Linux Security

By High School Technology Services myhsts.org Recap From Previous Session

In the previous session we learned about The File Security. We covered - ▪ File Permissions ▪ Directory Permissions ▪ Octal Representation ▪ Changing Permissions ▪ Setting Default Permissions ▪ Access Control Lists (ACLs) ▪ The getfacl and setfacl commands ▪ SUID Bit Characteristics of Processes

▪ Processes carry out tasks within the operating system. A program is a set of machine code instructions and data stored in an executable image on disk and is, as such, a passive entity; a process can be thought of as a computer program in action. ▪ It is a dynamic entity, constantly changing as the machine code instructions are executed by the processor. As well as the program's instructions and data, the process also includes the program counter and all of the CPU's registers as well as the process stacks containing temporary data such as routine parameters, return addresses and saved variables. The current executing program, or process, includes all of the current activity in the microprocessor. Linux is a multiprocessing operating system. Processes are separate tasks each with their own rights and responsibilities. If one process crashes it will not cause another process in the system to crash. Each individual process runs in its own virtual address space and is not capable of interacting with another process except through secure, kernel managed mechanisms. Parent-Child Relationship

Every process has a parent process and it may or may not have child processes. Lets take this one by one. Consider the output of command now.

Whenever a process creates another process, the former is called parent while latter is called . Technically, a child process is created by calling fork() function from within the code. Usually when you run a command from shell, the fork() is followed by exec() series of functions. Examining Running Processes

The Linux terminal has a number of useful commands that can display running processes, them, and change their priority level. This post lists the classic, traditional commands, as well as some useful, modern ones. We’ll discuss - ▪ ▪ htop ▪ ps ▪ pstree ▪ kill ▪ pgrep ▪ pkill Background Processes

A background process is a program that is running without user input. A number of background processes can be running on a multitasking operating system, such as Linux, while the user is interacting with the foreground process Some background processes, such as daemons, for example, never require user input and crontab

The crontab command, found in and Unix-like operating systems, is used to schedule commands to be executed periodically. To see what crontabs are currently running on your system, you can open a terminal and run:

▪ $ sudo crontab -l

Cronjobs are written in the following format:

* * * * * /bin/execute/this/script.sh cron and crontab

As you can see there are 5 stars. The stars represent different date parts in the following order: minute (from 0 to 59) hour (from 0 to 23) day of month (from 1 to 31) month (from 1 to 12) day of week (from 0 to 6) (0=Sunday) and batch

The at command schedules a command to be run once at a particular that you normally have permission to run. The at command can be anything from a simple reminder message, to a complex script. You start by running the at command at the command line, passing it the scheduled time as the option. It then places you at a special prompt, where you can in the command (or series of commands) to be run at the scheduled time. When you're done, press Control-D on a new line, and your command will be placed in the queue. A typical at command sequence looks like this (commands you type are shown here in the blue box, or in bold face below): at 9:30 PM Tue batch executes commands when system load levels permit; in other words, when the load average drops below 1.5, or the value specified in the invocation of atd. System Processes (Daemons)

A daemon is a type of program on Unix-like operating systems that runs unobtrusively in the background, rather than under the direct control of a user, waiting to be activated by the occurance of a specific event or condition.

Monitoring a system is a good reason to use a daemon. Cron can run processes every minute - but if you need a tighter granularity than that, cron can't help. A daemon can. With a daemon, you can setup whatever timing you want in your "main loop". Looking Forward

In the next session we’re doing to learn about Working with the Linux Kernel. We’ll cover - ▪ Linux Kernel Components ▪ Types of Kernels ▪ Kernel Configuration Options ▪ Recompiling the Kernel Thank You

By High School Technology Services myhsts.org