Linux System Admin II

1
Linux System Admin II

• Chih-Hsien Yang

2
Outlines

• Review of basic commands and concepts
• Text user interface
• Logging In and Out
• Managing user accounts
• System Security

3
Basic Unix Commands

• Commands communicate with kernel
• How to use them?
• the man commandman ltcommandgt
• keyword search for commands
• apropos topic
• whatis topic
• man k topic
• directory list ls how many things in your
  current directory
• change to dir cd jump to another place
• print dir pwd if you are lost, it tells you
  where you are now

4
Directory and File Commands

• the copy command cp -r A B
• to copy entire directory and contents, use r
• recursive copy (-r) copy dir contents to
  destination
• rename or move files mv
• create dir mkdir Adir
• remove file rm -r...or dir rmdir Adir, must
  be empty
• caution ! recursive delete of sub-directories no
  undo!!

5
Organising and Managing Your Files

• View the file content
• use more (or less!)
• head or tail
• the cat command print file or catenates files
• cat file
• cat file1 file2 gt file3

• cat also could be a simple editor
• cat gt file (press RETURN)
• enter data (press RETURN)
• D (exit)

• file archiving (tar)
• tar cvf archive.tar f1 .. fN (or a directory)
  Create an tar archive
• tar xvf archive.tar eXtract an tar archive
• tar tvf archive.tar lisT the content of tar
  archive without extracting it
• if wanna compress it with gZip simultaneously,
  add z (zcvf or zxvf)
• compress files gzip/gunzip (GNU) or
  compress/uncompress

6
File permissionProtecting Your Files

• Change file permission
• chmod chmod -R newperm file
• symbolic form and (absolute) octal form
• chmod ogw myfile or
• chmod 777 myfile
• Change file owner
• chown
• Change file group access
• chgrp (usually done by root)

user
group
others
- for file d for directory l for link b
for storage device c for mouse/keyboard
read(4) write(2) execute(1)
user group other all
(set) (add) (remove)
7
Hard link, Soft link, inodes
Compare item hard link symbolic (soft) link
pointer to program, file program, file, directory
If pointed program, file or directory is renamed, moved or deleted Not broken Broken (like MS-windows short-cut)
Does it span disk drives? (cross disk?) NO (within one partition) YES
How to create? ln urfile linkname ln s urfile linkname
size same as targeted file smaller than targeted file
inodes (file series number) same as targeted file different from target
8
Example build links
view the information about target file
create soft and hard links
check size of links
check series number of links
9
Some Other useful Utilities

• most write to stdout read from stdin
• sort lines in file lexically
• sort myfile gt my-sorted-file
• removes adjacent duplicates in input
• uniq myfile outfile
• TIPS sort before uniq
• search pattern in files
• grep "foobar" f1 f2 ... fN
• count lines, words, and bytes in file
• wc -clmw myfile

character (m)
content of file
line (l)
word (w)
byte (c)
10
Review Linux command (I)
Purpose Syntax
See date date
See whos using system who
Print current work directory pwd
List name of file in current directory ls or dirs (like dos)
Create text file cat gt filename
Move or rename file/directory mv file1 file2
Create multiple file copies via links ln source link
Remove file rm filename
Remove all files in given directory rm rf directory
11
Review Linux command (II)
Purpose Syntax
Change file access permission chmod ugoa - rwx filename
Read mail, send mail mail / mail username
See more about yourself who am I
Log out logout, exit, ctrl D
Count file contents wc filename
Search pattern in file grep pattern filename
Sort file sort -rnnr filename, reverse, numerical
Compare file cmp/diff file1 file2
12
Finding Out Who's About

• list of users logged onto host
• who
• list users on local machines
• users
• list of processes
• ps al (aall users, llong listing)

• get info on user with login X
• finger X
• start a line-based chat with X
• talk X

13
Redirection

• Mostly all command gives output on your screen
  (we call the standard output, stdout for short)
  or take input from your keyboard (standard input,
  stdin for short)
• Instead for efficiency, it is possible to send
  output to file or read input from file ?
• There are 3 main redirection symbols (operators)
• gt, gtgt and lt

14
(1) Output result to file

• syntax command gt filename
• note
• if the file you specify already exists, doing
  this will overwritten it, else a new file is
  created
• Check whether you can do
• ls gt r1.txt
• cat r1.txt or use vi to check the content

15
(2) Output result appended to file

• syntax command gtgt filename
• note
• if the file you specify already exists, doing
  this will append the result to file without
  overwrite it, else a new file is created
• Check whether you can do
• ls gtgt r1.txt
• cat r1.txt or use vi to check the content

16
(3) Input data from file

• syntax command lt filename
• Check whether you can do
• edit a file r3.txt
• cat lt r3.txt
• check what shows in your screen

17
Pipe

• Sometime we need to build a pipeline composite
  from many different programs for our tasks, but
  temporary files are always verbose gtlt
• There is a smart way to connect these programs
  without temporary files

Output of 1st command
take input from 1st command for next command
18
Pipe (contd)

• pipe is a temporary storage where the output of
  one command can be stored and passed as the input
  for next command
• One can use pipe to run more than 2 commands at
  once
• Syntax command 1 command 2

19
Example of using Pipe
command using pipe meaning
who sort sort the list of current users
who grep userA check whether userA has logged in
ls -l grep fileA check whether fileA in current directory
more example? Try to think one example of yours!
20
Processes

• It is any kind of program or task carried out by
  your machine, a program in execution
• When task is running, O.S. will give it a number
  (PID, process-id, 32bits)

Purpose Syntax
See currently running process ps
Get information about all running process ps ag
Stop process kill
Stop all process except your shell kill 0
Background processing command
21
Working on remote machines

• Telnet/SSH logon to a remote machine
• Starts a session on specified host machine
• Can run in terminal window over slow connection
• FTP File Transfer Protocol
• Move files between machines
• ftp host
• Use ls, pwd, cd to navigate directories
• Use put file/get file to upload/download file
• bin to switch to binary transfer mode (safest)
• Type close or exit to close connection
• anonymous login (public archive - e-mail as
  password)

22
Help on Getting Started

• Read the manual pages!
• man command
• Web pages by google
• http//www.linux.org/ (English site)
• http//linux.vbird.org/ (Chinese site)

23
Text editors on Linux system

• PICO
• JOE
• Nano
• Vi or Vim

Vim is one of most convenient text editor in
Linux system (most systems carry it)
24
Text Editors, Vim
25
Vim - Old Faithful

• has a command mode and edit mode
• available everywhere
• loads very quickly

i, o, a, R

• Common mode
• cursor moving
• search, replace
• delete char or line
• copy and paste line

Edit mode you can enter any char
ESC
Command mode you can enter any char
, /, ?
26
New and Open a file
3. press i into edit mode Insert 4. press R
into edit mode Replace 5. press o into edit
mode Insert in new line 6. press a into edit
mode Insert (same as i)
1. enter vi command ? 2. new file (common mode) ?
27
Common mode (I)
type command function
cursor moving ?/k/shift ?/j/shift up and down one line
cursor moving ctrl d, ctrl u up and down half page
cursor moving ctrl b, ctrl f up and down one page
cursor moving n space/enter (n is an integer) down n lines
cursor moving 0, move to begin/end of line
cursor moving H, M, L move in current screen
cursor moving G (end of file) nG (n-th line of file) move in entire file
28
Common mode (II)
type command function
search and replace /pattern, ?pattern search pattern after/before cursor
search and replace n1,n2s/word1/word2/g replace word1 as word2 between line n1 and n2 1 stands for the 1st line, s stands for the last line add c, it replaces with user confirmation
delete x, X delete a char at current cursor/before cursor
delete nx delete n chars begin with current cursor
delete dd delete current line
delete ndd, ncj delete n lines begin with current line
delete d1G delete all lines between the 1st line and current line
delete dG delete all lines between current line and the last line
29
Common mode (III)
type command function
copy yy copy current line
copy nyy copy n lines begin with current line
copy y1G copy lines between the 1st line and current line
copy yG copy lines between current line and the last line
paste P, p paste at last line/next line w.r.t the current line
paste J join the content of current line and next line shown in current line
undo u back to last action
30
Command mode
command function
w save current edited file
w filename save file as filename
n1, n2 w filename save n1n2 lines as filename
w! forcedly save if file is read only
wq save and quit
q quit vi
q! forcedly quit if you have modified the file but not wanna save it
e! restore file before modification
ZZ save file if modified and quit (fast quit)
r filename add content of filename to current cursor
set nu/set nonu enable/disable line number display
! command execute command line commands without leaving vi
31
Edit mode
line number
your cursor
your current cursor position
percentage
(line, position in line)
32
Take a break

• and review what you have learned

33
Logging In Out

• Logins via terminals
• Logins via network
• What login does
• X and xdm
• Access control
• Shell startup

34
Logins via terminal
START
do username and password match?
NO
login exit
init fork exec(/sbin/getty)
YES
getty wait for user
login exec (/bin/sh)
getty read username, exec(/bin/login)
sh read and execute commands
login read password
sh exit
35
Programs used in logging

• init (initialization)
• PID 1 program to spawns all other processes
• getty (get teletypewriter)
• it manages the terminals (physical or virtual).
  When it detect connections, it prompts for a
  username and runs the login program
• login
• read password and check whether it matches the
  username or not

36
System calls used in logging

• system calls
• It is the mechanism used by application program
  to request service from the OS
• fork
• it can duplicate the process itself.
• the new one is child process and old one is
  parent process
• there are 2 process existed
• exec
• it loads and executes a new child process by
  replacing the memory occupied by the parent
  process (old process)
• only one process lives

37
Logins via the network

• That is the most common way for us to use the
  remote machine (most of the time, the machine is
  not on your desktop)
• To handle the mulit-user logins, it is not
  feasible to create a init process for each logins
  via network
• Linux system applies inetd (InterNET Daemon )
  process to manage all network logins

38
inetd and xinted

• inted is a super server
• inetd can listen to the request from network,
  e.g. login or other communication protocols
  (telnet23, HTTP80, FTP21, etc.)
• after receiving the request
• inetd starts a new process to handle that single
  login
• the original process remains
• xinted (eXtended InterNET Daemon)
• because of the security limitation, xinted adds
  access control mechanisms to limit the use of
  something by someone

39
What login does?

• make sure whether the username and password are
  matched or not
• set up the initial environment and shell
• if you are not root and /etc/nologin exists, the
  logins are disabled
• login logs logins
• all failed login attempts in a system log file
  (syslog)
• currently logged in users are listed in
  /var/run/utmp
• all successful logins are recorded in
  /var/log/wtmp
• one can use who and last to check the current and
  successful logins because the original files are
  binary (cannot be read directly)

40
X and xdm

• X (or X11) stands for X window system which is a
  networking and display protocols for windowing on
  bitmap displays
• xdm (X display manager) controls the display of X
  server
• xdm controls local
• xdm controls remote via XDMCP (X display manager
  control protocol)

xdm controls remote
41
Access Control

• user information registry and shadow passwords
• /etc/passwd and /etc/shadow
• group information registry
• /etc/group and /etc/shadow.group
• root can not login via network
• only via terminals listed in the /etc/securetty
  file
• or use command su to become root after logging

42
/etc/securetty

• only tty1 is allowed for root to login

tty1 tty2 tty3 tty4 tty5 tty6 tty7
tty8
disabled devices
43
Shell Startup

• different interactive shells execute different
  pre-defined files
• most shell first run some global files
• bourne shell (/bin/sh)
• /etc/profile (setup common user environment)
• /.profile at home directory (user specific)

44
/etc/profile
export VARIABLEvalue for Bourne, bash, and
related shells setenv VARIABLE value for csh
and related shells
45
Take a break

• and review what you have learned

46
Manage Accounts

• What is an account?
• creating a user
• /etc/passwd and other informative files
• picking numeric user and group IDs
• initial environment /etc/skel
• changing user properties
• removing a user
• disabling a user temporarily

47
What is an account?

• The desire to differentiate between users, i.e.
  their private files can be kept private, thus
  each user is given a unique username, and the
  name is used when logging in
• There is more to a user than just a name
• A account is (concept originated from bank
  system)
• all the files
• all the resources (e.g. disk space, computation
  time)
• all information belonging to one user

48
Creating a user

• Linux kernel gives each user a unique integer
  (User ID, UID), because numbers are faster and
  easier for a computer to process than textual
  names
• Outside the system, user information are kept
  according to the username in file registry
• To create a user, system admin should
• add information about the new user to file
  registry
• create a home for the user (home directory)
• setup a suitable environment for the user
• educate the user
• Commands adduser or useradd

49
/etc/passwd
rootx00root/root/bin/bash
binx11bin/bin/sbin/nologin
daemonx22daemon/sbin/sbin/nologin
admx34adm/var/adm/sbin/nologin

• 1234567
• username
• password
• UID
• GID
• full_description
• home_directory
• shell

50
/etc/shadow
rootK.K2.hqu.QfV.dkjjteojiasdlkjeo11661099999
7 bin116610999997
daemon116610999997 adm11661099999
7

• 123456789
• username
• real and encrypted password
• in password means this account can not used for
  login
• The number of days (since January 1, 1970) since
  the password was last changed
• The number of days before password may be changed
• 0 indicates it may be changed at any time
• The number of days after which password must be
  changed
• 99999 indicates user can keep his or her password
  unchanged for many, many years
• The number of days to warn user of an expiring
  password
• The number of days after password expires that
  account is disabled
• The number of days (since January 1, 1970) that
  an account has been disabled
• A reserved field for possible future use

http//db.ilug-bom.org.in/Documentation/linux-admi
n-made-easy/shadow-file-formats.html
51
Picking a numeric user and group id

• UID
• 0 for root 1-500 for system 500-223-1 for
  users
• reuse of the UID may result in new owner of the
  UID may get access to the old owners files (or
  other resources). That is why it requires unique
• GID
• concept is similar to UID
• UID and GID synchronization
• if one use NFS (Network file system), user need
  to have the same UID and GID over all sub systems
• NIS (Network Information System) is applied for
  synchronizing account information in NFS

52
Initial environment /etc/skel

• When the home directory for a new user is
  created, it is initialized with files from the
  /etc/skel directory where system admin can place
  files for providing a default environment for the
  user
• For example, /etc/skel/.profile that sets the
  EDITOR environment variable to some editor that
  is friendly to new users
• However, it is hard to maintain the files in
  /etc/skel/ when admin made some changes, e.g.
  name of editor. Thus, all existing users would
  have to edit their .profile corresponding to this
  change. System admin can write a script to
  correct it automatically, but it may break users
  files
• It is better to place global configuration into
  global files, e.g. /etc/profile. This way it is
  possible to update it without breaking users own
  setups

53
Create a user by hand (I)

• Edit /etc/passwd with vipw and add a new line for
  the new account
• Be careful with the syntax
• Do not edit directly with an editor!
• vipm can locks the file while you add a user and
  prevent other programs to update it at this
  moment
• Do keep the password field be
• Edit /etc/group with vigr (if you need a new
  group)
• Create home directory via mkdir
• Copy files from /etc/skel if necessary

54
Create user by hand (II)

• Fix ownerships and permissions with chown and
  chmod (-R means recursive)
• cd /home/newusername
• chown -R username.group .
• chmod -R gou,go-w .
• chmod go .
• Set the password with passwd

55
Changing user properties

• chfu
• change the full name
• chsh
• change the login shell
• passwd
• change the password
• tasks must be done by hand
• change username in /etc/passwd with vipw
• change/add/remove group name in /etc/group with
  vigr

56
Removing a user

• first disable the user
• remove all files
• search by find / -user username
• remove all mailboxes and mail aliases
• remove all print, cron and at jobs
• remove all other references to the user
• finally remove the line in /etc/passwd and
  /etc/group
• platform specific commands deluser or userdel
• it is very convenient but it may not do all things

57
Disabling a user

• Sometimes, system admin need to suspend a user
  without removing it, e.g. user have to paid for
  his account, or cracker has got the password of
  that account
• write a tail scripts can tell the user why he/she
  was disabled
• If user billg is suspected of a security breach,
  the system administrator would do something like
  this

!/usr/bin/tail 2 This account has been closed
due to a security breach. Please call 555-1234
and wait for the men in black to arrive.
chsh -s /usr/local/lib/no-login/security billg
su - tester This account has been closed due
to a security breach. Please call 555-1234 and
wait for the men in black to arrive.
58
Take a break

• and review what you have learned

59
Essentials for System Security

• Document system
• Backup
• Enhance internal security mechanism
• Honeypot
• Protect before attack
• Anti-attack system
• Enhance central logging repository

60
Document system

• Some important disk partitions should be set as
  read only or no execution
• Use chattr to enhance the security
• i file can not be modified (only admin can
  clear)
• a append mode (for log files)
• -R (option) recursive

61
Root file system

• /bin Essential command binaries for all users
• /sbin system binaries
• /boot Static files of the boot loader
• /root home directory for the root user
• /dev Device files
• /etc host-specific system configuration
• /home user home directory
• /lib essential shared libraries and kernel
  modules
• /media mount point for removable media
• /mnt mount point for temporarily mounted file
  system
• /opt add-on application software packages
• /srv data for services provided by this system
• /tmp temporary files

62
/usr

• /usr sharable,read only second major section of
  the file system
• /usr/X11R6 X window system
• /usr/bin most user command
• /usr/include shared include files
• /usr/lib libraries for programming and packages
• /usr/local for admin to install software locally
• /usr/sbin non-essential standard system binaries
• /usr/share read-only architecture independent
  data file
• /usr/src source code for reference purposes

63
/var

• /var spool directories and files, administrative
  logging data, and transient and temporary files

64
backup

• Backup by optical disk (DVD/CD) and set it as
  bootable to perform integrity test between your
  backup and hard disk as part of booting procedure
• For non-frequent modified partitions, one can
  backup them to another storage (e.g. Magnetic
  disk) or another read only directory

65
Enhance internal security

• Buffer overflow
• it is a programming error which may result in a
  memory access exception and program termination,
  or in the event of the user being malicious, a
  possible breach of system security
• RSBAC (Rule Set Based Access Control)
• MAC (Mandatory Access Control)
• ACL (Access Control List)
• RC (Role Compatibility) model

66
Set trap Honeypot

• a honeypot is a trap set to detect, deflect or in
  some manner counteract attempts at unauthorized
  use of information systems

67
Prevent Port Scanning

• the most frequent behavior of hackers before
  their their attack is port scanning
• the attempt to stop the port scanning can
  efficiently prevent the attack before it happens
• Solutions
• Psionic PortSentry
• Abacus Port Sentry
• Iptable
• IBM Internet Security Systems (ISS)

68
Anti-attack

• Attack back to the hackers
• It might be dangerous to do this
• Solutions
• Abacus Port Sentry

69
Enhance central logging repository

• Separate syslog system in another machine to
  prevent hacker to directly obtain the information
• Solutions
• Secure syslog
• Syslog-ng (next generation system logging)