System Security for Unix Systems
During the past few months, Computer Centre received several reports
from the departments on system intrusion to their PCs running the Linux
operating system. In these cases, although there was no obvious damage
to the data files of the intruded systems, much effort was required in
cleaning up the compromised systems. To help departments avoid any
unauthorized access to their Linux or other Unix systems, the following
paragraphs discuss the general information and guidelines for protecting
Linux or other Unix systems from intruders' attacks.
Exploit of Vulnerable System Commands
Some of the system commands, especially network services daemons (continuously
running programs) on a Unix system, have to be run as privileged
users. A vulnerable command is a continuously running program whereby hackers
can exploit this security loophole, get into the system and then run other
programs pretending they are the real privileged user. For example,
network services daemons such as the FTP
daemon and IMAP
daemon are considered as vulnerable to attacks.
According to the Computer Emergency Response
Team (CERT) Coordination Centre, a Trojan
horse is an apparently useful program containing hidden functions
that can exploit the privileges of the user and posing a security
threat to the system. Contrary to vulnerable system commands, the
trojan horse is intended for hacking the system and is installed by system
users or intruders who can gain unauthorized access to the systems concerned.
In order to protect your system from hacking by others, the following tasks
are recommended to be performed on a regular basis:
visit security advisory web sites and/or subscribe to security alert mailing
lists, e.g., the CERT Coordination Centre
obtain and install the latest security update/patch from your system vendor
disable any unused network services or known vulnerabilities
perform audit on system logs, user accounts and passwords
Getting Help on System Security
If you have any question on Unix security, please visit Computer Centre Unix security FAQ.
For reporting any breach of system security of the computer systems in
the University, you can send your email message to firstname.lastname@example.org
or write to Computer Centre directly. More detailed information can
be also found at the CERT Coordination Centre.
Tel: 2859 7972