the sequence number of the one-time password to be used, the type of the password, and the password, date, and time in hexadecimal notation.

2. Provide the one-time password list to mary

You can print the export order list and send it to mary. This is relatively safe and the password will not be transmitted over the network.

3. Change the default logon shell to/usr/local/bin/keysh for mary.

Due to the role of PAM, mary needs to enter a password when logging on. After entering this one-time password, the server needs to verify the password. After the password is verified, the connection is permitted.

Some users may not like the written password list. You can use the key command to get a one-time password on your client. You can open two windows and connect the server to obtain the type and serial number of the one-time password. Then, use the key command in the other window to obtain the desired password based on the type and serial number of the password. However, you must be reminded that such convenience is at the cost of a certain risk.

If your default 99 passwords are used up, you can use keyinit-s to refresh the password list.

In the/usr/src/skey/misc directory, there are many other programs that provide other services by replacing keysh, such as su, login, and ftp. In this way, you can handle connection requests of different services.

To ensure security, you 'd better set the attributes and permissions of the/etc/skeykeys file.