1 - Users and Passwords
2 - Users, Groups, Superuser
3 - UNIX Filesystem
4 - Cryptography
Students' presentations (~15-20 min/student):
- AES encryption (algorithm details, features, strength, area of usage) (Filipe Fonseca, Armindo Pereira, May 24th, 2010)
- DES encryption (algorithm details, features, strength, area of usage)
- BLOWFISH encryption (algorithm details, features, strength, area of usage) (Pawel Sierszen, April 12, 2010)
- RC4 encryption (algorithm details, features, strength, area of usage)
- WiFi weakness - demonstration of unencrypted communication sniffing, WEP weakness, WEP cracking (Robert Rosiak, March 29, 2010)
- TCP attacks (Aleksander Zaras)
- WPA, WPA2 - general info, encryprion stanrards, TKIP (Maciej Radzinski, March 29, 2010)
- WPA, WPA2 - autentication protocols
- HTTPS overview, SSL and TLS encryprion methods (Alina Gaciarek, Adam Dziki, May 17th, 2010)
- IPSEC overview, encryprion and authentication (Jacek Bajor, Piotr Kochowicz, May 10th, 2010)
- EAP and RADIUS
- KERBEROS overview (Michal Olszewski, Rafal Wiktorski, May 17th,C:\DOCUME~1\MARIUSZO\USTAWI~1\TEMP\FTMP000S.6H1\index.html 2010)
- eb security in practice (Juliusz Gonera and Piotr Jakubowski, May 31, 2010)
- ... some proposals from students
- Create a script or scripts allowing to create a set of user accounts based on the list read from input file.
The file should contain in each line the username, real user name and password, e.g.:
The script should create the accounts using standard adduser or useradd commands.
Tips: Refer to openssl command for /etc/shadow like password creation.
- Try to crack the log on process of one of the consoles to collect the file user names and passwords.
The script should replace original login program and behave visually in the same way.
Tips: Check inittab for getty commands. Try to force the command to use your own script instead login program. You probably need to use openssl for checking the user password, and use original login program for finalize log in process.
- Start ssh server. Check server and clinet options, try to enable and disable protocols 1 and 2. Try to disable remote root log on. The ssh daemon should start automatically with your linux
Generate authorization keys and enable logging into selected account using the keys. Try to exchange the keys with neighbor colleague to check if the keys are working over the network.
Tips: in case of log in problems please check the log files.
- Start apache server. Learn a bit about the server configuration. The server should start automatically with the linux
Enable for selected subpage standard HTTP user authentication.
For your server generate self-signed certificate for SSL protocol.
Tips: To generate the certificate first configure your Certification Authority. Use openssl for keys generation. Disable password for final certificate to allow start apache with no interaction required.
- Investigate port forwarding feature in ssh. Check in twin group possibility of local and remote forwarding options. Three ways of forwarding has to be checked:
- local service port forwarded to the remote machine
- remote service port forwarded to the local machine
- third machine service port forwarded to the local machine through the remote machine
Check and try to make the forwarded port available to other machines. Check also some additional options (compression, disabling terminal etc.).
Tips: Use already configured apache service (port 80) for testing. Check the ssh service configuration for allowing remote access to the forwarded port.
- Use ssh for transferring/pipelining the data. Try to create a single-line command to create a compressed backup of selected folder on remove machine. The folder should be backed up with tar, then compressed with gzip, then sent to remote machine through ssh and there saved as a file. Use pipelining the data for whole the process.
Tips: The ssh transfer can be done within the same computer. Use some small size folder, e.g. /bin.
- Investigate how to change process priorities. Write and run any program which consumes as much CPU as possible (e.g. infinite loop). for two such programs try to balance CPU usage altering the process priorities
Next try to write a script which after single run decreases priorities of regular users' processes. When any already has the lowest possible level, it should be killed. Try to avoid creating any intermediate files.
Tips: Check commands nice, renice, ps etc. Check if you can identify a regular used by UID
- Configure the PAM system to enable one time passwors for ssh service. Test two of such a systems available for linux, e.g. OTPW, OPIE.
Tips: The PAM configuration can be found in /etc/pam.conf and /etc/pam.d/. As write access is restricted to libraty folders, download sources of the packages, compile them and use full paths in configuration to new PAM modules
- Write a service startup script to synchronize a computer time. During a startup the script should get a time from an external timeserver (a default gateway can be used) and set it for the system. The script should also synchronize a system time with main board clock during shutdown. Add the script to the standard startup, reboot and power off procedures.
Tips: Check /etc/init.d folder for scripts
- Investigate the way of the firewall configuration (iptables command). Check the following packet processing options: LOG, DROP, REJECT (with different ICMP messages). Try to configure a firewall, which allows all traffic for the safe services (ssh, https) from 'any location', unsafe services (http) from 'local network' and all services from loopback device. For all other combinations services should be denied. Using subchains is preferable.
Tips: telnet is a perfect tool to check answers for dropped and rejected packets. Due to a specific network configuration you may use a given external machine IP from local network as a 'any location', and another one (or local computer IP) as 'local network'. Before you deny all other services, use log option and investigate standard traffic for the computer configuration (NFS, DHCP and others). It is suggested to enable all traffic from or to the servers which IPs are in the log.
Additional exercises from lectures
- Search all SUID and GUID files in the filesystem using find command.
Check a behavior of SUID program creating a SUID copy of editor and bash shell with root owner. Try to use both of them to open any protected file from a regular user account (e.g. /etc/shadow file).
Check lunux system behavior for SUID attributes when the ownership is changed.
- Search all device files (character and block ones) in the filesystem using find command.