Basic Linux Security. Roman Bohuk University of Virginia

Similar documents
The Wonderful World of Services VINCE

HANDS UP IF YOU DON T HAVE A VM OR IF YOU DON T REMEMBER YOUR PASSWORDS. Or something broke

Overview LEARN. History of Linux Linux Architecture Linux File System Linux Access Linux Commands File Permission Editors Conclusion and Questions

Lab E2: bypassing authentication and resetting passwords

Linux Kung Fu. Ross Ventresca UBNetDef, Fall 2017

Linux Systems Administration Getting Started with Linux

Linux Kung Fu. Stephen James UBNetDef, Spring 2017

OPERATING SYSTEMS LINUX

Processes and authentication

Perl and R Scripting for Biologists

CTEC1863/2018F Bonus Lab Page 1 of 5

Introduction. What is Linux? What is the difference between a client and a server?

CS197U: A Hands on Introduction to Unix

Chap2: Operating-System Structures

Please choose the best answer. More than one answer might be true, but choose the one that is best.

CS197U: A Hands on Introduction to Unix

Linux Kung-Fu. James Droste UBNetDef Fall 2016

PL-I Assignment Broup B-Ass 5 BIOS & UEFI

ITDUMPS QUESTION & ANSWER. Accurate study guides, High passing rate! IT dumps provides update free of charge in one year!

Performing Administrative Tasks

Unit 2: Manage Files Graphically with Nautilus Objective: Manage files graphically and access remote systems with Nautilus

TexSaw Penetration Te st in g

Information System Audit Engr. Abdul-Rahman Mahmood MS, PMP, MCP, QMR(ISO9001:2000)

Using grub to Boot various Operating Systems

Operating Systems Linux 1-2 Measurements Background material

Booting up and Shutting down A primer for troubleshooting

INTRODUCTION TO LINUX

User Accounts. The Passwd, Group, and Shadow Files

UNIX / LINUX - GETTING STARTED

LAB #7 Linux Tutorial

The UNIX operating system is a set of programs that act as a link between the computer and the user.

Exercise Sheet 2. (Classifications of Operating Systems)

Embedded Linux Systems. Bin Li Assistant Professor Dept. of Electrical, Computer and Biomedical Engineering University of Rhode Island

CompTIA Linux Course Overview. Prerequisites/Audience. Course Outline. Exam Code: XK0-002 Course Length: 5 Days

Course Wiki. Today s Topics. Web Resources. Amazon EC2. Linux. Apache PHP. Workflow and Tools. Extensible Networking Platform 1

Operating Systems Lab 1 (Users, Groups, and Security)

Setting up a Chaincoin Masternode

Introduction to UNIX. Logging in. Basic System Architecture 10/7/10. most systems have graphical login on Linux machines

Lab Authentication, Authorization, and Accounting

Contents. Note: pay attention to where you are. Note: Plaintext version. Note: pay attention to where you are... 1 Note: Plaintext version...

User accounts and authorization

University of Pennsylvania Zachary Goldberg. CIS c. More Kernel Bits. 10/03/09 Slide 1

Linux. An introduction. Aurélien Villani 01/2018

Everything about Linux User- and Filemanagement

Answers to Even- Numbered Exercises

User & Group Administration

CSE 390a Lecture 3. Multi-user systems; remote login; editors; users/groups; permissions

More Raspian. An editor Configuration files Shell scripts Shell variables System admin

Linux Home Lab Environment

Adding a block devices and extending file systems in Linux environments

The kernel is the low-level software that manages hardware, multitasks programs, etc.

Hands-on Keyboard: Cyber Experiments for Strategists and Policy Makers

CSE 265: System and Network Administration

CSE 265: System and Network Administration

Project #3: Implementing NIS

1Z Oracle Linux 5 and 6 System Administration Exam Summary Syllabus Questions

Security principles Host security

RH-202. RedHat. Redhat Certified Technician on Redhat Enterprise Linux 4 (Labs)

RedHat. Rh202. Redhat Certified Technician on Redhat Enterprise Linux 4 (Labs)

Advanced Operating Systems and Virtualization. Alessandro Pellegrini A.Y. 2017/2018

Linux Essentials Objectives Topics:

Introduction to UNIX/LINUX Security. Hu Weiwei

UNIT 10 Ubuntu Security

Basic UNIX system administration

Filesystem Hierarchy and Permissions

RHCE BOOT CAMP. The Boot Process. Wednesday, November 28, 12

Chapter 5: User Management. Chapter 5 User Management

Linux+ Guide to Linux Certification, Third Edition. Chapter 2 Linux Installation and Usage

Computer Security Operating System Security & Access Control. Dr Chris Willcocks

GNU/Linux 101. Casey McLaughlin. Research Computing Center Spring Workshop Series 2018

CENG 334 Computer Networks. Laboratory I Linux Tutorial

Basic Shell Commands. Bok, Jong Soon

Linux Command Line Primer. By: Scott Marshall

Course 144 Supplementary Materials. UNIX Fundamentals

OBSERVEIT CLOUDTHREAT GUIDE

Users and Groups. his chapter is devoted to the Users and Groups module, which allows you to create and manage UNIX user accounts and UNIX groups.

commands exercises Linux System Administration and IP Services AfNOG 2015 Linux Commands # Notes

Permissions and Links

Operating system hardening

How to Restrict a Login Shell Using Linux Namespaces

CISC 220 fall 2011, set 1: Linux basics

B a s h s c r i p t i n g

McAfee Certified Assessment Specialist Network

*nix Crash Course. Presented by: Virginia Tech Linux / Unix Users Group VTLUUG

Linux Essentials. Smith, Roderick W. Table of Contents ISBN-13: Introduction xvii. Chapter 1 Selecting an Operating System 1

ANATOMY OF AN ATTACK!

Actual4Test. Actual4test - actual test exam dumps-pass for IT exams

UNIT 9 Introduction to Linux and Ubuntu

UNIX. The Very 10 Short Howto for beginners. Soon-Hyung Yook. March 27, Soon-Hyung Yook UNIX March 27, / 29

Introduction to Linux. Woo-Yeong Jeong Computer Systems Laboratory Sungkyunkwan University

Linux Class 2. Debian file system, superuser, editing text files, executing comands in the shell, configuring, installing and uninstalling packages.

NETW 110 Lab 3 Post-Installation Configuration Page 1

OS Security III: Sandbox and SFI

Introduction to Linux

Information System Audit Engr. Abdul-Rahman Mahmood MS, PMP, MCP, QMR(ISO9001:2000)

NETW 110 Lab 5 Creating and Assigning Users and Groups Page 1

Course 55187B Linux System Administration

Introduction. Let s start with the first set of slides

Advanced Systems Security: Ordinary Operating Systems

Lecture 08: When disaster strikes and all else fails

Transcription:

Basic Linux Security Roman Bohuk University of Virginia

What is Linux? An open source operating system Project started by Linus Torvalds kernel Kernel: core program that controls everything else (controls processes, i/o between applications) Not to be confused with Unix commercial OS Unix-like / *nix broad term encompassing both Unix and Linux

Flavors Timeline: https://tinyurl.com/linuxdt

VM Setup Get the VM from a flashdrive or install your own version Login with user:uv@cnsr0cks! 2 ways to connect it to the internet and give SSH access. In the VM network settings, select NAT The machine proxies the traffic through your NIC Add port 22 in the port forwarding settings, and SSH to localhost Bridged Connection The machine has its own IP on the LAN, and you can connect to it remotely If you want to set up a bridged connection, type ifconfig to find the MAC address, and add it at https://netreg.itc.virginia.edu/ (Register a device for network access)i

VM Setup

What happens when Linux boots? BIOS looks for and executes a Master Boot Record (MBR) MBR loads GRUB, the Linux bootloader which loads and runs the kernel Kernel mounts the filesystem, executes the programs in /sbin/init The init file runs the Linux at a specific runlevel The runlevel-specific programs are executed from /etc/rc.d/rc*.d/ 0 halt 1 single-user mode 2 multiuser mode (no networking) 3 full multiuser mode 5 GUI 6 reboot

Runlevels Practice: who -r # prints out the current runlevel init * # changes the runlevel to * who -Ha # lists the users who are logged in

Breaking Into Things Why? So you can defend it.

Cyber Kill Chain

Locked up box No external services? Comes down to whether or not there are any known vulnerabilities associated with the version of that system. Read about the vulnerability and try to create a payload, or you can use a tool like metasploit to do the job for you. Often works because it is hard to update something in a production environment (you can t just pause the website until you update it)

External services? External services? (web server, ftp, ssh) Same as the previous slide + extra attack surface Look for vulnerabilities in each service Identifying vulnerabilities comes down to experience and practice

Phishing? XKCD #538

Linux Users

User information Can pull information from a remote database (LDAP) Usually, the user information is stored on the filesystem General user info: /etc/passwd Password hashes: /etc/shadow Groups: /etc/group Every file and program has its own permissions and an owner

/etc/passwd

/etc/shadow

/etc/group

Permissions Permissions (read/write/exec) user group world Owner and Group

Permissions The goal of the attacker is to gain sudo permissions or become a root. This will allow him or her do anything on the system. Vulnerabilities can appear if permissions are not set properly A program that has access to the shell runs as root Ex: default settings for Jenkins server

Intermission

CTF Challenge 1. There is a site at http://10.164.31.92 that displays a random image of a cat or a dog upon request. Somewhere, there is also an image with a flag 2. Also, can you get the hash of mark s password? (remember /etc/shadow) The default directory for files on a web server is /var/www/html 3. Can you login as him?

Select Tricks

.bashrc.bashrc is a file that runs every time a user logs in Located in /home/user/.bashrc and /root/.bashrc Allows to execute a program as soon as the user logs in Fun: Use the alias command as a joke

chattr +i Sets the immutable flag Even the root user can t modify the file Remove lock using chattr I Find all chattr d files: find /etc/ xargs -I file lsattr -a file 2>/dev/null grep '^...i'

cron Add a cron job to retain persistence Executed every few days, hours, or minutes Run a script to set configuration from a backup crontab e to edit

SSH Keys A feature that allows users to be logged in without a password Stored in ~/.ssh/.authorized_keys Attackers can exploit it by adding extra keys SSH configuration can also be changed by adding a directive to the AuthorizedKeysFile Demo: creating a key and changing ssh settings

Systems users A lot of system users with no access to shell; check in /etc/passwd Attackers can give them sudo permissions and give access to shell If there is a global ssh key, no need to even set a password usermod -s /bin/bash username usermod -ag sudo username passwd username

Privilege escalation Once you have root access, no one can kick you out if you try hard enough Poor configuration can help gain privileges https://github.com/rebootuser/linenum There are special bits that let a program run as root even if it was called by a normal user setuid and setgid permissions Attackers can exploit them if those programs leak access to shell

Changing time It can be especially easy to notice a suspicious file if

history Works both ways Attackers can see what the user did to secure the machine and try to kick them out Users can see what the attackers did and act accordingly nano and vim also store their own histories. Sometimes you can see exactly what was changed To clear, enter history c and rm ~/.bash_history

Detection

Htop, tree Can see all processes The tree view allows to see what process is being run by what process

Lynis Can see all processes The tree view allows to see what process is being run by what process

Clamav Antivirus for Linux apt-get install clamav sudo freshclam

Backdoor your own system Add your own users and ssh keys Ls backdoor (devised by abiusx) https://tinyurl.com/lslog-ab

debsums -c Checks the filesystem to see if any configuration files have been modified

splunk More sophisticated event logger with analytics Combines logs from all services

Generic commands who -Ha lists authenticated users nmap localhost to check open ports netstat -tulpnae to check the network ps aux to check the running processes last shows the last login times for each user cmatrix because you can Try running privilege escalation tools against yourself

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback