Linux and UNIX Overview - PowerPoint PPT Presentation

About This Presentation
Title:

Linux and UNIX Overview

Description:

– PowerPoint PPT presentation

Number of Views:197
Avg rating:3.0/5.0
Slides: 48
Provided by: marks9
Learn more at: http://www.cs.sjsu.edu
Category:
Tags: unix | linux | overview

less

Transcript and Presenter's Notes

Title: Linux and UNIX Overview


1
Linux and UNIX Overview
2
Linux and UNIX
  • Linux and UNIX OSs are
  • Often targets for attacks
  • Often used for launching attacks
  • So we need to understand basics

3
UNIX
  • A beautiful but strange beast
  • Developed as research project by ATT
  • More than 35 years old
  • Internet was built on UNIX
  • Recently, popular for desktops, etc.

4
UNIX
  • Its beautiful because
  • Its powerful
  • Millions of people have worked on it
  • Huge numbers of useful tools
  • Been around the block more than once
  • Closely associated with open source
  • Admins can find lots of useful tools

5
UNIX
  • Strange because so many UNIX OSs
  • Popular variants include
  • Solaris by Sun
  • MacOS by Apple
  • HP-UX by HP
  • IRIX by sgi
  • AIX by IBM
  • FreeBSD, free open source
  • OpenBSD, the 1 most secure OS

6
UNIX
  • Differences between UNIX variants
  • File systems organization
  • System calls, commands, command options, etc.
  • Two main lines of UNIX
  • ATT and BSD
  • But some UNIXs are combinations

7
Linux
  • Developed by Linus Torvalds
  • Technically, not a variant of UNIX
  • Created without using any of the underlying UNIX
    code
  • A UNIX-like environment
  • Strictly speaking, Linux is just the kernel
  • Many Linux distros Debian, Gentoo, Mandrake,
    Red Hat, Slackware, SuSE, etc.

8
UNIX
  • Here, generic UNIX/Linux concepts
  • Things that apply to most UNIX/Linux
  • UNIX also strange because
  • Not designed for ease of use
  • Think command line, not GUI
  • Ironically, much simpler than Windows
  • If you think Windows is easier, you dont know
    Linux
  • and you dont know Windows

9
UNIX
  • Here, we focus on generic UNIX
  • Things that apply to most variants
  • Book use UNIX, Linux interchangeably
  • Here, we only scratch the surface
  • For more info
  • Linux Administration Handbook, by Nemeth
  • Man pages

10
Architecture
  • File system
  • Like traveling thru a city
  • Directories are like signs leading you to
    buildings (files)
  • Many things treated as files
  • Devices, elements of processes, files

11
File System
  • Top is root directory / slash
  • cd / takes you to root
  • For example /home/fred/hack.txt
  • File hack.txt in directory /home/fred

12
Important Directories
  • / root (top level), called slash
  • /bin, /sbin critical system exes
  • /dev devices, terminal, CD, etc.
  • /etc system config files
  • Accounts, pwds, network addresses, etc.
  • /home user directories

13
Important Directories
  • /lib shared libraries for programs
  • /mnt exported file systems temporarily
    mounted, removable devices (e.g., USB)
  • /proc images/data of current processes
  • Not on hard drive---can see what kernel is doing
  • /tmp temporary files
  • /usr critical system files (utilities, man
    pages, )
  • /var stores various types of files, often for
    administration (log files)

14
Important Directories
  • . is current directory
  • .. is parent directory
  • One level up
  • ls lists all files in directory
  • ls -a lists . and .. too

15
Kernel
  • UNIX and Linux are modular
  • The core is the kernel
  • Heart and brains of OS
  • Deals with critical system functions
  • E.g., hardware interactions, resource allocation,
  • Programs call on kernel for these things

16
Processes
  • For program, kernel starts a process
  • Process is like a bubble that contains the guts
    of a running program
  • Kernel creates bubble, inflates it and tries to
    keep bubbles from popping each other
  • User programs, admin tools, services (e.g., Web,
    email) are processes
  • May be 100s to 1000s of active processes
  • Kernel juggles these into CPU, manages memory

17
Processes
  • High level view of architecture

18
Processes
  • Many processes run in background
  • Perform system-critical functions
  • Printing, network activity, etc.
  • Known as daemons
  • Pronounced day-muns or dee-muns
  • Named based on their function
  • E.g., SSH daemon is sshd

19
Automatic Processes
  • Booting kernel starts init daemon
  • Finishes boot process
  • Init starts many network processes
  • Httpd --- Web server, for http/https
  • Sshd --- SSH service
  • Sendmail --- common UNIX email server
  • NFS --- Network File System for sharing files
    between UNIX systems

20
Network Services
  • Network service listens to network
  • Web server listens on TCP port 80
  • Email server listens on TCP port 25
  • Wait for incoming traffic
  • Lots of email/Web traffic, so they listen
    constantly
  • What about, say, FTP?

21
Network Services
  • To improve efficiency
  • Internet daemon listens for uncommon services
  • inetd (I-Net-D) or xinetd
  • When traffic arrives, inetd activates appropriate
    service
  • Uncommon services echo, chargen, ftpd, telnetd,
    rsh, rlogin, TFTP,

22
inetd
  • File /etc/inetd.conf tells inted what services to
    listen for must specify
  • Service name --- e.g., telnet (defined in
    /etc/services)
  • Socket type --- type of connection?
  • Protocol --- usually tcp or udp
  • Wait status --- process handles multiple
    connection or not
  • User Name --- name services should run as
  • Server program and arguments
  • inetd.conf is target of attacks

23
inetd
  • Relationship between inetd and other daemons

24
cron
  • Cron daemon
  • Schedule programs to run at predetermined times
  • For example, backup files at 3am
  • Attackers also like cron
  • E.g., shut down critical service at a particular
    time as part of back door

25
Processes
  • Can also start processes manually
  • path is searched for command
  • To see path echo path
  • Dangerous to have . in path
  • Why?

26
Interacting with Processes
  • Each process has process ID (PID)
  • To get info on current processes
  • ps -aux (all running processes)
  • lsof (list of open files)
  • Can send a signal to a process
  • TERM to terminate, HUP to hang up (often
    rereads config), kill, killall, etc.

27
Accounts
  • Need an account to log in
  • A process runs with permissions of a given
    account
  • /etc/passwd file
  • One line for every account, e.g.,
  • sshd7575sshd Privilege separation/var/empty
    /usr/bin/false

28
Passwd File
  • Each line contains
  • Login name
  • Hashed/encrypted password
  • UID number --- number assigned to account, used
    to determine permissions of processes
  • Default GID --- default group number
  • GECOS info --- not used by system, names, etc.
  • Home directory --- directory after login
  • Login shell --- sh, bash, csh, ksh, or another
    program

29
Passwd File
  • Passwd file is world readable
  • Attackers like to know hashed passwords
  • Used for password guessing
  • Most modern UNIX systems do not include hashed
    passwords in passwd file
  • Instead, in shadow passwd file, /etc/shadow
  • Requires super-user privilege to access
  • So passwd file contains no passwords

30
Password File
  • After much searching
  • Found my OS X hashed password is
  • 0x3BBC2A94D59EB1D5D3452EA6FA47399B2A25664C
  • Where SHA1 hash is used, with salt
  • 0x8429A223
  • Extra credit Find my password!

31
Groups
  • Group users together
  • Assign permission to the group
  • Stored in file /etc/group, format is
  • Group name
  • Hashed group password --- never used
  • GID number --- used by the system instead of
    group name
  • Group members --- by login names

32
Root
  • Root account is all-powerful user
  • Maximum privilege --- can read, write any file
  • Root superuser or God
  • UID 0
  • root could be called anything, provided UID is
    0
  • Can be multiple root accounts

33
Permissions
  • Every file has an owner and group
  • Owner (or root) sets permissions
  • Permissions owner, group, everybody
  • For each of the 3, read, write, execute
  • Use ls -l to see permissions
  • -rw-r--r-- 1 markstam markstam 767 Feb 6
    1931 cs286.txt
  • drwxr-xr-x 40 markstam markstam 1360 Jan 25
    1733 docs

34
Permissions
35
Permissions
  • Change permissions using chmod
  • change modes
  • Give new permissions in octal
  • For example chmod 745 foo
  • This corresponds to rwxr--r-x

36
SetUID
  • Sometimes user needs to access file and they do
    not have permissions
  • Example to change password (assuming hashes
    stored in shadow file)
  • SetUID Set User ID
  • Use this so program will execute with permission
    of its owner
  • As opposed to permission of user executing it
  • Password changing program SetUID root

37
SetUID
  • Gives common users lots of power
  • OK if used in controlled way for specific tasks
  • SetUID permissions appear before 9 standard
    permission bits
  • In fact, 3 additional bits
  • SetUID, SetGID, sticky bit
  • For example chmod 4745 foo
  • Shows up in ls -l as an s
  • -r-sr-xr-x 1 root wheel 75636 Jan 11 2007
    /usr/bin/passwd

38
SetUID
  • Attackers like SetUID programs
  • May be possible to exploit flaws in code (buffer
    overflow) to elevate privilege
  • New/modified SetUID programs may be evidence of
    attack

39
Trust Relationships
  • That is, trust between machines
  • Can specify which machines to trust

Bob trusts Alice
40
Trust Relationships
  • Unauthenticated access by users from trusted
    machine
  • Since trusted machine (presumably) already
    authenticated the user
  • If trusted, the r-commands (rlogin, rsh, rcp)
    require no password
  • Also, r-commands do not encrypt
  • How does Bob know trusted Alice is Alice?

41
Logs and Audit
  • Created by syslog daemon (syslogd)
  • Typical log files
  • Secure --- logins, successful and failed
  • Message --- catch-all system log
  • Individual app logs --- for specific apps

42
Logs and Audit
  • Forensic info also logged
  • Attackers like to cover their tracks
  • To do so, may need to manipulate
  • utmp --- who is logged in
  • wtmp --- record of all logins and logouts
  • lastlog --- time and location of each users most
    recent login

43
Common Network Services
  • Telnet --- command line remote access
  • No encryption, session can be hijacked,
  • FTP --- file transfer
  • Insecure, like telnet
  • SSH --- encrypted tunnel
  • Then safe to use unsafe services
  • SSH version 1 insecure, version 2 is good

44
Common Network Services
  • HTTP --- Web
  • Source of many attacks
  • Email --- sendmail, several security issues
  • r-commands --- rlogin, rsh, rcp
  • Considered very insecure
  • DNS --- domain names to IP addresses
  • Critical service, good one for attackers

45
Common Network Services
  • NFS --- transparently access files across network
  • NFS server exports directory info
  • Local machine can mount these, so files appear
    to be locally accessible
  • Like FTP without all of the trouble of FTP-ing
  • Of course, exporting too much may be bad
  • X-Window System --- X11 (or just X)
  • The underlying GUI service in UNIX
  • X server controls screen, provides service
  • Must limit who can display/access your screen

46
Conclusion
  • UNIX/Linux
  • Popular OSs
  • More than 30 years old
  • Fundamental part of Internet
  • Widely used OSs
  • Platform of choice for many attackers

47
Summary
Write a Comment
User Comments (0)
About PowerShow.com