an introduction to unix security a presentation by trey evans [email protected]
TRANSCRIPT
Linux or UNIX?
System V Linux, AIX, HP-UX, Solaris
BSD Net, Open, Free
AT&T SCO, IRIX, Solaris
Out of the Box Security
Very limited deployment options Custom tailoring always the best option Expensive to migrate Often easy to monitor
Kernel Security
Remove any drivers not used If the user needs them, he/she can add them
at boot time Prevents unstable drivers from causing
hiccups when called Eliminates possibility of attacker exploiting
weak driver or combination of drivers
Network Security
ipchains, iptables, “routes” Tells machine what to do with what packets under
certain circumstances Set up *nix box as a router / firewall / both
Tame user privileges No need for users to be able to change IP Keep users from enabling promiscuous mode Keep users from enabling second network card Perhaps disable user access to usbhci
Email Security
Sendmail Qmail www.google.com
Begin Fun Stuff
Penetration
Physically insert your machine into the target’s network
Bypass perimeter security Control router or outer most point
“Edge devices”
Physical Insertion
Basically, obtaining an IP on the system Man in the middle
Wireless – airjack userland utilities Wired – spoof MAC, auth as legit user
Easiest way – Wireless bestican.net/wifi/pres.pdf
DHCP? IP addressing scheme?
Bypass security
Portscan looking for services nmap stealth mode (-s) or OS discover (-O)
Box on inside? Test firewall rules using packet crafting See illustration
DoS or DDoS Lame.
Google exploits for firewall
Outermost Device
Root access on gateway or firewall or router Gives access to ALL packets on network Redirect at will
Change IP table Change message or headers
Sniff passwords Write them down, you’ll need them later
Discovery
Ask “what’s the payload?” Portscan
nmap, NetCat, nmap for X Rootkit
Requires root on an internal box Must be well hidden
Exploit scanner Don’t get caught Hardware may skew results Morph
Elevate Privileges
Local access is root access Based on boot loader, usually Google.com Doesn’t insert NFS folders into hierarchy
Exploits tailored to machine Cool CC example Cool passwd example
Historic Exploits
FTPD buffer overflow Widespread, FTPD installed by default often Gave root FTP access
Sendmail remote call Auth as root Send mail as anyone, read anyone’s mail
evil.c Not a big threat (unless hosting) Local access needed Demo?