Test Logical security of Unix servers.

This existence covers the practical security assessment of Unix, Linux servers (commands are comparable on the other hand some are different. Please test with the respective male pages).

Stage 1 announce using Nessus and analysis for vulnerabilities and Nmap for ports. Spotlight the ports and mention to IANA for details. Print report. Discover using Nessus (ensure fresh updates are done).

Stage 2 extended etc/passwd and /etc/shadow > to password.txt and shadow.txt in residence directory. Probation the security of these files, research IDs and /etc/group.

1. This is prize the basic security degree that any server MUST take. i.e. IDs and Groups.

2. What to check. Aggrandized /etc/passwd and /etc/shadow.

3. Case gone for ordinary IDs - are all these active and belongs to users that gain resigned ?

4. Lookout for process IDs - active, are they required - they may be powerful

5. Confirmation ID, Developer IDs, Root equivalent IDs - active ? Why ?

6. Intruders regularly application finger or ruser to design balance names and then best shot easy passwords. Please let your users be cognizant that complicated passwords are a must. No problem passwords dispassionate cause the hacker's afafir easier.

7. Whether intruders can dispose a password file, they normally modification or put in writing it to another tool and bound password guessing programs on it. These programs contain capacious vocabulary searches and flow quickly much on slow machines. Most systems that discharge not situate any controls on the types of passwords used probably enjoy at least one password that can be easily guessed.

8. It is a skilled knowledge to pin money all your passwords. For almighty critical servers, passwords should be modify everytime root equivalent, developer IDs are used. Provided this is not practical, maybe 3 months or 6 months interval.

9. Intruders exploit development default passwords that hold not been changed in that installation,including accounts with vendor-supplied default passwords. Be undeniable to transform all default passwords when the software is installed. There are software upgrades that can alternate story passwords to a contemporary default at the background. Inspection and replace passwords after updates are done.

More /etc/passwd > /home/Gabriel/password.csv Added /etc/shadow > /home/Gabriel/shadow.csv

Stage 3 Proof creation writable files and directories. This is again a must. Suppose your most critical argument files are accessible to everybody. Jewel them and catch the required steps to charge their rights.

find / -type f -perm -22 -exec ls -l > /home/Gabriel/worldfiles.csv ; bargain / -type d -perm -22 -exec ls -l > /home/Gabriel/worlddirectory.csv ;

Stage 4 Search for SUID and GUID files

* SUID and GUID can avow accustomed users to shift root equivalent when these programs are owned by Root.

* To mitigate this risk, it testament be prudent that these files are not area readable as faculty users may treasure ways to lope these programs. Or remove them if not necessary

* SUID and GUID are usually constitute in /bin, /etc, /usr/bin, /usr/ucb, /usr/etc, wages carefulness if they are get going in other directories.

* Glom for SUID files (especially SUID root files) in all places on your system. Intruders much consent SUID copies of /bin/sh sorrounding to remit them root access at a next time. The UNIX boast programme can be used to search for setuid files.

Find / -user root -perm -4000 -exec ls -l > /home/Gabriel_ng/rootsuid.csv ; Catch SUID and GUID on root directory. Bonanza / -xdev -perm -004000 -exec ls-l {} > /home/Gabriel_ng/suid.csv ; Acquisition / -xdev -perm -002000 -exec ls-l {} > /home/Gabriel_ng/guid.csv ; .

Stage 5 Evaluation for network files - /etc/hosts.equiv, .rhosts, /etc/hosts.allow, hosts.deny

* Considerable influence in network security is controlling network access. The /etc/hosts.equiv, .rhosts and /etc/passwd driver's seat if access is habituated to rlogin, rcp, and rsh. The /etc/hosts.equiv involve a data of hosts that can be trusted or considered equivalent to that machine. Some systems uses /etc/hosts.allow and /etc/hosts.deny rather than a unmarried /etc/hosts.equiv. The .rhosts files holds a case of hosts that are permitted access to a particular user.

* For .rhosts files spare access to the action without using a password it is recommended that users bring about not cause them in their family directories.

Check for /etc/hosts.equiv, .rhosts , /etc/hosts.deny and /etc/hosts.allow Treasure trove /home -name .rhosts -print

Stage 6 Check course monitoring - logs. Check /etc/sudoers - adeptness for users to dart commands as "root" with sudoers. Deeper /etc/sudoers > /home/Gabriel/sudoers.csv Other includes /var/adm/acct, /var/adm/wtmp, var/adm/btmp, var/adm/syslog/syslog.log

Check /var/adm/sulog

1. SU 10/19 14:15 + tty q3 root-test1 - document the interval and time, + show fortuitous and - failure. If there is repeat failure could be comment that someone is trying to split in using su.

Stage 7 By piping all files in csv or words files, it will be easier to analyse the details and business with the valuable parties to tighten the security.