UNIX System Administration Handbook - Evi Nemeth [385]
There are some steps you can take to make your system somewhat more resistant to attack. Even so, several fundamental flaws in the UNIX model ensure that you will never reach security nirvana:
• UNIX is optimized for convenience and doesn’t make security easy or natural. UNIX was designed by researchers, for researchers, and its philosophy stresses easy manipulation of data in a networked, multiuser environment.
• UNIX security is effectively binary: you are either a powerless user, or you’re root. UNIX facilities such as setuid execution tend to confer total power all at once. Slight lapses in security can compromise entire systems.
• Most administrative functions are implemented outside the kernel, where they can be inspected and tampered with. Hackers have broad access to the system.
The first edition of this book was published just months after the 1988 “Internet Worm” gained national attention after catching a large number of sites (including ours) off guard. At the time, it seemed that Robert Morris, Jr., the worm’s author, had unleashed an inexcusable plague on the neighborly Internet community.
In reality, the worm caused little actual damage and increased security awareness on the Internet more than any other event to date. Once again, we were painfully reminded that good fences make good neighbors. A number of excellent tools for use by system administrators (as well as a formal organization for handling incidents of this nature) came into being as a result.
Many known security holes in UNIX will never be fixed, and others have been fixed by some vendors but not by all. In addition, many sites are a release or two behind, either because localization is too troublesome or because they do not subscribe to their vendor’s software maintenance plan. When a vendor fixes a security hole, the window of opportunity for hackers does not disappear overnight.
It might seem that UNIX security should gradually improve over time as security problems are discovered and corrected, but unfortunately this does not seem to be the case. System software is growing ever more complicated, hackers are becoming better and better organized, and computers are connecting more and more intimately on the Internet. Security is an ongoing battle that can never really be won.
Remember, too, that
The more secure your system, the more miserable you and your users will tend to be.
21.1 SEVEN COMMON-SENSE RULES OF SECURITY
Effective system security has its roots in common sense and is a lot like dealing with an infestation of mice in your house. Here are seven rules you might use:
• Don’t leave things that are likely to be interesting to mice lying on the kitchen table overnight. Cheese and peanut butter are excellent mouse getters.
• Plug the holes that mice are using to get into the house. If they can’t get in, they won’t bother you.
• Don’t provide places within the house for mice to build nests. Piles of dirty clothes on the floor make good nests.
• Set traps along walls where you often see mice out of the corner of your eye.
• Check the traps daily to rebait them and to dispose of squashed mice. Full traps don’t catch mice, and they smell.
• Avoid using commercial bait-and-kill poisons to deal with the situation. These can leave you with dead mice in your walls or kill your dog. Traditional snap traps are best.
• Get a cat!
You can use these same seven rules (well, slightly modified) to secure your UNIX systems. Here’s how you might rewrite them:
• Don’t put files on your system that are likely to be interesting to hackers or to nosy employees. Trade secrets, personnel files, payroll data, election results, etc., must be handled carefully if they’re on-line. Securing such information cryptographically will provide a far higher degree of security than simply trying