LINUX -OPERATING SYSTEM.
Linus Travolds released linux in 1991 under GPL.
What is kernel?
Kernel is called as the heart of operating system. Kernel is also the program acting as chief opertions
There are many functionalities that are handled by Kernel.Below are the list of some critical fuctionalities:
1. Starting & Stopping other programs.
2. Handling Requests from memory
3. Accessing disks
4.Managing network connections etc..
Kernel are basically of two types :
1. Monolithic -----That provides all the services that application needs
EX; Linux is using monolithic kernel
2. Micro Kernel --- These consists of small core set of services . It nees other modules to be loaded to perform other functions.
EX:Windows.
LINUX Distributions are classified into two groups
1. Commercial -- This type of distribution tends to have longer release cycle .Also Commercial generally offers support for their distribution at certain cost. EX--redhat,suse
2.Non-Commercial --The company offers use the non-commercial distribution basically for testing purpose of the software. Several of ,non-commercial distributions are backed up with the support.
Ex: Debian,Fedora,Ubuntu
LINUX Licences:
GNU Public Licences(GPL) ---GPL States that the software realesed is free .It's acceptable to take the software and resell it for his own profit,But when reseling and if any changes made in the code ,u need to release the full source code including the changes at GPL platform and also the new source code will be under GPL . EX. Redhat
BSD & Apache -- These types of licences gives the user to modify the source code without disclosing the changes made in the source code.
------------------------------------------------------------------------------------------------
Basic Linux System Adminsitration Tasks;
1. User Management
2. Logical Volume Management
3. Network Management
4.Device Management.
5.Package Management
--------------------------------------------------------------------------------------
User Management In Linux
1. Every file or program under Linux is owned by a user.
2. Each user will be having a unique User ID(UID).
3. Root user is known as super user which can do all the tasks in linux.
By default the UID for root user is "0" .
4. System Users are normally having the UID from 0 to 499 . The manually created users will have UID after that.
5. All the user information in linux is kept under text files .
Below are the files where the user's information is kept.
1. /etc/passwd -- this file stores user-name,encrypted password entry,UID,GID,Gecos,Home directory and login shell informations
2. /etc/shadow --- this file stores the encrypted passoword information for user accounts.
why was the requirement of /etc/shadow file if it was possible through /etc/password file only?
Ans: As we all know that /etc/passwd file is readable by all the users,it was leading to the security treat since it was easy for the hackers to crack the encrypted password . So for handling this linux introduced /etc/shadow file that is only readable by root users or other required priviledged programs that requires access to that information.
How to create a user
Using the "useradd' command we are creating the users in linux.
Whenever we are running the useradd command the ASCII Text File " /etc/default/useradd" is executed.
Content of /etc/default/useradd
# useradd defaults file
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes
*Above mentioned parameters are automatically taken once the useradd command is executed .
By default, a group will also be created for the new user .
Changing the default values(changing the /etc/default/useradd parameters)
When invoked with only the -D option, useradd will display the current default values
[root@abhi ~]# useradd -D
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes
--------------------------------------------------------------------------------------------------------
Below help page of linux will be helpful in using the useradd command:
Options:
--------------------------------------------------------------------------------------------------
Example
1. #useradd test
This will create a user-id and it's home directory . Home directory will be by default "/home/user-id"
2. # useradd -d /home/test -p test123 test
Here we are creating a user test with home directory "/home/test" and the passowrd that will be stored in /etc/shadow will be "test123"
'-p" parameter is not recommended to use until you are not creating the encrypted password using crypt command.
[root@abhi ~]# cat /etc/shadow |grep -i test
test:test123:16452:1:90:7:::
[root@abhi ~]#
3. Creation of system user account with UID 510 and Primary goup ID as 500 .System user acount will not have home directory . But the user will have the no-ageing(means never expiry ) by default.
[root@abhi ~]# useradd -u 510 -g 500 -r test
**** This is helpful when customer requests for user account for collecting some details,who can't create any files or directory except /tmp.
4. If you want to create system user with home directory you need to use -m option .
#useradd -r -m test
5 .Creating a user-ID whose Gecos is "test user". The user account expires on 2015-12-18 and will become inactive after 5 days the user-ID expires.
[root@abhi ~]# useradd -c "test user" -e 2015-12-18 -f 5 test2
[root@abhi ~]# cat /etc/passwd |grep -i test2
test2:x:501:501:test user:/home/test2:/bin/bash
Content of /etc/shadow file after this:
[root@abhi ~]# cat /etc/shadow|grep test2
test2:!!:16452:1:90:7:5:16787:
.Note: -f 0 means that the user account will become inactive as soon as user-id expires
-f -1 means that user account inactive parameter will be disbaled for this user.
Changing the base-dir )HOME) parameter in /etc/default/useradd file
[root@abhi ~]# useradd -D -b /home/test
[root@abhi ~]# useradd -D
GROUP=100
HOME=/home/test
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes
[root@abhi~]#
----------------------------------------------------------------------------------------------------------------------
How to remove a user .
We are using the command "userdel" to remove the user.
# userdel test -----removes the user from the system(including entry in /etc/passwd & /etc/shadow file) IT will not remove the user's home directory.
#userdel -r test -----It will remove the user definition and also the home directory of the user.
#userdel -f -r test -----It will remove the user definition ,home directory and other definitions of user forcefully,even if he is still logged in.
Changing the attributes of user
We can change the attributes of users using the "usermod" command.
Below are the options available for usermod command
Usage: usermod [options] LOGIN
Options:
-c, --comment COMMENT new value of the GECOS field
-d, --home HOME_DIR new home directory for the user account
-e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE
-f, --inactive INACTIVE set password inactive after expiration to INACTIVE
-g, --gid GROUP force use GROUP as new primary group
-G, --groups GROUPS new list of supplementary GROUPS
-l, --login NEW_LOGIN new value of the login name
-L, --lock lock the user account
-m, --move-home move contents of the home directory to the
new location (use only with -d)
-s, --shell SHELL new login shell for the user account
-u, --uid UID new UID for the user account
-U, --unlock unlock the user account
#usermod -L test ---locks the user account
#usermod -U test ----unlocks the user account
# usermod -u 505 test ---changing the UID for the user
# usermod -G admin test --changing the primary group of user test to admin
#usermod -G users,admin,system test -- adding the user "test" to users,admin & test group
#usermod e 2015-12-18 -f 5 test2 -- modifying the account expiry date for the user test2 to 18th dec 2015 and password to be set as inactive after 5 days of expiry.
#usermod -a aks test -- appending the user to the group aks
#usermod -m -d /etc/test test ---moving the home directory and it's contents to new location /etc/test for user test.
---------------------------------------------------------------------------------------------------------------------
How to create a group
We can grate a group using the command "groupadd" Group details are stored in files /etc/group and /etc/gshadow .
#groupadd aks ---creates a group named "aks"
#groupadd -g 508 abhi ---creates a group abhi with GID 508
How to delete a group
we can delete a group using the groupdel command
#groupdel aks
MOdifying group attributes
Group Attributes are modified using the command "groupmod"
#groupmod -g 510 abhi -- changing the GID for group abhi
#groupmod -n test abhi ---changing the group name from "abhi" to "test"
------------------------------------------------------------------------------------------------------------------------------------
Some tips on applying Security Hardening for users.
1. Setting the password policies for particular user
Listing the current password policies applied to user "test"
#chage -l test
Last password change : Jan 17, 2015
Password expires : Apr 17, 2015
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 90
Number of days of warning before password expires : 7
setting the parameter (Maximum) to 90 . the user will be prompted for changing the password after 90 days.
# chage -M 90 test
#chage -W 8 test -- Start warning the user 8 days before password expires
Linus Travolds released linux in 1991 under GPL.
What is kernel?
Kernel is called as the heart of operating system. Kernel is also the program acting as chief opertions
There are many functionalities that are handled by Kernel.Below are the list of some critical fuctionalities:
1. Starting & Stopping other programs.
2. Handling Requests from memory
3. Accessing disks
4.Managing network connections etc..
Kernel are basically of two types :
1. Monolithic -----That provides all the services that application needs
EX; Linux is using monolithic kernel
2. Micro Kernel --- These consists of small core set of services . It nees other modules to be loaded to perform other functions.
EX:Windows.
LINUX Distributions are classified into two groups
1. Commercial -- This type of distribution tends to have longer release cycle .Also Commercial generally offers support for their distribution at certain cost. EX--redhat,suse
2.Non-Commercial --The company offers use the non-commercial distribution basically for testing purpose of the software. Several of ,non-commercial distributions are backed up with the support.
Ex: Debian,Fedora,Ubuntu
LINUX Licences:
GNU Public Licences(GPL) ---GPL States that the software realesed is free .It's acceptable to take the software and resell it for his own profit,But when reseling and if any changes made in the code ,u need to release the full source code including the changes at GPL platform and also the new source code will be under GPL . EX. Redhat
BSD & Apache -- These types of licences gives the user to modify the source code without disclosing the changes made in the source code.
------------------------------------------------------------------------------------------------
Basic Linux System Adminsitration Tasks;
1. User Management
2. Logical Volume Management
3. Network Management
4.Device Management.
5.Package Management
--------------------------------------------------------------------------------------
User Management In Linux
1. Every file or program under Linux is owned by a user.
2. Each user will be having a unique User ID(UID).
3. Root user is known as super user which can do all the tasks in linux.
By default the UID for root user is "0" .
4. System Users are normally having the UID from 0 to 499 . The manually created users will have UID after that.
5. All the user information in linux is kept under text files .
Below are the files where the user's information is kept.
1. /etc/passwd -- this file stores user-name,encrypted password entry,UID,GID,Gecos,Home directory and login shell informations
2. /etc/shadow --- this file stores the encrypted passoword information for user accounts.
why was the requirement of /etc/shadow file if it was possible through /etc/password file only?
Ans: As we all know that /etc/passwd file is readable by all the users,it was leading to the security treat since it was easy for the hackers to crack the encrypted password . So for handling this linux introduced /etc/shadow file that is only readable by root users or other required priviledged programs that requires access to that information.
How to create a user
Using the "useradd' command we are creating the users in linux.
Whenever we are running the useradd command the ASCII Text File " /etc/default/useradd" is executed.
Content of /etc/default/useradd
# useradd defaults file
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes
*Above mentioned parameters are automatically taken once the useradd command is executed .
By default, a group will also be created for the new user .
Changing the default values(changing the /etc/default/useradd parameters)
When invoked with only the -D option, useradd will display the current default values
[root@abhi ~]# useradd -D
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes
--------------------------------------------------------------------------------------------------------
Below help page of linux will be helpful in using the useradd command:
Usage: useradd [options]USER-NAME
Options:
-b, --base-dir BASE_DIR base directory for the home directory of the new account
-c, - -comment COMMENT GECOS field of the new account
-d, --home-dir HOME_DIR home directory of the new account
-e, --expiredate EXPIRE_DATE expiration date of the new account(The date is specified in the format YYYY-MM-DD.)
-f, --inactive INACTIVE password inactivity period of the new account
-g, --gid GROUP name or ID of the primary group of the new account
-G, --groups GROUPS list of supplementary groups of the new account
-m, --create-home create the user's home directory
-M, --no-create-home do not create the user's home directory
-p, --password PASSWORD encrypted password of the new account
-r, --system create a system account
-s, --shell SHELL login shell of the new account
-u, --uid UID user ID of the new account
-U, --user-group create a group with the same name as the user
--------------------------------------------------------------------------------------------------
Example
1. #useradd test
This will create a user-id and it's home directory . Home directory will be by default "/home/user-id"
2. # useradd -d /home/test -p test123 test
Here we are creating a user test with home directory "/home/test" and the passowrd that will be stored in /etc/shadow will be "test123"
'-p" parameter is not recommended to use until you are not creating the encrypted password using crypt command.
[root@abhi ~]# cat /etc/shadow |grep -i test
test:test123:16452:1:90:7:::
[root@abhi ~]#
3. Creation of system user account with UID 510 and Primary goup ID as 500 .System user acount will not have home directory . But the user will have the no-ageing(means never expiry ) by default.
[root@abhi ~]# useradd -u 510 -g 500 -r test
**** This is helpful when customer requests for user account for collecting some details,who can't create any files or directory except /tmp.
4. If you want to create system user with home directory you need to use -m option .
#useradd -r -m test
5 .Creating a user-ID whose Gecos is "test user". The user account expires on 2015-12-18 and will become inactive after 5 days the user-ID expires.
[root@abhi ~]# useradd -c "test user" -e 2015-12-18 -f 5 test2
[root@abhi ~]# cat /etc/passwd |grep -i test2
test2:x:501:501:test user:/home/test2:/bin/bash
Content of /etc/shadow file after this:
[root@abhi ~]# cat /etc/shadow|grep test2
test2:!!:16452:1:90:7:5:16787:
.Note: -f 0 means that the user account will become inactive as soon as user-id expires
-f -1 means that user account inactive parameter will be disbaled for this user.
Changing the base-dir )HOME) parameter in /etc/default/useradd file
[root@abhi ~]# useradd -D -b /home/test
[root@abhi ~]# useradd -D
GROUP=100
HOME=/home/test
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes
[root@abhi~]#
----------------------------------------------------------------------------------------------------------------------
How to remove a user .
We are using the command "userdel" to remove the user.
# userdel test -----removes the user from the system(including entry in /etc/passwd & /etc/shadow file) IT will not remove the user's home directory.
#userdel -r test -----It will remove the user definition and also the home directory of the user.
#userdel -f -r test -----It will remove the user definition ,home directory and other definitions of user forcefully,even if he is still logged in.
Changing the attributes of user
We can change the attributes of users using the "usermod" command.
Below are the options available for usermod command
Usage: usermod [options] LOGIN
Options:
-c, --comment COMMENT new value of the GECOS field
-d, --home HOME_DIR new home directory for the user account
-e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE
-f, --inactive INACTIVE set password inactive after expiration to INACTIVE
-g, --gid GROUP force use GROUP as new primary group
-G, --groups GROUPS new list of supplementary GROUPS
-l, --login NEW_LOGIN new value of the login name
-L, --lock lock the user account
-m, --move-home move contents of the home directory to the
new location (use only with -d)
-s, --shell SHELL new login shell for the user account
-u, --uid UID new UID for the user account
-U, --unlock unlock the user account
#usermod -L test ---locks the user account
#usermod -U test ----unlocks the user account
# usermod -u 505 test ---changing the UID for the user
# usermod -G admin test --changing the primary group of user test to admin
#usermod -G users,admin,system test -- adding the user "test" to users,admin & test group
#usermod e 2015-12-18 -f 5 test2 -- modifying the account expiry date for the user test2 to 18th dec 2015 and password to be set as inactive after 5 days of expiry.
#usermod -a aks test -- appending the user to the group aks
#usermod -m -d /etc/test test ---moving the home directory and it's contents to new location /etc/test for user test.
---------------------------------------------------------------------------------------------------------------------
How to create a group
We can grate a group using the command "groupadd" Group details are stored in files /etc/group and /etc/gshadow .
#groupadd aks ---creates a group named "aks"
#groupadd -g 508 abhi ---creates a group abhi with GID 508
How to delete a group
we can delete a group using the groupdel command
#groupdel aks
MOdifying group attributes
Group Attributes are modified using the command "groupmod"
#groupmod -g 510 abhi -- changing the GID for group abhi
#groupmod -n test abhi ---changing the group name from "abhi" to "test"
------------------------------------------------------------------------------------------------------------------------------------
Some tips on applying Security Hardening for users.
1. Setting the password policies for particular user
Listing the current password policies applied to user "test"
#chage -l test
Last password change : Jan 17, 2015
Password expires : Apr 17, 2015
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 90
Number of days of warning before password expires : 7
setting the parameter (Maximum) to 90 . the user will be prompted for changing the password after 90 days.
# chage -M 90 test
#chage -W 8 test -- Start warning the user 8 days before password expires
No comments:
Post a Comment