Using TCP Wrappers to secure Linux

The TCP wrappers package (tcp_wrappers) is installed by default under Red Hat Linux and provides host-based access control to network services. The most important component within the package is the /usr/lib/libwrap.a library. In general terms, a TCP wrapped service is one that has been compiled against the libwrap.a library

TCP Wrappers can be used to GRANT or DENY access to various services on your machine to the outside network or other machines on the same network. It does this by using simple Access List Rules which are included in the two files /etc/hosts.allow and /etc/hosts.deny .

Let us consider this scenario: A remote machine remote_mc trying to connect to your local machine local_mc using ssh.

When the request from the remote_mc is received by the tcp wrapped service (SSH in this case), it takes the following basic steps:

It checks the /etc/hosts.allow file and applies the first rule specified for that service. If it finds a matching rule , it allows the connection. If no rule is found, it moves on to step 2.

It checks the /etc/hosts.deny file and if a matching rule is found, it deny's the connection.

Read More

Password, Shadow and Group files Description in Linux

1) What is Password file?
Passwd file is a text file, that contains a list of the system's accounts, giving for each account some useful information like user ID, group ID, home directory, shell, etc.
2) Password file format
account:password:UID:GID:GECOS:directory:shell

* username
* encrypted password (or x if shadow passwords are in use)
* UID
* default GID
* real name (also known as the GECOS field)
* home directory
* default shell

3) What is Shadow file?
shadow file contains the encrypted password information for user's accounts and optional the password aging information.
4) Shadow file format
smithj:Ep6mckrOLChF.:10063:0:99999:7:::
if shadow passwords are being used, the /etc/shadow file contains users' encrypted passwords and other information about the passwords. It fields are colon-separated as for /etc/passwd, and are as follows:
* username
* encrypted password
* Days since Jan 1, 1970 that password was last changed
* Days before password may be changed
* Days after which password must be changed
* Days before password is to expire that user is warned
* Days after password expires that account is disabled
* Days since Jan 1, 1970 that account is disabled
* A reserved field

The password expiry related fields are modified by the change program.

5) What is Group file?
group file is an ASCII file which defines the groups to which users belong. There is one entry per line, and each line has the format
All three files are located in /etc directory and we will see each one this file detailed
6) Group file format
group_name:passwd:GID:user_list
The /etc/group file consists of group records, one to a line. Each record contains multiple fields, separated by colons (:). The fields are:
* group name
* encrypted group password (or x if shadow passwords are in use)
* GID
* group members' usernames, comma-separated

Read More

How do I telnet as the root user

modify your /etc/pam.d/login and /etc/pam.d/remote files.In this file, the first line:
auth required pam_securetty.so
comment out the first auth line so that your /etc/pam.d/login looks like this:.
#%PAM-1.0
#Commented out below line in order to allow root access for telnet
#auth required pam_securetty.so
Once you save these changes, you should be able to telnet to your system as the root user.

Read More

Linux file Types

"Unix systems,everything is a file: if something is not a file,it is process."A linux system, just like unix ,makes no difference between a file and a directory,since a directory just a file containig names of other files.
File type in a long list:-
- Regular file
d Directory
l Link
c Special file (character (unbuffered) device file special )
s Socket
p Named pipe
b Block device

for more information:- http://www.comptechdoc.org/os/linux/usersguide/linux_ugfilesp.html

Read More

Access control list

An access control list (ACL) is a list of permissions attached to an object. The list specifies who or what is allowed to access the object and what operations are allowed to be performed on the object. In a typical ACL, each entry in the list specifies a subject and an operation: for example, the entry (Alice, delete) on the ACL for file XYZ gives Alice permission to delete file XYZ.
In an ACL-based security model, when a subject requests to perform an operation on an object, the system first checks the list for an applicable entry in order to decide whether or not to proceed with the operation.



Definitions

User class The conventional POSIX permission concept uses three classes of
users for assigning permissions in the le system: the owner, the owning
group, and other users. Three permission bits can be set for each user
class, giving permission to read (r), write (w), and execute (x). An introduction
to the user concept in Linux is provided in the User Guide in the
section Users and Access Permissions.

Access ACL The user and group access permissions for all kinds of le system
objects (les and directories) are determined by means of access ACLs.

Default ACL Default ACLs can only be applied to directories. They determine
the permissions a le system object inherits from its parent directory
when it is created.

ACL entry Each ACL consists of a set of ACL entries. An ACL entry contains a
type (see Table B.1 on the following page), a qualier for the user or group
to which the entry refers, and a set of permissions. For some entry types,
the qualier for the group or users is undened.

*For more information go through with following link:-

http://www.suse.de/~agruen/acl/chapter/fs_acl-en.pdf

Read More