From: Dan Rosenberg
Date: Tue, 07 Dec 2010 15:25:36 -0500
Hi all,
I've included here a proof-of-concept local privilege escalation exploit
for Linux. Please read the header for an explanation of what's going
on. Without further ado, I present full-nelson.c:
Happy hacking,
Dan
–snip– Continue reading »
时钟的跃变,有时候会导致很严重的问题。许多应用程序依赖连续的时钟——毕竟,这是一项常见的假定,即,取得的时间是线性的,一些操作,例如数据库事务, 通常会地依赖这样的事实:时间不会往回跳跃。
不幸的是,ntpdate调整时间的方式就是我们所说的”跃变“:在获得一个时间之 后,ntpdate使用settimeofday(2)设置系统时间,这有几个非常明显的问题:
第一,这样做不安全。ntpdate的设 置依赖于ntp服务器的安全性,攻击者可以利用一些软件设计上的缺陷,拿下ntp服务器并令与其同步的服务器执行某些消耗性的任务。由于ntpdate采 用的方式是跳变,跟随它的服务器无法知道是否发生了异常(时间不一样的时候,唯一的办法是以服务器为准)。
第二,这样做不精确。一旦 ntp服务器宕机,跟随它的服务器也就会无法同步时间。与此不同,ntpd不仅能够校准计算机的时间,而且能够校准计算机的时钟。
第三, 这样做不够优雅。由于是跳变,而不是使时间变快或变慢,依赖时序的程序会出错(例如,如果ntpdate发现你的时间快了,则可能会经历两个相同的时刻, 对某些应用而言,这是致命的)。
因而,唯一一个可以令时间发生跳变的点,是计算机刚刚启动,但还没有启动很多服务的那个时候。其余的时 候,理想的做法是使用ntpd来校准时钟,而不是调整计算机时钟上的时间。
=======
dovecot, 经常会在ntpdate修改时间后,进程会死掉,且不能自动重启.
解决dovecot的问题有2个方式,
1. 将校准时间的方式由 ntpdate 更改为ntpd(此方式会有一个daemon常驻后台)
2. 在每次执行utpdate后,延迟一段时间,自动重启dovecot服务.
(这种方式只适用于邮件服务不是关键服务的情况,如果要保证dovecot稳定运行,还是建议采用第1种方式)
在ubuntu server的脚本如下
sudo nano /etc/cron.weekly/timeupdate
然后写入
ntpdate cn.pool.ntp.org
#脚本休息120秒,然后再继续.一般来说一个星期偏差120秒已经是足够足够足够大的了.#
sleep 120
service dovecot restart
Version 1.0
Author: Falko Timme
Last edited: 02/07/2006
In this HowTo I will show how to install and configure DenyHosts. DenyHosts is a tool that observes login attempts to SSH, and if it finds failed login attempts again and again from the same IP address, DenyHosts blocks further login attempts from that IP address by putting it into /etc/hosts.deny. DenyHosts can be run by cron or as a daemon. In this tutorial I will run DenyHosts as a daemon.
From the DenyHosts web site:
“DenyHosts is a script intended to be run by Linux system administrators to help thwart ssh server attacks.
If you've ever looked at your ssh log (/var/log/secure on Redhat, /var/log/auth.log on Mandrake, etc…) you may be alarmed to see how many hackers attempted to gain access to your server. Hopefully, none of them were successful (but then again, how would you know?). Wouldn't it be better to automatically prevent that attacker from continuing to gain entry into your system?
DenyHosts attempts to address the above… “
This tutorial is based on a Debian Sarge system, however, it should apply to other distributions with almost no modifications.
I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you! Continue reading »
Q. Can you explain me log files in Ubuntu Linux and how do I view logs?
A. All logs are stored in /var/log directory under Ubuntu (and other Linux distro).
Linux Log files and usage
=> /var/log/messages : General log messages
=> /var/log/boot : System boot log
=> /var/log/debug : Debugging log messages
=> /var/log/auth.log : User login and authentication logs
=> /var/log/daemon.log : Running services such as squid, ntpd and others log message to this file
=> /var/log/dmesg : Linux kernel ring buffer log
=> /var/log/dpkg.log : All binary package log includes package installation and other information
=> /var/log/faillog : User failed login log file
=> /var/log/kern.log : Kernel log file
=> /var/log/lpr.log : Printer log file
=> /var/log/mail.* : All mail server message log files
=> /var/log/mysql.* : MySQL server log file
=> /var/log/user.log : All userlevel logs
=> /var/log/xorg.0.log : X.org log file
=> /var/log/apache2/* : Apache web server log files directory
=> /var/log/lighttpd/* : Lighttpd web server log files directory
=> /var/log/fsck/* : fsck command log
=> /var/log/apport.log : Application crash report / log file
多数用户只熟悉那些声名遐迩的Linux发行版——如Ubuntu、Red Hat Enterprise Linux、Debian和Mandriva。这些知名发行版通常是设计作为通用桌面操作系统使用或安装到服务器。但除此之外,还有数百个发行版是设计满足特殊需求,或吸引特殊用户。
今天Goodgearguide列举了12款有意思的、但可能默默无闻的发行版,同时笔者也整理了之前文章中的6个发行版/工具,凑够了18个,整理如下:
1、安全是虚幻发行版Damn Vulnerable Linux
官方主页:http://www.damnvulnerablelinux.org/
2、安全至上偏执狂发行版Tinfoil Hat Linux
官方主页:http://tinfoilhat.shmoo.com/
3、CSI取证专用发行版CAINE
官方主页:http://www.caine-live.net/
Continue reading »
vsftpd 是一个 UNIX 类操作系统上运行的服务器的名字,它可以运行在诸如 Linux, BSD, Solaris, HP-UX 以及 IRIX 上面。
本文是vsftpd 2.0.3官方faq的非官方翻译版本。官方faq地址:ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.0.3/FAQ
现在最新的版本是vsftpd 2.3.2,对应的faq地址:ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.2/FAQ
Q1) 我能把用户限制在他的家(home)目录里吗?
A) 能,设置chroot_local_user=YES就行了。
Q2) 为什么设置了chroot_local_user=YES后,符号链接(symlink)就不起作用了呢?
A) 这是chroot()这种安全机制如何工作的结果。可选地,看一下硬连接(hard links),或者,你用的是“现代的”Linux,看一下强大的”mount –bind”命令。
Q3) vsftpd支持限制用户连接数吗?
A1) 是的,间接地。vsftpd是一个基于inetd的服务。如果你使用流行的xinetd,它会支持per-service per-IP的连接限制。”EXAMPLE”目录里有这样的一个例子。
A2) 如果你以”standalone”方式运行vsftpd(方法是设置listen=YES),你可以研究一下max_clients=10这样的设置。 Continue reading »
26. JUN, 2009 CATEGORIES: TOOLS BY ADMIN VIEW COMMENTS
This guide is the second in a 3 part series. Part 1 covers the Installation of Nessus 4 on the Jaunty Jackalope – Ubuntu 9.04. Part 2 is the installation of OpenVas 2 on Ubuntu 9.04 and Part 3 will be a show down between the two vulnerability scanners. A full review with comparison scan results from a number of sample systems. Nessus is a commercial product from Tenable while OpenVas is an open source product that branched from the original Nessus open source project releasing version 1.0 in August 2008.
This guide will cover the installation of the following OpenVas components on Ubuntu 9.04 (Jaunty Jackalope). While specific to 64bit, other versions of Ubuntu should have no trouble with the following steps. Continue reading »
设定规则 iptables -p INPUT DROP
iptables -p OUTPUT ACCEPT
iptables -p FORWARD DROP
1、防止外网用内网IP欺骗
iptables -t nat -A PREROUTING -i eth0 -s 10.0.0.0/8 -j DROP
iptables -t nat -A PREROUTING -i eth0 -s 172.16.0.0/12 -j DROP
iptables -t nat -A PREROUTING -i eth0 -s 192.168.0.0/16 -j DROP
查看nat规则
iptables -t nat -L
2、如果想取消上面所加的规则:
iptables -F -t nat
iptables -X -t nat
iptables -Z -t nat
3、阻止一个IP连接本机
iptables -t filter -A INPUT -s 192.168.1.5 -i eth0 -j DROP Continue reading »