Unix Refresher

Unix Refresher

This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis.

I have edited and added material.

Dr. Stephen C. Hayne

Linus Torvalds

Was the chief architect behind the Linux kernel. Most of the work was done while he was still an undergraduate. He completed a master’s degree from

the University of Helsinki in Computer Science and now lives and works in the United States.

/etc/passwd, /etc/shadow

/etc/passwd is the master password file for the system.

Login name – the account name Encrypted password field – one-way

encryption of the account password UID – unique numeric identifier for the

account. This is what Unix uses.

/etc/passwd, /etc/shadow

GID – group id number that identifies the group

GECOS info – commonly used to list the name of the account owner

Home directory – user home directory Login Shell – default user shell

/etc/passwd, /etc/shadow

/etc/passwd is world readable. This is what lets CRACK run on it. All you need is access to the system (login, WWW, FTP) and the ability to get a copy of the file.

/etc/shadow is the defense against the CRACK attack

/etc/passwd, /etc/shadow

/etc/shadow contains the encrypted password field and is readable by root only.

An “x” is placed as a marker in the equivalent field in /etc/passwd.

If you can read /etc/shadow, you have root and no need to crack passwords .

System Logs

/etc/syslog.conf contains the locations of the system logs. Can be remote or local.

Syslogd is the syslog daemon. /var/log/syslog, /var/log/secure,

/var/adm/messages, /var/adm/syslog.dated/current/kern.log

/etc/utmp, /etc/wtmp, /etc/lastlog