Transcription of Paul Cobbaut - linux-training.be
1 Linux SecurityPaul CobbautLinux SecurityPaul CobbautPaul CobbautPublication date 2015-05-24 CESTA bstractThis book is meant to be used in an instructor-led training. For self-study, the intent is to readthis book next to a working Linux computer so you can immediately do every subject, practicingeach book is aimed at novice Linux system administrators (and might be interesting and usefulfor home users that want to know a bit more about their Linux system). However, this bookis not meant as an introduction to Linux desktop applications like text editors, browsers, mailclients, multimedia or office information and free .pdf available at .Feel free to contact the author: paul Cobbaut : to the Linux Training project are: Serge van Ginderachter: build scripts; infrastructure setup; minor stuff Hendrik De Vloed: scriptWe'd also like to thank our reviewers: Wouter Verhelst: Geert Goossens: Elie De Brauwer: Christophe Vandeplas: Bert Desmet: Rich Yonts: 2007-2015 paul CobbautPermission is granted to copy, distribute and/or modify this document under the terms of theGNU Free Documentation License, Version or any later version published by the FreeSoftware Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-CoverTexts.
2 A copy of the license is included in the section entitled 'GNU Free DocumentationLicense'.iiiTable of ContentsI. local user management .. 11. introduction to users .. whoami .. who .. who am i .. w .. id .. su to another user .. su to root .. su as root .. su - $username .. su - .. run a program as another user .. visudo .. sudo su - .. sudo logging .. practice: introduction to users .. solution: introduction to users .. 102. user management .. user management .. /etc/passwd .. root .. useradd .. /etc/default/useradd.
3 Userdel .. usermod .. creating home directories .. /etc/skel/ .. deleting home directories .. login shell .. chsh .. practice: user management .. solution: user management .. 183. user passwords .. passwd .. shadow file .. encryption with passwd .. encryption with openssl .. encryption with crypt .. / .. chage .. disabling a password .. editing local files .. practice: user passwords .. solution: user passwords .. 274. user profiles .. system profile .. ~/.bash_profile .. ~/.bash_login .. ~/.profile .. ~/.bashrc.
4 ~/.bash_logout .. Debian overview .. RHEL5 overview .. practice: user profiles .. 34 Linux solution: user profiles .. 355. groups .. groupadd .. group file .. groups .. usermod .. groupmod .. groupdel .. gpasswd .. newgrp .. vigr .. practice: groups .. solution: groups .. 42II. file security .. 436. standard file permissions .. file ownership .. list of special files .. permissions .. practice: standard file permissions .. solution: standard file permissions .. 557. advanced file permissions .. sticky bit on directory .. setgid bit on directory.
5 Setgid and setuid on regular files .. setuid on sudo .. practice: sticky, setuid and setgid bits .. solution: sticky, setuid and setgid bits .. 618. access control lists .. acl in /etc/fstab .. getfacl .. setfacl .. remove an acl entry .. remove the complete acl .. the acl mask .. eiciel .. 669. file links .. inodes .. about directories .. hard links .. symbolic links .. removing links .. practice : links .. solution : links .. 73 III. iptables firewall .. 7410. introduction to routers .. router or firewall .. packet forwarding .. packet filtering.
6 Stateful .. nat (network address translation) .. pat (port address translation) .. snat (source nat) .. masquerading .. dnat (destination nat) .. port forwarding .. /proc/sys/net/ipv4/ip_forward .. / .. sysctl .. 79 Linux practice: packet forwarding .. solution: packet forwarding .. 8211. iptables firewall .. iptables tables .. starting and stopping iptables .. the filter table .. practice: packet filtering .. solution: packet filtering .. network address translation .. 94IV. selinux .. 9712. introduction to SELinux .. selinux modes .. logging.
7 Activating selinux .. getenforce .. setenforce .. sestatus .. policy .. /etc/selinux/config .. DAC or MAC .. ls -Z .. -Z .. /selinux .. identity .. role .. type (or domain) .. security context .. transition .. extended attributes .. process security context .. chcon .. an example .. setroubleshoot .. booleans .. 112V. Appendix .. 113A. License .. 115 Index .. 122viList of Debian User Environment .. Red Hat User Environment .. Unix special files .. standard Unix file permissions .. Unix file permissions position.
8 Octal permissions .. Packet Forwarding Exercise .. Packet Forwarding Solution .. 82 Part I. local user management2 Table of Contents1. introduction to users .. whoami .. who .. who am i .. w .. id .. su to another user .. su to root .. su as root .. su - $username .. su - .. run a program as another user .. visudo .. sudo su - .. sudo logging .. practice: introduction to users .. solution: introduction to users .. 102. user management .. user management .. /etc/passwd .. root .. useradd .. /etc/default/useradd.
9 Userdel .. usermod .. creating home directories .. /etc/skel/ .. deleting home directories .. login shell .. chsh .. practice: user management .. solution: user management .. 183. user passwords .. passwd .. shadow file .. encryption with passwd .. encryption with openssl .. encryption with crypt .. / .. chage .. disabling a password .. editing local files .. practice: user passwords .. solution: user passwords .. 274. user profiles .. system profile .. ~/.bash_profile .. ~/.bash_login .. ~/.profile .. ~/.bashrc.
10 ~/.bash_logout .. Debian overview .. RHEL5 overview .. practice: user profiles .. solution: user profiles .. 35local user management35. groups .. groupadd .. group file .. groups .. usermod .. groupmod .. groupdel .. gpasswd .. newgrp .. vigr .. practice: groups .. solution: groups .. 424 Chapter 1. introduction to usersThis little chapter will teach you how to identify your user account on a Unix computer usingcommands like who am i, id, and a second part you will learn how to become another user with the su you will learn how to run a program as another user with to whoamiThe whoami command tells you your username.
