-Denial of Service Attacks - are malicious attacks on a system by a remote host which sends numerous connection requests in a rapid succession there by overwhelming the resources of the destination and effectively 'denying' its services to other legitimate users or hosts.
-SYN flag - a special denial of service tcp packet sent by source host to dest host when starting a tcp connection.
-SYNACK - the acknowledgement of SYN flag from dest to source.
-after the source receives the SYNack, it sends a ack to the SYNack (to dest). this completes the handshaking.
-until this time, a table of SYN and SYNack is maintained on the dest.
-SYN flood - a situation in which, the source sends numerous SYN flags but no SYNack; so the SYN just pile up on the dest and bring it down.
-SYN cookie - a linux mechanism to prevent SYN flood by tracking the rate of SYN. if the rate is high, it gets rid of the SYN.
-to activate SYN cookie:
# sysctl net.ipv4.tcp_syncookies [shows]
# sysctl -w net.ipv4.tcp_syncookies=1 [sets ] To make it persistent across reboots, edit /etc/sysctl.conf
-to set the max number of simultaneous open files:
# cat /proc/sysc/fs/file-max [shows]
# sysctl -w fs.file-max=value
Tuesday, November 2, 2010
Linux HowTo: PAM Primer
PAM - Pluggable Auth Module
- a security layer in Linux that takes on the task of authentication on behalf of apps instead of apps having to do so themselves.
- each application has its own pam config file. if a specific config is not there, a default file is still there.
-how? - when programs need to authenticate someone, they call one of the functions in pam library.
- pam then checks the config file for that application. if a specific config is not there, a default file is still there (/etc/pam.d/other)
- the config file tells the pam library module what checks to perform.
- the checks performed by the library module may be as simple as checking /etc/passwd or more complex as checking with an ldap server.
- the config files exist in /etc/pam.d
- The library modules exist in /lib/security.
app -> config -> library module <-> user
-Each line in a pam config file is evaluated line by line. Each line returns a success or failure flag. The summary of the flags is returned to the app.
-Config file format:
- col 1 module_type - auth, account, session, password
[auth ask for passw; account=account attribs( egtty type); session=env settings, logging password points to the module to change passw]
- col 2 control_flag - required, requisite, sufficient, optional
- col 3 module_path - actual path of the library
- col 4 arguments - optional, has values like debug, no_warn, use_first_pass etc...
-recommended to leave the default config file /etc/pam.d/other as it is (it is very restrictive by nature).
-To fix pam errors, you can log into single user mode.
-a good place to look is /var/log/messages.
- a security layer in Linux that takes on the task of authentication on behalf of apps instead of apps having to do so themselves.
- each application has its own pam config file. if a specific config is not there, a default file is still there.
-how? - when programs need to authenticate someone, they call one of the functions in pam library.
- pam then checks the config file for that application. if a specific config is not there, a default file is still there (/etc/pam.d/other)
- the config file tells the pam library module what checks to perform.
- the checks performed by the library module may be as simple as checking /etc/passwd or more complex as checking with an ldap server.
- the config files exist in /etc/pam.d
- The library modules exist in /lib/security.
app -> config -> library module <-> user
-Each line in a pam config file is evaluated line by line. Each line returns a success or failure flag. The summary of the flags is returned to the app.
-Config file format:
- col 1 module_type - auth, account, session, password
[auth ask for passw; account=account attribs( egtty type); session=env settings, logging password points to the module to change passw]
- col 2 control_flag - required, requisite, sufficient, optional
- col 3 module_path - actual path of the library
- col 4 arguments - optional, has values like debug, no_warn, use_first_pass etc...
-recommended to leave the default config file /etc/pam.d/other as it is (it is very restrictive by nature).
-To fix pam errors, you can log into single user mode.
-a good place to look is /var/log/messages.
Subscribe to:
Posts (Atom)