Unix security

This entry addrresses security on Unix-like operating systems it is mainly focused on the open source operating systems should be reasonably applicable to propriety unixes like solaris MacOSX AIX HPUX etc.

This entry is currently in a scratch pad form - has lots of bones but no meat - im working on it - feel free to join in.

Passowrds 1. Patching 2. Users and accounts 3. Services 4. File system security

crack, john the ripper, dict attacks, nemonic techniques shadow/master.passwd DES and MD5

delete old accounts su, sudo, wheel on bsd, /etc/securetty, ssh only, no root logins

source rpm based deb based freebsd ports and packages meta - apt, rhn, red carpet

add gentoo, slack, net + openbsd solaris + propriety (sco? who cares)

only run what is needed remove the rest (even better do this at install - only choose necessary packages)

Identify what services are running netstat -na lsof nmap

on *bsd sockstat -4

inetd xinetd

turning off unnecessary services

using chkconfig on rh using /etc/rc.conf and /usr/local/etc/rc.d on freebsd (mention /etc/rc.local)

rwe set-uid set-gid sticky

crypto layer 7 gpg/pgp layer 4 ssl/tsl/ssh/stunnel/smime layer 3 ipsec (pptp?)

sniffers + plaintext tcpdump, ethereal

attacks monkey in the middle land ping of death xmas DoS et al.

rootkits, kernel modules, chkrootkit exploit details, buffer overflows, local vs remote

banners smtp - spam sendmail - banners help header version etc. dns - reverse mapping dnssec