Capability and System Hardening

Similar documents
Linux Capability Exploration Lab

Files (review) and Regular Expressions. Todd Kelley CST8207 Todd Kelley 1

Linux Capabilities & Set-UID Vulnerability

CS/CIS 249 SP18 - Intro to Information Security

Privileges: who can control what

Outline. UNIX security ideas Users and groups File protection Setting temporary privileges. Examples. Permission bits Program language components

Introduction to Unix May 24, 2008

5/8/2012. Encryption-based Protection. Protection based on Access Permission (Contd) File Security, Setting and Using Permissions Chapter 9

To find all files on your file system that have the SUID or SGID bit set, execute:

Chapter 8: Security under Linux

find Command as Admin Security Tool

Introduction to Computer Security

Data Security and Privacy. Unix Discretionary Access Control

RED HAT ENTERPRISE LINUX 6 SECURITY TECHNICAL IMPLEMENTATION GUIDE (STIG) OVERVIEW Version 1, Release 2. 3 June 2013

6.858 Lecture 4 OKWS. Today's lecture: How to build a secure web server on Unix. The design of our lab web server, zookws, is inspired by OKWS.

Exercise 4: Access Control and Filesystem Security

Announcements. is due Monday April 1 needs to include a paragraph write-up about the results of using the two different scheduling algorithms

Processes are subjects.

Discretionary Access Control

Hands-on Keyboard: Cyber Experiments for Strategists and Policy Makers

Unix Basics. UNIX Introduction. Lecture 14

Processes are subjects.

CST8207: GNU/Linux Operating Systems I Lab Ten Boot Process and GRUB. Boot Process and GRUB

Race Condition Vulnerability Lab

Optional Labs. 0Handouts: 2002 ProsoftTraining All Rights Reserved. Version 3.07

LAB #7 Linux Tutorial

Find out where you currently are in the path Change directories to be at the root of your home directory (/home/username) cd ~

Exercise Sheet 2. (Classifications of Operating Systems)

Operating system hardening

Role-Based Access Control (RBAC) Lab Minix Version

CSE 565 Computer Security Fall 2018

CST8207: GNU/Linux Operating Systems I Lab Six Linux File System Permissions. Linux File System Permissions (modes) - Part 1

3/7/18. Secure Coding. CYSE 411/AIT681 Secure Software Engineering. Race Conditions. Concurrency

CSE 127: Computer Security. Security Concepts. Kirill Levchenko

Course 144 Supplementary Materials. UNIX Fundamentals

Filesystem Hierarchy and Permissions

Operating systems fundamentals - B10

CST8207: GNU/Linux Operating Systems I Lab Seven Linux User and Group Management. Linux User and Group Management

Case Studies in Access Control

bash startup files Linux/Unix files stty Todd Kelley CST8207 Todd Kelley 1

CIS Operating Systems File Systems Security. Professor Qiang Zeng Fall 2017

This is Worksheet and Assignment 12. Disks, Partitions, and File Systems

User Management. René Serral-Gracià Xavier Martorell-Bofill 1. May 26, Universitat Politècnica de Catalunya (UPC)

Protection Kevin Webb Swarthmore College April 19, 2018

Security Enhanced Linux

SELinux. Don Porter CSE 506

Case Study: Access Control. Steven M. Bellovin October 4,

Information System Audit Engr. Abdul-Rahman Mahmood MS, PMP, MCP, QMR(ISO9001:2000)

CIS 5373 Systems Security

User accounts and authorization

5/20/2007. Touring Essential Programs

CST8207: GNU/Linux Operating Systems I Lab Seven Linux User and Group Management. Linux User and Group Management

CENG 334 Computer Networks. Laboratory I Linux Tutorial

Filesystem Hierarchy and Permissions

Capabilities. Linux Capabilities and Namespaces. Outline. Michael Kerrisk, man7.org c 2018 March 2018

Some Ubuntu Practice...

Hardware. Ahmet Burak Can Hacettepe University. Operating system. Applications programs. Users

Computer Security. 04r. Pre-exam 1 Concept Review. Paul Krzyzanowski. Rutgers University. Spring 2018

CYSE 411/AIT681 Secure Software Engineering Topic #13. Secure Coding: Race Conditions

Operating System Security

Fall 2014:: CSE 506:: Section 2 (PhD) Securing Linux. Hyungjoon Koo and Anke Li

Secure Architecture Principles

Everything about Linux User- and Filemanagement

Linux Essentials. Programming and Data Structures Lab M Tech CS First Year, First Semester

Computer Security Operating System Security & Access Control. Dr Chris Willcocks

Practical Techniques to Obviate Setuid-to-Root Binaries

Lab 2A> ADDING USERS in Linux

Keys and Passwords. Steven M. Bellovin October 17,

Cray Security Administration: Tricks of the Trade T3D128 YMP8E. Bonnie Hall Senior System Specialist Exxon Upstream Technical Computing

This lab exercise is to be submitted at the end of the lab session! passwd [That is the command to change your current password to a new one]

CSE 303 Lecture 4. users/groups; permissions; intro to shell scripting. read Linux Pocket Guide pp , 25-27, 61-65, , 176

Advanced Systems Security: Ordinary Operating Systems

Module 4: Access Control

Protection. CSE473 - Spring Professor Jaeger. CSE473 Operating Systems - Spring Professor Jaeger

Securing Unix Filesystems - When Good Permissions Go Bad

Basic File Attributes

Basic Linux Security. Roman Bohuk University of Virginia

INSE 6130 Operating System Security. Overview of Design Principles

User Commands chmod ( 1 )

TEL2821/IS2150: INTRODUCTION TO SECURITY Lab: Operating Systems and Access Control

Files and Directories

General Access Control Model for DAC

UNIX File Hierarchy: Structure and Commands

Users, Groups and Permission in Linux

Linux Kung Fu. Stephen James UBNetDef, Spring 2017

CSE 390a Lecture 3. Multi-user systems; remote login; editors; users/groups; permissions

Linux & Shell Programming 2014

CSE 390a Lecture 4. Persistent shell settings; users/groups; permissions

22-Sep CSCI 2132 Software Development Lecture 8: Shells, Processes, and Job Control. Faculty of Computer Science, Dalhousie University

Permissions and Links

CSE 390a Lecture 4. Persistent shell settings; users/groups; permissions

We ve seen: Protection: ACLs, Capabilities, and More. Access control. Principle of Least Privilege. ? Resource. What makes it hard?

bash Scripting Introduction COMP2101 Winter 2019

cs642 /operating system security computer security adam everspaugh

Overview LEARN. History of Linux Linux Architecture Linux File System Linux Access Linux Commands File Permission Editors Conclusion and Questions

Operating Systems. Engr. Abdul-Rahman Mahmood MS, PMP, MCP, QMR(ISO9001:2000) alphapeeler.sf.net/pubkeys/pkey.htm

Outline. Operating System Security CS 239 Computer Security February 23, Introduction. Server Machines Vs. General Purpose Machines

CTEC1863/2018F Bonus Lab Page 1 of 5

CSCI 2132 Software Development. Lecture 5: File Permissions

Secure Architecture Principles

Transcription:

P a g e 1 Date Assigned: mm/dd/yyyy Date Due: mm/dd/yyyy by hh:mm Educational Objectives Capability and System Hardening This lab is designed to help you gain a better understanding of system hardening principles and hands-on experiences with common hardening techniques. Lab Environment One Fedora 18 system is needed for this lab. Please turn SELinux in permissive mode (setenforce 0). Resources: Most of the materials in the rest of this lab are derived from the following documents: [1] Guide to the Secure Configuration of Red Hat Enterprise Linux 5, Revision 4.1, February 28, 2011, by Operating Systems Division Unix Team of the Systems and Network Analysis Center, National Security Agency (NSA). [2] Security Configuration Benchmark for Red Hat Enterprise Linux 5, Version 2.0.0, December 16th, 2011, the Center for Internet Security (CIS). Section 1 Introduction to Linux Capabilities Unix/Linux systems use a security system that gives regular users a minimal amount of privilege, while gives root full privileges. Privileged operations are necessary in operating systems. Programs often need root privileges for a single activity, such as binding to a privileged port, or opening a file only root can access. In order to allow regular users to run these programs, the mechanism of Set-UID is introduced. Set-UID programs turn regular users into privileged users temporarily. This is proven dangerous. If the program is compromised, adversaries may obtain root privilege. In most cases, the involved operations usually do not need root privilege. Capabilities divide root privilege into a set of granular privileges. Each of these privileges is called a capability. With capabilities, a common user does not need to be a root to conduct privileged operations. All the user needs is to have the capability that is necessary for the privileged operations. If a privileged program is compromised, adversaries can only obtain limited privilege. The technology of capabilities has been implemented since Linux kernel 2.1 and has been significantly improved since kernel 2.6.24. A good introduction can be found from the following link:

P a g e 2 http://www.linuxjournal.com/article/5737 Available capabilities and their privileges are given in the following file: /usr/include/linux/capability.h A good example is the command ping. Please perform the following as root before working on the rest of the lab: setcap r /bin/ping chmod u+s /bin/ping In order to make it work for root and a regular user, ping is now a Set-UID program, as shown in the following screenshot: The letter s in the owner s field indicates that ping is a Set-UID program. When a regular user execute ping, his/her effective user id becomes root. If ping is compromised, the entire system can be compromised. The question is whether we can remove this privilege from ping. Let s turn ping into a non-set-uid program by executing the following as a root. chmod u-s /bin/ping Now, log in as a regular user and run ping www.google.com. You will receive the following error: The command does not work for a regular user, although it works for the root (test it). This is because ping uses ICMP that needs to open a RAW socket, which is a privileged operation. That is why ping has to be a Set-UID program. With capabilities, we do not need to give too much privilege to ping. The privilege it needs is to open a RAW socket, which can be granted with the cap_net_raw capability. This capability can be assigned to ping by doing the following as root:

P a g e 3 setcap cap_net_raw=ep /bin/ping Now, log in as a regular user and run ping www.google.com again. The ping succeeds this time, as it is shown below: Please use man pages to study how to use the following commands: setcap getcap The following command displays all Set-UID programs in the system: find / -type f perm -4000 print Please find the capabilities needed for a program from the article in the following link: https://wiki.archlinux.org/index.php/using_file_capabilities_instead_of_setuid Why some of the capabilities are desired? Please read the following post: http://stackoverflow.com/questions/7844933/usr-bin-passwd-and-the-cap-chown-capability Question 1: Choose one of the Set-UID programs you are interested in. Remove the SUID bit from the program and set proper capabilities to the program. Were you able to make it to work for a regular user without SUID bit being set? Please test your solution. a) What is the program you choose? b) Does it work for a regular user without the SUID bit being set? One common use of capabilities is to assign some application programs with desired privileges. Some applications need privileged operations to access certain resources. However, you don t

P a g e 4 want to run them as a root for security purposes. In this case, you can assign desired capabilities to such programs. For example, the program shown in Figure 1 needs to open the file /etc/shadow for reading purpose. If the operation is allowed, it shows Reading successful. Otherwise, it shows Reading failed. Figure 1 A simple application program Task 1 You are given an application program shown in Figure 1. You need to configure the program so that a regular user can run it and the result shows Reading successful. For security purpose, you don t want to make it owned by root and be a Set-UID program. In addition, you don t want to make the /etc/shadow file accessible to common users. Then you want to test your configuration to ensure it works as expected. Question 2: What do you need to do to achieve the goals specified in Task 1? Please use screenshots to demonstrate your work and results. Section 2 System-wide hardening Some of common system wide hardening items will be introduced in this section. 2.1. Password complexity In a Linux system, password complexity requirements are defined in the file /etc/login.defs. Please study the file and try to harden your system. Question 3: What changes would you like to make to the Password aging controls section in the /etc/login.defs file in order to harden your system?

P a g e 5 2.2. Account and password verification To ensure that no accounts have an empty password field, the following command should have no output: awk -F: ($2 == ) {print} /etc/shadow If this generates any output, fix the problem by locking each account or by setting a password for each account. To ensure that no password hashes are stored in /etc/passwd, the following command should have no output: awk -F: ($2!= x ) {print} /etc/passwd The hashes for all user account passwords should be stored in the file /etc/shadow and never in /etc/passwd, which is readable by all users. Question 4: Did you get any outputs by performing the above commands? If you did, please harden your system. 2.3. Group-writable and world-writable files User s home directory should not be writable by others except specific commissions are defined. You don t want to share your privacy with others. For each human user USER of the system, view the permissions of the user s home directory: ls -ld /home/user Ensure that the directory is not group-writable and that it is not world-readable (not worldwritable). If necessary, repair the permissions: chmod g-w /home/user chmod o-rwx /home/user For each human user USER of the system, view the permissions of all dot-files in the user s home directory:

P a g e 6 ls -ld /home/user /.[A-Za-z0-9]* Ensure that none of these files are group- or world-writable. Correct each mis-configured file FILE by executing: chmod go-w /home/user /FILE Question 5: Why would you perform the above checks in practice? 2.4. Verify that all world-writable directories have sticky bits set Locate any directories in current partition which are world-writable and do not have their sticky bits set. The following command will discover and print those directories if any. Run it once for each partition: find / -xdev -type d \( -perm -0002 -a! -perm -1000 \) -print Question 6: Did you see any output when running the above command? If this command produces any output, fix each reported directory /dir using the command: chmod +t /dir When the so-called sticky bit is set on a directory, only the owner of a given file may remove that file from the directory. Without the sticky bit, any user with write access to a directory may remove any file from that directory. Setting the sticky bit prevents users from removing each other s files. 2.5. Find unauthorized SUID/SGID system executables The following command discovers and prints any setuid or setgid files on local partitions. Run it once for each local partition: find / -xdev \( -perm -4000 -o -perm -2000 \) -type f -print If the file does not require a setuid or setgid bit set, then these bits can be removed by running the command: chmod -s filename

P a g e 7 System executables that need setuid or setgid bits set are listed in the security configuration guide. You may also be able to find this list in a manual or a system specification. In addition, replacing the setuid and setgid bits with proper capabilities will always limit the damage to the system when the program is compromised. Un-owned files are not directly exploitable, but they are generally a sign that something is wrong with some system process. They may be caused by an intruder, by incorrect software installation or incomplete software removal, or by failure to remove all files belonging to a deleted account. The files should be repaired so that they will not cause problems when accounts are created in the future, and the problem which led to un-owned files should be discovered and addressed. The following command will discover and print any files on local partitions which do not belong to a valid user and a valid group. Run it once for each local partition: find / -xdev \( -nouser -o -nogroup \) -print If this command shows any results, investigate each reported file. Then, either assign it to an appropriate user and group or remove it. Locate any directories in local partitions which are world-writable and ensure that they are owned by root or another system account. The following command will discover and print those directories (assuming that only system accounts have a uid lower than 500). Run it once for each local partition: find / -xdev -type d -perm -0002 -uid +500 -print If this command produces any output, investigate why the current owner is not root or another system account. Allowing a user account to own a world-writable directory is undesirable because it allows the owner of that directory to remove or replace any files that may be placed in the directory by other users. Question 7: How many system executables that have setuid or setgid bits set are there on your system? Give the command that you would use to obtain this number. 2.6. Ensuring system is not acting as a network sniffer The system should not be acting as a network sniffer. The file /proc/net/packet should contain exactly one header line, with entries similar to: sk RefCnt Type Proto Iface R Rmem User Inode

P a g e 8 If numbers appear in a row below this header, then a sniffing process is using the interface and this should be investigated. Please perform the above check to find whether your system is acting as a network sniffer. Question 8: Is your system acting as a network sniffer? In what case do you want a computer to function as a sniffer? Why you don t want your computer to act as a network sniffer? 2.7. Disabling all unneeded services at boot time Running as few services as possible on a system is one of the guidelines for hardening a system. Before you can take this hardening step, you need to determine which services are needed. Then you need to know which services are running on your system. The following command will tell you which services are enabled at boot: chkconfig --list grep :on The first column of the output is the names of services which are currently enabled at boot. Review each listed service to determine whether it can be disabled. If it is appropriate to disable some service srvname, do so using the command: chkconfig srvname off Please perform the above command and study the services that are enabled at boot on your system. Question 9: What are some of the services that you are enabled at boot? 2.8. Using group Help Desk Six software engineers are working on a project. They create a number of files. They want to make the files accessible (read and write) by the group members only (including root). Question 10: Sketch an approach to meeting the requirements specified in Help Desk. Section 3 Bonus (4%)

P a g e 9 In order to receive bonus points, you need to pick four (4) items from the security guide and/or hardening benchmark documents that you think are interesting and were not included in the previous section. Construct four questions, practice/test them on your computers and answer the questions in the format similar with those in the previous section. Put your questions and answers in your answer sheet as Bonus Questions. Your questions and answers will be verified and tested while grading. Four Questions (B01 B04) of your choices Survey Questions Questions in this section will not be graded, but will make your suggestions and voice heard by your instructor. GQ 1. What changes would you like to make to this lab? GQ 2. How much time did you spend to finish this lab? GQ 3. Do you learn anything new or gain a better understanding of class lecture by finishing this lab? Well, you have completed another lab for this class. Hope you enjoyed doing this lab. Please let me know if you have any comments.

P a g e 10 Answer Sheet ========================== Required Questions =========================== Question 1: Choose one of the Set-UID programs you are interested in. Remove the SUID bit from the program and set proper capabilities to the program. Were you able to make it to work for a regular user without SUID bit being set? Please test your solution. c) What is the program you choose? d) Does it work for a regular user without the SUID bit being set? Question 2: What do you need to do to achieve the goals specified in Task 1? Please use screenshots to demonstrate your work and results. Question 3: What changes would you like to make to the Password aging controls section in the /etc/login.defs file in order to harden your system? Question 4: Did you get any output by performing the above commands? Question 5: Why would you perform the above checks in practice? Question 6: Did you see any output when running the above command? Question 7: How many system executables that have setuid or setgid bits set are there on your system? Give the command that you would use to obtain this number. Question 8: Is your system acting as a network sniffer? In what case do you want a computer to function as a sniffer? Why you don t want your computer to act as a network sniffer? Question 9: What are some of the services that you are enabled at boot?

P a g e 11 Question 10: Sketch an approach to meeting the requirements specified in Help Desk. ========================= Bonus Questions (4%) ========================== Four Questions (B01 B04) of your choices =========================== Survey Questions =========================== GQ1. Would you like to make any changes to this lab? GQ2. How long did it take you to complete this lab? GQ3. Do you learn anything new or gain a better understanding of class lecture by finishing this lab?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback