Certification Objective 7.02Performing System Security


Certification Objective 7.02—Performing System Security

Exam Objective 4.3: Perform system security by switching users on a system, and by becoming root and monitoring su attempts.

Let's now address what seems to be a prevalent confusion among beginners. That confusion relates to the relationship between the command su and the terms switching user and superuser. Read my lips—Becoming superuser and switching user (su) are not the same thing. Superuser denotes the administrative account, normally the root account. We use the terms Superuser and root interchangeably in this book, just as those terms are used in the field. However, remember that the command su refers to switching user, and as you will see, you can use this command to switch to any user and not just the root.

Performing Security by Switching User

You must be logged in as root (that is, superuser) to perform several system administrative tasks, such as security administration. While logged on to a system and doing security administration, you may need to jump from account to account. One way of doing so is to log out from the current account that you are logged into and log in to the other account. An alternative and more efficient method is to use the su command, which allows you to switch from one account to another without logging out. If you are not logged in as root when you issue the su command, you need to give the password for the account you are switching to.

image from book
Exam Watch

If you are logged in as a root user, you can switch to other users using the su command, and you will not be asked for a password. If you are not logged in as root, you will be asked for a password when you want to switch to another account.

image from book

Furthermore, when you are logged in as root, the prompt turns to # (pound sign). Following is the syntax for the su command:

    su [-] [<username> [<arg>...]] 

For example, the following command will switch you to the sys account while retaining your current environment:

    su sys 

The following command will switch you to the bin account and will also switch the environment to what it would be if you were originally logged in as bin:

    su — bin 

The superuser access to the system is necessary for performing system administration tasks. But it is also the most dangerous access when an intruder succeeds in getting it. Therefore, it is essential to monitor superuser access attempts to the system, which we discuss next.

Monitoring Superuser Access Attempts

Given all the administrative capabilities a superuser has, monitoring superuser access to a Solaris system is very important from a security perspective. The monitoring can be performed in two ways: observing the accesses, and restricting them.

On the Job 

The root account is created by the system during installation as a superuser account. However, any account that has a UID of 0 will assume the capabilities of a superuser.

Observing Superuser Access

The system lists all the uses of the su command in the following file:

    /var/adm/sulog 

Remember, all attempts to switch users, not just the attempts to switch to superuser, are recorded in the sulog file. The entries in the sulog file look like the following:

    SU 01/23 15:23 - pts/0 jkerry-root    MO 01/24 11:39 + pts/0 gbush-jkerry    TU 01/25 10:49 + pts/0 root-jkerry 

The columns in the output mean the following:

  • The first three columns indicate the time at which the attempt was made.

  • The fourth column contains a minus sign (-) if the attempt was unsuccessful and a plus sign ( + ) if the attempt was successful.

  • The fifth column lists the port from which the attempt was made.

  • The sixth column lists the name of the original user and the switched identity.

Before the system starts logging the usage of the su commands into the sulog file, you need to set it up by editing the following file:

    /etc/default/su 

Uncomment the following entry in this file:

    SULOG=/var/adm/sulog 

Save the sulog file. You have just told the system in which file to log the su usage attempts, Of course, you have to be a superuser to perform this exercise.

In addition to logging the superuser access, you can also restrict it, which we discuss next.

Restricting Superuser Access

You can also prevent users from having a superuser access to the system remotely. If the system is set up for this, you can log in as a superuser only from the system console. In order to set up your system for this, edit the following file:

    /etc/default/login 

Uncomment the following line in this file:

    CONSOLE=/dev/console 

Remember that no value for the CONSOLE variable means no remote login for the root. Of course, you have to be a superuser to perform this exercise. All that means is that you cannot log in directly as a superuser from a remote machine. However, you can still log in as another user and then use the su command to switch to superuser. Note that when you install Solaris 10, remote superuser access is prevented by default.

Exericse 7-2: Becoming a Superuser

image from book
  1. Log in as a non-root user.

  2. Become the superuser by issuing the following command:

        % su    Password: <root-password>    # 

  3. Now, switch to another user account by issuing the su command. Did it ask for a password?

image from book

If your system runs an ftp server, the remote users can access your system by logging on to the ftp server. This may also raise security issues which we discuss next.




Sun Certified System Administrator for Solaris 10 Study Guide Exams 310-XXX & 310-XXX
Sun Certified System Administrator for Solaris 10 Study Guide Exams 310-XXX & 310-XXX
ISBN: N/A
EAN: N/A
Year: 2005
Pages: 168

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net