Presentation is loading. Please wait.

Presentation is loading. Please wait.

Unix Refresher This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.

Published byMatilda Johns Modified over 9 years ago

Similar presentations

Presentation on theme: "Unix Refresher This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen."— Presentation transcript:

1 Unix Refresher This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen C. Hayne

2 Linus Torvalds Was the chief architect behind the Linux kernel. Most of the work was done while he was still an undergraduate. He completed a master’s degree from the University of Helsinki in Computer Science and now lives and works in the United States.

3 Unix File System Structure Everything is treated as a file Tree structure / (root) is the root of the tree Filenames can be up to 32 characters in length. There is no file type designation. Hacker.txt doesn’t imply a file type of TXT. The period “.” is part of the name.

4 Unix Directories / - root directory, contains the other subdirs. /bin, /sbin – system binaries needed to boot the system /dev – peripheral devices, disks, tapes, CD /etc – system configuration files, password files, network configuration information

5 Unix Directories /home – user home directories /lib – shared libraries /mnt – temporary mount point /proc – images of currently running processes /tmp – temporary scratch space /usr – more system binaries, C headers, system administration binaries /var – log files, spool space for printers

6 Unix Directories “.” – means the current directory “..” – means a directory one level up “…” – should not exist but is the favorite place for hackers to hide their code “.name” – a dot in front of a filename denotes a hidden file that won’t show up with a standard ls command.

7 Unix Kernel & Processes Kernel – core OS module, controls HW Process – running program and memory All running programs are processes. Use the “ps –ef” command to examine the process list. Kernel handles process swapping and execution.

8 More Process Information PID – unique identifier for each process “lsof” tells you what files the process has opened for use.

9 Unix Kernel & Processes System processes running in the background are called daemons. Common naming convention is the name of the service followed by a “d” telnet is controlled by the telnetd process.

10 Automatic Process Startup All processes have to be activated by the kernel or some other process The ‘init’ daemon runs the boot startup scripts that start all system processes. Startup scripts are in /etc/init.d, /sbin/init.d, /etc/rcX.d, /sbin/rcX.d where X=0-6

11 Automatic Process Startup Run levels 0 – halt 1 – single user mode 2 – multi-user mode, no networking 3 – multi-user mode with networking 4-5 – reserved 6 - reboot

12 Init, inetd Init starts processes at boot time including network services and inetd. Inetd listens for service requests and starts a process to handle the service. Inetd.conf is a favorite target of hackers. They install backdoors to the system.

13 Automatic Process Startup Inetd is the master control process for well known network services Config file is /etc/inetd.conf Network services are listed in /etc/services Comment character is a # and if it’s in column 1, then the process is NOT started.

14 /etc/inetd.conf format Service name – the name of the service Socket Type: stream (TCP) dgram (UDP) raw rdm (reliably delivered message) Protocol – tcp or udp Wait/nowait – wait means subsequent requests must wait for the first one to finish

15 /etc/inetd.conf format Username – the owner of the process Server program – the name and location of the system daemon Server program arguments – arguments and configuration flags that should be passed to the network service

16 Cron The cron utility is the mechanism that allows processes to start at specific times. /usr/lib/crontab, /etc/crontab are typical locations of the config file.

17 /etc/passwd, /etc/shadow /etc/passwd is the master password file for the system. Login name – the account name Encrypted password field – one-way encryption of the account password UID – unique numeric identifier for the account. This is what Unix uses.

18 /etc/passwd, /etc/shadow GID – group id number that identifies the group GECOS info – commonly used to list the name of the account owner Home directory – user home directory Login Shell – default user shell

19 /etc/passwd, /etc/shadow /etc/passwd is world readable. This is what lets CRACK run on it. All you need is access to the system (login, WWW, FTP) and the ability to get a copy of the file. /etc/shadow is the defense against the CRACK attack

20 /etc/passwd, /etc/shadow /etc/shadow contains the encrypted password field and is readable by root only. An “x” is placed as a marker in the equivalent field in /etc/passwd. If you can read /etc/shadow, you have root and no need to crack passwords.

21 Linux Password Cracking Ophcrack

22 /etc/group Unix allows you to bunch users into groups. /etc/group contains the info on the valid groups on the system. Group name: name of the group Encrypted group password : N/A GID #: unique group id number Group Members: list of users in the group

23 File Permissions RWXRWXRWX Owner perms Group Perms Other/World Denoted by octal number: RWX=111=7 The above perms are 777.

24 SUID/SGID SetUID allows the file to run with the perms of the owner of the file. SUID to root is a favorite hacker trick. This means a file will run with the perms of the owner of the file (root). Used to create backdoors into system /bin/csh with perms: 4555.

25 SUID/SGID SetGID bit does the same except for groups. Regular perms are actually 0XYZ where 0 – perm bits for SUID, SGID, sticky bit 4 = SUID, 2 = SGID, 1=sticky bit X – perm bits for owner of file Y – perm bits for group access Z – perm bits for other/world access

26 Trusted Systems When a system trusts another, it allows the trusted system to authenticate users on its behalf. It depends on the security of the trusted system. Trust but verify!

27 Trusted Systems.rhosts or /etc/hosts.equiv list the machines and users to be trusted. You should NEVER see these on your system. Period. Any software that requires the use of this concept (and there are many) is not secure. Favorite hacker trick: set up a trust to another compromised system

28 System Logs /etc/syslog.conf contains the locations of the system logs. Can be remote or local. Syslogd is the syslog daemon. /var/log/syslog, /var/log/secure, /var/adm/messages, /var/adm/syslog.dated/current/kern.log /etc/utmp, /etc/wtmp, /etc/lastlog

Download ppt "Unix Refresher This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen."

Similar presentations

Unit 5 – User Administration Randy Marchany VA Tech Computing Center.

Unit 5 – User Administration Randy Marchany VA Tech Computing Center.
Basic Unix system administration

Basic Unix system administration
Linux can be generally divided into four major components: 1. KERNEL – OS, ultimate boss The kernel is the core program that runs programs and manages.

Linux can be generally divided into four major components: 1. KERNEL – OS, ultimate boss The kernel is the core program that runs programs and manages.
A Guide to Unix Using Linux Fourth Edition

A Guide to Unix Using Linux Fourth Edition
1 Unix Systems Administration Y. K. Chang Generic Unix Directory Structure /bin /dev /etc /sbin /home /lost+found / Root Dir /dsk /rdsk /term /pts /rmt.

1 Unix Systems Administration Y. K. Chang Generic Unix Directory Structure /bin /dev /etc /sbin /home /lost+found / Root Dir /dsk /rdsk /term /pts /rmt.
Unix permissions, ownership and setuid File security and ownership The chmod(1) command Process Ownership Setuid, Setgid and the Sticky bit Writing setuid.

Unix permissions, ownership and setuid File security and ownership The chmod(1) command Process Ownership Setuid, Setgid and the Sticky bit Writing setuid.
Introduction to Unix (CA263) File System

Introduction to Unix (CA263) File System
Exploring the UNIX File System and File Security

Exploring the UNIX File System and File Security
1 The Attack and Defense of Computers Dr. 許 富 皓. 2 Passwords in Unix/Linux Systems.

1 The Attack and Defense of Computers Dr. 許 富 皓. 2 Passwords in Unix/Linux Systems.
Linux Intro Linux, the do it yourself OS Linux, successor to MINIX Linux, Unix for the masses (PC users) History:

Linux Intro Linux, the do it yourself OS Linux, successor to MINIX Linux, Unix for the masses (PC users) History:
Linux and UNIX Overview 1 Linux and UNIX Overview.

Linux and UNIX Overview 1 Linux and UNIX Overview.
Linux Linux File System.

Linux Linux File System.
Guide To UNIX Using Linux Third Edition

Guide To UNIX Using Linux Third Edition
Information Networking Security and Assurance Lab National Chung Cheng University Investigating Unix System.

Information Networking Security and Assurance Lab National Chung Cheng University Investigating Unix System.
Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition
Chapter 3 Unix Overview. Figure 3.1 Unix file system.

Chapter 3 Unix Overview. Figure 3.1 Unix file system.
1. This presentation covers :  User Interface Administration  Files System and Services Management 2.

1. This presentation covers :  User Interface Administration  Files System and Services Management 2.
File System and Directory Structure in Linux. What is File System In a computer, a file system is the way in which files are named and where they are.

File System and Directory Structure in Linux. What is File System In a computer, a file system is the way in which files are named and where they are.
Guide To UNIX Using Linux Fourth Edition

Guide To UNIX Using Linux Fourth Edition
CIS 218 Advanced UNIX 1 User and System Information CIS 218.

CIS 218 Advanced UNIX 1 User and System Information CIS 218.

Similar presentations

Ads by Google