a - When this attribute is set, the file can only be opened in append mode for writing.Below is a list of a few common attributes and associated flags: The operator is followed by one or more flags that you want to add or remove from the file attributes. = - The equal operator tells the chattr to set specified attributes as the only attributes.- The minus operator tells the chattr to remove specified attributes from the existing ones.+ - The plus operator tells the chattr to add specified attributes to the existing ones.The value of the part can be one of the following symbols: Because the credentials are not passed through the wire in this case.Chattr FILE. And user password less authentication, which is more secure than password based authentication. So have to insist on the encryption based communication. Using Ethreal we can “follow the TCP Stream” by right click of any Telnet stream to find out all the communication including the credentials and the commands exicuted.īut for SSH we can see everything has been encrypted. # ethereal -gnome (Open the same file captured by tcpdump) We can use the ethreal tool to analys the same file captured by tcpdump. Now start analysing the data that has been sniffed. This will start capture all packets in eth0 coming having the destination port of 23 in promiscuos mode and will log to file tcpdump.log # /usr/sbin/tcpdump -i eth0 -w tcpdump.log dst port 23 (Ethereal is another tool to sniff the network) Now pretend to be a Man in Middle and start sniffing data. Sniffing Telnet session between 2 machines Here will show the sniffing of data send through TELNET the same method can be follow to sniff the communication between FTP. The data passes through the wire can be sniffed and can reveal almost all the information. SNIFFING the clear text based communication using TCPDUMP. So using this feature make very much sense. One more example is, if any malicious programs has been installed and changes the nf then they can redirect all the requests to any phishing websites. So this feature can be exploited by the cracker. There are some programs that will update some configuration files once if a new package installation happens. #chattr -i sshd_config to remove the attribute. Now check the file with lsattr can see that the “i” has been set to file.Thus this file became immutable(even as a root we will be unable to modify the file). This will show the attributes list for the file #/usr/bin/lsattr is used to reveal the extended attributes on files. To change the attributes, in case of normal users the user should need to have the owner ship. #/usr/bin/chattr is the path of the binary. This can be used to secure the key configuration files. The chattr command allows to set the files to unchangeable (immutable). Increase security with extended file attributes – CHATTR
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |