PacNOG 6: Nadi, Fiji SERVER SECURITY EXERCISES Notes: ------ * Commands preceded with "$" imply that you should execute the command as a general user - not as root. * Commands preceded with "#" imply that you should be working as root. * Commands with more specific command lines (e.g. "RTR-GW>" or "mysql>") imply that you are executing commands on remote equipment, or within another program. Exercises --------- 1. Determine What's Running ------------------------ Figure out what services are running on your machine and listening to requests from the network. To do this use: $ sudo lsof -i $ sudo netstat --tcp --listening --programs Refer to the man pages for both to fully understand what both commands are doing: # man lsof # man netstat What services are running and listening for connections. Try filling in this form: Service Name Port Listening [Local | Global] ------------ ---- -------------------------- ____________ ____ [ ] [ ] ____________ ____ [ ] [ ] ____________ ____ [ ] [ ] ____________ ____ [ ] [ ] ____________ ____ [ ] [ ] ____________ ____ [ ] [ ] ____________ ____ [ ] [ ] ____________ ____ [ ] [ ] ____________ ____ [ ] [ ] ____________ ____ [ ] [ ] ____________ ____ [ ] [ ] ____________ ____ [ ] [ ] etc... If you do not know what something does, use: $ man ServiceName to find out. 2. Remote Unnecessary Services --------------------------- This is subjective. Up to you to decide what is "unnecessary". To start or stop a service you generally do: $ sudo /etc/init.d/ServiceName start $ sudo /etc/init.d/ServiceName stop This starts or stops the service immediately. To _permanently_ stop a service, even after your machine reboots, you must tell the operating system it is no longer in use. To do this use "update-rc.d" $ man update-rc.d Ubunut/Debian method for adding/removing services. To remove a service do: $ sudo /etc/init.d/ServiceName stop $ sudo update-rc.d -f ServiceName remove But, if you update this package at a later date (i.e. "apt-get udpdate" then apt-get "upgrade" the service will return. To truly remove a service do: $ sudo update-rc.d ServiceName stop ## 0 1 2 3 4 5 6 We'll mention what the "##" is in class. 3. Install nmap ------------ $ sudo apt-get install nmap 3. Scan Your Machine ----------------- Log in to another machine in the classroom. You know the "inst" username and the "inst" password for each classroom machine. So, do: $ ssh inst@192.168.0.NN where NN is the address of a machine other than yours. Ask your neighbor what their IP address if you are unsure. Once logged in on the other machine do: $ sudo nmap -sS -O -v YourMachineIPAddress If namp is not installed, then do so for your neighbor. What do you see? Later in the day you will see how this type of scan can can result in warnings in your logs. 4. Back Up Some Data Using rsync ----------------------------- First go to another machine: $ ssh inst@192.168.0.NN Once logged in do: $ mkdir /tmp/YourIPAddress (i.e., like 192.168.0.22 for pc22) Now log out: $ exit Now back up your /etc/ directory to the remove machine: $ rsync -avzp . inst@192.168.0.NN:/tmp/YourIPAddress/ You'll be prompted for the inst password on that machine. Verify that this actually worked. $ ssh inst@192.168.0.NN $ cd /tmp/YourIPAddress $ ls You should see a lot of files. All the files in your /etc directory now reside on the remote machines /tmp/YourIPAddress directory. Now log out: $ exit And lets make some change to the /etc/ directory on your machine. $ cd /etc Create a file with some data in it: $ sudo touch sample.conf $ sudo chmod 777 sample.conf $ echo "A new file" > sample.conf Now run the rsync command again. $ rsync -avzp . inst@192.168.0.NN:/tmp/YourIPAddress/ You'll see a number of errors permissions, but, also, note that the file "sample.conf" was transferred. Now delete the file: $ sudo rm sample.conf Now we'll use rsync again with a new option. $ rsync -avzp --delete . inst@192.168.0.NN:/tmp/YourIPAddress/ We get more error messages, but at the top of the file list you see that the file sample.conf was deleted from the remote copy. This is a powerful method for doing backups across the network in a secure manner.