FrontPage › solaris_security_1
Âü°í : http://www.sun.com/blueprints
¼± ½Ã½ºÅÛÀÇ º¸¾È¿¡ °ü·ÃµÈ Á¤È®ÇÑ ÇÑ±Û ¹®¼°¡ Á¸ÀçÇÏÁö ¾Ê¾Æ¼ ÀÌ°÷ Àú°÷À» ±â¿ô°Å·Á ÀÛ¼ºÇÑ ³»¿ëÀÔ´Ï´Ù.
Solaris Operating Environment (OE) º¸¾È
Solaris Operating Enviroment (OE)´Â ¾ÆÁÖ ÀϹÝÀûÀÎ ¸ñÀûÀ» °¡Áø operating system ÀÔ´Ï´Ù. ±×·¯´Ï ºñÀΰ¡ Á¢¼Ó°ú ½Ã½ºÅÛ ¼öÁ¤À» ¸·±â À§Çؼ´Â ½Ã½ºÅÛÀûÀÎ º¸¾È Á¶Ä¡¸¦ ÃëÇØÁà¾ß ÇÕ´Ï´Ù.
1. °¢ ÆÄÀÏ ½Ã½ºÅÛÀÇ µ¶¸³
ÆÄÀÏ ½Ã½ºÅÛ ±¸¼º¿¡ ÀÖ¾î /var µð·ºÅ丮´Â µû¸¥ ÆÄÀÏ ½Ã½ºÅÛÀ¸·Î ±¸¼ºÇØ ÁÖ´Â °ÍÀ» ±ÇÀåÇÕ´Ï´Ù. (/) °ú /varÀÌ °°Àº ÆÄÀÏ ½Ã½ºÅÛ¿¡ Á¸ÀçÇÒ °æ¿ì ½É°¢ÇÑ ºÎÀÛ¿ëÀÌ Á¸Àç ÇÒ
¼ö ÀÖ½À´Ï´Ù.
semdmail °ú °°Àº ¼ÒÇÁÆ®¿þ¾î´Â ¹ÞÀº ¸ÞÀÏ°ú º¸³»´Â ¸ÞÀÏÀ» /var µð·ºÅ丮¿¡ Á¸ÀçÇÔÀ¸·Î Çؼ À߸øµÉ °æ¿ì (/) ÆÄÀÏ ½Ã½ºÅÛÀÌ fullÀÌ µÇ¾î ½Ã½ºÅÛ ¿î¿µ¿¡ Å« Àå¾Ö°¡ µÉ ¼ö ÀÖ½À´Ï´Ù.
±×¸®°í log ÆÄÀϵéÀÌ /var¿¡ Á¸ÀçÇÕ´Ï´Ù. ·Î±× µ¥¸ó ¼³Á¤À» À߸øÇÒ °æ¿ì ¶Ç´Â ·Î±×¸¸ Àü¹®ÀûÀ¸·Î °ü¸®ÇÏ´Â ½Ã½ºÅÛÀÏ °æ¿ì, ·Î±× ÆÄÀÏÀÇ Á¸Àç ¸¸À¸·Î ½Ã½ºÅÛ fullÀ̶ó´Â ¿¡·¯ ¸Þ½ÃÁö¸¦ ¹ß»ý ½Ãų ¼ö ÀÖ½À´Ï´Ù.
µ¡ºÙ¿© /usr, /opt µð·ºÅ丮µµ µ¶¸³ ½ÃÄÑÁÖ´Â °ÍÀ» ÃßõÇÕ´Ï´Ù.
2. ÃÖ¼Ò ¼³Ä¡ Ãßõ
°¡´ÉÇϸé Áö¿øÇÏ·Á´Â ¼ºñ½º¸¦ Á¦¿ÜÇÑ ÃÖ¼Ò ¼³Ä¡¸¦ ±ÇÇÕ´Ï´Ù. ÀÌ·¸°Ô ±ÇÀåÇÏ´Â ÀÌÀ¯´Â ÆÐÄ¡ Àû¿ë½Ã, ÇÊ¿ä·Î ÇÏ´Â ÆÐÄ¡ÀÇ ¼ö¸¦ ÁÙÀÏ ¼ö ÀÖÀ¸¸ç, º¸´Ù ÇØÅ·¿¡ ´ëÇÑ ³ëÃâÀÌ Àû¾îÁö°Ô ÇÕ´Ï´Ù.
¶ÇÇÑ ÆÐÄ¡´Â ÁÖ±âÀûÀ¸·Î ÇÊÈ÷ ÇØÁֽñ⠹ٶø´Ï´Ù. ÀÚÁÖ º¸¾È »çÀÌÆ®¿¡ µé·¯ °ü½É ¸ñ·ÏÀ» µÑ·¯º¸´Â ½À°üÀ» µé¿©, ÆÐÄ¡°¡ ÇÊ¿äÇÑ °æ¿ì, ÇÊÈ÷ ÆÐÄ¡¸¦ ±ÇÀåÇÕ´Ï´Ù.
±×¸®°í unbundle softwareÀÇ °æ¿ìµµ ÁÖ±âÀûÀ¸·Î »ìÆ캸 ÆÐÄ¡µµ ÇØÁֱ⸦ ±ÇÀåÇÕ´Ï´Ù.
(unbundle software : ÄÄÆÄÀÏ ¼³Ä¡µÈ ¼ÒÇÁÆ®¿þ¾îµé)
3. ´ÙÀ½Àº ½ºÆÅ ¸Ó½Å¿¡ ´ëÇÑ °æ¿ìÀÔ´Ï´Ù.
½ºÆÅ ¸Ó½ÅÀÇ °æ¿ì Console Security°¡ ÇÊ¿äÇÕ´Ï´Ù. ¾Æ¹«³ª ½Ã½ºÅÛ¿¡ Á¢±ÙÇØ OpenBootProm¿¡ Á¢±ÙÇؼ ½Ã½ºÅÛ¿¡ Á¢±ÙÇÒ ¼ö ÀÖ½À´Ï´Ù. ÀÌ·² °æ¿ì¸¦ ¿øõÀûÀ¸·Î ´ëºñÇØ¾ß ÇÕ´Ï´Ù.
Âü°í·Î "man eeprom"À» ½ÇÇàÇØ manpage¸¦ È®ÀÎÇغÁµµ À̸¦ ÃßõÇÕ´Ï´Ù.
shell> eeprom security-mode=full
Changing PROM password:
New password : aaaaaaa
Retype new password : aaaaaa
Æнº¿öµå º¯°æ
shell> eeprom security-password=
Changing PROM password:
New password : aaaaaaa
Retype new password : aaaaaa
ok ¸ðµå¿¡¼
ok setenv security-mode command
securiry-mode = command
ok setenv security-password aaaaaa
security-password =
EEPROM password ¸ð´ÏÅ͸µ
shell> eeprom security-#badlogins
security-#badlogins=4
ÀÌ·± °á°ú°¡ ³ª¿Ã °æ¿ì eepromÀ¸·Î À߸øµÈ Á¢¼ÓÀÌ 4¹øÀÌ ÀÖ¾ú´Ù´Â °ÍÀ» º¸¿©ÁÝ´Ï´Ù.
EEPROM password ¸ð´ÏÅ͸µ ÃʱâÈ
shell> eeprom security-#badlogins=0
security-#badlogins=0
x86ÀÇ °æ¿ì À̸¦ Áö¿øÇÏÁö ¾Ê½À´Ï´Ù. biosÀÇ password ±â´ÉÀ» ÃßõÇÏ°í ÀÕ½À´Ï´Ù.
4. Keyboard Abort ºÒ°¡´É ÇÏ°Ô Çϱâ
½ºÆÅ ¸Ó½ÅÀÇ °æ¿ì ctrl-A Å°¸¦ »ç¿ëÇعö¸®¸é ½Ã½ºÅÛ¿¡ Àç½Ãµ¿Çعö¸³´Ï´Ù. ÀÌ·± °æ¿ì¸¦ ´ëºñÇϱâ À§Çؼ ctrl-A Å° »ç¿ëÀ» ºÒ°¡´ÉÇÏ°Ô ÇؾßÇÕ´Ï´Ù.
/etc/default/kbd ÆÄÀÏ¿¡¼
#KEYBOARD_ABORT=enable
¸¦
KEYBOARD_ABORT=disable
·Î º¯°æÇÑ´Ù.. (ÁÖ¼® Áö¿ì°í enable¸¦ disable·Î)
X86ÀÎ °æ¿ì ÀÌ·± °ÍÀÌ ÀÖ´Ù°í ³Ñ¾î°¡ÀÚ.. ¼³Á¤Çصµ ¾ÊµË´Ï´Ù. -¤±-;;
5. Set-user-ID ¿Í Set=group-ID ÆÄÀϵéÀ» üũ
³» ½Ã½ºÅÛÀÌ ÇØÅ· ´çÇßÀ» °Í °°´Ù°í »ý°¢ÀÌ µé¸é ¿ì¼± ÀÌ ÆÄÀÏµé ºÎÅÍ È®ÀÎÇØ¾ß ¾È½ÉÇÏ´Ï ¸»ÀÔ´Ï´Ù.
Set-user-ID, Set-group-ID ÆÄÀϵéÀº ¹«¾ùÀΰ¡?
°¡²û ¼ÒÇÁÆ®¿þ¾î¸¦ ½ÇÇàÇÏ´Ù º¸¸é root°¡ ½ÇÇàÇؾßÇÏ´Â °æ¿ì°¡ ¾ÆÁÖ °¡²û ÀÖ´Ù. ÀÌ·± ¼ÒÇÁÆ®¿þ¾îÀÇ °æ¿ì Set-user-ID, Set-group-IDÀÇ Æ۹̼ÇÀ» °¡Áö°í rootÀÇ ÀÛ¾÷À» ÇÕ´Ï´Ù. ÇØÅ· ÆÄÀÏÀÇ °æ¿ì root ½©À» µû±â À§Çؼ ÀÌ·± ÆÄÀÏÀ» ½É¾î ³õ±âµµ ÇÑ´Ù.
rootÀÇ Set-user-ID, Set-group-IDÀÇ Æ۹̼ÇÀ» °¡Áö´Â ÆÄÀϵéÀ» ã´Â ¹æ¹ýÀÔ´Ï´Ù.
shell> find / -type f -perm -u+s -o -perm -g+s -ls
ÀÌ·¸°Ô ¸í·É¾î¸¦ ½ÇÇàÇϸé Set-user-ID, Set-group-ID ÆÄÀϵéÀÌ Ã£¾ÆÁø´Ù. ÀÌ ÆÄÀϵéÀÇ ¸ñ·ÏÀ» ÇØÄ¿°¡ ãÀ» ¼ö ¾ø´Â ´Ù¸¥ °÷¿¡ ¼û°ÜµÎ°Å³ª.. ´Ù¸¥ ½Ã½ºÅÛ¿¡ ÀúÀåÇؼ ÆÄÀÏÀÇ ¸ñ·ÏÀ» º¸Á¸ÇصӴϴÙ.
¸¸¾à ÆÄÀϵéÀÌ º¯Á¶µÇ¾ú´Ù°í »ý°¢ÀÌ µç´Ù¸é checksum Çغ¾´Ï´Ù.
¼±¿¡¼´Â ÀÌ·± ÆÄÀϵ鿡 ´ëÇؼ Fingerprint Database¸¦ ¿î¿µÇÏ°í ÀÖ´Ù.
http://sunsolve.sun.com¿¡ Á¢¼ÓÇؼ ÆÄÀÏ¿¡ ´ëÇÑ chechsumÀ» Fingerprint Database¿Í ºñ±³Çغ¾´Ï´Ù. º¯Á¶ µÇ¾ú´Ù¸é checksum °ªÀÌ ´Ù¸¦ °ÍÀÔ´Ï´Ù.
Âü°í md5sumÀÌ ¾ø¾î¿ä.!
´ç¿¬È÷ ¾ø½À´Ï´Ù. ¼Ö¶ó¸®½º OS¿¡¼´Â ±âº»ÀûÀ¸·Î md5sumÀ» Áö¿øÇÏÁö ¾Ê½À´Ï´Ù. companian CD³ª http://www.gnu.org¿¡¼ textutilsÀ» ¼³Ä¡Çϱ⸦ ±ÇÀåÇÏ°í ÀÖ½À´Ï´Ù.
md5´Â sun.com¿¡¼ ´Ù¿î ¹ÞÀ¸½Ç ¼ö ÀÖÀ¸¸ç ½ºÆÅ¿ë°ú x86¿ë ¸ðµÎ Á¦°øµÇ¾î Áý´Ï´Ù.
sunÀÇ ÇΰÅÇÁ¸°Æ®¿Í ºñ±³ÇÏ¿© ÆÄÀÏÀÇ º¯Á¶ À¯¹«¸¦ °Ë»çÇÒ ¼ö ÀÖ½À´Ï´Ù.
sunsolve.sun.com ¿¡¼ findegrprint °ü·Ã ÆäÀÌÁö¸¦ ¼±ÅÃÇÏ½Ã¸é ´Ù¿î °¡´ÉÇÕ´Ï´Ù.
6. ÇÊ¿ä ¾ø´Â °èÁ¤µéÀ» »èÁ¦
sendmailÀ» ¿î¿µÇÏÁö ¾Ê´Â ¼¹ö¶ó¸é smmsp °èÁ¤Àº ÇÊ¿ä ¾øÀ» °ÍÀÔ´Ï´Ù. ´ç¿¬È÷ ÀÌ·¯ÇÑ °èÁ¤µéÀº Á¦°ÅÇÕ´Ï´Ù. ÀÌ·± °èÁ¤µéÀÌ ¸î°¡Áö Á¸ÀçÇÕ´Ï´Ù.
(lp, uucp, nuucp, smmsp µî..)
°èÁ¤À» »ìÆ캸´Ù. Æнº¿öµå°¡ ¾ø´Â °èÁ¤µéÀÌ ÀÖ½À´Ï´Ù. ("cat /etc/shadow") ÀÌ·¯ÇÑ °èÁ¤µéÀº NP¶ó´Â ½ºÆ®¸µÀÌ ºÙ¾î ÀÖ½À´Ï´Ù. ÀÌ·± ½ºÆ®¸µÀÇ ¶æÀº "no password"ÀÌ´Ù. ±×·¯³ª °¡²û À¼±ÀÇ °ü¸®ÀÚµéÀÌ Æ¯º°ÇÑ ÀÛ¾÷À» ¿øÇÏ´Â °æ¿ìµµ ÀÖ½À´Ï´Ù. ÀÌ·² °æ¿ì -l À̶ó´Â ¿É¼ÇÀ» »ç¿ëÇÕ´Ï´Ù. passwd ¸í·É¾î¿¡¼ -l ¿É¼ÇÀº °èÁ¤ÀÇ Àá±ÝÀ» ÀǹÌÇÕ´Ï´Ù.
shell> passwd -l uucp
ÀÌ·² °æ¿ì Ȥ½Ã¶óµµ ½©·ÎÀÇ Á¢±Ù °¡´É¼ºÀÌ ºÒ°¡´ÉÇØÁý´Ï´Ù.
¶Ç´Ù¸¥ ¹æ¹ýÀ¸·Î´Â ½©À» º¯°æÇÏ´Â ¹æ¹ýÀÔ´Ï´Ù. ½Ã½ºÅÛ¿¡ ¾ø´Â ½©·Î º¯°æÇØ ÁÖ¸é µË´Ï´Ù.
shell> passwd -e uucp
old shell: /sbin/sh
new shell: /usr/bin/true (¶Ç´Â /bin/false)
Âü°í·Î /usr/bin/true, /usr/bin/false¿¡ ´ëÇؼ ¾Æ½Ã°í ½ÍÀ¸½Ã´Ù¸é manÀ» ÃßõÇÕ´Ï´Ù.
ÀÌ ¹æ¹ý±îÁö »ç¿ëÇÑ´Ù¸é uucpÀÇ °èÁ¤À» ÅëÇÑ ½©ÀÇ Á¢±ÙÀÌ °ÅÀÇ ºÒ°¡´ÉÇØÁý´Ï´Ù. (°¡´É ÇÒ¼ö´Â ÀÖ½À´Ï´Ù. -¤±-;)
7. at, cronÀÇ batch º¸¾È
at³ª cronÀÇ °æ¿ì ½ÇÇàÇϱ⠿켱¿¡ at.allow, at.deny, cron.allow, cron.denyÀÇ ÆÄÀÏÀ» ¸ÕÀú °Ë»çÇؼ cronÀº ½ÇÇàµÇ±â ¾Õ¼ cron.allow ÆÄÀÏÀ» »ìÆì¼ ÇØ´ç °èÁ¤ÀÌ cron¿¡ Á¢±ÙÀÌ °¡´ÉÇÑÁö °Ë»çÇÕ´Ï´Ù. À̸¦ Àß È°¿ëÇϵµ·Ï Çغ¾½Ã´Ù.. ÇØ´ç °èÁ¤ ÀÌ¿ÜÀÇ Á¢±ÙÀº ¸·µµ·Ï ÇÕ´Ï´Ù. ¶ÇÇÑ ÇÊ¿ä ¾ø´Â °èÁ¤ÀÏ °æ¿ì Áö¿ó´Ï´Ù.
8. System Default Umask¸¦ º¯°æ
¼Ö¶ó¸®½º 8ÀÇ °æ¿ì ±âº» ½Ã½ºÅÛ ÆÄÀÏ ¸ðµå(default system file mode creation mask)°¡ 000À¸·Î ÁöÁ¤µÇ¾î ÀÖ½À´Ï´Ù. ÀÌ°ÍÀº µ¥¸óÀÌ ÆÄÀÏÀ» »ý¼ºÇÒ ¶§ 666ÀÇ Æ۹̼ÇÀ» °¡Áö´Â ÆÄÀÏÀ» ¸¸µå¹Ç·Î ¾ÆÁÖ À§ÇèÈü´Ï´Ù. ÀÌ°ÍÀ» º¯°æÇϵµ·Ï ÇսôÙ.
shell> echo "umask 022" > /etc/init.d/umask.sh
shell> chmod 744 /etc/init.d/umask.sh
shell> chgrp sys /etc/init.d/umask.sh
shell> for d in /etc/rc?.d; do
ln /etc/init.d/umask.sh $d/S00umask.sh
done
shell>
ºÎÆýà ½Ã½ºÅÛÀÇ umask¸¦ 022·Î ÁöÁ¤ÇÕ´Ï´Ù.
9. NFS º¸¾È
±âº»ÀûÀ¸·Î ¼Ö¶ó¸®½º ³×Æ®¿öÅ© ÆÄÀÏ ½Ã½ºÅÛ(NFS) ¼ºñ½º ½Ã½ºÅÛ¿¡¼´Â Ŭ¶óÀ̾ðÆ® NFS ¼¹ö·Î ºÎÅÍÀÇ ÀÓÀÇÀÇ Æ÷Æ®·Î ºÎÅÍÀÇ Åë½ÅÀ» Çã¶ôÇÕ´Ï´Ù. ±×·¯³ª ÀÌ·¯ÇÑ ¿ä±¸µéÀº º¸¾È¿¡ ¿µÇâÀ» ÁÙ ¼ö ÀÖ½À´Ï´Ù. ±×·¯´Ï ÀÌ·± ¿äûµéÀº privileged system port¸¦ ÅëÇØ ÀÌ·ç¾î Á®¾ßÇÕ´Ï´Ù. ¸¸¾à ½Ã½ºÅÛ¿¡ NFS ¼ºñ½º°¡ ¿î¿ë ÁßÀ̶ó¸é /etc/system ÆÄÀÏ¿¡ ´ÙÀ½À» Ãß°¡ÇØÁà¾ß privileged system port·Î Åë½ÅÇÕ´Ï´Ù.
set nfssrv:nfs_portmon = 1
10. ½ÇÇàÇÒ ¼ö ÀÖ´Â stack (STACK Exploitation)
¸î°¡Áö ÇØÅ· ÇÁ·Î±×·¥µéÀº ¼Ö¶ó¸®½º OE kernel¿¡ Ưº°ÇÑ À̵æÀ» °¡Áö°í ÀÖ½À´Ï´Ù. ¿Ö³ªÇÏ¸é ±âº»ÀûÀ¸·Î "¼Ö¶ó¸®½ºÀÇ ±âº»ÀûÀÎ ¼³Á¤Àº StackÀÌ ExcuteableÇÑ »óÅ·Π¼³Ä¡µÈ´Ù." À̱⠶§¹®ÀÔ´Ï´Ù.
ÀÌ·¯ÇÑ ¹®Á¦µµ ´ÙÀ½ÀÇ ¼³Á¤À» ÅëÇØ stack non-executableÀÇ »óÅ·Π¸¸µé ¼ö ÀÖ½À´Ï´Ù.
/etc/system ÆÄÀÏ¿¡ ´ÙÀ½À» Ãß°¡Çϵµ·Ï ÇսôÙ.
set noexec_user_stack = 1
set noexec_user_stack_log = 1
´ÙÀ½°ú °°ÀÌ noexec_user_stack_log °¡ enable »óÅ·Π¿î¿µ ÁßÀÎ ¼Ö¶ó¸®½ºÀÇ °æ¿ì, ½Ã½ºÅÛÀÇ ·Î±× ÇÁ·Î±×·¥µéÀº stack »óÀÇ execute codeÀÇ ½Ãµµ¸¦ üũÇؼ ¾Ë·ÁÁÝ´Ï´Ù.
ÀÌ´Â exploit ÇÁ·Î±×·¥ÀÇ ÇØÅ· ½Ãµµ¿Í À¯ÀúÀÇ exploit ¹ö±×¸¦ ÀÌ¿ëÇÑ ÇØÅ· ½Ãµµ¸¦ ¾Ë·ÁÁ༠º¸¾È¿¡ »ó´çÇÑ µµ¿òÀ» ÁÝ´Ï´Ù. ÀÌ·¯ÇÑ ½Ã½ºÅÛÀÇ º¸¾ÈÀº ÃÖ½ÅÀÇ ¼Ö¶ó¸®½º exploit ÇÁ·Î±×·¥ÀÇ ÇØÅ· ½Ãµµ¸¦ ·Î±×¿¡ ³²°ÜÁֱ⵵ ÇÕ´Ï´Ù.
·Î±× ¸Þ½ÃÁö
Aug 10 21:57:19 ns unix: sdtcm_convert308 attempt to
execute code on stack by uid 102
ÀÌ°ÍÀº sdtcm_convert ¹öÆÛ¿À¹öÇ÷ÎÀÇ ÆÐÄ¡°¡ µÇ¾î ÀÖÀ» °æ¿ì ³ª¿À´Â ¸Þ½ÃÁöÀÔ´Ï´Ù. ±×·¯³ª ÆÐÄ¡¸¦ ÇÏÁö ¾ÊÀº °æ¿ì ÀÌ·¯ÇÑ stackÀÇ °ø°Ý¿¡ Çã¼ú ÇÒ ¼ö´Â ÀÖ½À´Ï´Ù. ÀÌ ¼³Á¤ÀÌ buffer overflow exploitionÀÇ ¸ðµç °ø°Ý¿¡¼ ÀÚÀ¯·Î¿ï ¼ö ÀÖ´Ù´Â Âø°¢¿¡¼ ¹þ¾î³ª½Ã±â ¹Ù¶ø´Ï´Ù. ±×·¯³ª Non-executable stack´Â ¹öÆÛ °ø°Ý¿¡ Á¶±Ý ´õ À¯µ¿ÀûÀ¸·Î ´ëóÇÒ ¼ö ÀÖ°Ô ÇÕ´Ï´Ù.
ÀÌ ¿É¼ÇÀÌ ¸ðµç buffer overflow exploition ÇÁ·Î±×·¥ÀÇ °ø°ÝÀ» ´Ù ¸·Áö´Â ¸øÇÕ´Ï´Ù. ±×·¯³ª ÀÌ ¿É¼Ç ÇÏ¿¡¼ ¿òÁ÷ÀÌ´Â ½Ã½ºÅÛÀÇ °æ¿ì ´Ù¸¥ ½Ã½ºÅÛ¿¡ ºñÇØ Á¶±Ý´õ º¸¾È È¿À²¼ºÀÌ ³ô´Ù´Â °Í¸¸ ¾Ë¾ÆÁݽôÙ.
Ç×»ó ¿°µÎ¿¡ µÖ¾ßÇÒ ºÎºÐÀº ¿ì¸®´Â Ç×»ó ÃÖ½ÅÀÇ security patch¸¦ Àû¿ëÇØ¾ß ÇÑ´Ù´Â Á¡ÀÔ´Ï´Ù. ÀÌ ºÎºÐÀº ¾Æ¹«¸® °Á¶Çصµ ¸ðÀÚ¶÷ÀÌ ¾ø´Â ºÎºÐÀÔ´Ï´Ù.
ƯÈ÷ ¸ðµç 64 bit ¼Ö¶ó¸®½º ½Ã½ºÅÛÀº non-executable stacks¸¦ Ç×»ó default·Î ÁöÁ¤ÇØ¾ß ÇÕ´Ï´Ù.
11. Core Files º¸¾È
core ÆÄÀÏÀº ½ÇÇàÁßÀÎ ÇÁ·Î¼¼½º°¡ Á¾·á Á÷Àü ³ªÅ¸³»´Â ½Ã±×³¯ µî À¯¿ëÇÑ ¸Þ¸ð¸® À̹ÌÁö Á¤º¸¸¦ °¡Áö°í ÀÖ½À´Ï´Ù. ÀÌ·¯ÇÑ ÀÌÀ¯·Î core ÆÄÀÏÀº ÇÁ·Î±×·¥ ¿¡·¯ÀÇ ¿øÀÎÀ» ÆľÇÇϴµ¥ Á¾Á¾ »ç¿ëµË´Ï´Ù. ±×·¯³ª ÀÌ·¯ÇÑ coreÆÄÀϵµ 2°¡Áö ¹®Á¦Á¡À» °¡Áö°í Àִµ¥ Çϳª´Â µð½ºÅ© ¿ë·®À» Â÷Áö ÇÑ´Ù´Â °Í, ±×¸®°í ¾ÆÁÖ ¹Î°¨ÇÑ Á¤º¸¸¦ °¡Áú ¼ö ÀÖ´Ù´Â ¹®Á¦Á¡ÀÌ ÀÖ½À´Ï´Ù.
¿ì¼± óÀ½ÀÇ °æ¿ì, °Å´ëÇÑ ¿ë·®ÀÇ coreÆÄÀÏ ¹ß»ý½Ã (/) ÆÄÀÏ ½Ã½ºÅÛÀÌ fullÀ̶ó´Â ¿¡·¯¸¦ ¹ß»ý½Ãų ¼öµµ ÀÖ½À´Ï´Ù.
±×·¯³ª À̰ͺ¸´Ù ´õ Áß¿äÇÑ °ÍÀº ¾ÆÁÖ ¹Î°¨ÇÑ Á¤º¸¸¦ °¡Áú ¼ö ÀÖ´Ù´Â Á¡ÀÔ´Ï´Ù.
¸¸¾à °³ÀÎ À¯Àú°¡ °¡Áú ¼ö ¾ø´Â ¹Î°¨ÇÑ Á¤º¸¸¦ coreÆÄÀÏÀÌ °¡Áö°í ÀÖÀ¸¸ç, À̸¦ À¯Àú°¡ °Ë»çÇÑ´Ù¸é ½É°¢ÇÑ ¹®Á¦¸¦ ¹ß»ý ½Ãų ¼ö ÀÖ½À´Ï´Ù.
¿¹·Î ¾î¶² ÇÁ·Î±×·¥ÀÌ ½ÇÇàÁß¿¡ /etc/shadow¿¡ ´ëÇÑ Á¤º¸¸¦ °¡Áö°í Àְųª, ½Ã½ºÅÛÀÇ Áß¿äÇÑ ¼³Á¤ Á¤º¸¸¦ ÀúÀåÇÑü·Î coreÆÄÀÏÀ» ¹ß»ý½ÃÅ°°í Áߴܵȴٸé, core ÆÄÀÏÀº ÀÌ·¯ÇÑ Á¤º¸¸¦ °¡Áøü ¹ß»ýÇÒ °ÍÀÔ´Ï´Ù. ÀÌ·¯ÇÑ °ÍÀ» ¸·±â À§ÇØ ´ÙÀ½°ú °°Àº ¼³Á¤À» ÇØ ÁݽôÙ.
set sys:coredumpsize = 0
ÀÌ·¯ÇÑ º¸¾È ¿øÀÎÀ» À§ÇØ ¼Ö¶ó¸®½º´Â ÀÚ½ÅÀÇ ½Ç ID¿Í ´Ù¸¥ ID¸¦ °¡Áö°í ½ÇÇà ÁßÀÎ ÇÁ·Î¼¼½ºÀÇ core ÆÄÀÏ ¹ß»ý½ÃÅ°Áö ¾ÊÀ» °ÍÀÔ´Ï´Ù.
12. ·Î±× (SYSLOG)
/etc/syslog.conf ÆÄÀÏ¿¡¼
#auth.notice ifdef(`LOGHOST', /var/log/authlog, @loghost)
À§¿Í °°Àº ³»¿ëÀÌ ÁÖ¼® 󸮵Ǿî ÀÖ´Ù. ÃÖ¼ÒÇÑ ´©±º°¡ °èÁ¤ÀÇ ÇØÅ· ½Ãµµ¸¦ ¾Ë·Á¸é ÀúÁ¤µµ´Â ÁÖ¼®À» Áö¿öÁà¾ß ÇÏÁö ¾ÊÀ»±î »ý°¢ÇÕ´Ï´Ù.
ÀûÀº ·®ÀÇ °èÁ¤À» »ç¿ëÇÒ °æ¿ì auth.noticeº¸´Ù´Â auth.debug¸¦ »ç¿ëÇؼ °·ÂÇÏ°Ô ÇØ´ç ½Ã½ºÅÛ¿¡ Á¢±ÙÇÏ´Â ¸ðµç À¯Àú¸¦ °¨½ÃÇÒ ¼öµµ ÀÖ½À´Ï´Ù. ±×·¯³ª ¸¹Àº À¯Àú°¡ ¿À°¡´Â ¼¹öÀÏ °æ¿ì ¾öû³ ·Î±× ÆÄÀÏÀ» »ý¼º ½ÃÅ°¸ç, ½Ã½ºÅÛ¿¡ ¹«¸®ÇÑ ºÎÇϸ¦ ÁÙ ¼ö ÀÖ½À´Ï´Ù.
13. ·Î±×(Application Log Files)
application ÀÇ ·Î±× ÆÄÀϵéÀº ´ÙÀ½°ú °°½À´Ï´Ù.
/var/adm/sulog - /var/bin/su
/var/adm/vold.log - /usr/sbin/vold
/var/adm/wtmpx - /usr/bin/login
/var/cron/log - /usr/sbin/cron
À§ÀÇ ·Î±× ÆÄÀϵéÀ» Á¡°ËÇսôÙ.
¶ÇÇÑ ¼Ö¶ó¸®½º´Â ±âº»ÀûÀ¸·Î /var/adm/loginlog ÆÄÀÏÀ» »ý¼ºÇÏÁö ¾Ê½À´Ï´Ù. ÀÌ ÇÁ·Î±×·¥Àº /usr/bin/loginÀÇ ·Î±× ÆÄÀÏÀ̸ç, ·Î±×ÀÎ ½ÇÆи¦ ÀúÀåÇÏ´Â ÆÄÀÏÀÌ´Ù. ±×·¯´Ï ²À ÆÄÀÏÀ» »ý¼ºÇØ µÖ¾ßÇÕ´Ï´Ù.
14. Login Command
/etc/default/login ÆÄÀÏ¿¡¼
CONSOLE=/dev/console
¶ó´Â ºÎºÐÀÌ ÀÖ½À´Ï´Ù. ÀÌ°ÍÀº rootÀÇ °æ¿ì console Á¢¼Ó¸¸À» °¡´ÉÇÏ°Ô ¼³Á¤ÇÏ´Â °æ¿ìÀÔ´Ï´Ù.
¸¸¾à root°¡ serial device¸¸À» ÅëÇؼ Á¢±ÙÀÌ °¡´ÉÇÏ°Ô ÇÏ·Á¸é
CONSOLE=/dev/ttya
¶ó°í ¼³Á¤ÇØ ÁÖ¸é µË´Ï´Ù.
ÀÌ´Â ¸ðµÎ root °èÁ¤ÀÇ Á÷Á¢ÀûÀÎ ¿ø°Ý Á¢¼ÓÀ» ¸·´Â ¹æ¹ýÀÌ µË´Ï´Ù.
Á÷Á¢ÀûÀÎ Á¢¼ÓÀÌ ºÒ°¡´ÉÀ̶ó´Â ¸»ÀÌÁö °£Á¢ÀûÀÎ ¹æ¹ýÀº ¸ðµç °èÁ¤ÀÌ °¡´ÉÇÕ´Ï´Ù. (su¶ó´Â À¯Æ¿ÀÌ ÀÖ´Â °ÍÀ» »ý°¢ÇÏÀÚ)
¸¸¾à root °èÁ¤ÀÇ ¸ðµç Á÷Á¢ÀûÀÎ Á¢¼ÓÀ» ¸·À¸·Á¸é ´ÙÀ½°ú °°ÀÌ ¼³Á¤ÇØÁÖ¸é µË´Ï´Ù.
CONSOLE=-
ÀÌ·¯ÇÑ ÀÌÀ¯´Â root °èÁ¤ÀÇ Á÷Á¢ÀûÀÎ ³ëÃâÀ» ¸·±â À§ÇÔÀÔ´Ï´Ù.
¼ö ÀÖ½À´Ï´Ù.
±×¸®°í log ÆÄÀϵéÀÌ /var¿¡ Á¸ÀçÇÕ´Ï´Ù. ·Î±× µ¥¸ó ¼³Á¤À» À߸øÇÒ °æ¿ì ¶Ç´Â ·Î±×¸¸ Àü¹®ÀûÀ¸·Î °ü¸®ÇÏ´Â ½Ã½ºÅÛÀÏ °æ¿ì, ·Î±× ÆÄÀÏÀÇ Á¸Àç ¸¸À¸·Î ½Ã½ºÅÛ fullÀ̶ó´Â ¿¡·¯ ¸Þ½ÃÁö¸¦ ¹ß»ý ½Ãų ¼ö ÀÖ½À´Ï´Ù.
¶ÇÇÑ ÆÐÄ¡´Â ÁÖ±âÀûÀ¸·Î ÇÊÈ÷ ÇØÁֽñ⠹ٶø´Ï´Ù. ÀÚÁÖ º¸¾È »çÀÌÆ®¿¡ µé·¯ °ü½É ¸ñ·ÏÀ» µÑ·¯º¸´Â ½À°üÀ» µé¿©, ÆÐÄ¡°¡ ÇÊ¿äÇÑ °æ¿ì, ÇÊÈ÷ ÆÐÄ¡¸¦ ±ÇÀåÇÕ´Ï´Ù.
±×¸®°í unbundle softwareÀÇ °æ¿ìµµ ÁÖ±âÀûÀ¸·Î »ìÆ캸 ÆÐÄ¡µµ ÇØÁֱ⸦ ±ÇÀåÇÕ´Ï´Ù.
(unbundle software : ÄÄÆÄÀÏ ¼³Ä¡µÈ ¼ÒÇÁÆ®¿þ¾îµé)
Âü°í·Î "man eeprom"À» ½ÇÇàÇØ manpage¸¦ È®ÀÎÇغÁµµ À̸¦ ÃßõÇÕ´Ï´Ù.
Changing PROM password:
New password : aaaaaaa
Retype new password : aaaaaa
shell> eeprom security-password=
Changing PROM password:
New password : aaaaaaa
Retype new password : aaaaaa
ok setenv security-mode command
securiry-mode = command
ok setenv security-password aaaaaa
security-password =
shell> eeprom security-#badlogins
security-#badlogins=4
shell> eeprom security-#badlogins=0
security-#badlogins=0
http://sunsolve.sun.com¿¡ Á¢¼ÓÇؼ ÆÄÀÏ¿¡ ´ëÇÑ chechsumÀ» Fingerprint Database¿Í ºñ±³Çغ¾´Ï´Ù. º¯Á¶ µÇ¾ú´Ù¸é checksum °ªÀÌ ´Ù¸¦ °ÍÀÔ´Ï´Ù.
sunÀÇ ÇΰÅÇÁ¸°Æ®¿Í ºñ±³ÇÏ¿© ÆÄÀÏÀÇ º¯Á¶ À¯¹«¸¦ °Ë»çÇÒ ¼ö ÀÖ½À´Ï´Ù.
(lp, uucp, nuucp, smmsp µî..)
¶Ç´Ù¸¥ ¹æ¹ýÀ¸·Î´Â ½©À» º¯°æÇÏ´Â ¹æ¹ýÀÔ´Ï´Ù. ½Ã½ºÅÛ¿¡ ¾ø´Â ½©·Î º¯°æÇØ ÁÖ¸é µË´Ï´Ù.
old shell: /sbin/sh
new shell: /usr/bin/true (¶Ç´Â /bin/false)
shell> chmod 744 /etc/init.d/umask.sh
shell> chgrp sys /etc/init.d/umask.sh
shell> for d in /etc/rc?.d; do
ln /etc/init.d/umask.sh $d/S00umask.sh
done
shell>
ÀÌ·¯ÇÑ ¹®Á¦µµ ´ÙÀ½ÀÇ ¼³Á¤À» ÅëÇØ stack non-executableÀÇ »óÅ·Π¸¸µé ¼ö ÀÖ½À´Ï´Ù.
/etc/system ÆÄÀÏ¿¡ ´ÙÀ½À» Ãß°¡Çϵµ·Ï ÇսôÙ.
set noexec_user_stack_log = 1
ÀÌ´Â exploit ÇÁ·Î±×·¥ÀÇ ÇØÅ· ½Ãµµ¿Í À¯ÀúÀÇ exploit ¹ö±×¸¦ ÀÌ¿ëÇÑ ÇØÅ· ½Ãµµ¸¦ ¾Ë·ÁÁ༠º¸¾È¿¡ »ó´çÇÑ µµ¿òÀ» ÁÝ´Ï´Ù. ÀÌ·¯ÇÑ ½Ã½ºÅÛÀÇ º¸¾ÈÀº ÃÖ½ÅÀÇ ¼Ö¶ó¸®½º exploit ÇÁ·Î±×·¥ÀÇ ÇØÅ· ½Ãµµ¸¦ ·Î±×¿¡ ³²°ÜÁֱ⵵ ÇÕ´Ï´Ù.
execute code on stack by uid 102
¸¸¾à °³ÀÎ À¯Àú°¡ °¡Áú ¼ö ¾ø´Â ¹Î°¨ÇÑ Á¤º¸¸¦ coreÆÄÀÏÀÌ °¡Áö°í ÀÖÀ¸¸ç, À̸¦ À¯Àú°¡ °Ë»çÇÑ´Ù¸é ½É°¢ÇÑ ¹®Á¦¸¦ ¹ß»ý ½Ãų ¼ö ÀÖ½À´Ï´Ù.
ÀûÀº ·®ÀÇ °èÁ¤À» »ç¿ëÇÒ °æ¿ì auth.noticeº¸´Ù´Â auth.debug¸¦ »ç¿ëÇؼ °·ÂÇÏ°Ô ÇØ´ç ½Ã½ºÅÛ¿¡ Á¢±ÙÇÏ´Â ¸ðµç À¯Àú¸¦ °¨½ÃÇÒ ¼öµµ ÀÖ½À´Ï´Ù. ±×·¯³ª ¸¹Àº À¯Àú°¡ ¿À°¡´Â ¼¹öÀÏ °æ¿ì ¾öû³ ·Î±× ÆÄÀÏÀ» »ý¼º ½ÃÅ°¸ç, ½Ã½ºÅÛ¿¡ ¹«¸®ÇÑ ºÎÇϸ¦ ÁÙ ¼ö ÀÖ½À´Ï´Ù.
/var/adm/vold.log - /usr/sbin/vold
/var/adm/wtmpx - /usr/bin/login
/var/cron/log - /usr/sbin/cron
¶ÇÇÑ ¼Ö¶ó¸®½º´Â ±âº»ÀûÀ¸·Î /var/adm/loginlog ÆÄÀÏÀ» »ý¼ºÇÏÁö ¾Ê½À´Ï´Ù. ÀÌ ÇÁ·Î±×·¥Àº /usr/bin/loginÀÇ ·Î±× ÆÄÀÏÀ̸ç, ·Î±×ÀÎ ½ÇÆи¦ ÀúÀåÇÏ´Â ÆÄÀÏÀÌ´Ù. ±×·¯´Ï ²À ÆÄÀÏÀ» »ý¼ºÇØ µÖ¾ßÇÕ´Ï´Ù.
Á÷Á¢ÀûÀÎ Á¢¼ÓÀÌ ºÒ°¡´ÉÀ̶ó´Â ¸»ÀÌÁö °£Á¢ÀûÀÎ ¹æ¹ýÀº ¸ðµç °èÁ¤ÀÌ °¡´ÉÇÕ´Ï´Ù. (su¶ó´Â À¯Æ¿ÀÌ ÀÖ´Â °ÍÀ» »ý°¢ÇÏÀÚ)