Exploiting Linux Service Misconfiguration
Abstract
This paper proposes to show vulnerabilities in the Linux servers and service running on Red Hat Linux. The default configuration on Linux server is more vulnerability in the services running on Red Hat, not to the knowledge of system administrator. By pen testing in kali Linux the result shows that there will be many ports open. In Linux Red hat servers each services has its own vulnerability. This paper focuses on FTP service vulnerability, where payload is created for ftp service in Kali Linux and Red Hat server is compromised, by gaining the root credential of the particular Red Hat server. Here in Red Hat server lot of changes can be done in root file system and to any normal users, files and system information can be altered. By enhancing the security policies patches are made and the FTP server and the services is made normally available for users running.
Keywords
Full Text:
PDFReferences
Hardening Linux -JAMES TURNBULL
Understanding the Linux Kernel - Daniel P. Bovet, Marco Cesati
Hands-on_Guide_to_the_Red_Hat - Damian_Tommasino UNIX AND LINUX SYSTEM ADMINISTRATION - Evi Nemeth, Garth Snyder, Trent R. Hein, Ben Whaley
A-Practical-Guide-to-Linux-Commands-Editors-and-Shell- Programming- Mark G Sobell
O'reilly, Linux Server Security (2005), 2ed Lib Lotb
http://www.darknet.org.uk/2014/10/serious-linuxunix-ftp-flaw allows-command-execution/
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/4/html/Security_Guide/ch-exploits.html
http://www.giac.org/paper/gcih/223/ftp-format-string-vulnerability-exploit-redhat-linux-system-version-70/102053
Christopher Negus - Linux Bible 2010.
Ruby for System Administration, 2007 André Ben Hamou
Ruby Pocket Reference, 2007 Michael Fitzgerald
SELinux Policy Administration - Vermeulen, Sven-signed
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/4/html/SELinux_Guide/selg-preface-0011.html
Refbacks
- There are currently no refbacks.
This work is licensed under a Creative Commons Attribution 3.0 License.