272 lines
4.7 KiB
HTML
272 lines
4.7 KiB
HTML
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>General Security Considerations</TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"><LINK
|
|
REL="HOME"
|
|
TITLE="Linux Network Administrators Guide"
|
|
HREF="index.html"><LINK
|
|
REL="UP"
|
|
TITLE="The Point-to-Point Protocol"
|
|
HREF="x-087-2-ppp.html"><LINK
|
|
REL="PREVIOUS"
|
|
TITLE="Link Control Options"
|
|
HREF="x6968.html"><LINK
|
|
REL="NEXT"
|
|
TITLE="Authentication with PPP"
|
|
HREF="x-087-2-ppp.authentication.html"></HEAD
|
|
><BODY
|
|
CLASS="SECT1"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="NAVHEADER"
|
|
><TABLE
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TH
|
|
COLSPAN="3"
|
|
ALIGN="center"
|
|
>Linux Network Administrators Guide</TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="left"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="x6968.html"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="80%"
|
|
ALIGN="center"
|
|
VALIGN="bottom"
|
|
>Chapter 8. The Point-to-Point Protocol</TD
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="right"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="x-087-2-ppp.authentication.html"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"></DIV
|
|
><DIV
|
|
CLASS="SECT1"
|
|
><H1
|
|
CLASS="SECT1"
|
|
><A
|
|
NAME="AEN7037"
|
|
>8.7. General Security Considerations</A
|
|
></H1
|
|
><P
|
|
>
|
|
|
|
|
|
A misconfigured PPP daemon can be a devastating security breach. It can be as
|
|
bad as letting anyone plug their machine into your Ethernet (and that can be
|
|
very bad). In this section, we discuss a few measures that should make
|
|
your PPP configuration safe.</P
|
|
><DIV
|
|
CLASS="NOTE"
|
|
><BLOCKQUOTE
|
|
CLASS="NOTE"
|
|
><P
|
|
><B
|
|
>Note: </B
|
|
>Root privilege is required to configure the network
|
|
device and routing table. You will usually solve this by running
|
|
<B
|
|
CLASS="COMMAND"
|
|
>pppd</B
|
|
> setuid <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>root</SPAN
|
|
>. However, <B
|
|
CLASS="COMMAND"
|
|
>pppd</B
|
|
>
|
|
allows users to set various security-relevant options. </P
|
|
></BLOCKQUOTE
|
|
></DIV
|
|
><P
|
|
> To protect against any attacks a user may launch by manipulating
|
|
<B
|
|
CLASS="COMMAND"
|
|
>pppd</B
|
|
> options, you should set a couple of
|
|
default values in the global <TT
|
|
CLASS="FILENAME"
|
|
>/etc/ppp/options</TT
|
|
>
|
|
file, like those shown in the sample file in <A
|
|
HREF="x-087-2-ppp.options.html"
|
|
>Section 8.3</A
|
|
>,” earlier in this chapter. Some of them, such as the
|
|
authentication options, cannot be overridden by the user, and thus
|
|
provide reasonable protection against manipulations. An important
|
|
option to protect is the <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>connect</SPAN
|
|
> option. If you intend to allow
|
|
non-root users to invoke <B
|
|
CLASS="COMMAND"
|
|
>pppd</B
|
|
> to connect to the
|
|
Internet, you should always add the <TT
|
|
CLASS="LITERAL"
|
|
>connect</TT
|
|
> and
|
|
<TT
|
|
CLASS="LITERAL"
|
|
>noauth</TT
|
|
> options to the global options file
|
|
<TT
|
|
CLASS="FILENAME"
|
|
>/etc/ppp/options</TT
|
|
>. If you fail to do this, users
|
|
will be able to execute arbitrary commands with
|
|
<TT
|
|
CLASS="LITERAL"
|
|
>root</TT
|
|
> privileges by specifying the command as their
|
|
<SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>connect</SPAN
|
|
> command on the
|
|
<B
|
|
CLASS="COMMAND"
|
|
>pppd</B
|
|
> line or in their personal options file.</P
|
|
><P
|
|
>Another good idea is to restrict which users may execute
|
|
<B
|
|
CLASS="COMMAND"
|
|
>pppd</B
|
|
> by creating a group in <TT
|
|
CLASS="FILENAME"
|
|
>/etc/group</TT
|
|
>
|
|
and adding only those users who you wish to have the ability to execute
|
|
the PPP daemon. You should then change group ownership of the
|
|
<B
|
|
CLASS="COMMAND"
|
|
>pppd</B
|
|
> daemon to that group and remove the world execute
|
|
privileges. To do this, assuming you've called your group
|
|
<SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>dialout</SPAN
|
|
>, you could use something like:
|
|
|
|
<TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
># <TT
|
|
CLASS="USERINPUT"
|
|
><B
|
|
>chown root /usr/sbin/pppd</B
|
|
></TT
|
|
>
|
|
# <TT
|
|
CLASS="USERINPUT"
|
|
><B
|
|
>chgrp dialout /usr/sbin/pppd</B
|
|
></TT
|
|
>
|
|
# <TT
|
|
CLASS="USERINPUT"
|
|
><B
|
|
>chmod 4750 /usr/sbin/pppd</B
|
|
></TT
|
|
></PRE
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></P
|
|
><P
|
|
>Of course, you have to protect yourself from the systems you speak PPP
|
|
with, too. To fend off hosts posing as someone else, you should
|
|
always require some sort of authentication from your peer. Additionally, you
|
|
should not allow foreign hosts to use any IP address they choose, but
|
|
restrict them to at most a few. The following section will deal with
|
|
these topics in detail.</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="NAVFOOTER"
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"><TABLE
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="x6968.html"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="index.html"
|
|
>Home</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="x-087-2-ppp.authentication.html"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
>Link Control Options</TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="x-087-2-ppp.html"
|
|
>Up</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
>Authentication with PPP</TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
> |