40


Chapter 4. Workstation Security


The example below illustrates the granularity possible when configuring


sudo


:


%users


localhost=/sbin/shutdown  h now


This example states that any user can issue the command


/sbin/shutdown  h now


as long as they


issue it from the console.


The man page for


sudoers


has a detailed listing of options for this file.


4.5. Available Network Services


While user access to administrative controls is an important issue for system administrators within


an organization, keeping tabs on which network services is of paramount importance to anyone who


installs and operates a Linux system.


Many services under Linux behave as network servers. If a network service is running on a machine,


then a server application called a daemon is listening for connections on one or more network ports.


Each of these servers should be treated as potential avenue of attack.


4.5.1. Risks To Services


Network services can pose many risks for Linux systems. Below is a list of some of the primary issues:


Buffer Overflow Attacks   Services which connect to ports number 0 through 1023 must run as


an administrative user. If the application has an exploitable buffer overflow, an attacker could gain


access to the system as the user running the daemon. Because exploitable buffer overflows exist,


crackers will use automated tools to identify systems with vulnerabilities and once they have gained


access, they will use automated rootkits to maintain their access to the system.


Denial of Service Attacks (DoS)   By flooding a service with requests, a denial of service attack


can bring a system to a screeching halt as it tries to log and answer each request.


Script Vulnerability Attacks   If a server is using scripts to execute server side actions, as Web


servers commonly do, a cracker can mount an attack improperly written scripts. These script vul 


nerability attacks could lead to a buffer overflow condition or allow the attacker to alter files on the


system.


To limit exposure to attacks over the network all services that are unused should be turned off.


4.5.2. Identifying and Configuring Services


To enhance security, most network services installed with Red Hat Linux are turned off by default.


There are, however some notable exceptions:


  lpd


  A printer server, required by the


lpr


command.


  portmap


  A necessary component for the NFS, NIS, and other RPC protocols.


  xinetd


  A super server that controls connections to a host of subordinate servers, such as


wu 


ftpd


,


vsftpd


,


telnet


, and


sgi fam


(which is necessary for the Nautilus file manager).


  sendmail


  The Sendmail mail transport agent is enabled by default, but only listens for connec 


tions on the localhost.


  sshd


  The OpenSSH server, which is a secure replacement for Telnet.








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      web hosting comparison

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Jsp Hosting
Cheap Hosting



Visionwebhosting.net Business web hosting division of Web 
Design Plus. All rights reserved