Unix Administration

Guntis Barzdins Linux System Administration SYS ADMIN TASKS

Setting the Run Level System Services User Management Network Settings Scheduling Jobs Quota Management Backup and Restore Adding and Removing software/packages Setting a Printer Monitoring the system (general, logs) Monitoring any specific services running. Eg. DNS, DHCP, Web, NIS, NPT, Proxy etc. Have you used UNIX before?

• Which OS did Apple choose when it needed a stable OS layer for its Mac OSX?

• Which OS made the biggest impact to the online lives as you know it today? Process Manipulation

 Once you run a program (e.g. vi, myprog,...), that program will suspend the terminal you called it in (the terminal will not be receiving input from you).

 You can start the program in the background to avoid this:  myprog &

 You can suspend a program that is running and send it to background, if you already started it:  Ctrl-z (to suspend)  bg (sends the suspended program to the background)

 ps (show running processes)  top (monitor running processes)  kill (kill processes)

 & (send process to background)  bg (send process to background)  fg (get process from background)  Ctrl+c (terminate process)  C l+ ( d ) Intrusion Detection System (IDS)

Open Source Tripwire – is a file integrity- checking program for UNIX/Linux operating systems

 Host-based

 Software that alerts you when important files change

 Tripwire keeps a hash value for each designated file

 When a file is altered/deleted, tripwire will have a new hash value that is different than the original

 Replaced by more advanced HIDS: OSSEC, Samhain, AIDE Tripwire tutorial in a slide

 Initial setup

 download / build / install it

 modify policy file (e.g. remove unnecessary files) # vi /etc/tripwire/twpol.txt

 generate policy file # twadmin –create-polfile /etc/tripwire/twpol.txt  build initial database # tripwire –init  check periodically # tripwire –check  reconcile differences (e.g. software installation) # tripwire –update –accept-all –twrfile report_file Linux Security

LINUX Firewall Linux Security

SELinux

Originally created by NSA to meet US DoD MAC Malicious or broken software can have root-level access to the entire system by running as a root process. SELinux (Security Enhanced Linux) provides enhanced security. Through SELinux policies, a process can be granted just the permissions it needs to be functional, thus reducing the risk

SELINUX can take one of these three values enforcing - SELinux security policy is enforced. Linux Security

SELinux Configuration AppArmor

Less complex and less secure Popular in user oriented distributions (Ubuntu, SUSE), enabled for some potentially vulnerable services by default Bundle software packages with AppArmor profiles Can create profile file by launching application in learning mode, can make secure enough profile if application not already compromised Capabilities: FS open/read/write different modes, networking (all/tcp/udp), executability etc.