Unix Security Technologies: Host Security Tools. Peter Markowsky <peterm[at]ccs.neu.edu>

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Unix Security Technologies: Host Security Tools. Peter Markowsky <peterm[at]ccs.neu.edu>"

Transcription

1 Unix Security Technologies: Host Security Tools Peter Markowsky <peterm[at]ccs.neu.edu>

2 Syllabus An Answer to last week s assignment Four tools SSP W^X PaX Systrace

3 Last time You were assigned to get a shell but not a root shell How d we do? Questions?

4 C-code walk through Simple Answer

5 SSP What is it? A modification to GCC It s main focus is prevent stack overflows

6 How does it work? It works by placing cannery values before the return address Before a function returns it checks the cannery values Reorders objects on the stack

7 How effective is it? Extremely effective against stack overflows Doesn t stop return to libc Does not stop any heap overflows

8 How can I use it? It comes by default on OpenBSD It s on by default too Patch gcc Prompt$ gcc -fstack-protector-all Patches available at

9 Why isn t every one using it? Not sure Performance often cited Systems only 1.3% slower It has a poor algorithm for skipping protection on functions

10 Where can I learn more? ibm.com/trl/projects/ security/ssp/ org/papers/bsdcan0 4/mgp00004.html

11 W^X What is it? Openbsd s system for enforcing memory permissions Makes sure that a page can only be Writeable xor Executable

12 What s a Page? A Page is a unit of memory storage Used by Virtual Memory to best utilize address space

13 How Does it Work? Rearranges pages On architectures which support an NX bit it use the bit On other archs (x86) Divides address space

14 Use OpenBSD :-) How can I use it?

15 Why isn t everyone using it? Breaks software compatibility No support for nonexecutable kernel pages No method for randomizing the executable base

16 PaX The best prevention system you re not using Part of grsecurity Roman word for friend / piece

17 PaX Components SEGMEXEC KERNEXEC ASLR

18 SEGMEXEC Responsible for nonexecutable user pages Mirrors the VM space Uses the segmentation logic of the IA-32(x86)

19 PaX VM Division With out PaX With PaX User Code & Data Segments 3GB User Code Segment 1.5GB User Data Segment 1.5GB

20 How does it work? If someone tries to access data from the data segment A page fault occurs PaX takes care of it and kills the process that made the access

21 PaX KERNEXEC Alters things in the kernel like Read only syscall table Read only interrupt descriptor table Data not executable Works similarly to SEGMEXEC

22 PaX ASLR Address Space Layout Randomization Allows this much randomness stack (24 bits) mmap(16 bits) Executable (16 bits) Heap (12 bits / 24 bits) Each section s randomness is independent of the others

23 How can I use it? Patch the Linux Kernel Patches available at

24 Systrace What is it? A system call monitor that enforces policy Written by Neils Provos

25 What is a System Call? A system call is a request to the operating system kernel Switches context to kernel mode Kernel mode is privileged

26 System Calls

27 How Does It Work? When a system call is made by a program checks a policy from user land If that system call is in the policy and has permission Allows you to get rid of setuid binaries

28 How Does It Work? shepherds a programs traversal of the system call table

29 How Can I Use It? Not just for OpenBSD Patch the Kernel Debian gentoo Write policy Use the policy profiler By hand

30 Why isn t everyone using it? System call hooking is slow You have to switch between user space and kernel space multiple times You have to write a policy This can be hard / time consuming

31 Why isn t everyone using it? No mechanism for single system call Not fine grained enough No xor capabilities Requires a modest level of understanding regarding system calls and their consequences

32 Writing policies with Systrace A policy is describes what system calls a program is allowed to make. Create an allow all policy with %systrace -A program

33 systrace(1) options -t will prompt you at the command line -a enforce policy -d directory for logs -I children inherit their parents policies -u do not use aliasing

34 systrace(1) Options Aliasing is used to group syscalls together -f add policies from file

35 Systrace Rules filter = expression then action errorcode logcode expression = symbol "not" expression "(" expression ")" expression "and" expression expression "or expression symbol = string typeoff "match" cmdstring string typeoff "eq" cmdstring string typeoff "neq" cmdstring string typeoff "sub" cmdstring string typeoff "nsub" cmdstring string typeoff "inpath" cmdstring string typeoff "re" cmdstring "true" typeoff = /* empty */ "[" number "] action = "permit" "deny" "ask errorcode = /* empty */ "[" string "] logcode = /* empty */ "log"

36 Simple Method Just run a program with systrace -A Then run program again with systrace Not a good solution Assumes the program is already okay Not full extent

37 Sometimes you have to do Start with -A but modify the policy by hand Global systrace policies live in /etc/systrace Local in ~/.systrace/ the job yourself

38 It s a project to develop systrace policies for popular software Aimed at openbsd Most policies can be adapted for other os Good Starting Point Hairy Eyeball

39 Assignment Take the broken example code from week 1 build a systrace policy to prevent it from spawning a shell Bonus: rewrite your exploit to get around this

40 Resources System Call picture SP02/syscall.gif PaX picture taken from Brad Spengler s Presentation on PaX Absolute OpenBSD by Michael Lucas Secure Architectures with OpenBSD by Brandon Palmer and Jose Nazario

Safety measures in Linux

Safety measures in Linux S a f e t y m e a s u r e s i n L i n u x Safety measures in Linux Krzysztof Lichota lichota@mimuw.edu.pl A g e n d a Standard Unix security measures: permissions, capabilities, ACLs, chroot Linux kernel

More information

Defense in Depth: Protecting Against Zero-Day Attacks

Defense in Depth: Protecting Against Zero-Day Attacks Defense in Depth: Protecting Against Zero-Day Attacks Chris McNab FIRST 16, Budapest 2004 Agenda Exploits through the ages Discussion of stack and heap overflows Common attack behavior Defense in depth

More information

Security features in the OpenBSD operating system

Security features in the OpenBSD operating system Security features in the OpenBSD operating system Matthieu Herrb & other OpenBSD developers INSA/LAAS-CNRS, 22 janvier 2015 Agenda 1 Introduction 2 Random numbers 3 Increasing resilience 4 Network level

More information

Unix Security Technologies. Pete Markowsky <peterm[at] ccs.neu.edu>

Unix Security Technologies. Pete Markowsky <peterm[at] ccs.neu.edu> Unix Security Technologies Pete Markowsky What is this about? The goal of this CPU/SWS are: Introduce you to classic vulnerabilities Get you to understand security advisories Make

More information

static void insecure (localhost *unix)

static void insecure (localhost *unix) static void insecure (localhost *unix) Eric Pancer epancer@infosec.depaul.edu Information Security Team DePaul University http://infosec.depaul.edu Securing UNIX Hosts from Local Attack p.1/32 Overview

More information

CIS 551 / TCOM 401 Computer and Network Security

CIS 551 / TCOM 401 Computer and Network Security CIS 551 / TCOM 401 Computer and Network Security Spring 2007 Lecture 3 1/18/07 CIS/TCOM 551 1 Announcements Email project groups to Jeff (vaughan2 AT seas.upenn.edu) by Jan. 25 Start your projects early!

More information

Laboratory Report. An Appendix to SELinux & grsecurity: A Side-by-Side Comparison of Mandatory Access Control & Access Control List Implementations

Laboratory Report. An Appendix to SELinux & grsecurity: A Side-by-Side Comparison of Mandatory Access Control & Access Control List Implementations Laboratory Report An Appendix to SELinux & grsecurity: A Side-by-Side Comparison of Mandatory Access Control & Access Control List Implementations 1. Hardware Configuration We configured our testbed on

More information

Software security. Buffer overflow attacks SQL injections. Lecture 11 EIT060 Computer Security

Software security. Buffer overflow attacks SQL injections. Lecture 11 EIT060 Computer Security Software security Buffer overflow attacks SQL injections Lecture 11 EIT060 Computer Security Buffer overflow attacks Buffer overrun is another common term Definition A condition at an interface under which

More information

Chapter 6, The Operating System Machine Level

Chapter 6, The Operating System Machine Level Chapter 6, The Operating System Machine Level 6.1 Virtual Memory 6.2 Virtual I/O Instructions 6.3 Virtual Instructions For Parallel Processing 6.4 Example Operating Systems 6.5 Summary Virtual Memory General

More information

Modern Binary Exploitation Course Syllabus

Modern Binary Exploitation Course Syllabus Modern Binary Exploitation Course Syllabus Course Information Course Title: Modern Binary Exploitation Course Number: CSCI 4968 Credit Hours: 4 Semester / Year: Spring 2015 Meeting Days: Tuesday/Friday

More information

CIS 551 / TCOM 401 Computer and Network Security. Spring 2005 Lecture 4

CIS 551 / TCOM 401 Computer and Network Security. Spring 2005 Lecture 4 CIS 551 / TCOM 401 Computer and Network Security Spring 2005 Lecture 4 Access Control: The Big Picture Objects - resources being protected E.g. files, devices, etc. Subjects - active entities E.g. processes,

More information

Introduction to Computer Security

Introduction to Computer Security Introduction to Computer Security Windows Security Pavel Laskov Wilhelm Schickard Institute for Computer Science Microsoft Windows Family Tree Key security milestones: NT 3.51 (1993): network drivers and

More information

I Control Your Code Attack Vectors Through the Eyes of Software-based Fault Isolation. Mathias Payer, ETH Zurich

I Control Your Code Attack Vectors Through the Eyes of Software-based Fault Isolation. Mathias Payer, ETH Zurich I Control Your Code Attack Vectors Through the Eyes of Software-based Fault Isolation Mathias Payer, ETH Zurich Motivation Applications often vulnerable to security exploits Solution: restrict application

More information

Operating Systems. Design and Implementation. Andrew S. Tanenbaum Melanie Rieback Arno Bakker. Vrije Universiteit Amsterdam

Operating Systems. Design and Implementation. Andrew S. Tanenbaum Melanie Rieback Arno Bakker. Vrije Universiteit Amsterdam Operating Systems Design and Implementation Andrew S. Tanenbaum Melanie Rieback Arno Bakker Vrije Universiteit Amsterdam Operating Systems - Winter 2012 Outline Introduction What is an OS? Concepts Processes

More information

Outline. Operating Systems Design and Implementation. Chap 1 - Overview. What is an OS? 28/10/2014. Introduction

Outline. Operating Systems Design and Implementation. Chap 1 - Overview. What is an OS? 28/10/2014. Introduction Operating Systems Design and Implementation Andrew S. Tanenbaum Melanie Rieback Arno Bakker Outline Introduction What is an OS? Concepts Processes and Threads Memory Management File Systems Vrije Universiteit

More information

For a 64-bit system. I - Presentation Of The Shellcode

For a 64-bit system. I - Presentation Of The Shellcode #How To Create Your Own Shellcode On Arch Linux? #Author : N3td3v!l #Contact-mail : 4nonymouse@usa.com #Website : Nopotm.ir #Spcial tnx to : C0nn3ct0r And All Honest Hackerz and Security Managers I - Presentation

More information

LSN 10 Linux Overview

LSN 10 Linux Overview LSN 10 Linux Overview ECT362 Operating Systems Department of Engineering Technology LSN 10 Linux Overview Linux Contemporary open source implementation of UNIX available for free on the Internet Introduced

More information

System Security Fundamentals

System Security Fundamentals System Security Fundamentals Alessandro Barenghi Dipartimento di Elettronica, Informazione e Bioingegneria Politecnico di Milano alessandro.barenghi - at - polimi.it April 28, 2015 Lesson contents Overview

More information

What is Web Security? Motivation

What is Web Security? Motivation brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web

More information

II. Installing Debian Linux:

II. Installing Debian Linux: Debian Linux Installation Lab Spring 2013 In this lab you will be installing Debian Linux in a KVM (Kernel Virtual Machine). You will be guided through a series of steps to setup the network (IP addresses,

More information

Eugene Tsyrklevich. Ozone HIPS: Unbreakable Windows

Eugene Tsyrklevich. Ozone HIPS: Unbreakable Windows Eugene Tsyrklevich Eugene Tsyrklevich has an extensive security background ranging from designing and implementing Host Intrusion Prevention Systems to training people in research, corporate, and military

More information

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details Sub: Supply, Installation, setup and testing of Tenable Network Security Nessus vulnerability scanner professional version 6 or latest for scanning the LAN, VLAN, VPN and IPs with 3 years License/Subscription

More information

Getting Started with Mplus Version 7.31 Demo for Mac OS X and Linux

Getting Started with Mplus Version 7.31 Demo for Mac OS X and Linux Getting Started with Mplus Version 7.31 Demo for Mac OS X and Linux This document shows how to install Mplus Demo, how to use Mplus Demo, and where to find additional documentation. Overview Mplus Version

More information

RSBAC - a framework for enhanced Linux system security

RSBAC - a framework for enhanced Linux system security RSBAC - a framework for enhanced Linux system security Marek Jawurek RWTH-Aachen Abstract Operating systems traditionally bring their own means of protection against any kind of threats. But often the

More information

CSE331: Introduction to Networks and Security. Lecture 34 Fall 2006

CSE331: Introduction to Networks and Security. Lecture 34 Fall 2006 CSE331: Introduction to Networks and Security Lecture 34 Fall 2006 Announcements Problem with Crypto.java Look for a new Crypto.java file later today Project 4 is due Dec. 8th at midnight. Homework 3 is

More information

File Management. Chapter 12

File Management. Chapter 12 Chapter 12 File Management File is the basic element of most of the applications, since the input to an application, as well as its output, is usually a file. They also typically outlive the execution

More information

MAPILab Reports Installation Guide. Document version 3.02

MAPILab Reports Installation Guide. Document version 3.02 MAPILab Reports Installation Guide Document version 3.02 MAPILab Ltd., April 2010 Table of Contents Introduction... 3 1. Product architecture and general explanations... 4 2. System requirements... 6 2.1.

More information

Team Foundation Server 2012 Installation Guide

Team Foundation Server 2012 Installation Guide Team Foundation Server 2012 Installation Guide Page 1 of 143 Team Foundation Server 2012 Installation Guide Benjamin Day benday@benday.com v1.0.0 November 15, 2012 Team Foundation Server 2012 Installation

More information

CSE543 - Introduction to Computer and Network Security. Module: Reference Monitor

CSE543 - Introduction to Computer and Network Security. Module: Reference Monitor CSE543 - Introduction to Computer and Network Security Module: Reference Monitor Professor Trent Jaeger 1 Living with Vulnerabilities So, software is potentially vulnerable In a variety of ways So, how

More information

Chapter 11: File-System Interface

Chapter 11: File-System Interface Chapter 11: File-System Interface Chapter Outline File Concept Access Methods Directory Structure File System Mounting File Sharing Protection 11.1 File Systems File System consists of A collection of

More information

HIMA: A Hypervisor-Based Integrity Measurement Agent

HIMA: A Hypervisor-Based Integrity Measurement Agent HIMA: A Hypervisor-Based Integrity Measurement Agent Ahmed M. Azab, Peng Ning, Emre C. Sezer rth Carolina State University {amazab, pning, ecsezer}@ncsu.edu Xiaolan Zhang IBM T.J. Watson Research Center

More information

Bypassing Memory Protections: The Future of Exploitation

Bypassing Memory Protections: The Future of Exploitation Bypassing Memory Protections: The Future of Exploitation Alexander Sotirov alex@sotirov.net About me Exploit development since 1999 Research into reliable exploitation techniques: Heap Feng Shui in JavaScript

More information

VMware Server 2.0 Essentials. Virtualization Deployment and Management

VMware Server 2.0 Essentials. Virtualization Deployment and Management VMware Server 2.0 Essentials Virtualization Deployment and Management . This PDF is provided for personal use only. Unauthorized use, reproduction and/or distribution strictly prohibited. All rights reserved.

More information

Exploiting nginx chunked overflow bug, the undisclosed attack vector

Exploiting nginx chunked overflow bug, the undisclosed attack vector Exploiting nginx chunked overflow bug, the undisclosed attack vector Long Le longld@vnsecurity.net About VNSECURITY.NET CLGT CTF team 2 VNSECURITY.NET In this talk Nginx brief introduction Nginx chunked

More information

Review from last time. CS 537 Lecture 3 OS Structure. OS structure. What you should learn from this lecture

Review from last time. CS 537 Lecture 3 OS Structure. OS structure. What you should learn from this lecture Review from last time CS 537 Lecture 3 OS Structure What HW structures are used by the OS? What is a system call? Michael Swift Remzi Arpaci-Dussea, Michael Swift 1 Remzi Arpaci-Dussea, Michael Swift 2

More information

Example of Standard API

Example of Standard API 16 Example of Standard API System Call Implementation Typically, a number associated with each system call System call interface maintains a table indexed according to these numbers The system call interface

More information

Demonstration of Windows XP Privilege Escalation Exploit

Demonstration of Windows XP Privilege Escalation Exploit Demonstration of Windows XP Privilege Escalation Exploit This article is a tutorial on how to trick Windows XP into giving you system privileges. Using simple command line tools on a machine running Windows

More information

ELEC 377. Operating Systems. Week 1 Class 3

ELEC 377. Operating Systems. Week 1 Class 3 Operating Systems Week 1 Class 3 Last Class! Computer System Structure, Controllers! Interrupts & Traps! I/O structure and device queues.! Storage Structure & Caching! Hardware Protection! Dual Mode Operation

More information

There s a kernel security researcher named Dan Rosenberg whose done a lot of linux kernel vulnerability research

There s a kernel security researcher named Dan Rosenberg whose done a lot of linux kernel vulnerability research 1 There s a kernel security researcher named Dan Rosenberg whose done a lot of linux kernel vulnerability research That s unavoidable, but the linux kernel developers don t do very much to make the situation

More information

Encryption Wrapper. on OSX

Encryption Wrapper. on OSX Encryption Wrapper on OSX Overview OSX Kernel What is an Encryption Wrapper? Project Implementation OSX s Origins and Design NeXTSTEP Legacy NextStep v1 NextStep v3.3 Mac OS X Jobs creates NeXT Apple acquisition

More information

Return-oriented programming without returns

Return-oriented programming without returns Faculty of Computer Science Institute for System Architecture, Operating Systems Group Return-oriented programming without urns S. Checkoway, L. Davi, A. Dmitrienko, A. Sadeghi, H. Shacham, M. Winandy

More information

Operating Systems, 6 th ed. Test Bank Chapter 7

Operating Systems, 6 th ed. Test Bank Chapter 7 True / False Questions: Chapter 7 Memory Management 1. T / F In a multiprogramming system, main memory is divided into multiple sections: one for the operating system (resident monitor, kernel) and one

More information

Virtual Memory and Address Translation

Virtual Memory and Address Translation Virtual Memory and Address Translation Review: the Program and the Process VAS Process text segment is initialized directly from program text section. sections Process data segment(s) are initialized from

More information

Using Power to Improve C Programming Education

Using Power to Improve C Programming Education Using Power to Improve C Programming Education Jonas Skeppstedt Department of Computer Science Lund University Lund, Sweden jonas.skeppstedt@cs.lth.se jonasskeppstedt.net jonasskeppstedt.net jonas.skeppstedt@cs.lth.se

More information

Secure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda

Secure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda Secure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda 1. Introductions for new members (5 minutes) 2. Name of group 3. Current

More information

CHAPTER 17: File Management

CHAPTER 17: File Management CHAPTER 17: File Management The Architecture of Computer Hardware, Systems Software & Networking: An Information Technology Approach 4th Edition, Irv Englander John Wiley and Sons 2010 PowerPoint slides

More information

COS 318: Operating Systems

COS 318: Operating Systems COS 318: Operating Systems OS Structures and System Calls Andy Bavier Computer Science Department Princeton University http://www.cs.princeton.edu/courses/archive/fall10/cos318/ Outline Protection mechanisms

More information

Outline: Operating Systems

Outline: Operating Systems Outline: Operating Systems What is an OS OS Functions Multitasking Virtual Memory File Systems Window systems PC Operating System Wars: Windows vs. Linux 1 Operating System provides a way to boot (start)

More information

Installing an open source version of MateCat

Installing an open source version of MateCat Installing an open source version of MateCat This guide is meant for users who want to install and administer the open source version on their own machines. Overview 1 Hardware requirements 2 Getting started

More information

Distributed Systems. Virtualization. Paul Krzyzanowski pxk@cs.rutgers.edu

Distributed Systems. Virtualization. Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems Virtualization Paul Krzyzanowski pxk@cs.rutgers.edu Except as otherwise noted, the content of this presentation is licensed under the Creative Commons Attribution 2.5 License. Virtualization

More information

Linux Development Environment Description Based on VirtualBox Structure

Linux Development Environment Description Based on VirtualBox Structure Linux Development Environment Description Based on VirtualBox Structure V1.0 1 VirtualBox is open source virtual machine software. It mainly has three advantages: (1) Free (2) compact (3) powerful. At

More information

Virtual Machine Security

Virtual Machine Security Virtual Machine Security CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ 1 Operating System Quandary Q: What is the primary goal

More information

Summary of the SEED Labs For Authors and Publishers

Summary of the SEED Labs For Authors and Publishers SEED Document 1 Summary of the SEED Labs For Authors and Publishers Wenliang Du, Syracuse University To help authors reference our SEED labs in their textbooks, we have created this document, which provides

More information

IBM Tivoli Composite Application Manager for Microsoft Applications: Microsoft Hyper-V Server Agent Version 6.3.1 Fix Pack 2.

IBM Tivoli Composite Application Manager for Microsoft Applications: Microsoft Hyper-V Server Agent Version 6.3.1 Fix Pack 2. IBM Tivoli Composite Application Manager for Microsoft Applications: Microsoft Hyper-V Server Agent Version 6.3.1 Fix Pack 2 Reference IBM Tivoli Composite Application Manager for Microsoft Applications:

More information

WINDOWS INS AND OUTS MICHELE SENSALARI MCT, MCSE, MCSA,

WINDOWS INS AND OUTS MICHELE SENSALARI MCT, MCSE, MCSA, WINDOWS INS AND OUTS MICHELE SENSALARI MCT, MCSE, MCSA, MCITP MICHELE@SENSALARI.COM, @ILSENSA7 DA WINDOWS 1 A WINDOWS 10 SO MajorNumber MinorNumber Note Windows Vista 6 0 6=6+0 Windows 7 6 1 7=6+1 Windows

More information

Best Practices on monitoring Solaris Global/Local Zones using IBM Tivoli Monitoring

Best Practices on monitoring Solaris Global/Local Zones using IBM Tivoli Monitoring Best Practices on monitoring Solaris Global/Local Zones using IBM Tivoli Monitoring Document version 1.0 Gianluca Della Corte, IBM Tivoli Monitoring software engineer Antonio Sgro, IBM Tivoli Monitoring

More information

Operating Systems. Week 2 Recitation: The system call. Paul Krzyzanowski. Rutgers University. Spring 2015

Operating Systems. Week 2 Recitation: The system call. Paul Krzyzanowski. Rutgers University. Spring 2015 Operating Systems Week 2 Recitation: The system call Paul Krzyzanowski Rutgers University Spring 2015 February 14, 2015 2014-2015 Paul Krzyzanowski 1 System calls System calls are an operating system s

More information

Betriebssysteme KU Security

Betriebssysteme KU Security Betriebssysteme KU Security IAIK Graz University of Technology 1 1. Drivers 2. Security - The simple stuff 3. Code injection attacks 4. Side-channel attacks 2 1. Drivers 2. Security - The simple stuff

More information

Access Control Lists in Linux & Windows

Access Control Lists in Linux & Windows Access Control Lists in Linux & Windows Vasudevan Nagendra & Yaohui Chen Categorization: Access Control Mechanisms Discretionary Access Control (DAC): Owner of object specifies who can access object (files/directories)

More information

Viking VPN Guide Linux/UNIX

Viking VPN Guide Linux/UNIX Viking VPN Guide Linux/UNIX Table Of Contents 1 : VPN Questions answered 2 : Installing the Linux Client 3 : Connecting with the Linux Client 4 : Reporting Problems Version 1.0 : 10/27/2010 Information

More information

Objectives and Functions

Objectives and Functions Objectives and Functions William Stallings Computer Organization and Architecture 6 th Edition Week 10 Operating System Support Convenience Making the computer easier to use Efficiency Allowing better

More information

Automated Deployment of Oracle RAC Using Enterprise Manager Provisioning Pack

Automated Deployment of Oracle RAC Using Enterprise Manager Provisioning Pack Automated Deployment of Oracle RAC Using Enterprise Manager Provisioning Pack By Kai Yu As a part of the Oracle Enterprise Manager s lifecycle management solutions, the Oracle Enterprise Manager Provisioning

More information

CPS221 Lecture: Operating System Structure; Virtual Machines

CPS221 Lecture: Operating System Structure; Virtual Machines Objectives CPS221 Lecture: Operating System Structure; Virtual Machines 1. To discuss various ways of structuring the operating system proper 2. To discuss virtual machines Materials: 1. Projectable of

More information

More Efficient Virtualization Management: Templates

More Efficient Virtualization Management: Templates White Paper More Efficient Virtualization Management: Templates Learn more at www.swsoft.com/virtuozzo Published: November 2006 Revised: November 2006 Table of Contents Table of Contents... 2 OS, Middleware

More information

Virtualization. Clothing the Wolf in Wool. Wednesday, April 17, 13

Virtualization. Clothing the Wolf in Wool. Wednesday, April 17, 13 Virtualization Clothing the Wolf in Wool Virtual Machines Began in 1960s with IBM and MIT Project MAC Also called open shop operating systems Present user with the view of a bare machine Execute most instructions

More information

Computer Systems and Networks. ECPE 170 Jeff Shafer University of the Pacific. Linux Basics

Computer Systems and Networks. ECPE 170 Jeff Shafer University of the Pacific. Linux Basics ECPE 170 Jeff Shafer University of the Pacific Linux Basics 2 Pre- Lab Everyone installed Linux on their computer Everyone launched the command line ( terminal ) and ran a few commands What problems were

More information

EXPLORING LINUX KERNEL: THE EASY WAY!

EXPLORING LINUX KERNEL: THE EASY WAY! EXPLORING LINUX KERNEL: THE EASY WAY! By: Ahmed Bilal Numan 1 PROBLEM Explore linux kernel TCP/IP stack Solution Try to understand relative kernel code Available text Run kernel in virtualized environment

More information

Installing Oracle Enterprise Linux on VMware Workstation (Version 7.0.0 build-203739)

Installing Oracle Enterprise Linux on VMware Workstation (Version 7.0.0 build-203739) Installing Oracle Enterprise Linux on VMware Workstation (Version 7.0.0 build-203739) The Steps to Install OEL 4.7 on VMWare Workstation 7 is shown below Screen shot 1: This is the first and basic view

More information

W4118 Operating Systems. Junfeng Yang

W4118 Operating Systems. Junfeng Yang W4118 Operating Systems Junfeng Yang Outline Linux overview Interrupt in Linux System call in Linux What is Linux A modern, open-source OS, based on UNIX standards 1991, 0.1 MLOC, single developer Linus

More information

Download Virtualization Software Download a Linux-based OS Creating a Virtual Machine using VirtualBox: VM name

Download Virtualization Software Download a Linux-based OS Creating a Virtual Machine using VirtualBox: VM name Download Virtualization Software You will first need to download and install a virtualization product. This will allow you to create a virtual machine which you can install a Linux distribution on. I recommend

More information

CIS433/533 - Computer and Network Security Operating System Security

CIS433/533 - Computer and Network Security Operating System Security CIS433/533 - Computer and Network Security Operating System Security Professor Kevin Butler Winter 2010 Computer and Information Science OS Security An secure OS should provide (at least) the following

More information

Virtual Hosting & Virtual Machines

Virtual Hosting & Virtual Machines & Virtual Machines Coleman Kane Coleman.Kane@ge.com September 2, 2014 Cyber Defense Overview / Machines 1 / 17 Similar to the network partitioning schemes described previously, there exist a menu of options

More information

GoGrid Implement.com Configuring a SQL Server 2012 AlwaysOn Cluster

GoGrid Implement.com Configuring a SQL Server 2012 AlwaysOn Cluster GoGrid Implement.com Configuring a SQL Server 2012 AlwaysOn Cluster Overview This documents the SQL Server 2012 Disaster Recovery design and deployment, calling out best practices and concerns from the

More information

Auditing a Web Application. Brad Ruppert. SANS Technology Institute GWAS Presentation 1

Auditing a Web Application. Brad Ruppert. SANS Technology Institute GWAS Presentation 1 Auditing a Web Application Brad Ruppert SANS Technology Institute GWAS Presentation 1 Objectives Define why application vulnerabilities exist Address Auditing Approach Discuss Information Interfaces Walk

More information

CEN 559 Selected Topics in Computer Engineering. Dr. Mostafa H. Dahshan KSU CCIS mdahshan@ccis.ksu.edu.sa

CEN 559 Selected Topics in Computer Engineering. Dr. Mostafa H. Dahshan KSU CCIS mdahshan@ccis.ksu.edu.sa CEN 559 Selected Topics in Computer Engineering Dr. Mostafa H. Dahshan KSU CCIS mdahshan@ccis.ksu.edu.sa Access Control Access Control Which principals have access to which resources files they can read

More information

Chapter 10 Case Study 1: LINUX

Chapter 10 Case Study 1: LINUX MODERN OPERATING SYSTEMS Third Edition ANDREW S. TANENBAUM Chapter 10 Case Study 1: LINUX History of UNIX and Linux UNICS PDP-11 UNIX Portable UNIX Berkeley UNIX Standard UNIX MINIX Linux UNIX/Linux Goals

More information

A Dozen Years of Shellphish From DEFCON to the Cyber Grand Challenge

A Dozen Years of Shellphish From DEFCON to the Cyber Grand Challenge A Dozen Years of Shellphish From DEFCON to the Cyber Grand Challenge Antonio Bianchi antoniob@cs.ucsb.edu University of California, Santa Barbara HITCON Enterprise August 27th, 2015 Agenda Shellphish The

More information

CSE 265: System and Network Administration

CSE 265: System and Network Administration CSE 265: System and Network Administration MW 1:10-2:00pm Maginnes 105 http://www.cse.lehigh.edu/~brian/course/sysadmin/ Find syllabus, lecture notes, readings, etc. Instructor: Prof. Brian D. Davison

More information

Effects of Memory Randomization, Sanitization and Page Cache on Memory Deduplication

Effects of Memory Randomization, Sanitization and Page Cache on Memory Deduplication Effects of Memory Randomization, Sanitization and Page Cache on Memory Deduplication Kuniyasu Suzaki, Kengo Iijima, Toshiki Yagi, Cyrille Artho Research Institute for Secure Systems EuroSec 2012 at Bern,

More information

Canto Integration Platform (CIP)

Canto Integration Platform (CIP) Canto Integration Platform (CIP) Getting Started Guide Copyright 2013, Canto GmbH. All rights reserved. Canto, the Canto logo, the Cumulus logo, and Cumulus are registered trademarks of Canto, registered

More information

CS197U: A Hands on Introduction to Unix

CS197U: A Hands on Introduction to Unix CS197U: A Hands on Introduction to Unix Lecture 4: My First Linux System J.D. DeVaughn-Brown University of Massachusetts Amherst Department of Computer Science jddevaughn@cs.umass.edu 1 Reminders After

More information

Securing shared hosting using CageFS

Securing shared hosting using CageFS Securing shared hosting using CageFS Igor Seletskiy CEO, CloudLinux Linux OS based on RHEL source RPMs Binary compatible with RHEL 5.x/6.x and CentOS 5.x/6.x Made for Shared Hosting Companies Focus on

More information

California Department of Technology, Office of Technology Services WINDOWS SERVER GUIDELINE

California Department of Technology, Office of Technology Services WINDOWS SERVER GUIDELINE Table of Contents 1.0 GENERAL... 2 1.1 SUMMARY...2 1.2 REFERENCES...2 1.3 SUBMITTALS...2 1.3.1 General...2 1.3.2 Service Request...3 1.4 EXPECTATIONS...3 1.4.1 OTech...3 1.4.2 Customer...3 1.5 SCHEDULING...4

More information

Bitrix Site Manager 4.1. User Guide

Bitrix Site Manager 4.1. User Guide Bitrix Site Manager 4.1 User Guide 2 Contents REGISTRATION AND AUTHORISATION...3 SITE SECTIONS...5 Creating a section...6 Changing the section properties...8 SITE PAGES...9 Creating a page...10 Editing

More information

CMSC 421, Operating Systems. Fall 2008. Security. URL: http://www.csee.umbc.edu/~kalpakis/courses/421. Dr. Kalpakis

CMSC 421, Operating Systems. Fall 2008. Security. URL: http://www.csee.umbc.edu/~kalpakis/courses/421. Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 Security Dr. Kalpakis URL: http://www.csee.umbc.edu/~kalpakis/courses/421 Outline The Security Problem Authentication Program Threats System Threats Securing Systems

More information

...e SELinux fosse più sicuro?...and if Linux was more secure? (Play on words with the Italian language)

...e SELinux fosse più sicuro?...and if Linux was more secure? (Play on words with the Italian language) ...e SELinux fosse più sicuro?...and if Linux was more secure? (Play on words with the Italian language) Marco Pizzoli IMOLUG: Imola e Faenza Linux Users Group www.imolug.org 1 About the speaker... System

More information

Memory management in C: The heap and the stack

Memory management in C: The heap and the stack Memory management in C: The heap and the stack Leo Ferres Department of Computer Science Universidad de Concepción leo@inf.udec.cl October 7, 2010 1 Introduction When a program is loaded into memory, it

More information

CSE 265: System and Network Administration. CSE 265: System and Network Administration

CSE 265: System and Network Administration. CSE 265: System and Network Administration CSE 265: System and Network Administration MW 9:10-10:00am Packard 258 F 9:10-11:00am Packard 112 http://www.cse.lehigh.edu/~brian/course/sysadmin/ Find syllabus, lecture notes, readings, etc. Instructor:

More information

CS 377: Operating Systems. Outline. A review of what you ve learned, and how it applies to a real operating system. Lecture 25 - Linux Case Study

CS 377: Operating Systems. Outline. A review of what you ve learned, and how it applies to a real operating system. Lecture 25 - Linux Case Study CS 377: Operating Systems Lecture 25 - Linux Case Study Guest Lecturer: Tim Wood Outline Linux History Design Principles System Overview Process Scheduling Memory Management File Systems A review of what

More information

4D v11 SQL Release 6 (11.6) ADDENDUM

4D v11 SQL Release 6 (11.6) ADDENDUM ADDENDUM Welcome to release 6 of 4D v11 SQL. This document presents the new features and modifications of this new version of the program. Increased ciphering capacities Release 6 of 4D v11 SQL extends

More information

umps software development

umps software development Laboratorio di Sistemi Operativi Anno Accademico 2006-2007 Software Development with umps Part 2 Mauro Morsiani Software development with umps architecture: Assembly language development is cumbersome:

More information

Laboratorio di Sistemi Operativi Anno Accademico 2009-2010

Laboratorio di Sistemi Operativi Anno Accademico 2009-2010 Laboratorio di Sistemi Operativi Anno Accademico 2009-2010 Software Development with umps Part 2 Mauro Morsiani Copyright Permission is granted to copy, distribute and/or modify this document under the

More information

Site Configuration SETUP GUIDE. Windows Hosts Single Workstation Installation. May08. May 08

Site Configuration SETUP GUIDE. Windows Hosts Single Workstation Installation. May08. May 08 Site Configuration SETUP GUIDE Windows Hosts Single Workstation Installation May08 May 08 Copyright 2008 Wind River Systems, Inc. All rights reserved. No part of this publication may be reproduced or transmitted

More information

LINUX SHELL SCRIPTING

LINUX SHELL SCRIPTING LINUX SHELL SCRIPTING @Copyright 2015 1 1. Chapter 1: Quick Introduction to Linux What Is Linux? Who created Linux? Where can I download Linux? How do I Install Linux? Linux usage in everyday life What

More information

ReactOS is (not) Windows. Windows internals and why ReactOS couldn t just use a Linux kernel

ReactOS is (not) Windows. Windows internals and why ReactOS couldn t just use a Linux kernel ReactOS is (not) Windows Windows internals and why ReactOS couldn t just use a Linux kernel ReactOS is (not) Windows ReactOS is Windows Runs Windows applications Runs Windows drivers Looks like Windows

More information

NETWORK SECURITY HACKS *

NETWORK SECURITY HACKS * NETWORK SECURITY HACKS * Andrew %pckhart Ji O'REILLY* Beijing Cambridge Farnham Koln Paris Sebastopol Taipei Tokyo Contents Credits Preface ix xi Chapter 1. Unix Host Security 1 1. Secure Mount Points

More information

COS 318: Operating Systems. File Layout and Directories. Topics. File System Components. Steps to Open A File

COS 318: Operating Systems. File Layout and Directories. Topics. File System Components. Steps to Open A File Topics COS 318: Operating Systems File Layout and Directories File system structure Disk allocation and i-nodes Directory and link implementations Physical layout for performance 2 File System Components

More information

KVM & Memory Management Updates

KVM & Memory Management Updates KVM & Memory Management Updates KVM Forum 2012 Rik van Riel Red Hat, Inc. KVM & Memory Management Updates EPT Accessed & Dirty Bits 1GB hugepages Balloon vs. Transparent Huge Pages Automatic NUMA Placement

More information

RITlug Week 2: Intro to Desktop Environments

RITlug Week 2: Intro to Desktop Environments RITlug Week 2: Intro to Desktop Environments What exactly is Linux anyway? Generally when someone refers to Linux - they are really referring to a specific Linux distribution Linux itself is only an operating

More information