In this blog we are going discuss about some common Linux Admin Misconfigurations:
User home directory permissions
World-readable and writable files/folders
setgid and setuid binaries
Default NFS mount options or insecure export options
Weak services in use
1.> User home directory permissions:
On most the Linux distributions like Kali, Ubuntu, PiOs etc,. the default permissions for home folders is 755 which means every user has permissions to Read, Write and Execute files and folders and Group and World has permissions to Read and Execute files and folders.Which is a biggest flaw or a great opportunity for a hacker because now its easy to escalate the privileges to the root user because he/she has the permission to execute files, and can also be considered as a threat to the information stored on the system.
In other words these permissions of home directory allows all the users to access the server and they can read, write and execute different files/folders and even see whats is in other user's home directory/folders. Users such as Administrators or Developers have scripts or backups of different files in the home directory which contains sensitive information such as user passwords, keys to services, group info etc.
2.> World-readable and writable files/folder:
This introduce similar issues as loose home directory permissions but throughout the system, which means now the area of attack just increased to the whole system.The main reason of world readable files is default unmasked used file creation of either 0002 or 0022. As a result of this configuration weakness, files that may contain sensitive information will be readable by anyone that has access to the system.Files may also be modified by anyone on the system if they are world-writable. This can be lead to an attacker modifying the files and scripts to hide forensic evidence or to execute commands by modifying a script used by Administrators.
3.> setgid and setuid binaries:
The set uid bit of a file is dangerous because it allows that file to run as a potentially privileged user such as root(Administrator). Consider this if a file is owned by root and had the uid bit set the file will run with the privileges of root. This means that if an attacker can find a vulnerability or unexpected uses of that file he/she can then perform commands on the system as the root user which means a full compromise of the server/system. Or this attack can be done an employee how knows this problem of the server and cause a significant amount.
4.> Default NFS mount options or insecure export options:
The default keyboard for all mounts have the following options "suid, exec, auto, rw, dev, nouser and async". These options are weak since they allow for the honoring of the suid and guid bits that are set on externally mounted file systems via protocols such as NFS. When exporting NFS shares it is recommended that the no_root_squash option not be set. The root_squash option is the default behavior but it is commonly seen to be changed. If the root squashing is not done then this allows users to create files on the exported NFS share as root user. These weakness if left as defaults, can allow root access on the servers where such access should not be provided for the users.
5.> Weak Services or Configuration in Use:
Services are configured with the minimum configuration changes needed to get them up and running.It is common to find services also, weak and possibly default credentials and configurations when using less secure communication channels are also typical, increasing the risk and attack area of the server. When using services the options and configuration should be reviewed to ensure that what is being deployed is secure or properly configured. it's also common to find these services bound to multiple interfaces on the server instead of just listening locally or just on the specified interface.
In other words these permissions of home directory allows all the users to access the server and they can read, write and execute different files/folders and even see whats is in other user's home directory/folders. Users such as Administrators or Dvelopers have scripts or backups of different files in the home directory which contains sensitive information such as user passwords, keys to services, group info etc.
The settings identified here are areas that are commonly overlooked when configuring a Linux server.These weakness can be used by the attackers or malicious users to gain unauthorized access, privileges on a server.
Solution:
Hardening your system/server makes it more difficult for a user to compromise it, but makes more difficult to use the system as means to access other system within the environment.
See there is nothing like "NON-HACK-ABLE SYSTEM", "100% secure SYSTEM" all systems connected to network is vulnerable to the user/other systems connected to the same network, and if you are connected to the internet then you are vulnerable to the whole world connected to the internet.
Comments