Presentation is loading. Please wait.

Presentation is loading. Please wait.

CIS 193A - Lesson 1 Welcome to CIS 193A UNIX/Linux Security Administration.

Similar presentations

Presentation on theme: "CIS 193A - Lesson 1 Welcome to CIS 193A UNIX/Linux Security Administration."— Presentation transcript:

1 CIS 193A - Lesson 1 Welcome to CIS 193A UNIX/Linux Security Administration

2 CIS 193A - Lesson 1 How this Class Works

3 CIS 193A - Lesson 1 Class Flowchart Question & Answers Practice Drills Lecture Homework: labs and assigned reading Grades 1.Lab assignments 2.Final exam 3.Log book

4 CIS 193A - Lesson 1 Resources Class Web site: CIS 193 Forum: Opus user account: with ssh access Virtual machines: - vCenter CCC Confer: lecture playbacks – Open labs: CTC and CIS Lab room 1403 Textbook and suggested readings

5 CIS 193A - Lesson 1 How to be successful in this class Start labs assignments early Use the forum Read labs before starting and follow each step carefully Use the lecture slides and CCC Confer videos as references when doing labs Use the forum to clarify expectations or confusing topics Experiment to see how things work Don't wait till the last minute to do labs Read the forum before starting a lab Get organized, read the Calendar and plan ahead Check your progress on Grades page Use the textbook to deepen your understanding Use Google for command syntax Think through labs ahead of time and make checklists as necessary Use the forum's search box (upper right corner) Read the lesson PowerPoint's when stuck on a lab Post lessons learned on the forum after completing a lab Check for Howtos for the task you are trying to accomplish Read the forum often Ask lots of questions on the forum Answer lots of questions on the forum Don't blindly follow instructions in labs, make sure you know what is happening Experiment to better understand things Follow all the instructions in a lab (especially the submittal part) Use Google when troubleshooting error messages Study groups are great for labs Get organized, use the Calendar to plan ahead Use the forum Check the Grades web page to see if you need to do extra credit Follow the instructions in labs Keep a cheat sheet of Linux commands Add scp and dhclient to your cheat sheet Use the forum Don't wait untill the last minute to start labs

6 CIS 193A - Lesson 1 CIS 193 Class Forum Use Search to find relevant posts Collaborate on lab assignments Get clarifications Get help when stuck on something Share Linux related information Catch up when you miss a class

7 CIS 193A - Lesson 1 CIS 193 Class Forum Forum Policy:  Account names must be first and last name.  Availability is 24 / 7.  Post topics on any-thing related to class.  Top 5 contributors earn extra credit.  Avatars are allowed, but identifying photos are preferred.  Visiting other forums is permitted. Look for the CIS 193A forum

8 CIS 193A - Lesson 1 Computer Security

9 CIS 193A - Lesson 1 Focus Question What are three of the most common vulnerabilities that allow crackers to compromise Linux systems?

10 CIS 193A - Lesson 1 What Is Security? The protection of value from threats. A computer system is secure when everyone who is authorized has access to the resources, and anyone who is not authorized, doesn’t have access. Question:Question: Is a computer cased in concrete and shot to the moon, a secure computer?

11 CIS 193A - Lesson 1 A Security Model Threat Agent Information Assets Threat Confidentiality Integrity Availability Incident Damage Prevention Correction * Safeguards Detection Recovery * also called Aversion or Damage Control

12 CIS 193A - Lesson 1 Risk  Threats * Vulnerabilities People –Social Engineering –Evesdropping –Wiretappiing Software –Malware –Steganography –Covert operations Nature –Fire, Flood –EM radiation People – Poor passwords – Unattended stations – Not following policies Software – Buffer overflows – Poor input validation Configuration Errors – Poor permissions – No passwords – Unneeded services ThreatsVulnerabilities

13 CIS 193A - Lesson 1 R Risk  Threats * Vulnerabilities - Safeguards Prevention: Strong passwords, Encryption, Software updates, Firewalls Detection: Intrusion Detection Systems, Logging, Monitoring, Auditing Correction: Killing processes, routing re- directs, reconfiguration, halt Recovery: Backups, Restore, DRP, Business Recovery Plan Safeguards

14 CIS 193A - Lesson 1 Exercises

15 CIS 193A - Lesson 1 Resetting Root Password Method 1 –Boot into single-user mode add single as a kernel parameter on boot line –Set the password using the passwd cmd Method 2 –Boot into a bash shell add init=/bin/bash as a kernel parameter –Remount the root file system as rw mount –o remount,rw /dev/sda2 / –Set the password using the passwd cmd Method 3 –Use an installation disk in “Rescue Mode”

16 CIS 193A - Lesson 1 Cracking Passwords Log in as cis193 and download “John the Ripper” from Opus $ scp guest193@opus:../depot/john-1.7.4.tar.gz. Extract the compressed tarball $ tar xzvf john-1.7.4.tar.gz Compile the binary $ cd john-1.7.4/src; make linux-x86-any Copy the /etc/shadow file to the run directory $ cd../run; cp /etc/shadow. # How? Run John the Ripper $./john shadow

17 CIS 193A - Lesson 1 Testing Passwords From cis193’s home directory, compile a program to test for good passwords: $ cc –o crack –lcrack src/crack.c $./crack

18 CIS 193A - Lesson 1 Accounts With No Passwords Check to see if any accounts have blank passwords # cut –f1,2 –d: /etc/shadow | grep ‘:$’ also check the password file # cut –f1,2 –d: /etc/passwd | grep ‘:$’

19 CIS 193A - Lesson 1 Finding Superuser Backdoors Search the password file for uid=0 $ awk –F: ‘$3 == 0 {print $1, \ “is a superuser!” }’ /etc/passwd

20 CIS 193A - Lesson 1 Suspicious Account Use Look at a user’s login history $ last [username] To look at failed login attempts $ lastb [username] note: lastb depends on /var/run/btmp

21 CIS 193A - Lesson 1 Testing User’s Search PATH Ensure that your search path contains no relative directories, including ‘.’ $ perl –e ‘print “PATH contains insecure relative directory \”$_\”\n” foreach grep ! m[^/], split /:/, $ENV{“PATH”}, -1;’ Note: it may be easier just to check the PATH variable in the.bash_profile.

22 CIS 193A - Lesson 1 Searching File Systems Using the Find Command Find searches for inode information -type [fdlbc] # file types: reg, dir, link … -user username | uid # owner of the file -groups groupname | gid # group of the file -perm permissions # octal number or symbol -size n[bckMG] # size in various units -inum n # inode number Each option is a boolean term in an AND expression find / -type d –user root –size 4k will find all directories owned by root that are 4K in size

23 CIS 193A - Lesson 1 Search File Systems For setuid/setgid Programs Check for insecure setuid (or setgid) programs # find /dir –type f –perm +ug=s Check for setgid directories # find /dir –type d –perm –g=s

24 CIS 193A - Lesson 1 Finding Writable Files Find world-writable files # find /dir –xdev –type f -perm –o=w Find world-writable directories # find /dir –xdev –type d -perm –o=w Find world-writeable files and directories that don’t have their sticky bit set. # find / -xdev –perm –o=w ! \( -type d –perm –o=t \) ! –type l

25 CIS 193A - Lesson 1 Review

26 CIS 193A - Lesson 1 Answer to Focus Question What are three of the most common vulnerabilities that allow crackers to compromise Linux systems? 1.Weak passwords 2.Non-updated software 3.Running unneeded services

27 CIS 193A - Lesson 1 Review Becoming root: sudo or su – To get command documentation: man command (linux xxxxxx command) To try again for a network connection: # service network restart To copy files to and from a remote system: scp filename user@hostname:path scp user@hostname:path filename scp lab The – is very important as this gets you root's environment filename could be just dot (.).

Download ppt "CIS 193A - Lesson 1 Welcome to CIS 193A UNIX/Linux Security Administration."

Similar presentations

Ads by Google