AdSense
Friday, September 1, 2017
9 - Linux Security: generating a pair of SSH keys (public/private)
GENERATING A PAIR OF SSH KEYS (PUBLIC/PRIVATE)
- Layout for this exercise:
- Public key cryptography or asymmetrical cryptography is a cryptographic system that uses a pair of keys.
- Public keys may be disseminated widely, and private keys are known only to the owner.
- This accomplishes two functions: authentication, which is when the public key is used to verify that a holder of the paired private key sent the message, and encryption, whereby only the holder of the paired private key can decrypt the message encrypted with the public key:
https://en.wikipedia.org/wiki/Public-key_cryptography
- Generating a pair of keys (private and public) according to the RSA asymmetric cryptographic algorithm. Notice that a passphrase is optionally asked for:
https://en.wikipedia.org/wiki/RSA_(cryptosystem)
- The two keys are stored into the folder .ssh:
- The private key:
- The public key:
- Checking the IP:
- Copying the public key so that locally available keys are used to authorize logins on remote machines:
- Trying the SSH connection:
- The passphrase is required to unlock the private key:
- Entering the passphrase (without password !!) the SSH connection is successful:
- Let's see that the public key was actually added:
- The authorized key matches the public key (id_rsa)obtained previously:
- Connecting from other server:
8 - Linux Security: SSH Banner and Message Of The Day
SSH BANNER AND MESSAGE OF THE DAY
- Layout for this exercise:
- sshd_config is the file where SSH configuration is stored.
- The banner displayed when connecting via SSH service is located at /etc/issue.net:
- To display a message of the day (motd) the entry PrintMotd must be enabled to yes:
- Editing /etc/issue.net the default message showing the Linux version can be personalized:
- To personalize the message of the day just edit /etc/motd:
- Replacing the default message:
- Restarting SSH:
- Checking the IP:
- Accessing from a Windows machine with Putty:
- Banner:
- Message Of The Day:
- Accessing from a Linux Kali machine the banner is displayed:
- Also the Message Of The Day is displayed:
7 - Linux Security: privilege escalation manipulating a user's UID
PRIVILEGE ESCALATION MANIPULATING A USER'S UID
- In this exercise a Linux Debian server is used:
- By default the only user with UID=0 is the superuser root:
- However, let's see what happens if a user's UID is manipulated and changed to 0.
- Creating a new user marie:
- Setting a password for the new user :
- Switching the session to the new user:
- The UID for the new user is 1004:
- Now here comes the tricky part. A user with enough privileges to edit the /etc/passwd could manipulate this file changing the user's UID from 1004 to 0:
- Going to marie's session, let's see that the user marie is considered exactly like the superuser root:
- Now the new user's UID is 0, although the IDs for groups have not been changed::
- Actually there are two users (root and marie) with UID=0:
- The fact of owning an UID=0 (regardless of the name of the user) means that marie has full access to commands and files on the system, what can be considered as an example of privilege escalation.
- To restore the default configuration let's edit again /etc/passwd assigning an UID different to 0 to marie:
- Finally the default configuration is restored:
- As a general rule, and with the goal of avoiding privilege escalation, it is recommendable to check periodically that the only user with UID=0 is the root:
- The previous command performs this task:
a) awk <- pattern scanning and processing language
b) -F: <- field
c) '($3 == "0") <- if the 3rd field is equal to 0
d) print <- print the line
e) /etc/paswd <- scanning this file
- The previous command performs this task:
a) awk <- pattern scanning and processing language
b) -F: <- field
c) '($3 == "0") <- if the 3rd field is equal to 0
d) print <- print the line
e) /etc/paswd <- scanning this file
6 - Linux security: handling usage restrictions for CRON / CRONTAB services
HANDLING USAGE RESTRICTIONS FOR CRON / CRONTAB SERVICES
- Layout for this exercise:
- cron is a time-based job scheduler in Unix-like computer operating systems.
- cron can be used to schedule jobs (commands or shell scripts) to run periodically at fixed times, dates, or intervals.
- It typically automates system maintenance or administration though its general purpose nature makes it useful for things like downloading files from the Internet and downloading email at regular intervals.
- cron is driven by a crontab (cron table) file, a configuration file that specifies shell commands to run periodically on a given schedule.
- The crontab files are stored where the lists of jobs and other instructions to the cron daemon are kept.
- Users can have their own individual crontab files and often there is a system wide crontab file (usually in /etc or a subdirectory of /etc) that only system administrators can edit.
https://en.wikipedia.org/wiki/Cron
- Reference for cron:
- Reference for crontab:
- These two files play an important role:
/etc/cron.allow - if this file exists it must contain username for using cron jobs.
/etc/cron.deny - if the cron.allow file does not exist but the /etc/cron.deny file does exist then, to use cron jobs, the user must not be listed in the /etc/cron.deny file.
- If neither of these files exist then, depending on site-dependent configuration parameters, either only the super user can use cron jobs, or all users can use cron jobs.
- However, it is important to notice that root is always allowed to setup a crontab:
- Creating a cron.allow file to include the user johndoe:
- Going back to johndoe user account:
- Editing crontab for johndoe:
- Let's see what files are related with cron:
- Removing cron.allow:
- Specifically denying crontab access to johndoe by creating cron.deny:
- Now, johndoe is not allowed to use crontab:
Subscribe to:
Posts (Atom)