OS Hardening Justin Whitehead Francisco Robles. ECE 4112 - Internetwork Security OS Hardening...
-
Upload
nigel-chambers -
Category
Documents
-
view
216 -
download
2
Transcript of OS Hardening Justin Whitehead Francisco Robles. ECE 4112 - Internetwork Security OS Hardening...
OS Hardening
Justin WhiteheadFrancisco Robles
OS Hardening
• Installing kernel/software patches and configuring a system in order to prevent attackers from exploiting and attacking your system.
Motivations
• Why? Add security features not present in
default installs– Vendors leave default installs open for more
customizability– Kernel & System level patches – work for
known and unknown bugs
Bugs/Exploits in software
How
• Patches Apply security patches to Linux kernel Apply bug patches to software
• Security tools Extra system logs and auditing
• System rules and policies Restrict user privileges Disabling unnecessary processes
The Best in Hardening…
• GRsecurity Kernel patch Features
– Non-Executable Stack– Change root (chroot) hardening– /tmp race prevention– Extensive auditing – Additional randomness in the TCP/IP stack – /proc restrictions
Hardening Utilities
• Bastille Linux www.bastille-linux.org Automated security
program, Security wizard
– SUID restrictions– SecureInetd– DoS attack detection
and prevention– Automated firewall
scripting– User privileges– Education
Common Issues and Exploits
• Stack-based attacks• /proc• /tmp• SUID• TCP Sequence Numbers
/proc
• /proc is a pseudo file system used for the kernel-level modules to send and retrieve information to and from processes
• Some files changeable, but primarily read-only but still allows users to gather information on specific processes.
/proc Solutions
• grsecurity /proc rights restrictions that don't leak
information about process owners Option to hide kernel processes /proc filedescriptor/memory protection
/tmp exploits
• /tmp directory is used by many programs to create and access files.
• Do not need permissions to create files
• Programs using /tmp must be carefully written in order to avoid exploits
/tmp exploits
• Race Condition Replacing a file during the time a
program accesses it and opens it.– Allows attacker to manipulate program with
their own data, “winning the race”
Performing a race attack on a symlink can allow an attacker to create a file somewhere else on the system– Attackers can also gain root access
/tmp Solutions
• GRsecurity Places restrictions on hardlinks/symlinks
• Bastille Each process using /tmp gets its own
safe /tmp directory
SUID Exploits
• SUID Set-User ID – allows processes to be
executed with the permissions of its owner, not the user running it
Example: passwd• SUID programs can be exploited to
gain root access Bad inputs Buffer overflows
SUID solutions
• Bastille Disables many SUID programs it
believes users should not run anyways– mount, umount?– Up to admin
TCP/IP Stack randomization
• Initial sequence numbers can be guessed or discovered by attackers Allows session hijacking IP spoofing
• Security patches attempt to add more randomization to initial sequence numbers grsecurity
What you will be doing
• Base RH 8.0 Install Run a series of exploits and collect TCP
traffic data
• Applying patch to kernel, recompiling kernel
• Configuring system with Bastille Linux
Before and After
• Port scan• TCP data capture• Running a stack exploit• Running /tmp and SUID exploits• Comparing User Privileges
SUID programs Access to gcc /proc
Base Install
• RH 8.0• Telnet, FTP, and other insecure inetd
services running• No firewall• No RH updates• Minimum security settings
GR Security Patch
• Apply patch to kernel, rebuild kernel Perform stack exploit Perform port scan Record differences in /proc Perform /tmp exploit Compare results to base install
Bastille-Linux
• Install and run Configure SecureInetd daemon Disable problematic daemons and SUID
programs Configure firewall Enable /tmp security
• Repeat previous tests