UP | HOME
../../ | Slides

Linux System Administation #1

Table of Contents

1 Abstract

These are items that you, as security student, must know at a bare minimum. Read the man page on the commands, before trying them out. Most of them need to be run as root. You can use the sudo prefix, or set aside a root-dedicated terminal, with a distinctly different appearance, where you have logged in as root.

2 Terminology

  1. Commands are programs or script; read up on man file.

3 What is Where in Your Linux Machine

3.1 Hardware

  1. Commands that report on what your machine has. Should remain unchanged unless you added/removed hardware items.
  2. blkid
  3. lshw
  4. lsusb
  5. dmidecode
  6. https://www.pugetsystems.com/labs/support-software/Linux-hardware-identification-tools---now-with-more-GUI-1104/ But, in this course, we much prefer command line usage, not GUI.

3.2 Commands

  1. Commands that report on what is installed, currently in use or not. Should remain unchanged unless you updated the installation.
  2. cat /etc/issue
  3. find /etc -name *mod*
  4. ls -alR /boot
  5. more /boot/config-*
  6. more /boot/abi-* " Linux kernel and GNU C Library define the Linux API. After compilation, the binaries offer an ABI; keeping this ABI stable over a long time is important for ISVs. In computer software, an application binary interface (ABI) is an interface between two binary program modules; often, one of these modules is a library or operating system facility, and the other is a program that is being run by a user."
  7. which init
  8. ls -l /sbin/init

3.3 Where are the Programs and Scripts?

  1. ls -l /bin /sbin /usr /usr/bin /usr/bin /usr/local/bin | wc -l

3.4 /dev

  1. ls -l /dev
  2. Major and minor numbers; ex: major 8, minor 1, block device 
    brw-rw---- 1 root disk 8, 1 Sep  6 20:09 /dev/sda1

3.5 Abstract Devices

  1. ls -l /dev/random /dev/urandom /dev/zero /dev/null
  2. Devices are also organized based on their function and usage.
  3. =ls -l /dev/fuse /dev/kmsg
  4. -ls -l /dev/loop*=
  5. ls -l /dev/block/
  6. find /dev/ -name *by*

4 Currently Running Linux

4.1 File Volumes and Swap

  1. cat /etc/fstab /etc/exports /etc/samba/smb.conf
  2. df -Th

4.2 Kernel

  1. cat /proc/cmdline
  2. modprobe(8), insmod(8), lsmod(8), modinfo(8) depmod(8, rmmod(8) Volume# 8
  3. cat /proc/meminfo

4.3 User Accounts

  1. ls -l /etc/passwd /etc/shadow /etc/group /etc/sudoers

4.4 /proc

  1. Proc is a psuedo-file system. These are not real files sitting on the HDDs. OS presents its inner settings constructed as files in this directory. There are occasional discrepancies: Even after reporting the size as 0, cat will display size able content.
  2. cat /proc/version related to uname -a
  3. cat /proc/1/cmdline
  4. ls -ld /proc/1/*
  5. cat /proc/mounts
  6. cat /proc/vmstat
  7. cat /proc/interrupts

4.5 Installed Distributions on Your HDDs

  1. /boot/grub/grub.cfg

5 Proper Config of Grub

5.2 Devious Grub

  1. Replacing Grub Files: Easy if we have "console" access.
  2. Replacing Grub Files: Easy if we have remote root access while Linux is running.

5.3 Secure Config of Grub

  1. https://help.ubuntu.com/community/Grub2/Passwords The least you want to do.
  2. We assumed that you already secured UEFI / BIOS and TPM.
  3. TPM is beyond the scope of this course. https://trustedcomputinggroup.org/resource/trusted-platform-module-tpm-summary/

6 References

  1. https://help.ubuntu.com/community/Grub2/Passwords Required Reading
  2. https://help.ubuntu.com/lts/serverguide/user-management.html.en Required Reading
  3. https://wiki.ubuntu.com/UEFI/SecureBoot Recommended Reading
  4. https://wiki.gentoo.org/wiki/Security_Handbook/Bootloader_security Recommended Reading

7 End

Copyright © 2018 www.wright.edu/~pmateti • 2018-09-07