unix use and security from the ground up.htm

黑客培训教程

                        Now, for an explanation of how the Unix system encrypts
                the passwords. The first thing any hacker thinks of is trying
                decrypt the password file. This is as close to impossible as
                anything gets in this world. I've often heard other "hackers"
                brag about doing this...this is the biggest lie since Moses
                said "I did it". The encryption scheme is a variation on the
                DES (Data Encryption Standard). When you enter the command
                passwd (to change the password), the system will form a 2
                character "salt string" based on the process number of the 
                password command you just issued. This 2-character string pro-
                duces a slight change in the way the password is encrypted.
                There are a total of 4096 different variations on the
                encryption scheme caused by different salt string characters.
                This is NOT the same encryption scheme used by the crypt
                utility. The password is NEVER decrypted on the system. When
                you log on, the password you enter at the password prompt is
                encrypted (the salt string is taken from the password file)
                and compared to the encrypted entry in the password file. The
                system generates its own key, and as of yet, I have not
                discovered any way to get the key. The login program does
                not encrypt the password you enter itself, it does so, I 
                believe, by a system call.

/etc/group      -This is the group file. This allows the superuser to give
                certain accounts group access to groups other than their own.
                Entries are in the format:
               
               group name:password:group number:users in this group

                The first field is the name of the group. The second is the
                field for the group password. In all my experience with Unix,
                I have never seen the password feature used. The third is the
                group's number. The fourth field is a list of the users who
                group access to this group. (Note: this can include users whose
                group number is different from the number of the group whose
                entry you are reading in the group file.) The usernames are
                separated by commas. Here's an example:

                sys::2:root,sys,adm,lp

                To change to a new group identity, type "newgrp [group]". If
                the group has a password, you must enter the proper password.
                You cannot change to another group if you are not listed as a
                member of that group in the group file.
                

/dev/console    -This is the device file for the system console, or the
                system's main terminal.

/dev/tty##      -The device files for the system's terminals are usually in
                the form tty##, such as tty09, and sometimes ttyaa,ttyab, etc.
                Some ways to make use of the Unix system's treatment of devices
                as files will be explored in the section on Hacking Unix. When
                these files are not in use by a user (in other words, no one's
                logged onto this terminal), the file is owned by root. While a
                user is logged onto a terminal, however, ownership of its 
                device file is temporarily transferred to that account.

/dev/dk##       -These are the device files for the system's disks.

login files     -There are special files that are in a user's home directory
                that contain commands that are executed when the user logs in.
                The name of the file depends on what shell the user is using.
                Here are the names of the files for the various shells:
                
                Shell           File
                -----           ----
                sh              .profile
                csh             .cshrc
                ksh             .login
                rsh             .profile

                Some systems also use a file called ".logout" that contains
                commands which are executed upon logoff.
                        These types of files are called shell scripts, and will
                will be explained in the section on Unix Software Development's
                explanation of shell programming.
/usr/adm/sulog  -This is a log of all attempted uses of the su utility. It
                shows when the attempt was made, what account made it, and
                which account the user attempted to assume, and whether or not
                the attempt was successful.
/usr/adm/loginlog
     or
/usr/adm/acct/sum/loginlog- This is a log of all logins to the system. This
                only includes the time and the account's username.

mbox            -These are files in the home directories of the system's users,
                that contain all the mail messages that they have saved.

/usr/mail/<user>        -These files in the directory /usr/mail are named after
                        system accounts. They contain all the unread mail for
                        the account they are named after.
/dev/null       -This is the null device file. Anything written to this file is
                just lost forever. Any attempt to read this file will result in
                an immediate control-D (end of file) character.
/tmp    -The directory /tmp provides storage space for temporary files created
        by programs and other processes. This directory will always have
        rwxrwxrwx permissions. Examining these files occasionally reveals some
        interesting information, and if you know what program generates them
        and the format of the information in the file, you could easily change
        the info in the files, thereby changing the outcome of the program.

THE CRON UTILITIES
------------------
        An understanding of the cron utilities will be necessary to understand 
certain parts of the section on Hacking Unix. This section will give a detailed 
explanation of the workings of the cron utilities.
        The cron utility is a utility which carries out tasks which must be
performed on a periodic basis. These tasks, and the times when they are to be 
carried out, are kept in files in 2 directories: /usr/lib and 
/usr/spool/cron.
        The file crontab in the directory /usr/lib contains entries for system 
tasks that must be performed on a periodic basis. The format for the entries in 
this file is:

minute hour dayofmonth  monthofyear  dayofweek commandstring

The first field is the minutes field. This is a value from 0-59.
The second field is the hour field, a value from 0-23.
The third field is the day of the month, a value from 1-31.
The fifth field is the month of the year, a value from 1-2.
The sixth field is the day of the week, a value from 1-7, with monday being 1.
The seventh field is the pathname and any arguments of the task to be carried 
out.

An asterisk in a field means to carry out the task for every value of that 
field. For instance, an asterisk in the minutes field would mean to carry out 
that task every minute. Here's an example crontab entry:

0 1 * * *  /bin/sync

This runs sync command, which is kept in the directory bin, at 1 am every day.
Commands in the file /usr/lib/crontab are performed with root privileges.
        in the directory /usr/spool/crontabs, you will find files named after 
system accounts. These files contain cron entries which are the same as those 
in the file /usr/lib/crontab, but are carried out under the id of the user the 
file is named after. The entries are in the same format.

BEWARE! When modifying cron files- cron activity is logged! All cron activity 
is logged in the file /usr/adm/cronlog. I've found, however, that on most 
systems, this file is almost never checked.

UNIX SOFTWARE DEVELOPMENT
-------------------------
        The Unix operating system was initially created as an enviroment for 
software development, and that remains its main use. This section will detail 
some of the os's main facilities for software development, the C compiler and 
shell programming, and their related utilities. A few of the other languages 
will be briefly touched upon at the end of this section, also.

SHELL PROGRAMMING
-----------------
        The shell is more than a simple command interpreter. It is also a 
sophisticated programming tool, with variables, control structures, and the 
features of just about any other programming language. Shell programs are 
called scripts. Scripts are just text files which contain the names of commands 
and programs. When the script is executed, the command and programs whose names 
it contains are executed as if you had typed in their names from your keyboard. 
There are two ways to execute a shell script: if you have execute permission to 
it, you can simply type in its name. Otherwise, (if you have read access to 
it), you can type "sh [filename]". Here is a sample shell script:

who
whoami

As you can see, it contains the commands who and whoami. When you execute it, 
you will see a list of the system's current users (the output of the who 
command), and which account you are logged in under (the output of the whoami 
command).
        This will concentrate solely on shell programming. While shell 
programming is essentially the same with all the shells, there are slight 
syntax differences that make shell scripts incompatible with shells that they 
were not specifically written for.

SHELL VARIABLES
---------------
        Like any programming language, the shell can handle variables. To set 
the value of a variable, type:

[variable]=[value]

For example:

counter=1

This will assign the value "1" to the variable counter. If the variable counter 
does not already exist, the shell will create it. Note, that there are no 
"numeric" variables in shell programming- all the variables are strings. For 
instance, we could later type:

counter=This is a string

And counter would now be equal to "This is a string". There is a command called 
"expr", however, that will let you treat a variable as a numeric value, and 
will be explained later.
        When setting the value of a variable, you only use the variable name. 
When you specify a variable as an argument to a command or program, however, 
you must precede the variable with a dollar sign. For instance:

user=root

Now, we want to specify user as an argument to the command "ps -u". We would 
type:

ps -u$user

Which would, of course, display the processes of the user "root".

SPECIAL SHELL VARIABLES
-----------------------
        There are certain vaiables which are already pre-defined by the shell, 
and have special meaning to it. Here is a list of the more important ones and 
their meanings to the shell:

HOME    -(Notice the caps. All pre-defined variables are in all-caps.) This
        variable contains the pathname of the user's home directory.

PATH    -This is a good time to explain something which makes Unix a very
        unique operating system. In Unix, there are no commands "built-in" to
        the operating system. All the commands are just regular programs. The
        PATH variable contains a list of the pathnames of directories. When you
        type in the name of a command or program, the shell searches through
        the directories listed in the PATH variable (in the order specified in
        the variable) until it finds a program with the same name as the name
        you just typed in. The format for the list of directories in the PATH
        variable is:
        
        [pathname]:[pathname]:[pathname]...

        For example, the default searchpath is usually:

        /bin:/usr/bin:/usr/local

        A blank entry in the pathname, or an entry for ".", means to check the
        directory the user is currently in. For instance, all these paths
        contain blank or "." entries:

        .:/bin:/usr/bin         [Notice . at begginning of path]
        :/bin:/usr/bin          [Notice that path begins