diff --git a/LDP/guide/docbook/Linux-Networking/NetROM.xml b/LDP/guide/docbook/Linux-Networking/NetROM.xml
deleted file mode 100644
index ee1b61b2..00000000
--- a/LDP/guide/docbook/Linux-Networking/NetROM.xml
+++ /dev/null
@@ -1,274 +0,0 @@
-
-
-NetROM
-
- This document describes how to setup the ax25-utilities package for
- Amateur Radio such that it makes Netrom Nodes for the Node program and
- the BBS software from John-Paul Roubelat, F6FBB. The DOS G8BPQ Switch
- makes a bbs node and many features, it was expected that the Linux
- ax25-utils would have a similar capability. This was not the case.
- Help came from John Ackerman, N8UR who put a message on the Linux-Ham
- SIG that he had done the BBS node and the info was on his web site!
- When the information was tried it didn't work properly but much was
- learned about the technique. Help from Tomi Manninen, OH2BNS did the
- trick. Nodes for the BBS and the Node and the DX Cluster were made and
- work fine.
-
- 1. Introduction
-
- It is possible, using just the ax25-util's to generate node listings
- for the Node application and the FBB BBS and the DXNet DX Cluster.
- This is done by changing the configuration files for Netrom and making
- a Netrom entry for each application. At present there is a kernel
- imposed limit of 4 Netrom entries. The new kernels are expected to
- drop this limit.
-
- Now users look for CRUCES:K5DI-4 and LCBBS:K5DI-3 and LCDX:K5DI-5 on
- the many nodes here in New Mexico, Texas and Arizona and are connected
- like magic. They no longer need to remember anything.
-
- 2. How to Begin
-
- Obtain and read the AX25-HOWTO:
-
- ftp:/sunsite.unc.edu/pub/Linux/docs/HOWTO/AX25-HOWTO/
-
- Using the AX25-HOWTO set up the normal Amateur Radio ax.25 and Netrom
- system and make certain it is operating properly. When the software
- "CALL" can be used to make either a ax25 or Netrom connection to a
- distant node, the system is ready to change to one using node listings
- like the BPQ Switch.
-
- 3. Some Details of the AX.25 Utilities
-
- Below is a list of all the applications and files that are needed to
- set up a working ax.25 system. The Applications are all in the
- /usr/sbin/ directory and the Configuration files are in the /etc/ax25/
- directory. Note: Kissattach is used only if you have TNC's in the Kiss
- Mode.
-
- · kissattach Application
- · call Application
- · ax25d Application
- · ax25d.conf Configuration file
- · axspawn Application
- · axspawn.conf Configuration file
- · axports Configuration file
-
- There are several names that a ax25-util user must invent. Since this
- paper uses the files of k5di, a listing of those names can be made.
-
- Name Call-sign Alias Other
-
- ax0 k5di-9 ax25 9600 baud
- ax1 k5di-10 ax25 1200 baud
- Netrom k5di-1 #CRUCE Real Netrom
- netnod k5di-4 CRUCES Node node-list
- netbbs k5di-3 LCBBS BBS node-list
- netdx k5di-5 LCDX DX-Cluster
-
- It's a good idea to make a list like this on paper before you start to
- change things. It is easy to put the wrong name in a control file.
-
- Kissattach is an application that connects the kernel to the TNC, sets
- the tcp/ip address up, sets the speed of the connection, and is given
- the serial port to use.
-
- Axports is a file that defines the name of the ax.25 ports and tells
- kissattach what call-sign, baud-rate and window size to use. Below is
- an example of a 2 TNC system.
-
- # /etc/ax25/axports
- # Be very careful with the speed setting. This is the speed in
- # bits/second that data passes from the computer to the TNC, and has
- # nothing to do with the radio baud rate!
- #
- # The format of this file is:
- #
- # name call-sign speed paclen window description
- #
- ax0 K5DI-9 9600 255 3 445.1 (9600 bps)
- ax1 K5DI-10 9600 255 1 145.07 (1200 bps)
-
- AX25D is the application that reads the ax25d.conf Configuration file
- and answers calls made to the system. Below is a sample ax25d.conf
- that has no Netrom defined. In fact all it will do is answer calls to
- k5di-9 and k5di-10. When it answers it starts the node application and
- logs the caller in.
-
- # /etc/ax25/ax25d.conf
- #
- # AX25D Configuration File.
- #
- # AX.25 ports begin with a '['.
- #
- [k5di-4 VIA ax0]
- default * * * * * 0 - root /usr/sbin/node node
- [k5di-4 VIA ax1]
- default * * * * * 0 - root /usr/sbin/node node
- #
-
- The next step is to get ax25d to answer a call to the alias CRUCES as
- well as the call-sign. This is easy to do and is shown below:
-
- # /etc/ax25/ax25d.conf
- #
- # AX25D Configuration File.
- #
- # AX.25 ports begin with a '['.
- #
- [CRUCES VIA ax0]
- default * * * * * 0 - root /usr/sbin/node node
- [k5di-4 VIA ax0]
- default * * * * * 0 - root /usr/sbin/node node
- [CRUCES VIA ax1]
- default * * * * * 0 - root /usr/sbin/node node
- [k5di-4 VIA ax1]
- default * * * * * 0 - root /usr/sbin/node node
- #
-
- If you have trouble, as root kill ax25d if it is running and then at
- the prompt type ax25d &. As ax25d loads the ax25d.conf file it will
- print out any errors it finds. This print out is very accurate and
- tells you which row in the file is wrong.
-
- A connect from any adjacent node to k5di-4 or CRUCES will connect to
- the k5di node. But Netrom is not transmitting a node listing for
- CRUCES or k5di-4. This is done by changing some Netrom Configuration
- files.
-
- 4. Setting Up Netrom
-
- Netrom has applications and files that control it's function and to
- achieve the G8BPQ look and function we must use these in ways never
- intended. Below is a list of these components of Netrom:
-
-
- · nrattach Application
- · netromd Application
- · nrports Configuration File
- · nrbroadcast Configuration File
-
- Nrattach is the application that works with the kernel and
- establishes the ports and tcp-ip used by Netrom. To use nrattach
- you place it in your startup file and the example looks like this:
-
- /usr/sbin/nrattach -i 44.30.2.5 netrom
- /usr/sbin/nrattach -i 44.30.2.5 netnod
-
- Nrattach gets some of it's information from a configuration file
- called nrports. This file is shown below:
-
- # /etc/ax25/nrports
- #
- # The format of this file is:
- #
- # name call-sign alias paclen description
- #
- netrom K5DI-1 #CRUCE 235 Switch
- netnod K5DI-4 CRUCES 235 Real Node
-
- There is no change to the nrbroadcast file so the remaining changes
- will be made to the ax25d.conf file. In this file you normally put the
- real netrom application called k5di-1, but since a call to k5di-1 or
- #CRUCE gets undesirable results, leave that entry out of ax25d.conf
- and a user will get just a "busy" when calling.
-
- Instead put in the netnod and that will allow ax25d to answer a call
- to CRUCES. This is shown in the example below:
-
- # /etc/ax25/ax25d.conf
- #
- # AX25D Configuration File.
- #
- # AX.25 ports begin with a '['.
- #
- [CRUCES VIA ax0]
- default * * * * * 0 - root /usr/sbin/node node
- [k5di-4 VIA ax0]
- default * * * * * 0 - root /usr/sbin/node node
- [CRUCES VIA ax1]
- default * * * * * 0 - root /usr/sbin/node node
- [k5di-4 VIA ax1]
- default * * * * * 0 - root /usr/sbin/node node
- #
- # NET/ROM ports begin with a '<'.
- #
-
- default * * * * * * - root /usr/sbin/node node
- #
-
- With these changes netrom node broadcasts will include the node
- K5DI-4:CRUCES and K5DI-1:#CRUCE. By testing it was determined that a
- call from any node to k5di-1 or #CRUCE got a busy, and a call to
- k5di-4 or CRUCES connected to the node on this system.
-
- 5. Setting Up FBB and DXNet:
-
- The FBB packet BBS and DXNet Linux software are written to answer
- calls to a call-sign defined in the configuration files. In these
- examples the FBB call-sign is k5di-3 and the DXNet is k5di-5.
-
- Since calls to k5di-3 and k5di-5 are answered by other software, ax25d
- is not used and these calls should NEVER be found in a ax25d.conf
- file. But the nrports file needs to have the information added and 2
- more nrattach lines are added to the start file. The nrattach lines (4
- each) and the file "nrports" are shown below:
-
- /usr/sbin/nrattach -i 44.30.2.5 netrom
- /usr/sbin/nrattach -i 44.30.2.5 netbbs
- /usr/sbin/nrattach -i 44.30.2.5 netnod
- /usr/sbin/nrattach -i 44.30.2.5 netdx
-
- # /etc/ax25/nrports
- #
- # The format of this file is:
- #
- # name call-sign alias paclen description
- #
- netrom K5DI-1 #CRUCE 235 Switch
- netnod K5DI-4 CRUCES 235 Real Node
- netbbs K5DI-3 LCBBS 235 FBB BBS
- netdx K5DI-5 LCDX 235 DXNet DX Cluster
-
- These changes will make the node listings wanted but a call to LCBBS
- will not work yet. Recall that FBB answers a call to k5di-3 but not
- the alias. To achieve this a change to the
- /usr/local/fbb/system/port.sys file is required. Before these changes
- port.sys had a listing for the name "netrom". With these changes
- replace "netrom" with "netbbs". That section of port.sys is shown
- below:
-
- #TNC NbCh Com MultCh Pacln Maxfr NbFwd MxBloc M/P-Fwd Mode Freq
- 0 0 0 0 0 0 0 0 00/01 ---- File-fwd.
- 1 8 1 ax0 250 4 1 10 30/60 XUWY UHF port
- 2 2 1 ax1 250 4 1 10 00/60 XUWY VHF port
- 3 6 1 netbbs 250 4 4 10 30/60 XUWY BPQ look
- 4 8 2 0 250 5 4 1000 5/15 TUWY Telnet
- #
-
- A similar change is made to the "dxnet.cfg" file where netrom is
- replaced with netdx. When these changes are made and a few hours have
- passed to let Netrom send node lists, any nearby node will have nodes
- listed to your Netrom for CRUCES and LCBBS and LCDX, and they will all
- work just as they do when using the G8BPQ Switch under DOS.
-
- To configure the kernel for support of the NetROM protocol please
- enable the following option, NetRom ( AF_NETROM )
- NetRom device names are `nr0', `nr1', etc.
-
-
-
- Kernel Compile Options:
-
-
- Networking options --->
- [*] Amateur Radio AX.25 Level 2
- [*] Amateur Radio NET/ROM
-
-
-
- Most of the work for implementation of these protocols has been done
- by Jonathon Naylor, jsn@cs.nott.ac.uk.
-
-
diff --git a/LDP/guide/docbook/Linux-Networking/Rose.xml b/LDP/guide/docbook/Linux-Networking/Rose.xml
deleted file mode 100644
index 153be5c1..00000000
--- a/LDP/guide/docbook/Linux-Networking/Rose.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-
-
-Rose
-
-
-The AX25, Netrom and Rose protocols are covered by the AX25-HOWTO.
-These protocols are used by Amateur Radio Operators world wide in
-packet radio experimentation. Most of the work for implementation
-of these protocols has been done by Jonathon Naylor,
-jsn@cs.nott.ac.uk.
-
-
-
-Rose device names are `rs0', `rs1', etc. in 2.1.* kernels. Rose is
-available in the 2.1.* kernels.
-
-
-
-
- Kernel Compile Options:
-
-
- Networking options --->
- [*] Amateur Radio AX.25 Level 2
- <*> Amateur Radio X.25 PLP (Rose)
-
-
-
-
diff --git a/LDP/guide/docbook/Linux-Networking/Security.xml b/LDP/guide/docbook/Linux-Networking/Security.xml
deleted file mode 100644
index 6fc271c2..00000000
--- a/LDP/guide/docbook/Linux-Networking/Security.xml
+++ /dev/null
@@ -1,23551 +0,0 @@
-Linux Security HOWTO
-
-Kevin Fenzi
-
-tummy.com, ltd.
-
-
-
-Dave Wreski
-
-linuxsecurity.com
-
-
-
-v2.3, 22 January 2004
-
-
- This document is a general overview of security issues that face the
-administrator of Linux systems. It covers general security philosophy and a
-number of specific examples of how to better secure your Linux system from
-intruders. Also included are pointers to security-related material and
-programs. Improvements, constructive criticism, additions and corrections are
-gratefully accepted. Please mail your feedback to both authors, with
-"Security HOWTO" in the subject.
-
------------------------------------------------------------------------------
-Table of Contents
-1. Introduction
- 1.1. New Versions of this Document
- 1.2. Feedback
- 1.3. Disclaimer
- 1.4. Copyright Information
-
-
-2. Overview
- 2.1. Why Do We Need Security?
- 2.2. How Secure Is Secure?
- 2.3. What Are You Trying to Protect?
- 2.4. Developing A Security Policy
- 2.5. Means of Securing Your Site
- 2.6. Organization of This Document
-
-
-3. Physical Security
- 3.1. Computer locks
- 3.2. BIOS Security
- 3.3. Boot Loader Security
- 3.4. xlock and vlock
- 3.5. Security of local devices
- 3.6. Detecting Physical Security Compromises
-
-
-4. Local Security
- 4.1. Creating New Accounts
- 4.2. Root Security
-
-
-5. Files and File system Security
- 5.1. Umask Settings
- 5.2. File Permissions
- 5.3. Integrity Checking
- 5.4. Trojan Horses
-
-
-6. Password Security and Encryption
- 6.1. PGP and Public-Key Cryptography
- 6.2. SSL, S-HTTP and S/MIME
- 6.3. Linux IPSEC Implementations
- 6.4. ssh (Secure Shell) and stelnet
- 6.5. PAM - Pluggable Authentication Modules
- 6.6. Cryptographic IP Encapsulation (CIPE)
- 6.7. Kerberos
- 6.8. Shadow Passwords.
- 6.9. "Crack" and "John the Ripper"
- 6.10. CFS - Cryptographic File System and TCFS - Transparent
- Cryptographic File System
- 6.11. X11, SVGA and display security
-
-
-7. Kernel Security
- 7.1. 2.0 Kernel Compile Options
- 7.2. 2.2 Kernel Compile Options
- 7.3. Kernel Devices
-
-
-8. Network Security
- 8.1. Packet Sniffers
- 8.2. System services and tcp_wrappers
- 8.3. Verify Your DNS Information
- 8.4. identd
- 8.5. Configuring and Securing the Postfix MTA
- 8.6. SATAN, ISS, and Other Network Scanners
- 8.7. sendmail, qmail and MTA's
- 8.8. Denial of Service Attacks
- 8.9. NFS (Network File System) Security.
- 8.10. NIS (Network Information Service) (formerly YP).
- 8.11. Firewalls
- 8.12. IP Chains - Linux Kernel 2.2.x Firewalling
- 8.13. Netfilter - Linux Kernel 2.4.x Firewalling
- 8.14. VPNs - Virtual Private Networks
-
-
-9. Security Preparation (before you go on-line)
- 9.1. Make a Full Backup of Your Machine
- 9.2. Choosing a Good Backup Schedule
- 9.3. Testing your backups
- 9.4. Backup Your RPM or Debian File Database
- 9.5. Keep Track of Your System Accounting Data
- 9.6. Apply All New System Updates.
-
-
-10. What To Do During and After a Breakin
- 10.1. Security Compromise Underway.
- 10.2. Security Compromise has already happened
-
-
-11. Security Sources
- 11.1. LinuxSecurity.com References
- 11.2. FTP Sites
- 11.3. Web Sites
- 11.4. Mailing Lists
- 11.5. Books - Printed Reading Material
-
-
-12. Glossary
-13. Frequently Asked Questions
-14. Conclusion
-15. Acknowledgments
-
-1. Introduction
-
- This document covers some of the main issues that affect Linux security.
-General philosophy and net-born resources are discussed.
-
- A number of other HOWTO documents overlap with security issues, and those
-documents have been pointed to wherever appropriate.
-
- This document is not meant to be a up-to-date exploits document. Large
-numbers of new exploits happen all the time. This document will tell you
-where to look for such up-to-date information, and will give some general
-methods to prevent such exploits from taking place.
------------------------------------------------------------------------------
-
-1.1. New Versions of this Document
-
- New versions of this document will be periodically posted to
-comp.os.linux.answers. They will also be added to the various sites that
-archive such information, including:
-
- [http://www.linuxdoc.org/] http://www.linuxdoc.org/
-
- The very latest version of this document should also be available in various
-formats from:
-
-
-
- * [http://scrye.com/~kevin/lsh/] http://scrye.com/~kevin/lsh/
-
- * [http://www.linuxsecurity.com/docs/Security-HOWTO] http://
- www.linuxsecurity.com/docs/Security-HOWTO
-
- * [http://www.tummy.com/security-howto] http://www.tummy.com/
- security-howto
-
-
------------------------------------------------------------------------------
-1.2. Feedback
-
- All comments, error reports, additional information and criticism of all
-sorts should be directed to:
-
- [mailto:kevin-securityhowto@tummy.com] kevin-securityhowto@tummy.com
-
- and
-
- [mailto:dave@linuxsecurity.com] dave@linuxsecurity.com
-
- Note: Please send your feedback to both authors. Also, be sure and include
-"Linux" "security", or "HOWTO" in your subject to avoid Kevin's spam filter.
------------------------------------------------------------------------------
-
-1.3. Disclaimer
-
- No liability for the contents of this document can be accepted. Use the
-concepts, examples and other content at your own risk. Additionally, this is
-an early version, possibly with many inaccuracies or errors.
-
- A number of the examples and descriptions use the RedHat(tm) package layout
-and system setup. Your mileage may vary.
-
- As far as we know, only programs that, under certain terms may be used or
-evaluated for personal purposes will be described. Most of the programs will
-be available, complete with source, under [http://www.gnu.org/copyleft/
-gpl.html] GNU terms.
------------------------------------------------------------------------------
-
-1.4. Copyright Information
-
- This document is copyrighted (c)1998-2000 Kevin Fenzi and Dave Wreski, and
-distributed under the following terms:
-
-
-
- * Linux HOWTO documents may be reproduced and distributed in whole or in
- part, in any medium, physical or electronic, as long as this copyright
- notice is retained on all copies. Commercial redistribution is allowed
- and encouraged; however, the authors would like to be notified of any
- such distributions.
-
- * All translations, derivative works, or aggregate works incorporating
- any Linux HOWTO documents must be covered under this copyright notice.
- That is, you may not produce a derivative work from a HOWTO and impose
- additional restrictions on its distribution. Exceptions to these rules
- may be granted under certain conditions; please contact the Linux HOWTO
- coordinator at the address given below.
-
- * If you have questions, please contact Tim Bynum, the Linux HOWTO
- coordinator, at
-
-
- [mailto:tjbynum@metalab.unc.edu] tjbynum@metalab.unc.edu
------------------------------------------------------------------------------
-
-2. Overview
-
- This document will attempt to explain some procedures and commonly-used
-software to help your Linux system be more secure. It is important to discuss
-some of the basic concepts first, and create a security foundation, before we
-get started.
------------------------------------------------------------------------------
-
-2.1. Why Do We Need Security?
-
- In the ever-changing world of global data communications, inexpensive
-Internet connections, and fast-paced software development, security is
-becoming more and more of an issue. Security is now a basic requirement
-because global computing is inherently insecure. As your data goes from point
-A to point B on the Internet, for example, it may pass through several other
-points along the way, giving other users the opportunity to intercept, and
-even alter, it. Even other users on your system may maliciously transform
-your data into something you did not intend. Unauthorized access to your
-system may be obtained by intruders, also known as "crackers", who then use
-advanced knowledge to impersonate you, steal information from you, or even
-deny you access to your own resources. If you're wondering what the
-difference is between a "Hacker" and a "Cracker", see Eric Raymond's
-document, "How to Become A Hacker", available at [http://www.catb.org/~esr/
-faqs/hacker-howto.html] http://www.catb.org/~esr/faqs/hacker-howto.html.
------------------------------------------------------------------------------
-
-2.2. How Secure Is Secure?
-
- First, keep in mind that no computer system can ever be completely secure.
-All you can do is make it increasingly difficult for someone to compromise
-your system. For the average home Linux user, not much is required to keep
-the casual cracker at bay. However, for high-profile Linux users (banks,
-telecommunications companies, etc), much more work is required.
-
- Another factor to take into account is that the more secure your system is,
-the more intrusive your security becomes. You need to decide where in this
-balancing act your system will still be usable, and yet secure for your
-purposes. For instance, you could require everyone dialing into your system
-to use a call-back modem to call them back at their home number. This is more
-secure, but if someone is not at home, it makes it difficult for them to
-login. You could also setup your Linux system with no network or connection
-to the Internet, but this limits its usefulness.
-
- If you are a medium to large-sized site, you should establish a security
-policy stating how much security is required by your site and what auditing
-is in place to check it. You can find a well-known security policy example at
-[http://www.faqs.org/rfcs/rfc2196.html] http://www.faqs.org/rfcs/
-rfc2196.html. It has been recently updated, and contains a great framework
-for establishing a security policy for your company.
------------------------------------------------------------------------------
-
-2.3. What Are You Trying to Protect?
-
- Before you attempt to secure your system, you should determine what level of
-threat you have to protect against, what risks you should or should not take,
-and how vulnerable your system is as a result. You should analyze your system
-to know what you're protecting, why you're protecting it, what value it has,
-and who has responsibility for your data and other assets.
-
-
-
- * Risk is the possibility that an intruder may be successful in attempting
- to access your computer. Can an intruder read or write files, or execute
- programs that could cause damage? Can they delete critical data? Can they
- prevent you or your company from getting important work done? Don't
- forget: someone gaining access to your account, or your system, can also
- impersonate you.
-
- Additionally, having one insecure account on your system can result in
- your entire network being compromised. If you allow a single user to
- login using a .rhosts file, or to use an insecure service such as tftp,
- you risk an intruder getting 'his foot in the door'. Once the intruder
- has a user account on your system, or someone else's system, it can be
- used to gain access to another system, or another account.
-
- * Threat is typically from someone with motivation to gain unauthorized
- access to your network or computer. You must decide whom you trust to
- have access to your system, and what threat they could pose.
-
- There are several types of intruders, and it is useful to keep their
- different characteristics in mind as you are securing your systems.
-
- + The Curious - This type of intruder is basically interested in
- finding out what type of system and data you have.
-
- + The Malicious - This type of intruder is out to either bring down
- your systems, or deface your web page, or otherwise force you to
- spend time and money recovering from the damage he has caused.
-
- + The High-Profile Intruder - This type of intruder is trying to use
- your system to gain popularity and infamy. He might use your
- high-profile system to advertise his abilities.
-
- + The Competition - This type of intruder is interested in what data
- you have on your system. It might be someone who thinks you have
- something that could benefit him, financially or otherwise.
-
- + The Borrowers - This type of intruder is interested in setting up
- shop on your system and using its resources for their own purposes.
- He typically will run chat or irc servers, porn archive sites, or
- even DNS servers.
-
- + The Leapfrogger - This type of intruder is only interested in your
- system to use it to get into other systems. If your system is
- well-connected or a gateway to a number of internal hosts, you may
- well see this type trying to compromise your system.
-
-
- * Vulnerability describes how well-protected your computer is from another
- network, and the potential for someone to gain unauthorized access.
-
- What's at stake if someone breaks into your system? Of course the
- concerns of a dynamic PPP home user will be different from those of a
- company connecting their machine to the Internet, or another large
- network.
-
- How much time would it take to retrieve/recreate any data that was lost?
- An initial time investment now can save ten times more time later if you
- have to recreate data that was lost. Have you checked your backup
- strategy, and verified your data lately?
-
-
------------------------------------------------------------------------------
-2.4. Developing A Security Policy
-
- Create a simple, generic policy for your system that your users can readily
-understand and follow. It should protect the data you're safeguarding as well
-as the privacy of the users. Some things to consider adding are: who has
-access to the system (Can my friend use my account?), who's allowed to
-install software on the system, who owns what data, disaster recovery, and
-appropriate use of the system.
-
- A generally-accepted security policy starts with the phrase
-
- " That which is not permitted is prohibited"
-
- This means that unless you grant access to a service for a user, that user
-shouldn't be using that service until you do grant access. Make sure the
-policies work on your regular user account. Saying, "Ah, I can't figure out
-this permissions problem, I'll just do it as root" can lead to security holes
-that are very obvious, and even ones that haven't been exploited yet.
-
- [ftp://www.faqs.org/rfcs/rfc1244.html] rfc1244 is a document that describes
-how to create your own network security policy.
-
- [ftp://www.faqs.org/rfcs/rfc1281.html] rfc1281 is a document that shows an
-example security policy with detailed descriptions of each step.
-
- Finally, you might want to look at the COAST policy archive at [ftp://
-coast.cs.purdue.edu/pub/doc/policy] ftp://coast.cs.purdue.edu/pub/doc/policy
-to see what some real-life security policies look like.
------------------------------------------------------------------------------
-
-2.5. Means of Securing Your Site
-
- This document will discuss various means with which you can secure the
-assets you have worked hard for: your local machine, your data, your users,
-your network, even your reputation. What would happen to your reputation if
-an intruder deleted some of your users' data? Or defaced your web site? Or
-published your company's corporate project plan for next quarter? If you are
-planning a network installation, there are many factors you must take into
-account before adding a single machine to your network.
-
- Even if you have a single dial up PPP account, or just a small site, this
-does not mean intruders won't be interested in your systems. Large,
-high-profile sites are not the only targets -- many intruders simply want to
-exploit as many sites as possible, regardless of their size. Additionally,
-they may use a security hole in your site to gain access to other sites
-you're connected to.
-
- Intruders have a lot of time on their hands, and can avoid guessing how
-you've obscured your system just by trying all the possibilities. There are
-also a number of reasons an intruder may be interested in your systems, which
-we will discuss later.
------------------------------------------------------------------------------
-
-2.5.1. Host Security
-
- Perhaps the area of security on which administrators concentrate most is
-host-based security. This typically involves making sure your own system is
-secure, and hoping everyone else on your network does the same. Choosing good
-passwords, securing your host's local network services, keeping good
-accounting records, and upgrading programs with known security exploits are
-among the things the local security administrator is responsible for doing.
-Although this is absolutely necessary, it can become a daunting task once
-your network becomes larger than a few machines.
------------------------------------------------------------------------------
-
-2.5.2. Local Network Security
-
- Network security is as necessary as local host security. With hundreds,
-thousands, or more computers on the same network, you can't rely on each one
-of those systems being secure. Ensuring that only authorized users can use
-your network, building firewalls, using strong encryption, and ensuring there
-are no "rogue" (that is, unsecured) machines on your network are all part of
-the network security administrator's duties.
-
- This document will discuss some of the techniques used to secure your site,
-and hopefully show you some of the ways to prevent an intruder from gaining
-access to what you are trying to protect.
------------------------------------------------------------------------------
-
-2.5.3. Security Through Obscurity
-
- One type of security that must be discussed is "security through obscurity".
-This means, for example, moving a service that has known security
-vulnerabilities to a non-standard port in hopes that attackers won't notice
-it's there and thus won't exploit it. Rest assured that they can determine
-that it's there and will exploit it. Security through obscurity is no
-security at all. Simply because you may have a small site, or a relatively
-low profile, does not mean an intruder won't be interested in what you have.
-We'll discuss what you're protecting in the next sections.
------------------------------------------------------------------------------
-
-2.6. Organization of This Document
-
- This document has been divided into a number of sections. They cover several
-broad security issues. The first, Section 3, covers how you need to protect
-your physical machine from tampering. The second, Section 4, describes how to
-protect your system from tampering by local users. The third, Section 5,
-shows you how to setup your file systems and permissions on your files. The
-next, Section 6, discusses how to use encryption to better secure your
-machine and network. Section 7 discusses what kernel options you should set
-or be aware of for a more secure system. Section 8, describes how to better
-secure your Linux system from network attacks. Section 9, discusses how to
-prepare your machine(s) before bringing them on-line. Next, Section 10,
-discusses what to do when you detect a system compromise in progress or
-detect one that has recently happened. In Section 11, some primary security
-resources are enumerated. The Q and A section Section 13, answers some
-frequently-asked questions, and finally a conclusion in Section 14
-
- The two main points to realize when reading this document are:
-
-
-
- * Be aware of your system. Check system logs such as /var/log/messages and
- keep an eye on your system, and
-
- * Keep your system up-to-date by making sure you have installed the
- current versions of software and have upgraded per security alerts. Just
- doing this will help make your system markedly more secure.
-
-
------------------------------------------------------------------------------
-3. Physical Security
-
- The first layer of security you need to take into account is the physical
-security of your computer systems. Who has direct physical access to your
-machine? Should they? Can you protect your machine from their tampering?
-Should you?
-
- How much physical security you need on your system is very dependent on your
-situation, and/or budget.
-
- If you are a home user, you probably don't need a lot (although you might
-need to protect your machine from tampering by children or annoying
-relatives). If you are in a lab, you need considerably more, but users will
-still need to be able to get work done on the machines. Many of the following
-sections will help out. If you are in an office, you may or may not need to
-secure your machine off-hours or while you are away. At some companies,
-leaving your console unsecured is a termination offense.
-
- Obvious physical security methods such as locks on doors, cables, locked
-cabinets, and video surveillance are all good ideas, but beyond the scope of
-this document. :)
------------------------------------------------------------------------------
-
-3.1. Computer locks
-
- Many modern PC cases include a "locking" feature. Usually this will be a
-socket on the front of the case that allows you to turn an included key to a
-locked or unlocked position. Case locks can help prevent someone from
-stealing your PC, or opening up the case and directly manipulating/stealing
-your hardware. They can also sometimes prevent someone from rebooting your
-computer from their own floppy or other hardware.
-
- These case locks do different things according to the support in the
-motherboard and how the case is constructed. On many PC's they make it so you
-have to break the case to get the case open. On some others, they will not
-let you plug in new keyboards or mice. Check your motherboard or case
-instructions for more information. This can sometimes be a very useful
-feature, even though the locks are usually very low-quality and can easily be
-defeated by attackers with locksmithing.
-
- Some machines (most notably SPARC's and macs) have a dongle on the back
-that, if you put a cable through, attackers would have to cut the cable or
-break the case to get into it. Just putting a padlock or combo lock through
-these can be a good deterrent to someone stealing your machine.
------------------------------------------------------------------------------
-
-3.2. BIOS Security
-
- The BIOS is the lowest level of software that configures or manipulates your
-x86-based hardware. LILO and other Linux boot methods access the BIOS to
-determine how to boot up your Linux machine. Other hardware that Linux runs
-on has similar software (Open Firmware on Macs and new Suns, Sun boot PROM,
-etc...). You can use your BIOS to prevent attackers from rebooting your
-machine and manipulating your Linux system.
-
- Many PC BIOSs let you set a boot password. This doesn't provide all that
-much security (the BIOS can be reset, or removed if someone can get into the
-case), but might be a good deterrent (i.e. it will take time and leave traces
-of tampering). Similarly, on S/Linux (Linux for SPARC(tm) processor
-machines), your EEPROM can be set to require a boot-up password. This might
-slow attackers down.
-
- Another risk of trusting BIOS passwords to secure your system is the default
-password problem. Most BIOS makers don't expect people to open up their
-computer and disconnect batteries if they forget their password and have
-equipped their BIOSes with default passwords that work regardless of your
-chosen password. Some of the more common passwords include:
-
- j262 AWARD_SW AWARD_PW lkwpeter Biostar AMI Award bios BIOS setup cmos AMI!
-SW1 AMI?SW1 password hewittrand shift + s y x z
-
- I tested an Award BIOS and AWARD_PW worked. These passwords are quite easily
-available from manufacturers' websites and [http://astalavista.box.sk] http:/
-/astalavista.box.sk and as such a BIOS password cannot be considered adequate
-protection from a knowledgeable attacker.
-
- Many x86 BIOSs also allow you to specify various other good security
-settings. Check your BIOS manual or look at it the next time you boot up. For
-example, some BIOSs disallow booting from floppy drives and some require
-passwords to access some BIOS features.
-
- Note: If you have a server machine, and you set up a boot password, your
-machine will not boot up unattended. Keep in mind that you will need to come
-in and supply the password in the event of a power failure. ;(
------------------------------------------------------------------------------
-
-3.3. Boot Loader Security
-
- The various Linux boot loaders also can have a boot password set. LILO, for
-example, has password and restricted settings; password requires password at
-boot time, whereas restricted requires a boot-time password only if you
-specify options (such as single) at the LILO prompt.
-
- >From the lilo.conf man page:
-password=password
- The per-image option `password=...' (see below) applies to all images.
-
-restricted
- The per-image option `restricted' (see below) applies to all images.
-
- password=password
- Protect the image by a password.
-
- restricted
- A password is only required to boot the image if
- parameters are specified on the command line
- (e.g. single).
-
- Keep in mind when setting all these passwords that you need to remember
-them. :) Also remember that these passwords will merely slow the determined
-attacker. They won't prevent someone from booting from a floppy, and mounting
-your root partition. If you are using security in conjunction with a boot
-loader, you might as well disable booting from a floppy in your computer's
-BIOS, and password-protect the BIOS.
-
- Also keep in mind that the /etc/lilo.conf will need to be mode "600"
-(readable and writing for root only), or others will be able to read your
-passwords!
-
- >From the GRUB info page: GRUB provides "password" feature, so that only
-administrators can start the interactive operations (i.e. editing menu
-entries and entering the command-line interface). To use this feature, you
-need to run the command `password' in your configuration file (*note
-password::), like this:
-
- password --md5 PASSWORD
-
- If this is specified, GRUB disallows any interactive control, until you
-press the key
and enter a correct password. The option `--md5' tells GRUB
-that `PASSWORD' is in MD5 format. If it is omitted, GRUB assumes the
-`PASSWORD' is in clear text.
-
- You can encrypt your password with the command `md5crypt' (*note
-md5crypt::). For example, run the grub shell (*note Invoking the grub
-shell::), and enter your password:
-
- grub> md5crypt Password: ********** Encrypted: $1$U$JK7xFegdxWH6VuppCUSIb.
-
- Then, cut and paste the encrypted password to your configuration file.
-
- Grub also has a 'lock' command that will allow you to lock a partition if
-you don't provide the correct password. Simply add 'lock' and the partition
-will not be accessable until the user supplies a password.
-
- If anyone has security-related information from a different boot loader, we
-would love to hear it. (grub, silo, milo, linload, etc).
-
- Note: If you have a server machine, and you set up a boot password, your
-machine will not boot up unattended. Keep in mind that you will need to come
-in and supply the password in the event of a power failure. ;(
------------------------------------------------------------------------------
-
-3.4. xlock and vlock
-
- If you wander away from your machine from time to time, it is nice to be
-able to "lock" your console so that no one can tamper with, or look at, your
-work. Two programs that do this are: xlock and vlock.
-
- xlock is a X display locker. It should be included in any Linux
-distributions that support X. Check out the man page for it for more options,
-but in general you can run xlock from any xterm on your console and it will
-lock the display and require your password to unlock.
-
- vlock is a simple little program that allows you to lock some or all of the
-virtual consoles on your Linux box. You can lock just the one you are working
-in or all of them. If you just lock one, others can come in and use the
-console; they will just not be able to use your virtual console until you
-unlock it. vlock ships with RedHat Linux, but your mileage may vary.
-
- Of course locking your console will prevent someone from tampering with your
-work, but won't prevent them from rebooting your machine or otherwise
-disrupting your work. It also does not prevent them from accessing your
-machine from another machine on the network and causing problems.
-
- More importantly, it does not prevent someone from switching out of the X
-Window System entirely, and going to a normal virtual console login prompt,
-or to the VC that X11 was started from, and suspending it, thus obtaining
-your privileges. For this reason, you might consider only using it while
-under control of xdm.
------------------------------------------------------------------------------
-
-3.5. Security of local devices
-
- If you have a webcam or a microphone attached to your system, you should
-consider if there is some danger of a attacker gaining access to those
-devices. When not in use, unplugging or removing such devices might be an
-option. Otherwise you should carefully read and look at any software with
-provides access to such devices.
------------------------------------------------------------------------------
-
-3.6. Detecting Physical Security Compromises
-
- The first thing to always note is when your machine was rebooted. Since
-Linux is a robust and stable OS, the only times your machine should reboot is
-when you take it down for OS upgrades, hardware swapping, or the like. If
-your machine has rebooted without you doing it, that may be a sign that an
-intruder has compromised it. Many of the ways that your machine can be
-compromised require the intruder to reboot or power off your machine.
-
- Check for signs of tampering on the case and computer area. Although many
-intruders clean traces of their presence out of logs, it's a good idea to
-check through them all and note any discrepancy.
-
- It is also a good idea to store log data at a secure location, such as a
-dedicated log server within your well-protected network. Once a machine has
-been compromised, log data becomes of little use as it most likely has also
-been modified by the intruder.
-
- The syslog daemon can be configured to automatically send log data to a
-central syslog server, but this is typically sent unencrypted, allowing an
-intruder to view data as it is being transferred. This may reveal information
-about your network that is not intended to be public. There are syslog
-daemons available that encrypt the data as it is being sent.
-
- Also be aware that faking syslog messages is easy -- with an exploit program
-having been published. Syslog even accepts net log entries claiming to come
-from the local host without indicating their true origin.
-
- Some things to check for in your logs:
-
- * Short or incomplete logs.
-
- * Logs containing strange timestamps.
-
- * Logs with incorrect permissions or ownership.
-
- * Records of reboots or restarting of services.
-
- * missing logs.
-
- * su entries or logins from strange places.
-
-
- We will discuss system log data Section 9.5 in the HOWTO.
------------------------------------------------------------------------------
-
-4. Local Security
-
- The next thing to take a look at is the security in your system against
-attacks from local users. Did we just say local users? Yes!
-
- Getting access to a local user account is one of the first things that
-system intruders attempt while on their way to exploiting the root account.
-With lax local security, they can then "upgrade" their normal user access to
-root access using a variety of bugs and poorly setup local services. If you
-make sure your local security is tight, then the intruder will have another
-hurdle to jump.
-
- Local users can also cause a lot of havoc with your system even (especially)
-if they really are who they say they are. Providing accounts to people you
-don't know or for whom you have no contact information is a very bad idea.
------------------------------------------------------------------------------
-
-4.1. Creating New Accounts
-
- You should make sure you provide user accounts with only the minimal
-requirements for the task they need to do. If you provide your son (age 10)
-with an account, you might want him to only have access to a word processor
-or drawing program, but be unable to delete data that is not his.
-
- Several good rules of thumb when allowing other people legitimate access to
-your Linux machine:
-
-
-
- * Give them the minimal amount of privileges they need.
-
- * Be aware when/where they login from, or should be logging in from.
-
- * Make sure you remove inactive accounts, which you can determine by using
- the 'last' command and/or checking log files for any activity by the
- user.
-
- * The use of the same userid on all computers and networks is advisable to
- ease account maintenance, and permits easier analysis of log data.
-
- * The creation of group user-id's should be absolutely prohibited. User
- accounts also provide accountability, and this is not possible with group
- accounts.
-
-
- Many local user accounts that are used in security compromises have not been
-used in months or years. Since no one is using them they, provide the ideal
-attack vehicle.
------------------------------------------------------------------------------
-
-4.2. Root Security
-
- The most sought-after account on your machine is the root (superuser)
-account. This account has authority over the entire machine, which may also
-include authority over other machines on the network. Remember that you
-should only use the root account for very short, specific tasks, and should
-mostly run as a normal user. Even small mistakes made while logged in as the
-root user can cause problems. The less time you are on with root privileges,
-the safer you will be.
-
- Several tricks to avoid messing up your own box as root:
-
- * When doing some complex command, try running it first in a
- non-destructive way...especially commands that use globing: e.g., if you
- want to do rm foo*.bak, first do ls foo*.bak and make sure you are going
- to delete the files you think you are. Using echo in place of destructive
- commands also sometimes works.
-
- * Provide your users with a default alias to the rm command to ask for
- confirmation for deletion of files.
-
- * Only become root to do single specific tasks. If you find yourself
- trying to figure out how to do something, go back to a normal user shell
- until you are sure what needs to be done by root.
-
- * The command path for the root user is very important. The command path
- (that is, the PATH environment variable) specifies the directories in
- which the shell searches for programs. Try to limit the command path for
- the root user as much as possible, and never include . (which means "the
- current directory") in your PATH. Additionally, never have writable
- directories in your search path, as this can allow attackers to modify or
- place new binaries in your search path, allowing them to run as root the
- next time you run that command.
-
- * Never use the rlogin/rsh/rexec suite of tools (called the r-utilities)
- as root. They are subject to many sorts of attacks, and are downright
- dangerous when run as root. Never create a .rhosts file for root.
-
- * The /etc/securetty file contains a list of terminals that root can login
- from. By default (on Red Hat Linux) this is set to only the local virtual
- consoles(vtys). Be very wary of adding anything else to this file. You
- should be able to login remotely as your regular user account and then su
- if you need to (hopefully over Section 6.4 or other encrypted channel),
- so there is no need to be able to login directly as root.
-
- * Always be slow and deliberate running as root. Your actions could affect
- a lot of things. Think before you type!
-
-
- If you absolutely positively need to allow someone (hopefully very trusted)
-to have root access to your machine, there are a few tools that can help.
-sudo allows users to use their password to access a limited set of commands
-as root. This would allow you to, for instance, let a user be able to eject
-and mount removable media on your Linux box, but have no other root
-privileges. sudo also keeps a log of all successful and unsuccessful sudo
-attempts, allowing you to track down who used what command to do what. For
-this reason sudo works well even in places where a number of people have root
-access, because it helps you keep track of changes made.
-
- Although sudo can be used to give specific users specific privileges for
-specific tasks, it does have several shortcomings. It should be used only for
-a limited set of tasks, like restarting a server, or adding new users. Any
-program that offers a shell escape will give root access to a user invoking
-it via sudo. This includes most editors, for example. Also, a program as
-innocuous as /bin/cat can be used to overwrite files, which could allow root
-to be exploited. Consider sudo as a means for accountability, and don't
-expect it to replace the root user and still be secure.
------------------------------------------------------------------------------
-
-5. Files and File system Security
-
- A few minutes of preparation and planning ahead before putting your systems
-on-line can help to protect them and the data stored on them.
-
- * There should never be a reason for users' home directories to allow SUID
- /SGID programs to be run from there. Use the nosuid option in /etc/fstab
- for partitions that are writable by others than root. You may also wish
- to use nodev and noexec on users' home partitions, as well as /var, thus
- prohibiting execution of programs, and creation of character or block
- devices, which should never be necessary anyway.
-
- * If you are exporting file-systems using NFS, be sure to configure /etc/
- exports with the most restrictive access possible. This means not using
- wild cards, not allowing root write access, and exporting read-only
- wherever possible.
-
- * Configure your users' file-creation umask to be as restrictive as
- possible. See Section 5.1.
-
- * If you are mounting file systems using a network file system such as
- NFS, be sure to configure /etc/exports with suitable restrictions.
- Typically, using `nodev', `nosuid', and perhaps `noexec', are desirable.
-
- * Set file system limits instead of allowing unlimited as is the default.
- You can control the per-user limits using the resource-limits PAM module
- and /etc/pam.d/limits.conf. For example, limits for group users might
- look like this:
-
-
- @users hard core 0
- @users hard nproc 50
- @users hard rss 5000
-
- This says to prohibit the creation of core files, restrict the number of
- processes to 50, and restrict memory usage per user to 5M.
-
- You can also use the /etc/login.defs configuration file to set the same
- limits.
-
- * The /var/log/wtmp and /var/run/utmp files contain the login records for
- all users on your system. Their integrity must be maintained because they
- can be used to determine when and from where a user (or potential
- intruder) has entered your system. These files should also have 644
- permissions, without affecting normal system operation.
-
- * The immutable bit can be used to prevent accidentally deleting or
- overwriting a file that must be protected. It also prevents someone from
- creating a hard link to the file. See the chattr(1) man page for
- information on the immutable bit.
-
- * SUID and SGID files on your system are a potential security risk, and
- should be monitored closely. Because these programs grant special
- privileges to the user who is executing them, it is necessary to ensure
- that insecure programs are not installed. A favorite trick of crackers is
- to exploit SUID-root programs, then leave a SUID program as a back door
- to get in the next time, even if the original hole is plugged.
-
- Find all SUID/SGID programs on your system, and keep track of what they
- are, so you are aware of any changes which could indicate a potential
- intruder. Use the following command to find all SUID/SGID programs on
- your system:
-
-
- root# find / -type f \( -perm -04000 -o -perm -02000 \)
-
- The Debian distribution runs a job each night to determine what SUID
- files exist. It then compares this to the previous night's run. You can
- look in /var/log/setuid* for this log.
-
- You can remove the SUID or SGID permissions on a suspicious program with
- chmod, then restore them back if you absolutely feel it is necessary.
-
- * World-writable files, particularly system files, can be a security hole
- if a cracker gains access to your system and modifies them. Additionally,
- world-writable directories are dangerous, since they allow a cracker to
- add or delete files as he wishes. To locate all world-writable files on
- your system, use the following command:
-
-
- root# find / -perm -2 ! -type l -ls
- and be sure you know why those files are writable. In the normal course
- of operation, several files will be world-writable, including some from /
- dev, and symbolic links, thus the ! -type l which excludes these from the
- previous find command.
-
- *
-
- Unowned files may also be an indication an intruder has accessed your
- system. You can locate files on your system that have no owner, or belong
- to no group with the command:
-
-
- root# find / \( -nouser -o -nogroup \) -print
-
- * Finding .rhosts files should be a part of your regular system
- administration duties, as these files should not be permitted on your
- system. Remember, a cracker only needs one insecure account to
- potentially gain access to your entire network. You can locate all
- .rhosts files on your system with the following command:
- root# find /home -name .rhosts -print
-
- *
-
- Finally, before changing permissions on any system files, make sure you
- understand what you are doing. Never change permissions on a file because
- it seems like the easy way to get things working. Always determine why
- the file has that permission before changing it.
-
-
------------------------------------------------------------------------------
-5.1. Umask Settings
-
- The umask command can be used to determine the default file creation mode on
-your system. It is the octal complement of the desired file mode. If files
-are created without any regard to their permissions settings, the user could
-inadvertently give read or write permission to someone that should not have
-this permission. Typical umask settings include 022, 027, and 077 (which is
-the most restrictive). Normally the umask is set in /etc/profile, so it
-applies to all users on the system. The resulting permission is calculated as
-follows: The default permission of user/group/others (7 for directories, 6
-for files) is combined with the inverted mask (NOT) using AND on a
-per-bit-basis.
-
- Example 1:
-
- file, default 6, binary: 110 mask, eg. 2: 010, NOT: 101
-
- resulting permission, AND: 100 (equals 4, r__)
-
- Example 2:
-
- file, default 6, binary: 110 mask, eg. 6: 110, NOT: 001
-
- resulting permission, AND: 000 (equals 0, ___)
-
- Example 3:
-
- directory, default 7, binary: 111 mask, eg. 2: 010, NOT: 101
-
- resulting permission, AND: 101 (equals 5, r_x)
-
- Example 4:
-
- directory, default 7, binary: 111 mask, eg. 6: 110, NOT: 001
-
- resulting permission, AND: 001 (equals 1, __x)
-
-
- # Set the user's default umask
- umask 033
-Be sure to make root's umask 077, which will disable read, write, and execute
-permission for other users, unless explicitly changed using chmod. In this
-case, newly-created directories would have 744 permissions, obtained by
-subtracting 033 from 777. Newly-created files using the 033 umask would have
-permissions of 644.
-
- If you are using Red Hat, and adhere to their user and group ID creation
-scheme (User Private Groups), it is only necessary to use 002 for a umask.
-This is due to the fact that the default configuration is one user per group.
------------------------------------------------------------------------------
-
-5.2. File Permissions
-
- It's important to ensure that your system files are not open for casual
-editing by users and groups who shouldn't be doing such system maintenance.
-
- Unix separates access control on files and directories according to three
-characteristics: owner, group, and other. There is always exactly one owner,
-any number of members of the group, and everyone else.
-
- A quick explanation of Unix permissions:
-
- Ownership - Which user(s) and group(s) retain(s) control of the permission
-settings of the node and parent of the node
-
- Permissions - Bits capable of being set or reset to allow certain types of
-access to it. Permissions for directories may have a different meaning than
-the same set of permissions on files.
-
- Read:
-
- * To be able to view contents of a file
-
- * To be able to read a directory
-
-
- Write:
-
- * To be able to add to or change a file
-
- * To be able to delete or move files in a directory
-
-
- Execute:
-
- * To be able to run a binary program or shell script
-
- * To be able to search in a directory, combined with read permission
-
-
-
-
-Save Text Attribute: (For directories)
- The "sticky bit" also has a different meaning when applied to
- directories than when applied to files. If the sticky bit is set on a
- directory, then a user may only delete files that the he owns or for
- which he has explicit write permission granted, even when he has write
- access to the directory. This is designed for directories like /tmp,
- which are world-writable, but where it may not be desirable to allow any
- user to delete files at will. The sticky bit is seen as a t in a long
- directory listing.
-
-
-
-
-SUID Attribute: (For Files)
- This describes set-user-id permissions on the file. When the set user ID
- access mode is set in the owner permissions, and the file is executable,
- processes which run it are granted access to system resources based on
- user who owns the file, as opposed to the user who created the process.
- This is the cause of many "buffer overflow" exploits.
-
-
-SGID Attribute: (For Files)
- If set in the group permissions, this bit controls the "set group id"
- status of a file. This behaves the same way as SUID, except the group is
- affected instead. The file must be executable for this to have any
- effect.
-
-
-
-
-SGID Attribute: (For directories)
- If you set the SGID bit on a directory (with chmod g+s directory), files
- created in that directory will have their group set to the directory's
- group.
-
-
- You - The owner of the file
-
- Group - The group you belong to
-
- Everyone - Anyone on the system that is not the owner or a member of the
-group
-
- File Example:
-
-
- -rw-r--r-- 1 kevin users 114 Aug 28 1997 .zlogin
- 1st bit - directory? (no)
- 2nd bit - read by owner? (yes, by kevin)
- 3rd bit - write by owner? (yes, by kevin)
- 4th bit - execute by owner? (no)
- 5th bit - read by group? (yes, by users)
- 6th bit - write by group? (no)
- 7th bit - execute by group? (no)
- 8th bit - read by everyone? (yes, by everyone)
- 9th bit - write by everyone? (no)
- 10th bit - execute by everyone? (no)
-
-
- The following lines are examples of the minimum sets of permissions that are
-required to perform the access described. You may want to give more
-permission than what's listed here, but this should describe what these
-minimum permissions on files do:
-
-
--r-------- Allow read access to the file by owner
---w------- Allows the owner to modify or delete the file
- (Note that anyone with write permission to the directory
- the file is in can overwrite it and thus delete it)
----x------ The owner can execute this program, but not shell scripts,
- which still need read permission
----s------ Will execute with effective User ID = to owner
---------s- Will execute with effective Group ID = to group
--rw------T No update of "last modified time". Usually used for swap
- files
----t------ No effect. (formerly sticky bit)
-
-Directory Example:
- drwxr-xr-x 3 kevin users 512 Sep 19 13:47 .public_html/
- 1st bit - directory? (yes, it contains many files)
- 2nd bit - read by owner? (yes, by kevin)
- 3rd bit - write by owner? (yes, by kevin)
- 4th bit - execute by owner? (yes, by kevin)
- 5th bit - read by group? (yes, by users
- 6th bit - write by group? (no)
- 7th bit - execute by group? (yes, by users)
- 8th bit - read by everyone? (yes, by everyone)
- 9th bit - write by everyone? (no)
- 10th bit - execute by everyone? (yes, by everyone)
-
-
- The following lines are examples of the minimum sets of permissions that are
-required to perform the access described. You may want to give more
-permission than what's listed, but this should describe what these minimum
-permissions on directories do:
-
-
-dr-------- The contents can be listed, but file attributes can't be read
-d--x------ The directory can be entered, and used in full execution paths
-dr-x------ File attributes can be read by owner
-d-wx------ Files can be created/deleted, even if the directory
- isn't the current one
-d------x-t Prevents files from deletion by others with write
- access. Used on /tmp
-d---s--s-- No effect
-
- System configuration files (usually in /etc) are usually mode 640
-(-rw-r-----), and owned by root. Depending on your site's security
-requirements, you might adjust this. Never leave any system files writable by
-a group or everyone. Some configuration files, including /etc/shadow, should
-only be readable by root, and directories in /etc should at least not be
-accessible by others.
-
-
-
-SUID Shell Scripts
- SUID shell scripts are a serious security risk, and for this reason the
- kernel will not honor them. Regardless of how secure you think the shell
- script is, it can be exploited to give the cracker a root shell.
-
-
------------------------------------------------------------------------------
-5.3. Integrity Checking
-
- Another very good way to detect local (and also network) attacks on your
-system is to run an integrity checker like Tripwire, Aide or Osiris. These
-integrety checkers run a number of checksums on all your important binaries
-and config files and compares them against a database of former, known-good
-values as a reference. Thus, any changes in the files will be flagged.
-
- It's a good idea to install these sorts of programs onto a floppy, and then
-physically set the write protect on the floppy. This way intruders can't
-tamper with the integrety checker itself or change the database. Once you
-have something like this setup, it's a good idea to run it as part of your
-normal security administration duties to see if anything has changed.
-
- You can even add a crontab entry to run the checker from your floppy every
-night and mail you the results in the morning. Something like:
- # set mailto
- MAILTO=kevin
- # run Tripwire
- 15 05 * * * root /usr/local/adm/tcheck/tripwire
-will mail you a report each morning at 5:15am.
-
- Integrity checkers can be a godsend to detecting intruders before you would
-otherwise notice them. Since a lot of files change on the average system, you
-have to be careful what is cracker activity and what is your own doing.
-
- You can find the freely available unsusported version of Tripwire at [http:/
-/www.tripwire.org] http://www.tripwire.org, free of charge. Manuals and
-support can be purchased.
-
- Aide can be found at [http://www.cs.tut.fi/~rammer/aide.html] http://
-www.cs.tut.fi/~rammer/aide.html.
-
- Osiris can be found at [http://www.shmoo.com/osiris/] http://www.shmoo.com/
-osiris/.
------------------------------------------------------------------------------
-
-5.4. Trojan Horses
-
- "Trojan Horses" are named after the fabled ploy in Virgil's "Aenid". The
-idea is that a cracker distributes a program or binary that sounds great, and
-encourages other people to download it and run it as root. Then the program
-can compromise their system while they are not paying attention. While they
-think the binary they just pulled down does one thing (and it might very
-well), it also compromises their security.
-
- You should take care of what programs you install on your machine. RedHat
-provides MD5 checksums and PGP signatures on its RPM files so you can verify
-you are installing the real thing. Other distributions have similar methods.
-You should never run any unfamiliar binary, for which you don't have the
-source, as root. Few attackers are willing to release source code to public
-scrutiny.
-
- Although it can be complex, make sure you are getting the source for a
-program from its real distribution site. If the program is going to run as
-root, make sure either you or someone you trust has looked over the source
-and verified it.
------------------------------------------------------------------------------
-
-6. Password Security and Encryption
-
- One of the most important security features used today are passwords. It is
-important for both you and all your users to have secure, unguessable
-passwords. Most of the more recent Linux distributions include passwd
-programs that do not allow you to set a easily guessable password. Make sure
-your passwd program is up to date and has these features.
-
- In-depth discussion of encryption is beyond the scope of this document, but
-an introduction is in order. Encryption is very useful, possibly even
-necessary in this day and age. There are all sorts of methods of encrypting
-data, each with its own set of characteristics.
-
- Most Unicies (and Linux is no exception) primarily use a one-way encryption
-algorithm, called DES (Data Encryption Standard) to encrypt your passwords.
-This encrypted password is then stored in (typically) /etc/passwd (or less
-commonly) /etc/shadow. When you attempt to login, the password you type in is
-encrypted again and compared with the entry in the file that stores your
-passwords. If they match, it must be the same password, and you are allowed
-access. Although DES is a two-way encryption algorithm (you can code and then
-decode a message, given the right keys), the variant that most Unixes use is
-one-way. This means that it should not be possible to reverse the encryption
-to get the password from the contents of /etc/passwd (or /etc/shadow).
-
- Brute force attacks, such as "Crack" or "John the Ripper" (see section
-Section 6.9) can often guess passwords unless your password is sufficiently
-random. PAM modules (see below) allow you to use a different encryption
-routine with your passwords (MD5 or the like). You can use Crack to your
-advantage, as well. Consider periodically running Crack against your own
-password database, to find insecure passwords. Then contact the offending
-user, and instruct him to change his password.
-
- You can go to [http://consult.cern.ch/writeup/security/security_3.html]
-http://consult.cern.ch/writeup/security/security_3.html for information on
-how to choose a good password.
------------------------------------------------------------------------------
-
-6.1. PGP and Public-Key Cryptography
-
- Public-key cryptography, such as that used for PGP, uses one key for
-encryption, and one key for decryption. Traditional cryptography, however,
-uses the same key for encryption and decryption; this key must be known to
-both parties, and thus somehow transferred from one to the other securely.
-
- To alleviate the need to securely transmit the encryption key, public-key
-encryption uses two separate keys: a public key and a private key. Each
-person's public key is available by anyone to do the encryption, while at the
-same time each person keeps his or her private key to decrypt messages
-encrypted with the correct public key.
-
- There are advantages to both public key and private key cryptography, and
-you can read about those differences in [http://www.rsa.com/rsalabs/faq/] the
-RSA Cryptography FAQ, listed at the end of this section.
-
- PGP (Pretty Good Privacy) is well-supported on Linux. Versions 2.6.2 and 5.0
-are known to work well. For a good primer on PGP and how to use it, take a
-look at the PGP FAQ: [http://www.pgp.com/service/export/faq/55faq.cgi] http:/
-/www.pgp.com/service/export/faq/55faq.cgi
-
- Be sure to use the version that is applicable to your country. Due to export
-restrictions by the US Government, strong-encryption is prohibited from being
-transferred in electronic form outside the country.
-
- US export controls are now managed by EAR (Export Administration
-Regulations). They are no longer governed by ITAR.
-
- There is also a step-by-step guide for configuring PGP on Linux available at
-[http://mercury.chem.pitt.edu/~angel/LinuxFocus/English/November1997/
-article7.html] http://mercury.chem.pitt.edu/~angel/LinuxFocus/English/
-November1997/article7.html. It was written for the international version of
-PGP, but is easily adaptable to the United States version. You may also need
-a patch for some of the latest versions of Linux; the patch is available at
-[ftp://metalab.unc.edu/pub/Linux/apps/crypto] ftp://metalab.unc.edu/pub/Linux
-/apps/crypto.
-
- There is a project maintaining a free re-implementation of pgp with open
-source. GnuPG is a complete and free replacement for PGP. Because it does not
-use IDEA or RSA it can be used without any restrictions. GnuPG is in
-compliance with [http://www.faqs.org/rfcs/rfc2440.html] OpenPGP. See the GNU
-Privacy Guard web page for more information: [http://www.gnupg.org] http://
-www.gnupg.org/.
-
- More information on cryptography can be found in the RSA cryptography FAQ,
-available at [http://www.rsa.com/rsalabs/newfaq/] http://www.rsa.com/rsalabs/
-newfaq/. Here you will find information on such terms as "Diffie-Hellman",
-"public-key cryptography", "digital certificates", etc.
------------------------------------------------------------------------------
-
-6.2. SSL, S-HTTP and S/MIME
-
- Often users ask about the differences between the various security and
-encryption protocols, and how to use them. While this isn't an encryption
-document, it is a good idea to explain briefly what each protocol is, and
-where to find more information.
-
- * SSL: - SSL, or Secure Sockets Layer, is an encryption method developed
- by Netscape to provide security over the Internet. It supports several
- different encryption protocols, and provides client and server
- authentication. SSL operates at the transport layer, creates a secure
- encrypted channel of data, and thus can seamlessly encrypt data of many
- types. This is most commonly seen when going to a secure site to view a
- secure online document with Communicator, and serves as the basis for
- secure communications with Communicator, as well as many other Netscape
- Communications data encryption. More information can be found at [http://
- www.consensus.com/security/ssl-talk-faq.html] http://www.consensus.com/
- security/ssl-talk-faq.html. Information on Netscape's other security
- implementations, and a good starting point for these protocols is
- available at [http://home.netscape.com/info/security-doc.html] http://
- home.netscape.com/info/security-doc.html. It's also worth noting that the
- SSL protocol can be used to pass many other common protocols, "wrapping"
- them for security. See [http://www.quiltaholic.com/rickk/sslwrap/] http:/
- /www.quiltaholic.com/rickk/sslwrap/
-
- * S-HTTP: - S-HTTP is another protocol that provides security services
- across the Internet. It was designed to provide confidentiality,
- authentication, integrity, and non-repudiability [cannot be mistaken for
- someone else] while supporting multiple key-management mechanisms and
- cryptographic algorithms via option negotiation between the parties
- involved in each transaction. S-HTTP is limited to the specific software
- that is implementing it, and encrypts each message individually. [ From
- RSA Cryptography FAQ, page 138]
-
- * S/MIME: - S/MIME, or Secure Multipurpose Internet Mail Extension, is an
- encryption standard used to encrypt electronic mail and other types of
- messages on the Internet. It is an open standard developed by RSA, so it
- is likely we will see it on Linux one day soon. More information on S/
- MIME can be found at [http://home.netscape.com/assist/security/smime/
- overview.html] http://home.netscape.com/assist/security/smime/
- overview.html.
-
-
------------------------------------------------------------------------------
-6.3. Linux IPSEC Implementations
-
- Along with CIPE, and other forms of data encryption, there are also several
-other implementations of IPSEC for Linux. IPSEC is an effort by the IETF to
-create cryptographically-secure communications at the IP network level, and
-to provide authentication, integrity, access control, and confidentiality.
-Information on IPSEC and Internet draft can be found at [http://www.ietf.org/
-html.charters/ipsec-charter.html] http://www.ietf.org/html.charters/
-ipsec-charter.html. You can also find links to other protocols involving key
-management, and an IPSEC mailing list and archives.
-
- The x-kernel Linux implementation, which is being developed at the
-University of Arizona, uses an object-based framework for implementing
-network protocols called x-kernel, and can be found at [http://
-www.cs.arizona.edu/xkernel/hpcc-blue/linux.html] http://www.cs.arizona.edu/
-xkernel/hpcc-blue/linux.html. Most simply, the x-kernel is a method of
-passing messages at the kernel level, which makes for an easier
-implementation.
-
- Another freely-available IPSEC implementation is the Linux FreeS/WAN IPSEC.
-Their web page states, ""These services allow you to build secure tunnels
-through untrusted networks. Everything passing through the untrusted net is
-encrypted by the IPSEC gateway machine and decrypted by the gateway at the
-other end. The result is Virtual Private Network or VPN. This is a network
-which is effectively private even though it includes machines at several
-different sites connected by the insecure Internet.""
-
- It's available for download from [http://www.xs4all.nl/~freeswan/] http://
-www.xs4all.nl/~freeswan/, and has just reached 1.0 at the time of this
-writing.
-
- As with other forms of cryptography, it is not distributed with the kernel
-by default due to export restrictions.
------------------------------------------------------------------------------
-
-6.4. ssh (Secure Shell) and stelnet
-
- ssh and stelnet are suites of programs that allow you to login to remote
-systems and have a encrypted connection.
-
- openssh is a suite of programs used as a secure replacement for rlogin, rsh
-and rcp. It uses public-key cryptography to encrypt communications between
-two hosts, as well as to authenticate users. It can be used to securely login
-to a remote host or copy data between hosts, while preventing
-man-in-the-middle attacks (session hijacking) and DNS spoofing. It will
-perform data compression on your connections, and secure X11 communications
-between hosts.
-
- There are several ssh implementiations now. The original commercial
-implementation by Data Fellows can be found at The ssh home page can be found
-at [http://www.datafellows.com] http://www.datafellows.com.
-
- The excellent Openssh implementation is based on a early version of the
-datafellows ssh and has been totally reworked to not include any patented or
-proprietary pieces. It is free and under a BSD license. It can be found at:
-[http://www.openssh.com] http://www.openssh.com.
-
- There is also a open source project to re-implement ssh from the ground up
-called "psst...". For more information see: [http://www.net.lut.ac.uk/psst/]
-http://www.net.lut.ac.uk/psst/
-
- You can also use ssh from your Windows workstation to your Linux ssh server.
-There are several freely available Windows client implementations, including
-the one at [http://guardian.htu.tuwien.ac.at/therapy/ssh/] http://
-guardian.htu.tuwien.ac.at/therapy/ssh/ as well as a commercial implementation
-from DataFellows, at [http://www.datafellows.com] http://www.datafellows.com.
-
- SSLeay is a free implementation of Netscape's Secure Sockets Layer protocol,
-developed by Eric Young. It includes several applications, such as Secure
-telnet, a module for Apache, several databases, as well as several algorithms
-including DES, IDEA and Blowfish.
-
- Using this library, a secure telnet replacement has been created that does
-encryption over a telnet connection. Unlike SSH, stelnet uses SSL, the Secure
-Sockets Layer protocol developed by Netscape. You can find Secure telnet and
-Secure FTP by starting with the SSLeay FAQ, available at [http://
-www.psy.uq.oz.au/~ftp/Crypto/] http://www.psy.uq.oz.au/~ftp/Crypto/.
-
- SRP is another secure telnet/ftp implementation. From their web page:
-
- ""The SRP project is developing secure Internet software for free worldwide
-use. Starting with a fully-secure Telnet and FTP distribution, we hope to
-supplant weak networked authentication systems with strong replacements that
-do not sacrifice user-friendliness for security. Security should be the
-default, not an option!" "
-
- For more information, go to [http://www-cs-students.stanford.edu/~tjw/srp/]
-http://www-cs-students.stanford.edu/~tjw/srp/
------------------------------------------------------------------------------
-
-6.5. PAM - Pluggable Authentication Modules
-
- Newer versions of the Red Hat Linux and Debian Linux distributions ship with
-a unified authentication scheme called "PAM". PAM allows you to change your
-authentication methods and requirements on the fly, and encapsulate all local
-authentication methods without recompiling any of your binaries.
-Configuration of PAM is beyond the scope of this document, but be sure to
-take a look at the PAM web site for more information. [http://www.kernel.org/
-pub/linux/libs/pam/index.html] http://www.kernel.org/pub/linux/libs/pam/
-index.html.
-
- Just a few of the things you can do with PAM:
-
-
-
- * Use encryption other than DES for your passwords. (Making them harder to
- brute-force decode)
-
- * Set resource limits on all your users so they can't perform
- denial-of-service attacks (number of processes, amount of memory, etc)
-
- * Enable shadow passwords (see below) on the fly
-
- * allow specific users to login only at specific times from specific
- places
-
-
- Within a few hours of installing and configuring your system, you can
-prevent many attacks before they even occur. For example, use PAM to disable
-the system-wide usage of .rhosts files in user's home directories by adding
-these lines to /etc/pam.d/rlogin:
- #
- # Disable rsh/rlogin/rexec for users
- #
- login auth required pam_rhosts_auth.so no_rhosts
------------------------------------------------------------------------------
-
-6.6. Cryptographic IP Encapsulation (CIPE)
-
- The primary goal of this software is to provide a facility for secure
-(against eavesdropping, including traffic analysis, and faked message
-injection) subnetwork interconnection across an insecure packet network such
-as the Internet.
-
- CIPE encrypts the data at the network level. Packets traveling between hosts
-on the network are encrypted. The encryption engine is placed near the driver
-which sends and receives packets.
-
- This is unlike SSH, which encrypts the data by connection, at the socket
-level. A logical connection between programs running on different hosts is
-encrypted.
-
- CIPE can be used in tunnelling, in order to create a Virtual Private
-Network. Low-level encryption has the advantage that it can be made to work
-transparently between the two networks connected in the VPN, without any
-change to application software.
-
- Summarized from the CIPE documentation:
-
- "The IPSEC standards define a set of protocols which can be used (among
-other things) to build encrypted VPNs. However, IPSEC is a rather heavyweight
-and complicated protocol set with a lot of options, implementations of the
-full protocol set are still rarely used and some issues (such as key
-management) are still not fully resolved. CIPE uses a simpler approach, in
-which many things which can be parameterized (such as the choice of the
-actual encryption algorithm used) are an install-time fixed choice. This
-limits flexibility, but allows for a simple (and therefore efficient, easy to
-debug...) implementation."
-
- Further information can be found at [http://www.inka.de/~bigred/devel/
-cipe.html] http://www.inka.de/~bigred/devel/cipe.html
-
- As with other forms of cryptography, it is not distributed with the kernel
-by default due to export restrictions.
------------------------------------------------------------------------------
-
-6.7. Kerberos
-
- Kerberos is an authentication system developed by the Athena Project at MIT.
-When a user logs in, Kerberos authenticates that user (using a password), and
-provides the user with a way to prove her identity to other servers and hosts
-scattered around the network.
-
- This authentication is then used by programs such as rlogin to allow the
-user to login to other hosts without a password (in place of the .rhosts
-file). This authentication method can also used by the mail system in order
-to guarantee that mail is delivered to the correct person, as well as to
-guarantee that the sender is who he claims to be.
-
- Kerberos and the other programs that come with it, prevent users from
-"spoofing" the system into believing they are someone else. Unfortunately,
-installing Kerberos is very intrusive, requiring the modification or
-replacement of numerous standard programs.
-
- You can find more information about kerberos by looking at [http://
-www.cis.ohio-state.edu/hypertext/faq/usenet/kerberos-faq/general/faq.html]
-the kerberos FAQ, and the code can be found at [http://nii.isi.edu/info/
-kerberos/] http://nii.isi.edu/info/kerberos/.
-
- [From: Stein, Jennifer G., Clifford Neuman, and Jeffrey L. Schiller.
-"Kerberos: An Authentication Service for Open Network Systems." USENIX
-Conference Proceedings, Dallas, Texas, Winter 1998.]
-
- Kerberos should not be your first step in improving security of your host.
-It is quite involved, and not as widely used as, say, SSH.
------------------------------------------------------------------------------
-
-6.8. Shadow Passwords.
-
- Shadow passwords are a means of keeping your encrypted password information
-secret from normal users. Recent versions of both Red Hat and Debian Linux
-use shadow passwords by default, but on other systems, encrypted passwords
-are stored in /etc/passwd file for all to read. Anyone can then run
-password-guesser programs on them and attempt to determine what they are.
-Shadow passwords, by contrast, are saved in /etc/shadow, which only
-privileged users can read. In order to use shadow passwords, you need to make
-sure all your utilities that need access to password information are
-recompiled to support them. PAM (above) also allows you to just plug in a
-shadow module; it doesn't require re-compilation of executables. You can
-refer to the Shadow-Password HOWTO for further information if necessary. It
-is available at [http://metalab.unc.edu/LDP/HOWTO/Shadow-Password-HOWTO.html]
-http://metalab.unc.edu/LDP/HOWTO/Shadow-Password-HOWTO.html It is rather
-dated now, and will not be required for distributions supporting PAM.
------------------------------------------------------------------------------
-
-6.9. "Crack" and "John the Ripper"
-
- If for some reason your passwd program is not enforcing hard-to-guess
-passwords, you might want to run a password-cracking program and make sure
-your users' passwords are secure.
-
- Password cracking programs work on a simple idea: they try every word in the
-dictionary, and then variations on those words, encrypting each one and
-checking it against your encrypted password. If they get a match they know
-what your password is.
-
- There are a number of programs out there...the two most notable of which are
-"Crack" and "John the Ripper" ([http://www.openwall.com/john/] http://
-www.openwall.com/john/) . They will take up a lot of your CPU time, but you
-should be able to tell if an attacker could get in using them by running them
-first yourself and notifying users with weak passwords. Note that an attacker
-would have to use some other hole first in order to read your /etc/passwd
-file, but such holes are more common than you might think.
-
- Because security is only as strong as the most insecure host, it is worth
-mentioning that if you have any Windows machines on your network, you should
-check out L0phtCrack, a Crack implementation for Windows. It's available from
-[http://www.l0pht.com] http://www.l0pht.com
------------------------------------------------------------------------------
-
-6.10. CFS - Cryptographic File System and TCFS - Transparent Cryptographic
-File System
-
- CFS is a way of encrypting entire directory trees and allowing users to
-store encrypted files on them. It uses an NFS server running on the local
-machine. RPMS are available at [http://www.zedz.net/redhat/] http://
-www.zedz.net/redhat/, and more information on how it all works is at [ftp://
-ftp.research.att.com/dist/mab/] ftp://ftp.research.att.com/dist/mab/.
-
- TCFS improves on CFS by adding more integration with the file system, so
-that it's transparent to users that the file system that is encrypted. More
-information at: [http://www.tcfs.it/] http://www.tcfs.it/.
-
- It also need not be used on entire file systems. It works on directory trees
-as well.
------------------------------------------------------------------------------
-
-6.11. X11, SVGA and display security
-
-6.11.1. X11
-
- It's important for you to secure your graphical display to prevent attackers
-from grabbing your passwords as you type them, reading documents or
-information you are reading on your screen, or even using a hole to gain root
-access. Running remote X applications over a network also can be fraught with
-peril, allowing sniffers to see all your interaction with the remote system.
-
- X has a number of access-control mechanisms. The simplest of them is
-host-based: you use xhost to specify the hosts that are allowed access to
-your display. This is not very secure at all, because if someone has access
-to your machine, they can xhost + their machine and get in easily. Also, if
-you have to allow access from an untrusted machine, anyone there can
-compromise your display.
-
- When using xdm (X Display Manager) to log in, you get a much better access
-method: MIT-MAGIC-COOKIE-1. A 128-bit "cookie" is generated and stored in
-your .Xauthority file. If you need to allow a remote machine access to your
-display, you can use the xauth command and the information in your
-.Xauthority file to provide access to only that connection. See the
-Remote-X-Apps mini-howto, available at [http://metalab.unc.edu/LDP/HOWTO/mini
-/Remote-X-Apps.html] http://metalab.unc.edu/LDP/HOWTO/mini/
-Remote-X-Apps.html.
-
- You can also use ssh (see Section 6.4, above) to allow secure X connections.
-This has the advantage of also being transparent to the end user, and means
-that no unencrypted data flows across the network.
-
- You can also disable any remote connections to your X server by using the
-'-nolisten tcp' options to your X server. This will prevent any network
-connections to your server over tcp sockets.
-
- Take a look at the Xsecurity man page for more information on X security.
-The safe bet is to use xdm to login to your console and then use ssh to go to
-remote sites on which you wish to run X programs.
------------------------------------------------------------------------------
-
-6.11.2. SVGA
-
- SVGAlib programs are typically SUID-root in order to access all your Linux
-machine's video hardware. This makes them very dangerous. If they crash, you
-typically need to reboot your machine to get a usable console back. Make sure
-any SVGA programs you are running are authentic, and can at least be somewhat
-trusted. Even better, don't run them at all.
------------------------------------------------------------------------------
-
-6.11.3. GGI (Generic Graphics Interface project)
-
- The Linux GGI project is trying to solve several of the problems with video
-interfaces on Linux. GGI will move a small piece of the video code into the
-Linux kernel, and then control access to the video system. This means GGI
-will be able to restore your console at any time to a known good state. They
-will also allow a secure attention key, so you can be sure that there is no
-Trojan horse login program running on your console. [http://
-synergy.caltech.edu/~ggi/] http://synergy.caltech.edu/~ggi/
------------------------------------------------------------------------------
-
-7. Kernel Security
-
- This is a description of the kernel configuration options that relate to
-security, and an explanation of what they do, and how to use them.
-
- As the kernel controls your computer's networking, it is important that it
-be very secure, and not be compromised. To prevent some of the latest
-networking attacks, you should try to keep your kernel version current. You
-can find new kernels at [ftp://ftp.kernel.org] ?? or from your distribution
-vendor.
-
- There is also a international group providing a single unified crypto patch
-to the mainstream Linux kernel. This patch provides support for a number of
-cryptographic subsystems and things that cannot be included in the mainstream
-kernel due to export restrictions. For more information, visit their web page
-at: [http://www.kerneli.org] http://www.kerneli.org
------------------------------------------------------------------------------
-
-7.1. 2.0 Kernel Compile Options
-
- For 2.0.x kernels, the following options apply. You should see these options
-during the kernel configuration process. Many of the comments here are from .
-/linux/Documentation/Configure.help, which is the same document that is
-referenced while using the Help facility during the make config stage of
-compiling the kernel.
-
-
-
- * Network Firewalls (CONFIG_FIREWALL)
-
- This option should be on if you intend to run any firewalling or
- masquerading on your Linux machine. If it's just going to be a regular
- client machine, it's safe to say no.
-
- * IP: forwarding/gatewaying (CONFIG_IP_FORWARD)
-
- If you enable IP forwarding, your Linux box essentially becomes a
- router. If your machine is on a network, you could be forwarding data
- from one network to another, and perhaps subverting a firewall that was
- put there to prevent this from happening. Normal dial-up users will want
- to disable this, and other users should concentrate on the security
- implications of doing this. Firewall machines will want this enabled, and
- used in conjunction with firewall software.
-
- You can enable IP forwarding dynamically using the following command:
-
-
- root# echo 1 > /proc/sys/net/ipv4/ip_forward
- and disable it with the command:
- root# echo 0 > /proc/sys/net/ipv4/ip_forward
- Keep in mind the files in /proc are "virtual" files and the shown size of
- the file might not reflect the data output from it.
-
- * IP: syn cookies (CONFIG_SYN_COOKIES)
-
- a "SYN Attack" is a denial of service (DoS) attack that consumes all the
- resources on your machine, forcing you to reboot. We can't think of a
- reason you wouldn't normally enable this. In the 2.2.x kernel series this
- config option merely allows syn cookies, but does not enable them. To
- enable them, you have to do:
-
-
- root# echo 1 > /proc/sys/net/ipv4/tcp_syncookies
-(preformatted text), (forced line break - note it doesn't require a
-closing tag), as well as all their ending tags.
-
-Not only do you need to ensure that only a small set of ``safe'' HTML
-commands are accepted, you also need to ensure that they are properly nested
-and closed (i.e., that the HTML commands are ``balanced''). In XML, this is
-termed ``well-formed'' data. A few exceptions could be made if you're
-accepting standard HTML (e.g., supporting an implied
where not provided
-before a
would be fine), but trying to accept HTML in its full generality
-(which can infer balancing closing tags in many cases) is not needed for most
-applications. Indeed, if you're trying to stick to XHTML (instead of HTML),
-then well-formedness is a requirement. Also, HTML tags are case-insensitive;
-tags can be upper case, lower case, or a mixture. However, if you intend to
-accept XHTML then you need to require all tags to be in lower case (XML is
-case-sensitive; XHTML uses XML and requires the tags to be in lower case).
-
-Here are a few random tips about doing this. Usually you should design
-whatever surrounds the HTML text and the set of permitted tags so that the
-contributed text cannot be misinterpreted as text from the ``main'' site (to
-prevent forgeries). Don't accept any attributes unless you've checked the
-attribute type and its value; there are many attributes that support things
-such as Javascript that can cause trouble for your users. You'll notice that
-in the above list I didn't include any attributes at all, which is certainly
-the safest course. You should probably give a warning message if an unsafe
-tag is used, but if that's not practical, encoding the critical characters
-(e.g., "<" becomes "<") prevents data loss while simultaneously keeping
-the users safe.
-
-Be careful when expanding this set, and in general be restrictive of what you
-accept. If your patterns are too generous, the browser may interpret the
-sequences differently than you expect, resulting in a potential exploit. For
-example, FozZy posted on Bugtraq (1 April 2002) some sequences that permitted
-exploitation in various web-based mail systems, which may give you an idea of
-the kinds of problems you need to defend against. Here's some exploit text
-that, at one time, could subvert user accounts in Microsoft Hotmail:
-
- &{[code]}; [N4]
- [N4]
-
-