SCSC 455 Computer Security Chapter 3 User Security

Index Password security Pluggable Authentication Modules (PAM) User security utilities sudo utility

Access computer system Users can access computer systems in two different ways: To use client software that connects to a server Q: What is client/server computing paradigm? Q: what is a server?  The user’s access is limited to the functions performed by the service running on the server To log in as a user on the system  The user must have a valid user account  The user must enter a password corresponding to a user ID Creating good passwords and keeping them secure is crucial

Creating good passwords What are the good practices of creating passwords? Must be long enough (the length >= 8 characters) Include at least one number or symbol Could include two or three words separated by symbols or numbers Using words are foreign or altered so that they do not appear in a dictionary Using a series of numbers or a pattern of altered letters can make it easier to remember Examples …

Attack on Passwords Attackers utilize social engineering to gain access to your system  Q: What is social engineering?  Examples … Attackers can also resort to brute force attack  Q: what is brute force attack? all possible combinations are tried until one succeeds in guessing a password

How to protect passwords? Protect password from social engineering  Passwords must not be written down especially not anywhere near the computer to which they provide access  Passwords must be chosen carefully so they can be remembered without a written aid  Passwords should not include easily guessed words or numbers  Users should never tell anyone their password Q: How to protect password from brute force attack?

Linux Password files When a new user account is added to the system, a single line is added to file /etc/passwd Example … The actual encrypted password is stored in the file /etc/shadow  can only access by root  In Red Hat Linux, passwords are encrypted by MD5 by default Example … Q: why using two files for passwords?

Managing Linux Passwords Each user can change his/her password using the passwd utility e.g. $ passwd  When this command is entered, the user is prompted to enter their current password, then their new password two times  passwd utility performs a few basic checks on the entered password based on the configuration of Linux PAM modules. Root can change any user’s password e.g. # passwd bob Caution: should NOT edit /etc/passwd and /etc/shadow files directly in a text editor.

passwd command-line options

useradd command-line options for password control

Index Password security Pluggable Authentication Modules (PAM) User security utilities sudo utility

Pluggable Authentication Modules The Pluggable Authentication Module (PAM) was developed by Sun Microsystems  PAM is an architecture and set of libraries that let a programmer create a module to perform a specific security- related function  System administrators can select, configure, and then use one or more PAM modules to control the PAM aware Linux programs How to use PAM?  select the modules necessary to to control the activity of a program  list them in the program’s configuration file (The details of PAM are not required in this course.)

Index Password security Pluggable Authentication Modules (PAM) User security utilities sudo utility

Security utilities for users There are many security utilities that system administrators and users need to be aware of  Some of security utilities are PAM controlled  Others are separated packages that you have to install and configure before using Security utilities for users (next a few slides)  Utilities for console security  Utilities for login security  Utilities for file security  Utilities for monitoring user activities

Utilities for console security Screen locking programs disable keyboard input and hide the screen so that private information is not visible nor accessible vlock is used from a text console xlock is employed from a graphical interface Linux desktop (Gnome and KDE) also have their own screensaver

Utilities for login security /etc/securetty file  The root user can only log in from terminals that are listed in the file /etc/securetty  By default this file contains only the virtual consoles terminals. None of the network or other devices are listed  Root cannot login from network /etc/nologin file  If /etc/nologin exists, only root can log in The contents in this file are displayed for any user tries to log in  When this file is deleted, all users can log in again

SUID Set UID bit (SUID)  Executable files can have a special file permission set SUID causes files to take on the permissions of the user who owns the file rather than the user who executed the file  Root can set SUID for a file # chmod u+s Warning: Too many files with SUID is a great security risk  any user on the system could easily get root access.

Utilities for file security Linux file systems support a number of attributes that you can set on files  Notice that: these attributes are different from file access control attributes (r, w, x) Examples …

Utilities for monitoring user activities Linux includes a number of utilities for monitoring user activities  who – list all of the users who are currently logged in on the system. who am i (to see who you are logged in as)  w - list all of the users who are currently logged in with their username, terminal, the command that the user is currently running, CPU time … includes the remote location from which the users has logged in

Utilities for monitoring user activities  mesg – Enable or disable the ability of other users to send a message to your screen (by using utilities such as write, talk).  dmesg – print the contents of the kernel ring buffer to screen. kernel ring buffer is a memory area holds messages generated by the kernel. Using dmesg utility to monitor all hardware related messages

Utilities for monitoring user activities  last – display a history of user log-ins and log-outs, system reboot information Examples …

Index Password security Pluggable Authentication Modules (PAM) User security utilities sudo utility

Why do we need “sudo” utility? Ans: If a server needs to be administered by a number of people, it is normally not a good idea for them all to use the root account.  difficult to determine exactly who did what, when and where if everyone logs in with the same credentials.  The sudo utility was designed to overcome this difficulty.

Sudo Sudo lets you assign privileges to any user account to execute only specific programs.  The system administrators can complete common administration task without login as root or su to root Examples …  /etc/sudoers configuration file to determine which user can perform which task.

How does sudo utitlity work? The basic format of a configuration line in /etc/sudoers user host = command_list Example … Note that: to edit /etc/sudoers file, you must use the visudo program

The security concern of sudo utility Sudo utility can present security dangers if not properly configured  A user should have exactly as much as access as her job requires. “need to know” “least privilege”  A malicious user will try to use access to a single command to gain access to other commands. Example …

The security concern of sudo utility Many program support shelling out. Q: what is “shelling out” ? The sudo utility cannot control it once the power is handed out.  Conclusion: system administrator must hand out sudo power carefully.