https://dailystuff.nlDailystuff on the Internet - Posted in 20112024-03-16T09:59:02.954249+00:00ABloghttps://dailystuff.nl/blog/2011/the-hunt-for-etc-pwd-lock.htmlThe hunt for /etc/.pwd.lock2011-08-09T00:00:00+00:00Hans Spaans<section id="the-hunt-for-etc-pwd-lock">
<p>After upgrade Debian to kernel 3.0.0, I saw a hidden file called <code class="docutils literal notranslate"><span class="pre">.pwd.lock</span></code> in <code class="docutils literal notranslate"><span class="pre">/etc</span></code> which I didn’t noticed before. Checking other machines gave the same result as shown below, but both without a matching Debian-package or manpage.</p>
<div class="highlight-console notranslate"><div class="highlight"><pre><span></span><span class="gp">$ </span>ls<span class="w"> </span>-l<span class="w"> </span>/etc/.pwd.lock
<span class="go">-rw-------. 1 root root 0 feb 27 2009 /etc/.pwd.lock</span>
<span class="gp">$ </span>ls<span class="w"> </span>-l<span class="w"> </span>--time<span class="o">=</span>atime<span class="w"> </span>/etc/.pwd.lock
<span class="go">-rw-------. 1 root root 0 apr 10 2010 /etc/.pwd.lock</span>
<span class="gp">$ </span>ls<span class="w"> </span>-l<span class="w"> </span>--time<span class="o">=</span>ctime<span class="w"> </span>/etc/.pwd.lock
<span class="go">-rw-------. 1 root root 0 aug 14 2010 /etc/.pwd.lock</span>
</pre></div>
</div>
<p>As time match at least the installation date of the machine and exists on other machines it appears to be a valid file, but with what purpose? After reading the Linux Programmer’s Manual two functions called <a class="reference external" href="https://manpages.debian.org/bullseye/manpages-dev/lckpwdf.3.en.html">lckpwdf</a> and ulckpwdf where candidates for using this file. Checking the <a class="reference external" href="http://sourceware.org/git/?p=glibc.git;a=blob;f=shadow/lckpwdf.c;hb=284128f68f27567f9cad0078c97d7d807475e0a7">source code</a> at Sourceware confirmed that both lckpwdf and ulckpwdf are using the file. And reading the manpage about these functions also confirms its purpose, a lock file the commands like <a class="reference external" href="https://manpages.debian.org/bullseye/passwd/passwd.1.en.html">passwd</a>.</p>
<blockquote>
<div><p>The lckpwdf() function is intended to protect against multiple simultaâ€neous accesses of the shadow password database. It tries to acquire a lock, and returns 0 on success, or -1 on failure (lock not obtained within 15 seconds). The ulckpwdf() function releases the lock again.
Note that there is no protection against direct access of the shadow password file. Only programs that use lckpwdf() will notice the lock.</p>
<p>These were the functions that formed the original shadow API. They are
widely available.</p>
</div></blockquote>
<p>This is another example of why open source matters. You can get the evidence when you want and/or need it instead of trusting some manual to explain things. Verification will become more important as systems get more complex. It was/is also a big advantage when OpenSolaris was created with its web-accessible source repository.</p>
</section>
After upgrade Debian to kernel 3.0.0, I saw a hidden file called .pwd.lock in /etc which I didn’t noticed before. Checking other machines gave the same result as shown below, but both without a matching Debian-package or manpage.As time match at least the installation date of the machine and exists on other machines it appears to be a valid file, but with what purpose? After reading the Linux Programmer’s Manual two functions called lckpwdf and ulckpwdf where candidates for using this file. Checking the source code at Sourceware confirmed that both lckpwdf and ulckpwdf are using the file. And reading the manpage about these functions also confirms its purpose, a lock file the commands like passwd.2011-08-09T00:00:00+00:00https://dailystuff.nl/blog/2011/book-review-building-internet-firewalls.htmlBuilding Internet Firewalls, 2nd Edition2011-05-31T00:00:00+00:00Hans Spaans<section id="building-internet-firewalls-2nd-edition">
<img alt="Building Internet Firewalls" class="align-right" src="https://learning.oreilly.com/library/cover/1565928717/250w/" style="width: 250px;" />
<aside class="system-message">
<p class="system-message-title">System Message: INFO/1 (<span class="docutils literal">/home/runner/work/sites/sites/docs/dailystuff/blog/2011/book-review-building-internet-firewalls.rst</span>, line 6); <em><a href="#id1">backlink</a></em></p>
<p>Duplicate implicit target name: “building internet firewalls, 2nd edition”.</p>
</aside>
<p><a class="reference external" href="https://www.oreilly.com/library/view/building-internet-firewalls/1565928717/">Building Internet Firewalls, 2nd Edition</a> is a comprehensive and well-written guide to designing, installing, and configuring firewalls. The book covers a wide range of topics, from the basics of network security to the latest firewall technologies. The book is written for system administrators who are responsible for securing their networks.</p>
<p>The book is divided into four parts. The first part, “Network Security,” provides an overview of network security concepts and terminology. It covers topics such as firewalls, intrusion detection systems, and security policies. The second part, “Firewalls,” provides detailed instructions on how to design, install, and configure firewalls. It covers a wide range of firewall technologies, including packet filtering, application proxying, and stateful inspection. The third part, “Internet Services” covers the basics of Internet services, including web servers, email servers, and DNS servers.</p>
<p>The fourth part and final part, “Keeping Your Site Secure” provides an overview of security strategies, including defense in depth, least privilege, and separation of duties. After the fourth part there are the appendices, which provide additional information on topics such as cryptography, tools, and resources to get going with the described topics.</p>
<p>The book is well-written and easy to understand. The authors do a good job of explaining complex concepts in a clear and concise way. The book is also very comprehensive, covering a wide range of topics.</p>
<p>One of the strengths of the book is its focus on real-world examples. The authors provide numerous examples of how firewalls can be used to protect different types of networks. This makes the book very practical and useful for system administrators who are responsible for securing their networks.</p>
<p>Another strength of the book is its coverage of the latest firewall technologies, but not the latest implementations. The authors discuss the latest firewall technologies, such as deep packet inspection and intrusion prevention systems. This makes the book a valuable resource for system administrators who need to understand the essentials of creating firewalls and keeping their network secure.</p>
<p>Here are some of the pros and cons of the book:</p>
<p>Pros:</p>
<ul class="simple">
<li><p>Comprehensive coverage of firewall technologies</p></li>
<li><p>Well-written and easy to understand</p></li>
<li><p>Focus on real-world examples</p></li>
</ul>
<p>Cons:</p>
<ul class="simple">
<li><p>Some of the information is outdated</p></li>
<li><p>The book is quite large (869 pages)</p></li>
</ul>
<p>Recommended for:</p>
<ul class="simple">
<li><p>System administrators</p></li>
<li><p>Security professionals</p></li>
<li><p>Anyone who wants to learn about firewalls</p></li>
</ul>
<p>Overall, Building Internet Firewalls, 2nd Edition is an excellent resource for system administrators who are responsible for securing their networks. The book is comprehensive, well-written, and easy to understand. It provides a wealth of information on how to design, install, and configure firewalls. I highly recommend this book to anyone who is responsible for securing their network. This book is highly recommend and is available on <a class="reference external" href="https://www.oreilly.com/library/view/building-internet-firewalls/1565928717/">O’Reilly Learning</a>.</p>
</section>
Duplicate implicit target name: “building internet firewalls, 2nd edition”.Building Internet Firewalls, 2nd Edition is a comprehensive and well-written guide to designing, installing, and configuring firewalls. The book covers a wide range of topics, from the basics of network security to the latest firewall technologies. The book is written for system administrators who are responsible for securing their networks.Building Internet Firewalls2011-05-31T00:00:00+00:00