Securing database with command line linux

From ICO wiki
Jump to navigationJump to search

Aim of this page

  • know information about Linux Operation System.
  • What is Sudo (superuser) ?
  • What is the Root user ?
  • Control the Command Line environment.
  • Threats
  • Securing Database using the command line method.
  • Access the information in Database by easy way.

Information about Linux operation system and Database

What is Linux?

Linux is, in simplest terms, an operating system. It is the software on a computer that enables applications and the computer operator to access the devices on the computer to perform desired functions. The operating system (OS) relays instructions from an application to, for instance, the computer's processor. The processor performs the instructed task, then sends the results back to the application via the operating system. Explained in these terms, Linux is very similar to other operating systems, such as Windows and OS X. But something sets Linux apart from these operating systems. The Linux operating system represented a $25 billion ecosystem in 2008. Since its inception in 1991, Linux has grown to become a force in computing, powering everything from the New York Stock Exchange to mobile phones to supercomputers to consumer devices.

As an open operating system, Linux is developed collaboratively, meaning no one company is solely responsible for its development or ongoing support. Companies participating in the Linux economy share research and development costs with their partners and competitors. This spreading of development

Linux operation system

burden amongst individuals and companies has resulted in a large and efficient ecosystem and unheralded software innovation. Over 1,000 developers, from at least 100 different companies, contribute to every kernel release. In the past two years alone, over 3,200 developers from 200 companies have contributed to the kernel--which is just one small piece of a Linux distribution.

  • Components of Linux System

Linux Operating System has primarily three components

1) Kernel - Kernel is the core part of Linux. It is responsible for all major activities of this operating system. It is consists of various modules and it interacts directly with the underlying hardware. Kernel provides the required abstraction to hide low level hardware details to system or application programs.

2) System Library - System libraries are special functions or programs using which application programs or system utilities accesses Kernel's features. These libraries implements most of the functionalities of the operating system and do not requires kernel module's code access rights.

3) System Utility - System Utility programs are responsible to do specialized, individual level tasks.

  • Kernel Mode VS User Mode

Kernel component code executes in a special privileged mode called kernel mode with full access to all resources of the computer. This code represents a single process, executes in single address space and do not require any context switch and hence is very efficient and fast. Kernel runs each processes and provides system services to processes, provides protected access to hardwares to processes.

Support code which is not required to run in kernel mode is in System Library. User programs and other system programs works in User Mode which has no access to system hardwares and kernel code. User programs/ utilities use System libraries to access Kernel functions to get system's low level tasks.

  • Basic Features
Explanation Linux architecture

Following are some of the important features of Linux Operating System.

  • Portable - Portability means softwares can works on different types of hardwares in same way.Linux kernel and application programs supports their installation on any kind of hardware platform.
  • Open Source - Linux source code is freely available and it is community based development project. Multiple teams works in collaboration to enhance the capability of Linux operating system and it is continuously evolving.
  • Multi-User - Linux is a multiuser system means multiple users can access system resources like memory/ ram/ application programs at same time.
  • Multiprogramming - Linux is a multiprogramming system means multiple applications can run at same time.
  • Hierarchical File System - Linux provides a standard file structure in which system files/ user files are arranged.
  • Shell - Linux provides a special interpreter program which can be used to execute commands of the operating system. It can be used to do various types of operations, call application programs etc.
  • Security - Linux provides user security using authentication features like password protection/ controlled access to specific files/ encryption of data.

Linux System Architecture is consists of following layers

  • Hardware layer - Hardware consists of all peripheral devices (RAM/ HDD/ CPU etc).
  • Kernel - Core component of Operating System, interacts directly with hardware, provides low level services to upper layer components.
  • Shell - An interface to kernel, hiding complexity of kernel's functions from users. Takes commands from user and executes kernel's functions.
  • Utilities - Utility programs giving user most of the functionalities of an operating systems.

What database mean ?

A database is an organized collection of data. It is the collection of schemas, tables, queries, reports, views and other objects. The data are typically organized to model aspects of reality in a way that supports processes requiring information, such as modelling the availability of rooms in hotels in a way that supports finding a hotel with vacancies.

What sudo mean in Linux ?

Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict what commands a user may run on aper-host basis, copious logging of each command (providing a clear audit trail of who did what), a configurable timeout of the sudo command, and the ability to use the same configuration file (sudoers) on many different machines.

What root mean ?

Explanation root user
  • root is the user name or account that by default has access to all commands and files on a Linux or other Unix-like operating system. It is also referred to as the root account, root user and the superuser.
  • The word root also has several additional, related meanings when used as part of other terms, and thus it can be a source of confusion to people new to Unix-like systems.
  • One of these is the root directory, which is the top level directory on a system. That is, it is the directory in which all other directories, including their subdirectories, and files reside. The root directory is designated by a forward slash ( / ).
Example about the command line
  • Another is /root (pronounced slash root), which is the root user's home directory. A home directory is the primary repository of a user's files, including that user's configuration files, and it is usually the directory in which a user finds itself when it logs into a system. /root is a subdirectory of the root directory, as indicated by the forward slash that begins its name, and should not to be confused with that directory. Home directories for users other than root are by default created in the /home directory, which is another standard subdirectory of the root directory.
  • Root privileges are the powers that the root account has on the system. The root account is the most privileged on the system and has absolute power over it (i.e., complete access to all files and commands). Among root's powers are the ability to modify the system in any way desired and to grant and revoke access permissions (i.e., the ability to read, modify and execute specific files and directories) for other users, including any of those that are by default reserved for root.

General Information about command line

Examples of the basic commands
  • Before starting you need to take a short course of command line in code academy Code Academy
  • After you finish the command line exercises, you need to know a few commands that you have to remember always.
  • First cd the command that will make you navigate everywhere in the command line environment.
  • second pwd command that always make you know your location in the system.
  • Don't forget also whoami to know you are the root user or not.
  • sudo -s switch you to root user that control everything in the system.
  • ls which you already know from the code academy to list all the files and folder in the directory.

Threats

An attacker can target and compromise a database server in a number of ways by exploiting a variety of configuration and application level vulnerabilities.

Major threats and vulnerabilities that can result in a compromised database server and the potential destruction or theft of sensitive data.

The main threats to a database server are:

  • SQL injection
  • Network eavesdropping
  • Unauthorized server access
  • Password cracking

SQL Injection

  • With a SQL injection attack, the attacker exploits vulnerabilities in your application's input validation and data access code to run arbitrary commands in the database using the security context of the Web application.

Vulnerabilities

  • Vulnerabilities exploited by SQL injection include:
  • Poor input validation in your Web applications
  • Unsafe, dynamically constructed SQL commands
  • Over-privileged application logins to the database
  • Weak permissions that fail to restrict the application's login to the database

Countermeasures

  • To counter SQL injection attacks:
  • Your application should constrain and sanitize input data before using it in SQL queries.
  • Use type safe SQL parameters for data access. These can be used with stored procedures or dynamically constructed SQL command strings. *Using SQL parameters ensures that input data is subject to type and length checks and also that injected code is treated as literal *data, not as executable statements in the database.
  • Use a SQL Server login that has restricted permissions in the database. Ideally, you should grant execute permissions only to selected *stored procedures in the database and provide no direct table access.

Network Eavesdropping

  • The deployment architecture of most applications includes a physical separation of the data access code from the database server. As a result, sensitive data, such as application-specific data or database login credentials, must be protected from network eavesdroppers.

Vulnerabilities Vulnerabilities that increase the likelihood of network eavesdropping include:

  • Insecure communication channels

Passing credentials in clear text to the database for example

  • Using SQL authentication instead of Windows authentication
  • Using SQL authentication without a server certificate

Countermeasures To counter network eavesdropping:

  • Use Windows authentication to connect to the database server to avoid sending credentials over the network.
  • Install a server certificate on the database server. This results in the automatic encryption of SQL credentials over the network.
  • Use an SSL connection between the Web server and database server to protect sensitive application data. This requires a database server certificate.
  • Use an IPSec encrypted channel between Web and database server.

Unauthorized Server Access

Direct access to your database server should be restricted to specific client computers to prevent unauthorized server access.

Vulnerabilities Vulnerabilities that make your database server susceptible to unauthorized server access include:

  • Failure to block the SQL Server port at the perimeter firewall
  • Lack of IPSec or TCP/IP filtering policies

Attacks Direct connection attacks exist for both authenticated users and those without a user name and password; for example

  • Tools such as Query Analyzer (Isqlw.exe) or the command line equivalent (Osql.exe) are used to establish a direct connection to SQL Server and issue commands.
  • Server information, such as software version, is revealed to an attacker who sends carefully constructed packets to listening ports.

Countermeasures To counter these attacks:

  • Make sure that SQL Server ports are not visible from outside of the perimeter network.
  • Within the perimeter, restrict direct access by unauthorized hosts, for example, by using IPSec or TCP/IP filters.

Password Cracking

  • A common first line of attack is to try to crack the passwords of well known account names, such as sa (the SQL Server administrator account).

Vulnerabilities Common vulnerabilities that lead to password cracking are:

  • Weak or blank passwords
  • Passwords that contain everyday words

Attacks Common password cracking attacks include:

  • Dictionary attacks
  • Manual password guessing

Countermeasures To counter these attacks:

  • Create passwords for SQL Server login accounts that meet complexity requirements.
  • Avoid passwords that contain common words found in the dictionary.

Starting to install MySQL database

  • There are many implementations of the SQL database language available on Linux and Unix-like systems. MySQL and MariaDB are two popular options for deploying relational databases in server environments.
  • However, like most software, these tools can be security liabilities if they are configured incorrectly. This tutorial will guide you through some basic steps you can take to secure your MariaDB or MySQL databases, and ensure that they are not an open door into your VPS.
  • For the sake of simplicity and illustration, we will use the MySQL server on an Ubuntu 12.04 VPS instance. However, these techniques can be applied to other Linux distributions and can be used with MariaDB as well.

Initial Setup

  • MySQL gives you an opportunity to take the first step towards security during installation. It will request that you set a root password.
Configuring mysql-server
  • sudo apt-get install mysql-server

You can always set the root password at a later time, but there is no reason to skip this step, so you should secure your administrator account from the very beginning.

Once the installation is complete, we should run a few included scripts. First, we will use the "mysql_install_db" script to create a directory layout for our databases.

  • sudo mysql_install_db


Next, run the script called "mysql_secure_installation". This will guide us through some procedures that will remove some defaults that are dangerous to use in a production environment.

  • sudo mysql_secure_installation

it will first prompt you for the root password you set up during installation. Immediately following, you will be asked a series of questions, beginning with if you'd like to change the root password.

This is another opportunity to change your password to something secure if you have not done so already.

You should answer "Y" (for yes) to all of the remaining questions.

This will remove the ability for anyone to log into MySQL by default, disable logging in remotely with the administrator account, remove some test databases that are insecure, and update the running MySQL instance to reflect these changes.


Security Considerations

The overarching theme of securing MySQL (and almost any other system) is that access should be granted only when absolutely necessary. Your data safety sometimes comes down to a balance between convenience and security.

In this guide, we will learn on the side of security, although your specific usage of the database software may lead you to pick and choose from these options.

Security Through the My.cnf File

The main configuration file for MySQL is a file called "my.cnf" that is located in the "/etc/mysql/" directory on Ubuntu and the "/etc/" directory on some other VPS.

We will change some settings in this file to lock down our MySQL instance.

Open the file with root privileges. Change the directory path as needed if you are following this tutorial on a different system

sudo nano /etc/mysql/my.cnf

The first setting that we should check is the "bind-address" setting within the "[mysqld]" section. This setting should be set to your local loopback network device, which is "127.0.0.1". bind-address = 127.0.0.1

  • This makes sure that MySQL is not accepting connections from anywhere except for the local machine.
  • If you need to access this database from another machine, consider connecting through SSH to do your database querying and administration locally and sending the results through the ssh tunnel.
  • The next hole we will patch is a function that allows access to the underlying filesystem from within MySQL. This can have severe security implications and should be shut off unless you absolutely need it.

In the same section of the file, we will add a directive to disable this ability to load local files: local-infile=0 This will disable loading files from the filesystem for users without file level privileges to the database.

MySQL log, error log

If we have enough space and are not operating a huge database, it can be helpful to log additional information to keep an eye on suspicious activity.

Logging too much can create a performance hit, so this is something you need to weigh carefully.

You can set the log variable within the same "[mysqld]" section that we've been adding to.

log=/var/log/mysql-logfile

Make sure that the MySQL log, error log, and mysql log directory are not world readable sudo ls -l /var/log/mysql*

Securing MySQL From Within

  • There are a number of steps you can take while using MySQL to improve security.
  • We will be inputting the commands in this section into the MySQL prompt interface, so we need to log in.

mysql -u root -p

You will be asked for the root password that you set up earlier.

Securing Passwords and Host Associations

SELECT User,Host,Password FROM mysql.user;

Securing Passwords and Host Associations example

As you can see, in our example set up, the user "demo-user" has no password and is valid regardless of what host he is on. This is very insecure.

We can set a password for the user with this command. Change "newPassWord" to reflect the password you wish to assign.

UPDATE mysql.user SET Password=PASSWORD('newPassWord') WHERE User="demo-user";

If we check the User table again, we will see that the demo user now has a password.

SELECT User,Host,Password FROM mysql.user;

Securing Passwords and Host Associations example


If you look in the "Host" field, you will see that we still have a "%", which is a wildcard that means any host. This is not what we want. Let's change that to be "local-host".

UPDATE mysql.user SET Host='localhost' WHERE User="demo-user";

If we check again, we can see that the User table now has the appropriate fields set.

SELECT User,Host,Password FROM mysql.user;

If our table contains any blank users (it should not at this point since we ran "mysql_secure_installation", but we will cover this anyways), we should remove them.

To do this, we can use the following call to delete blank users from the access table.

DELETE FROM mysql.user WHERE User="";

After we are done modifying the User table, we need to input the following command to implement the new permissions.

FLUSH PRIVILEGES;

Implementing Application-Specific Users

Similar to the practice of running processes within Linux as an isolated user, MySQL benefits from the same kind of isolation.

Each application that uses MySQL should have its own user that only has limited privileges and only has access to the databases it needs to run.

When we configure a new application to use MySQL, we should create the databases needed by that application.

create database testDB;

Query OK, 1 row affected (0.00 sec)

Next, we should create a user to manage that database, and assign it only the privileges it needs. This will vary by application, and some uses need more open privileges than others.

To create a new user, use the following command.

CREATE USER 'demo-user'@'localhost' IDENTIFIED BY 'password';

We can grant the new user privileges on the new table with the following command. See the tutorial on how to create a new user and grant permissions in MySQL to learn more about specific privileges.

GRANT SELECT,UPDATE,DELETE ON testDB.* TO 'demo-user'@'localhost';


As an example, if we later need to revoke update privileges from the account, we could use the following command.

REVOKE UPDATE ON testDB.* FROM 'demo-user'@'localhost';

If we need all privileges on a certain database, we can specify that with the following.

GRANT ALL ON testDB.* TO 'demo-user'@'localhost';

Securing Passwords and Host Associations example

To show the current privileges of a user, we first must implement the privileges we specified using the "flush privileges" command. Then, we can query what grants a user has:

FLUSH PRIVILEGES; show grants for 'demo-user'@'localhost';

Always flush privileges when you are finished making changes.



Changing the Root User

One additional step that you may want to take is to change the root login name. If an attacker is trying to access the root MySQL login, they will need to perform the additional step of finding the user-name.

The root login can be changed with the following command. rename user 'root'@'localhost' to 'newAdminUser'@'localhost';

We can see the change by using the same query we've been using for the User database.

select user,host,password from mysql.user;

Again, we must flush privileges for these changes to happen.

FLUSH PRIVILEGES;

Remember that you will have to log into MySQL as the newly created username from now on when you wish to perform administrative tasks.

mysql -u newAdminUser -p

See also

Securing database

Database security

Building Secure Data Access

References

[1] Linux information

[2]Operating System - Linux

[3] Sudo definition

[4] Root meaning in Linux operation system

[5] Securing the database

[6] Threats and Countermeasures