Security On Linux System

Power by: N.X.Bi O==(=========> ^($)^ Supporter Of VTF) (E-mail: binhnx2000@yahoo.com | Home: http://www.vieteam.com/)

M u: Ti l mt Fan ca Linux, mt ngi yu thch Security. Ti rt thch Linux, c bit l kh nng tuyt vi ca n. Ti vit ti liu ny ch vi mc ch mun chia s vi mi ngi mt cht hiu bit t i ca ti v Security Linux...Khng h c bt c mc ch no khc. Nhng g ti chia s trong ti liu ny u c ngun gc t cc: Magazine, Book, Site, Forum, List...v Linux Security trn th gii. Nhng g ti cm thy hay v thc s c ch, ti thc hnh th v tm cch ghi li mt cch ngn gn d hiu nht trong ti liu ny. Thiu xt l iu khng th trnh khi, rt mong nhn c s gp v ch bo thng thn t pha cc bn. y ch l Version Demo ca ti liu. Nu nhn c s ng h, n nhn nhit tnh cng nh s gp v gip thng thn t pha cc bn. Ti s tip tc hon thin ti liu ny phc v mi ngi mt cch tt hn. Bn c th tham gia din n trao i, tho lun v Unix/Linux vi chng ti : http://www.vieteam.com/vtf (Unix/Linux Section) Lu : Bi vit ny ch mang tnh cht hc hi v trao i kinh nghimCc bn c th t do s dng n, nhng mong cc bn tn trng Copright mt cht. Khi cn trch dn ch no trong ti liu. Vui lng ghi r ngun v tn ngi vitRt cm n bn quan tm n bi vit ca ti. 1) V s phn cp, quyn hn, s hu cho File S phn cp, quyn v s s hu r rng n gin to ln sc mnh bo mt ca Unix/Linux. Vn u tin m chng ta cn kim tra c l l s phn cp, quyn hn, s hu cc File trn h thng ca bn. Nu khng c cu hnh mt cch chnh xc iu ny ht sc nguy him. Cho l do ny bn ln thng xuyn kim ton h thng File trn Server ca bn. c bit ln ch n ID ca root. C mt s chng trnh cho php ngi s dng trn h thng ca bn c th t do Set UID m khng cn root. Chc ti khng cn ni, bn cng bit l phi lm g vi cc chng trnh loi ny ri ch ? By gi chng ta tm cc File c s phn cp, quyn hn khng n nh trn h thng ca bn v sau iu chnh li gi tr an ton cho chng: root@localhotst# find / -type f -perm +6000 -ls 59520 30 -rwsr-xr-x 1 root root 30560 Apr 15 1999 /usr/bin/chage 59560 16 -r-sr-sr-x 1 root lp 15816 Jan 6 2000 /usr/bin/lpq root@localhotst# chmod -s /usr/bin/chage /usr/bin/lpq root@localhotst# ls -l /usr/bin/lpq /usr/bin/chage -rwxr-xr-x 1 root root 30560 Apr 15 1999 /usr/bin/chage -r-xr-xr-x 1 root lp 15816 Jan 6 2000 /usr/bin/lpq Cc dng lnh trn tm cc File c UID root hay tng ng root. Tip gn thuc tnh ch cho php root mi c quyn thc thi n.

Chng ta tip tc tm nhng File cho php ghi li trn h thng ca bn. iu g s xy ra nu k tn cng c th t do thay i ni dung cc File ? root@localhost# find / -perm -2 ! -type l -ls Trong cc thao tc bnh thng vic ghi, thay i ni dung File thng c thc hin cc th mc nh /dev v /tmp...Nu bn thy cc th mc khc m cc File li c th t do ghi li c th c l l c vn ny sinh ri . Bn cng ln quan tm n cc File khng c ch s hu (khng thuc bt c User hay Group no). Tt nhin l khng ai s hu chng th k tn cng rt c th s s hu chng ;-( tm cc File khng c ch s hu bn dng lnh: root@localhost# find / -nouser -o -nogroup Vi vic s dng lnh "lsattr" v "chattr" bn c th thay i c tnh cho cc File v th mc di cp cao cp ca mt qun tr h thng nh kh nng iu khin qu trnh xo File, thay i File v vi nhng tnh nng khc m lnh "chmod" khng th thc hin c. Vic cp pht quyn hn s hu cho File theo mt quy tc thng nht, trong sut, khng thay i...T ra c hiu qu c bit trong vic ngn chn qu trnh xo, thay i cc tp tin Log ca k tn cng, hay vic ci t Trojan vo nhng File nh phn Binnary trn h thng ca bn. Lnh "chattr" c s dng gn hay g b quyn hn s hu cho File, th lnh "lsattr" c s dng lit k chng. Cc File Log cn phi c bo v mt cch hp l. Khi d liu c ghi vo File Log mt ln, n s khng th c php chnh sa hay thay i. S d c nhu cu ny, bi hin ti c rt nhiu Script cho php k tn cng tn cng xo b, chnh sa ni dung trn File Log. xit cht hn an ton cho File Log chng ta cn s dng lnh "chattr" v "lsattr" vi mt vi i tng: root@localhost# chattr +i /bin/login root@localhost# chattr +a /var/log/messages root@localhost# lsattr /bin/login /var/log/messages ----i--- /bin/login -----a-- /var/log/messages Tm li! sau phn ny bn ln ch : Khng bao gi cho php ngi s dng c php chy cc chng trnh Set UID, hay nhng chng trnh khc c c quyn nh root trn Home Directory ca bn. Lun kim ton v quan tm n h thng File trn Server ca bn, c bit l vi nhng loi File c nguy c cao nu trn. - Bn ln s dng tu chn nouid trong /etc/fstab cho php s chnh sa ghi li cc khu vc nh vi tng ngi s dng. - Tnh nng noexec v nodev cho cc File trong Home Directory ca ngi dng khng cho php h t ng thc thi cc chng trnh hay to cc thit b Block.

2) V hiu ho cc Service khng s dng trnh tnh trng "m di lm mng" bn ln v hiu ho v g b nhng chng trnh, Service khng dng n trn h thng ca mnh. Bn c th s dng cc cng c qun l

hin th danh sch nhng gi phn mm no c ci t thc hin vic ny (Redhat Package Manager - Linux ) V c bn! cc Service c nh ngha hot ng bi inetd (trn mt s h thng Linux mi n c th l xinetd). Ni dung Service c nh ngha hot ng bi inetd c cha /etc/inetd.conf . Mi Service c nh ngha ng sau k t "#"...Bn c th v hiu ho Service khng s dng. Th mc /etc/rc*.d v /etc/rc.d/rc* l ni cha cc Shell Script v cc thng s iu khin s thc hin ca Network v Service trong sut thi gian n hot ng. Bn c th xo b ht nhng th lin quan n nhng Service m bn khng cn s dng. i vi h thng Redhat, SuSE, Mandrake...bn c th s dng lnh: root@localhost#chkconfig --list root@localhost#chkconfig --del <name> hin th nhng Service no ang hot ng v xo b Service no m bn mun. Bn mun kim tra xem Service no thc s c g b khi h thng cha ? /bin/netstat -a -p --inet Trn Redhat, SuSE, Mandrake...chng trnh c s dng qun l cc gi phn mm l /bin/rpm (Redhat Package Manager). Trn Debian l /usr/bin/dpkg (Debian Package ). Di y l mt s dng lnh c bn c dng qun l cc gi phn mm. Dng u s l rpm v dng th hai s l dpkg: G b mt gi phn mm: root@localhost# rpm -e <package-name> root@localhost# dpkg -r <package-name> Lit k danh sch nhng gi c ci t: root@localhost# rpm -qvl <package-name.rpm> root@localhost# dpkg -c <package-name.deb> Lit k danh sch nhng gi c ci t vi thng tin chi tit cho mi gi: root@localhost# rpm -qvia root@localhost# dpkg -l Lit k thng tin chnh xc cc File ca gi c ch nh: root@localhost# rpm -qvpl <package-name.rpm> root@localhost# dpkg -c <package-name.deb> Hin th thng tin v mt gi phn mm: root@localhost# rpm -qpi <package-name.rpm> root@localhost# dpkg -I <package-name.deb> Kim tra tnh ton vn cho mt gi phn mm:

root@localhost# rpm -Va root@localhost# debsums -a Ci t mt gi phn mm mi: root@localhost# rpm -Uvh <package-name.rpm> root@localhost# dpkg -i <package-name.deb>

3) S kim tra tnh ton vn ca cc gi phn mm Lnh "md5sum" s dng thut ton 128 bit xc nh chui Finger Print ca mt gi phn mm. Vi mc ch m bo s ton vn ca cc gi phn mm t nh cung cp n ngi s dng. N c th cho ta bit v s thay i ca cc gi phn mm trn h thng ca bn. root@localhost# md5sum package-name 995d4f40cda13eacd2beaf35c1c4d5c2 package-name C l bn vn cha hiu c li ch thc s ca "md5sum" trong th gii bo mt. Ti s ly mt v d n gin. Khi k tn cng t nhp c vo h thng ca bn, chng s ci t v s dng cc Rootkit. Thc cht l cc chng trnh thng dng ca Admin nh: netstat, ps, ls... c chnh sa cho ra thng tin sai che mt bn. Vy lm th no bit c iu ny ? Chng hn nh chui MD5 mc nh ca "netstat" khi ci t h thng SuSE Linux ca ti l "995d4f40cda13eacd2beaf35c1c4d5c2" By gi khi ti chy "md5sum" vi "netstat" : root@localhost# md5sum /usr/bin/netstat 995d4f40cda13eacd2beaf35c1c7d8c1 /usr/bin/netstat Thng tin v chui khng khp nhau, iu g xy ra vy ? Cu tr li ny dnh cho bn. 4) S dng Tripwire Tripwire mt chng trnh theo di nhm m bo tnh ton vn ca File bi vic duy tr s hot ng ca mt c s d liu nhng File c ci t trn h thng...Cng nh s cnh bo khi chng c s thay i. Khi ci t Tripwire s c, thu thp thng tin v trng thi cc File trn h thng ca bn v ghi chng vo mt c s d liu. Sau ny khi Tripwire chy n s i chiu cc FIle trn h thng ca bn vi c s d liu chun. Nu c s thay i n s thng bo cho bn. C mt File chnh c s dng cu hnh hot ng tng th cho Tripwire. Thng thng vi thng s mc nh n cng t ra kh hiu qu. Nu nh bn khng rnh v Tripwire, bn ln s dng thng s mc nh ca n. Di y l mt s dng lnh thng dng To File ni quy t mt Text File root@localhost#: /usr/TSS/bin/twadmin -m P policy.txt Khi to c s d liu theo File ni quy chnh:

root@localhost#: /usr/TSS/bin/tripwire -init Hin th c s d liu: root@localhost#: /usr/TSS/bin/twprint -m d To thng bo kt qu theo ngy: root@localhost#: /usr/TSS/bin/tripwire -m c -t 1 -M Cp nht c s d liu theo File ni quy v bo co hng ngy: root@localhost#: /usr/TSS/bin/tripwire --update --polfile policy/tw.pol \ --twrfile report/<hostname>-<date>.twr 5) S dng giao thc SSH Nu c th ti khuyn bn ln cho Service "Telnet" ngh hu v thay vo bng Service "SSH". Mc d Telnet rt tuyt nhng n li khng cung cp kh nng m ho d liu trn ng truyn, iu g s xy ra khi c mt Sniffer t u trn ng truyn. ci t OpenSSH bn cn Down gi *.rpm t Site ca hng cung cp phin bn Linux m bn ang dng v. Vic ci t t gi *.rpm kh n gin, ti khng cp n. Lu : Nh Down v ci thm OpenSSL, bi hot ng OpenSSH cn mt s Lib ca OpenSSL. Chi tit v vic s dng OpenSSH bn c th tham kho bi vit "Open SSH" ca ti http://www.polarhome.com/~vicki V cn bn OpenSSH s dng nhng Public Key m bo s an ton. Public Key c cp pht cho bt c h thng no m bn mun truyn thng an ton: host2$ ssh-keygen Generating RSA keys: ...ooooooO....ooooooO Key generation complete. Enter file in which to save the key (/home/binhnx2000/.ssh/identity): Created directory '/home/binhnx2000/.ssh'. Enter passphrase (empty for no passphrase): <passphrase> Enter same passphrase again: <passphrase> Your identification has been saved in /home/binhnx2000/.ssh/identity. Your public key has been saved in /home/binhnx2000/.ssh/identity.pub. The key fingerprint is: ac:42:11:c8:0d:b6:7e:b4:06:6a:a3:a7:e8:2c:b0:12 binhnx2000@host2 Tip n Copy cc Key s dng: host2$ mkdir -m 700 ~dave/.ssh host2$ cp /mnt/floppy/identity.pub ~binhnx2000/.ssh/authorized_keys By gi t h thng ca bn, nu mun Login vo h thng ny ch vic pht lnh: root@localhost$ ssh host2 Enter passphrase for RSA key 'binhnx2000@localhost': <passphrase>

Last login: Sat Aug 15 17:13:01 2000 from localhost No mail. host2$ Ngoi kh nng cung cp Shell Login an ton, OpenSSH cn cung cp cho bn cng c Copy v FTP mt cch an ton. Chng khi ti mun Copy file t h thng ca mnh sang mt h thng khc c chp nhn: root@localhost$ scp /tmp/file.tar.gz host2:/home/binhnx2000 Enter passphrase for RSA key 'binhnx2000@localhost: file.tar.gz 100% |***************************| 98304 00:00 Nu c th ln hng dn v khuyn khch cc User trn h thng ca bn s dng: OpenSSH thay cho Telnet v FTP.

6) S dng TCP Wrappers Trc khi Server FTP c chy. u tin tcpd s xc nh nhng a ch ngun c cho php, cc kt ni s c gi n Syslog i chiu sau ny. Nu bn mun v hiu ho tt c cc Service, bn ch vic thm dng sau vo File /etc/host.denny ALL:ALL gi E-mail n nh qun tr h thng v thng bo nhng ln kt ni b tht bi, bn thm vo cc dng sau: ALL: ALL: /bin/mail \ -s %s connection attempt from %c admin@mydom.com Nu bn mun cho php nhng a ch tin cy chy nhng dch v m h c php, bn hy chnh sa ni dung File /etc/host.allow sshd: magneto.mydom.com, juggernaut.mydom.com in.ftpd: 192.168.1. m bo an ton bn ln kim sot v iu khin qu trnh truy nhp mt cch cn thn hn. S dng tcpdchk kim tra s truy nhp File, s dng Syslog ghi li nhng ln ng nhp tht bi...Bn ln iu khin s truy nhp cho h thng ca mnh theo nguyn tc: S truy cp ch c thc hin khi Client/Deadmon c a ch ph hp vi ni dung c cho php trong /etc/hosts.allow 7) S dng ch bo mt mc nh ca Kernel Trong Kernel ca mt s h thng Linux mi hin gi c cu hnh sn mt vi Rules chun vi mc ch cung cp nhng thng s cn bn nht cu hnh cho h thng dnh cho nhng Admin khng c nhiu kinh nghim v bo mt h thng. Cc File v thng s thng c cha /proc/sys. V cn bn giao thc IPV4, bn trong /proc/sys/net/ipv4 cung cp cc tnh nng cn bn: icmp_echo_ignore_all: V hiu ho tt c cc yu phn hi ICMP ECHO. S dng tu chn ny nu nh bn khng mun h thng ca mnh tr li cc yu cu Ping.

icmp_echo_ignore_broadcasts: V hiu ho tt c cc yu cu phn hi ICMP ECHO trn Broadcast v Multicast. Tu chn ny c s dng ngn chn nguy c h thng ca bn c th b li dng khai thc cho nhng cuc tn cng DDOS. ip_forward: Cho php hay khng cho php s chuyn tip IP gia cc giao din mng trong h thng ca bn. Tu chn ny c s dng khi bn mun Server ca mnh hot ng nh Router. ip_masq_debug: Kch hot hay v hiu ho qu trnh g li cho IP Masquerading tcp_syncookies: Tu chn ny c s dng bo v h thng ca bn chng cc cuc tn cng s dng k thut ngp SYN tng gy kinh hong mt thi trn Internet. rp_filter: Chng thc v xc nh a ch IP ngun hp l. Tu chn ny c s dng bo v h thng ca bn chng li cc cuc tn cng gi mo a ch IP "IP Spoof". secure_redirects: Ch chp nhn chuyn tip nhng thng ip ICMP cho nhng Gateway tin tng trong danh sch. log_martians: Ghi li nhng Packet khng c x l b Kernel. accept_source_route: Xc nh xem liu c phi nhng Source Routed Packet c chp nhn hay t chi. an ton bn ln v hiu ho tnh nng ny. Trong h thng Redhat, /etc/sysctl.conf cha thng tin v nhng thit b mc nh c x l ngay khi khi ng h thng, nhng thng s c c, iu khin v thc thi bi /usr/bin/sysctl. Nu bn mun v hiu ho tnh nng "ip_foward" n gin bn ch vic s dng lnh: root@localhost# echo 0 > /proc/sys/net/ipv4/ip_forward Tng t kch hot tnh nng no bn ch vic thay gi tr "0" bng "1" 8) Bo mt cho Apache Server Cc thng tin v s hot ng Apache Server /etc/httpd/conf/httpd.conf. By gi chng ta cng xem xt ni dung ca n. Listen 127.0.0.1:80 S dng thng s trn v hiu ho ton b s truy cp vo h thng File khng c cho php bi k tn cng. v hiu mc ti thiu cc thng tin v Server c th b r ra ngoi khi k tn cng s dng k thut chp Banner. N c dng rt rng ri trn cc h thng ln. <Directory /> Options None AllowOverride None Order deny,allow

Deny from all </Directory> By gi n phn gii hn nhng a ch IP c php, khng c php. Bn c file /etc/httpd/conf/access.conf : <Directory /home/httpd/html> # Deny all accesses by default Order deny,allow # Allow access to local machine Allow from 127.0.0.1 # Allow access to entire local network Allow from 192.168.1. # Allow access to single remote host Allow from 192.168.5.3 # Deny from everyone else Deny from all </Directory> an ton bn ln s dng mt khu chng thc cho vic truy cp n tp tin /etc/httpd/conf/access.conf (tp tin cha ng thng tin cho php, khng cho php gii hn cc IP truy cp): <Directory /home/httpd/html/protected> Order Deny,Allow Deny from All Allow from 192.168.1.11 AuthName Private Information AuthType Basic AuthUserFile /etc/httpd/conf/private-users AuthGroupFile /etc/httpd/conf/private-groups require group <group-name> </Directory> ToFile cha thng tin v ngi c php truy nhp vo khu vc trn bng lnh "htpasswd". Chng hn nh bn mun add vo danh sch nhng User c php truy nhp vo khu vc trn: root@localhost# htpasswd -cm /etc/httpd/conf/private-users binhnx2000 New password: <password> Re-type new password: <password> Adding password for user binhnx2000 ng qun Set quyn hn hp l cho n: root@localhost# chmod 700 /etc/httpd/conf/private-users root@localhost# chown root /etc/httpd/conf/private-users Khi ng li Apache Server v kim tra xem n lm vic cha ? Nu bn mun Add thm User vo file private-user...Bn c th s dng nguyn cu lnh trn nhng b i tu chn "c" 9) Bo mt cho DNS Server (BIND Server)

Zone Transfer phi c cho php bi Master Name Server vi mc ch cp nht nhng thng tin trn Slave Server. Cc yu cu phc v DNS tht bi c th l ra thng tin v nhng IP v Hostname ca nhng ngi s dng khng hp php. Cho l do ny, bn cn hn ch nhng phn hi trn Domain Public: // Allow transfer only to our slave name server. Allow queries // only by hosts in the 192.168.1.0 network. zone mydomain.com { type master; file master/db.mydomain.com; allow-transfer { 192.168.1.6; }; allow-query { 192.168.1.0/24; }; }; V hiu ho v ngn chn vic r r thng tin t DNS Server: // Disable the ability to determine the version of BIND running zone bind chaos { type master; file master/bind; allow-query { localhost; }; }; b xung thm tnh nng bo mt cho DNS Server. File ./master/bind cha ng thng tin: $TTL 1d @ CHAOS SOA localhost. root.localhost. ( 1 ; serial 3H ; refresh 15M ; retry 1W ; expire 1D ) ; minimum NS localhost. iu khin v ch nh r giao din mng phc v cho DNS Server. Vic hn ch nhng giao din mng khng cn thit c th gim bt nguy c tn cng vo DNS Server ca bn: listen-on { 192.168.1.1; }; S dng User Access Control List iu khin s truy cp, sa i cho nhng ngi s dng ng ng tin cy trn phm v mng: acl internal { { 192.168.1.0/24; 192.168.2.11; }; }; Thip lp User ca DNS Server nh mt User bnh thng trn h thng ca bn. Khng ln thit lp cho n nhiu c quyn...Trnh tnh trng n s c th b k tn cng li dng thc thi cc cuc tn cng "Get Root" root@localhost# useradd -M -r -d /var/named -s /bin/false named root@localhost# groupadd -r named 10) Bo mt cho Syslog

Syslog c v nh mt Camera ghi li gn nh ton b hot ng. Nu l mt Admin chc ti khng phi nu ln chc nng v tm quan trng thc s ca Syslog. Cc thng s hot ng ca Syslog kh d hiu v c cu hnh /etc/syslog.conf, di y l mt phn ca File cu hnh: # Monitor authentication attempts auth.*;authpriv.* /var/log/authlog # Monitor all kernel messages kern.* /var/log/kernlog # Monitor all warning and error messages *.warn;*.err /var/log/syslog # Send a copy to remote loghost. Configure syslogd init # script to run with -r -s domain.com options on log # server. Ensure a high level of security on the log # server! *.info @loghost auth.*;authpriv.* @loghost C l ti s khng nu ln ton b nhng tnh nng ca Syslog, ci ny bn c th t tm hiu. Ti ch nu qua cch thc gip bn bo v ni dung ca Syslog. Trnh tnh trng n b chnh sa bi k tn cng. Bn cn hn ch s truy cp n th mc, File ca Syslog i vi nhng User bnh thng: root@localhost# chmod 751 /var/log /etc/logrotate.d root@localhost## chmod 640 /etc/syslog.conf /etc/logrotate.conf root@localhost## chmod 640 /var/log/*log

10) Mt s kinh nghim Di y l mt s kinh nghim vn vt m ti thu lm c sau khi l la mt vi Site/Forum chuyn v Security Unix/Linux. Ti quyt nh s tng hp chng v vit li mt cch d hiu nht. S lng cc Bug c pht hin ngy cng nhiu. AutoRPM (Redhat) v app-get (Debian) c chc nng theo di v t ng Down xung cc bn Update, Patch ca Package t Server ca nh cung cp. Ti ngh tnh nng ny rt hu ch cho h thng ca bn. Nu c th ti khuyn bn ln b nhiu thi gian quan tm n h thng ca mnh hn, bn c th ng k vo danh sch cc Mail List chuyn v Bug, Security... ch ng hn trong cc tnh hung. Ci t mt vi chng trnh Scanner nhanh gn nh nmap chng hn. N c th Scan cng khai, Port, Service, OS...n trn 2 giao thc TCP/UDP...Rt tin li. Bn cng ng qun c mt c ch bo v hp l cho LiLo (trnh qun l khi ng trn Linux). Thit lp mt c ch chng thc quyn hn hp l bng cch thm nhng dng sau vo File /etc/lilo.conf:

/sbin/lilo: image = /boot/vmlinuz-2.2.17 label = Linux read-only restricted password = your-password Kernel OpenWall t ra rt hu ch trong vic ngn nga cc cuc tn cng trn b m Buffer Overflow, cnh bo, ngn chn v hn ch nhng s thay i c thc hin bi cc User trn h thng ca bn. s dng Kernel OpenWall bn phi Compli li Kernel. m bo rng cc thng tin v thi gian trn h thng ca bn phi hon ton chnh xc v hp l. S c rt nhiu rc ri xy ra khi thi gian trn h thng ca bn khng chnh xc. N s gy rt nhiu kh khn cho vic kim ton h thng sau ny: Nh phn tch ni dung, s kin ca cc Log File chng hn. m bo thi gian trn h thng ca bn lun chnh xc. Bn ch vic Add thm vo Crontab mt lnh vi chc nng i chiu, so snh thi gian trn h thng ca bn vi mt Host Time chun: 0-59/30 * * * * root /usr/sbin/ntpdate -su time.timehost.com S dng Sudo thit lp quyn hn thc hin cu lnh ca User trn h thng ca bn. C th thit lp quyn hn cho mt User bnh thng thc hin cc lnh nh root. Tip bn c th dng chnh User ny iu khin h, qun h thng ca bn m khng cn phi s dng n Acc root. Mc d nhng li ch m Sudo em li l rt ln, nhng nu khng c cu hnh mt cch cn thn. Sudo c th ph v hon ton khi nim phn quyn, cp vn c coi l yu t to ln sc mnh ca Unix/Linux ng qun chn cho mnh mt Antivirus thch hp. N c nhim v qut, cnh bo, ngn chn, tiu dit cc Virus khi chng c nh tn cng vo h thng ca bn. Mc d kh nng b tn cng bi Virus trn Linux l rt t nhng khng phi khng c. Li ch to ln thc s m cc Antivirus em li cho bn c l l vic n s pht hin v ngn chn cc Virus ngay t Mail Server ca bn trc khi ngi s dng nhn c chng. H thng ca bn c th s dng Unix/Linux, nhng u phi tt c cc User trong h thng ca bn u s dng Unix/Linux ? Nu nh khng mun ni rng 90 % h s dng Windows. Hay trng hp cc User c mun Up ln Server ca bn cc Script, Tools c nh: PHP Bomb, CGI Telnet, DDOS Zombine...Tt c chng u c lit vo hng Malicious Code v c th d dng b pht hin bi Antivirus. C rt nhiu Antivirus nhng bn thn ti thch s dng Kapersky Antivirus (KAVP) nht. Tht l thiu xt nu nh khng nhc n 2 "bo k" tin cy ca hu ht cc mng my tnh. l tng la (Firewall) v h thng d xm nhp (Network Instrution Detection). Trn mi trng Unix/Linux c rt nhiu Soft loi ny. Nhng c l c 2 ng k c s dng kh rng ri v tnh an ton v s ph cp l: Ipchains/Iptables (Firewall) v Snort (Network Instrution Detection)... vit chi tit v t m v Firewall v Network Instrution Detection th c l khng bit s phi tn bao nhiu trang Do khun kh ca bi vit, vi mc ch im qua cc ch mc v bo mt cn lu ln ti khng th no hng dn c th cch ci t, cu hnh, s dng cc Tools/Soft nu nh: Sudo, Ipchains/Iptables, Snort, OpenSSH...Mong cc bn thng cm. P/S: Trc thi im khi bi vit ny c hon thnh...Ti hon thnh xong cc bi vit chi tit hng dn s dng chng. Ti s xem xt v Update trc tip n vo ti liu ny trong thi gian sm nht. Mt s File v Security cn lu trong Unix/Linux:

V Tr /var/log /var/log/message /etc/crontab /etc/syslog.conf /etc/logrotate.conf /var/log/wtmp /var/log/lastlog /etc/ftpusers /etc/passwd /etc/shadow /etc/pam.d /etc/hosts.allow /etc/hosts.denny /etc/lilo.conf /etc/securetty /etc/shutdown.allow /etc/security /etc/rc.d/init.d /etc/init.d /etc/sysconfig /etc/inetd.conf /etc/cron.allow /etc/cron.denny /etc/ssh

Permission 751 644 600 640 640 660 640 600 644 600 750 600 600 600 600 400 700 750 750 751 600 400 400 750

Chc Nng Thc mc cha tt c Log File ca h thng Nhng thng bo ca h thng Th mc cha cc File lin quan n Crontab File cu hnh ca Syslog File cu hnh iu khin s lun phin ca cc File Log Hin th thng tin v nhng ai Logged vo h thng Ai Log vo h thng trc y Danh sch nhng User khng c php s dng FTP Danh sch cc User trn h thng Danh sch cc Password c m ho cho cc User File cu hnh cho PAM File iu khin s cho php cc a ch, Host File iu khin s ngn cn cc a ch, Host File cu hnh trnh qun l khi ng trn Linux TTY Interface m root c php ng nhp Danh sch nhng User c php s dng t hp phm: Ctrl + Alt File thit lp quy tc an ton chung cho h thng Th mc cha cc File chng trnh khi ng cng h thng (Redhat) Th mc cha cc File chng trnh khi ng cng h thng (Debian) Th mc cha cc File cu hnh h thng v Network (Redhat) File nh ngha cc Service trn h thng Danh sch cc User c php s dng Cron Danh sch cc User khng c php s dng Cron Thng tin cu hnh SSH

11) Ngun cc Secuurity Tools c a chung trn Linux. Ipchains/Iptables Firewall http://www.iptbales.org/ Open SSH Secure Remote Access Tool http://www.openssh.com/ Nmap Port Scanner http://www.insecure.org/nmap

 Sudo Root Access Control Tool http://www.sudo.ws/ Snort Network Intrusion Detection System http://www.snort.org/ Tripwire File Integrity Tool http://www.tripwiresecurity.com/ OpenWall Security Project http://www.openwall.com/ Network Time Protocol information http://www.ntp.org/ Kapersky AntiVirus Pro http://www.avp.ch 12) Li kt Security lun l mt lnh vc nng bng, cuc chin dai dng gia cc Admin v Intruder dng nh khng bao gi kt thc. Bn cng b nhiu thi gian, c nhng chnh sch bo mt hp l cho h thng ca mnhTh kh nng b tn cng cng thpTuy nhin t l thp khng c ngha l khng th xy ra. Khng c mt Firewall, Security Tools no c coi l an ton mt cch tuyt i. Con ngi lun lun l yu t quyt nh tt c. Nh ni phn u, y ch l Version Demo ca ti liu. Thiu xt l iu khng th trnh khi, rt mong nhn c s gp v ch bo thng thn t pha cc bn. Bn c th lin h vi ti: My E-mail: binhnx2000@yahoo.com My GPG Public Key: http://www.polarhome.com/~binhnx/contact/binhnx2000.asc My Site & Group: http://www.vieteam.com/ (VTF Forum) http://www.polarhome.com/~vicki (Vicki Group H/C/A) http://binhnx.hypermart.net/ (My Site)