Ubuntu 10.04Overview

• Ubuntu Intro• Backdoor/Virus/Malware• Firewall• User and Group Security• Local Security Policy

Ubuntu IntroWhy learn Linux/Unix?• The backbone of the internet and a large amount of

corporate networks are based on Linux/Unix architecture.

• Lots of Legally free open-source software that can be altered to fit individual needs.

• Use security tools only available on Linux systems.• Many open-source tools actually work better on Linux

than their Windows counterparts. (Hydra, Nmap, Hping, etc.)

• Cyber Patriot Competition.• Because it’s fun!!

Ubuntu

• Ubuntu is a very user friendly Linux distribution. It is available for free at http://www.ubuntu.com/desktop/get-ubuntu/download

• Current desktop versions of Ubuntu can be installed inside a Windows OS (as if it were just a program). If installed in this way the system will have to be rebooted to change between Oss, but the Ubuntu partition can be uninstalled from the Windows Add/Remove programs utility if it is no longer needed.

Ubuntu

• Ubuntu can also be made into a live cd or USB drive that can be used to learn and practice with without ever installing the OS on the actual hardware.

• The Ubuntu installer is easy to follow and installation is relatively quick (< hour max).

• Ubuntu supports most hardware, however if there is a complication a VM may be a better option for running Ubuntu.

Malware and etc.

• ClamAV is an open source antivirus software typically run on email servers.

• ClamAV can be configured to scan incoming and outgoing files but it lacks the runtime function as typically seen in windows.

• We just want to install and scan periodically (or just right away for competition).

• ClamAV is command line but the ClamTK package adds a GUI.

Installing ClamAV

Open Synaptic Package Manager

Type “clamav” into Quick Search.Select “clamav” and “clamtk” packages with dependencies

Click Apply and accept the next prompt.

Run Clam Virus Scan

Applications Accessories Virus Scanner

ClamAV Preferences

ClamAV Scan

• Scan using the “Scan” tab• Full scan: Select a Directory [File System] (will

take a long time probably)

Ubuntu Firewalls• Uncomplicated Firewall (UFW)• Front end for IPTables (Default in Ubuntu)• Cheat Sheet Commands

If prompted for password, use your password or root– sudo ufw enable (enables)– sudo ufw [allow/deny][port number]– sudo ufw status– sudo ufw app list (installed profile apps)– sudo ufw app info [app name] (port proto)– sudo ufw [allow/deny][app name]?– sudo ufw logging on (enables logging)

Opening Terminal Through GUI

• Applications Accessories Terminal

Command Examples

User and Group Security

Command Cheat Sheet• sudo adduser [username] (create user)• sudo deluser [username] (delete user)• sudo passwd –l [username] (lock account)• sudo passwd –u [username] (unlock account)• sudo addgroup [groupname] (create group)• sudo delgroup [groupname] (delete group)• sudo adduser [username] [groupname] (adds user

to a group)

User and Group Security Cont.ls –ld /home/[username] (list permissions of user’s home file or other directory [directorypath])

Permission Action chmod optionread (view) r or 4write (edit) w or 2execute (execute) x or 1

User ls outputowner -rwx------group ----rwx---other -------rwx

Directories have directory permissions. The directory permissions restrict different actions than with files or device nodes.

Permission Action chmod optionread (view contents, i.e. ls command) r or 4

write (create or remove files from dir) w or 2

execute (cd into directory) x or 1

Permissions in Action

Using the example above we have the file "/etc/hosts" which is owned by the user root and belongs to the root group.

What are the permissions from the above /etc/hosts ls output?

Changing Permissions (chmod)

• chmod with letters• Usage: chmod {options}

[filename]

Options Definitionu owner g group o other x execute w write r read + add permission - remove permission = set permission

Changing Permissions (chmod)

• chmod with numbers• Usage: chmod {options}

[filename]• When using numbers and

multiple options the numbers are added together.

• Execute and read would be 5 (1+4=5)

Options Definition#-- owner -#- group --# other 1 execute 2 write 4 read

Chmod Usage Example

Changing Ownership(chown)

• chown can be used to change the file ownership and group of a file

• Usage: chown {options} [owner:group] [filename]Option Flag Explanation

--from=[currentowner:currentgroup] changes owner and/or group of each file only if its current owner and/or group match those specified.

-R, --recursive Operates on files and directories recursively

-v, --verbose Output information for each file processed

--reference=[filename] Use owner group of name file

chown example

Note: The use of “*” as a wildcard character. This allows multiple files to be targeted with the same command.

Recursive and WildcardsIf there is a problem with file ownership due to malware it may be necessary to change the ownership back. The recursive and from= options will be much more efficient when combine with a wildcard. Here’s an example:

sudo chown –v –R –from=roy:abusers user:user *

Notice that the command has the verbose and recursive flags on. The –from=roy:abusers user:user * is searching for every file owned by the roy account with group permissions set to the abusers group. This command will then change the ownership to the user account and the user group. The * character is a wildcard to check all files and the –R makes it check recursively. If this command is launched from the base file system it will check every file on the drive. This is extremely powerful but extremely dangerous if the command is messed up in any way. Please make sure you understand before using recursive wildcard chown commands. It should also be noted that some directories will not allow you to launch this command with sudo. In these cases the root account would have to be unlocked and used. Make sure to re-lock the root account after.

Password Policysudo chage –l [username] - shows password policy information for account specifiedsudo chage [username] – change password policy for specified account

Unfortunately, the default management for passwords is done by account in regards to expiration, resets, etc.

There exist open-source alternatives for better password policy management, but this will probably not be required for the competition.

Password Policychage flags Explanation

-E Expiration date

-m Minimum password reset

-M Maximum password reset

-I Inactivity period after password expiration

-W Number of days that it warns of password expiration

Example

Password PolicyChanging the required length, encryption technique, and using complexity rules are all handled in the /etc/pam.d/common-password file.

The line directly above the highlighted text is the original. The highlighted has been modified to set the minimum password length to 8 (ubuntu 10.04 is 6 by default).

The obscure rule toggles on some basic complexity requirements. And the “sha512” determines the encryption type. MD5 is an option but sha512 is more secure.

Man Pages

• Manual Pages are available for most commands and programs within the linux environment. Simply type man [command or program name] to bring up the manual pages.

• These pages describe proper use and options for the command/program.

• Man Pages = Saving grace for Linux Newbies.• Read them!!

Man Pages for the man Command

Yes, there is even a man pages for the man command.

Misc. Commands• gksudo nautilus – opens gui directory browser with

escalated priviledges• Ifconfig – works like ipconfig in windows• ls – works like dir, lists contents of directory(-a option

to show hidden files)• rm – delete file or folder(additional flags needed for

non-empty folders)• cp – copies files from one location to another• sudo – escalates priviledges• man – allows manual to be seen for specified

command/application• cd – changes the directory

Misc. Commands

• netstat – shows network status (-a flag shows state of all sockets and routing table entries)

• top – list running processes with PID#• kill – stops process based on process PID#• locate – list files in database that match a

pattern (may need updatedb command)• find – search for files in a directory hierarchy

References

• https://help.ubuntu.com/10.04/serverguide/C/security.html