Table of Contents for
Practical UNIX and Internet Security, 3rd Edition

Version ebook / Retour

Cover image for bash Cookbook, 2nd Edition Practical UNIX and Internet Security, 3rd Edition by Alan Schwartz Published by O'Reilly Media, Inc., 2003
  1. Cover
  2. Practical Unix & Internet Security, 3rd Edition
  3. A Note Regarding Supplemental Files
  4. Preface
  5. Unix “Security”?
  6. Scope of This Book
  7. Which Unix System?
  8. Conventions Used in This Book
  9. Comments and Questions
  10. Acknowledgments
  11. A Note to Would-Be Attackers
  12. I. Computer Security Basics
  13. 1. Introduction: Some Fundamental Questions
  14. What Is Computer Security?
  15. What Is an Operating System?
  16. What Is a Deployment Environment?
  17. Summary
  18. 2. Unix History and Lineage
  19. History of Unix
  20. Security and Unix
  21. Role of This Book
  22. Summary
  23. 3. Policies and Guidelines
  24. Planning Your Security Needs
  25. Risk Assessment
  26. Cost-Benefit Analysis and Best Practices
  27. Policy
  28. Compliance Audits
  29. Outsourcing Options
  30. The Problem with Security Through Obscurity
  31. Summary
  32. II. Security Building Blocks
  33. 4. Users, Passwords, and Authentication
  34. Logging in with Usernames and Passwords
  35. The Care and Feeding of Passwords
  36. How Unix Implements Passwords
  37. Network Account and Authorization Systems
  38. Pluggable Authentication Modules (PAM)
  39. Summary
  40. 5. Users, Groups, and the Superuser
  41. Users and Groups
  42. The Superuser (root)
  43. The su Command: Changing Who You Claim to Be
  44. Restrictions on the Superuser
  45. Summary
  46. 6. Filesystems and Security
  47. Understanding Filesystems
  48. File Attributes and Permissions
  49. chmod: Changing a File’s Permissions
  50. The umask
  51. SUID and SGID
  52. Device Files
  53. Changing a File’s Owner or Group
  54. Summary
  55. 7. Cryptography Basics
  56. Understanding Cryptography
  57. Symmetric Key Algorithms
  58. Public Key Algorithms
  59. Message Digest Functions
  60. Summary
  61. 8. Physical Security for Servers
  62. Planning for the Forgotten Threats
  63. Protecting Computer Hardware
  64. Preventing Theft
  65. Protecting Your Data
  66. Story: A Failed Site Inspection
  67. Summary
  68. 9. Personnel Security
  69. Background Checks
  70. On the Job
  71. Departure
  72. Other People
  73. Summary
  74. III. Network and Internet Security
  75. 10. Modems and Dialup Security
  76. Modems: Theory of Operation
  77. Modems and Security
  78. Modems and Unix
  79. Additional Security for Modems
  80. Summary
  81. 11. TCP/IP Networks
  82. Networking
  83. IP: The Internet Protocol
  84. IP Security
  85. Summary
  86. 12. Securing TCP and UDP Services
  87. Understanding Unix Internet Servers and Services
  88. Controlling Access to Servers
  89. Primary Unix Network Services
  90. Managing Services Securely
  91. Putting It All Together: An Example
  92. Summary
  93. 13. Sun RPC
  94. Remote Procedure Call (RPC)
  95. Secure RPC (AUTH_DES)
  96. Summary
  97. 14. Network-Based Authentication Systems
  98. Sun’s Network Information Service (NIS)
  99. Sun’s NIS+
  100. Kerberos
  101. LDAP
  102. Other Network Authentication Systems
  103. Summary
  104. 15. Network Filesystems
  105. Understanding NFS
  106. Server-Side NFS Security
  107. Client-Side NFS Security
  108. Improving NFS Security
  109. Some Last Comments on NFS
  110. Understanding SMB
  111. Summary
  112. 16. Secure Programming Techniques
  113. One Bug Can Ruin Your Whole Day . . .
  114. Tips on Avoiding Security-Related Bugs
  115. Tips on Writing Network Programs
  116. Tips on Writing SUID/SGID Programs
  117. Using chroot( )
  118. Tips on Using Passwords
  119. Tips on Generating Random Numbers
  120. Summary
  121. IV. Secure Operations
  122. 17. Keeping Up to Date
  123. Software Management Systems
  124. Updating System Software
  125. Summary
  126. 18. Backups
  127. Why Make Backups?
  128. Backing Up System Files
  129. Software for Backups
  130. Summary
  131. 19. Defending Accounts
  132. Dangerous Accounts
  133. Monitoring File Format
  134. Restricting Logins
  135. Managing Dormant Accounts
  136. Protecting the root Account
  137. One-Time Passwords
  138. Administrative Techniques for Conventional Passwords
  139. Intrusion Detection Systems
  140. Summary
  141. 20. Integrity Management
  142. The Need for Integrity
  143. Protecting Integrity
  144. Detecting Changes After the Fact
  145. Integrity-Checking Tools
  146. Summary
  147. 21. Auditing, Logging, and Forensics
  148. Unix Log File Utilities
  149. Process Accounting: The acct/pacct File
  150. Program-Specific Log Files
  151. Designing a Site-Wide Log Policy
  152. Handwritten Logs
  153. Managing Log Files
  154. Unix Forensics
  155. Summary
  156. V. Handling Security Incidents
  157. 22. Discovering a Break-in
  158. Prelude
  159. Discovering an Intruder
  160. Cleaning Up After the Intruder
  161. Case Studies
  162. Summary
  163. 23. Protecting Against Programmed Threats
  164. Programmed Threats: Definitions
  165. Damage
  166. Authors
  167. Entry
  168. Protecting Yourself
  169. Preventing Attacks
  170. Summary
  171. 24. Denial of Service Attacks and Solutions
  172. Types of Attacks
  173. Destructive Attacks
  174. Overload Attacks
  175. Network Denial of Service Attacks
  176. Summary
  177. 25. Computer Crime
  178. Your Legal Options After a Break-in
  179. Criminal Hazards
  180. Criminal Subject Matter
  181. Summary
  182. 26. Who Do You Trust?
  183. Can You Trust Your Computer?
  184. Can You Trust Your Suppliers?
  185. Can You Trust People?
  186. Summary
  187. VI. Appendixes
  188. A. Unix Security Checklist
  189. Preface
  190. Chapter 1: Introduction: Some Fundamental Questions
  191. Chapter 2: Unix History and Lineage
  192. Chapter 3: Policies and Guidelines
  193. Chapter 4: Users, Passwords, and Authentication
  194. Chapter 5: Users, Groups, and the Superuser
  195. Chapter 6: Filesystems and Security
  196. Chapter 7: Cryptography Basics
  197. Chapter 8: Physical Security for Servers
  198. Chapter 9: Personnel Security
  199. Chapter 10: Modems and Dialup Security
  200. Chapter 11: TCP/IP Networks
  201. Chapter 12: Securing TCP and UDP Services
  202. Chapter 13: Sun RPC
  203. Chapter 14: Network-Based Authentication Systems
  204. Chapter 15: Network Filesystems
  205. Chapter 16: Secure Programming Techniques
  206. Chapter 17: Keeping Up to Date
  207. Chapter 18: Backups
  208. Chapter 19: Defending Accounts
  209. Chapter 20: Integrity Management
  210. Chapter 21: Auditing, Logging, and Forensics
  211. Chapter 22: Discovering a Break-In
  212. Chapter 23: Protecting Against Programmed Threats
  213. Chapter 24: Denial of Service Attacks and Solutions
  214. Chapter 25: Computer Crime
  215. Chapter 26: Who Do You Trust?
  216. Appendix A: Unix Security Checklist
  217. Appendix B: Unix Processes
  218. Appendixes C, D, and E: Paper Sources, Electronic Sources, and Organizations
  219. B. Unix Processes
  220. About Processes
  221. Signals
  222. Controlling and Examining Processes
  223. Starting Up Unix and Logging In
  224. C. Paper Sources
  225. Unix Security References
  226. Other Computer References
  227. D. Electronic Resources
  228. Mailing Lists
  229. Web Sites
  230. Usenet Groups
  231. Software Resources
  232. E. Organizations
  233. Professional Organizations
  234. U.S. Government Organizations
  235. Emergency Response Organizations
  236. Index
  237. Index
  238. Index
  239. Index
  240. Index
  241. Index
  242. Index
  243. Index
  244. Index
  245. Index
  246. Index
  247. Index
  248. Index
  249. Index
  250. Index
  251. Index
  252. Index
  253. Index
  254. Index
  255. Index
  256. Index
  257. Index
  258. Index
  259. Index
  260. Index
  261. Index
  262. Index
  263. About the Authors
  264. Colophon
  265. Copyright

The Care and Feeding of Passwords

Although passwords are an important element of computer security, users often receive only cursory instructions about selecting them.

If you are a user, be aware that by picking a bad password—or by revealing your password to an untrustworthy individual—you are potentially compromising your entire computer’s security. If you are a system administrator, you should make sure that all of your users are familiar with the issues raised in this section.

Bad Passwords: Open Doors

A bad password is any password that is easily guessed.

Bad Passwords

When picking passwords, avoid the following:

  • Your name, spouse’s name, or partner’s name

  • Your pet’s name or your child’s name

  • Names of close friends or coworkers

  • The name of your company, school, department, or group

  • Names of your favorite fantasy characters

  • Your boss’s name

  • Anybody’s name

  • The name of the operating system you’re using

  • Information in the GECOS field of your passwd file entry (discussed later in this chapter)

  • The hostname of your computer

  • Your phone number or your license plate number

  • Any part of your Social Security number

  • Anybody’s birth date

  • Other information easily obtained about you (e.g., address, alma mater)

  • Words such as wizard, guru, gandalf, and so on

  • Any username on the computer in any form (as is, capitalized, doubled, etc.)

  • A word in the English dictionary or in a foreign dictionary

  • Place names or any proper nouns

  • Passwords of all the same letter

  • Simple patterns of letters on the keyboard, like qwerty

  • Any of the above spelled backwards

  • Any of the above followed or prepended by a single digit

image with no caption

In the movie Real Genius, a computer recluse named Laszlo Hollyfeld breaks into a top-secret military computer over the telephone by guessing passwords. Laszlo starts by typing the password AAAAAA, then trying AAAAAB, then AAAAAC, and so on, until he finally finds the password that matches.

Real-life computer crackers are far more sophisticated. Instead of typing each password by hand, attackers use their computers to open network connections (or make phone calls) then try the passwords, automatically retrying when they are disconnected. Instead of trying every combination of letters, starting with AAAAAA (or whatever), attackers use hit lists of common passwords such as wizard or demo. Even a modest home computer with a good password-guessing program can try many thousands of passwords in less than a day’s time. Some hit lists used by crackers are several hundred thousand words in length, and include words in many different languages.[35] Therefore, a password that anybody on the planet [36] might use for a password is probably a bad password choice for you.

What’s a popular and bad password? Some examples are your name, your partner’s name, or your parents’ names. Other bad passwords are these names backwards or followed by a single digit. Short passwords are also bad, because there are fewer of them: they are, therefore, more easily guessed. Especially bad are “magic words” from computer games, such as xyzzy. Magic words look secret and unguessable, but in fact they are widely known. Other bad choices include phone numbers, characters from your favorite movies or books, local landmark names, favorite drinks, or famous computer scientists (see the sidebar Bad Passwords for still more bad choices). These words backwards or capitalized are also weak. Replacing the letter “l” (lowercase “L”) with “1” (numeral one), the letter “o” with “0” (numeral zero), or “E” with “3,” adding a digit to either end, or other simple modifications of common words are also weak. Words in other languages are no better. Dictionaries for dozens of languages are available for download on the Internet, including Klingon! There are also dictionaries available that consist solely of words frequently chosen as passwords.

Many versions of Unix make a minimal attempt to prevent users from picking bad passwords. For example, under some versions of Unix, if you attempt to pick a password with fewer than six letters or letters that are all the same case, the passwd program will ask the user to “Please pick a different password” followed by some explanation of the local requirements for a password. After three tries, however, some versions of the passwd program relent and let the user pick a short one. Better versions allow the administrator to require a minimum number of letters, a requirement for nonalphabetic characters, and other restrictions. However, some administrators turn these requirements off because users complain about them! Users will likely complain more loudly if their computers are broken into.

Smoking Joes

Surprisingly, a significant percentage of all computers that do not explicitly check for bad passwords contain at least one account in which the username and the password are the same or extremely similar. Such accounts are often called “Joes.” Joe accounts are easy for crackers to find and trivial to penetrate. Attackers can find an entry point into far too many systems simply by checking every account to see whether it is a Joe account. This is one reason why it is dangerous for your computer to make a list of all of the valid usernames available to the outside world.

Good Passwords: Locked Doors

Good passwords are passwords that are difficult to guess. The best passwords are difficult to guess because they include some subset of the following characteristics:

  • Have both uppercase and lowercase letters

  • Have digits and/or punctuation characters as well as letters

  • May include some control characters and/or spaces[37]

  • Are easy to remember, so they do not have to be written down

  • Are seven or eight characters long.

  • Can be typed quickly, so somebody cannot determine what you type by watching over your shoulder

It’s easy to pick a good password. Here are some suggestions:

  • Take two short words and combine them with a special character or a number, like robot4my or eye-con.

  • Put together an acronym that’s special to you, like Anotfsw (Ack, none of this fancy stuff works), aUpegcbm (All Unix programmers eat green cheese but me), or Ttl*Hiww (Twinkle, twinkle, little star. How I wonder what . . . ).

  • Create a nonsense word by alternating consonant and vowel sounds, like huroMork. These words are usually easy to pronounce and remember.

Of course, robot4my, eye-con, Anotfsw, Ttl*Hiww, huroMork, and aUpegcbm are now all bad passwords because they’ve been printed here.

Number of Passwords

If you exclude a few of the Control characters that should not be used in a password, it is still possible to create more than 5,000,000,000,000,000 unique 8-character passwords in standard Unix.

Combining dictionaries from 10 different major languages, plus those words reversed, capitalized, with a trailing digit appended, and otherwise slightly modified results in less than 5,000,000 words. Adding a few thousand names and words from popular culture hardly changes that.

From this, we can see that users who pick weak passwords are making it easy for attackers—they reduce the search space to less than .000000001% of the possible passwords!

One study of passwords chosen in an unconstrained environment revealed that users chose passwords with Control characters only 1.4% of the time, and punctuation and space characters less than 6% of the time. All of the characters !@#$%^&*( )_-+=[ ]|\;:”?/,.< >'~' can be used in passwords too; although, some systems may treat the “\”, “#”, and “@” symbols as escape (literal), erase, and kill, respectively. (See the footnote to the earlier sidebar entitled “Password: ChangeMe” for a list of the control characters that should not be included in a password.)

Next time one of your users complains because of the password selection restrictions you have in place and proclaims, “I can’t think of any password that isn’t rejected by the program!”, you might want to show him this page.

Password Synchronization: Using the Same Password on Many Machines

If you have several computer accounts, you may wish to have the same password on every machine, so you have less you need to remember. This is called password synchronization.

Password synchronization can increase security if the synchronization allows you to use a good password that is hard to guess. Systems that provide for automated password synchronization make it easy to change your password and have that change reflected everywhere.

On the other hand, password synchronization can decrease security if the password is compromised—suddenly all of your accounts will be vulnerable! Even worse, with password synchronization you may not even know that your password has been compromised!

Password synchronization is also problematic for usernames and passwords that are used for web sites. Many people will use the same username and password at many web sites—even web sites that are potentially being run by untrustworthy individuals or organizations. A simple way to capture usernames and passwords is to set up a web site that offers “a chance of winning $10,000” to anybody who registers with an email address and sets up a password upon entry.

If you are thinking of using the same password on many machines, here are some points to consider:

  • One common approach used by people with accounts on many machines is to have a base password that can be modified for each different machine. For example, your base password might be kxyzzy followed by the first letter of the name of the computer you’re using. On a computer named athena your password would be kxyzzya, while on a computer named ems your password would be kxyzzye. (Don’t, of course, use this exact method of varying your passwords.)

  • Another common approach is to create a different, random password for each machine. Store these passwords in a file that is encrypted—either manually encrypted with a program such as PGP, or automatically encrypted using a “password keeper” program.

  • To simplify access to remote systems, configure your remote accounts for ssh-based access using your ssh key. Make sure that this key is kept encrypted using an ssh passphrase. For day-to-day use, the ssh passphrase is all that needs to be remembered. However, for special cases or when changing the password, you can refer to your encrypted file of all the passwords. See the manual page for ssh-keygen for specific instructions.

Writing Down Passwords

In the movie War Games, there is the canonical story about a high school student who breaks into his school’s academic computer and changes his grades; he does this by walking into the school’s office, looking at the academic officer’s terminal, and noting that the telephone number, username, and password are written on a Post-It note.

Unfortunately, the fictional story has actually happened—in fact, it has happened hundreds of times over.

Users are admonished to “never write down your password.” The reason is simple enough: if you write down your password, somebody else can find it and use it to break into your computer. A password that is memorized is more secure than the same password written down, simply because there is less opportunity for other people to learn it. On the other hand, a password that must be written down to be remembered is quite likely a password that is not going to be guessed easily.[38] If you write your password on something kept in your wallet, the chances of somebody who steals your wallet using the password to break into your computer account are remote indeed.[39]

If you must write down your password, then at least follow a few precautions:

  • When you write it down, don’t identify your password as being a password.

  • Don’t include the name of the account, network name, or phone number of the computer on the same piece of paper as your password.

  • Don’t attach the password to your terminal, keyboard, or any part of your computer.

  • Don’t write your actual password. Instead, disguise it by mixing in other characters or by scrambling the written version of the password in a way that you can remember. For example, if your password is Iluvfred, you might write fredIluv or vfredxyIu or perhaps Last week, I lost Uncle Vernon's `fried rice & eggplant delight' recipe--remember to call him after 3:00 p.m.—to throw off a potential wallet-snatcher.[40]

Of course, you can always encrypt your passwords in a handy file on a machine where you remember the password. Many people store their passwords in an encrypted form on a PDA (handheld computer). The only drawback to this approach is when you can’t get to your file, or your PDA has gone missing (or its batteries die)—how do you log on to report the problem?

Here are some other things to avoid:

  • Don’t record a password online (in a file, database, or email message), unless the password is encrypted.

  • Likewise, never send a password to another user via electronic mail. In The Cuckoo’s Egg, Cliff Stoll tells of how a single intruder broke into system after system by searching for the word password in text files and electronic mail messages. With this simple trick, the intruder learned of the passwords of many accounts on many different computers across the country.

  • Don’t use your login password as the password of application programs. For instance, don’t use your login password as your password to an online MUD (multiuser dungeon) game or for a web server account. The passwords in those applications are controlled by others and may be visible to the wrong people.

  • Don’t use the same password for different computers managed by different organizations. If you do, and an attacker learns the password for one of your accounts, all will be compromised.

    This last “don’t” is very difficult to follow in practice.


[35] In contrast, if you were to program a home computer to try all 6-letter combinations from AAAAAA to ZZZZZZ, it would have to try 308,915,776 different passwords. Guessing one password per second, that would require nearly 10 years. Many Unix systems make this process even slower by introducing delays between login attempts.

[36] If you believe that beings from other planets have access to your computer account, then you should not pick a password that they can guess, either, although this may be the least of your problems.

[37] In some cases, using spaces may be problematic. An attacker who is in a position to listen carefully can distinguish the sound of the space bar from the sound of other keys. Similarly, Shift or Control key combinations have a distinctive sound, but there are many shifted characters and only one space.

[38] We should note that in the 12 years since we originally wrote this, we have added lots more accounts and passwords and have more frequent “senior moments.” Thus, we perhaps should be a little less emphatic about this point.

[39] Unless, of course, you happen to be an important person, and your wallet is stolen or rifled as part of an elaborate plot. In their book Cyberpunks, authors John Markoff and Katie Hafner describe a woman named “Susan Thunder” who broke into military computers by doing just that: she would pick up an officer at a bar and go home with him. Later that night, while the officer was sleeping, Thunder would get up, go through the man’s wallet, and look for telephone numbers, usernames, and passwords.

[40] We hope that last one required some thought. The 3:00 p.m. means to start with the third word and take the first letter of every word. With some thought, you can come up with something equally obscure that you will remember.