Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
Practical Unix & Internet Security, 3rd Edition
A Note Regarding Supplemental Files
Preface
Unix “Security”?
What This Book Is
What This Book Is Not
Third-Party Security Tools
Scope of This Book
Which Unix System?
Versions Covered in This Book
“Secure” Versions of Unix
Conventions Used in This Book
Comments and Questions
Acknowledgments
Third Edition
Second Edition
First Edition
A Note to Would-Be Attackers
I. Computer Security Basics
1. Introduction: Some Fundamental Questions
What Is Computer Security?
What Is an Operating System?
What Is a Deployment Environment?
Summary
2. Unix History and Lineage
History of Unix
Multics: The Unix Prototype
The Birth of Unix
Unix escapes AT&T
Unix goes commercial
The Unix Wars: Why Berkeley 4.2 over System V
Unix Wars 2: SVR4 versus OSF/1
Free Unix
FSF and GNU
Minix
Xinu
Linux
NetBSD, FreeBSD, and OpenBSD
Businesses adopt Unix
Second-Generation Commercial Unix Systems
What the Future Holds
Security and Unix
Expectations
Software Quality
Add-on Functionality Breeds Problems
The Failed P1003.1e/2c Unix Security Standard
Role of This Book
Summary
3. Policies and Guidelines
Planning Your Security Needs
Types of Security
Trust
Risk Assessment
Steps in Risk Assessment
Identifying assets
Identifying threats
Review Your Risks
Cost-Benefit Analysis and Best Practices
The Cost of Loss
The Probability of a Loss
The Cost of Prevention
Adding Up the Numbers
Best Practices
Convincing Management
Policy
The Role of Policy
Standards
Guidelines
Some Key Ideas in Developing a Workable Policy
Assign an owner
Be positive
Remember that employees are people too
Concentrate on education
Have authority commensurate with responsibility
Be sure you know your security perimeter
Pick a basic philosophy
Defend in depth
Risk Management Means Common Sense
Compliance Audits
Outsourcing Options
Formulating Your Plan of Action
Choosing a Vendor
Get a referral and insist on references
Beware of soup-to-nuts
Insist on breadth of background
People
“Reformed” hackers
Monitoring Services
Final Words on Outsourcing
The Problem with Security Through Obscurity
Keeping Secrets
Responsible Disclosure
Summary
II. Security Building Blocks
4. Users, Passwords, and Authentication
Logging in with Usernames and Passwords
Unix Usernames
Authenticating Users
Authenticating with Passwords
Entering your password
Changing your password
Verifying your new password
Changing another user’s password
The Care and Feeding of Passwords
Bad Passwords: Open Doors
Smoking Joes
Good Passwords: Locked Doors
Password Synchronization: Using the Same Password on Many Machines
Writing Down Passwords
How Unix Implements Passwords
The /etc/passwd File
The Unix Encrypted Password System
The traditional crypt ( ) algorithm
Unix salt
crypt16( ), DES Extended, and Modular Crypt Format
The shadow password and master password files
One-Time Passwords
Public Key Authentication
Network Account and Authorization Systems
Using Network Authorization Systems
Viewing Accounts in the Network Database
NIS and NIS+
Kerboros DCE
NetInfo
RADIUS
LDAP
Pluggable Authentication Modules (PAM)
Summary
5. Users, Groups, and the Superuser
Users and Groups
The /etc/passwd File
User Identifiers (UIDs)
Groups and Group Identifiers (GIDs)
The /etc/group file
The Superuser (root)
What the Superuser Can Do
What the Superuser Can’t Do
Any Username Can Be a Superuser
The Problem with the Superuser
The su Command: Changing Who You Claim to Be
Real and Effective UIDs with the su Command
Saved IDs
Other IDs
Becoming the Superuser
Use su with Caution
Using su to Run Commands from Scripts
Restricting su
The su Log
The sulog under Solaris
The sulog under Berkeley Unix
The sulog under Red Hat Linux
Final caution
sudo: A More Restrictive su
Restrictions on the Superuser
Secure Terminals: Limiting Where the Superuser Can Log In
BSD Kernel Security Levels
Linux Capabilities
Summary
6. Filesystems and Security
Understanding Filesystems
UFS and the Fast File System
File contents
Inodes
Directories and links
The Virtual Filesystem Interface
Current Directory and Paths
File Attributes and Permissions
Exploring with the ls Command
File Times
File Permissions
A file permissions example
Directory Permissions
chmod: Changing a File’s Permissions
Setting a File’s Permissions
Calculating octal file permissions
Using octal file permissions
Access Control Lists
The umask
The umask Command
Common umask Values
SUID and SGID
Sticky Bits
SGID and Sticky Bits on Directories
SGID Bit on Files (System V-Derived Unix Only): Mandatory Record Locking
Problems with SUID
SUID Scripts
An example of a SUID attack: IFS and the /usr/lib/preserve hole
Finding All of the SUID and SGID Files
The Solaris ncheck command
Turning Off SUID and SGID in Mounted Filesystems
Device Files
Unauthorized Device Files
Changing a File’s Owner or Group
chown: Changing a File’s Owner
Old and new chown behavior
Use chown with caution
chgrp: Changing a File’s Group
Summary
7. Cryptography Basics
Understanding Cryptography
Roots of Cryptography
Cryptography as a Dual-Use Technology
A Cryptographic Example
Cryptographic Algorithms and Functions
Symmetric Key Algorithms
Cryptographic Strength of Symmetric Algorithms
Key Length with Symmetric Key Algorithms
Common Symmetric Key Algorithms
Attacks on Symmetric Encryption Algorithms
Key search (brute force) attacks
Cryptanalysis
Systems-based attacks
Public Key Algorithms
Uses for Public Key Encryption
Encrypted messaging
Digital signatures
Attacks on Public Key Algorithms
Key search attacks
Analytic attacks
Known versus published methods
Message Digest Functions
Message Digest Algorithms at Work
Uses of Message Digest Functions
HMAC
Attacks on Message Digest Functions
Summary
8. Physical Security for Servers
Planning for the Forgotten Threats
The Physical Security Plan
The Disaster Recovery Plan
Other Contingencies
Protecting Computer Hardware
Protecting Against Environmental Dangers
Fire
Smoke
Dust
Earthquakes
Explosions
Extreme temperatures
Bugs (biological)
Electrical noise
Lightning
Vibration
Humidity
Water
Environmental monitoring
Preventing Accidents
Food and drink
Controlling Physical Access
Raised floors and dropped ceilings
Entrance through air ducts
Glass walls
Defending Against Vandalism
Ventilation holes
Network cables
Network connectors
Utility connections
Defending Against Acts of War and Terrorism
Preventing Theft
Understanding Computer Theft
Laptops and Portable Computers
Locks
Tagging
Laptop Recovery Software and Services
RAM Theft
Encryption
Protecting Your Data
Eavesdropping
Wiretapping
Eavesdropping over local area networks (Ethernet and twisted pairs)
Eavesdropping on 802.11 wireless LANs
Eavesdropping by radio and using TEMPEST
Fiber optic cable
Keyboard monitors
Protecting Backups
Verify your backups
Protect your backups
Sanitizing Media Before Disposal
Sanitizing Printed Media
Protecting Local Storage
Printer buffers
Printer output
X terminals
Function keys
Unattended Terminals
Built-in shell autologout
Screensavers
Key Switches
Story: A Failed Site Inspection
What We Found
Fire hazards
Potential for eavesdropping and data theft
Easy pickings
Physical access to critical computers
Possibilities for sabotage
Nothing to Lose?
Summary
9. Personnel Security
Background Checks
Intensive Investigations
Rechecks
On the Job
Initial Training
Ongoing Training and Awareness
Performance Reviews and Monitoring
Auditing Access
Least Privilege and Separation of Duties
Departure
Other People
Summary
III. Network and Internet Security
10. Modems and Dialup Security
Modems: Theory of Operation
Serial Interfaces
The RS-232 Serial Protocol
Originate and Answer
Baud and bps
Modems and Security
Banners
Caller-ID and Automatic Number Identification
One-Way Phone Lines
Protecting Against Eavesdropping
Kinds of eavesdropping
Eavesdropping countermeasures
Managing Unauthorized Modems with Telephone Scanning and Telephone Firewalls
Telephone scanning
Telephone firewalls
Limitations of scanning and firewalls
Modems and Unix
Connecting a Modem to Your Computer
Setting Up the Unix Device
Checking Your Modem
Originate testing
Answer testing
Privilege testing
Protection of Modems and Lines
Additional Security for Modems
Summary
11. TCP/IP Networks
Networking
The Internet
Today’s Internet
Who’s on the Internet?
Networking and Unix
IP: The Internet Protocol
Internet Addresses
IP networks
Classical network addresses
CIDR addresses
Routing
Hostnames
Format of the hostname
The /etc/hosts file
Packets and Protocols
ICMP
TCP
UDP
Clients and Servers
Name Service
DNS under Unix
Other naming services
IP Security
Using Encryption to Protect IP Networks from Eavesdropping
Hardening Against Attacks
Firewalls and Physical Isolation
Improving Authentication
Authentication and DNS
Authentication and email
¡April Fools! authentication and Netnews
Adding authentication to TCP/IP with ident
Decoy Systems
Summary
12. Securing TCP and UDP Services
Understanding Unix Internet Servers and Services
The /etc/services File
Calling getservbyname( )
Ports cannot be trusted
Starting the Servers
Startup on different Unix systems
Startup examples
The inetd Program
Controlling Access to Servers
Access Control Lists with TCP Wrappers
What TCP Wrappers does
The TCP Wrappers configuration language
Making sense of your TCP Wrappers configuration files
Using a Host-Based Packet Firewall
The ipfw host-based firewall
An ipfw example
Primary Unix Network Services
echo and chargen (TCP and UDP Ports 7 and 19)
systat (TCP Port 11)
FTP: File Transfer Protocol (TCP Ports 20 and 21)
Anonymous FTP
FTP active mode
FTP passive mode
Setting up an FTP server
Restricting FTP with the standard Berkeley FTP server
Setting up anonymous FTP with the standard Unix FTP server
Allowing only FTP access
SSH: The Secure Shell (TCP Port 22)
Host authentication with SSH
Client authentication with SSH
Telnet (TCP Port 23)
SMTP: Simple Mail Transfer Protocol (TCP Port 25)
Configuration files
Security concerns with SMTP banners and commands
SMTP relaying and bulk email (a.k.a. spam)
Overflowing system mailboxes
Delivery to programs
Overall security of Berkeley sendmail versus other MTAs
TACACS and TACACS+ (UDP Port 49)
Domain Name System (DNS) (TCP and UDP Port 53)
DNS zone transfers
DNS nameserver attacks
DNSSEC
DNS best practices
BOOTP: Bootstrap Protocol, and DHCP: Dynamic Host Configuration Protocol (UDP Ports 67 and 68)
TFTP: Trivial File Transfer Protocol (UDP Port 69)
finger (TCP Port 79)
The .plan and .project files
Disabling finger
HTTP, HTTPS: HyperText Transfer Protocol (TCP Ports 80, 443)
POP, POPS: Post Office Protocol, and IMAP, IMAPS: Internet Message Access Protocol (TCP Ports 109, 110, 143, 993, 995)
Sun RPC’s portmapper (UDP and TCP Ports 111)
Identification Protocol (TCP Port 113)
NNTP: Network News Transport Protocol (TCP Port 119)
NTP: Network Time Protocol (UDP Port 123)
Sudden changes in time
An NTP example
SNMP: Simple Network Management Protocol (UDP Ports 161 and 162)
rexec (TCP Port 512)
rlogin and rsh (TCP Ports 513 and 514)
Trusted hosts and users
Specifying trusted hosts with /etc/hosts.equiv and ~/.rhosts
/etc/hosts.lpd file
RIP Routed: Routing Internet Protocol (UDP Port 520)
The X Window System (TCP Ports 6000-6063)
/etc/logindevperm
X security
The xhost facility
Using Xauthority magic cookies
Tunneling X with SSH
RPC rpc.rexd (TCP Port 512)
Communicating with MUDs, Internet Relay Chat (IRC), and Instant Messaging
Managing Services Securely
Monitoring Your Host with netstat
Limitation of netstat and lsof
Monitoring Your Network with tcpdump
Network Scanning
Putting It All Together: An Example
Summary
13. Sun RPC
Remote Procedure Call (RPC)
Sun’s portmap/rpcbind
RPC Authentication
AUTH_NONE
AUTH_UNIX
AUTH_DES
AUTH_KERB
Secure RPC (AUTH_DES)
Secure RPC Authentication
Proving your identity
Using Secure RPC services
Setting the window
Setting Up Secure RPC with NIS
Creating passwords for users
Creating passwords for hosts
Making sure Secure RPC support is running on every workstation
Using Secure RPC
Limitations of Secure RPC
Summary
14. Network-Based Authentication Systems
Sun’s Network Information Service (NIS)
NIS Fundamentals
Including or excluding specific accounts
Importing accounts without really importing accounts
NIS Domains
NIS Netgroups
Setting up netgroups
Using netgroups to limit the importing of accounts
Limitations of NIS
Spoofing RPC
Spoofing NIS
NIS is confused about “+”
Unintended Disclosure of Site Information with NIS
Sun’s NIS+
What NIS+ Does
NIS+ Tables and Other Objects
Using NIS+
Changing your password
When a user’s passwords don’t match
NIS+ Limitations
Kerberos
Kerberos Authentication
Initial login
Using the ticket-granting ticket
Authentication, data integrity, and secrecy
Kerberos 4 versus Kerberos 5
Getting Kerberos
Using Kerberos
Kerberos Limitations
LDAP
LDAP: The Protocol
LDAP Integrity and Reliability
Authentication with LDAP
nss_ldap
pam_ldap
Configuring Authentication with nss_ldap
Setting up the LDAP server
Setting up the LDAP clients
Other Network Authentication Systems
DCE
SESAME
Summary
15. Network Filesystems
Understanding NFS
NFS History
File Handles
The MOUNT Protocol
The NFS Protocol
How NFS creates a reliable filesystem from a best-effort protocol
Hard, soft, and spongy mounts
Connectionless and stateless
NFS and root
NFS Version 3
Server-Side NFS Security
Limiting Client Access: /etc/exports and /etc/dfs/dfstab
/etc/exports
/usr/etc/exportfs
Exporting NFS directories under System V: share and dfstab
The showmount Command
Client-Side NFS Security
Improving NFS Security
Limit Exported and Mounted Filesystems
The example explained
Export Read-Only
Use Root Ownership
Remove Group-Write Permission for Files and Directories
Do Not Export Server Executables
Do Not Export Home Directories
Do Not Allow Users to Log into the Server
Use fsirand
Set the portmon Variable
Use showmount -e
Use Secure NFS
Some Last Comments on NFS
Well-Known Bugs
For Real Security, Don’t Use NFS
Understanding SMB
SMB History
Protocols
Name service
Authentication
File access
Configuring the Samba Server
Samba Server Security
Connecting to the server
User authentication
Authorization
Data integrity and privacy
Samba Client Security
Improving Samba Security
Summary
16. Secure Programming Techniques
One Bug Can Ruin Your Whole Day . . .
The Lesson of the Internet Worm
An Empirical Study of the Reliability of Unix Utilities
What he found
Where’s the beef?
Tips on Avoiding Security-Related Bugs
Design Principles
Coding Standards
Things to Avoid
Before You Finish
Tips on Writing Network Programs
Things to Do
Things to Avoid
Tips on Writing SUID/SGID Programs
Using chroot( )
Tips on Using Passwords
Tips on Generating Random Numbers
Unix Pseudorandom Functions
rand( )
random( )
drand48( ), lrand48( ), and mrand48( )
Picking a Random Seed
A Good Random Seed Generator
Summary
IV. Secure Operations
17. Keeping Up to Date
Software Management Systems
Package-Based Systems
Source-Based Systems
Source code and patches
CVS
Updating System Software
Learning About Patches
Upgrading Distributed Applications
Sensitive Upgrades
Summary
18. Backups
Why Make Backups?
The Role of Backups
What Should You Back Up?
Types of Backups
Guarding Against Media Failure
Replace tapes as needed
Keep your tape drives clean
Verify the backup
How Long Should You Keep a Backup?
Security for Backups
Physical security for backups
Write-protect your backups
Data security for backups
Legal Issues
Deciding Upon a Backup Strategy
Individual Workstation
Backup plan
Retention schedule
Small Network of Workstations and a Server
Backup plan
Retention schedule
Large Service-Based Network with Small Budget
Backup plan
Retention schedule
Large Service-Based Networks with Large Budget
Backup plan
Retention schedule
Backing Up System Files
Which Files to Back Up?
Building an Automatic Backup System
Software for Backups
Simple Local Copies
Simple Archives
Specialized Backup Programs
Network Backup Systems
Encrypting Your Backups
Summary
19. Defending Accounts
Dangerous Accounts
Accounts Without Passwords
Default Accounts
The superuser account
Other accounts
Accounts That Run a Single Command
Open Accounts
Restricted shells
How to set up a restricted account with rsh
Potential problems with restricted shells
Restricted Filesystem with the chroot( ) Jail
Setting up the chroot( ) environment
Limiting network servers
Limiting users
Checking new software
Group Accounts
Monitoring File Format
Restricting Logins
Managing Dormant Accounts
Disabling an Account by Changing the Account’s Password
Changing the Account’s Login Shell
Finding Dormant Accounts
Protecting the root Account
Secure Terminals
The wheel Group
The sudo Program
Trusted Path and Trusted Computing Base
Trusted path
Trusted computing base
One-Time Passwords
Integrating One-Time Passwords with Unix
Token Cards
Codebooks
Administrative Techniques for Conventional Passwords
Assigning Passwords to Users
Constraining Passwords
Password Generators
Shadow Password Files
Password Aging and Expiration
Cracking Your Own Passwords
Joetest: a simple password cracker
The dilemma of password crackers
Algorithm and Library Changes
Account Names Revisited: Using Aliases for Increased Security
Intrusion Detection Systems
Summary
20. Integrity Management
The Need for Integrity
Protecting Integrity
Immutable and Append-Only Files
The chflags command
Kernel security level
Read-Only Filesystems
Detecting Changes After the Fact
The Achilles Heel of Integrity Management Systems
Comparison Copies
Local copies
Remote copies
rdist
Checklists and Metadata
Simple listing
Ancestor directories
Checksums and Signatures
Integrity-Checking Tools
BSD’s mtree and Periodic Security Scans
Packaging Tools
Integrity checking with RPM under Linux
Integrity checking with the BSD pkg_info command
Tripwire
Building Tripwire
Running Tripwire
Summary
21. Auditing, Logging, and Forensics
Unix Log File Utilities
Essential Log Files
Unix syslog
The syslog message
The syslog.conf configuration file
Using syslog in a networked environment
Incorporating syslog into your own programs
Beware false syslog log entries
Rotating Logs with newsyslog
Swatch: A Log File Analysis Tool
Running Swatch
The Swatch configuration file
lastlog File
utmp and wtmp Files
Examining the utmp and wtmp files
The su command and the utmp and wtmp files
last program
Pruning the wtmp file
loginlog File
Process Accounting: The acct/pacct File
Accounting with System V
Accounting with BSD and Linux
messages Log File
Program-Specific Log Files
aculog Log File
sulog Log File
xferlog Log File
access_log Log File
Logging Network Services
Other Logs
Designing a Site-Wide Log Policy
Where to Log
Logging to a printer
Logging across the network
Logging everything everywhere
Handwritten Logs
Per-Site Logs
Exception and activity reports
Informational material
Per-Machine Logs
Exception and activity reports
Informational material
Managing Log Files
Unix Forensics
Shell History
Mail
cron
Network Setup
Summary
V. Handling Security Incidents
22. Discovering a Break-in
Prelude
Rule #1: Don’t Panic
Rule #2: Document
Rule #3: Plan Ahead
Discovering an Intruder
Catching One in the Act
Monitoring commands
Other tip-offs
What to Do When You Catch Somebody
Contacting the Intruder
Monitoring the Intruder
Tracing a Connection
How to Contact the System Administrator of a Computer You Don’t Know
Looking up information by domain
Looking up information by IP address
Contacting a site’s ISP
Alternative contact strategies
Getting Rid of the Intruder
Cleaning Up After the Intruder
Analyzing the Log Files
Preserving the Evidence
Assessing the Damage
New accounts
Changes in file contents
Changes in file and directory protections
New SUID and SGID files
Changes in .rhosts files
Changes to .ssh/authorized_keys files
Changes to the /etc/hosts.equiv file
Changes to startup files
Hidden files and directories
Unowned files
New network services
Never Trust Anything Except Hardcopy
Resuming Operation
Damage Control
Case Studies
Rootkit
Warez
The follow-up
faxsurvey
Summary
23. Protecting Against Programmed Threats
Programmed Threats: Definitions
Security Scanners and Other Tools
Back Doors and Trap Doors
Logic Bombs
Trojan Horses
Trojan horses in mobile code
Terminal-based Trojan horses
Avoiding Trojan horses
Viruses
Worms
Bacteria and Rabbits
Damage
Authors
Entry
Protecting Yourself
Shell Features
PATH attacks
IFS attacks
$HOME attacks
Filename attacks
Startup File Attacks
.login, .profile, /etc/profile
.cshrc, .kshrc, .tcshrc
.emacs
.exrc, .nexrc
.forward, .procmailrc
Other files
Other initializations
Abusing Automatic Mechanisms
crontab entries
inetd.conf
/etc/mail/aliases, aliases.dir, aliases.pag, and aliases.db
The at program
System initialization files
Other files
Issues with NFS
Preventing Attacks
File Protections
World-writable user files and directories
Writable system files and directories
Group-writable files
World-readable backup devices
Shared Libraries
Summary
24. Denial of Service Attacks and Solutions
Types of Attacks
Destructive Attacks
Overload Attacks
Process and CPU Overload Problems
Too many processes
Recovering from too many processes
“No more processes”
Safely halting the system
CPU overload attacks
Swap Space Problems
Swapping to files
Disk Attacks
Disk-full attacks
quot command
inode problems
Using partitions to protect your users
Using quotas
Reserved space
Hidden space
Tree structure attacks
/tmp Problems
Soft Process Limits: Preventing Accidental Denial of Service
Network Denial of Service Attacks
Service Overloading
Message Flooding
Signal Grounding and Jamming
Clogging (SYN Flood Attacks)
Ping of Death and Other Malformed Traffic Attacks
Summary
25. Computer Crime
Your Legal Options After a Break-in
Filing a Criminal Complaint
Choosing jurisdiction
Local jurisdiction
Federal jurisdiction
Federal Computer Crime Laws
Hazards of Criminal Prosecution
The Responsibility to Report Crime
Criminal Hazards
Criminal Subject Matter
Access Devices and Copyrighted Software
Pornography, Indecency, and Obscenity
Amateur Action
Communications Decency Act
Mandatory blocking
Child pornography
Copyrighted Works
Cryptographic Programs and Export Controls
Summary
26. Who Do You Trust?
Can You Trust Your Computer?
Harry’s Compiler
Trusting Trust
What the Superuser Can and Cannot Do
Can You Trust Your Suppliers?
Hardware Bugs
Viruses on the Distribution Disk
Buggy Software
Hacker Challenges
Security Bugs That Never Get Fixed
Network Providers That Network Too Well
Can You Trust People?
Your Employees?
Your System Administrator?
Your Vendor?
Your Consultants?
Response Personnel?
Summary
VI. Appendixes
A. Unix Security Checklist
Preface
Chapter 1: Introduction: Some Fundamental Questions
Chapter 2: Unix History and Lineage
Chapter 3: Policies and Guidelines
Chapter 4: Users, Passwords, and Authentication
Chapter 5: Users, Groups, and the Superuser
Chapter 6: Filesystems and Security
Chapter 7: Cryptography Basics
Chapter 8: Physical Security for Servers
Chapter 9: Personnel Security
Chapter 10: Modems and Dialup Security
Chapter 11: TCP/IP Networks
Chapter 12: Securing TCP and UDP Services
Chapter 13: Sun RPC
Chapter 14: Network-Based Authentication Systems
Chapter 15: Network Filesystems
Chapter 16: Secure Programming Techniques
Chapter 17: Keeping Up to Date
Chapter 18: Backups
Chapter 19: Defending Accounts
Chapter 20: Integrity Management
Chapter 21: Auditing, Logging, and Forensics
Chapter 22: Discovering a Break-In
Chapter 23: Protecting Against Programmed Threats
Chapter 24: Denial of Service Attacks and Solutions
Chapter 25: Computer Crime
Chapter 26: Who Do You Trust?
Appendix A: Unix Security Checklist
Appendix B: Unix Processes
Appendixes C, D, and E: Paper Sources, Electronic Sources, and Organizations
B. Unix Processes
About Processes
Processes and Programs
The ps Command
Listing processes with Solaris and other Unix systems derived from System V
Listing processes with versions of Unix derived from BSD, including Linux
Process Properties
Process identification numbers (PIDs)
Process real and effective UIDs
Process priority and niceness
Process groups and sessions
Creating Processes
Signals
Unix Signals and the kill Command
Killing Multiple Processes at the Same Time
Catching Signals
Killing Rogue or Questionable Processes
Controlling and Examining Processes
gdb: Controlling a Process
gcore: Dumping Core
lsof: Examining a Process
/proc: Examining a Process Directly
pstree: Viewing the Process Tree
Starting Up Unix and Logging In
Process #1: /etc/init
Logging In
Running the User’s Shell
C. Paper Sources
Unix Security References
Other Computer References
Computer Crime and Law
Computer-Related Risks
Computer Viruses and Programmed Threats
Cryptography Books
Cryptography Papers and Other Publications
General Computer Security
Network Technology and Security
Security Products and Services Information
Understanding the Computer Security “Culture”
Unix Programming and System Administration
Miscellaneous References
Security Periodicals
D. Electronic Resources
Mailing Lists
Response Teams and Vendors
A Big Problem with Mailing Lists
Major Mailing Lists
Bugtraq
CERT-advisory
Computer underground digest
Firewalls
Firewall-Wizards
RISKS
SANS Security Alert Consensus
Web Sites
CIAC
CERIAS
FIRST
NIST CSRC
Insecure.org
NIH
Usenet Groups
Software Resources
chrootuid
COPS (Computer Oracle and Password System)
ISS (Internet Security Scanner)
Kerberos
nmap
Nessus
OpenSSH
OpenSSL
portmap
portsentry
SATAN
Snort
Swatch
TCP Wrappers
Tiger
trimlog
Tripwire
wuarchive ftpd
E. Organizations
Professional Organizations
Association for Computing Machinery (ACM)
American Society for Industrial Security (ASIS)
Computer Security Institute (CSI)
Electronic Frontier Foundation (EFF)
Electronic Privacy Information Center (EPIC)
High Technology Crimes Investigation Association (HTCIA)
Information Systems Security Association (ISSA)
International Information Systems Security Certification Consortium, Inc.
The Internet Society
IEEE Computer Society
IFIP, Technical Committee 11
Systems Administration and Network Security (SANS)
USENIX/SAGE
U.S. Government Organizations
National Institute of Standards and Technology (NIST)
National Security Agency (NSA)
Emergency Response Organizations
Department of Justice (DOJ)
Federal Bureau of Investigation (FBI)
U.S. Secret Service (USSS)
Forum of Incident and Response Security Teams (FIRST)
Computer Emergency Response Team Coordination Center (CERT/CC)
Index
About the Authors
Colophon
Copyright
← Prev
Back
Next →
← Prev
Back
Next →