Linux User security

1. Password Security

The/etc/passwd file in UNIX systems contains information about each user that all systems need to know (the encrypted password may also be stored in the/etc/shadow file ).

/Etc/passwd contains the user's login name, encrypted password, user number, user group number, user comment, user main directory and shell program used by the user. the User ID (UID) and user group ID (GID) are used to uniquely identify the access permissions of users and users in the same group and in the UNIX system.

The encrypted passwords stored in/etc/passwd are calculated and compared with the passwords entered during user logon. logon is allowed if they match the passwords. Otherwise, logon is denied. you can use the passwd command to modify your own password. You cannot directly modify the password section in/etc/passwd.

A good password should be at least six characters long. Do not use personal information (such as birthday, name, reverse spelling login name, and what is visible in the room ), common English words are not good either (because dictionary attack can be used). It is better to have some non-letters (such as numbers, punctuation marks, and control characters) in the password, and remember some more, it cannot be written on paper or in a computer file. A good way to select a password is to connect two irrelevant words with a number or control character and cut them off to 8 characters. of course, it would be better to remember 8 garbled characters.

The same password should not be used on different machines, especially for users of different levels, which may cause a full crash. the user should change the password periodically at least once every six months. The system administrator can force the user to change the password periodically.

To prevent easy-to-use attackers from stealing passwords, make sure that no one is there when entering the password.

2. File Permission

File Attributes determine the access permission of the file, that is, who can access or execute the file. Use ls-l to list detailed file information, such:

-Rwxrwxrwx 1 pat cs440 70 Jul 28 zombin includes the file license, number of file links, file owner name, file-related group name, file length, last access date, and file name.
The file license consists of four parts:

-: Indicates the file type.
The first rwx indicates the access permission of the file owner.
The second rwx indicates the access permission of users in the same group of files.
The third rwx indicates the access permissions of other users.
If a license is restricted, the corresponding letter is changed -.

Other letters may be s, S, t, T. s and S can appear in the permitted mode locations of the owner and the same group of users, which is related to special licenses. We will discuss later that t and T can appear in the permitted mode locations of other users, it is related to "pasting bits" but not to security. lowercase letters (x, s, t) indicate that the execution permit is allowed, negative signs or uppercase letters (-, S or T) indicate that the execution permit is not allowed.

You can use the chmod command to change the license method and use the new license method and the file name as the parameter. the new licensing method is given in a three-digit octal number, where r is 4, w is 2, and x is 1. for example, rwxr-xr -- Is 754.

Other parameters of chmod can be directly modified for a group of parameters. For more information, see the online manual for UNIX systems.

File Permission can be used to prevent accidental rewriting or deletion of an important file (even the owner himself )!

The owner and group names of the file can be changed by chown and chgrp, but the original owner and group members cannot be modified after modification.

3. directory permission

In UNIX systems, a directory is also a file. When ls-l is used to list the attributes of a directory file, a d is added before the directory file. The directory license is similar to a file license, to use the ls column directory, you must have a read permission. To add or delete files in the directory, you must have a write permission to access the directory or use the directory as the path component, therefore, to use any file, you must have permission for the file and find all directory components in the file path. only when you want to open a file, the file license starts to work, and rm, mv as long as there is a Directory Search and write license, no file license, this should be noted.

4. umask command

Umask sets the default blocking value for file creation in user files and directories. If this command is placed in. profile file to control the access permission of the user's subsequent files. the umask command is the opposite of the chmod command, which tells the system not to grant any access permission when creating a file.

5. Set User ID and user ID permission for the same group

User ID license (SUID) settings and the same group user ID license (SGID) can be given to executable target files (only executable files make sense) when a process is executed, it is assigned four numbers to identify who the process belongs to. They are actual and valid UID, actual and valid GID respectively. valid UID and GID are generally the same as actual UID and GID. Valid UID and GID are used to determine the access permission of the process for files. setting SUID permission for an executable file will change the above situation. When SUID is set, the valid UID of the process is the valid UID of the owner of the executable file, the valid UID of the user who executes the program. Therefore, all the users created by the program have the same access permission as the owner of the program. in this way, the owner of the program will be able to publish information that is not allowed to be accessed by the public within a limited scope through the control of the program.

Similarly, SGID is used to set a valid GID.

Use the chmod u + s file name and chmod u-s file name to set and cancel SUID settings. Use the chmod g + s file name and chmod g-s file name to set and cancel SGID settings.

When SUID and SGID are set in the file, the chown and chgrp commands will cancel these permissions.

6. cp mv ln and cpio commands

When the cp copies a file, if the target file does not exist, the access permission of the source file will be copied at the same time, including SUID and SGID permission. the newly copied file is owned by the copied user. Therefore, be careful when copying another object. Do not be damaged by another user's SUID program.

When a music video file is moved, the new file access permission is the same as the original file, and the music video only changes the file name. as long as the user has a directory write and search permission, the SUID program of someone in the directory can be moved without changing the access permission. if the directory permission settings are incorrect, the user's SUID program can be moved to a directory that cannot be modified or deleted, and a security vulnerability will occur.

Ln creates a chain for an existing file, that is, a new name that references the same file. if the target file already exists, the file is deleted and replaced with a new link, or the existing target file cannot be written by the user. Then, the user is requested to confirm whether to delete the file, only built-in links in the same file system are allowed. to delete a SUID File, check the number of links to the file. Only one link can delete the file. if the SUID File already has multiple links, one way is to change its access permission method. The access permission of all links will be modified at the same time, or the chmod 000 file name can be used, not only does SUID and SGID permission of the file be canceled, but all links of the file are also canceled. to find out who has established a link with your SUID program, do not immediately delete the program. The system administrator can use the ncheck command to find other links of the program.

The cpio command is used to copy the directory structure to a common file, and then you can use the cpio command to convert this common file into a directory structure. when the-I option is used, cpio reads files and directory names from the standard input device, and copies the content to the standard output device according to the file format. When the-o option is used, cpio reads the files created first from the standard input device and recreates the directory structure. cpio commands use the following commands to create a complete directory system file:

Find fromdir-print cpio-o> archive

Run the following command to create a directory structure based on the archive file:

Cpio-id <archive

Cpio security conventions are as follows:

(1) Information of each file stored in an archive file, including the file owner, group users, last modification time, last access time, and file access permission.

* Keep the access permission for the files created by the files stored in the files.

* The owner and group users of each file extracted from the file are set to the user who runs the cpio-I command, rather than the owner and group user specified in the file.

* When the user running the cpio-I command is root, the owner and group users of the created file are indicated by the archive file.

* When the SUID/SGID File in the file is rebuilt, the SUID and SGID are allowed. If the user of the file is not root, the SUID/SGID license is the permission of the user/group indicated in the file.

(2) When an existing file has the same name as a file in the cpio file, if the existing file is newer than the file in the file, these files will not be overwritten.

(3) If the option U is modified, the existing file with the same name will be overwritten. A very strange thing may happen: for example, if a file to be rewritten has been linked to another file, the file is rewritten and then linked continuously. In other words, the link of the file will be maintained. Therefore, all links of the file actually point to the file extracted from the file, run cpio to overwrite the existing file unconditionally, and change the link of the chain.

(4) the full path name or parent directory name in the cpio file.

7. su and newgrp commands

(1) su command: you can log on to the system as another user without canceling the account header. it starts a new shell and sets valid and actual UID and GID to another user. therefore, the root password must be kept strictly confidential.

(2) newgrp command: similar to su, used to modify the name of the current group.

8. file encryption

The crypt command can be provided to users to encrypt files and use a keyword to encode the standard input information into unreadable and messy strings and send them to the standard output device. use this command again to apply the same keyword to the encrypted file to restore the file content.

In general, after the file is encrypted, the original file should be deleted, leaving only the encrypted version, and the encryption keyword cannot be forgotten.

The encryption function is generally available in vi. You can use the vi-x command to edit the encrypted file. The selection rules for encryption keywords are the same as those for passwords.

Since crypt programs may be used as Troy Trojans, passwords are not recommended as keywords. It is best to compress the files with pack or compress commands before encryption.

9. Other Security Problems

(1) User's. profile file

Because. the profile file is executed during user logon. if the file is writable to others, any user of the system can modify the file so that it can work as required. this may allow other users to have the same permissions.

(2) ls-

This command is used to list all files in the current directory, including. check the access permission and owner of all files. Any files that do not belong to you but exist in your own directory should be suspected and investigated.

(3 ). the exrc file is the initialization file of the editing program. After editing the file, first find $ HOME /. exrc file and. /. exrc file. If this file is found in the $ HOME directory, it can be like. profile also controls its access method. If you run the editing program in a directory that you cannot control, you may run other people's. exrc file, maybe this. exrc files exist in order to protect others' file security. to ensure the security of the edited files, it is recommended that you do not run any editing program in a directory not owned by yourself or another person.

(4) temporary files and directories

In UNIX systems, the temporary directories are/tmp and/usr/tmp. They are used by programmers and many system commands. If these directories are used to store temporary files, other users may destroy these files. it is best to define the file blocking value as 007 when using temporary files, but the safest way is to create your own temporary files and directories: $ HOME/tmp, do not store important files in public temporary directories.

(5) UUCP and other networks

The UUCP command is used to send files from one UNIX system to another UNIX system. The files transmitted through UUCP are usually stored in the/usr/spool/uucppublic/login directory, and login is the user's login