Several security suggestions on linux su

Linux-general Linux technology-Linux technology and application information-several security suggestions for su on linux. The following is a detailed description. First, let's look at su-run a shell with substitute user and group IDs on the man help page. That is to say, through su, we can start a shell program without providing users and group names. su is a binary executable file. The path of the command file is/bin/su. The following command is used to query the type and path of the su file:

Example 1:
Islab $ which su
/Bin/su

Example 2:
Islab $ file/bin/su
/Bin/su: setuid ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), for GNU/Linux 2.6.9, stripped

Example 3:
Islab $ ll/bin/su
-Rwsr-xr-x 1 root 24060 Jan 10 2007/bin/su

In Example 3 and example 2, we can see that su is a setuid program (the setuid bit can be set using chmod u + s, for example, the setuid bit is used when ls displays the su file owner attribute ), in this case, su can obtain higher permissions than its owner. That is to say, when su is running, your permissions will be elevated, which will be equivalent to the root permission.

In Example 3, we can see that the file type is ELF 32-bit LSB shared object (with the setuid bit set). That is to say, the program needs a function library such as libc and also uses the ELF interpreter, comply with LSB specifications.

Question 1: normal users can copy su commands from other machines.
A: They can copy su commands from other machines, but they will not be able to set the su correctly, such as chown root and chmod u + s. therefore, the copied su does not work properly.

Question 2: How to prevent common users from executing the su command.
A:

1) You can create a special group. Only Group members can execute the su command.
Islab # groupadd wheel
Islab # useradd wheel
Islab # chown root: mysql/bin/bash
Islab # chmod 4750/bin/su

2). Only the root user can execute the su command.
Islab # chmod 4700/bin/su

3). With the pam library, only members of the wheel group can execute the su command. The zhake account is added to the wheel group in the following example.
Islab # groupadd wheel
Islab # useradd wheel
Islab # usermod-G wheel zhaoke
Islab # ll/lib/security/pam_wheel.so
-Rwxr-xr-x 1 root 5692 Feb 22 2007/lib/security/pam_wheel.so
Islab # vi/etc/pam. d/su
Add the following line of auth required/lib/security/pam_wheel.so use_uid
Save and exit the su configuration file.

Question 3: although a common user cannot execute the su command, the root password may be obtained through brute force attacks.
A: normal users can launch brute force attacks on the root account through shell or ssh. we can consider using some security tools such as pam_abl to protect ssh. pam_abl will be able to temporarily block accounts with incorrect logon within the set time. of course, common users can also escalate permissions through program vulnerabilities, such as buffer overflow.