Why an OS
MY OS Notes
Operating System Security
With all kind of IT (Information Technology), OS level security is hit.
Altough not my major area of interest, I got very many issues with it.
A dedicated chapter is justified by all those involvments.
Experiencing having that much work to get/find the infromation by my self, and trying to get it well done.
As the subjects are getting classified and documented it amazazes me how much of these subjects should be:
- common known
- already in place
Unix / alikes
Unix (Unix alikes) Security
Many Unix versions and a likes, Linux Android (google) OS-X IOS (apple), are existing.
See: unix family
Dedicated versions info like:
The opengroup specfication is a very good document to common technical approaches like ~ usage(home/user), shell, $ variabels parameters usage, scripting , exit staus
They all share the same fundamentals of:
- users (id-s) , groups (gid-s) as numbers
- files and directory Discretionary access control (DAC)
With all Unix security
information you can build a secure environment at this Unix host-level.
The User administration is by default local on the machine. All keys are identified by the system on numbers id
Natural names are just shown if the administration contains a name for that number.
The key named "root" gets number 0. All access to the system is open for this key. The User and group administration is done with "root".
Everyone is able to view user and group information on the system. Passwords are (if hardennig done well) in hash available to root-level access.
With all EndUser-Standard-Introduction
In an operational system The responsibility to maintain users/groups is moved tot LDAP (or something like BOKS).
The User administration is by default local on the machine. All keys are identified by the system on numbers. gid
Group identifier .
id gid information
User information is somentimes available by ""lsuser (Aix)". Administration files are open.
grep username /etc/passwd
grep username /etc/groups
Group information is sometimes available by ""lsgroup(Aix)". Administration file is open.
grep ^staff: /etc/group
User settings: rlogin login su
These are user settings getting much attention in hardening unix .
Search IBM (aix): aix 61 cmds chuser
Normal switch users is su usage. Login as command can also have the switch user function. linux about - login
Traceablity is not as good as sometimes required. su wiki
rlogin is remote access between Unix-systems. This method is seen as unsafe (no encrypted password usage). Shoul be set to "false". See: rlogin wiki
The login (command and user attribute) is the normal access to Unix-systems using a terminal. It is using the shell typing commands. It is like old PC-DOS age.
unix shell wiki
User settings: AIX
usages (startup autoexec)
User settings: RedHat (fedora)
. profile .bash_profile
setuid setgid, (Posix)
The Posix standard is describing the setuid fucntionality
If the process has appropriate privileges, setuid() shall set the real user ID, effective user ID, and the saved set-user-ID of the calling process to uid.
The rationale is describing the why and how from design view. Not wanting the use the superuser (root) to be used.
With Linux the Posix guideline is followed
Hao Chen David Wagner(University of California at Berkeley), Drew Dean(SRI international). Remark: OpenSSH contains many setuid calls.
Out of the list from: Proceedings of the 11th USENIX Security Symposium, pages 171--190, San Francisco, CA, August 2002.
In the SUA envirnment of Windows the Unix setuid and setgid mechanisms are wel described:
Setuid in Subsystem for UNIX-based Applications
How to control the terminal access uasage with Unix " Secure SHell Demon" sshd is a basic question.
The trick, config file: /etc/ssh/sshd_config
linuxhowtos are some hits. The simple way of managing is becoming clear.
Optional configuration statements are: ALLOWUSERS / ALLOWGROUPS / DENYUSERS / DENYGROUPS.
Defining a membership to a group denying ssh wil prohibit ssh access.
In this way the sshd (terminal) can be limited to al list of groups or users. Notice this part of security is just a config-file.
su - sudo
sudo is a program for Unix-like computer operating systems that allows users to run programs with the security privileges of another user (normally the superuser, or root).
Its name is a concatenation of the su command (which grants the user a shell of another user, normally the superuser) and "do", or take action.
In some cases sudo has completely supplanted the superuser login for administrative tasks, most notably in Linux distributions, such as Fedora and Ubuntu, as well as Apple's Mac OS X.
at the official sudo home site. (Todd C. Miller)
All information is available.
op operator access
op vs sudo
op vs sudo
Boks FoxT ServerControl wiki
is adding keystroke logging.
Has a from sudo different command to switch uiser context. Propagates All keys/passwords to the local machine.
The advantages to direct LDAP are clear.
- No information of implemented access is visible
- No command switching with SAS/connect (and others) possible. Reason not clear
No technical information is available. In dutch: BrochureWatIsBoKS
Searching environment: One difference with normal terminal usage: term=dumb
No meaning just old default terminal type.
Unix DAC, rlogin adm-files
DAC - File Directory access
See wiki: Access_control_list
Discretionary access control
lets a user tell the system how much (or little) access it should permit to a file.
- Security is easy to understand with the indication:
Owner: rwx Group: rwx Public: rwx
Short notation: Owwer:Group rwx rwx --- (not applicable indiacted by -)
- maps(directories) almost the same indication is used.
To make life easier with alle levels and naming conventions a "link" Symbolic_link
(wiki) can be used.
The target file and directory are security still under full control of the OS. Even the complete path is checked, no way to escape these checks when build in correctly.
change owner, restricted to used by root-key.
change group unrestricted command. Requres membership of the new group.
Linux File Permission Confusion pt 1
Linux File Permission Confusion pt 2
The desing of a HFS (Hierarchical File System)
Unix File System
Filesystem Hierarchy Standard
Unix directory structure
has some weird properties.
- Directories can contain directories.
- Files are registrated in directories.
- The directories are handled technical as files having a special atribute.
- Access level of write to the directory is leading to having write/update on files rename creation or deletion
- The whole hierarchal is checked not the only the current file / directory.
- changing a directory level is (sometimes) checking execute access of the directory.
- delete / replace of files can done without rights to the file.
- update access (w) on a file is also requiring update access on the directory.
- chgroup chown and other standard commands are hidden enhanced with security in conventions.
- Questionable is the access to directory level, can be bypasses by own build programs instead of using the command.
GID SetUID sticky-bit
Security of directories are behaving something different. They give access to the descriptive part of files.
Setuid - Symlink race
- The read access to a directory just means no change/update/create to files is allowed
- The execute access to a directory is meaning you can do a change directory. Nothing to do with starting processes.
- You have to more options with directories.
- The SGID -bit (s-indication) is meaning: new files will get the group identification of the directory not the primary group of the creator.
- The Sticky Bit (t-indication) is meaning: files can only be deleted by the creator or the owner of the directory.
- You have a special option with files.
- The Setuid-bit is meaning: the executable will run it process with the privileges of the owner of the file.
Secure usage of this kind of programs is excluding usage and file access by standard users.
is a global approach defining the default DAC settings a new file owned by this key should get.
The classic DAC approach has limitations. New optiosn are being implemented.
- ACL is an addon to DAC replacing it. setfacl.
option to start processes make it possible to start new processes and keep them running after a terminal logoff.
NSF , Unix shares
It was designed to be simple and efficient, not to be secure
It states that sharing data in Linux (Unix like) systems by NSF has risks. This is not expected as the way with using Microsoft Server with sharing is common usage and stated as safe.
Within secure datacenters the risks should be acceptable.
The 9.5 Securing NFS s1-nfs-security
NFSv4 includes ACL support based on the Microsoft Windows NT model, not the POSIX model, because of its features and because it is widely deployed.
Samba, Unix to others shares
The technet of microsoft contains a lot.
How to Shoot Yourself in the Foot with Security, Part 1
How to Shoot Yourself in the Foot with Security, Part 2: To ACL or Not to ACL
wiki.xbmc.org: smb CIFS Samba
SMB/SAMBA/CIFS sharing has many advantages over the other options, ...
samba.org Samba is an important component to seamlessly integrate Linux/Unix Servers and Desktops into Active Directory environments using the winbind daemon.
X11 graphical , X-server - Mouse - call out
X11 is X Windows System
(wiki). The X.org
X was designed to be used over a network...
Due to the ubiquity of support for X software on Unix, Linux and Mac OS X, X is commonly used to run client applications on personal computers even when there is no need for time-sharing.
is built as an additional (application) abstraction layer on top of the operating system kernel
Usage of X11 with server-access is not common practice. You need a X-server program on your desktop-client. The X11 protocol is started from the host using a more typewriter mode terminal.
It also implies of coding the ip-adress of the desktop at the server-side. Wanting to secure your desktop to incoming calls you would register the server ip-adresses.
There is no way of registrating desktops ip-s at hte server-side.
- The state of kenral graphics support jonsmirl/graphics (2005), why renewal x11, opengl is that difficult.
- The Mac OS X 64-bit power, contains X11 Apple is Unix-like.
Unix security limitations
etc/passwd hash shadow- 8 chars limit
Amazingly Unix is very limited with passwords. Just the eight (8) characters are normally used. The longer string-part is ignored. Jumpin into this subject:
The old crypt() routine is till used in compatiblity reasons. A DES algoritmen limiting the hasing. The number of chars is limited from all 256 code to about 52 (digits upper and lowe case chars).
Easy to crack/hack with no additional measures. Even worse is: to get confronted this subject with unexpected behavior. Wondering why something is reacting that way in using machines.
IBM is documenting this with an improvement.
ibm support passwords geater than 8 characters
aix v6r1 security
Also Microsoft mentions it (connecting to unix):
Intro to AD integration
The hash-code and the shadowfile are key elements in protecting the systems integrity
Additonal: Do not usage the standard key of the default isntallation and never ... never .. the standard key-pswd of the default installation.
As time is the major factor. Delay in the login attempts and waringing systems is the best way of defence.
Straight locking out keys can have serious impact. They can be the running service knocking down. In that case a DOS (Denial OF Service) attach is not necessary by the attacker.
This chage of policy can be found at the SANS institute site.
maximum number of groups/key
One unexpected limitation is the maximum number of groups/key (ngroups_max limits.h )
It is changing in different Unix versions but also NFS is affected. It looks like newer systems are eliminating this limitation.
- Open BSD , Mac OS X (2006) = 16
- Open Software Foundation OSF-1 =32
- IBM Aix 6.1=128 7.1 default =128 to be configured to up 2048 /etc/system limits.h
- Linux Kernel above 2.6.3 = 64K older versions = 32
IBM is describing very well what it is doing redbook Aix06 security
Red Hat is a Linux (Unix type) with his own support RED HAT
PAM - LAM
Pluggable_Authentication_Modules are mechanism to change the security system.
It lacks the identification.
IBM is also using LAM aix pluggable
covering a lot technical stuff.
A note 21/154
pam support 9.1 sasauth. And the
bisecag is mentioning ... pam
not getting updated groups
Running processes in Unix are noet getting updated with new group rights when they are deleted or added.
Can be a pitfall whe trying to change to new requirements. You have to restart the service to get it active.
It wil become a serious problem when running for months, a restart is needed an then discovering somewhere in time security groups have been changed without notification.
And not ablw to restart the services again because some rights (groups) are needed.
root usage 2 (toor)
alternate root key to differentiate in work.
alt superuser wiki
Access Control Model
The security systems in Windows 2000 are based on technologies originally developed for Windows NT.
The Access Control Model
is based on:
- User-based authorization
- Discretionary access to securable objects
- Inheritance of permissions
- Auditing of system events
Although more Windows versions exists, just one company is responsible, Microsoft.
A lot of Unix and other techniques are as common knowledge or by regulations the same.
The security of Windows is advanced.
Don´t expect an Admin-account to be a Admin-account when used by a spawner
very process in Windows has some dedicated limitations. The local service account can´t create admins accounts rights. (elevation)
Windows has many different master accounts; domain-admin, local-admin service-account, ...
They are set up for differenr purposes and have different rights. This has far more evoluated then Unix.
To understand it all, it has brought more complexity.
Windows has some limits on the number of keys and group. See:
- kb328889 Users who are members of more than 1,015 groups may fail logon authentication
Windows has a SAM File is it similar to the hash-file of Unix. See:
Managing Directory Security Principals in the .NET Framework 3.5
Windows XP could not start because the following file is missing or corrupt: \WINDOWS\SYSTEM32\CONFIG\SYSTEM
System error: Lsass.exe When trying to update a password the return status indicates that the value provided as the current password is not correct.
kb 307545 How to recover from a corrupted registry that prevents Windows XP from starting
Using the System Key
Where is the password stored in windows 7?
Knowing the way of how it can be opened, measures are to be taken to get it safe.
A roaming profile is designed for using several desktops without losing you personal settings.
With roaming profiles (part of domain ) what ot do if a profile gets corrupted?
Some Links founds:
technect describing xp delprof su,
Strange behavior can occur when profile-registry and mappings are not in sync.
Own experience with firewall.
- not knowing backgrounds implementation at domain, clean up succeeded as followed the descriptions. With deleting of profilelist sub-entries also hkm-users were gone.
- Clean up of user-directories was done.
- After retrying work at the machin, the lsass.exe became very busy. Needing a restart
- On an other amchine (was also logged in same user) after this actions firewall behave different. Some profile setting is automatic shared
as common used tool(s):
Technical by hand: helge/2008/10/16
ff458273 What´s New in Folder Redirection and User Profiles
- opening up regedit
- HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
- Every key get a terrible number. The long numbers are domain based. Look for the human recognizable names
- Register to be cleaned of unwanted (long numbers) related names
- c:\users\ (names) to be cleaned
Is present on the machine as introduced with XP. Knowledge is not very common shared.
cc754986 After you have identified your requirements, and have the information about the network layout and computers available, you can begin to design the GPO settings and rules that will enable you to enforce your requirements on the computers.
cc771920 Netsh Commands for Windows Firewall with Advanced Security
kb/947709 How to use the "netsh advfirewall firewall" context instead of the "netsh firewall" context to control Windows Firewall behavior in Windows Server 2008 and in Windows Vista
The firewall has nested settings enable. Firewall rules defined by the local administrator are merged with firewall rules from GPOs and are applied to the computer.
ook de stores zijn genest)
cc749242 Common Troubleshooting Situations using Windows Firewall with Advanced Security
This name is loop-back definition within TCP/IP. The name resolver should find it.
Instead a firewall pop-up was popping-up.
Still searching the cause of this behavior
Windows DAC & AD
takeown icacls robocopy
Some Microsoft links:
With DACL-s are it is possible to implement a very detailed secuyrity scheme.
Don´t expect these tools to be suppported. In reducing the complextity of security, the network access is ofte set back to the basic share security.
Still you need this. There is much overlapping in files at the windows(desktop) eg with SAS.
icacls.exe and takeown.exe are present at Windows-7 home installations.
The concept of logical link was missing in Windows. In Windows7 it is there: mklink
Encrypted File System
How EFS Works
EFS uses public key encryption in conjunction with symmetric key encryption to provide confidentiality for files that resists all but the most sophisticated methods of attack.
The file encryption key (FEK) — a symmetric bulk encryption key — is used to encrypt the file and is then itself encrypted by using the public key taken from the user's certificate, which is located in the user's profile. The encrypted FEK is stored with the encrypted file and is unique to it. To decrypt the FEK, EFS uses the encryptor's private key which only the file encryptor has.
Unix Posix in Windows
Windows (DOS) has copied much from Unix. Many small diffences that looked to be working away. The slashes / and \ are exchanged, but internet ia forcing the / as standard. md and mkdir are logical equal and with Win7 mkdir also is correct.
posix command with win7 does not exist at my installation
Some Microsoft links and the sponsored developments:
Because programs control the policy for creating files in Windows, files sometimes are created by using names that are not valid or reserved names, such as LPT1 or PRN. This article describes how to delete such files by using the standard user interface.
NOTE: POSIX commands are case sensitive. Drives and folders are referenced differently than in MS-DOS. Windows 2000 and later POSIX commands must use the following usage syntax:
posix /c  IE: posix /c c:\rm.exe -d AUX.
- sua community Subsystem Unix-based Applications
- interix (wiki)
Some Microsoft links:
Some Other links:
SAM Software Asset Management
License management is something different as security: SAM
Implementing SAM protects your software investments and helps you recognize what you have, where it's running, and if your organization is using your assets efficiently.
Windows security limitations
.Net Caspol manifest file
These are advanced and very disturbing approaches. The standard AD security is replaced with a new security mechanisme with new administration.
As not expected to have som effects normally ingored. .Net security is designed for web-access. The local machine is defined to be open. Local intranet is teh samen as networked file-shares and is setup to be closed.
Moving a program form local drive to networked drive is effected by thase policies.
In the .NET Framework version 4, the common language runtime (CLR) is moving away from providing security policy for computers.
Microsoft is recommending the use of Windows Software Restriction Policies as a replacement for CLR security policy.
The information in this topic applies to the .NET Framework version 3.5 and earlier; it does not apply to version 4.0 and later.
For more information about this and other changes, see Security Changes in the .NET Framework 4.
JBOSS Apache WEblogic
PHP is commonly used together with apache (webserver) and Mysql (database)
It has the same issues as all tools installing on an OS.
PHP PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML.
PHP install on Unix
PHP filessytem security
PKI, Token, ACL
PHP is commonly used together with apache (webserver) and Mysql (database)
It has the same issues as all tools installing on an OS.
GUID The term GUID typically refers to various implementations of the universally unique identifier (UUID) standard.
UUID A universally unique identifier (UUID) is an identifier standard used in software construction, standardized by the Open Software Foundation (OSF) as part of the Distributed Computing Environment (DCE).
The intent of UUIDs is to enable distributed systems to uniquely identify information without significant central coordination
PHP filessytem security
A note of IBM securing mobile communications: Tivoli encap
Hack & Hardening
Always: Don not trust everyone on his word - message.
Harmless code (eastern eggs) also as
(wiki) is just funny
(wiki) is the ulitmate goal of a cracked system.
The technical implementation is the same. How can you predict the funny message is harmless?
change password failures
One of the most threatening is involved with wrong or incorrected changes. How do you know sure the new situation is safe? Al lot of technical documentation can be found.
Changing passx routines
Why searched for this? Changed new situation does not work. Found new version checks if login-date is filled and max-age an minage not zero the new password required.
The old situaton did not check everything (security exploit) and new sitaution did not synchronize settings correct (max-age - minage).
Found like a needle in a haystack. It was hurting. Any more security exploits?
Debugging of problems is requiring dedicated tools.
These tools can also open up information that should be kept secret.
truss to find password
Isolated by 3270
SQL injection SQL injection is a technique often used to attack databases through a website.
Lightweight Directory Access Protocol (LDAP) Injection is an attack used to exploit web based applications that construct LDAP statements based on user input.
is the hiding the source. It is popular with malware.
becoming open source debugging / reverse engineering of code to source became possible.
As a reaction wanting hiding the source as license/copyright measure.
XML Denial of Service Attacks and Defenses.
cross site scripting
Generic policies & links
Cracking/hacking passwords can be easy, use secre/ admin/admin. There are many password policies to make it more difficult to guess.
knowing the hash-code and the algoritme, or a way to check, every password can be cracked. It is a matter of time.
Some links: cracking passwords
not validating input
(wiki) This is a special case of violation of memory safety.
(wiki) abuse to run code.
top 25 Software errors
getting out of service
(wiki) In computing, a denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a machine or network resource unavailable to its intended users.
Blocking service accounts
(wiki) abuse to run code.
| Security Sites |
| Redhat: RH intro System administration |
Why an OS
MY OS Notes
© 2012 J.A.Karman (02 mar 2012)
I´m working mostly on other pages at this moment (mar 2012).
Found this was subject to do as dedicated subject. Links and parapgraph´s will be moved to here.
For the most time this page will be a mesh-up. As soon I see the hit-ratio will grow I will do a clean-up. -->