CISP-10-UNIX操作系统安全v2

UNIX200811UNIX§§§§UNIXUNIX§§UNIXUNIXsolarissolaris))§§§§§§§§§§UNIXUNIX§§LINUXLINUX��,,����������§§�§§�§§�§§UNIX§§UNIX§UNIXsolaris)§§§§§UNIX§LINUXUnix:§Trusted Computer SystemEvaluation Criteria(1985)�Trusted ComputerSystem Evaluation Criteria(1985)§(D1C1C2B1B2B3A1)UNIX§(TCSEC)C2����UNIX§§UNIX§UNIX§UNIXsolaris)§§§§§UNIX§LINUXUNIX§Solaris0/sbin/initinit/etc/inittab/etc/rc1(2,3)inittabUNIX§solarisInit 0Init 1Init 2Init 3init 0/openbootcdrominit 1//)Ctrl+Dinit 2/()/etc/rc2S69inet,inetdinit 3/()/etc/rc3Linux§UNIXLinuxmount /§SolarisUNIX§§UNIX§UNIX§UNIXsolaris)§§§§§UNIX§LINUXUNIX§§UNIX§UNIX§UNIXsolaris)§§§§§UNIX§LINUXunix���§UNIX§UNIX�/�/opt�/exportNFS�/export/home�/var�/usr�Swap Space�/bin�/cdrom�/modules�/root root�/proc�/sbin�/devUNIX�/etcwindows�/mnt§ASCII§§(§§Sockets.sockUnix#ls–al testdrwxr­xr­x3 root  root1024 Sep 13 11:58  test§unix10§1:�d­lssocketcb�§2­10�rwx9(3)(mode bits)Unix§Chmod�#chmod755 test§Chown�#chownuser1 file1§Chgrp�#chgrpgroup1file1Unix§SUID/SGID��SUIDID“;SGIDID�SUIDIDIDroot�SUIDSUIDrootUnix§SUID�“x”“s”SUID#ls­al /bin/su­rwsr­xr­x1 root root14888 Aug 15 1999 /bin/su§SUIDSGID#find / ­type f \( ­perm ­4000 ­o ­perm ­2000 \)–ls�2000 setgid�4000 setuidSUID§vi#ls­al /bin/vi­r­xr­xr­x5 root     bin       201516 11Ô  42002 vi§SUID#chmodu+s/bin/vi#ls–al vi­r­sr­xr­x5 root     bin       201516 11Ô  42002 viSUID§�$ping192.168.13.1(pingSSUID§�$ ping192.168.13.1(pingSumask§§777 –§666 –§umask022­rw­r­­r­­1 root workgrp14233 Apr 24 10:32 textfile.txtunix§§UNIX§UNIX§UNIXsolaris)§§§§§UNIX§LINUXUNIX§§§UNIX§�“qwerty”“abcdef”���6��UNIX§�10�! @ $ % ^ & * ( ) _ ­+ ={ } [ ] | \: ; '    , . ? /space���UNIX§§§UNIX§Passwd#more /etc/passwdname:coded­passwd:UID:GID:user­info:home­dir:shell7�name—�Coded­passwd—/�UID—100UIDUNIX–GID—–User_info—finger–home­directory—–shell—/bin/falseUNIXshadow§/etc/shadow��:loginID:passwd:lastchg:min:max:warn:inactive:expire:–loginID –password LKNP–lastchg 1970–min –max –warn –inactive –expire UNIXshadow#more /etc/shadowroot:LXeokt/C/oXtw:6445::::::daemon:NP:6445::::::bin:NP:6445::::::sys:NP:6445::::::adm:NP:6445::::::lp:NP:6445::::::……UNIX§§§UNIXUNIX§�/etc/shadowpasswordNP�–# userdel user1UNIX§Root–root–root–––,suroot,rootUNIX§Root–umask077 ,022––rootroot–/etc/securettyttyp0­ttyp9rootconsolesshroot§UNIX:�/etc/default/login#CONSOLE=/dev/console�rootFTP/etc/ftpusersroot§linux:/etc/pam.d/login/etc/pam.d/login auth required pam_securetty.sounix§§UNIX§UNIX§UNIXsolaris)§§§§§UNIX§LINUX§§wtmp/utmp§syslog§§wtmp/utmp§syslog§§wtmp/utmp§syslog–utmp–wtmpwtmp–lastlog–utmp/wtmp–who–w–users–last–lastb–acutmp/wtmpwhoutmputmp/wtmputmp–1515utmp/wtmpusersusers$ usersalice carol dave bobutmp/wtmplastwtmputmp/wtmpac/var/log/wtmp$ actotal 136.25“­d”“­p”§§wtmp/utmp§syslog§syslog�/etc/syslogd(solaris/usr/sbin/syslogd)�/etc/syslog.conf�/var/adm/var/logsyslogUnixlog�/etc/syslog.conf*.err;kern.notice;auth.notice         /dev/console*.err;kern.debug;daemon.notice;mail.crit    /var/adm/messages*.alert;kern.err;daemon.err          operator*.alert                    root*.emerg                    *mail.debug           ifdef(`LOGHOST', /var/log/syslog, @loghost)ifdef(`LOGHOST', ,user.err                    /dev/consoleuser.err                    /var/adm/messagesuser.alert                   `root, operator'user.emerg                   *)�syslog.conf.[.][Tab]SyslogSyslog§sulog:su/var/adm/sulog§httpd/var/apache/access­logUNIX§§UNIX§UNIX§UNIXsolaris)§§§§§UNIX§LINUXUnix�–/etc/inetd.conf/etc/inetd.confinetd–/etc/service/etc/services–/etc/protocols/etc/protocolsUnix�/etc/inittab�/etc/rc*.d“*”/etc/inittab/�/etc/init.d/etc/init.dInetd§#more /etc/inetd.conf�#systat stream  tcp     nowait  root    /usr/bin/psps ­ef�#�#netstat        stream  tcp     nowait  root    /usr/bin/netstatnetstat ­f inet�#�#time   stream  tcp6    nowait  root    internal�#time   dgram   udp6    wait    root    internal�#�#echo   stream  tcp6    nowait  root    internal�#echo   dgram   udp6    wait    root    internal�#Inetd–#name    dgram   udp     wait    root    /usr/sbin/in.tnamedin.tnamed–#namedDNS–#telnet stream  tcp6    nowait  root    /usr/sbin/in.telnetdin.telnetd–#telnet–#ftp     stream  tcp6    nowait  root    /usr/sbin/in.ftpdin.ftpd ­a–#ftp/etc/services§more /etc/services�# Network services, Internet style�#�tcpmux          1/tcp�echo            7/tcp�echo            7/udp�discard         9/tcp           sink null�discard         9/udp           sink null�systat          11/tcp          users�daytime         13/tcp�daytime         13/udp�netstat         15/tcp/etc/services�chargen         19/tcp          ttytst source�chargen         19/udp          ttytst source�ftp­data        20/tcp�ftp             21/tcp�ssh             22/tcp           # Secure Shell�telnet          23/tcp�smtp            25/tcp          mail�time            37/tcp          timserver�time            37/udp          timserver�name            42/udp          nameserver�domain          53/udp�domain          53/tcpUnix§inetd.conf�#cp /etc/inet/inetd.conf/etc/inet/inetd