On Mon, February 9, 2015 10:55 am, Bowie Bailey wrote:> On 2/5/2015 8:20 PM, Always Learning wrote: >> On Fri, 2015-02-06 at 10:50 +1100, Kahlil Hodgson wrote: >> >>> On 6 February 2015 at 10:23, Always Learning <centos at u64.u22.net> >>> wrote: >>>> Logically ? >>>> >>>> 1. to change the permissions on shadow from -rw-x------ or from >>>> ---------- to -rw-r--r-- requires root permissions ? >>>> >>>> 2. if so, then what is the advantage of changing those permissions >>>> when >>>> the entity possessing root authority can already read shadow - that >>>> entity requires neither group nor user permissions to read shadow. >>> The concept in play here is privilege escalation. >>> >>> An exploit may not give you all that root can do, but may be limited >>> to, say, tricking the system to change file permission. >>> From there an attacker could use that and other exploits to escalate >>> privileges. >> How could file permission modification of /etc/shadow be used to >> "escalate privileges" ? > > If I can give myself read access to /etc/shadow, then I can grab a copy > and try to crack the passwords (including the root password). If I can > give myself r/w access, then I can directly change the password and give > myself instant access to everything. >I guess, this discussion (about security of your system and what affects it) should be ended by the reference to fundamental book on Unix system [administration]. One thing I learned: you can not become proficient in any subject just by reading sparse blogs about it. One thing you definitely need: very good understanding of underlying fundamentals. For this reason the most productive would be to think if you have very good general understanding of how Unix (or Unix-like) system works. The easiest is to start reading good book about it, and if you see you are making discoveries, then this is definitely what you are missing, and what you need to study before diving into discussion what is good for security and how it affects that. That would be what I would recommend to myself (which I did way back...). If I were choosing the book to get good start today, I would choose: UNIX and Linux System Administration Handbook (4th Edition) 2010 by Evi Nemeth and Garth Snyder - don't worry about "outdated...", remember, you first need fundamentals. It is not as "fundamental" as some of the books of the past I remember, but I'd rather mention it that those really old books. I'm sure, someone may suggest better book, maybe even free online book. Note, your advise of book giving fundamental knowledge of Unix or Linux system may be really valuable. Just my $0.02 Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
On Mon, 2015-02-09 at 11:31 -0600, Valeri Galtsev wrote:> I guess, this discussion (about security of your system and what affects > it) should be ended by the reference to fundamental book on Unix system > [administration]. One thing I learned: you can not become proficient in > any subject just by reading sparse blogs about it. One thing you > definitely need: very good understanding of underlying fundamentals. For > this reason the most productive would be to think if you have very good > general understanding of how Unix (or Unix-like) system works. The easiest > is to start reading good book about it, and if you see you are making > discoveries, then this is definitely what you are missing, and what you > need to study before diving into discussion what is good for security and > how it affects that. That would be what I would recommend to myself (which > I did way back...). If I were choosing the book to get good start today, I > would choose: > > UNIX and Linux System Administration Handbook (4th Edition) 2010 by Evi > Nemeth and Garth Snyder > > - don't worry about "outdated...", remember, you first need fundamentals.Brilliant logic about ignoring the publication date. I did a Google on "UNIX and Linux System Administration Handbook (4th Edition) 2010 by Evi Nemeth and Garth Snyder" The third item was a 16.1 MB PDF of 1,344 pages. A quick scan of the PDF shows every page appears to be readable. 11 pages devoted to BASH. Information on other interesting topics too. Although I have a natural preference for paper books (I became a computer person at a large international book publisher) and I like the ability to annotate text, the PDF is definitely a useful and informative read. Thanks Valeri. I. -- Regards, Paul. England, EU. Je suis Charlie.
On 2/9/2015 11:06 AM, Always Learning wrote:> The third item was a 16.1 MB PDF of 1,344 pages. A quick scan of the PDF > shows every page appears to be readable. 11 pages devoted to BASH. > Information on other interesting topics too.on a site hosted in Russia which appears to be FULL of copyright violations. -- john r pierce 37N 122W somewhere on the middle of the left coast
On Mon, Feb 09, 2015 at 07:06:11PM +0000, Always Learning wrote:> The third item was a 16.1 MB PDF of 1,344 pages. A quick scan of the PDF > shows every page appears to be readable. 11 pages devoted to BASH. > Information on other interesting topics too. > > Although I have a natural preference for paper books (I became a > computer person at a large international book publisher) and I like the > ability to annotate text, the PDF is definitely a useful and informative > read.It looks like that's a pirated book, so it's probably not terribly ethical (nor safe) to use that PDF. -- Jonathan Billings <billings at negate.org>
On 10/02/15 04:31, Valeri Galtsev wrote:> UNIX and Linux System Administration Handbook (4th Edition) 2010 by Evi > Nemeth and Garth SnyderYeah buy this book. Skimping is not acceptable. I do hope the Ni?a is found in my lifetime http://nina7.org
On Mon, February 9, 2015 1:51 pm, Peter Lawler wrote:> On 10/02/15 04:31, Valeri Galtsev wrote: >> UNIX and Linux System Administration Handbook (4th Edition) 2010 by Evi >> Nemeth and Garth Snyder > > Yeah buy this book. Skimping is not acceptable. >+1 Yes, good people have to feed their families, so their work has to be paid for (by us, customers, through buying good product). I would also wait for other advises (maybe someone suggests better book). Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++