COSC 316 COMPUTER HOSTS SECURITY

1
COSC 316 COMPUTER HOSTS SECURITY

• SOUNDARARAJAN EZEKIEL
• COMPUTER SCIENCE DEPARTMENT
• INDIANA UNIVERSITY OF PENNYLVANIA
• INDIANA, PA 15705

2
Part II Security Building BlocksChapter 5
User, Group, and the superuser

• We will talk about
• How Unix groups can be used to control access to
  files and devices
• Superuser root
• The su command
• Restriction on the Superuser

3
Chapter 5 User, Groups and the Superuser

• Every Unix user has username ( user identifier
  UID)
• Unix has some special username for a variety of
  system functions
• Here are some common user on various versions of
  Unix
• root Superuser account- performs accounting
  and low level functions
• bin Binary owner- has ownership of system files
  on some system doesnt execute programs
• daemon- handles some aspect of the network- some
  utility program such as print spoolers
• mail- handles e-mail
• guest- infrequent user
• ftp- anonymous file transfer protocol access

4
Users and Groups Conti..

• uucp- controls ownership of the Unix ports
• UUCP stands for Unix to Unix CoPy. The term
  generally refers to a suite of computer programs
  and protocols allowing remote execution of
  commands and transfer of files, email and netnews
  between computers. Specifically, uucp is one of
  the programs in the suite it provides a user
  interface for requesting file copy operations.
  The UUCP suite also includes uuxqt (user
  interface for remote command execution), uucico
  (communication program), uustat (reports
  statistics on recent activity), and uuname
  (reports the uucp name of the local system).
• UUCP usage began to die out with the rise of ISPs
  offering inexpensive SLIP and PPP services. The
  UUCP Mapping Project was shut down in late 2000.
• For more information see the webpage
• news- used for Usenet news
• lp- used for printer system
• nobody- owns no files and is sometimes used as a
  default user unprivileged operation
• www/ http - runs the web server
• named- runs the BIND name server--
• http//www.cepba.upc.es/docs/sgi_doc/SGI_Admin/boo
  ks/IA_NetwkMail/sgi_html/ch06.html

5
Users and Groups Conti..

• sshed- performs unprivileged operations for the
  OpenSSH Secure Shell daemon
• operator- used for creating backups and for
  printer operations
• games- allowed to access high-score files
• amanda- used for the Amanda backup system
• AMANDA (Advanced Maryland Automatic Network Disk
  Archiver) is a backup system that allows the
  administrator of a LAN to set up a single master
  backup server to back up multiple hosts to a
  single large capacity tape drive. AMANDA uses
  native dump and/or GNU tar facilities and can
  back up a large number of workstations running
  multiple versions of Unix.

6
Password file

• /etc/passwd database file for user accounts
• /etc/shadow, /etc/security/passwd,
  /etc/master.passwd ? password file
• User Identifier UID
• UID are usually 16 bit integers 0-65535
• UID between 0-99 system function
• 100-1000 humans
• UID 0 for Superuser kernel disable security
  check for this user
• Other versions singed 16 bit, 32 bit
• rachelx181181Rachel Cohen/u/rachel/bin/ksh
• Rachels username is rachel and UID is 181
• UID for OS
• Username for humans

7
Groups and Group Identifiers (GIDs)

• Every Unix user belongs to ne or more groups
• Groups have both group name and GID
• GIDs are 16 bit integers now 32 bit numbers
• Group users together group names and ids are
  assigned by the administrators
• Designed to set users who are allowed to read,
  write and/or execute a specific file
• Each user belong to a primary group that is
  stored in the /etc/passed file
• Example we can group all the student who work in
  a project not others

8
Unix-continued

• Group used to restrict access to sensitive
  information
• Rachel, arlin are individual users
• rachelx181100Racel cohen/u/rachel/bin/ksh

Username
Holding place UID GID full name
home dir user shell For password
/etc/group files contains the database that list
every group on your computer and Its
corresponding GID its format is similar to
password file Example wheel0root,rachel Wheel
? group name--- most of the system it is group of
system admin -gtgroups password 0? groups
GID Root, rachel, ? list of the user who are in
the group Here GID 0 not significant like UID
but group name is important In the book page
102-103 shows other group like http, users,
vision,
9
Group password

• newgrp command us used to change the users
  active group
• To set a group password first assign a password
  to user with passwd command use textt editor to
  copy from /etc/passwd file into /etc/group file
• Once you switch from one group to another you
  are privilege to that group
• Group passwords are rarely used, will give
  security problems

10
Super User (root)

• Almost every Unix system come with a special
  user in the /etc/passwd file with a UID 0
• This user is known as the Superuser with user
  name root and the password is called
  rootpassword
• Root account is the identity used by the OS
  itself to accomplish its basic functions such as
  logging users in and out of the system, recording
  accounting information, managing I/O device
• What Superuser can do
• Process control
• Send and signal to any process
• Bypass login access
• Change his process UID
• Logout all users

11
Superuser cont..

• Device control
• Access any working device
• Shutdown and reboot the system
• Set the date and time
• Read modify any memory location
• Create new device
• Network control
• Run network device
• Reconfigure the network
• Put the network into promiscuous mode
• Promiscuous mode, in computing, refers to the
  practice of putting a network card into a setting
  so that it passes all traffic it receives to the
  CPU rather than just packets addressed to it.
• File system control
• Read modify, delete any file or program on the
  system
• Run any program mount/unmount
• Add, remove or change user account
• Enable disable quotas and accounting

12
Superuser cont..

• Superuser CANT DO
• Make changes to file system that is mounted read
  only
• Unmount a file that contains open file
• Write directly to a directory or create a hard
  link to a directory
• Decrypt a password
• Any user can be a Superuser
• Superuser Security weakness
• Can do anything once a person gains Superuser
  privileges
• Overcome- store sensitive files on a removable
  media
• Encrypt your files
• Mount the disk read only
• Keep backup current

13
The su command Changing Who You Claim to Be.

• su means substitute user
• You can access your information from your friends
  account by su command
• Most common use of su command is to invoke
  Superuser access
• Process in Unix has at least two identities
• realUID your real UID
• You can use su command to access superuser
• There are other IDs
• SavedID some version of Unix you can use
  setuid program to set UID of 0
• Effective GID, realGID, and setgid which is
  corresponds to UID

14
Becoming the Superuser

• Typing su without username tells Unix that you
  wish to become the Superuser.
• Always type with /bin/su that is full path
  name
• To exit type exit
• Use su command with caution
• Another common use of su command is to run a
  program under a specific usedID in a script that
  is being run automatically by the root
• Restriction of su unless you are in wheel group
• Most version of su command log successful and
  failed attempts

15
Restriction on the Superuser.

• Secure terminals limiting where the super user
  can log in
• BSD Kernel Security level- FreeBSD, Mac OS X,
  and other OS have kernel security level reduce
  the power of root user
• Level 0- part of system startup
• Level 1 secure more
• Write access to the raw disk partition is
  prohibited
• Raw access to SCSI bus controller is prohibited
• The content of IP packets cannot be logged
• Raw I/O to the system console is prohibited
• Some access denied
• Additional kernel module cannot be loaded
• The system clock cannot be set backwards
• Level 2 very secure mode
• Reads from raw disk partition are not permitted
• Level 3 really-really secure mode
• Changes to the IP filter are not permitted
• These set by sysctl command
• Sysctl kern.securelevel1
• It increase overall security
• It makes system to harder to administer

16
Linux Capabilities

• Another mechanism for limiting the power of the
  Superuser is the Linux capabilities system,
  invented on the other OS 50 years ago included
  in Linux 2.4 kernel
• Table 5.2 shows the power of super user
• Conclusion
• Every account has a unique UID
• It determines access right to various fields and
  services
• Each account also belong to one or more groups
  represented by GID
• Special account called root which is a complete
  control over the system
• Limit root access
• Routinely check for su command attempt
• Some version of Unix have additional security
  measure to help contain damage if the root
  account is stolen