2KKUU7ita

Chapter 12: Linux
✓ Block spoofed addresses at the firewall, as I outline in Chapter 8.
✓ Set the read permissions for each file’s owner only.
• .rhosts: Enter this command in each user’s home directory:
chmod 600 .rhosts
• hosts.equiv: Enter this command in the /etc directory:
chmod 600 hosts.equiv
You can also use Tripwire (http://sourceforge.net/projects/
tripwire) to monitor these files and alert you when access is obtained or
changes are made.
Assessing the Security of NFS
The Network File System (NFS) is used to mount remote file systems (similar
to shares in Windows) from the local machine. Given the remote access
nature of NFS, it certainly has its fair share of hacks. I cover additional storage
vulnerabilities and hacks in Chapter 15.
NFS hacks
If NFS was set up improperly or its configuration has been tampered with —
namely, the /etc/exports file containing a setting that allows the world
to read the entire file system — remote hackers can easily obtain remote
access and do anything they want on the system. Assuming no access control
list (ACL) is in place, all it takes is a line, such as the following, in the /etc/
exports file:
/ rw
This line says that anyone can remotely mount the root partition in a readwrite
fashion. Of course, the following conditions must also be true:
✓ The NFS daemon (nfsd) must be loaded, along with the portmap daemon
that would map NFS to RPC.
✓ The firewall must allow the NFS traffic through.
✓ The remote systems that are allowed into the server running the NFS
daemon must be placed into the /etc/hosts.allow file.
This remote-mounting capability is easy to misconfigure. It’s often related to
a Linux administrator’s misunderstanding of what it takes to share out the
NFS mounts and resorting to the easiest way possible to get it working. After
hackers gain remote access, the system is theirs.
241