Linux user security _unix Linux for entry books

The/etc/passwd file in the UNIX system contains all the information that the system needs to know about each user (the encrypted password may also be stored in the/etc/shadow file). The/etc/passwd contains the user's login name, encrypted password, user number, user group number, user annotation, user's home directory, and the shell program used by the user. Where the user number (UID) and the user group number (GID) are used by the UNIX system to uniquely identify the user and the same group of users and users ' access rights. The encrypted password stored in the/etc/passwd is used when the password entered at the user logon is computed compared, the compliance allows login, or the user is denied login. Users can modify their passwords using the passwd command and cannot directly modify the password part in the/etc/passwd. A good password should be at least 6 characters in length, do not access personal information (such as birthdays, name, the reverse spelling of the login, the room visible things), ordinary English words are not good (because the dictionary attack method), the password is best to have some non-alphanumeric (such as numbers, punctuation, control characters, etc.), but also better to remember some, Not written on paper or in a file on a computer, a good way to choose a password is to connect two unrelated words with a number or control character and truncate it to 8 characters. Of course, if you can remember 8 bits of garbled nature better. You should not use the same password on different machines, especially if you use the same password at different levels of users, which can cause a total crash. Users should change the password regularly, at least 6 months to change, the system administrator can force users to make regular password changes. To prevent Yanmingshoukuai from stealing passwords, you should confirm that no one is around when you enter a password. 2. file permission file attributes determine the access to the file, that is, who can access or execute the file. Use Ls-l to list detailed file information, such as:-rwxrwxrwx 1 Pat cs440 21:12 zombin includes file permissions, file connections, file owner name, file-related group name, file length, last access date, and file name. Where the file license is divided into four parts:-: Represents the file type.
First rwx: Represents the access rights of a file owner.
Second rwx: Represents the access rights of files to the same group of users.
Third rwx: Represents access rights for other users. If a license is restricted, the corresponding letter is changed to-. It may be the other letter, S,s,t,t, on the execution permission location of the permission. S and S can appear in the owner and in the same group of User license mode locations, with a special license, which will be discussed later, T and T can appear in the other user's license mode location, related to the "paste bit" and not security. The lowercase letter (x,s,t) indicates that the execution permission is allowed, minus or uppercase letters (-,S or T) to indicate that the execution permission is disallowed. You can change the license by using the chmod command, with the new license and the file name as a parameter. The new licensing method is given in 3-bit 8-digit numbers, R is 4,w to 2,x 1. If the rwxr-xr--is 754. Chmod also has other methods of parameter can be directly to a group of parameters, here no longer said, see the UNIX System online manual. File permissions can be used to prevent accidental rewriting or deletion of an important file (even the owner himself)! Changes to the owner and group name of the file can be chown and chgrp, but the original owner and team members cannot be modified. 3. Directory license in UNIX systems, the directory is also a file, when listed with Ls-l, the directory file attributes preceded by a D, directory license is similar to the file license, use LS column directory to have Read permission, add and remove files in the directory to have write permission, access to the directory or the directory as a path component to have the enforcement permission, To use either file, you must have the file and the appropriate license for all directory components found on the path to the file. It is important to note that the license for the file only starts to work when a file is to be opened, and RM,MV does not require file permission to have a directory search and write permission. 4.umask command umask Set the user file and directory file to create a default masking value, and if you put this command into a. profile file, you can control the access permission for subsequent files that the user has built. The Umask command, in contrast to the chmod command, tells the system what access permissions are not granted when creating a file. 5. Setting the user ID and the same group User ID license (SUID) setting and the same group User ID license (SGID) can give an executable target file (only the executable makes sense) when a process executes and is assigned 4 numbers. To identify who the process belongs to, the actual and valid UID, respectively. , actual and effective GID. Valid UID and GID are generally the same as the actual UID and GID, and valid UID and GID are used to determine the process's access permission for the file. The SUID license to set the executable changes the situation, and when SUID is set, the active UID of the process is the valid UID of the owner of the executable, not the valid UID of the user who executed the program, so that the program created has the same access license as the program owner。 In this way, the owner of the program will be able to publish information that is not allowed to be publicly accessible to the user within a limited scope through program control. Similarly, Sgid is a valid GID setting. Set and cancel the Suid setting with the chmod u+s filename and chmod u-s file name. Set and cancel the Sgid setting with the chmod g+s filename and chmod g-s file name. After the files have been set suid and Sgid, the chown and CHGRP commands will all cancel these licenses. 6.CP MV Ln and cpio command CP copy files, if the destination file does not exist, will simultaneously copy the source file access License, including SUID and Sgid license. The new copy of the file belongs to the copy of the user, so the copy of the file should be careful, do not be other users of the SUID program to destroy their own file security. When the MV move file, the new file Access License is the same as the original file, MV only change the filename. As long as the user has a directory of write and search permission, you can remove the directory of a person's SUID program and do not change their access permission. If the directory license setting is incorrect, the user's SUID program can be moved to a directory that he cannot modify and delete, and a security vulnerability will occur. LN creates a chain of existing files, that is, to create a new name that references the same file. If the destination file already exists, the file is deleted and the new chain is replaced, or the existing destination file does not allow the user to write it, the user is asked to confirm that the file is deleted, and only the chain is allowed within the same file system. To delete a suid file, you need to confirm the number of links to the file, and only one chain to ensure that the file is deleted. If the suid file already has multiple chains, one way is to change its access license, will simultaneously modify all the chain of access licenses, can also chmod 000 file name, not only canceled the file suid and Sgid license, but also canceled the entire chain of files. To find out who has established a chain with your own suid program, do not immediately delete the program, the system administrator can use the Ncheck command to find the other chain of the program. The Cpio command is used to copy the directory structure to a normal file and then use the Cpio command to turn the normal file into a directory structure. With the-i option, Cpio reads the file and directory name tables from the standard input device and copies their contents to the standard output device in file format, using the-o option, Cpio reads the files that have been built from the standard input device and rebuilds the directory structure. The Cpio command uses the following commands to do a complete directory System file: Find Fromdir-printcpio-o > Archive reconstruct a directory structure according to profile command: Cpio-id < archive cpio security conventions are as follows: (1) Files contain information about each file, including file owners, group users, last modified time, and finallyAccess time, file Access License mode. * Maintain the Access License in the file according to the files established by the file. * The owner and team user of each file extracted from the archive is set to the user who is running the cpio-i command, not to the owner and group user identified in the file. * When the user running the cpio-i command is root, the owner and the group user of the created file are identified by the archive file. * Files in the Suid/sgid file are rebuilt, maintained SUID and Sgid permission, if the user rebuilding the file is not a Root,suid/sgid license is the file stated in the User/group license. (2) When an existing file has the same name as a file in the Cpio file, these files will not be overwritten if the existing file is newer than the file in the file. (3) If you use the Modify option U, the existing file with the same name will be overridden. A very strange thing may happen: If the rewritten file was linked to another file, when the file is rewritten, the chain is not disconnected, in other words, the chain of the file is maintained, so that all the chain of the file actually points to the file extracted from the file, running Cpio unconditionally rewrite the existing file and change the point of the chain. (4) A Cpio file can contain a full path name or a parent directory name. 7.su and Newgrp command (1) SU command: You may not have to log off the account and another user to enter the system, as another user to work. It launches a new shell and sets the valid and actual UID and GID to another user. Therefore, the root password must be kept strictly confidential. (2) NEWGRP command: Similar to Su, used to modify the current group name. 8. The file encryption Crypt command can be provided to the user to encrypt the file, using a keyword to encode the standard input information into an unreadable clutter string and send it to the standard output device. Use this command again, and use the same keyword in the encrypted file to recover the contents of the file. In general, after the file is encrypted, should delete the original file, leaving only the encrypted version, and can not forget to encrypt the keyword. In VI generally have encryption functions, with the Vi-x command to edit the encrypted file. The selection rules for cryptographic keywords are the same as for password selection rules.

Because the crypt program may be made into Trojan, it is not appropriate to use the password as the key word. It is best to compress files before encrypting them with a pack or compress command. 9. Other security issues (1) the user's. profile file is executed when the user logs on, because the. profile file in the user's home directory. If the file is writable by others, any user of the system can modify the file to make it work as requested. This may make other users have the same permissions as the user. (2) ls-a This command lists all the files in the current directory, including file names with the opening files, viewing access licenses for all files and file owners, and any files that are not in their own but exist in their own directory should be suspected and prosecuted. (3). exrc file is the initialization file for the editing program, after using the edit file, first look for the $HOME/.EXRC file and the./.exrc file, if the file is found in the $home directory, You can control its access like. Profile, and if you run the edit program in a directory that you can't control, you might run another person's. exrc file, and maybe the. exrc file exists there just to harm someone else's file security. In order to ensure the security of the edited files, it is best not to run any editing programs in a directory that does not belong to yourself or someone else to write to. (4) Staging files and directories in the UNIX system the staging directory is/tmp and/USR/TMP, which are used for programmers and many system commands, and if you use these directories to store staging files, other users may corrupt these files. Using staging files best defines the file screen value as 007, but the safest approach is to create your own staging files and directories: $HOME/tmp, and do not store important files in a public staging directory. (5) UUCP and other network UUCP commands are used to transfer files from one UNIX system to another UNIX system, and files transmitted through UUCP are usually stored in the/usr/spool/uucppublic/login directory, login is the user's login name, The Directory Access License is 777, files transmitted over the network and stored in this directory are owned by UUCP, file access licenses are 666 and 777, users should encrypt the files passed through UUCP, and move to their directory as soon as possible. Other networks transfer files to the RJC directory in the user's home directory. The directory should be writable and searchable by other people, but not necessarily readable, so the user's RJC directory should have a access license of 733, allowing the program to create files in it. Similarly, the transferred file should be encrypted and moved to its own directory as soon as possible. (6) The Yimuma in the UNIX system security, uses the special-purpose Imumarai to represent one kind of program, this kind of program in completes some has the obvious intention function, also destroys the user'sSafety. If path is set to search the system directory first, the Yimuma attack will be greatly reduced. Like a model crypt program. (7) Deception is similar to the Yimuma, a model of something that causes the user to divulge some information, but, in contrast, it is performed by someone, waiting for the unwary user to fall for it. Like a model login. (8) Computer virus computer viruses by turning other programs into a virus to infect the system, can rapidly spread, especially the system administrator's carelessness, as Root run an infected program. Experiments show that a virus can get root permissions within one hours (on average less than 30 minutes). (9) To leave their login terminal unless you can lock the terminal, you must cancel the account. (10) Intelligent terminal because the intelligent terminal has send and enter the code sequence, tells the terminal to send the current line to the system, as the user typed the same. This is a dangerous ability for others to send information to the user terminal by using the Write command, such as the following sequence: Move the cursor to a new line (line feed) on the screen display "Rm-r *" to the system consequences you can imagine. The way to prevent other users from sending information is to use the MESG command, MESG N does not allow other users to send information, MESG y allows other users to send information. Even so there is a problem with the change sequence, any user to send the same set of change sequences with mail command, different to replace with!rm-r * rm-r *.mail will be interpreted as a shell command, starting the shell, and the shell to interpret the other parts of the line. This is called the Shell Change code. To avoid mail command to send a sequence to its own terminal, you can set up a filter program, read mail file before running the filter, the mail file processing: myname= "$LOGNAME";
Tr-d[01-07][-13-37]> $HOME/mailbox;
>/usr/mail/$myname;
Mail-f $HOME/mailbox where tr converts the character of a standard input to the standard output. This is just a simple idea, in principle, this program should be a C program to avoid damaging the file being sent to, can be implemented in a lock file. (11) Disconnect from the system users should see the system to confirm that the user log off and then leave to avoid the user is not logged out by others to sneak in. CU command This command enables users to log on to another UNIX system from a UNIX system, at which point a "~" return must be entered after logging off a user in a remote system to disconnect the CU and the remote system. CU also has two security problems: * If the local security is weaker than the remote machine, do not advocate the use of CU to log in to the remote machine, so as to avoid the security of the machine to affect the more secure far-earth machine. * Due to the old version of CU processing "~" The method is imperfect, when a weak system is invoked from a security-strong system, users of the weak system use the/etc/passwd file of the strong system user's CU transport system, and do not invoke the weak system unless they are convinced that the CU being used is the correct version. 10. Key points to keep the account safe (1) Keep the password secure * Do not write down the password.
* Do not save the password in the Terminal function key or the modem's string memory.
* Do not select the obvious information for password.
* Don't let anyone know.
* Do not use two passwords alternately.
* Do not use the same password on different systems.
* Don't let anyone see you typing a password. (2) Do not allow your own files or directories to be written by others. * If you do not trust this group of users, the umask is set to 022.
* Make sure that your. Profile is not read or written to others except yourself.
* The staging directory is best not for storing important files.
* Make sure the home directory is not writable by anyone.
*UUCP transmitted files should be encrypted and personalized as soon as possible. (3) If you do not want other users to read their own files or directories, it is necessary to make their own files and directories do not allow anyone to read. *umask is set to 006/007.
* If the same group of users are not allowed access to their own files and directories, Umask set to 077.
* Temporary files in accordance with the current umask settings, storage of important data to the temporary file program, is written to ensure that the staging file is not readable to other users.
* Make sure that the home directory is unreadable to each user. (4) Do not write Suid/sgid program. (5) Carefully copy and move the file. *CP copy files, remember that the destination file is licensed in the same way as the file, including the Suid/sgid license, and the access License and owner of the destination file remain unchanged if the destination file already exists.
When *MV move a file, remember that the destination file is licensed in the same way as the file, including the Suid/sgid license, and the owner and team of the destination file will set the valid UID and GID for the cost user if the file is moved within the same file system, and the owner and group of the destination file are unchanged.
* Carefully use the CPIO command, which can cover files that are not in the current directory structure of the user, and the T option to first list the files to be copied. (6) When deleting a suid/sgid program, first check the number of links to the program, if there are more than one chain, then the access license to 000, and then delete the program, or write the program before deleting, you can also the program's I node number to the system administrator to find other chains. (7) Use Crypt to encrypt files that are not allowed to be viewed by any user, including super users. * Do not use keywords as command variables.
* Edit encrypted files with Ed-x or vi-x. (8) Do not run other users ' programs except trusted users. (9) in your path, place the system directory in front of you. (10) Do not leave your login terminal. (11) If there is a smart terminal, beware of other users, including write commands, mail commands and other user files in the information has a sequence of code. (12) After exiting with Ctrl+d or exit, wait to see login before disconnecting from the system: prompt. (13) Note the CU version. * Do not use CU to invoke more secure systems.
* Do not invoke a less secure system with CU unless you are sure that the CU will not be lured to send the file. (Source: chinaunix.net)