Linux Security
Next
Linux Security
Paul
Cobbaut
2015-05-24
Table of Contents
I. local user management
1. introduction to users
whoami
who
who am i
w
id
su to another user
su to root
su as root
su - $username
su -
run a program as another user
visudo
sudo su -
sudo logging
practice: introduction to users
solution: introduction to users
2. user management
user management
/etc/passwd
root
useradd
/etc/default/useradd
userdel
usermod
creating home directories
/etc/skel/
deleting home directories
login shell
chsh
practice: user management
solution: user management
3. user passwords
passwd
shadow file
encryption with passwd
encryption with openssl
encryption with crypt
/etc/login.defs
chage
disabling a password
editing local files
practice: user passwords
solution: user passwords
4. user profiles
system profile
~/.bash_profile
~/.bash_login
~/.profile
~/.bashrc
~/.bash_logout
Debian overview
RHEL5 overview
practice: user profiles
solution: user profiles
5. groups
groupadd
group file
groups
usermod
groupmod
groupdel
gpasswd
newgrp
vigr
practice: groups
solution: groups
II. file security
6. standard file permissions
file ownership
user owner and group owner
listing user accounts
chgrp
chown
list of special files
permissions
rwx
three sets of rwx
permission examples
setting permissions (chmod)
setting octal permissions
umask
mkdir -m
cp -p
practice: standard file permissions
solution: standard file permissions
7. advanced file permissions
sticky bit on directory
setgid bit on directory
setgid and setuid on regular files
setuid on sudo
practice: sticky, setuid and setgid bits
solution: sticky, setuid and setgid bits
8. access control lists
acl in /etc/fstab
getfacl
setfacl
remove an acl entry
remove the complete acl
the acl mask
eiciel
9. file links
inodes
inode contents
inode table
inode number
inode and file contents
about directories
a directory is a table
. and ..
hard links
creating hard links
finding hard links
symbolic links
removing links
practice : links
solution : links
III. iptables firewall
10. introduction to routers
router or firewall
packet forwarding
packet filtering
stateful
nat (network address translation)
pat (port address translation)
snat (source nat)
masquerading
dnat (destination nat)
port forwarding
/proc/sys/net/ipv4/ip_forward
/etc/sysctl.conf
sysctl
practice: packet forwarding
solution: packet forwarding
11. iptables firewall
iptables tables
starting and stopping iptables
the filter table
about packet filtering
filter table
setting default rules
changing policy rules
Allowing ssh over eth0
Allowing access from a subnet
iptables save
scripting example
Allowing ICMP(ping)
practice: packet filtering
solution: packet filtering
network address translation
about NAT
SNAT (Source NAT)
SNAT example setup
IP masquerading
DNAT (Destination NAT)
IV. selinux
12. introduction to SELinux
selinux modes
logging
activating selinux
getenforce
setenforce
sestatus
policy
/etc/selinux/config
DAC or MAC
ls -Z
-Z
/selinux
identity
role
type (or domain)
security context
transition
extended attributes
process security context
chcon
an example
setroubleshoot
booleans
V. Appendix
A. License
Index
List of Tables
4.1.
Debian User Environment
4.2.
Red Hat User Environment
6.1.
Unix special files
6.2.
standard Unix file permissions
6.3.
Unix file permissions position
6.4.
Octal permissions
10.1.
Packet Forwarding Exercise
10.2.
Packet Forwarding Solution