A Study on Impersonation Attack of Linux Sudoers Through Shadow File Manipulation (Shadow 파일 조작을 통한 리눅스 Sudoer의 위장공격에 대한 연구)

  • Kim, Sanghun;Cho, Taenam
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.9 no.7
    • /
    • pp.149-156
    • /
    • 2020
  • All operating systems have privileged administrator accounts for efficient management. Dangerous or sensitive tasks or resources should be banned from normal users and should only be accessible by administrators. One example of this privilege is to reset a user's password when the user loses his/her password. In this paper, the privileges of the sudoer group, the administrator group of Linux Ubuntu, and the management system of the sudoer group were analyzed. We show the danger that a sudoer can use the privilege to change the password of other users, including other sudoers, and modify the log, and suggest a countermeasure to prevent the manipulation of shadow files as a solution to this. In addition, the proposed method was implemented and the possibility of practical use was confirmed with excellent performance.

Realtime Monitoring System using AJAX + XML (AJAX+XML 기반의 모니터링 시스템)

  • Choi, Yun Jeong;Park, Seung Soo
    • Journal of the Korea Society of Digital Industry and Information Management
    • /
    • v.5 no.4
    • /
    • pp.39-49
    • /
    • 2009
  • Nowadays, according to rapid development of computing environments, information processing and analysis system are very interesting research area. As a viewpoint of data preparation-processing-analysis in knowledge technology, the goal of automated information system is to satisfy high reliability and confidence and to minimize of human-administrator intervention. In addition, we expect the system which can deal with problem and abnormal error effectively as a fault detection and fault tolerance. In this paper, we design a monitoring system as follows. A productive monitoring information from various systems has unstructured forms and characteristics and crawls informative data by conditions and gathering rules. For representing of monitering information which requested by administrator, running-status can be able to check dynamically and systematic like connection/closed status in real-time. Our proposed system can easily correct and processing for monitoring information from various type of server and support to make objective judgement and analysis of administrator under operative target of information system. We implement semi-realtime monitering system using AJAX technology for dynamic browsing of web information and information processing using XML and XPATH. We apply our system to SMS server for checking running status and the system shows that has high utility and reliability.

The Role Behaviors of Oncology Nurse Specialist (종양전문간호사의 역할규명을 위한 연구)

  • Kim, Min-Young;Park, Sung-Ae
    • Asian Oncology Nursing
    • /
    • v.3 no.1
    • /
    • pp.24-44
    • /
    • 2003
  • The purposes of this study was to identify and propose the expected role of the oncology nurse specialist by embodying role theory to oncology nurse specialist. The subjects of this study were 149 persons in 14 hospitals, who were classified to 4 groups, oncology nurse specialists(ONS) group, head nurses and charge nurses(HN & CN) group in hemato-oncology ward, registered nurses(RN) group in hemato-oncology ward, and hematologists & oncologists(H&O) group. The questionnaire which was consisted of 89 items for role of oncology nurse specialist, was made by researcher with a field study and literature review about role of oncology nurse specialist and verified by matrix delphi technique about content validity and construct validity. The data were collected from October 22, 2002 to November 5, 2002. All 4 groups proposed that ONS should perform an expert practitioner role first of all. But ONS group, RN group and H&O group proposed orderly expert practitioner, educator, researcher, consultant, and administrator & change agent, but HN & CN group did expert practitioner, educator, consultant, researcher, administrator & change agent. Expert practitioner had the most highest necessary degree in all groups and most highest performance degree in ONS group. That was consistent with results that all groups proposed role of expert practitioner at first. 4 items out of 20 items showed the meaningful differences between groups. For role of educator, oncology nurse specialist group proposed necessary degrees over 4.0 point out of 5.0 in all items. 4 items out of 18 items showed the meaningful differences between groups. For role of researcher, 3 nurses groups proposed a high necessary degree, but performance of ONS group was most lowest among 5 roles. 6 items out of 14 items showed the meaningful differences between groups. The role of consultant had high necessary degree in some items related to hematopoietic stem cell transplantation. 2 items out of 17 items showed the meaningful differences between groups. In nursing behaviors of administrator & change agent, those items about enacting principle, cost development and participation of professional academy had a high necessary degree. 4 items out of 18 items showed the meaningful differences between groups. Oncology nurse specialists group performed 5 roles orderly, expert practitioner, consultant, educator, administrator & change agent, researcher. This result was different from expected role of themselves as well as the other groups. There was a different necessary degree between role and embodied nursing behaviors of role. ONS group and RN group proposed orderly educator, researcher, administrator & change agent, expert practitioner, consultant, but the other groups did educator, expert practitioner, researcher, consultant, administrator & change agent. The expected standards of oncology nurse specialist in this study were usually master's degree, total career of 5-7 years, oncology career of 3-5 years and certification. But for the post, qualification and qualification institution, various opinions were suggested. In the conclusion, there was a different necessary degree between role and embodied nursing behaviors of role. All groups proposed expert practitioner at first in abstract role, but educator at first in embodied nursing behaviors of role. So we have to consider this difference carefully in the future research. ONS acted the role of expert practitioner first of all, but we should develope and expand the roles of researcher, and administrator & change agent. We should enact roles by role behaviors induced from mutual agreements in necessary degree and performance degree, and bargain the role behaviors that showed the meaningful differences between groups But, we should consider carefully which group's opinion we have to select. I suggested 36 items out of 89 items, in which ONS proposed necessary degree over 4.0 out of 5.0 and half of them performed as the nursing behaviors of oncology nurse specialist that did not induce role stress. For the future, We should role bargain the role with other groups based on these items.

