SCSC 455 Computer Security. Chapter 4 File Security. Index. File permissions Monitor log files File integrity. File Security. Files are crucial asset to protect contain business and personal data contain system / security configuration data Unauthorized users may want to: View files
to access data or to see how security settings are configured
to make it unavailable, disrupt business plans, or corrupt system
either to corrupt data, to cover signs of their activity, or to alter
security settings for future attacks.
$ ls –ld
d rwx rwx --- 2 frank faculty 4096 Mar 24 12:20 reports
$ ls –l
- rw- --- --- 2 frank faculty 16350 Mar 25 18:10 private_report
- rw- r-- --- 2 frank faculty 21340 Mar 25 18:10 public_report
$ cd reports
$ cd reports
$ cat private_report
$ cat public_report
$ cp public_report private_report
$ ls -l test
- rws r-x r-x1 frank faculty 3240 Mar 26 11:42 test
Linux kernel does NOT allow a SUID bit when set on a script file.
SGID is a convenient method for creating a working space for a group of users
Q: what if Tom creates a file in his own directory?
the owner has a certain access rights, the members of a group cannot access it, everyone else has a certain access rights.
When a user requests access a directory or file
Step1: System checks whether this user is owner
Yes check owner access privilege access deny / grant
No goto Step 2
Step2: System checks whether this user belongs to the group assigned to the file/directory
Yes check group access privilege access deny / grant
No goto Step 3
Step3: System knows this user belongs to others
check others access privilege access deny / grant
e.g., found a large number of failed login attempted in /var/log/messages
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
# The authpriv file has restricted access.
# Log all the mail messages in one place.
# Log cron stuff
$ cat /etc/logrotate.conf
# rotate log files weekly
# keep 4 weeks worth of backlogs
# create new (empty) log files after rotating old ones
# uncomment this if you want your log files compressed
# RPM packages drop log rotation information into this directory
# no packages own wtmp -- we'll rotate them here
create 0664 root utmp
One example of rootkit is lrk4
either by updating the infected packages, or by reinstalling the entire operating system
Tripwire configuration files are protected by a cryptographic signature based on a passphrase