|
DataMuseum.dkPresents historical artifacts from the history of: DKUUG/EUUG Conference tapes |
This is an automatic "excavation" of a thematic subset of
See our Wiki for more about DKUUG/EUUG Conference tapes Excavated with: AutoArchaeologist - Free & Open Source Software. |
top - metrics - downloadIndex: P T
Length: 12764 (0x31dc)
Types: TextFile
Names: »Practical_Unix_Security«
└─⟦4f9d7c866⟧ Bits:30007245 EUUGD6: Sikkerheds distributionen
└─⟦this⟧ »./misc/Practical_Unix_Security«
"Practical Unix Security"
by Simson Garfinkel and Eugene Spafford
O'Reilly & Associates (the Nutshell Handbook people).
Approx 480 pages, 1991, $29.95.
ISBN 0-937175-72-2
Quotes from reviewers:
Cliff Stoll:
Worried about who's in your Unix system?
Losing sleep because someone might be messing with your computer?
Having headaches from obscure computer manuals?
Then _Practical_Unix_Security_ is for you.
This handy book tells you where the holes are and how to cork 'em up.
Moreover, you'll learn about how Unix security really works.
Spafford and Garfinkel show you how to tighten up your Unix system
without pain. No secrets here -- just solid computing advice.
Buy this book and save on aspirin.
Tom Christiansen, Convex Computer Corp:
This book is the first I've seen that actually seemed to
address the many security issues that I keep around on
my own little list, and it did so well.
Paul Clark, Trusted Information Systems:
The book could easily become a standard desktop reference for
anyone involved in system administration. In general, its
comprehensive treatment of Unix security issues
will enlighten anyone with an interest in the topic.
Matt Bishop, Dartmouth
...I liked the book; it covers a lot of material not
normally covered and provides practical instructions on how to do
things. This will be very useful for practitioners...This book is
far superior to any other I have seen on UNIX security.
Laurie Sefton, Apple:
Finally there is a UNIX security book that covers the BSD world as
well as the SYS V version...The other aspect of UNIX security books
that has been sorely lacking was the "rest of UNIX" security. All the
other books had a very thin overview of "down and dirty" security, as
if they were afraid of giving out too much information...As soon as
this is out, I'm ordering copies for all my people, and extra copies
for the library at Apple.
Orders: 800-338-6887 (US & Canada)
707-829-0515 (Europe)
nuts@ora.com (e-mail)
Preliminary Table of Contents:
Preface
Scope of this Book
Which UNIX System?
Conventions Used in this Book
Acknowledgments
Three Final Notes
Chapter 1 Introduction
What's Computer Security?
What's an Operating System?
History of UNIX
Security and UNIX
Security and Networks
Types of Security
Risk Assessment
Assessing Your Risk
Reacting to an Emergency
Other Important Steps
The Problem with Security Through Obscurity
The First Step
Chapter 2 Users and Passwords
Usernames
The /etc/passwd File
The /etc/passwd File and Network Databases
Passwords
Why Use Passwords?
Entering Your Password
Changing Your Password
Checking Out Your New Password
UNIX'S Encrypted Password System
The crypt() Algorithm
What is Salt?
The Care and Feeding of Passwords
Bad Passwords: Open Doors
Good Passwords: Locked Doors
Passwords on Multiple Machines
Writing Down Passwords
Administrative Techniques
Assigning Passwords to Users
Password Generators
Shadow Password Files
Password Aging and Expiration
Algorithm Changes
Preventing Direct Logins to Accounts
Account Names Revisited
Summary
Chapter 3 Users, Groups, and the Superuser
Users and Groups
User Identifiers (UIDs)
Groups and Group Identifiers (GIDs)
Special Users
The Superuser
Other Special Users
Impact of the /etc/passwd and /etc/group Files on Security
The su(1) Command: Changing Who You Are
Becoming the Superuser
Restricting su
The Bad su Log
Other Uses of su
Summary
Chapter 4 The UNIX File System
Files
Using the ls(1) command
Understanding File Permissions
File Permissions in Detail
Using File Permissions
chmod: Changing a File's Permissions
Setting a File's Permissions
Calculating Octal File Permissions
Using Octal File Permissions
The umask
The umask command
Common umask Values
Using Directory Permissions
SUID
SUID, SGID, and Sticky Bits
Problems With SUID
Finding All of the SUID and SGID Files
Turning off SUID and SGID in Mounted File Systems
SGID and Sticky Bits on Directories
(Berkeley UNIX and Sun OS Only)
SGID Bit on Files (System V UNIX only)
chown: Changing a File's Owner
chgrp: Changing a File's Group
Chapter 5 Defending Your Accounts
Dangerous Accounts
Accounts Without Passwords
Default Accounts
Accounts That Run a Single Command
Open Accounts
Group Accounts
Dormant Accounts
Changing an Account's Password
Changing the Account's Login Shell
Finding Dormant Accounts
Protecting the Root Account Under Berkeley UNIX
Secure Terminals
The wheel Group
Chapter 6 Securing Your Data
File Backups
Why Make Backups?
What Should You Back up?
Kinds of Backups
How Long Should You Keep a Backup?
Security for Backups
Database Backups and Daily Checking
Integrity Checking and Checklists
Checklists
File Protection Modes
Read-Only Disks
Comparison Copies
Checklists
Signatures
Chapter 7 The UNIX Log Files
The /usr/adm/lastlog File
The /etc/utmp and /usr/adm/wtmp Files
Last Program
Pruning the wtmp File
The /usr/adm/acct File
The Berkeley System Log (syslog) Facility
The syslog.conf Configuration File
Where To Log
Chapter 8 Protecting Against Programmed Threats
Programmed Threats: Definitions
Back Doors and Trap Doors
Logic Bombs
Viruses
Worms
Trojan Horses
Bacteria and Rabbits
Damage
Authors
Entry
Protecting Yourself
Shell Features
Startup File Attacks
Abusing Automatic Mechanisms
Unexpected Interactions
Protecting Your System
File Protections
SUID and SGID Programs
Notes on Writing a SUID Program
SUID Shell Scripts
Chapter 9 Modems
Theory of Operation
Serial Interfaces
The RS-232 Serial Protocol
Originate and Answer
Modems and Security
Modems and UNIX
Hooking Up a Modem to Your Computer
Setting Up the UNIX Device
Checking Your Modem
Physical Protection
Additional Security for Modems
Chapter 10 UUCP
About UUCP
The uucp Command
The uux Command
The mail Command
How The uucp Commands Work
Versions of UUCP
UUCP and Security
Assigning Additional UUCP Logins
Establishing UUCP Passwords
Security of the L.sys and Systems Files
Security in Version 2 UUCP
USERFILE: Providing Remote File Access
A USERFILE Example
L.cmds: Providing Remote Command Execution
Security in BNU UUCP
The Permissions File
Permissions Commands
uucheck(1): Checking Your Permissions File
Additional Security Concerns
Mail Forwarding for UUCP
Automatic Execution of Cleanup Scripts
Early Security Problems with UUCP
Summary
Chapter 11 Networks and Security
The Internet
Internet Addresses
The /etc/hosts File
Network Hostname Service
Clients and Servers
TCP/IP
UDP/IP
UNIX Network Servers
The /etc/services File
Starting the Servers
The /etc/inetd Program
Network Services
TELNET
rlogin and rsh
rexec
finger
Electronic Mail
FTP
TFTP
The X Window System
Security Implications of Network Services
Monitoring Your Network with netstat
Summary
Chapter 12 Sun's NFS
NIS
Netgroups
Setting up Netgroups
NFS
How NFS Works
The /etc/exports File
The showmount Command
Authentication and NFS
Improving Basic NFS Security
Limiting Exported File Systems
Limit Exported Machines
Use Root Ownership
Export Read-only
Do Not Export Server Executables
The fsirand Program
Summary: Security Implications of NFS
Chapter 13 Kerberos and Secure RPC
The Problem
What's Wrong with LANs?
Minimizing the Problems
MIT's Kerberos
What's It Like to Use Kerberos?
How to Install Kerberos
What's Wrong with Kerberos?
Sun Microsystems' Secure RPC
How Secure RPC Works
What's It Like to Use Secure NFS?
How to Install Secure RPC
What's Wrong with Secure RPC?
Chapter 14 Firewall Machines
What's a Firewall?
Internal Firewalls
External Firewalls
Setting Up a Firewall
The Choke
Choosing the Choke's Protocols
Setting up the Gate
Name Service
Electronic Mail
Netnews
FTP
Other Services
An Alternate Method
Special Considerations
Chapter 15 Discovering a Break-in
Prelude
Discovering an Intruder
Catching One in the Act
What to Do When You Catch Somebody
Tracing a Connection
Getting Rid of the Intruder
The Log Files: Discovering an Intruder's Tracks
Cleaning Up After the Intruder
New Accounts
An Example
A Last Note: Never Trust Anything Except Hard Copy
Chapter 16 Denial of Service Attacks and Solutions
Destruction Attacks
Overload Attacks
Process Overload Attacks
Disk Attacks
Swap Space Attacks
Soft Process Limits: Preventing Accidental
Denial of Service
Network Denial of Service Attacks
Service Overloading
Message Flooding
Signal Grounding
Chapter 17 Computer Security and the U.S. Law
Legal Options After a Break-in
Criminal Prosecution
The Local Option
Federal Jurisdiction
Federal Computer Crime Laws
Hazards of Criminal Prosecution
If You or One of Your Employees is a
Target of an Investigation
Other Tips
Civil Actions
Privacy and The Electronic Communications Privacy Act
Chapter 18 Encryption
Who Needs Encryption?
Cryptographic Strength
Types of Encryption Systems
ROT13
crypt
Enigma
UNIX crypt
Ways of Improving the Security of crypt
Example
The Data Encryption Standard (DES)
DES Modes
Use and Export of DES
DES Strength
Sun's des command
RSA and Public Key Cryptography
How RSA Works
An RSA Example
Strength of RSA
Proprietary Encryption Systems
Protect Your Key!
Chapter 19 Physical Security
Protecting Computer Hardware
The Environment
Accidents
Physical Access
Vandalism
Acts of War and Terrorism
Theft
Related Concerns
Protecting Data
Eavesdropping
Backups
Local Storage
Unattended Terminals
Appendix A UNIX Security Checklist
Appendix B Important Files
System Files
Important Files in your Home Directory
SUID Files in Berkeley UNIX
SGID Files in Berkeley UNIX
SUID Files in System V R3.2 UNIX
SGID Files in System V UNIX
Appendix C UNIX Processes
Processes
Processes and Programs
The ps Command
Process Properties
Creating Processes
Signals
The kill Command
Starting Up UNIX and Logging In
Process #1: /etc/init
Letting Users Log In
Running the User's Shell
Appendix D How Kerberos Works
Kerberos's Parts
Using Kerberos
Using a Service
Appendix E Other Sources
References
General Computer Security
UNIX Security
Computer Viruses and Programmed Threats
Computer Crime and Law
Understanding the Computer Security 'Culture'
Understanding and Using Networks
Using and Programming UNIX
Security Products and Services Information
Miscellaneous References
Organizations
Association for Computing Machinery (ACM)
IEEE Computer Society
ASIS
Computer Security Institute (CSI)
NIST
Computer Emergency Response Team (CERT)
DOE's Computer Incident Advisory Capability (CIAC)
Software Resources
Getting Kerberos
Getting COPS