Unix Administration
Guntis Barzdins Linux System Administration SYS ADMIN TASKS
Setting the Run Level System Services User Management Network Settings Scheduling Jobs Quota Management Backup and Restore Adding and Removing software/packages Setting a Printer Monitoring the system (general, logs) Monitoring any specific services running. Eg. DNS, DHCP, Web, NIS, NPT, Proxy etc. Have you used UNIX before?
• Which OS did Apple choose when it needed a stable OS layer for its Mac OSX?
• Which OS made the biggest impact to the online lives as you know it today? Process Manipulation
Once you run a program (e.g. vi, myprog,...), that program will suspend the terminal you called it in (the terminal will not be receiving input from you).
You can start the program in the background to avoid this: myprog &
You can suspend a program that is running and send it to background, if you already started it: Ctrl-z (to suspend) bg (sends the suspended program to the background)
ps (show running processes) top (monitor running processes) kill (kill processes)
& (send process to background) bg (send process to background) fg (get process from background) Ctrl+c (terminate process) C l+ ( d ) Intrusion Detection System (IDS)
Open Source Tripwire – is a file integrity- checking program for UNIX/Linux operating systems
Host-based
Software that alerts you when important files change
Tripwire keeps a hash value for each designated file
When a file is altered/deleted, tripwire will have a new hash value that is different than the original
Replaced by more advanced HIDS: OSSEC, Samhain, AIDE Tripwire tutorial in a slide
Initial setup
download / build / install it
modify policy file (e.g. remove unnecessary files) # vi /etc/tripwire/twpol.txt
generate policy file # twadmin –create-polfile /etc/tripwire/twpol.txt build initial database # tripwire –init check periodically # tripwire –check reconcile differences (e.g. software installation) # tripwire –update –accept-all –twrfile report_file Linux Security
LINUX Firewall Linux Security
SELinux
Originally created by NSA to meet US DoD MAC Malicious or broken software can have root-level access to the entire system by running as a root process. SELinux (Security Enhanced Linux) provides enhanced security. Through SELinux policies, a process can be granted just the permissions it needs to be functional, thus reducing the risk
SELINUX can take one of these three values enforcing - SELinux security policy is enforced. Linux Security
SELinux Configuration AppArmor
Less complex and less secure Popular in user oriented distributions (Ubuntu, SUSE), enabled for some potentially vulnerable services by default Bundle software packages with AppArmor profiles Can create profile file by launching application in learning mode, can make secure enough profile if application not already compromised Capabilities: FS open/read/write different modes, networking (all/tcp/udp), executability etc.