Transcript CIS 290 LINUX Security

CIS 290
LINUX Security
Basic Network Security
“Chroot Jail”
Network services
•
Determine open services:
netstat –tulpn -ORnmap -sT -O localhost
•
Disable with chkconfig. And/or remove software.
•
Use TCP_WRAPPERS (xinetd)
•
Configure iptables
•
Remove Xwindows:
yum groupremove "X Window System“
•
Set initdefault to runlevel 3
•
No cleartext services HTTP, TELNET, FTP, rcmd, (see gov’t requirements) - use SSH, SSL, SFTP.
Restrict NFS/CIFS to local networks only.
•
Basic tools: ping, traceroute, netstat, nmap, netcat (nc) telnet
Chroot jail
• Isolate user process within a “virtual” root file system.
• Similar to web “virtual document root” or vsftpd “chroot_local_user=YES”.
• As root: chroot <directory path> <command>
• Trick is to automate the process for user login, file transfer (sftp) or
specific applications.
• Most daemon processes have their own “chroot” methodology.
• Not as secure, less isolating as LINUX containers or Solaris zones (CIS 228)
for specific application environnments.
Google Hacking
• We can use a standard Google search to find interesting pages such as
indexes.
- “index of /etc”
- “index of /etc” passwd
- “index of /etc” shadow
• Google allows us to do more than just simple searching using advanced
operators
• E.g.
– filetype:
– inanchor:
– intext:
– intitle:
– inurl:
– site:
Using Advanced Operators
• We can now search in the Title field for indexed pages:
intitle:index.of./etc passwd
intitle:index.of./etc shadow
• We can use the filetype: operator:
password filetype:xls
filetype:config web.config -CVS
filetype:mdb users.mdb
• Combining Operators
filetype:eml eml +intext:"Subject" +intext:"From" +intext:"To“
"# -FrontPage-" ext:pwd inurl:(service | authors | administrators | users)
"# -FrontPage-" inurl:service.pwd
Google Hacking Database (GHDB)
• Thousands of search URL’s
• Javascript: entries very powerful
• Enter Wikto – Web Server Assessment Tool
- Back-end Miner
- Nikto-like functionality
- Googler file searcher
- GoogleHacks GHDB tester