Author: Benjamin D. Thomas
week, advisories were released for MMDF, Mozilla, kernel, php4, webmin,
Samba, Ethereal, l2tpd, Mailman, httpd, libxml2, wv, php, Unreal,
Opera, mod_ssl, and freeswan. The distributors include SCO Group,
Conectiva, Debian, Fedora, Gentoo, Mandrake, Red Hat, Slackware, and
SUSE.
Creating New Accounts
You should make
sure to provide user accounts with only the minimal
requirements for the task they need to do. If you provide your
secretary, or another general user, with an account, you might want
them to only have access to a word processor or drawing program, but be
unable to delete data that is not his or hers.
Several good
rules of thumb when allowing other people legitimate
access to your Linux machine:
- Limit access privileges given to new users.
- Be aware when/where they login from, or should be
logging
in from. - Make sure to remove inactive accounts
- The use of the same user-ID on all computers and
networks
is advisable to ease account maintenance, as well as permit
easier analysis of log data (but I’m sure someone will dispute
this). However, it’s practically essential if using NFS. There
are several other protocols that use UIDs for local and remote
access as well. - The creation of group user-IDs should be
absolutely
prohibited. - User accounts also provide accountability, and
this is not
possible with group accounts. - Be sure shadow passwords are enabled. Shadow
passwords is
a method for storing the actual user’s password in a root-owned
file that is not readable by normal users, unlike the regular
password file. This protects the passwords from being read and
cracked using dictionary attacks. Most (if not all) current
distributions already use shadow passwords. - Regularly audit user accounts for invalid or
unused
accounts, expired accounts, etc. - Check for repeated login failures. The
files in
/var/log are invaluable resource to track potential security
problems. - Be sure to enable quotas on machines with many
users, to
prevent denial of service attacks involving filling disk
partitions, or appending exploits to group-writable files. - Disable group accounts, and unused system
accounts, such
as sys or uucp. These accounts should be locked, and given
non-functional shells. - Many local user accounts that are used in
security
compromises are ones that have not been used in months or years.
Since no one is using them they provide the ideal attack vehicle.
Security
Tip
Written by Dave Wreski (dave@guardiandigital.com)
Additional tips are available at the following URL:
http://www.linuxsecurity.com/tips/
Until
next time, cheers!
Benjamin D. Thomas
—–
LinuxSecurity
Feature Extras:
Security
Expert Dave Wreski Discusses Open Source Security – Dave Wreski, CEO of
Guardian Digital, Inc. and respected author of various hardened
security and Linux publications, talks about how Guardian Digital is
changing the face of IT security today. Guardian Digital is perhaps
best known for their hardened Linux solution EnGarde Secure Linux,
touted as the premier secure, open-source platform for its
comprehensive array of general purpose services, such as web, FTP,
email, DNS, IDS, routing, VPN, firewalling, and much more.Catching up with Wietse Venema, creator of Postfix and TCP
Wrapper – Duane Dunston speaks at
length with Wietse Venema on his current research projects at the
Thomas J. Watson Research Center, including his forensics efforts
with The Coroner’s Toolkit. Wietse Venema is best known for the
software TCP Wrapper, which is still widely used today and is
included with almost all unix systems. Wietse is also the
author of the Postfix mail system and the co-author of the very cool
suite of utilities called The Coroner’s Toolkit or “TCT”.[ Linux
Advisory Watch ] – [ Linux Security Week
] – [ PacketStorm
Archive ] – [ Linux
Security Documentation ]
Linux
Advisory
Watch is a comprehensive newsletter that outlines the security
vulnerabilities that have been announced throughout the week. It
includes pointers to updated packages and descriptions of each
vulnerability.[
Subscribe
]
Distribution: | SCO Group | ||
7/22/2004 | MMDF | ||
Multiple vulnerabilities
This patch addresses many buffer overflows and cuts down sharply on |
|||
7/22/2004 | Mozilla | ||
Multiple vulnerabilities
This patch resolves a large number of Mozilla vulnerabilities. |
|||
Distribution: | Conectiva | ||
7/16/2004 | kernel | ||
Multiple vulnerabilities
This patch addresses a large number of kernel vulnerabilities at once. |
|||
7/16/2004 | php4 | ||
Multiple vulnerabilities
This patch resolves two vulnerabilities, each of which can cause the |
|||
7/17/2004 | webmin | ||
ACL bypass vulnerability
A vulnerability in webmin that would allow unauthenticated users to |
|||
7/22/2004 | samba | ||
Buffer overflow vulnerabilities This patch addresses several buffer overruns within samba. |
|||
Distribution: | Debian | ||
7/22/2004 | ethereal | ||
Denial of service vulnerabilities Several denial of service vulnerabilities were discovered in ethereal, |
|||
7/22/2004 | netkit-telnet-ssl Format string vulnerability |
||
Denial of service vulnerabilities Vulnerability in netkit-telnet-ssl could potentially allow a remote |
|||
7/22/2004 | l2tpd | ||
Buffer overflow vulnerability By exploting this, a remote attacker could potentially cause arbitrary |
|||
7/22/2004 | php4 | ||
Multiple vulnerabilties
Patch fixes both a vulnerability to XSS (Cross Site Scripting) and |
|||
7/22/2004 | mailman | ||
Password leak vulnerability A flaw in Mailman 2.1.* allows a remote attacker to retrieve the |
|||
Distribution: | Fedora | ||
7/16/2004 | ethereal | ||
Denial of service vulnerabilities Patches resolve three different ways to crash ethereal. |
|||
7/22/2004 | httpd | ||
Multiple vulnerabilities
This patch fixes a remotely triggerable memory leak and a buffer |
|||
7/22/2004 | libxml2 | ||
Buffer overflow vulnerability Updated libxml2 packages that fix an overflow when parsing remote |
|||
Distribution: | Gentoo | ||
7/16/2004 | wv | ||
Buffer overflow vulnerability A buffer overflow vulnerability exists in the wv library that can allow |
|||
7/16/2004 | kernel | ||
Denial of service vulnerability By sending a malformed TCP packet, an attacker can hang a machine |
|||
7/16/2004 | php | ||
Multiple vulnerabilities
Multiple security vulnerabilities, potentially allowing remote code |
|||
7/22/2004 | Unreal | ||
Tournament Buffer overflow vulnerability Game servers based on the Unreal engine are vulnerable to remote code |
|||
7/22/2004 | Opera | ||
Multiple spoofing vulnerabilities Opera contains three vulnerabilities, allowing an attacker to |
|||
7/22/2004 | kernel | ||
Multiple vulnerabilities
This patch addresses multiple DoS and permission vulnerabilities |
|||
7/22/2004 | l2tpd | ||
Buffer overflow vulnerability A buffer overflow in l2tpd could lead to remote code execution. It is |
|||
7/22/2004 | mod_ssl | ||
Format string vulnerability A bug in mod_ssl may allow a remote attacker to execute arbitrary code |
|||
Distribution: | Mandrake | ||
7/16/2004 | php | ||
Multple vulnerabilities
This patch resolves an improper memory_limit trigger as well as a |
|||
7/16/2004 | ipsec-tools Multiple vulnerabilities |
||
Multple vulnerabilities
This patch fixes both a Denial of Service attack and an ACL escape. |
|||
7/16/2004 | freeswan | ||
Multiple vulnerabilities
This patch resolves a DN impersonation attack as well as a denial of |
|||
Distribution: | Red Hat | ||
7/22/2004 | php | ||
Multiple vulnerabilities
Patch resolves memory_limit bug with allows execution of arbitrary code |
|||
7/22/2004 | samba | ||
Buffer overflow vulnerabilities Updated samba packages that fix buffer overflows, as well as other |
|||
Distribution: | Slackware | ||
7/22/2004 | php | ||
Multiple vulnerabilities
This patch resolves two bug that could potentially allow XSS |
|||
Distribution: | Suse | ||
7/16/2004 | php4/mod_php4 Multiple vulnerabilities |
||
Multiple vulnerabilities
Fixes two vulnerabilities, one that leads to direct code execution, and |
|||