Sicherheitsmassnahmen für UNIX Dr. Stefan Turowski Systemkolloquium WS 2003/ Januar 2004

UNIX Inhalt  Angriffe  * Folgen  Ziele  Massnahmen  Werkzeuge

UNIX Angriffe  Scans zum Entdecken von Sicherheitslücken (mehrere am Tag)  Spezifisches Angreifen von Schwachstellen (ftpd, named, pop,...)  * Installation von P2P Software  * Installation von Mailern (auch nicht Port 25) zur Verbreitung von SPAM  Eigentreffer durch Dummuser

UNIX * Kurz bevor die Bomben fallen… University Erlangen Nuremberg Martensstrasse 1D Notice ID: Notice Date:7 Nov :03:04 GMT Dear Sir or Madam: BayTSP, Inc. ("BayTSP") swears under penalty of perjury that Paramount Pictures Corporation ("Paramount") has authorized BayTSP to act as its agent for copyright infringement notification. BayTSP's search of the protocol listed below has detected infringements of Paramount's copyright interests on your IP addresses as detailed in the attached report. BayTSP has reasonable good faith belief that use for the material in the manner complained of in the attached report is not authorized by Paramount, its agents, or the law. The information provided herein is accurate to the best of our knowledge. Therefore, this letter is an official notification under provisions of section 512(c) of the U.S. Digital Millennium Copyright Act to effect removal of the detected infringement listed in the attached report. The Berne Convention for the Protection of Literary and Artistic Works, the Universal Copyright Convention, as well as bilateral treaties with other countries allow for protection of client's copyrighted work even beyond U.S. borders. The attached documentation specifies the exact location of the infringement. The Notice ID identifies the copyrighted works by file identification number. We hereby request that you immediately remove or block access to the infringing material, as specified in the copyright laws, and insure the user refrains from using or sharing with others Paramount's materials in the future. Please send us a prompt response indicating the actions you have taken to resolve this matter. Please reference the Notice ID number above in your response. Nothing in this letter shall serve as a waiver of any rights or remedies of Paramount with respect to the alleged infringement, all of which are expressly reserved. Should you need to contact me, I may be reached at the following address: Mark Ishikawa Chief Executive Officer BayTSP, Inc. PO Box 1314 Los Gatos, CA v: f: *pgp public key is available on the key server at ldap://keyserver.pgp.comldap://keyserver.pgp.com Note: The information transmitted in this Notice is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, reproduction, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers. This infringement notice contains an XML tag that can be used to automate the processing of this data. If you would like more information on how to use this tag please contact BayTSP Infringed Work: Core, The -Infringing FileName: (DgE) The Core - Der Innere Kern SVCD 2v2 Deutsch.mpg -Infringing FileSize: Protocol: eDonkey Infringers -IP Address:

UNIX * FAU – Die Oberspammer [ SpamCop V1.3.4 ] This message is brief for your comfort. Please use links below for details. from xx.1yy / 9 Jan :54: xx.1yy is open proxy, see: proxies.html 77d7c04ezhttp:// proxies.html 77d7c04ez [ Offending message ] Return-Path: Delivered-To: x Received: (qmail 2159 invoked by uid 1000); 9 Jan :54: Received: (qmail 2130 invoked from network); 9 Jan :54: Received: from xxx.yyy.uni-erlangen.de (HELO ascade.se) ( xx.1yy) by dsl.redshift.com with SMTP; 9 Jan :54: Message-ID: From: "Catherine Graham" To: x Subject: stronger and harder Date: Fri, 09 Jan :50:

UNIX Ziele  Systeme schwerer angreifbar machen  Systemfunktionalität verbergen  Schaden begrenzen

UNIX Unbedingt erforderlich  Einspielen von Sicherheitspatches sicherstellen  Zugänge zum System kontrollieren  alle Benutzer müssen (gute) Passwörter haben  nur die Dienste dürfen aktiviert sein, die auch wirklich genutzt werden sollen  jeder Dienst muss beschränkt sein auf das geringst mögliche Minimum  physikalische Sicherheit (Console)

UNIX Unterstützende Massnahmen  Logging und Überwachung des Systems  * am RRZE: zentraler syslog  * am RRZE: SRS Netconnect (  Zeitsynchronisation  * am RRZE: NTP  Warnungen einbauen  * am RRZE: /etc/issue  nur verschlüsselte Verbindungen zulassen  * am RRZE: eingeschränkt: rlogin/rsh/telnet/ftp/http(auth)  * gelegentliche Neuinstallation/Update

UNIX Einfache Werkzeuge  autopatch, YOU (Yast Online Update), APT  * am RRZE: voll in Betrieb  tcpwrapper (tcpd, /etc/hosts.allow)  * am RRZE: Einschränkungen für backup, finger, …  * am RRZE: Keine Verbindungen von Systemen ohne DNS-Eintrag  Einstellungen in /etc/default  * am RRZE: login mit Logging

UNIX Profi-Werkzeuge  Personal Firewall (ipfilter, ipchains, iptables)  * am RRZE: ipfilter auf speziellen Systemen  Teergruben  * am RRZE: keine