System Security for Unix Systems

During the past few months, the Computer Centre received several reports from the departments on system intrusion to their PCs running the Linux operating system.  In these cases, although there was no obvious damage to the data files of the intruded systems, much effort was required in cleaning up the compromised systems.  To help departments avoid any unauthorized access to their Linux or other Unix systems, the following paragraphs discuss the general information and guidelines for protecting Linux or other Unix systems from intruders' attacks.

Exploit of Vulnerable System Commands

Some of the system commands, especially network services daemons (continuously running programs) on a Unix system,  have to be run as privileged users. A vulnerable command is a continuously running program whereby hackers can exploit this security loophole, get into the system and then run other programs pretending they are the real privileged user.  For example, network services daemons such as the FTP daemon and IMAP daemon are considered as vulnerable to attacks.

Trojan Horses

According to the Computer Emergency Response Team (CERT) Coordination Centre, a Trojan horse is an apparently useful program containing hidden functions that can exploit the privileges of the user and  posing a security threat to the system.  Contrary to vulnerable system commands, the trojan horse is intended for hacking the system and is installed by system users or intruders who can gain unauthorized access to the systems concerned.

Preventive Measures

In order to protect your system from hacking by others, the following tasks are recommended to be performed on a regular basis:
  1. visit security advisory web sites and/or subscribe to security alert mailing lists, e.g., the CERT Coordination Centre
  2. obtain and install the latest security update/patch from your system vendor
  3. disable any unused network services or known vulnerabilities
  4. perform audit on system logs, user accounts and passwords

Getting Help on System Security

If you have any question on Unix security, please visit the Computer Centre Unix security FAQ.  For reporting any breach of system security of the computer systems in the University, you can send your email message to security@hku.hk or write to the Computer Centre directly. More detailed information can be also found at the CERT Coordination Centre.
 

KC Chang
Tel: 2859 7972
E-mail: kcchang@hkusua.hku.hk


[Contents] [Next] [Previous]