Tải bản đầy đủ

OReilly mastering FreeBSD and OpenBSD security mar 2005 ISBN 0596006268

MasteringFreeBSDandOpenBSDSecurity
ByPacoHope,YanekKorff,BrucePotter
...............................................
Publisher:O'Reilly
PubDate:March2005
ISBN:0-596-00626-8
Pages:464

TableofContents|Index|Errata

FreeBSDandOpenBSDareincreasinglygainingtractionineducationalinstitutions,
non-profits,andcorporationsworldwidebecausetheyprovidesignificantsecurity
advantagesoverLinux.Althoughalotcanbesaidfortherobustness,clean
organization,andstabilityoftheBSDoperatingsystems,securityisoneofthemain
reasonssystemadministratorsusethesetwoplatforms.
ThereareplentyofbookstohelpyougetaFreeBSDorOpenBSDsystemoffthe
ground,andallofthemtouchonsecuritytosomeextent,usuallydedicatingachapter
tothesubject.But,assecurityiscommonlynamedasthekeyconcernfortoday's
systemadministrators,asinglechapteronthesubjectcan'tprovidethedepthof
informationyouneedtokeepyoursystemssecure.
FreeBSDandOpenBSDarerifewithsecurity"buildingblocks"thatyoucanputto

use,andMasteringFreeBSDandOpenBSDSecurityshowsyouhow.Bothoperating
systemshavekerneloptionsandfilesystemfeaturesthatgowellbeyondtraditional
Unixpermissionsandcontrols.Thispowerandflexibilityisvaluable,butthecolossal
rangeofpossibilitiesneedtobetackledonestepatatime.Thisbookwalksyou
throughtheinstallationofahardenedoperatingsystem,theinstallationand
configurationofcriticalservices,andongoingmaintenanceofyourFreeBSDand
OpenBSDsystems.
Usinganapplication-specificapproachthatbuildsonyourexistingknowledge,the
bookprovidessoundtechnicalinformationonFreeBSDandOpen-BSDsecuritywith
plentyofreal-worldexamplestohelpyouconfigureanddeployasecuresystem.By
impartingasolidtechnicalfoundationaswellaspracticalknow-how,itenables
administratorstopushtheirserver'ssecuritytothenextlevel.Evenadministratorsin
otherenvironments--likeLinuxandSolaris--canfindusefulparadigmstoemulate.


Writtenbysecurityprofessionalswithtwodecadesofoperatingsystemexperience,
MasteringFreeBSDandOpenBSDSecurityfeaturesbroadanddeepexplanationsof
howhowtosecureyourmostcriticalsystems.WhereotherbooksonBSDsystems
helpyouachievefunctionality,thisbookwillhelpyoumorethoroughlysecureyour
deployments.


MasteringFreeBSDandOpenBSDSecurity
ByPacoHope,YanekKorff,BrucePotter
...............................................
Publisher:O'Reilly
PubDate:March2005
ISBN:0-596-00626-8
Pages:464

TableofContents|Index|Errata



Copyright



Preface




Audience



AssumptionsThisBookMakes



ContentsofThisBook



ConventionsUsedinThisBook



UsingCodeExamples



CommentsandQuestions



SafariEnabled



Acknowledgments




PartI:SecurityFoundation
Chapter1.TheBigPicture



Section1.1.WhatIsSystemSecurity?



Section1.2.IdentifyingRisks



Section1.3.RespondingtoRisk



Section1.4.SecurityProcessandPrinciples



Section1.5.SystemSecurityPrinciples



Section1.6.WrappingUp



Section1.7.Resources



Chapter2.BSDSecurityBuildingBlocks



Section2.1.FilesystemProtections



Section2.2.TweakingaRunningKernel:sysctl



Section2.3.TheBasicSandbox:chroot



Section2.4.Jail:Beyondchroot



Section2.5.InherentProtections



Section2.6.OSTuning



Section2.7.WrappingUp



Section2.8.Resources



Chapter3.SecureInstallationandHardening




Section3.1.GeneralConcerns



Section3.2.InstallingFreeBSD



Section3.3.FreeBSDHardening:YourFirstSteps



Section3.4.InstallingOpenBSD



Section3.5.OpenBSDHardening:YourFirstSteps



Section3.6.Post-UpgradeHardening



Section3.7.WrappingUp




Section3.8.Resources
Chapter4.SecureAdministrationTechniques



Section4.1.AccessControl



Section4.2.SecurityinEverydayTasks



Section4.3.Upgrading



Section4.4.SecurityVulnerabilityResponse



Section4.5.NetworkServiceSecurity



Section4.6.MonitoringSystemHealth



Section4.7.WrappingUp



Section4.8.Resources




PartII:DeploymentSituations
Chapter5.CreatingaSecureDNSServer



Section5.1.TheCriticalityofDNS



Section5.2.DNSSoftware



Section5.3.InstallingBIND



Section5.4.Installingdjbdns



Section5.5.OperatingBIND



Section5.6.Operatingdjbdns



Section5.7.WrappingUp



Section5.8.Resources



Chapter6.BuildingSecureMailServers



Section6.1.MailServerAttacks



Section6.2.MailArchitecture



Section6.3.MailandDNS



Section6.4.SMTP



Section6.5.MailServerConfigurations



Section6.6.Sendmail



Section6.7.Postfix



Section6.8.qmail



Section6.9.MailAccess



Section6.10.WrappingUp



Section6.11.Resources



Chapter7.BuildingaSecureWebServer



Section7.1.WebServerAttacks



Section7.2.WebArchitecture



Section7.3.Apache



Section7.4.thttpd



Section7.5.AdvancedWebServerswithJails




Section7.6.WrappingUp



Section7.7.Resources



Chapter8.Firewalls



Section8.1.FirewallArchitectures



Section8.2.HostLockdown



Section8.3.TheOptions:IPFWVersusPF



Section8.4.BasicIPFWConfiguration



Section8.5.BasicPFConfiguration



Section8.6.HandlingFailure



Section8.7.WrappingUp



Section8.8.Resources



Chapter9.IntrusionDetection



Section9.1.NoMagicBullets



Section9.2.IDSArchitectures



Section9.3.NIDSonBSD



Section9.4.Snort



Section9.5.ACID



Section9.6.HIDSonBSD



Section9.7.WrappingUp





Section9.8.Resources
PartIII:AuditingandIncidentResponse
Chapter10.ManagingtheAuditTrails



Section10.1.SystemLogging



Section10.2.Loggingviasyslogd



Section10.3.SecuringaLoghost



Section10.4.logfileManagement



Section10.5.AutomatedLogMonitoring



Section10.6.AutomatedAuditingScripts



Section10.7.WrappingUp




Section10.8.Resources
Chapter11.IncidentResponseandForensics



Section11.1.IncidentResponse



Section11.2.ForensicsonBSD



Section11.3.DiggingDeeperwiththeSleuthKit



Section11.4.WrappingUp



Section11.5.Resources



Colophon



Index


Copyright©2005O'ReillyMedia,Inc.Allrightsreserved.
PrintedintheUnitedStatesofAmerica.
PublishedbyO'ReillyMedia,Inc.,1005GravensteinHighwayNorth,
Sebastopol,CA95472.
O'Reillybooksmaybepurchasedforeducational,business,orsalespromotional
use.Onlineeditionsarealsoavailableformosttitles(http://safari.oreilly.com).
Formoreinformation,contactourcorporate/institutionalsalesdepartment:(800)
998-9938orcorporate@oreilly.com.
NutshellHandbook,theNutshellHandbooklogo,andtheO'Reillylogoare
registeredtrademarksofO'ReillyMedia,Inc.MasteringFreeBSDandOpenBSD
Security,theimageofthefencers,andrelatedtradedressaretrademarksof
O'ReillyMedia,Inc.
Manyofthedesignationsusedbymanufacturersandsellerstodistinguishtheir
productsareclaimedastrademarks.Wherethosedesignationsappearinthis
book,andO'ReillyMedia,Inc.wasawareofatrademarkclaim,thedesignations
havebeenprintedincapsorinitialcaps.
Whileeveryprecautionhasbeentakeninthepreparationofthisbook,the
publisherandauthorsassumenoresponsibilityforerrorsoromissions,orfor
damagesresultingfromtheuseoftheinformationcontainedherein.


Preface
BeforeIbuiltawallI'dasktoknow
WhatIwaswallinginorwallingout,
AndtowhomIwasliketogiveoffence.
Somethingthereisthatdoesn'tloveawall,
Thatwantsitdown.
RobertFrost
"MendingWall"
FreeBSDandOpenBSDareoftenconsideredthe"other"freeoperatingsystems
besidesLinux.However,inrecentNetcraftsurveys,thefivemostreliableweb
sitesontheplanetrunFreeBSD.OpenBSD,too,isdeployedonthousandsof
securityserversaroundtheworld.ThesetwoBSD-basedoperatingsystemsare
rapidlygainingtractionineducationalinstitutions,non-profits,andcorporations
worldwide.
PlentyofbooksexisttohelpyougetaFreeBSDorOpenBSDsystemoffthe
ground.Allofthemtouchonsecurity,butmostonlydedicateachaptertoit.In
sharpcontrast,wethinkit'sworthspendinganentirebookonthesubject.
FreeBSDandOpenBSDarerifewithsecurity"buildingblocks"thatyoucanuse
toreallytakesecurityand"kickitupanotch."
Theseoperatingsystemshavekerneloptionsandfilesystemfeaturesthatgowell
beyondtraditionalUnixpermissionsandcontrols.Thispowerandflexibilityis
valuable,butthecolossalrangeofpossibilitieswillleaveyoudizzyifyoudon't
takethingsonestepatatime.MasteringFreeBSDandOpenBSDSecurity
complementsexistingbooksonFreeBSDandOpenBSDadministration.Where
othershelpyouachievefunctionality,wehelpyoubuildsecurity-minded
deployments.Thisbookwalksyouthroughtheinstallationofahardened
operatingsystem,theinstallationandconfigurationofcriticalservices,and
ongoingmaintenanceofyourFreeBSDandOpenBSDsystems.


Audience
Thisbookiswrittenbysystemadministratorsforsystemadministrators.If
you'relookingforacompleteidiotordummyguide,thisbookisnotforyou.
We'retalkingtoadministratorswhohaveinstalledaUnix-likeoperatingsystem
before.Almostanywilldo,butthisbookisallaboutwhatsetsFreeBSDand
OpenBSDapartfromotherUnices.You'llgetthemostoutofthisbookifyou're
comfortableadministeringBSDoperatingsystemsandwanttotakeyour
experienceonestepfarther.
Administratorsatvariousskilllevelsandinorganizationsofanysizecanbenefit
fromsecureBSDsystems.JunioradministratorswhoknowhowtogetaUnix
systemoffthegroundcanusethisbooktodevelopasoundfoundationin
systemssecurity.Experiencedadministrators,likeexperiencedcooks,willfind
newrecipesthattheycanaddtotheirexistingrepertoire.Ifyou'repartof(orall
of)asmallstaffthatrunsonlyahandfulofservers,you'llseehowchoosingone
oftheBSDscanletyouspendlesstimeonsecurityconcernsandmoreonyour
otherduties.Ifyou'repartofalargestaffrunningmanyservers,you'llseehow
BSDserverscanbesolidpillarsinyourinfrastructure.They'reeasytodeploy
andscale,andmaintainingthemisabreeze.Securingthemiseasyenough,too,
withthehelpofthisbook.


AssumptionsThisBookMakes
We'rereallyfocusedonimprovingtheskillsetofanestablishedsystem
administrator,sowearen'tgoingtoexplainalotofbasics.Weassumeyoucan
findyourwaytoacommandlineandworkyourwaythroughthefilesystemwith
speedandgrace.Weexpectthatyoualreadyhaveasolidunderstandingofbasic
Unixpermissions,arecomfortableinstallingandconfiguringhardwareand
software,andsoon.
Ifatanytimeyoufeelyou'reinoveryourhead,fearnot.Bothoperatingsystems
havestrongfollowingsandeasytofinddocumentationforallthebasics.You
canlookatFAQs,HOWTOs,andhandbooksonline,oryoucanbuyoneofthe
manygoodreferencesinprint.The"Resources"sectionattheendofevery
chapteralwayslistsgoodresourcesthatprovideadditionalcoverageofrelevant
topics.Inmanycases,theseadditionalresourcesprovidethefoundationinthe
technologyyouneedtoleveragetherecommendationsinthisbook.
TheInternetiseverywhere,andeveryadministratorneedsabasicunderstanding
oflocal-andwide-areanetworking.We'renotgoingtotellyouwhatTCP/IPis,
howDHCPworks,orhowtocableupyourswitchesandhubs.We'llexplain
whatyouneedtoknowwhenwegetintoasecuritytopicthatisrootedinthe
deep,darkcornersofaprotocolspecificationorsomeotherrelativelyobscure
topic.Networksecurityandconfigurationareimportant,butweassumeyou've
alreadygotthatundercontrol.


ContentsofThisBook
We'vetriedtobreakthebookupintothreesections.Webeginbyestablishinga
foundationinFreeBSDandOpenBSD,moveontodiscussspecificdeployment
scenariosbasedonthisfoundation,andwewrapupwithabroaderlookatthese
operatingsystemsinyourexistingnetwork.

PartI:SecurityFoundation
ThegoalofPartIistogiveyouthefoundationforbuildingandrunningsecure
systemswithFreeBSDorOpenBSD.
Chapter1isanintroductiontosystemsecurityandgeneralsecuritytopicsthat
arerelevanttotherestofourdiscussion.Ittellsyouwhatyou'reupagainstand
givesyousomeideasabouthowwe'llapproachsecuringsystems.
Chapter2isallaboutthefundamentalbuildingblocksyougetforsecuring
systemsbasedoneitherOpenBSDorFreeBSD.Therearesomedifferences,so
wehighlightthoseaswego.Wecoverfilesystemfeatures,kernelfeatures,
inherentoperatingsystemfeatures,andtweakingyourkerneltoenhancespecific
securitypostures.
Chapter3augmentswhatyoualreadyknowaboutinstallation.Weexplorethe
security-relatedoptions,trade-offs,andconfigurationsyoumustconsiderwhen
installing.WewalkthroughinstallingbothFreeBSDandOpenBSD,butdwell
mainlyonareaswherechoicesatinstallationtimecanhaveimportantsecurity
ramifications.
Chapter4isatourdeforceofadministrationconcerns.You'vegotitinstalled,
you'rerunningitday-to-day,sonowwhat?Wedescribecontrollingaccess,
installingandupgradingsoftware,networksecurity,backups,andsystem
monitoring.

PartII:DeploymentSituations


Everyserverhasaspecificpurposeinlife,andFreeBSDandOpenBSDsystems
areidealcandidatesforhandlingcriticalinfrastructureserviceslikeDNS
servers,firewalls,mailgateways,andwebservers.PartIIcoversthese
deploymentsandhowyoucanleveragespecificBSDfeaturestoimprovethe
securitypostureoftheservicesyouprovide.Wedon'ttellyoueverythingabout
deployingthespecificservice,however;justtheextraoptionsandspecial
circumstanceswhereyoucantakeadvantageofOpenBSDorFreeBSD.Thegoal
ofthissectionistoofferguidelinesforsecurelydeployingthesoftwarethatwill
runcriticalservicesinyournetwork.
Witheachofthesecriticalnetworkservices,wetaketimetoexplainthekindsof
risksyouface,thesortsofattacksyoumightneedtorepel,andwhyyouand
yourorganizationcareaboutrunningtheservicesecurely.Whenwetalkabout
installingandconfiguringsoftware,though,wereferbacktothegeneral
techniquesandbuildingblocksthatwelaidoutinPartI.You'llwanttobeat
leastpassinglyfamiliarwiththetechniques,becausewecombinethemin
interestingandsometimessubtleways.
Chapter5describesDNSandhowtobuildasecureDNSserver.DNSiscritical
toeveryInternetservice,andgettingitrightisfundamentallyimportant,sowe
coveritfirst.WetalkaboutbothBINDanddjbdnsandhowtheycanbe
installed,configured,andoperatedsecurely.
Chapter6coversmail:arguablythemostcriticalelectroniccommunicationyou
supportinyourorganization.Wediscusssettingupasecuremailarchitectureas
wellasfilteringandrejectingunwantedmail.WedescribebothSendmailand
Postfixandhowtosecurelyinstall,configure,andadministerthem.
Chapter7offersawealthofinformationonsecuringApache-basedwebservers.
Wecoverrisksandthreats,configurationandinstallation,andmanagingwhat
optionsyouruserscanset.Wealsodescribethttpd,asmall,fast,no-frillsweb
serverthatcanperformadmirablyincertainsituations.Intheendwetalkabout
someinterestingcombinationsofFreeBSD'sjailsandwebserverstoisolateand
containlotsofwebsitesintheirownsandboxes.
Chapter8isaboutbuildingfirewalls.OpenBSDandFreeBSDmakeexcellent
choicesasfirewallplatforms.Gettingafirewalloperationalisn'ttoohard,but
makingsurethatit'sappropriatelysecuredneedstobedonecarefully.Inthis


chapter,we'lltalkaboutipfwonFreeBSDandpfnowavailableonboth
platforms.
Chapter9outlinesthetopicofintrusiondetectionsystem(IDS)onFreeBSDor
OpenBSD.WecoverthepurposesforusingIDSesaswellasalternative
approachessuchasloganalysisandintrusionprevention.Wegiveyousome
goodguidanceonhowtobuildaneffectivearchitectureandmonitoritfor
nefariousactivity.

PartIII:AuditingandIncidentResponse
Auditingandincidentresponsearetopicsinsystemadministrationtheorythat
arecriticalbutoftenoverlooked.Theyarenotspecificservicesthatyourunas
muchasconcernsyoukeepinthebackofyourmindallthetime.
Chapter10talksaboutmanagingtheaudittrails.Aproperlyconfiguredsystem
shouldbewarningyouaboutsuspiciousactivity,buthowdoyoumanageallthe
alertsandwarnings?Wetalkaboutwhatyouwanttolog,howyoucanlogit
securely,andhowtomanagethelogsyougenerate.
Chapter11describesincidentresponseandcomputerforensics.Whenthe
inevitablehappensandyouhaveanincidenttorespondto,howwillyoudoit?
Wetalkaboutrespondingtoattacks,andtrackingdownhowtheattack
succeeded,throughforensicanalysis.


ConventionsUsedinThisBook
WeusebothtypographyandcommonUnixdocumentationconventionstogive
youadditionalinformationinthetext.

TypographicConventions

Plaintext
Indicatesmenutitles,menuoptions,menubuttons,andkeyboard
accelerators(suchasAltandCtrl).

Italic
Indicatesnewortechnicalterms,systemcalls,URLs,hostnames,email
addresses,filenames,fileextensions,pathnames,anddirectories.

Constantwidth
Indicatescommands,options,switches,variables,attributes,keys,
functions,types,objects,HTMLtags,macros,thecontentsoffiles,orthe
outputfromcommands.

Constantwidthbold
Showscommandsorothertextthatshouldbetypedliterallybytheuser.


Constantwidthitalic
Showstextthatshouldbereplacedwithuser-suppliedvalues.

Thisiconsignifiesatip,suggestion,orgeneralnote.

Thisiconindicatesawarningorcaution.

Therearetimeswhenitisveryimportanttopayattentiontothetypography
becauseitdistinguishesbetweentwosimilarlynamed,butdifferentconcepts.
Forexample,thehostcommandandthe/etc/hostsfile,orthejail(2)system
callversusthejail(8)command.Sometimesthetypefaceisanimportant
cluetohelpyourememberwhichonewe'rereferringtoinagivencontext.

ConventionsinExamples
Youwillseetwodifferentpromptsintheexampleswegiveforrunning
commands.Wefollowthetime-honoredUnixconventionofusing%torepresent
anon-rootshell(e.g.,onerunningasyournormaluserID)and#torepresenta
root-equivalentshell.Commandsthatappearaftera%promptcan(andprobably
should)berunbyanunprivilegeduser.Commandsthatappearaftera#prompt
mustberunwithrootprivileges.ExampleP-1showsthreedifferentcommands
thatillustratethispoint.
ExampleP-1.Severalcommandswithdifferentprompts
%ls-lo/var/log


%sudoifconfiglo0127.0.0.2netmask255.255.255.255
#shutdown-rnow

Thelscommandrunsasanormaluser.Theifconfigcommandrunsasroot,
butonlybecauseanormaluserusessudotoelevatehisprivilegesmomentarily
(sudoisdiscussedindetailinChapter4).Thelastcommandshowsthe#
prompt,assumingthatyouhavealreadybecomerootsomehowbeforeexecuting
theshutdowncommand.


UsingCodeExamples
Thisbookisheretohelpyougetyourjobdone.Ingeneral,youmayusethe
codeinthisbookinyourprogramsanddocumentation.Youdonotneedto
contactusforpermissionunlessyou'rereproducingasignificantportionofthe
code.Forexample,writingaprogramthatusesseveralchunksofcodefromthis
bookdoesnotrequirepermission.SellingordistributingaCD-ROMof
examplesfromO'Reillybooksdoesrequirepermission.Answeringaquestionby
citingthisbookandquotingexamplecodedoesnotrequirepermission.
Incorporatingasignificantamountofexamplecodefromthisbookintoyour
product'sdocumentationdoesrequirepermission.
Weappreciate,butdonotrequire,attribution.Anattributionusuallyincludesthe
title,author,publisher,andISBN.Forexample:MasteringFreeBSDand
OpenBSDSecuritybyYanekKorff,PacoHope,andBrucePotter.Copyright
2005O'ReillyMedia,Inc.,0-596-00626-8.
Ifyoufeelyouruseofcodeexamplesfallsoutsidefairuseorthepermissions
givenabove,feelfreetocontactusatpermissions@oreilly.com.


CommentsandQuestions
Pleaseaddresscommentsandquestionsconcerningthisbooktothepublisher:
O'ReillyMedia,Inc.
1005GravensteinHighwayNorth
Sebastopol,CA95472
(800)998-9938(intheUnitedStatesorCanada)
(707)829-0515(internationalorlocal)
(707)829-0104(fax)
Wehaveawebpageforthisbook,wherewelisterrata,examples,andany
additionalinformation.Youcanaccessthispageat:
http://www.oreilly.com/catalog/mfreeopenbsd/
Tocommentorasktechnicalquestionsaboutthisbook,sendemailto:
bookquestions@oreilly.com
Formoreinformationaboutourbooks,conferences,ResourceCenters,andthe
O'ReillyNetwork,seeourwebsiteat:
http://www.oreilly.com


SafariEnabled

WhenyouseeaSafari®Enabledicononthecoverofyourfavorite
technologybook,thatmeansthebookisavailableonlinethroughtheO'Reilly
NetworkSafariBookshelf.
Safarioffersasolutionthat'sbetterthane-books.It'savirtuallibrarythatlets
youeasilysearchthousandsoftoptechbooks,cutandpastecodesamples,
downloadchapters,andfindquickanswerswhenyouneedthemostaccurate,
currentinformation.Tryitforfreeathttp://safari.oreilly.com.


Acknowledgments
Manypeoplehelpedmakethisbookpossible,someoftheminbigwaysand
othersincritical,yetnearlyinvisibleways.We'dliketoacknowledgethemhere.

YanekKorff
Firstandforemost,I'dliketothankmywife,whosepatiencecontinuesto
surpriseme.Thisbookwouldneverhavebeenpossiblewithoutherhelpandher
support.Also,althoughshe'snotoldenoughtoharboragrudgeorappreciate
gratefulness,I'dliketothankmyone-year-olddaughter.She'sonlyeverknowna
workaholicfatheranddoesn'trealizesheshouldbejealous.
Anobviousthankyoutomyparentsforputtingmeontheroadtogeekdomback
inearly90s,andofcourseputtingmethroughcollege.Maymyeducators
forgivemeforeverythingI'veforgotten.
I'dalsoliketothankVirenShahwhointroducedmetoFreeBSD.Iwouldn'tbe
whereIamtodaywithoutthesupportandmentoringhe'sprovidedmeoverthe
years.
Finally,thankstomygoodfriendMattRowley,ownerofmuchcomputerjunk.
Someofthatjunkandtheadvicethatcamewithitwereintegraltothisbook's
creation.

PacoHope
I'dliketothankmywife,Rebecca,whoadministeredeverythingthatdoesn'trun
FreeBSD(likechildren,houses,andpets)whileIwasbuildingFrankenstein's
BSDlabinourbasement.IamgratefulformytimeintheDepartmentof
ComputerScienceattheUniversityofVirginia,whereIcutmyteethasasystem
administrator.IthankthefolksatCigital,Inc.forintroducingmetorisk-based
approachestosoftwareandsystemsecurity.Lastly,IthankAdrianFilipi,who
gavememyfirstBSD/386floppiesbackin1993.


BrucePotter
Iwouldliketothankmywifeforbeingincrediblyunderstandingthroughoutthe
writingofthisbookandthemillionotherthingsIhadgoingoninthelastyear.
Shewasamazing,evenwhenIwasnot.I'dliketothankmykids,Terranand
Bobby,and"UncleAndy"forgivingmetimetowrite.Also,Iwouldliketo
thankallthemembersofTheShmooGroupforhelpingmebecomethegeekI
amtoday.Withouttheirfriendshipandexpertise,Idon'tknowwheremycareer
wouldbetoday(fullofmoose,nodoubt).Thesamegoestomyfolkswho
supportedmethroughmyfitsandstartsincollege.Andfinally,aspecificthanks
toJoelSadler,whogavememyfirstFreeBSDdiskin1995tellingme,"Here,
trythis.It'sbetterthanLinux."

OurReviewers
Weappreciateallthefeedbackwereceivedfromourtechnicalreviewers.They
definitelykeptusonourtoesandmadethisbookbetterbylendingtheirexpert
adviceandopinions.ThankstoFlávioMarceloAmaral,RenBitonio,Mark
Delany,AdrianFilipi,EricJackson,JoseNazario,NeilNeely,WaynePascoe,
VirenShah,andShi-MinYeh.

O'Reilly
Finally,wethankthestaffatO'Reilly,especiallyTatianaDiaz,Nathan
Torkington,AllisonRandal,DavidChu,AndrewSavikas,andtheinnumerable
otherswhohavemadethisbookarealitywithoutourknowledgeoftheir
existence.AnextrathankyougoestoTatianaforhelpingusrebootthiseffort
afteritlockedupinthemiddleof2004.


PartI:SecurityFoundation
ThegoalofPartIistogiveyouthefoundationforbuildingandrunning
securesystemswithFreeBSDorOpenBSD.
Chapter1,TheBigPicture
Chapter2,BSDSecurityBuildingBlocks
Chapter3,SecureInstallationandHardening
Chapter4,SecureAdministrationTechniques


Chapter1.TheBigPicture
Firstwecracktheshell,thenwecrackthenutsinside.
Rumble
TheTransformers:TheMovie
Securityishard.Wehaveallheardthisphraseasarationaleforinsecuresystems
andpooradministrativepractices.What'sworse,administratorsseemtohave
differentideasaboutwhat"security"entails.Therearetwocommonapproaches
tosecuringsystems:someviewsecurityasadestinationwhileothersseeitasa
journey.
Thosewhoseesecurityasadestinationtendtocharacterizesystemsecurityin
termsofblackandwhite;eitherasystemissecureoritisnot.Thisimpliesthat
youcanattainsecurity.Youcanarriveattheendofajourneyandyou'll
somehowbesecure;youwin.Oneproblemwiththisviewpointisdetermining
where"there"is.Howdoyouknowwhenyou'vearrived?Furthermore,howdo
youstaythere?Asyoursystemchanges,areyoustillatyoursecuregoal?Did
youmoveawayfromit,orwereyounottheretobeginwith?Asyoucan
probablytell,thisisnotourphilosophy.
Insteadofbeingadestination,wethinksecurityisbestdescribedasajourneya
productofongoingriskmanagement.Ratherthantryingtomakeyoursystem
impregnable,youcontinuallyevaluateyourexposuretorisksandkeepthe
systemassecureasyouneedittobe.Anappropriatelevelofsecurityis
achievedwhentherisksfacingasystembalanceagainstthelevelofeffortspent
mitigatingthoserisks.Noonebuysa$5,000vaulttosafeguardapairoffuzzy
slippers.Youjudgethevalueofwhatyou'reprotectingagainstthekindsof
threatsitfacesandthelikelihoodthosethreatswillsucceed,andthenyouapply
appropriatesafeguards.Thisisamuchmorepracticalwaytoviewmodernday
informationsecurity.
Whenfollowingariskmitigationprocess,youwillperiodicallypassupthe
opportunitytoenablecertainsecuritymechanisms,eventhoughyou'recapable
ofdoingso.Theadditionaleffortmaynotbewarrantedgiventhelevelofrisk


yourorganizationfaces.Youwilleventuallyreachapointofdiminishingreturns
whereyousimplyacceptsomerisksbecausetheyaretoocostlytomitigate
relativetothelikelihoodofthethreatortheactualdamagethatwouldoccur.
Sure,itmaybefuntouseencryptedfilesystems,storeallOSdataonaCDROM,anddeployeveryothercountermeasureyoucanthinkof,butdoyou
reallyneedto?
Wedefinesecurityinthecontextofrisk.Riskispresentaslongasthesystem
exists,andrisksareconstantlychanging,sosecuritycannotbeadestination;it
mustbeanongoingprocess."Doingsecurity,"then,isaniterativeprocessof
identifyingandrespondingtorisks.Thisisthephilosophythatweencourage
youtotakeinsecuringyourinfrastructure.
Asyou'llseeintherestofthisbook,FreeBSDandOpenBSDarerobust
operatingsystemsthatoffermyriadwaystomaintainsecuresystems.
Throughoutthebookweprovidesecurity-mindedwalkthroughsofsoftware
installation,configuration,andmaintenance.Alongthewayyou'llnoticethatwe
seemtopointoutmoresecurity-relatedconfigurationoptionsthanyoucareto
implement.Justbecauseweexploreoptionsdoesn'tmeanthatyoushould
implementthem.Comeatitfromtheperspectiveofmanagingriskandyou'll
maximizethecost-benefitof"doingsecurity."
Beforewegetaheadofourselves,however,weneedtocoverafewconceptsand
principles.Inthischapter,wedefinesystemsecurity,specificallyforOpenBSD
andFreeBSDsystems,butalsomoregenerally.Welookatavarietyofattacksso
thatyou,asanadministrator,willhavesomeperspectiveonwhatyou'retryingto
defendagainst.We'lllookatriskresponseanddescribehowexactlyyoucango
aboutsecuringyourFreeBSDandOpenBSDsystems.


1.1.WhatIsSystemSecurity?
Securityprofessionalsbreakthetermsecurityintothreeparts:confidentiality,
integrity,andavailability.This"CIATriad"isasetofsecurityrequirements;if
you'renottakingintoaccountallthreeoftheseconcerns,you'renotworking
towardsprovidingsecurity.Weofferalotofrecommendationsinthisbookthat
shouldhelpyouworktowardsbuildingsecuresystems,butwedon'ttellyou
howtheserecommendationsfitinwiththeCIATriad.That'snotwhatthisbook
isabout,anditwoulddetractfromtherealmessage.Nevertheless,asyou're
lookingatbuildingencryptedtunnelsfortransferringfiles,jailingapplications,
andsoon,thinkaboutwhatpartoftheTriadyou'refocusingon.Makesure
you'veaddressedallthreepartsbeforeyourprojectisdone.
Whetherwe'retalkingaboutphysicalsecurity,informationsecurity,network
security,orsystemsecurity,theCIATriadapplies.Thequestionis,exactlyhow
doesitapplytosystemsecurity?

1.1.1.Confidentiality
Confidentialityisallaboutdeterminingtheappropriatelevelofaccessto
information.Confidentialityisoftenimplementedatthemostbasiclevelon
FreeBSDandOpenBSDsystemsbytraditionalUnixpermissions.Therearea
varietyoffilesscatteredacrossthefilesystemthatarereadableonlybytheroot
user.Mostnotable,perhaps,is/etc/master.passwd,whichcontainshashesfor
users'passwords.Thevastmajorityoffilesarereadablebyeveryone,however.
Evensystemconfigurationfileslike/etc/resolv.conf,/etc/hosts,andsoonare
worldreadable.Isthiswrong?Notnecessarily.Again,confidentialityisn'tabout
havingtoprotectdatafrompryingeyes;it'saboutclassifyingdataandmaking
surethatinformationdeemedsensitiveinsomewayisprotectedappropriately.
Filesystemlevelprotectionsareofcourseonlyonefacetofconfidentiality.Data
maybeexposedthroughsomeservicedesignedtoserveinformationlikeDNS,
orawebserver.Inthesecases,themethodyouemploytoprotectdatawon't
necessarilybefilesystempermissions;perhapsyou'llcontrolwhatsystemsare
allowedtoqueryyourDNSserver,orwhichweb-authenticatedusersare


permittedtoviewacertaindocumenttree.Whenyouneedtoprotectdatafrom
eavesdroppingasitmovesacrossanetwork,you'llprobablyuseencryption.
Whenimplementedappropriately,ithelpsensurethatonlytheintendedrecipient
canreadthetransmitteddata.

1.1.2.Integrity
Dataintegrityrelatestotrust.Ifyoucannotguaranteetheintegrityofsome
informationonyoursystem,youcan'ttrustit.Consequently,resourcesforwhich
integrityisanimportantissueneedtobeidentifiedandappropriatelyprotected
againstmodification.
Confidentialitymaynothavebeenanissueforyour/etc/resolv.conffile.
Allowinguserstoseewhatresolversyoursystemdependsonisokay.Allowing
userstomodifythelistofresolversisnot!Yoursystem'sresolversareadata
source.WhenyouaccessaserverprovidinganonymousCVSaccesstoyour
OpenBSDsources,yoursystemwillaskoneoftheserverslistedin
/etc/resolv.conftofindtheIPaddressforthenameyouprovided.Ifyoucan't
guaranteetheintegrityofthedatainthisfile,youcan'ttrusttheIPaddressyou
getfromtheresolver.Asaconsequence,youcan'ttrustthesourcesyou
downloadeither.
Likeconfidentiality,thefilesystempermissionsmodelhelpsenforcedata
integrity.Unfortunatelyfilepermissionsaren'tenoughbythemselves.If
someonehasbrokenthroughyourfilesystemprotectionssomehow,youwon't
knowthatyourdatahasbeentamperedwith.Thatis,notwithoutgoodauditing.
Moreover,youwon'tbeabletorestoreaknowngoodconfigurationwithoutdata
backups.
Dataintegrityisalsoanissueduringnetworktransfers.Howcanyoubesure
thattheinformationhasnotbeenmodifiedintransit?TheBSDoperating
systemswillprovide"signatures,"whichuniquelyidentifyfiledistributions.
Whenyoudownloadapackageorsourcetarballorinstallaport,youcancheck
yourlocalfilesagainsttheremotesignatures.Ifit'samatch,yourfilehasnot
beenmodifiedwhileintransit.

1.1.3.Availability


Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Tải bản đầy đủ ngay

×