1 / 21

Unix Refresher

Unix Refresher. This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen C. Hayne. Linus Torvalds.

baxter-haynes
Download Presentation

Unix Refresher

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Unix Refresher This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen C. Hayne

  2. Linus Torvalds Was the chief architect behind the Linux kernel. Most of the work was done while he was still an undergraduate. He completed a master’s degree from the University of Helsinki in Computer Science and now lives and works in the United States.

  3. Unix File System Structure • Everything is treated as a file • Tree structure • / (root) is the root of the tree • Filenames can be up to 32 characters in length. There is no file type designation. • Hacker.txt doesn’t imply a file type of TXT. The period “.” is part of the name.

  4. Unix Directories • / - root directory, contains the other subdirs. • /bin, /sbin – system binaries needed to boot the system • /dev – peripheral devices, disks, tapes, CD • /etc – system configuration files, password files, network configuration information

  5. Unix Directories • /home – user home directories • /lib – shared libraries • /mnt – temporary mount point • /proc – images of currently running processes • /tmp – temporary scratch space • /usr – more system binaries, C headers, system administration binaries • /var – log files, spool space for printers

  6. Unix Directories • “.” – means the current directory • “..” – means a directory one level up • “…” – should not exist but is the favorite place for hackers to hide their code • “.name” – a dot in front of a filename denotes a hidden file that won’t show up with a standard ls command.

  7. Unix Kernel & Processes • Kernel – core OS module, controls HW • Process – running program and memory • All running programs are processes. Use the “ps –ef” command to examine the process list. • Kernel handles process swapping and execution.

  8. More Process Information • PID – unique identifier for each process • “lsof” tells you what files the process has opened for use.

  9. Unix Kernel & Processes • System processes running in the background are called daemons. Common naming convention is the name of the service followed by a “d” • telnet is controlled by the telnetd process.

  10. Automatic Process Startup • All processes have to be activated by the kernel or some other process • The ‘init’ daemon runs the boot startup scripts that start all system processes. • Startup scripts are in /etc/init.d, /sbin/init.d, /etc/rcX.d, /sbin/rcX.d where X=0-6

  11. Automatic Process Startup • Run levels • 0 – halt • 1 – single user mode • 2 – multi-user mode, no networking • 3 – multi-user mode with networking • 4-5 – reserved • 6 - reboot

  12. Init, inetd • Init starts processes at boot time including network services and inetd. • Inetd listens for service requests and starts a process to handle the service. • Inetd.conf is a favorite target of hackers. They install backdoors to the system.

  13. Automatic Process Startup • Inetd is the master control process for well known network services • Config file is /etc/inetd.conf • Network services are listed in /etc/services • Comment character is a # and if it’s in column 1, then the process is NOT started.

  14. /etc/inetd.conf format • Service name – the name of the service • Socket Type: • stream (TCP) • dgram (UDP) • raw • rdm (reliably delivered message) • Protocol – tcp or udp • Wait/nowait – wait means subsequent requests must wait for the first one to finish

  15. /etc/inetd.conf format • Username – the owner of the process • Server program – the name and location of the system daemon • Server program arguments – arguments and configuration flags that should be passed to the network service

  16. /etc/passwd, /etc/shadow • /etc/passwd is the master password file for the system. • Login name – the account name • Encrypted password field – one-way encryption of the account password • UID – unique numeric identifier for the account. This is what Unix uses.

  17. /etc/passwd, /etc/shadow • GID – group id number that identifies the group • GECOS info – commonly used to list the name of the account owner • Home directory – user home directory • Login Shell – default user shell

  18. /etc/passwd, /etc/shadow • /etc/passwd is world readable. This is what lets CRACK run on it. All you need is access to the system (login, WWW, FTP) and the ability to get a copy of the file. • /etc/shadow is the defense against the CRACK attack

  19. /etc/passwd, /etc/shadow • /etc/shadow contains the encrypted password field and is readable by root only. • An “x” is placed as a marker in the equivalent field in /etc/passwd. • If you can read /etc/shadow, you have root and no need to crack passwords .

  20. Linux Password Cracking • Ophcrack

  21. System Logs • /etc/syslog.conf contains the locations of the system logs. Can be remote or local. • Syslogd is the syslog daemon. • /var/log/syslog, /var/log/secure, /var/adm/messages, /var/adm/syslog.dated/current/kern.log • /etc/utmp, /etc/wtmp, /etc/lastlog

More Related