an Exploit Explained, continued...
HOW TO MAKE YOUR SHELL MORE SECURE
If you really consider yourself a hacker, you may choose to change your
.cshrc to make it more secure. Here's how to rewrite your .cshrc:
1) Just in case you mess up and don't care to admit to tech support at your
ISP that you have been messing with .cshrc, the first thing you should do is
save it with a new name. One way to do this is to give the command:
cp .cshrc .cshrc.old
Then if you don't like the results of this exercise, you can fix it by just
giving the command:
cp .cshrc.old .cshrc
2) Now you are ready to change .cshrc. Give the command "pico .cshrc"
(substitute "vi" or "emacs" if you prefer those editors). This opens the
program that runs every time you start up your C shell.
3) Here's something good to change. See all those commands above that begin
with "alias"? Those are commands that allow you to run complicated commands
by only typing in one letter or word. Enter those aliases in you login
script and see how you like them. In the case of the alias "check,"
substitute the domain name of the computer you are using for "fubar.com".
4) Do you wish to be able to easily access lots of good commands? That is
what the "set path" command is for. Good paths depend on the flavor of Unix
you're running. Good generic paths could be:
set path=( ~/bin /usr/local/bin /bin /usr/bin /usr/local/sbin )
set path=( $path /usr/openwin/bin /usr/X11/bin /usr/local/X11/bin )
set path=( $path /usr/ucb /usr/libexec /usr/etc /etc /usr/games )
set path=( $path /usr/sbin )
This will have some erroneous directories but it's generic and something
you could use on Linux, FreeBSD, OpenBSD, Sun OS and Solaris. With other
flavors, your mileage may vary.
5) When you are done editing, here's how pico saves it:
* hold down the control key and hit the letter "x"
* pico asks, "Save modified buffer (ANSWERING "No" WILL DESTROY CHANGES) ?"
Hit the "y" key to save it.
* pico asks "File Name to write : .cshrc" Just hit enter. Your login file
must be named ".cshrc" for it to run whenever you log in.
Evil genius tip: Want to be a hacker? Take a serious look at learning
"vi". It is a quick and powerful Unix editor that can do tedious tasks in a
short amount of time. Head down to your local book store (or
http://www.amazon.com) and pick up a good vi book. Two to look for are:
"Unix in a Nutshell" by O'Reilly (ISBN: 1-56592-001-5), and "Vi" by O'Reilly
Evil genius tip: Are you a serious programmer? Do you plan to become a
serious programmer? If your .cshrc is missing anything in the example script
above, try adding those commands.
Now, by setting aliases for your shell, you have made it easier to use, and
also more secure. Try out the aliased commands "w", "who", and "check". The
first two tell you who is currently logged into shell accounts on the same
computer you are on. "Check" shows you the log of whoever has logged into
the computer you use from telnet or ssh from outside that computer system.
If you see an unusual pattern of logins, you may suspect there is a problem.
shell programming --->>
in 4th edition now!