unix refresher
DESCRIPTION
Unix Refresher. This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen C. Hayne. Linus Torvalds. - PowerPoint PPT PresentationTRANSCRIPT
Unix Refresher
This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis.
I have edited and added material.
Dr. Stephen C. Hayne
Linus Torvalds
Was the chief architect behind the Linux kernel. Most of the work was done while he was still an undergraduate. He completed a master’s degree from
the University of Helsinki in Computer Science and now lives and works in the United States.
/etc/passwd, /etc/shadow
/etc/passwd is the master password file for the system.
Login name – the account name Encrypted password field – one-way
encryption of the account password UID – unique numeric identifier for the
account. This is what Unix uses.
/etc/passwd, /etc/shadow
GID – group id number that identifies the group
GECOS info – commonly used to list the name of the account owner
Home directory – user home directory Login Shell – default user shell
/etc/passwd, /etc/shadow
/etc/passwd is world readable. This is what lets CRACK run on it. All you need is access to the system (login, WWW, FTP) and the ability to get a copy of the file.
/etc/shadow is the defense against the CRACK attack
/etc/passwd, /etc/shadow
/etc/shadow contains the encrypted password field and is readable by root only.
An “x” is placed as a marker in the equivalent field in /etc/passwd.
If you can read /etc/shadow, you have root and no need to crack passwords .
System Logs
/etc/syslog.conf contains the locations of the system logs. Can be remote or local.
Syslogd is the syslog daemon. /var/log/syslog, /var/log/secure,
/var/adm/messages, /var/adm/syslog.dated/current/kern.log
/etc/utmp, /etc/wtmp, /etc/lastlog