《unix系统安全》ppt课件

1、*NIX系统平安系统平安曹鹏曹鹏 资深平安顾问，资深平安顾问，CISP, CCID平安专栏作家平安专栏作家东软东软NETEYE谋划部谋划部北京北京 caopengneusoft2003 Neteye. All rights reserved.Confidential Do Not Copy or Distribute四月 20034000SUID0040同组用户可写同组用户可写2000SGID0020同组用户可读同组用户可读1000“粘着位粘着位”0010同组用户可执行同组用户可执行0400属主可写属主可写0004其他用户可写其他用户可写0200属主可读属主可读0002其他用户可读其他用户可读

2、0100属主可执行属主可执行0001其他用户可执行其他用户可执行rootsmithers /etc# ls -al |moretotal 937drwxr-xr-x 32 root root 3072 Aug 31 11:07 .drwxr-xr-x 16 root root 1024 May 27 08:05 .-rw- 1 root root 0 May 25 08:22 .pwd.lock-rw-r-r- 1 root root 20 May 25 08:55 HOSTNAME-rw-r-r- 1 root root 42 May 25 12:56 MACHINE.SID-rw-r-r-

3、 1 root root 5468 Mar 29 1999 Muttrcdrwxr-xr-x 14 root root 1024 May 27 07:46 X11-rw-r-r- 1 root root 39 Jun 2 08:24 adjtime-rw-r-r- 1 root root 732 Apr 19 16:38 aliases-rw-r-r- 1 root root 16384 May 25 08:36 aliases.db-More-rw-r-r- 1 root root 1 Mar 21 1999 at.deny# chmod 600 at.deny-rw- 1 root roo

4、t 1 Mar 21 1999 at.deny 用命令用命令 chmod u-s file 可去掉可去掉file的的SUID位位accton /var/account/acctsa alastcommService NamePort NumberFTP21FTP Data20Telnet23SMTP (email)25HTTP (WWW)80HTTPS (Secure WWW)443# inetd.conf This file describes the services that will be available# through the INETD TCP/IP super server

5、. To re-configure# the running INETD process, edit this file, then send the# INETD process a SIGHUP signal.# Echo, discard, daytime, and chargen are used primarily for testing.# To re-read this file after changes, just do a killall -HUP inetd#echo stream tcp nowait root internal#echo dgram udp wait

6、root internal#discard stream tcp nowait root internal#discard dgram udp wait root internal#daytime stream tcp nowait root internal#daytime dgram udp wait root internal#chargen stream tcp nowait root internal#chargen dgram udp wait root internal#time stream tcp nowait root internal#time dgram udp wai

7、t root internal# These are standard services.#ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -l -atelnet stream tcp nowait root /usr/sbin/tcpd in.telnetdrootsmithers rc3.d# ls -a. S11portmap S40crond S55routed S60rusersd S85sound. S15netfs S45pcmcia S55sshd S60rwhod S90 xfsK30sendmail S20random S

8、50inet S60lpd S75keytable S91smbS05apmd S30syslog S50snmpd S60nfs S85gpm S99linuxconfS10network S40atd S55named S60rstatd S85httpd S99localrootsmithers rc3.d# 禁用启动脚本 改动脚本名，使他不以大写的S 开头Mon Nov 25 12:10:06 2002 error client 14 request failed: error reading the headersUseHostsAllowFile/UseHos

9、tsDenyFile 用用/etc/hosts.allow , /etc/hosts.deny来来作为允许作为允许/制止的地址列表制止的地址列表pop3(110)端口端口邮件客户端邮件客户端软件软件非加密衔接非加密衔接pop3(110)端口端口经过经过ssh客户客户端转发的本地端转发的本地端口端口(7755)邮件客户端软件邮件客户端软件:foxmailssh效力端口效力端口(22)ssh客户端软客户端软件件加密衔接加密衔接 Module 6: 了解系统入侵了解系统入侵如何知道系统曾经被入侵如何知道系统曾经被入侵相关记录用相关记录用#注释掉。注释掉。出并重新登录出并重新登录root，更改才干生效

10、。，更改才干生效。上面的命令制止上面的命令制止core files“core 0，限，限制进程数为制进程数为“nproc 50“，且限制内存运用为，且限制内存运用为5M“rss 5000。录，录，host.mydomain是登录这个目录的是登录这个目录的机器名，机器名，ro意味着意味着mount成只读系统，成只读系统，root_squash制止制止root写入该目录。最后写入该目录。最后为了让上面的改动生效，还要运转为了让上面的改动生效，还要运转/usr/sbin/exportfs -a 同时建议采用同时建议采用ssh替代替代telnet和和ftp-l每一个每一个ftp衔接都写到衔接都写到sysl