How is Unix system managed securely?

Many people have a misunderstanding that Unix systems must be attacked as technical vulnerabilities on the system. In fact, more system security issues are caused by management negligence. As long as security management is strengthened, most of the cyber attacks can be avoided. Here is a look at how Unix systems are managed securely.

error-prone places

finger is a very common tool on a UNIX platform, use it aims to provide information on the number of users in a given system. The most problematic place for a Unix host is fingerd, which is the killer of the finger. The working principle of it is introduced in many UNIX books, but its shortcoming is that there are too many messages provided. A skilled use of finger can break a fingerd machine in a short period of time. This is not an alarmist. SUN Solaris fingerd can provide all online user names on the host. All user names are more detailed than /etc/passwd. User information. For example, I made a finger request to a SUN machine to query the root situation. If its fingerd is not closed or replaced, it will tell me the following information:

Login name: root In real life: Super- User

Directory: /Shell: /sbin/sh

Last login Fri Mar 26 16:54 on pts/2

New mail received Sat Mar 27 23:10: 37 1999;

unread since Wed Dec 23 09:56:10 1998

No Plan.

Then I can get the following information:

( 1) The real name of root is Super-User (some hardworking system administrators will write their own names here, and set the root password to their own name!!);

(2)root The root directory is in/under. Sometimes a hacker invades a machine as a normal user and finds that /etc/passwd is root read and write. Then he can get most of the user names on the host by viewing the user directory;

( 3) The root shell environment is /sbin/sh. If it is /bin/passwd, it proves that the user can only change the password when logging in to the host;

(4) root last login machine is in 1999.3.26 16:54;

(5) root has a new letter is 1999.3.26, but he has not read the letter from 1998.12.23 .

Because the designer of the operating system thinks that finger is used by the query user, of course, the more detailed the output information, the better. However, in the current situation where the domestic user does not have enough knowledge about password security, the user password is the username, 12345, abc123 or the default password assigned by the administrator. In addition to the finger to the host, the router also has a finger. In particular, the access router can output the username and IP address of the current connector. In fact, it also caused the leakage of the host username.

In addition to the finger command, the EXPPN command with sendmail is also a way to reveal the username. When using Telnet to log in to the host sendmail port, use the EXPN command to try out the user on the host. For example, expn root, if there is a user name called root, it will return the user's email address, if not, it will output User unknown. Even more dangerous is that when you use the EXPN command to find an email address with an alias, all email addresses that are copied by this alias will be returned. If the httpd configuration is unreasonable or there is a problem with the CGI program, the user can illegally obtain the host information and access the file system. The security issues in WWW services are mainly in CGI programs.

There are two special points for SGI machines. First, after the IRIX installation, there are several system default users who do not have a password. Please pay attention to the administrators of the SGI machine. Second, if you install the IRIX WWW server, please pay attention to its default home page to prevent it from publishing those that should not be Announced news.

The above is all about how Unix systems manage security. For system administrators, it is important to strengthen security awareness. If Unix fails, be able to determine whether it is a mechanical failure or an artificial attack.