The Wonderful World of Services VINCE

Similar documents
The Wonderful World of Services. By: Stefanja

Linux Kung Fu. Ross Ventresca UBNetDef, Fall 2017

Linux Kung Fu. Stephen James UBNetDef, Spring 2017

Basic Linux Security. Roman Bohuk University of Virginia

Introduction. What is Linux? What is the difference between a client and a server?

commands exercises Linux System Administration and IP Services AfNOG 2015 Linux Commands # Notes

Using RDP with Azure Linux Virtual Machines

HANDS UP IF YOU DON T HAVE A VM OR IF YOU DON T REMEMBER YOUR PASSWORDS. Or something broke

Security principles Host security

Setting up a Chaincoin Masternode

Network Monitoring & Management. A few Linux basics

UNIT 10 Ubuntu Security

To find all files on your file system that have the SUID or SGID bit set, execute:

HOW TO SECURELY CONFIGURE A LINUX HOST TO RUN CONTAINERS

Linux Kung-Fu. James Droste UBNetDef Fall 2016

iptables and ip6tables An introduction to LINUX firewall

Linux Essentials Objectives Topics:

Table of Contents. Table of Contents License server installation guide - Linux. Download SCL

Operating Systems Lab 1 (Users, Groups, and Security)

How to Restrict a Login Shell Using Linux Namespaces

This material is based on work supported by the National Science Foundation under Grant No

L.A.M.P. Stack Part I

Everything about Linux User- and Filemanagement

Check List: Linux Machines

Exercise Sheet 2. (Classifications of Operating Systems)

Introduction to UNIX. Logging in. Basic System Architecture 10/7/10. most systems have graphical login on Linux machines

Purpose. Target Audience. Install SNMP On The Remote Linux Machine. Nagios XI. Monitoring Linux Using SNMP

CS197U: A Hands on Introduction to Unix

Linux Systems Administration Getting Started with Linux

Table of Contents. Server Migrations Hints, tips and planning considerations

Communication protocols and services

Linux Systems Security. Logging and Network Monitoring NETS1028 Fall 2016

CS197U: A Hands on Introduction to Unix

Processes and authentication

Linux. An introduction. Aurélien Villani 01/2018

Basic Linux Desktop Security. Konrad Rosenbaum this presentation is protected by the GNU General Public License version 2 or any newer

Chap2: Operating-System Structures

Sit with your new teammate

Linux crash lecture by Andrey Lukyanenko

CS Fundamentals of Programming II Fall Very Basic UNIX

We want to install putty, an ssh client on the laptops. In the web browser goto:

More Raspian. An editor Configuration files Shell scripts Shell variables System admin

CENG 334 Computer Networks. Laboratory I Linux Tutorial

CompTIA Exam LX0-102 Linux Part 2 Version: 10.0 [ Total Questions: 177 ]

Introduction to Linux (Part I) BUPT/QMUL 2018/03/14

Operating Systems Linux 1-2 Measurements Background material

Post Ubuntu Install Exercises

Contents. Note: pay attention to where you are. Note: Plaintext version. Note: pay attention to where you are... 1 Note: Plaintext version...

MANAGING THE NONUNIFORM BEHAVIOUR OF TERMINALS AND KEYBOARDS. : WHEN THINGS GO WRONG

Bitnami MySQL for Huawei Enterprise Cloud

Using Ruby and irb in CSE 341 Winter 2015

CS370 Operating Systems

Hands-on Keyboard: Cyber Experiments for Strategists and Policy Makers

CS 215 Fundamentals of Programming II Spring 2019 Very Basic UNIX

Install the Marionnet network simulator on Kali Linux Light vbox-i686

WELCOME TO SS-E AFNOG NAIROBI, KENYA. Scalable Services English

Change Management: DYNAMIC NETWORK MAPPING. LinuxWorld San Francisco Security Track. Presented by Joshua D. Abraham.

5/20/2007. Touring Essential Programs

Course Wiki. Today s Topics. Web Resources. Amazon EC2. Linux. Apache PHP. Workflow and Tools. Extensible Networking Platform 1

Creating a Yubikey MFA Service in AWS

Removing files and directories, finding files and directories, controlling programs

Bitnami MariaDB for Huawei Enterprise Cloud

Red Hat Enterprise Linux 7 Getting Started with Cockpit

Some Ubuntu Practice...

About the Tutorial. Audience. Prerequisites. Copyright & Disclaimer. Gerrit

CTEC1863/2018F Bonus Lab Page 1 of 5

User Accounts. The Passwd, Group, and Shadow Files

RH-202. RedHat. Redhat Certified Technician on Redhat Enterprise Linux 4 (Labs)

Lab 2: Linux/Unix shell

Connecting to ICS Server, Shell, Vim CS238P Operating Systems fall 18

Exim Practical. Patrick Okui. (based on materials from Brian Candler)

RedHat. Rh202. Redhat Certified Technician on Redhat Enterprise Linux 4 (Labs)

GNU/Linux 101. Casey McLaughlin. Research Computing Center Spring Workshop Series 2018

Perl and R Scripting for Biologists

2 Hardening the appliance

Linux Command Line Primer. By: Scott Marshall

COMS 6100 Class Notes 3

SECURITY+ LAB SERIES. Lab 3: Protocols and Default Network Ports Connecting to a Remote System

Command-line interpreters

Introduction to UNIX/LINUX Security. Hu Weiwei

Race Condition Vulnerability Lab

Lecture 08: When disaster strikes and all else fails

Utilities. September 8, 2015

Configuring and Running CD Tools

Embedded Linux Systems. Bin Li Assistant Professor Dept. of Electrical, Computer and Biomedical Engineering University of Rhode Island

Introduction to Linux

PiCloud. Building owncloud on a Raspberry PI

SQL Server vnext on Linux Ubuntu - Part 1

CS 460 Linux Tutorial

Exim Practical. (based on materials from Brian Candler)

CompTIA Linux Course Overview. Prerequisites/Audience. Course Outline. Exam Code: XK0-002 Course Length: 5 Days

User & Group Administration

Computer Systems and Architecture

AsteriskNow IPTables Firewall Configuration

Aware IM Version 8.1 Installation Guide

Lab #9: Basic Linux Networking

Masternode Setup Guide Local Wallet with VPS Server

Week 5 Lesson 5 02/28/18

Learning the Wonders. An introduction to creating great web-applications with Project Wonder. Deployment. Markus Ruggiero. 2013, Markus Ruggiero

How to Install a DHCP Server in Ubuntu and Debian

Transcription:

The Wonderful World of Services VINCE

Agenda definitions services for Windows and Linux breaks? auditing Linux logs for Linux useful tools

Goals develop a better understanding of Linux and Windows services (How this ties in with Auditing) base level auditing understand logs pick up some useful tools! better understanding of what to do initially in a competition

Services

What is a Service? an application (or set of applications) that runs in the background this application can enable your box to do a certain task, or carry out essential tasks such as running a web server

Some Common Services Domain Name System (DNS) Secure Shell (SSH) Databases MySQL, MongoDB (Graylog uses this!) APACHE cross-platform web server FTP File Transfer Protocol

NECCDC 2018 Services

Services Operate Over Ports

We can use nmap to check ports and services! We know a lot about nmap around these parts

https://www.stationx.net/nmap-cheatsheet/

Why do we need to know ports? if you are setting up your firewall, it s important to make sure you allow traffic over that port you can always change the port (config files) for example OverTheWire runs ssh over a different port

Services and Operating Systems server-oriented operating systems are good for services as you guys know there is Windows Server 20XX, you can use this but no one likes Windows so, why?

What service(s) are on my box? Older Architectures(S) service [SERVICE_NAME] [start stop restart reload status] Newer Architectures(S) systemctl [start stop restart reload status] [SERVICE_NAME]

ls /etc/init.d

service --status-all

service --status-all grep [+]

What about what is not running? service --status-all grep -v [+]

systemctl -l --type service --all

You can also run the previous command as root!

You can also look into your process manager to see services.

htop htop is not always there sudo apt-get install htop

The kill command

Some Explanation the command is used to end a process without having to log out or reboot a process is also referred to as a task that is in a running state these processes are given process identification numbers (PID) we need this as reference!

kill [PID] this works but no guarantee the process will end this by default sends signal 15, sometimes services will ignore this

kill -9 [PID] this command is a little misleading, it doesn t actually kill the process rather it send a signal to that process what that process does with that signal is up to the process itself processes have signal handlers, these define what it does with a signal our command from before kill [PID] has no signal supplied, therefore it defaults to 15 kill -9 [PID] is stronger, this signal is SIGKILL

kill -l we can use this to see the signal handlers http://www.linfo.org/kill.html

pstree -p this command is interesting we can actually use this to see the parent/ child relationship of processes, and by killing the parent process this will kill the child processes this makes it much easier to end processes, versus manually finding each PID

Ross Likes to Kill Bash Sessions

echo $$

What happens if I do kill -9 2155?

WINDOWS LAND!

Task Manager

Right click on a service to start or stop it?

You can search online too!

services.msc CMD -> services.msc Windows search for Services

These tools are sort of bland incomes Process hacker

Beware some services have dependencies! Windows firewall service depends on base filtering engine some services may not stop or start if a dependency is stopped

Active Directory this is a major Windows directory service! is AD broken? check DNS it was DNS

That s all for services, any questions?

These next slides are mainly competition help!

Auditing Your Box this is very important to in competitions! we actually covered a lot of auditing by just looking at services!

1 st Step, Check the Users cat /etc/passwd What do you notice?

What to do with these users? lock them passwd l [USERNAME] or unlock them passwd u [USERNAME] disable them passwd d [USERNAME] change their shell chsh s /bin/false [USERNAME]

Let s create the user webdude, what happens when we lock that account?

Ports your box is listening on? sudo netstat -tulpn

Another Command, sudo lsof -i

Don t forget about nmap!

Logs

A Bit About Linux on Logs Linux logs provide a timeline of events for the Linux OS, applications, and system verify useful trouble shooting tool logs are stored in plaintext and found in /var/log the next few slides are important logs on debian based systems

/var/log/kern.log

There are tons of log s for services too. Sometimes a service will generate it s own log file, such as apache.

auth.log this log contains all successful authentication attempts and failed! What can or should you look for? multiple failed login attempts from a single outside IP login attempts for system users, (cron) or any unknown user any know login attempts to root that were not you!

tail -40 /var/log/auth.log

Bringing it all together, this is what it is like in the wild https://www.youtube.com/watch?v=w8_kfjo3vju

Was there anything wrong with the web server? What command did web dude use to reboot the webserver? How did web dude access Chip s computer? Anything else you noticed?

STUFF I DIDN T COVER crontabs firewall appliances (UFW, IPTABLES) central logging (Graylog!) host based IDS (OSSEC) IDS in general (Snort) chmod and lsattr commands ssh keys and securing ssh /etc/shadow /etc/pam.d lot s of Windows stuff ):

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback