Monitoring su Attempts
/etc/default/su -- File monitoring su login info
CONSOLE VARIABLE
# CONSOLE=/dev/console -- Remove the comment (#) symbol. So that root can login
remotely by su command.
SULOG VARIABLE
SULOG=/var/adm/sulog -- Specifies the file location of the log file
Controlling System Access
# /etc/default/login file
CONSOLE=/dev/console -- This line should be commented to login as root from remote system
PASSREQ=YES -- Enforces that each user should have password to login
/etc/ftpd/ftpusers -- Lists names of users prohibited from connecting to system through FTP
/etc/ftpusers -- Solaris 8
/etc/hosts.equiv & $HOME/.rhosts -- Files to determine if a remote user is allowed to access the local host, with the identity of a local user. This procedure first check /etc/hosts.equiv and then $HOME/.rhosts
hostname
hostname username
+
If a uses local host’s /etc/hosts.equiv file contains the host name ofa a remote host, then all regular users of that remote host are trusted and do not need to supply a password to login to the local host. Wherease the /rhosts file applies to a specific user
/etc/inetd.conf -- File used to control all services
# svcadm disable (or) enable ftp (or) telnet -- in solaris 10
# rsh 140.40.40.151
# rcp 140.40.40.151:/test/file1 . -- To copy remote system file to local
# rcp $HOME:/file1 140.40.40.151:/tmp -- To copy local files to remote system
# chown user2 file7 -- To change owner of a file
# chown –R user2 dir4 -- To change ownership for folder and all its subfolders
# chown user3:class file7 -- Changing both the individual and group ownership in one shot
# chgrp class file4 -- To change the group ownership of a file or directory
Setuid Permission on Executable Files
When the setuid permission is set on an executable file, a user or process that runs this executable file is granted access based on the owner of the file.
# ls –l /usr/bin/su
_ rs r_xr_x 1 root sys ………….
The setuid permission displays as an “s” in the owners executable field. You should disallow the use of setuid programs or at least restrict their use
# chmod 4555
# find / -perm –4000 -- To search for setuid files
Setgid Permission on Executable Files
When the process runs, it runs as if it were a member of the same group in which the file is a member. Also access is granted based on the permission assigned to that group
# ls –l /usr/bin/write
_ r _ r_sr_x 1 root …………. -- Displays as “s” in the group’s execute field
# chmod 2555
# chmod g+s
# find / -perm –2000 -- To search for setgid files
Sticky Bit Permission on Public Directories
If the directory permission have the sticky bit set, a file can be deleted only by the owner of the file/directory or the root user.
# ls –ld /tmp
drwxrwxrwt 6 root sys …… -- Displays as “t” in the execute field for other.
# chmod 1777
# find / -type d –perm –1000 -- To search for sticky bit directory
1 comment:
hai
I read this post.really it is very useful for me .
thanks.
Post a Comment