Ubuntu 10.04
Overview
•
•
•
•
•
Ubuntu Intro
Backdoor/Virus/Malware
Firewall
User and Group Security
Local Security Policy
Ubuntu Intro
Why learn Linux/Unix?
• The backbone of the internet and a large amount of
corporate networks are based on Linux/Unix
architecture.
• Lots of Legally free open-source software that can be
altered to fit individual needs.
• Use security tools only available on Linux systems.
• Many open-source tools actually work better on Linux
than their Windows counterparts. (Hydra, Nmap,
Hping, etc.)
• Cyber Patriot Competition.
• Because it’s fun!!
Ubuntu
• Ubuntu is a very user friendly Linux distribution.
It is available for free at
http://www.ubuntu.com/desktop/getubuntu/download
• Current desktop versions of Ubuntu can be
installed inside a Windows OS (as if it were just a
program). If installed in this way the system will
have to be rebooted to change between Oss, but
the Ubuntu partition can be uninstalled from the
Windows Add/Remove programs utility if it is no
longer needed.
Ubuntu
• Ubuntu can also be made into a live cd or USB
drive that can be used to learn and practice
with without ever installing the OS on the
actual hardware.
• The Ubuntu installer is easy to follow and
installation is relatively quick (< hour max).
• Ubuntu supports most hardware, however if
there is a complication a VM may be a better
option for running Ubuntu.
Malware and etc.
• ClamAV is an open source antivirus software
typically run on email servers.
• ClamAV can be configured to scan incoming
and outgoing files but it lacks the runtime
function as typically seen in windows.
• We just want to install and scan periodically
(or just right away for competition).
• ClamAV is command line but the ClamTK
package adds a GUI.
Installing ClamAV
Open Synaptic Package Manager
Type “clamav” into Quick Search.
Select “clamav” and “clamtk” packages
with dependencies
Click Apply and accept the next prompt.
Run Clam Virus Scan
Applications Accessories Virus Scanner
ClamAV Preferences
ClamAV Scan
• Scan using the “Scan” tab
• Full scan: Select a Directory [File System] (will
take a long time probably)
Ubuntu Firewalls
• Uncomplicated Firewall (UFW)
• Front end for IPTables (Default in Ubuntu)
• Cheat Sheet Commands
If prompted for password, use your password or
root
–
–
–
–
–
–
–
sudo ufw enable (enables)
sudo ufw [allow/deny][port number]
sudo ufw status
sudo ufw app list (installed profile apps)
sudo ufw app info [app name] (port proto)
sudo ufw [allow/deny][app name]?
sudo ufw logging on (enables logging)
Opening Terminal Through GUI
• Applications Accessories Terminal
Command Examples
User and Group Security
Command Cheat Sheet
• sudo adduser [username] (create user)
• sudo deluser [username] (delete user)
• sudo passwd –l [username] (lock account)
• sudo passwd –u [username] (unlock account)
• sudo addgroup [groupname] (create group)
• sudo delgroup [groupname] (delete group)
• sudo adduser [username] [groupname] (adds
user to a group)
User and Group Security Cont.
ls –ld /home/[username] (list permissions of user’s home file or other
directory [directorypath])
Permission
Action
chmod option
User
ls output
read
(view)
r or 4
owner
-rwx------
write
(edit)
w or 2
group
----rwx---
execute
(execute)
x or 1
other
-------rwx
Directories have directory permissions. The directory permissions
restrict different actions than with files or device nodes.
Permission
Action
chmod option
read
(view contents, i.e. ls command) r or 4
write
(create or remove files from dir)
w or 2
execute
(cd into directory)
x or 1
Permissions in Action
Using the example above we have the file "/etc/hosts"
which is owned by the user root and belongs to the root
group.
What are the permissions from the above /etc/hosts ls
output?
Changing Permissions (chmod)
• chmod with letters
• Usage: chmod {options}
[filename]
Options
Definition
u
owner
g
group
o
other
x
execute
w
write
r
read
+
add permission
-
remove permission
=
set permission
Changing Permissions (chmod)
• chmod with numbers
• Usage: chmod {options}
[filename]
• When using numbers and
multiple options the
numbers are added
together.
• Execute and read would
be 5 (1+4=5)
Options
Definition
#--
owner
-#-
group
--#
other
1
execute
2
write
4
read
Chmod Usage Example
Changing Ownership(chown)
• chown can be used to change the file ownership and
group of a file
• Usage: chown {options} [owner:group] [filename]
Option Flag
Explanation
--from=[currentowner:currentgroup]
changes owner and/or group of each file
only if its current owner and/or group
match those specified.
-R, --recursive
Operates on files and directories recursively
-v, --verbose
Output information for each file processed
--reference=[filename]
Use owner group of name file
chown example
Note: The use of “*” as a
wildcard character. This
allows multiple files to be
targeted with the same
command.
Recursive and Wildcards
If there is a problem with file ownership due to malware it may be necessary
to change the ownership back. The recursive and from= options will be
much more efficient when combine with a wildcard. Here’s an example:
sudo chown –v –R –from=roy:abusers user:user *
Notice that the command has the verbose and recursive flags on. The –
from=roy:abusers user:user * is searching for every file owned by the roy
account with group permissions set to the abusers group. This command
will then change the ownership to the user account and the user group. The
* character is a wildcard to check all files and the –R makes it check
recursively. If this command is launched from the base file system it will
check every file on the drive. This is extremely powerful but extremely
dangerous if the command is messed up in any way. Please make sure you
understand before using recursive wildcard chown commands. It should
also be noted that some directories will not allow you to launch this
command with sudo. In these cases the root account would have to be
unlocked and used. Make sure to re-lock the root account after.
Password Policy
sudo chage –l [username] - shows password policy
information for account specified
sudo chage [username] – change password policy for
specified account
Unfortunately, the default management for passwords is
done by account in regards to expiration, resets, etc.
There exist open-source alternatives for better password
policy management, but this will probably not be
required for the competition.
Password Policy
chage flags
Explanation
-E
Expiration date
-m
Minimum password reset
-M
Maximum password reset
-I
Inactivity period after
password expiration
-W
Number of days that it warns
of password expiration
Example
Password Policy
Changing the required
length, encryption
technique, and using
complexity rules are all
handled in the
/etc/pam.d/commonpassword file.
The line directly above
the highlighted text is
the original. The
highlighted has been
modified to set the
minimum password
length to 8 (ubuntu
10.04 is 6 by default).
The obscure rule toggles on some basic complexity requirements. And the “sha512”
determines the encryption type. MD5 is an option but sha512 is more secure.
Man Pages
• Manual Pages are available for most
commands and programs within the linux
environment. Simply type man [command or
program name] to bring up the manual pages.
• These pages describe proper use and options
for the command/program.
• Man Pages = Saving grace for Linux Newbies.
• Read them!!
Man Pages for the man Command
Yes, there is even a man pages for the man command.
Misc. Commands
• gksudo nautilus – opens gui directory browser
with escalated priviledges
• Ifconfig – works like ipconfig in windows
• ls – works like dir, lists contents of directory(-a
option to show hidden files)
• rm – delete file or folder(additional flags needed
for non-empty folders)
• cp – copies files from one location to another
• sudo – escalates priviledges
• man – allows manual to be seen for specified
command/application
• cd – changes the directory
Misc. Commands
• netstat – shows network status (-a flag shows
state of all sockets and routing table entries)
• top – list running processes with PID#
• kill – stops process based on process PID#
• locate – list files in database that match a
pattern (may need updatedb command)
• find – search for files in a directory hierarchy
References
• https://help.ubuntu.com/10.04/serverguide/C
/security.html