Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Okay, before I go and inivertly raise red flags, allow me to explain that this is a legit request for help. Also, I apologize for this long entry, but I need to be very detailed with this request.
Currently I am learning RH8 in my operating System class, here at New Hampshire Technical Inst. As we are starting to learn using Linux as a server. To make a point about security, Our instructor, who is also a white hat hacker, as decided that our weekly test will be to take down other peoples Apache servers. To me a few other people I talk to in class it's obvious that he wants to see if we've been paying attention. During the last class we did fresh reinstalls of RH8. From the beginging of this course we have all used the same p/w for root, however, he also had us setup accounts with unique user anmes, but the same p/w. Also, during the reinstall, he had us select "no firewall" during setup.
His plan is to disconnect us fromt he rest of the schools network, write everyone IP on the board and see if we've takent he proper security measures, and can keep our servers going.
Now I myself do have a plan in place which looks like this (coming into the next class we'll have 30 mins to get our servers ready):
During the prep time I'm going to:
-turn on the firewall to highest settings, leaving only port 80 open for Apache which must remain active for this exercise.
-change all passwords (Like I said the two account that are ont here now, all have the same p/w as everyone else)
-Not vist other students websites *
-As I believe about 1/2 to 2/3 of the class will forgot to activate the firewall, and change their p/ws, I'm planning on using SSH to login to there systems, change their p/w's then execute 'init 0'. As we have not talked about SSH in class yet (or telnet) most students don't know about it).
*The problem come from the instroctor himself. During lab time last week, we used to time to prepare for this upcoming class. (only a few of us stayed). To give an idea of what we can do, he wrote samll web page, whose code (I forgot to save to disk and bring back with me) called on VIM editor and nothing else. Although he didn't do it to me (so I didn't get to see what happens), but after ot students went to this page (which had no viewable content) the instructor went back to his comp and did something that definatly got a reaction out of the students who had gone to his page.
Obviously, I want to know what it was he did, and how he did it.
Also, can I put command scripts in a webpage? I'm hoping I can so I can write a script that executes inti 0 when persons go to my server (This will be very effective on those who did remember to activate fireall and change p/w.
And if yourwondering, what we get for doing this? That last student standing with his server still running will get 20 bonus points on the final (If that isn't motivation I don't know what is). ALSO, the instructor WILL be joing us in this exercise, so we have to go against HIM TOO (remember he's a white hat hacker!). Any and all help with this will be very appreciative.
LOL, wish I had classes like that. For the defensive stuff, make sure you chattr +iu all your configs, binaries and don't forget to set limits on iptables entries you're allowing and watch for "weird" packet flag mixes, the DoS stuff. Harden your network (daemon) scripts and make sure your LAMP setup is free from "default" stuff like scripts: remove or .htaccess the web root. Have a look at part one of the Security references thread in the security forum.
Visiting other ppl's pages should be no prob, just turn off Java and java|ecmascript or use Links/lynx. For the offensive stuff just be creative about how to get in, a default install has lots of services running, just do a quick nmap if you don't succeed with Ssh.
Shut off everything that you absolutely don't need in chkconfig. Look at the dynamically loaded modules in apache (/etc/httpd/conf/httpd.conf) and comment out all off all of the weird stuff (webdav, rewrite, etc). Turn off indexing and follow symlinks. Make sure that the webpage files are all read-only. Make sure to nmap yourself and verify that the ONLY thing listening is httpd (apache). Also look at the man-page for nmap (man nmap) to see what kind of fun you can have with other people's systems.
-BTW, unSpawn's suggestion to chattr the configs is downright unfair!
BTW, unSpawn's suggestion to chattr the configs is downright unfair!
Depends on how you work the system I guess. I like RH, handle sys stuff from the cli, edit my configs with a simple Vi-wrapper that handles these extended attributes and does incr backups. If you're using GUI/curses stuff and/or don't know your system then handling chattered stuff is gonna be a major PITA.
Btw, if this suggestion is unfair you'll be glad to know I left out my brainfarts about the offensive part, LOL!
>handling chattered stuff is gonna be a major PITA.
If 1/3 to 2/3 of the class isn't even going to remember to turn iptables on, it's likely that anyone lucky enough to get a shell is going a hell of a time with chattred configs. Pretty slick, I'll have to remember that one next time I set up a firewall or server.
> you'll be glad to know I left out my brainfarts about the offensive part
Lol. I'll keep that in mind next time I get the urge to post my iptables script!