Bảo vệ tốt nhất chống lại hack NFS phụ thuộc vào liệu bạn có thực sự cần các hoạt động dịch vụ. Nếu bạn không cần NFS, vô hiệu hóa nó hoàn toàn. Nếu bạn cần NFS, thực hiện cả hai biện pháp đối phó sau đây: • Bộ lọc NFS giao thông tại các bức tường lửa - thường, | Chapter 12 Linux 207 Countermeasures The best defense against NFS hacking depends on whether you actually need the service running. 1 If you don t need NFS disable it altogether. 1 If you need NFS implement both of the following countermeasures Filter NFS traffic at the firewall typically TCP port 111 if you want to filter all RPC traffic. Make sure that your etc exports and etc files are configured properly to keep the world outside your network. File Permission In Linux special file types allow programs to run with the file owner s rights SetUID for user IDs SetGID for group IDs SetUID and SetGIF are required when a user runs a program that needs full access to the system to perform its tasks. For example when a user invokes the passwd program to his or her password the program is actually loaded and run with root or any other user s privileges. This is done so that the user can run the program and the program can update the password database without root s having to get involved in the process manually. Hacks By default rogue programs that run with root privileges can be easily hidden. A hacker may do this to hide such hacking files as rootkits on the system. Countermeasures You can test for these rogue programs by using both manual and automated testing methods. 208 Part IV Operating System Hacking Manual testing The following commands can identify SetUID and SetGID programs 1 Programs that are configured for SetUID find -perm -4000 -print Programs that are configured for SetGID find -perm -2000 -print Files that are readable by anyone in the world find -perm -2 -type f -print Hidden files find -name . You probably have hundreds of files in each of these categories so don t be alarmed. When you discover files with these attributes set you ll need to make sure that they are actually supposed to have those attributes by researching in your documentation on the Internet or even by comparing them to a known secure system or data backup. Keep an eye on .