Sudo and Sniffit for Linux network security tools

Linux Network Security Tool-sudo

Sudo is a program used by the system administrator to allow some users to run some/all system commands as root. An obvious purpose is to enhance the security of the site. If you need to do some daily work as root every day, you often execute some fixed commands that can only be executed as root, so sudo is very suitable for you.

Sudo home page: http://www.courtesan.com/courtesan/products/sudo/

Taking Redhat as an example, the following describes the installation and setting process:

First, you can download the rpmpackage of forRedhatLinux from The sudo homepage.

It is at ftp://ftp.freshmeat.net/pub/rpms/sudo/the latest stable version 1.5.9p4.

Run # rpm-ivhsudo * to install it, and then use/usr/sbin/etc do to edit the/etc/sudoers file.

If the system prompts that you cannot find/usr/bin/vi, but you actually have a vi Program in the directory/bin, you need

Ln-sf/bin/vi/usr/bin/vi: Create a symbolic link for vi under/usr/bin. (Note: I encountered this problem on Redhat6.1, but not on Redhat5.x)

In addition, if some other errors occur, you may need to # chmod700/var/run/sudo

The following is an example of my/etc/sudoers file:

Code:

 
 

  
  
[root@sh-proxy/etc]#moresudoers  
  
  
 
  
  
Host_AliasSERVER=sh-proxy  
  
  
 
  
  
#Useraliasspecification  
  
  
 
  
  
User_AliasADMIN=jephe,tome  
  
  
 
  
  
#Cmndaliasspecification  
  
  
 
  
  
Cmnd_AliasSHUTDOWN=/etc/halt,/etc/shutdown,/etc/reboot  
  
  
 
  
  
ADMINSERVER=SHUTDOWN 
  
  
 
  
  
jepheSERVER=/usr/bin/tail-f/var/log/maillog  
  
  
 
  
  
jepheSERVER=/usr/bin/tail-f/var/log/messages  
  
  
 
  
  
#Userprivilegespecification  
  
  
 
  
  
rootALL=(ALL)ALL 
 
 

Since I often need to remotely log on to the server to observe the changes in the emaillog file/var/log/maillog, I added this line to/etc/sudoers, in this way, I do not need to log on as root frequently to complete my daily work, improving the security.

Linux Network Security Tool-Sniffit

Sniffit is a well-known network port detector. You can configure it to run in the background to detect user input/output information on which TCP/IP ports.

The most common function is that attackers can use it to detect Data Transmission on your port 23 (telnet) and port 110 (pop3) to easily obtain your logon password and mail account password, sniffit is basically a tool used by attackers. But if you want to know how to enhance the security of your website, you should first know the tools used by intruders.

Sniffit home page on http://reptile.rug.ac.be /~ Coder/sniffit/sniffit.html you can download the latest version from there. It is very easy to install, just run # tarxvfzsniff * in the root directory to unbind all files to the corresponding directory.

You can run sniffit-I to view all input/output information on the specified network interface in an interactive graphic interface.

For example, you can run

 
 

  
  
#sniffit-p110-ta.b.c.d&  
  
  
 
  
  
#sniffit-p110-sa.b.c.d& 
 
 

Record files are stored in the directory/usr/doc/sniffit:

Logfile is named based on the visitor's IP address, random high-end port number, network interface IP Address used for detection, and detection port. It exploits the inherent weakness of the TCP/IP protocol, because the user name and password transmitted by common telnet and pop3 are in plain text without any encryption. Therefore, for telnet/ftp. you can use ssh/scp instead. the ssh/scp information detected by sniffit is basically a bunch of garbled characters, so you do not need to worry that the user name and password information transmitted by ssh will be stolen by a third party.

The sudo and Sniffit tools in the Linux network security tool have been introduced to you, and I hope you have mastered them.