Shulou(Shulou.com)06/01 Report--

In this issue, the editor will bring you two security issues about the Unix network. The article is rich in content and analyzed and described from a professional point of view. I hope you can get something after reading this article.

Security issues for shutdown users.

In recent years, many articles have introduced one of the so-called most secure Unix shutdown users. The main idea is to add the / etc/shutdown command or the / etc/haltsys command to replace the / bin/sh command directly at the end of the shutdown user line in the / etc/passwd file or / bin/sh file. In this way, even if someone knows the password of the shutdown user (or does not set the password of the shutdown user), he cannot enter the Unix system through the shutdown user, and the shutdown user is strictly defined as a super user with and only related to the computer function. This shutdown user has been recognized as the "safest shutdown user".

Compared with other shutdown methods, the security of this user is improved, especially in the stand-alone state, its security is reliable. However, it is a pity that the shutdown user also has some security risks in the Unix network. This is mainly caused by the use of the shutdown user, first of all, because almost all the users in the network need to shut down the user, so the shutdown user often does not set a password or many people hold the password at the same time; on the other hand, if we want to shut down the Unix system, we must make the shutdown user have the authority of super user. In this way, although it is impossible to illegally invade the Unix system by means of Dell key interruption or su commands, it is possible to invade the Unix system by shutting down the user or even enter the sh state of the superuser root by using some network remote commands.

1. Ask questions

Suppose that computer A has a shutdown user name shutdown, and its settings and permissions control are set according to the "safest shutdown user" method, because system administrators, software administrators, and general operators all use this user, so the password is not set. Let the IP address of computer A be 129.15.21.77.

At this point, if you want to attack computer A from another computer (assuming computer B), the goal can be achieved through the "most secure shutdown user" of computer A through the remote command of the Unix system network. First, add the following code to the / etc/hosts file on computer B:

129.15.21.77 hostshut

Then enter any ordinary user on computer B and type the following command:

Rcmd hostshut-l shutdown vi / etc/passwd

Or rcmd hostshut-l shutdown vi / etc/shadow

In this way, the ordinary computer user has opened the password text of all users in computer A, including the root superuser, with the vi command in computer B. Then as long as you change or delete these passwords, you can easily log in to any user of computer A with remote commands such as telnet, rlogin, and so on. If the intruder is a malicious user at this time, the consequences for computer A will be unimaginable.

These are the two security issues of the Unix network shared by the editor. If you happen to have similar doubts, you might as well refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.