繁体中文  
 
世界商讯
 · 九阳全新免清洗型豆浆机 全美最低
 首页 |
 
版主:hmy
 · 九阳全新免清洗型豆浆机 全美最低
 
如何验证UNIX/Linux安全软件的抗攻击能力?
送交者: ausec 2017年12月07日03:54:09 于 [世界军事论坛] 发送悄悄话

以下是本人在Linkedin给出的测试条例:

For FIM software:

  • Try to modify some components of the FIM software to see whether it can protect itself from being changed.

  • On systems with UFS/ZFS or VxFS, try to create some hidden setuid files or device files, and check whether the FIM software can detect these files.

  • Try to create some setuid files with multi-line names, and check whether the FIM software can properly detect all setuid files.

  • Try to create some setuid files and device files under /var/tmp, check to see whether the FIM software can detect these files.

For privilege delegation software:

  • If you have a script that can use the PD software to run as root, try to modify the script, and see whether the PD software can detect the script has been changed.

  • For a program that you can use the PD software to run as root, if it accepts an environment variable, try to assign a very long string to the variable and pass them to the PD software to run the program as root, to see whether it can cause problems. For better test of this capability, you should develop a simple C program.

  • Try to run view under PD software, and see whether you can escape from view command and run other commands as root.

For remote task automation software:

  • To see whether the software can protect the secret info used for remote login authentication from root copy attack or the attacks listed below.


For capabilities to combat secret info (such as password/passphrase/key) stealing attacks:

  • On system with dtrace/ProbeVue, copy the program to a different name, and run a script using that one as interpreter, and see whether the security software can detect it.

  • Use system call tracer to attach to the security software process, to see whether it can protect the secret info from being stolen.

  • On AIX, when security software is running, run trace to see if the software can detect it.

  • On Linux system, try to run a SystemTap script, and run your security software, to see whether it can detect the possible threat, as malicious person could use SystemTap script to steal sensitive info from your process,

  • With multiple terminals, run the security software that will ask user to input secret info, to see if it can remind user to check whether the number of terminal sessions match with user's expected number, provide user the info for detecting TTY key logger.

  • On newer versions of Linux, try to run a Kprobe or Uprobe script to see if the security software can detect that.

  • Run a debugger program to attach to security which is asking user to input secret info, check whether it can detect that in real-time.

  • After you entered password/passphrase/key to security process, try to save a core for the process, and run 

$ strings core_file | grep "secret_info_you_entered"

to see if it will get the secret_info.

  • When the security software is waiting you to input secret info, run a

# sleep 60 </dev/mem

or

# sleep 60 </proc/PID/mem

Here the PID is the security software's process id.

To see whether it can detect the memory snooper.

  • When the security software is waiting you to input secret info, run a

# sleep 60 </dev/pts/n, here the /dev/pts/n is the tty device of the security software is running on.

To see whether the software can detect the TTY snooper.

  • For software that will use 2nd program to get password/passphrase/key from user, try to replace that 2nd program, and see whether you can get user entered secret info and the software is not able to detect such threat. Such as the one used by ssh and sudo in X-window environment.



0%(0)
0%(0)
标 题 (必选项):
内 容 (选填项):
实用资讯
美国名厂保健品一级代理,花旗参,维他命,鱼油,卵磷脂,30天退货保证.买百免邮.
一周点击热帖 更多>>
一周回复热帖
历史上的今天:回复热帖
2016: 中国现在能源不能自足,又无大量已探明
2016: 太平洋战争75周年 珍珠港事变给中共的启
2015: 金灿荣在上海党校的讲座。。。笑死人
2015: 石油价格再创新低 $37.88 (图表)
2014: 有关中国人口和国力问题的好文(转贴)
2014: 对付台湾其实很简单
2013: 曼德拉被白人称颂,是因为他放过了他们
2013: 军迷贴:今天在公司接待了一批中航工业
2012: 最新最惨:加拿大联邦政府取消购买F-35
2012: 莫言现身瑞典,作惊人预言:7人争位子,
 
Jobs. Contact us. Privacy Policy. Copyright (C) 1998-2015. CyberMedia. All Rights Reserved.