UNIX Systems Security I Tools

1
UNIX Systems Security I Tools

• Instructor
• Victor Hazlewood, CISSP
• victor_at_reference-systems.com

1Q06 UNIX Security Tools Victor Hazlewood
2
Introduction

• Instructor profile
• Prerequisites
• Course outline
• Course bookOReilly Security bookOReilly
  make book (optional)
• Course format

1Q06 UNIX Security Tools Victor Hazlewood
3
Instructor Profile

• gt15 years experience with UNIX and Windows
  systems
• 7 years as Manager, HPC Systems at SDSC
• 2 years at Strategic Data Systems (DoD)
• 2 years ISO at SDSC
• Worked with security experts at SDSC, Texas AM
  and other sites
• 8 years experience teaching Security
• Written System Admin and InfoSec articles for
  SysAdmin
• Certified Information Systems Security
  Professional

1Q06 UNIX Security Tools Victor Hazlewood
4
Prerequisites

• Knowledge of use of UNIX as an end user is
  required
• Unix Systems Programming or equivalent experience
  with make, rcs and compiling
• Knowledge of UNIX System Admin is a big help but
  not required
• Experience building UNIX applications with a
  high-level language a plus

1Q06 UNIX Security Tools Victor Hazlewood
5
Course Outline

• Module 1- Defense-In-Depth overview- RCS, make
  and compiling overview- Password cracking with
  john-the-ripper- Protecting root with sudo (src
  binary)
• Module 2- Review of RCS, make and compile/link-
  Review of authentication - Unix accounting and
  security- Performance analysis with sar

1Q06 UNIX Security Tools Victor Hazlewood
6
Course Outline

• Module 3- Review of rootkits - chkrootkit
  check for rootkits (Some about Windows
  rootkits)- Network traffic analysis with ntop -
  Port scanning with nmap
• Module 4- Quiz 1- Review of NIDS-
  Vulnerability Assessment with Nessus- Forensics
  with The Coroners Toolkit

1Q06 UNIX Security Tools Victor Hazlewood
7
Course Outline

• Module 5- Review of HIDS- Configuration
  management with cfengine - Packet analysis with
  Ethereal- Demonstration of commercial Tripwire
• Module 6- Linux built ins - syslog -
  tcp_wrappers- Review of tools and knowledge-
  Final Exam

1Q06 UNIX Security Tools Victor Hazlewood
8
Module 1

• Defense-In-Depth security strategy
• Introduction to security tools
• Tool 1 password cracking with john-the-ripper
• Tool 2 protecting root privileges with sudo

1Q06 UNIX Security Tools Victor Hazlewood
9
Defense-In-Depth
1Q06 UNIX Security Tools Victor Hazlewood
10
Defense-In-Depth
1Q06 UNIX Security Tools Victor Hazlewood
11
Defense-In-Depth
1Q06 UNIX Security Tools Victor Hazlewood
12
Defense-In-Depth
1Q06 UNIX Security Tools Victor Hazlewood
13
Defense-In-Depth
1Q06 UNIX Security Tools Victor Hazlewood
14
Introduction to Tools

• Sourceforge.net
• Rpmfind.net
• Google search

1Q06 UNIX Security Tools Victor Hazlewood
15
Introduction to Tools

• Downloading software from the Net
• Checking PGP signatures A MUST!
• Review of pgp signature checking

1Q06 UNIX Security Tools Victor Hazlewood
16
Introduction to Tools

• Overview of building and applicationcompile,
  link and run
• Using make and RCS
• make maintain, update and generate files.
  Software development tool
• RCS - revision control systemCommands ci, co,
  rlog

1Q06 UNIX Security Tools Victor Hazlewood
17
Introduction to Tools

• Make sure you have make
• Make sure you have gcc
• What we have on our linux systems

1Q06 UNIX Security Tools Victor Hazlewood
18
make and RCS

• Compile, link and run overview

1Q06 UNIX Security Tools Victor Hazlewood
19
make and RCS

• Consider hello world application
• Must automate chain of commands in correct order
• A simple Makefile description file
• dependency line target
  prerequisite(s)command line lttabgt
  command
• Use of UNIX file last-modification times
• cat v t e Makefile to view tabs

1Q06 UNIX Security Tools Victor Hazlewood
20
make

• Assumptions
• The project files and description files reside in
  the same directory
• The description files are named makefile or
  Makefile
• The directory containing these files is the
  current directory when you issued the make command

1Q06 UNIX Security Tools Victor Hazlewood
21
make

• Macros - by convention in uppercaseCC LD
  CFLAGS LDFLAGSSOURCES OBJECTS
  LIBS
• Macro priority
• Internal definitions of make
• Current shell environment variables
• Macro definitions from description file
• Macro definitions on the command line

1Q06 UNIX Security Tools Victor Hazlewood
22
make

• Macro string substitutionOBJECTS
  SOURCES.c.o
• Internal macros_at_ current target? List of
  prereqs newer than current target

1Q06 UNIX Security Tools Victor Hazlewood
23
make

• Simplifying with suffix rules
• Set of default rules which describes conventions
• .c files require C compiler
• .f files require Fortran compiler
• .s files require assembler
• ,v files require RCS check out
• Etc

1Q06 UNIX Security Tools Victor Hazlewood
24
make

• Consider the more complicated getpw example
• getpw get password entry program with two
  source code files
• getpw.c
• logit.c
• Long Makefile example
• Use of suffix rules and short cuts
• make clean

1Q06 UNIX Security Tools Victor Hazlewood
25
RCS

• When you should use RCS
• When code is to be maintained by more than 1
  person
• When code is more than 1000 lines
• When source code contains many source code decks
• Because you want to write maintainable code,
  right?

1Q06 UNIX Security Tools Victor Hazlewood
26
RCS

• See rcsintro(1) man page
• Store and retrieve revisions of files
• Maintain complete history of changes
• Maintain revision control between users
• Hierarchical revision tree capability
• Merge of development branches

1Q06 UNIX Security Tools Victor Hazlewood
27
RCS

• Gnu RCS utilities
• co(1) check out
• ci(1) check in
• rlog(1) rcs history log
• rcsclean(1), rcsdiff(1), rcsmerge(1), rcsfile(5),
  rcs
• Setting and Breaking locks
• Check out locked co l helloworld.c
• Break a lock rcs u helloworld.c

1Q06 UNIX Security Tools Victor Hazlewood
28
make and RCS

• Using RCS with make
• RCS directory
• filename,v naming convention
• Example make dependency linehelloworld.c
  helloworld.c,v co helloworld.c
• Some versions of make have RCS (and SCCS) suffix
  rules built in gnu make vs. vendor make

1Q06 UNIX Security Tools Victor Hazlewood
29
RCS

• How to Compile, Link and Run helloworld.c by hand
• Clean all but source code
• helloworld can be built without any Makefile
• Here is how to build a helloworld Makefile to
• Checkout
• Compile with extra dependency on a header file
• Link
• Clean
• Define CC, CFLAGS, SOURCES, OBJECTS
• Rewrite taking advantage of built in suffix rules
• Makefiles for projects with many source code files

1Q06 UNIX Security Tools Victor Hazlewood
30
Tool 1 john-the-ripper

• Overview
• Websitehttp//www.openwall.com/john/
• DownloadFrom website
• Documentationdoc/README, doc/INSTALL,
  doc/EXAMPLES, doc/MODES

1Q06 UNIX Security Tools Victor Hazlewood
31
Tool 1 john-the-ripper

• Configurationnot really much to change here
• Installationmake (Gives configured
  versions)make system
• ExerciseBuild john and use it to crack
  these/ucsdext/Tools/john/lab.passwd/ucsdext/Too
  ls/john/lab.shadow

1Q06 UNIX Security Tools Victor Hazlewood
32
Tool 2 sudo

• Overviewhttp//www.courtesan.com/sudo/intro.html
• Websitehttp//www.courtesan.com/sudo
• Planning the build for NFS install
• New configure step
• check syslog facility (if desired)
• sudoers file in /etc change sysconfdir to
  /usr/local/etc to move

1Q06 UNIX Security Tools Victor Hazlewood
33
Configuration

• Configure script builds Makefile and config.h
  (config.status is important, too)
• Check Where to install things variables
• Do the make
• Next is make install as root
• ExerciseConfigure and build sudoset
  installation dir to /usr/local

1Q06 UNIX Security Tools Victor Hazlewood