0407-0410.html

来自「linux-unix130.linux.and.unix.ebooks130 l」· HTML 代码 · 共 394 行

HTML
394
字号 




<HTML>

<HEAD>

<TITLE>Developer.com - Online Reference Library - 0672311739:RED HAT LINUX 2ND EDITION:System Security</TITLE>

<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
<SCRIPT>
<!--
function displayWindow(url, width, height) {
        var Win = window.open(url,"displayWindow",'width=' + width +
',height=' + height + ',resizable=1,scrollbars=yes');
}
//-->
</SCRIPT>
</HEAD>

 -->




<!-- ISBN=0672311739 //-->

<!-- TITLE=RED HAT LINUX 2ND EDITION //-->

<!-- AUTHOR=DAVID PITTS ET AL //-->

<!-- PUBLISHER=MACMILLAN //-->

<!-- IMPRINT=SAMS PUBLISHING //-->

<!-- PUBLICATION DATE=1998 //-->

<!-- CHAPTER=20 //-->

<!-- PAGES=0395-0410 //-->

<!-- UNASSIGNED1 //-->

<!-- UNASSIGNED2 //-->









<P><CENTER>

<a href="0403-0406.html">Previous</A> | <a href="../ewtoc.html">Table of Contents</A> | <a href="../ch21/0411-0414.html">Next</A>

</CENTER></P>



<A NAME="PAGENUM-407"><P>Page 407</P></A>













<P>To set the suid and the sgid using the numeric system, use these two commands:

</P>





<!-- CODE SNIP //-->

<PRE>

$ chmod 2### &lt;filename&gt;

$ chmod 4### &lt;filename&gt;

</PRE>

<!-- END CODE SNIP //-->













<P>In both instances, the ### is replaced with the rest of the values for the permissions. The

additive process is used to combine permissions; therefore, the following command would add

suid and sgid to a file:

</P>





<!-- CODE SNIP //-->



<PRE>

$ chmod 6### &lt;filename&gt;

</PRE>

<!-- END CODE SNIP //-->



<CENTER>

<TABLE BGCOLOR="#FFFF99">

<TR><TD><B>

NOTE

</B></TD></TR>

<TR><TD>

<BLOCKQUOTE>

<BR>A sticky bit is set using chmod 1###

&lt;filename&gt;. If a sticky bit is set, the executable is kept

in memory after it has finished executing. The display for a sticky bit is a

t, placed in the last field of the permissions. Therefore, a file that has been set to

7777 would have the following permissions:

-rwsrwsrwt.

</BLOCKQUOTE></TD></TR>

</TABLE></CENTER>

<BR>



<H4>

The Default Mode for a File or Directory

</H4>









<P>The default mode for a file or directory is set with the

umask. The umask uses the numeric system to define its value. To set the

umask, you must first determine the value that you want the

files to have. For example, a common file permission set is

644. The owner has read and write permission, and the rest of the world has read permission. After the value is determined, then it

is subtracted from 777. Keeping the same example of

644, the value would be 133. This value is the

umask value. Typically, this value is placed in a system file that is read when a user first

logs on. After the value is set, all files created will set their permissions automatically using this value.

</P>









<H3><A NAME="ch20_ 15">

Passwords&#151;A Second Look

</A></H3>









<P>The system stores the user's encrypted password in the

/etc/passwd file. If the system is using a shadow password system, the value placed in this field will be

x. A value of * blocks login access to the account, as

* is not a valid character for an encrypted field. This field should

never be edited (after it is set up) by hand, but a program such as

passwd should be used so that proper encryption takes place. If this field is changed by hand, the old password is no longer valid

and, more than likely, will have to be changed by root.

</P>

<P>

<P>



<CENTER>

<TABLE BGCOLOR="#FFFF99">

<TR><TD><B>

NOTE

</B></TD></TR>

<TR><TD>

<BLOCKQUOTE>







<P>If the system is using a shadow password system, a separate file exists called

/etc/shadow that contains passwords (encrypted, of course).

</BLOCKQUOTE></TD></TR>

</TABLE></CENTER>

</P>

<A NAME="PAGENUM-408"><P>Page 408</P></A>









<P>A password is a secret set of characters set up by the user that is known only by the user.

The system asks for the password, compares what is inputted to the known password, and, if

there is a match, confirms that the user is who she says she is and lets her access the system. It

cannot be said enough&#151;do not write down your password! A person who has a user's name and

password is, from the system's perspective, that user, with all the rights and privileges

thereof.

</P>









<H3><A NAME="ch20_ 16">

Related WWW Sites

</A></H3>









<P>Table 20.7 shows the more standard locations to find some of the tools discussed in this

chapter. Other Web sites have these tools as well, but these were chosen because they will

probably still be around when this book is published and you are looking for the information.

</P>









<P>Table 20.7. WWW sites for tools.</P>

<TABLE WIDTH="360">

<TR><TD>

<B>Tool</B>

</TD><TD>

<B>Address</B>

</TD></TR>

<TR><TD>

cops

</TD><TD>

ftp://ftp.cert.org/pub/tools/cops

</TD></TR>

<TR><TD>

crack

</TD><TD>

ftp://ftp.cert.org/pub/tools/crack

</TD></TR>

<TR><TD>

deslogin

</TD><TD>

ftp://ftp.uu.net/pub/security/des

</TD></TR>

<TR><TD>

findsuid.tar.Z

</TD><TD>

ftp://isgate.is/pub/unix/sec8/findsuid.tar.Z

</TD></TR>

<TR><TD>

finger daemon

</TD><TD>

<a href="http://www.prz.tu-berlin.de/~leitner/fingerd.html">http://www.prz.tu-berlin.de/~leitner/fingerd.html</A>

</TD></TR>

<TR><TD>

freestone

</TD><TD>

ftp.soscorp.com/pub/sos/freestone

</TD></TR>

<TR><TD>

freestone

</TD><TD>

ftp://ftp.cs.columbia.edu/pub/sos/freestone

</TD></TR>

<TR><TD>

gabriel

</TD><TD>

ftp://ftp.best.com/pub/lat

</TD></TR>

<TR><TD>

ipfilter

</TD><TD>

<a href="http://cheops.anu.edu.au/~avalon/ip-filter.html">http://cheops.anu.edu.au/~avalon/ip-filter.html</A>

</TD></TR>

<TR><TD>

ipfirewall

</TD><TD>

ftp://ftp.nebulus.net/pub/bsdi/security

</TD></TR>

<TR><TD>

kerberos

</TD><TD>

<a href="http://www.contrib.andrew.cmu.edu/usr/db74/kerberos.html">http://www.contrib.andrew.cmu.edu/usr/db74/kerberos.html</A>

</TD></TR>

<TR><TD>

merlin

</TD><TD>

<a href="http://ciac.llnl.gov/">http://ciac.llnl.gov/</A>

</TD></TR>

<TR><TD>

npasswd

</TD><TD>

ftp://wuarchive.wustl.edu/usenet/comp.sources.unix/

volume25/npasswd

</TD></TR>

<TR><TD>

obvious-pw.tar.Z

</TD><TD>

ftp://isgate.is/pub/unix/sec7/obvious-pw.tar.Z

</TD></TR>

<TR><TD>

opie

</TD><TD>

ftp://ftp.nrl.navy.mil/pub/security/nrl-opie/

</TD></TR>

<TR><TD>

pcheck.tar.Z

</TD><TD>

ftp://isgate.is/pub/unix/sec8/pcheck.tar.Z

</TD></TR>

<TR><TD>

Plugslot Ltd

</TD><TD>

<a href="http://www.var.org/~greg/pcppsp.html">http://www.var.org/~greg/PCPPSP.html</A>

</TD></TR>

<TR><TD>

rsaeuro

</TD><TD>

tp://ftp.ox.ac.uk/pub/crypto/misc/

</TD></TR>

<TR><TD>

rscan

</TD><TD>

<a href="http://www.umbc.edu/rscan/">http://www.umbc.edu/rscan/</A>

</TD></TR>

<TR><TD>

satan

</TD><TD>

<a href="http://www.fish.com/satan">http://www.fish.com/satan</A>

</TD></TR>

<TR><TD>

Secure Telnet

</TD><TD>

ftp://idea.sec.dsi.unimi.it/cert-it/stel.tar.gz

</TD></TR>

</TABLE>







<A NAME="PAGENUM-409"><P>Page 409</P></A>





<TABLE WIDTH="360">

<TR><TD>

<B>Tool</B>

</TD><TD>

<B>Address</B>

</TD></TR>

<TR><TD>

ssh

</TD><TD>

<a href="http://www.cs.hut.fi/ssh/">http://www.cs.hut.fi/ssh/</A>

</TD></TR>

<TR><TD>

tcp wrappers

</TD><TD>

ftp://ftp.win.tue.nl/pub/security/

</TD></TR>

<TR><TD>

telnet (encrypted)

</TD><TD>

ftp.tu-chemnitz.de/pub/Local/informatik/sec_tel_ftp/

</TD></TR>

<TR><TD>

tiger

</TD><TD>

ftp://wuarchive.wustl.edu/packages/security/TAMU/

</TD></TR>

<TR><TD>

tis firewall toolkit

</TD><TD>

ftp://ftp.tis.com/pub/firewalls/toolkit/

</TD></TR>

<TR><TD>

tripwire

</TD><TD>

ftp://wuarchive.wustl.edu/packages/security/tripwire/

</TD></TR>

<TR><TD>

xp-beta

</TD><TD>

ftp://ftp.mri.co.jp/pub/Xp-BETA/

</TD></TR>

<TR><TD>

xroute

</TD><TD>

ftp://ftp.x.org/contrib/utilities/

</TD></TR>

</TABLE>







<H3><A NAME="ch20_ 17">

Summary

</A></H3>









<P>Security is only as good as the users' willingness to follow the policies. This is, on many

systems and in many companies, where the contention comes in. The users just want to get their

job done. The administrators want to keep the undesirables out of the system. The

corporate management wants to keep the corporate secrets secret. Security is, in many ways, the

hardest area to get users to cooperate, but is, in fact, the most important. Users who write down

or share passwords, poorly written software, and maliciousness are the biggest security problems.

</P>









<P>For the administrator in charge of the system, the only advice that can be offered is this:

The best user will only follow the policies that you follow. If you have poor security habits,

they will be passed along. On the other hand, people generally rise to the minimum level they

see exhibited or see as expected. It is the job of the administrator to go beyond the call of duty

and gently point out improvements while at the same time fighting the dragons at the back

gate trying to get into the system.

</P>



<A NAME="PAGENUM-410"><P>Page 410</P></A>















<P><CENTER>

<a href="0403-0406.html">Previous</A> | <a href="../ewtoc.html">Table of Contents</A> | <a href="../ch21/0411-0414.html">Next</A>

</CENTER></P>









</td>
</tr>
</table>

<!-- begin footer information -->





</body></html>

0407-0410.html - 源码说明

本页面展示了「linux-unix130.linux.and.unix.ebooks130 linux and unix ebookslinuxLearning Linux - Collection of 12 E」中的 0407-0410.html 源码文件,采用 HTML 编程语言编写,共 394 行代码。您可以在线阅读完整代码内容,也可以返回资源详情页下载完整源码包进行本地学习和开发。

虫虫开发者社区收录了大量与linux相关的技术资源,包括源代码、技术文档、电路图等,是电子工程师和嵌入式开发者的专业学习平台。

⌨️ 快捷键说明

复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?