1 / 47

Linux and UNIX Overview

Linux and UNIX Overview. Linux and UNIX. Linux and UNIX OSs are… Often targets for attacks Often used for launching attacks So we need to understand basics. UNIX. A “beautiful but strange beast” Developed as research project by AT&T More than 35 years old Internet was built on UNIX

candid
Download Presentation

Linux and UNIX Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Linux and UNIX Overview Linux and UNIX Overview 1

  2. Linux and UNIX • Linux and UNIX OSs are… • Often targets for attacks • Often used for launching attacks • So we need to understand basics Linux and UNIX Overview 2

  3. UNIX • A “beautiful but strange beast” • Developed as research project by AT&T • More than 35 years old • Internet was built on UNIX • Recently, popular for desktops, etc. Linux and UNIX Overview 3

  4. UNIX • It’s beautiful because… • It’s powerful • Millions of people have worked on it • Huge numbers of useful tools • “Been around the block” more than once • Closely associated with open source • Admins can find lots of useful tools Linux and UNIX Overview 4

  5. UNIX • Strange because so many UNIX OSs • Popular variants include • Solaris by Sun • MacOS by Apple • HP-UX by HP • IRIX by sgi • AIX by IBM • FreeBSD, free open source • OpenBSD, “the #1 most secure” OS Linux and UNIX Overview 5

  6. UNIX • Differences between UNIX variants • File systems organization • System calls, commands, command options, etc. • Two main “lines” of UNIX • AT&T and BSD • But some UNIXs are combinations Linux and UNIX Overview 6

  7. Linux • Developed by Linus Torvalds • Technically, not a variant of UNIX • Created without using any of the underlying UNIX code • A “UNIX-like environment” • Strictly speaking, “Linux” is just the kernel • Many Linux “distros”: Debian, Gentoo, Mandrake, Red Hat, Slackware, SuSE, etc. Linux and UNIX Overview 7

  8. UNIX • Here, generic UNIX/Linux concepts • Things that apply to most UNIX/Linux • UNIX also strange because • Not designed for ease of use • Think command line, not GUI • Ironically, much simpler than Windows… • If you think Windows is easier, you don’t know Linux… • …and you don’t know Windows Linux and UNIX Overview 8

  9. UNIX • Here, we focus on generic “UNIX” • Things that apply to most variants • Book use “UNIX”, “Linux” interchangeably • Here, we only scratch the surface • For more info • Linux Administration Handbook, by Nemeth • Man pages Linux and UNIX Overview 9

  10. Architecture • File system • Like traveling thru a city… • Directories are like signs leading you to “buildings” (files) • Many things treated as files • Devices, elements of processes, files Linux and UNIX Overview 10

  11. File System • Top is root directory: / == “slash” • “cd /” takes you to root • For example: /home/fred/hack.txt • File hack.txt in directory /home/fred Linux and UNIX Overview 11

  12. Important Directories • / == root (top level), called “slash” • /bin, /sbin == critical system exe’s • /dev == devices, terminal, CD, etc. • /etc == system config files • Accounts, pwds, network addresses, etc. • /home == user directories Linux and UNIX Overview 12

  13. Important Directories • /lib == shared libraries for programs • /mnt == exported file systems temporarily mounted, removable devices (e.g., USB) • /proc == images/data of current processes • Not on hard drive---can see what kernel is doing • /tmp == temporary files • /usr == critical system files (utilities, man pages, …) • /var == stores various types of files, often for administration (log files) Linux and UNIX Overview 13

  14. Important Directories • “.” is current directory • “..” is parent directory • One level up • “ls” lists all files in directory • “ls -a” lists “.” and “..” too Linux and UNIX Overview 14

  15. Kernel • UNIX and Linux are modular • The core is the kernel • Heart and brains of OS • Deals with critical system functions • E.g., hardware interactions, resource allocation, … • Programs call on kernel for these things Linux and UNIX Overview 15

  16. Processes • For program, kernel starts a process • Process is like a “bubble that contains the guts of a running program” • Kernel creates bubble, inflates it and tries to keep bubbles from popping each other • User programs, admin tools, services (e.g., Web, email) are processes • May be 100s to 1000s of active processes • Kernel juggles these into CPU, manages memory Linux and UNIX Overview 16

  17. Processes • High level view of architecture Linux and UNIX Overview 17

  18. Processes • Many processes run in background • Perform system-critical functions • Printing, network activity, etc. • Known as “daemons” • Pronounced “day-muns” or “dee-muns” • Named based on their function • E.g., SSH daemon is sshd Linux and UNIX Overview 18

  19. Automatic Processes • Booting: kernel starts init daemon • Finishes boot process • Init starts many network processes • Httpd --- Web server, for http/https • Sshd --- SSH service • Sendmail --- common UNIX email server • NFS --- Network File System for sharing files between UNIX systems Linux and UNIX Overview 19

  20. Network Services • Network service listens to network • Web server listens on TCP port 80 • Email server listens on TCP port 25 • Wait for incoming traffic • Lots of email/Web traffic, so they listen constantly • What about, say, FTP? Linux and UNIX Overview 20

  21. Network Services • To improve efficiency… • “Internet daemon” listens for uncommon services • inetd (“I-Net-D”) or xinetd • When traffic arrives, inetd activates appropriate service • Uncommon services: echo, chargen, ftpd, telnetd, rsh, rlogin, TFTP, … Linux and UNIX Overview 21

  22. inetd • File /etc/inetd.conf tells inted what services to listen for: must specify • Service name --- e.g., telnet (defined in /etc/services) • Socket type --- type of connection? • Protocol --- usually tcp or udp • Wait status --- process handles multiple connection or not • User Name --- name services should run as • Server program and arguments • inetd.conf is target of attacks Linux and UNIX Overview 22

  23. inetd • Relationship between inetd and other daemons Linux and UNIX Overview 23

  24. cron • Cron daemon • Schedule programs to run at predetermined times • For example, backup files at 3am • Attackers also like cron • E.g., shut down critical service at a particular time as part of back door Linux and UNIX Overview 24

  25. Processes • Can also start processes manually • “path” is searched for command • To see path: echo $path • Dangerous to have “.” in path • Why? Linux and UNIX Overview 25

  26. Interacting with Processes • Each process has process ID (PID) • To get info on current processes • “ps -aux” (all running processes) • “lsof” (list of open files) • Can send a signal to a process • TERM to terminate, HUP to “hang up” (often rereads config), kill, killall, etc. Linux and UNIX Overview 26

  27. Accounts • Need an account to log in • A process runs with permissions of a given account • /etc/passwd file • One line for every account, e.g., • sshd:*:75:75:sshd Privilege separation:/var/empty:/usr/bin/false Linux and UNIX Overview 27

  28. Passwd File • Each line contains • Login name • Hashed/encrypted password • UID number --- number assigned to account, used to determine permissions of processes • Default GID --- default group number • GECOS info --- not used by system, names, etc. • Home directory --- directory after login • Login shell --- sh, bash, csh, ksh, or another program Linux and UNIX Overview 28

  29. Passwd File • Passwd file is world readable • Attackers like to know hashed passwords • Used for password guessing • Most modern UNIX systems do not include hashed passwords in passwd file • Instead, in “shadow” passwd file, /etc/shadow • Requires super-user privilege to access • So passwd file contains no passwords… Linux and UNIX Overview 29

  30. Password File • After much searching… • Found my OS X hashed password is • 0x3BBC2A94D59EB1D5D3452EA6FA47399B2A25664C • Where SHA1 hash is used, with salt • 0x8429A223 • Extra credit: Find my password! Linux and UNIX Overview 30

  31. Groups • Group users together • Assign permission to the group • Stored in file /etc/group, format is • Group name • Hashed group password --- never used • GID number --- used by the system instead of group name • Group members --- by login names Linux and UNIX Overview 31

  32. Root • Root account is all-powerful user • Maximum privilege --- can read, write any file • Root == superuser or “God” • UID == 0 • “root” could be called anything, provided UID is 0 • Can be multiple root accounts Linux and UNIX Overview 32

  33. Permissions • Every file has an owner and group • Owner (or root) sets permissions • Permissions: owner, group, everybody • For each of the 3, read, write, execute • Use “ls -l” to see permissions -rw-r--r-- 1 markstam markstam 767 Feb 6 19:31 cs286.txt drwxr-xr-x 40 markstam markstam 1360 Jan 25 17:33 docs Linux and UNIX Overview 33

  34. Permissions Linux and UNIX Overview 34

  35. Permissions • Change permissions using chmod • “change modes” • Give new permissions in octal • For example: chmod 745 foo • This corresponds to: rwxr--r-x Linux and UNIX Overview 35

  36. SetUID • Sometimes user needs to access file and they do not have permissions • Example: to change password (assuming hashes stored in shadow file) • SetUID == Set User ID • Use this so program will execute with permission of it’s owner • As opposed to permission of user executing it • Password changing program: SetUID root Linux and UNIX Overview 36

  37. SetUID • Gives “common” users lots of power • OK if used in controlled way for specific tasks • SetUID permissions appear before 9 standard permission bits • In fact, 3 additional bits • SetUID, SetGID, “sticky bit” • For example: chmod 4745 foo • Shows up in “ls -l” as an s: -r-sr-xr-x 1 root wheel 75636 Jan 11 2007 /usr/bin/passwd Linux and UNIX Overview 37

  38. SetUID • Attackers like SetUID programs • May be possible to exploit flaws in code (buffer overflow) to elevate privilege • New/modified SetUID programs may be evidence of attack Linux and UNIX Overview 38

  39. Trust Relationships • That is, trust between machines • Can specify which machines to trust Bob trusts Alice Linux and UNIX Overview 39

  40. Trust Relationships • Unauthenticated access by users from trusted machine • Since trusted machine (presumably) already authenticated the user • If trusted, the r-commands (rlogin, rsh, rcp) require no password • Also, r-commands do not encrypt • How does Bob know trusted Alice is Alice? Linux and UNIX Overview 40

  41. Logs and Audit • Created by syslog daemon (syslogd) • Typical log files • Secure --- logins, successful and failed • Message --- catch-all system log • Individual app logs --- for specific apps Linux and UNIX Overview 41

  42. Logs and Audit • Forensic info also logged • Attackers like to cover their tracks • To do so, may need to manipulate… • utmp --- who is logged in • wtmp --- record of all logins and logouts • lastlog --- time and location of each user’s most recent login Linux and UNIX Overview 42

  43. Common Network Services • Telnet --- command line remote access • No encryption, session can be hijacked, … • FTP --- file transfer • Insecure, like telnet • SSH --- encrypted “tunnel” • Then safe to use unsafe services • SSH version 1 insecure, version 2 is good Linux and UNIX Overview 43

  44. Common Network Services • HTTP --- Web • Source of many attacks • Email --- sendmail, several security issues • r-commands --- rlogin, rsh, rcp • Considered very insecure • DNS --- domain names to IP addresses • Critical service, good one for attackers… Linux and UNIX Overview 44

  45. Common Network Services • NFS --- transparently access files across network • NFS server “exports” directory info • Local machine can “mount” these, so files appear to be locally accessible • Like FTP without all of the trouble of FTP-ing • Of course, exporting too much may be bad • X-Window System --- X11 (or just “X”) • The underlying GUI service in UNIX • X server controls screen, provides service • Must limit who can display/access your screen Linux and UNIX Overview 45

  46. Conclusion • UNIX/Linux • Popular OSs • More than 30 years old • Fundamental part of Internet • Widely used OSs • Platform of choice for many attackers Linux and UNIX Overview 46

  47. Summary Linux and UNIX Overview 47

More Related