Security On Linux System

Power by: N.X.Bi O==(=========> ^($)^ Supporter Of VTF)

(E-mail: binhnx2000@yahoo.com | Home: http://www.vieteam.com/)

M u: Ti l mt Fan ca Linux, mt ngi yu thch Security. Ti rt thch Linux, c bit l

kh nng tuyt vi ca n. Ti vit ti liu ny ch vi mc ch mun chia s vi mi ngi mt
cht hiu bit t i ca ti v Security Linux...Khng h c bt c mc ch no khc. Nhng g
ti chia s trong ti liu ny u c ngun gc t cc: Magazine, Book, Site, Forum, List...v
Linux Security trn th gii. Nhng g ti cm thy hay v thc s c ch, ti thc hnh th v
tm cch ghi li mt cch ngn gn d hiu nht trong ti liu ny. Thiu xt l iu khng th
trnh khi, rt mong nhn c s gp v ch bo thng thn t pha cc bn. y ch l
Version Demo ca ti liu. Nu nhn c s ng h, n nhn nhit tnh cng nh s gp v
gip thng thn t pha cc bn. Ti s tip tc hon thin ti liu ny phc v mi ngi
mt cch tt hn.
Bn c th tham gia din n trao i, tho lun v Unix/Linux vi chng ti :
http://www.vieteam.com/vtf (Unix/Linux Section)
Lu : Bi vit ny ch mang tnh cht hc hi v trao i kinh nghimCc bn c th t do s
dng n, nhng mong cc bn tn trng Copright mt cht. Khi cn trch dn ch no trong ti
liu. Vui lng ghi r ngun v tn ngi vitRt cm n bn quan tm n bi vit ca ti.
1) V s phn cp, quyn hn, s hu cho File
S phn cp, quyn v s s hu r rng n gin to ln sc mnh bo mt ca
Unix/Linux. Vn u tin m chng ta cn kim tra c l l s phn cp, quyn hn, s hu
cc File trn h thng ca bn. Nu khng c cu hnh mt cch chnh xc iu ny ht sc
nguy him. Cho l do ny bn ln thng xuyn kim ton h thng File trn Server ca bn.
c bit ln ch n ID ca root. C mt s chng trnh cho php ngi s dng trn h
thng ca bn c th t do Set UID m khng cn root. Chc ti khng cn ni, bn cng bit l
phi lm g vi cc chng trnh loi ny ri ch ? By gi chng ta tm cc File c s phn cp,
quyn hn khng n nh trn h thng ca bn v sau iu chnh li gi tr an ton cho
chng:
root@localhotst# find / -type f -perm +6000 -ls
59520 30 -rwsr-xr-x 1 root root 30560 Apr 15 1999 /usr/bin/chage
59560 16 -r-sr-sr-x 1 root lp 15816 Jan 6 2000 /usr/bin/lpq
root@localhotst# chmod -s /usr/bin/chage /usr/bin/lpq
root@localhotst# ls -l /usr/bin/lpq /usr/bin/chage
-rwxr-xr-x 1 root root 30560 Apr 15 1999 /usr/bin/chage
-r-xr-xr-x 1 root lp 15816 Jan 6 2000 /usr/bin/lpq
Cc dng lnh trn tm cc File c UID root hay tng ng root. Tip gn thuc tnh ch
cho php root mi c quyn thc thi n.

Chng ta tip tc tm nhng File cho php ghi li trn h thng ca bn. iu g s xy ra nu k
tn cng c th t do thay i ni dung cc File ?
root@localhost# find / -perm -2 ! -type l -ls
Trong cc thao tc bnh thng vic ghi, thay i ni dung File thng c thc hin cc th
mc nh /dev v /tmp...Nu bn thy cc th mc khc m cc File li c th t do ghi li
c th c l l c vn ny sinh ri .
Bn cng ln quan tm n cc File khng c ch s hu (khng thuc bt c User hay Group
no). Tt nhin l khng ai s hu chng th k tn cng rt c th s s hu chng ;-( tm
cc File khng c ch s hu bn dng lnh:
root@localhost# find / -nouser -o -nogroup
Vi vic s dng lnh "lsattr" v "chattr" bn c th thay i c tnh cho cc File v th mc
di cp cao cp ca mt qun tr h thng nh kh nng iu khin qu trnh xo File, thay
i File v vi nhng tnh nng khc m lnh "chmod" khng th thc hin c.
Vic cp pht quyn hn s hu cho File theo mt quy tc thng nht, trong sut, khng thay
i...T ra c hiu qu c bit trong vic ngn chn qu trnh xo, thay i cc tp tin Log ca
k tn cng, hay vic ci t Trojan vo nhng File nh phn Binnary trn h thng ca bn.
Lnh "chattr" c s dng gn hay g b quyn hn s hu cho File, th lnh "lsattr" c
s dng lit k chng.
Cc File Log cn phi c bo v mt cch hp l. Khi d liu c ghi vo File Log mt ln,
n s khng th c php chnh sa hay thay i. S d c nhu cu ny, bi hin ti c rt
nhiu Script cho php k tn cng tn cng xo b, chnh sa ni dung trn File Log. xit
cht hn an ton cho File Log chng ta cn s dng lnh "chattr" v "lsattr" vi mt vi i
tng:
root@localhost# chattr +i /bin/login
root@localhost# chattr +a /var/log/messages
root@localhost# lsattr /bin/login /var/log/messages
----i--- /bin/login
-----a-- /var/log/messages
Tm li! sau phn ny bn ln ch : Khng bao gi cho php ngi s dng c php chy
cc chng trnh Set UID, hay nhng chng trnh khc c c quyn nh root trn Home
Directory ca bn. Lun kim ton v quan tm n h thng File trn Server ca bn, c bit l
vi nhng loi File c nguy c cao nu trn.
- Bn ln s dng tu chn nouid trong /etc/fstab cho php s chnh sa ghi li cc khu
vc nh vi tng ngi s dng.
- Tnh nng noexec v nodev cho cc File trong Home Directory ca ngi dng khng cho
php h t ng thc thi cc chng trnh hay to cc thit b Block.

2) V hiu ho cc Service khng s dng

trnh tnh trng "m di lm mng" bn ln v hiu ho v g b nhng chng trnh,
Service khng dng n trn h thng ca mnh. Bn c th s dng cc cng c qun l

hin th danh sch nhng gi phn mm no c ci t thc hin vic ny (Redhat

Package Manager - Linux )
V c bn! cc Service c nh ngha hot ng bi inetd (trn mt s h thng Linux mi n
c th l xinetd). Ni dung Service c nh ngha hot ng bi inetd c cha
/etc/inetd.conf . Mi Service c nh ngha ng sau k t "#"...Bn c th v hiu ho
Service khng s dng.
Th mc /etc/rc*.d v /etc/rc.d/rc* l ni cha cc Shell Script v cc thng s iu khin s
thc hin ca Network v Service trong sut thi gian n hot ng. Bn c th xo b ht
nhng th lin quan n nhng Service m bn khng cn s dng. i vi h thng Redhat,
SuSE, Mandrake...bn c th s dng lnh:
root@localhost#chkconfig --list
root@localhost#chkconfig --del <name>
hin th nhng Service no ang hot ng v xo b Service no m bn mun. Bn mun
kim tra xem Service no thc s c g b khi h thng cha ?
/bin/netstat -a -p --inet
Trn Redhat, SuSE, Mandrake...chng trnh c s dng qun l cc gi phn mm l
/bin/rpm (Redhat Package Manager). Trn Debian l /usr/bin/dpkg (Debian Package ). Di
y l mt s dng lnh c bn c dng qun l cc gi phn mm. Dng u s l rpm
v dng th hai s l dpkg:
G b mt gi phn mm:
root@localhost# rpm -e <package-name>
root@localhost# dpkg -r <package-name>
Lit k danh sch nhng gi c ci t:
root@localhost# rpm -qvl <package-name.rpm>
root@localhost# dpkg -c <package-name.deb>
Lit k danh sch nhng gi c ci t vi thng tin chi tit cho mi gi:
root@localhost# rpm -qvia
root@localhost# dpkg -l
Lit k thng tin chnh xc cc File ca gi c ch nh:
root@localhost# rpm -qvpl <package-name.rpm>
root@localhost# dpkg -c <package-name.deb>
Hin th thng tin v mt gi phn mm:
root@localhost# rpm -qpi <package-name.rpm>
root@localhost# dpkg -I <package-name.deb>
Kim tra tnh ton vn cho mt gi phn mm:

root@localhost# rpm -Va

root@localhost# debsums -a
Ci t mt gi phn mm mi:
root@localhost# rpm -Uvh <package-name.rpm>
root@localhost# dpkg -i <package-name.deb>

3) S kim tra tnh ton vn ca cc gi phn mm

Lnh "md5sum" s dng thut ton 128 bit xc nh chui Finger Print ca mt gi phn
mm. Vi mc ch m bo s ton vn ca cc gi phn mm t nh cung cp n ngi s
dng. N c th cho ta bit v s thay i ca cc gi phn mm trn h thng ca bn.
root@localhost# md5sum package-name
995d4f40cda13eacd2beaf35c1c4d5c2 package-name
C l bn vn cha hiu c li ch thc s ca "md5sum" trong th gii bo mt. Ti s ly
mt v d n gin. Khi k tn cng t nhp c vo h thng ca bn, chng s ci t v
s dng cc Rootkit. Thc cht l cc chng trnh thng dng ca Admin nh: netstat, ps,
ls... c chnh sa cho ra thng tin sai che mt bn. Vy lm th no bit c iu
ny ?
Chng hn nh chui MD5 mc nh ca "netstat" khi ci t h thng SuSE Linux ca ti l
"995d4f40cda13eacd2beaf35c1c4d5c2"
By gi khi ti chy "md5sum" vi "netstat" :
root@localhost# md5sum /usr/bin/netstat
995d4f40cda13eacd2beaf35c1c7d8c1 /usr/bin/netstat
Thng tin v chui khng khp nhau, iu g xy ra vy ? Cu tr li ny dnh cho bn.
4) S dng Tripwire
Tripwire mt chng trnh theo di nhm m bo tnh ton vn ca File bi vic duy tr s hot
ng ca mt c s d liu nhng File c ci t trn h thng...Cng nh s cnh bo khi
chng c s thay i.
Khi ci t Tripwire s c, thu thp thng tin v trng thi cc File trn h thng ca bn v ghi
chng vo mt c s d liu. Sau ny khi Tripwire chy n s i chiu cc FIle trn h thng
ca bn vi c s d liu chun. Nu c s thay i n s thng bo cho bn.
C mt File chnh c s dng cu hnh hot ng tng th cho Tripwire. Thng thng vi
thng s mc nh n cng t ra kh hiu qu. Nu nh bn khng rnh v Tripwire, bn ln
s dng thng s mc nh ca n. Di y l mt s dng lnh thng dng
To File ni quy t mt Text File
root@localhost#: /usr/TSS/bin/twadmin -m P policy.txt
Khi to c s d liu theo File ni quy chnh:

root@localhost#: /usr/TSS/bin/tripwire -init

Hin th c s d liu:
root@localhost#: /usr/TSS/bin/twprint -m d
To thng bo kt qu theo ngy:
root@localhost#: /usr/TSS/bin/tripwire -m c -t 1 -M
Cp nht c s d liu theo File ni quy v bo co hng ngy:
root@localhost#: /usr/TSS/bin/tripwire --update --polfile policy/tw.pol \
--twrfile report/<hostname>-<date>.twr
5) S dng giao thc SSH
Nu c th ti khuyn bn ln cho Service "Telnet" ngh hu v thay vo bng Service "SSH".
Mc d Telnet rt tuyt nhng n li khng cung cp kh nng m ho d liu trn ng
truyn, iu g s xy ra khi c mt Sniffer t u trn ng truyn.
ci t OpenSSH bn cn Down gi *.rpm t Site ca hng cung cp phin bn Linux m bn
ang dng v. Vic ci t t gi *.rpm kh n gin, ti khng cp n.
Lu : Nh Down v ci thm OpenSSL, bi hot ng OpenSSH cn mt s Lib ca
OpenSSL.
Chi tit v vic s dng OpenSSH bn c th tham kho bi vit "Open SSH" ca ti
http://www.polarhome.com/~vicki
V cn bn OpenSSH s dng nhng Public Key m bo s an ton. Public Key c cp
pht cho bt c h thng no m bn mun truyn thng an ton:
host2$ ssh-keygen
Generating RSA keys: ...ooooooO....ooooooO
Key generation complete.
Enter file in which to save the key (/home/binhnx2000/.ssh/identity):
Created directory '/home/binhnx2000/.ssh'.
Enter passphrase (empty for no passphrase): <passphrase>
Enter same passphrase again: <passphrase>
Your identification has been saved in /home/binhnx2000/.ssh/identity.
Your public key has been saved in /home/binhnx2000/.ssh/identity.pub.
The key fingerprint is:
ac:42:11:c8:0d:b6:7e:b4:06:6a:a3:a7:e8:2c:b0:12 binhnx2000@host2
Tip n Copy cc Key s dng:
host2$ mkdir -m 700 ~dave/.ssh
host2$ cp /mnt/floppy/identity.pub ~binhnx2000/.ssh/authorized_keys
By gi t h thng ca bn, nu mun Login vo h thng ny ch vic pht lnh:
root@localhost$ ssh host2
Enter passphrase for RSA key 'binhnx2000@localhost': <passphrase>

Last login: Sat Aug 15 17:13:01 2000 from localhost

No mail.
host2$
Ngoi kh nng cung cp Shell Login an ton, OpenSSH cn cung cp cho bn cng c Copy v
FTP mt cch an ton. Chng khi ti mun Copy file t h thng ca mnh sang mt h thng
khc c chp nhn:
root@localhost$ scp /tmp/file.tar.gz host2:/home/binhnx2000
Enter passphrase for RSA key 'binhnx2000@localhost:
file.tar.gz 100% |***************************| 98304 00:00
Nu c th ln hng dn v khuyn khch cc User trn h thng ca bn s dng: OpenSSH
thay cho Telnet v FTP.

6) S dng TCP Wrappers

Trc khi Server FTP c chy. u tin tcpd s xc nh nhng a ch ngun c cho
php, cc kt ni s c gi n Syslog i chiu sau ny. Nu bn mun v hiu ho tt
c cc Service, bn ch vic thm dng sau vo File /etc/host.denny
ALL:ALL
gi E-mail n nh qun tr h thng v thng bo nhng ln kt ni b tht bi, bn thm vo
cc dng sau:
ALL: ALL: /bin/mail \
-s %s connection attempt from %c admin@mydom.com
Nu bn mun cho php nhng a ch tin cy chy nhng dch v m h c php, bn hy
chnh sa ni dung File /etc/host.allow
sshd: magneto.mydom.com, juggernaut.mydom.com
in.ftpd: 192.168.1.
m bo an ton bn ln kim sot v iu khin qu trnh truy nhp mt cch cn thn hn.
S dng tcpdchk kim tra s truy nhp File, s dng Syslog ghi li nhng ln ng nhp
tht bi...Bn ln iu khin s truy nhp cho h thng ca mnh theo nguyn tc:
S truy cp ch c thc hin khi Client/Deadmon c a ch ph hp vi ni dung c cho
php trong /etc/hosts.allow
7) S dng ch bo mt mc nh ca Kernel
Trong Kernel ca mt s h thng Linux mi hin gi c cu hnh sn mt vi Rules chun vi
mc ch cung cp nhng thng s cn bn nht cu hnh cho h thng dnh cho nhng
Admin khng c nhiu kinh nghim v bo mt h thng. Cc File v thng s thng c
cha /proc/sys. V cn bn giao thc IPV4, bn trong /proc/sys/net/ipv4 cung cp cc tnh
nng cn bn:
icmp_echo_ignore_all: V hiu ho tt c cc yu phn hi ICMP ECHO. S dng tu chn
ny nu nh bn khng mun h thng ca mnh tr li cc yu cu Ping.

icmp_echo_ignore_broadcasts: V hiu ho tt c cc yu cu phn hi ICMP ECHO trn

Broadcast v Multicast. Tu chn ny c s dng ngn chn nguy c h thng ca bn c
th b li dng khai thc cho nhng cuc tn cng DDOS.
ip_forward: Cho php hay khng cho php s chuyn tip IP gia cc giao din mng trong h
thng ca bn. Tu chn ny c s dng khi bn mun Server ca mnh hot ng nh
Router.
ip_masq_debug: Kch hot hay v hiu ho qu trnh g li cho IP Masquerading
tcp_syncookies: Tu chn ny c s dng bo v h thng ca bn chng cc cuc tn
cng s dng k thut ngp SYN tng gy kinh hong mt thi trn Internet.
rp_filter: Chng thc v xc nh a ch IP ngun hp l. Tu chn ny c s dng bo
v h thng ca bn chng li cc cuc tn cng gi mo a ch IP "IP Spoof".
secure_redirects: Ch chp nhn chuyn tip nhng thng ip ICMP cho nhng Gateway tin
tng trong danh sch.
log_martians: Ghi li nhng Packet khng c x l b Kernel.
accept_source_route: Xc nh xem liu c phi nhng Source Routed Packet c chp nhn
hay t chi. an ton bn ln v hiu ho tnh nng ny.
Trong h thng Redhat, /etc/sysctl.conf cha thng tin v nhng thit b mc nh c x l
ngay khi khi ng h thng, nhng thng s c c, iu khin v thc thi bi
/usr/bin/sysctl.
Nu bn mun v hiu ho tnh nng "ip_foward" n gin bn ch vic s dng lnh:
root@localhost# echo 0 > /proc/sys/net/ipv4/ip_forward
Tng t kch hot tnh nng no bn ch vic thay gi tr "0" bng "1"
8) Bo mt cho Apache Server
Cc thng tin v s hot ng Apache Server /etc/httpd/conf/httpd.conf. By gi chng ta
cng xem xt ni dung ca n.
Listen 127.0.0.1:80
S dng thng s trn v hiu ho ton b s truy cp vo h thng File khng c cho
php bi k tn cng. v hiu mc ti thiu cc thng tin v Server c th b r ra ngoi khi k
tn cng s dng k thut chp Banner. N c dng rt rng ri trn cc h thng ln.
<Directory />
Options None
AllowOverride None
Order deny,allow

Deny from all

</Directory>
By gi n phn gii hn nhng a ch IP c php, khng c php. Bn c file
/etc/httpd/conf/access.conf :
<Directory /home/httpd/html>
# Deny all accesses by default
Order deny,allow
# Allow access to local machine
Allow from 127.0.0.1
# Allow access to entire local network
Allow from 192.168.1.
# Allow access to single remote host
Allow from 192.168.5.3
# Deny from everyone else
Deny from all
</Directory>
an ton bn ln s dng mt khu chng thc cho vic truy cp n tp tin
/etc/httpd/conf/access.conf (tp tin cha ng thng tin cho php, khng cho php gii hn
cc IP truy cp):
<Directory /home/httpd/html/protected>
Order Deny,Allow
Deny from All
Allow from 192.168.1.11
AuthName Private Information
AuthType Basic
AuthUserFile /etc/httpd/conf/private-users
AuthGroupFile /etc/httpd/conf/private-groups
require group <group-name>
</Directory>
ToFile cha thng tin v ngi c php truy nhp vo khu vc trn bng lnh "htpasswd".
Chng hn nh bn mun add vo danh sch nhng User c php truy nhp vo khu vc
trn:
root@localhost# htpasswd -cm /etc/httpd/conf/private-users binhnx2000
New password: <password>
Re-type new password: <password>
Adding password for user binhnx2000
ng qun Set quyn hn hp l cho n:
root@localhost# chmod 700 /etc/httpd/conf/private-users
root@localhost# chown root /etc/httpd/conf/private-users
Khi ng li Apache Server v kim tra xem n lm vic cha ? Nu bn mun Add thm
User vo file private-user...Bn c th s dng nguyn cu lnh trn nhng b i tu chn "c"
9) Bo mt cho DNS Server (BIND Server)

Zone Transfer phi c cho php bi Master Name Server vi mc ch cp nht nhng thng
tin trn Slave Server. Cc yu cu phc v DNS tht bi c th l ra thng tin v nhng IP v
Hostname ca nhng ngi s dng khng hp php. Cho l do ny, bn cn hn ch nhng
phn hi trn Domain Public:
// Allow transfer only to our slave name server. Allow queries
// only by hosts in the 192.168.1.0 network.
zone mydomain.com {
type master;
file master/db.mydomain.com;
allow-transfer { 192.168.1.6; };
allow-query { 192.168.1.0/24; };
};
V hiu ho v ngn chn vic r r thng tin t DNS Server:
// Disable the ability to determine the version of BIND running
zone bind chaos {
type master;
file master/bind;
allow-query { localhost; };
};
b xung thm tnh nng bo mt cho DNS Server. File ./master/bind cha ng thng tin:
$TTL 1d
@ CHAOS SOA localhost. root.localhost. (
1 ; serial
3H ; refresh
15M ; retry
1W ; expire
1D ) ; minimum
NS localhost.
iu khin v ch nh r giao din mng phc v cho DNS Server. Vic hn ch nhng giao din
mng khng cn thit c th gim bt nguy c tn cng vo DNS Server ca bn:
listen-on { 192.168.1.1; };
S dng User Access Control List iu khin s truy cp, sa i cho nhng ngi s dng
ng ng tin cy trn phm v mng:
acl internal {
{ 192.168.1.0/24; 192.168.2.11; };
};
Thip lp User ca DNS Server nh mt User bnh thng trn h thng ca bn. Khng ln
thit lp cho n nhiu c quyn...Trnh tnh trng n s c th b k tn cng li dng thc
thi cc cuc tn cng "Get Root"
root@localhost# useradd -M -r -d /var/named -s /bin/false named
root@localhost# groupadd -r named
10) Bo mt cho Syslog

Syslog c v nh mt Camera ghi li gn nh ton b hot ng. Nu l mt Admin chc ti

khng phi nu ln chc nng v tm quan trng thc s ca Syslog.
Cc thng s hot ng ca Syslog kh d hiu v c cu hnh /etc/syslog.conf, di y
l mt phn ca File cu hnh:
# Monitor authentication attempts
auth.*;authpriv.* /var/log/authlog
# Monitor all kernel messages
kern.* /var/log/kernlog
# Monitor all warning and error messages
*.warn;*.err /var/log/syslog
# Send a copy to remote loghost. Configure syslogd init
# script to run with -r -s domain.com options on log
# server. Ensure a high level of security on the log
# server!
*.info @loghost
auth.*;authpriv.* @loghost
C l ti s khng nu ln ton b nhng tnh nng ca Syslog, ci ny bn c th t tm hiu.
Ti ch nu qua cch thc gip bn bo v ni dung ca Syslog. Trnh tnh trng n b chnh sa
bi k tn cng. Bn cn hn ch s truy cp n th mc, File ca Syslog i vi nhng User
bnh thng:
root@localhost# chmod 751 /var/log /etc/logrotate.d
root@localhost## chmod 640 /etc/syslog.conf /etc/logrotate.conf
root@localhost## chmod 640 /var/log/*log

10) Mt s kinh nghim

Di y l mt s kinh nghim vn vt m ti thu lm c sau khi l la mt vi Site/Forum
chuyn v Security Unix/Linux. Ti quyt nh s tng hp chng v vit li mt cch d hiu
nht.
S lng cc Bug c pht hin ngy cng nhiu. AutoRPM (Redhat) v app-get (Debian) c
chc nng theo di v t ng Down xung cc bn Update, Patch ca Package t Server ca
nh cung cp. Ti ngh tnh nng ny rt hu ch cho h thng ca bn. Nu c th ti khuyn
bn ln b nhiu thi gian quan tm n h thng ca mnh hn, bn c th ng k vo danh
sch cc Mail List chuyn v Bug, Security... ch ng hn trong cc tnh hung.
Ci t mt vi chng trnh Scanner nhanh gn nh nmap chng hn. N c th Scan cng
khai, Port, Service, OS...n trn 2 giao thc TCP/UDP...Rt tin li.
Bn cng ng qun c mt c ch bo v hp l cho LiLo (trnh qun l khi ng trn Linux).
Thit lp mt c ch chng thc quyn hn hp l bng cch thm nhng dng sau vo File
/etc/lilo.conf:

/sbin/lilo:
image = /boot/vmlinuz-2.2.17
label = Linux
read-only
restricted
password = your-password
Kernel OpenWall t ra rt hu ch trong vic ngn nga cc cuc tn cng trn b m Buffer
Overflow, cnh bo, ngn chn v hn ch nhng s thay i c thc hin bi cc User trn
h thng ca bn. s dng Kernel OpenWall bn phi Compli li Kernel.
m bo rng cc thng tin v thi gian trn h thng ca bn phi hon ton chnh xc v hp
l. S c rt nhiu rc ri xy ra khi thi gian trn h thng ca bn khng chnh xc. N s gy
rt nhiu kh khn cho vic kim ton h thng sau ny: Nh phn tch ni dung, s kin ca
cc Log File chng hn. m bo thi gian trn h thng ca bn lun chnh xc. Bn ch vic
Add thm vo Crontab mt lnh vi chc nng i chiu, so snh thi gian trn h thng ca
bn vi mt Host Time chun:
0-59/30 * * * * root /usr/sbin/ntpdate -su time.timehost.com
S dng Sudo thit lp quyn hn thc hin cu lnh ca User trn h thng ca bn. C th
thit lp quyn hn cho mt User bnh thng thc hin cc lnh nh root. Tip bn c th
dng chnh User ny iu khin h, qun h thng ca bn m khng cn phi s dng n
Acc root. Mc d nhng li ch m Sudo em li l rt ln, nhng nu khng c cu hnh mt
cch cn thn. Sudo c th ph v hon ton khi nim phn quyn, cp vn c coi l yu t
to ln sc mnh ca Unix/Linux
ng qun chn cho mnh mt Antivirus thch hp. N c nhim v qut, cnh bo, ngn chn,
tiu dit cc Virus khi chng c nh tn cng vo h thng ca bn. Mc d kh nng b tn
cng bi Virus trn Linux l rt t nhng khng phi khng c. Li ch to ln thc s m cc
Antivirus em li cho bn c l l vic n s pht hin v ngn chn cc Virus ngay t Mail
Server ca bn trc khi ngi s dng nhn c chng. H thng ca bn c th s dng
Unix/Linux, nhng u phi tt c cc User trong h thng ca bn u s dng Unix/Linux ?
Nu nh khng mun ni rng 90 % h s dng Windows. Hay trng hp cc User c mun
Up ln Server ca bn cc Script, Tools c nh: PHP Bomb, CGI Telnet, DDOS Zombine...Tt
c chng u c lit vo hng Malicious Code v c th d dng b pht hin bi Antivirus. C
rt nhiu Antivirus nhng bn thn ti thch s dng Kapersky Antivirus (KAVP) nht.
Tht l thiu xt nu nh khng nhc n 2 "bo k" tin cy ca hu ht cc mng my tnh.
l tng la (Firewall) v h thng d xm nhp (Network Instrution Detection). Trn mi trng
Unix/Linux c rt nhiu Soft loi ny. Nhng c l c 2 ng k c s dng kh rng ri v tnh
an ton v s ph cp l: Ipchains/Iptables (Firewall) v Snort (Network Instrution Detection)...
vit chi tit v t m v Firewall v Network Instrution Detection th c l khng bit s phi tn
bao nhiu trang
Do khun kh ca bi vit, vi mc ch im qua cc ch mc v bo mt cn lu ln ti
khng th no hng dn c th cch ci t, cu hnh, s dng cc Tools/Soft nu nh:
Sudo, Ipchains/Iptables, Snort, OpenSSH...Mong cc bn thng cm.
P/S: Trc thi im khi bi vit ny c hon thnh...Ti hon thnh xong cc bi vit chi
tit hng dn s dng chng. Ti s xem xt v Update trc tip n vo ti liu ny trong thi
gian sm nht.
Mt s File v Security cn lu trong Unix/Linux:

V Tr
/var/log

Permission
751

/var/log/message
/etc/crontab

644
600

/etc/syslog.conf
/etc/logrotate.conf

640
640

/var/log/wtmp

660

/var/log/lastlog
/etc/ftpusers

640
600

/etc/passwd
/etc/shadow

644
600

/etc/pam.d
/etc/hosts.allow

750
600

/etc/hosts.denny

600

/etc/lilo.conf

600

/etc/securetty

600

/etc/shutdown.allow

400

/etc/security

700

/etc/rc.d/init.d

750

/etc/init.d

750

/etc/sysconfig

751

/etc/inetd.conf
/etc/cron.allow

600
400

/etc/cron.denny

400

/etc/ssh

750

Chc Nng
Thc mc cha tt c Log File ca h
thng
Nhng thng bo ca h thng
Th mc cha cc File lin quan n
Crontab
File cu hnh ca Syslog
File cu hnh iu khin s lun phin ca
cc File Log
Hin th thng tin v nhng ai Logged
vo h thng
Ai Log vo h thng trc y
Danh sch nhng User khng c php
s dng FTP
Danh sch cc User trn h thng
Danh sch cc Password c m ho cho
cc User
File cu hnh cho PAM
File iu khin s cho php cc a ch,
Host
File iu khin s ngn cn cc a ch,
Host
File cu hnh trnh qun l khi ng trn
Linux
TTY Interface m root c php ng
nhp
Danh sch nhng User c php s dng
t hp phm: Ctrl + Alt
File thit lp quy tc an ton chung cho h
thng
Th mc cha cc File chng trnh khi
ng cng h thng (Redhat)
Th mc cha cc File chng trnh khi
ng cng h thng (Debian)
Th mc cha cc File cu hnh h thng
v Network (Redhat)
File nh ngha cc Service trn h thng
Danh sch cc User c php s dng
Cron
Danh sch cc User khng c php s
dng Cron
Thng tin cu hnh SSH

11) Ngun cc Secuurity Tools c a chung trn Linux.

Ipchains/Iptables Firewall
http://www.iptbales.org/
Open SSH Secure Remote Access Tool
http://www.openssh.com/
Nmap Port Scanner
http://www.insecure.org/nmap

 Sudo Root Access Control Tool

http://www.sudo.ws/
Snort Network Intrusion Detection System
http://www.snort.org/
Tripwire File Integrity Tool
http://www.tripwiresecurity.com/
OpenWall Security Project
http://www.openwall.com/
Network Time Protocol information
http://www.ntp.org/
Kapersky AntiVirus Pro
http://www.avp.ch
12) Li kt
Security lun l mt lnh vc nng bng, cuc chin dai dng gia cc Admin v Intruder dng
nh khng bao gi kt thc. Bn cng b nhiu thi gian, c nhng chnh sch bo mt hp l
cho h thng ca mnhTh kh nng b tn cng cng thpTuy nhin t l thp khng c
ngha l khng th xy ra. Khng c mt Firewall, Security Tools no c coi l an ton mt
cch tuyt i. Con ngi lun lun l yu t quyt nh tt c.
Nh ni phn u, y ch l Version Demo ca ti liu. Thiu xt l iu khng th trnh
khi, rt mong nhn c s gp v ch bo thng thn t pha cc bn.
Bn c th lin h vi ti:
My E-mail: binhnx2000@yahoo.com
My GPG Public Key: http://www.polarhome.com/~binhnx/contact/binhnx2000.asc
My Site & Group: http://www.vieteam.com/ (VTF Forum)
http://www.polarhome.com/~vicki (Vicki Group H/C/A)
http://binhnx.hypermart.net/ (My Site)