Tuts4Tech » security

Understanding and Preventing Fork Bombs

Duffy — Wed, 07 Oct 2009 16:26:57 +0000

A fork bomb is just a bash function that gets called recursively. Once a fork bomb is active on a machine it may not be able to preform normally until a reboot is made, as the only solution to the fork bomb is to kill all its processes.

Bash Functions

A fork bomb is really just a bash function, below is an example of a bash function

helloworld() {
echo hello world
};

A fork bomb would be

:(){
 :|:&
};:

Now to explain.
:(){ - Creates the function
:|: - Next it call itself using recursion and pipes the output to another call of the function
& - Puts the function call in the background so child cannot die
}; - Terminate the function
: - Call (run) the function

If you would like a more human readable fork bomb it would be as follows

forkbomb(){
forkbomb | forkbomb &
}; forkbomb

Preventing Fork Bombs

We can prevent users from running fork bombs by limiting the amount of processes they are allowed to run.
We can achive this using /etc/security/limits.conf

To get started open /etc/security/limits.conf

nano /etc/security/limits.conf

In my example I want to limit the user john to 300 processes and any users in the group of students to 250 processes. For this I would put the following into my config file

john hard nproc 300
@students hard nproc 250

Please keep in mind that KDE and Gnome desktop system can lanuch many processes.

Passwordless SSH login using SSH Keys

Duffy — Wed, 01 Jul 2009 01:32:00 +0000

SSH keys allow you to login without requiring you to type in your password this tutorial will teach you how to set them up

First we need to create the key
```
ssh-keygen -t rsa
```
Then we need to move it over to the machine that we want to be able to login too without the need for a password to do this run the following command
```
scp .ssh/id_rsa.pub OTHER-MACHINES-IP:.ssh/authorized_keys
```
You should now be able to ssh into that machine without needing a password

Chroot Sftp

Duffy — Sun, 03 May 2009 19:55:46 +0000

Create a Chrooted group
```
addgroup chrooted
```

Open up /etc/ssh/sshd_config and add the following to the end of it

Subsystem sftp internal-sftp
Match group chrooted
ChrootDirectory /home/%u
X11Forwarding no
ForceCommand internal-sftp

Restart SSHD
```
/etc/init.d/ssh restart
```
Then make users chrooted by adding them to the chrooted group
```
adduser user chrooted
```
Now when the user sftps the server they will only see the contents of there home folder

Stopping SSH brute force attacks using iptables

Duffy — Thu, 09 Apr 2009 11:08:52 +0000

If your running a SSH server on the default port(22) you've probably noticed a lot of failed login attempts cause due to brute force attacks

Adding the following to your IP tables will only allow 3 connections at once from any IP if it goes above 3 then that IP is locked out for 3minutes. At this stage the bot running the attack will either give up as its getting no reply from the SSH server or it will keep trying until it finishes its wordlist

iptables -I INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name DEFAULT --rsource

iptables -I INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update --seconds 180 --hitcount 4 --name DEFAULT --rsource -j DROP

Linux File Permissions

Duffy — Sun, 05 Apr 2009 09:46:51 +0000

What is chmod?
Chmod is a command that changes the access permissions of files or directories in order to read, write or execute files

How do I view The permissions of files?
You can do this by typing

ls -la

Heres is a example of its output

root@duffys-place:/etc/lighttpd# ls -la
total 20
drwxr-xr-x  4 root root 4096 2009-03-29 00:36 .
drwxr-xr-x 79 root root 4096 2009-04-05 01:14 ..
drwxr-xr-x  2 root root 4096 2009-03-29 00:30 conf-available
drwxr-xr-x  2 root root 4096 2008-09-27 11:24 conf-enabled
-rw-r--r--  1 root root 3248 2009-04-05 01:18 lighttpd.conf
root@duffys-place:/etc/lighttpd#

What do the letters mean in front of the files/directories mean?
r indicates that it is readable (someone can view the file’s contents)
w indicates that it is writable (someone can edit the file’s contents)
x indicates that it is executable (someone can run the file, if executable)
- indicates that no permission to manipulate has been assigned.

When you are listing files/directories the first character lets you know whether you’re looking at a file or a directory. The next three characters define your permissions.

Using Chmod
7 Full Permissions
5 Read and Execute
4 Read Only
3 Write and Execute
2 Write Only
1 Execute Only
0 No Permissions

Example:

chmod 755 filename

Why is there three numbers?
The First number defines what the owners permissions are.
The second number defines what the group rights are.
And the last number defines what access other users have.

In this case we have 755 so that means the owner has full permissions, group rights to execute and read, and all others access to execute the file.