Unix Administration Firewall Intrusion Detection Network Security Hacking MORE HOME

File Permissions

The following pieces of advice should be followed to secure the filesystem:

set /var/wtmp to 644

/var/run/utmp to 644

/var/log to 751

/etc/syslog.conf to 640

/var/log/*log to 640

/etc/ftpusers to 600

/var/log/wtmp to 660

/var/log/lastlog to 640

/etc/passwd to 644

/etc/shadow to 600

/etc/hosts.allow to 644

/etc/hosts.deny to 644

/etc/inetd.conf to 600, owner root

/etc/services to 644, owner root

Further ensure that in /etc/profile you have the line:

ulimit -Sc 0

which disables corefiles!

Make sure root has a umask of 077 or 027!

Root needs to be in the /etc/ftpusers file so he can't login via ftp.

No file in /etc needs to be group writeable. Remove group write permission via the command

chmod -R g-w /etc

Save a list of files with suid and sgid flags:

find / -perm -04000 -type f -exec ls -ld {} \;
find / -perm -02000 -type f -exec ls -ld {} \;
find / -nouser -o -nogroup

CHATTR

Following is a list of all the attributes you can set via the chattr command:

 
A      Atime        The system should not update the atime or 'access time' 
                    of this file.
S      Sync         The system should flush all changes to this file to the
                    physical disk synchronously when an application performs
                    a write to it.
a      Append Only  The system should only allow opening of this file for
                    appending and should not allow any process to overwrite
                    or truncate it. In the case of a directory, processes
                    may create or modify files in the directory but not
                    delete them.
i      Immutable    The system should disallow all changes to this file. In
                    the case of a directory, processes may modify files that
                    already exist in the directory but may neither create
                    nor delete files.
d      No Dump      The dump(8) program should ignore this file when performing
                    filesystem backups.
c      Compress     The system should transparently compress this file. A read
                    from the file should return uncompressed data, and a write
                    to the file should result in data compression before the
                    data reaches the physical disk.
s      Secure Del.  When the system deletes this file it should overwrite all
                    of its data blocks on disk with zero bytes.
u      Undelete     When an application requests deletion of this file,
                    the system should preserve its data blocks in such a way
                    as to allow 'un-deletion' of the file at a later time.

Kernel 2.2. and 2.4 ignore the c, s and u flags!!

Change some attributes:

chattr +i /bin/login

chattr +i /bin/rpm

chattr +i /etc/shadow

chattr +a /var/log/messages

CopyLeft (l) 2003 by Raffael Marty