Presentation is loading. Please wait.

Presentation is loading. Please wait.

Linux and UNIX Overview

Published byNeal Tate Modified over 6 years ago

Similar presentations

Presentation on theme: "Linux and UNIX Overview"— Presentation transcript:

1 Linux and UNIX Overview

2 Linux and UNIX Linux and UNIX OSs are… So we need to understand basics
Often targets for attacks Often used for launching attacks So we need to understand basics Linux and UNIX Overview

3 UNIX A “beautiful but strange beast”
Developed as research project by AT&T More than 35 years old Internet was built on UNIX Recently, popular for desktops, etc. Linux and UNIX Overview

4 UNIX It’s beautiful because… It’s powerful
Millions of people have worked on it Huge numbers of useful tools “Been around the block” more than once Closely associated with open source Admins can find lots of useful tools Linux and UNIX Overview

5 UNIX Strange because so many UNIX OSs Popular variants include
Solaris by Sun MacOS by Apple HP-UX by HP IRIX by sgi AIX by IBM FreeBSD, free open source OpenBSD, “the #1 most secure” OS Linux and UNIX Overview

6 UNIX Differences between UNIX variants Two main “lines” of UNIX
File systems organization System calls, commands, command options, etc. Two main “lines” of UNIX AT&T and BSD But some UNIXs are combinations Linux and UNIX Overview

7 Linux Developed by Linus Torvalds Technically, not a variant of UNIX
Created without using any of the underlying UNIX code A “UNIX-like environment” Strictly speaking, “Linux” is just the kernel Many Linux “distros”: Debian, Gentoo, Mandrake, Red Hat, Slackware, SuSE, etc. Linux and UNIX Overview

8 UNIX Here, generic UNIX/Linux concepts UNIX also strange because
Things that apply to most UNIX/Linux UNIX also strange because Not designed for ease of use Think command line, not GUI Ironically, much simpler than Windows… If you think Windows is easier, you don’t know Linux… …and you don’t know Windows Linux and UNIX Overview

9 UNIX Here, we focus on generic “UNIX”
Things that apply to most variants Book use “UNIX”, “Linux” interchangeably Here, we only scratch the surface For more info Linux Administration Handbook, by Nemeth Man pages Linux and UNIX Overview

10 Architecture File system Many things treated as files
Like traveling thru a city… Directories are like signs leading you to “buildings” (files) Many things treated as files Devices, elements of processes, files Linux and UNIX Overview

11 File System Top is root directory: / == “slash”
“cd /” takes you to root For example: /home/fred/hack.txt File hack.txt in directory /home/fred Linux and UNIX Overview

12 Important Directories
/ == root (top level), called “slash” /bin, /sbin == critical system exe’s /dev == devices, terminal, CD, etc. /etc == system config files Accounts, pwds, network addresses, etc. /home == user directories Linux and UNIX Overview

13 Important Directories
/lib == shared libraries for programs /mnt == exported file systems temporarily mounted, removable devices (e.g., USB) /proc == images/data of current processes Not on hard drive---can see what kernel is doing /tmp == temporary files /usr == critical system files (utilities, man pages, …) /var == stores various types of files, often for administration (log files) Linux and UNIX Overview

14 Important Directories
“.” is current directory “..” is parent directory One level up “ls” lists all files in directory “ls -a” lists “.” and “..” too Linux and UNIX Overview

15 Kernel UNIX and Linux are modular The core is the kernel
Heart and brains of OS Deals with critical system functions E.g., hardware interactions, resource allocation, … Programs call on kernel for these things Linux and UNIX Overview

16 Processes For program, kernel starts a process
Process is like a “bubble that contains the guts of a running program” Kernel creates bubble, inflates it and tries to keep bubbles from popping each other User programs, admin tools, services (e.g., Web, ) are processes May be 100s to 1000s of active processes Kernel juggles these into CPU, manages memory Linux and UNIX Overview

17 Processes High level view of architecture Linux and UNIX Overview

18 Processes Many processes run in background
Perform system-critical functions Printing, network activity, etc. Known as “daemons” Pronounced “day-muns” or “dee-muns” Named based on their function E.g., SSH daemon is sshd Linux and UNIX Overview

19 Automatic Processes Booting: kernel starts init daemon
Finishes boot process Init starts many network processes Httpd --- Web server, for http/https Sshd --- SSH service Sendmail --- common UNIX server NFS --- Network File System for sharing files between UNIX systems Linux and UNIX Overview

20 Network Services Network service listens to network
Web server listens on TCP port 80 server listens on TCP port 25 Wait for incoming traffic Lots of /Web traffic, so they listen constantly What about, say, FTP? Linux and UNIX Overview

21 Network Services To improve efficiency…
“Internet daemon” listens for uncommon services inetd (“I-Net-D”) or xinetd When traffic arrives, inetd activates appropriate service Uncommon services: echo, chargen, ftpd, telnetd, rsh, rlogin, TFTP, … Linux and UNIX Overview

22 inetd File /etc/inetd.conf tells inted what services to listen for: must specify Service name --- e.g., telnet (defined in /etc/services) Socket type --- type of connection? Protocol --- usually tcp or udp Wait status --- process handles multiple connection or not User Name --- name services should run as Server program and arguments inetd.conf is target of attacks Linux and UNIX Overview

23 inetd Relationship between inetd and other daemons
Linux and UNIX Overview

24 cron Cron daemon Attackers also like cron
Schedule programs to run at predetermined times For example, backup files at 3am Attackers also like cron E.g., shut down critical service at a particular time as part of back door Linux and UNIX Overview

25 Processes Can also start processes manually
“path” is searched for command To see path: echo $path Dangerous to have “.” in path Why? Linux and UNIX Overview

26 Interacting with Processes
Each process has process ID (PID) To get info on current processes “ps -aux” (all running processes) “lsof” (list of open files) Can send a signal to a process TERM to terminate, HUP to “hang up” (often rereads config), kill, killall, etc. Linux and UNIX Overview

27 Accounts Need an account to log in
A process runs with permissions of a given account /etc/passwd file One line for every account, e.g., sshd:*:75:75:sshd Privilege separation:/var/empty:/usr/bin/false Linux and UNIX Overview

28 Passwd File Each line contains Login name Hashed/encrypted password
UID number --- number assigned to account, used to determine permissions of processes Default GID --- default group number GECOS info --- not used by system, names, etc. Home directory --- directory after login Login shell --- sh, bash, csh, ksh, or another program Linux and UNIX Overview

29 Passwd File Passwd file is world readable
Attackers like to know hashed passwords Used for password guessing Most modern UNIX systems do not include hashed passwords in passwd file Instead, in “shadow” passwd file, /etc/shadow Requires super-user privilege to access So passwd file contains no passwords… Linux and UNIX Overview

30 Password File After much searching… Found my OS X hashed password is
0x3BBC2A94D59EB1D5D3452EA6FA47399B2A25664C Where SHA1 hash is used, with salt 0x8429A223 Extra credit: Find my password! Linux and UNIX Overview

31 Groups Group users together Assign permission to the group
Stored in file /etc/group, format is Group name Hashed group password --- never used GID number --- used by the system instead of group name Group members --- by login names Linux and UNIX Overview

32 Root Root account is all-powerful user
Maximum privilege --- can read, write any file Root == superuser or “God” UID == 0 “root” could be called anything, provided UID is 0 Can be multiple root accounts Linux and UNIX Overview

33 Permissions Every file has an owner and group
Owner (or root) sets permissions Permissions: owner, group, everybody For each of the 3, read, write, execute Use “ls -l” to see permissions -rw-r--r markstam markstam Feb 6 19:31 cs286.txt drwxr-xr-x 40 markstam markstam Jan 25 17:33 docs Linux and UNIX Overview

34 Permissions Linux and UNIX Overview

35 Permissions Change permissions using chmod
“change modes” Give new permissions in octal For example: chmod 745 foo This corresponds to: rwxr--r-x Linux and UNIX Overview

36 SetUID Sometimes user needs to access file and they do not have permissions Example: to change password (assuming hashes stored in shadow file) SetUID == Set User ID Use this so program will execute with permission of it’s owner As opposed to permission of user executing it Password changing program: SetUID root Linux and UNIX Overview

37 SetUID Gives “common” users lots of power
OK if used in controlled way for specific tasks SetUID permissions appear before 9 standard permission bits In fact, 3 additional bits SetUID, SetGID, “sticky bit” For example: chmod 4745 foo Shows up in “ls -l” as an s: -r-sr-xr-x 1 root wheel Jan /usr/bin/passwd Linux and UNIX Overview

38 SetUID Attackers like SetUID programs
May be possible to exploit flaws in code (buffer overflow) to elevate privilege New/modified SetUID programs may be evidence of attack Linux and UNIX Overview

39 Trust Relationships That is, trust between machines
Can specify which machines to trust Bob trusts Alice Linux and UNIX Overview

40 Trust Relationships Unauthenticated access by users from trusted machine Since trusted machine (presumably) already authenticated the user If trusted, the r-commands (rlogin, rsh, rcp) require no password Also, r-commands do not encrypt How does Bob know trusted Alice is Alice? Linux and UNIX Overview

41 Logs and Audit Created by syslog daemon (syslogd) Typical log files
Secure --- logins, successful and failed Message --- catch-all system log Individual app logs --- for specific apps Linux and UNIX Overview

42 Logs and Audit Forensic info also logged
Attackers like to cover their tracks To do so, may need to manipulate… utmp --- who is logged in wtmp --- record of all logins and logouts lastlog --- time and location of each user’s most recent login Linux and UNIX Overview

43 Common Network Services
Telnet --- command line remote access No encryption, session can be hijacked, … FTP --- file transfer Insecure, like telnet SSH --- encrypted “tunnel” Then safe to use unsafe services SSH version 1 insecure, version 2 is good Linux and UNIX Overview

44 Common Network Services
HTTP --- Web Source of many attacks --- sendmail, several security issues r-commands --- rlogin, rsh, rcp Considered very insecure DNS --- domain names to IP addresses Critical service, good one for attackers… Linux and UNIX Overview

45 Common Network Services
NFS --- transparently access files across network NFS server “exports” directory info Local machine can “mount” these, so files appear to be locally accessible Like FTP without all of the trouble of FTP-ing Of course, exporting too much may be bad X-Window System --- X11 (or just “X”) The underlying GUI service in UNIX X server controls screen, provides service Must limit who can display/access your screen Linux and UNIX Overview

46 Conclusion UNIX/Linux Popular OSs More than 30 years old
Fundamental part of Internet Widely used OSs Platform of choice for many attackers Linux and UNIX Overview

47 Summary Linux and UNIX Overview

Download ppt "Linux and UNIX Overview"

Similar presentations

COEN 250 Computer Forensics Unix System Life Response.

COEN 250 Computer Forensics Unix System Life Response.
The UNIX File System Harry Chen Department of CSEE University of MD Baltimore County.

The UNIX File System Harry Chen Department of CSEE University of MD Baltimore County.
Basic Unix system administration

Basic Unix system administration
Some history PDP versions BSD/Version 7 split VAX virtual memory implementations End of line 4.4 BSD System V merges Modern versions OSF/1, Solaris, HPUX.

Some history PDP versions BSD/Version 7 split VAX virtual memory implementations End of line 4.4 BSD System V merges Modern versions OSF/1, Solaris, HPUX.
Chapter One The Essence of UNIX.

Chapter One The Essence of UNIX.
Unix Refresher This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.

Unix Refresher This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.
Linux and UNIX Overview 1 Linux and UNIX Overview.

Linux and UNIX Overview 1 Linux and UNIX Overview.
Processes & Daemons Chapter IV / Part III. Commands Internal commands: alias, cd, echo, pwd, time External commands, code is in a file: grep, ls, more.

Processes & Daemons Chapter IV / Part III. Commands Internal commands: alias, cd, echo, pwd, time External commands, code is in a file: grep, ls, more.
Guide To UNIX Using Linux Third Edition

Guide To UNIX Using Linux Third Edition
Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition
Chapter 3 Unix Overview. Figure 3.1 Unix file system.

Chapter 3 Unix Overview. Figure 3.1 Unix file system.
1 Network File System. 2 Network Services A Linux system starts some services at boot time and allow other services to be started up when necessary. These.

1 Network File System. 2 Network Services A Linux system starts some services at boot time and allow other services to be started up when necessary. These.
Linux System Administration LINUX SYSTEM ADMINISTRATION.

Linux System Administration LINUX SYSTEM ADMINISTRATION.
1. This presentation covers :  User Interface Administration  Files System and Services Management 2.

1. This presentation covers :  User Interface Administration  Files System and Services Management 2.
UNIX ™ /Linux Overview Unix/IP Preparation Course June 9, 2013 Lusaka, Zambia.

UNIX ™ /Linux Overview Unix/IP Preparation Course June 9, 2013 Lusaka, Zambia.
O.S security Ge Zhang Karlstad University. Outline Why O.S. security is important? Security schemes in Unix/Linux system Security schemes in windows system.

O.S security Ge Zhang Karlstad University. Outline Why O.S. security is important? Security schemes in Unix/Linux system Security schemes in windows system.
Introduction to Linux Installing Linux User accounts and management Linux’s file system.

Introduction to Linux Installing Linux User accounts and management Linux’s file system.
Overview of Linux CS3530 Spring 2014 Dr. José M. Garrido Department of Computer Science.

Overview of Linux CS3530 Spring 2014 Dr. José M. Garrido Department of Computer Science.
Mid 1960 ’ s - Multics - proposed by AT&T, Honeywell, GE & MIT; funded by DARPA 1969 - Thompson & Ritchie create Unix 1978 to 84 - Bill Joy & Chuck Haley.

Mid 1960 ’ s - Multics - proposed by AT&T, Honeywell, GE & MIT; funded by DARPA Thompson & Ritchie create Unix 1978 to 84 - Bill Joy & Chuck Haley.
CIS 218 Advanced UNIX 1 User and System Information CIS 218.

CIS 218 Advanced UNIX 1 User and System Information CIS 218.

Similar presentations

Ads by Google