Linux System Administation #1

These are items that you, as security student, must know at a bare minimum. Read the man page on the commands, before trying them out. Most of them need to be run as root. You can use the sudo prefix, or set aside a root-dedicated terminal, with a distinctly different appearance, where you have logged in as root.

Students should be able to

1. Define Terminology: Commands are programs or script; read up on man file.
2. Install any missing command.
3. Effectively use all the commands named below.
4. What devious things can be accomplished by attackers.

1. Commands that report on what your machine has. Should remain unchanged unless you added/removed hardware items.
2. blkid
3. lshw
4. lsusb
5. dmidecode
6. Linux-hardware-identification-tools now-with-more-GUI But, in this course, we much prefer command line usage, not GUI.

1. Commands that report on what is installed, currently in use or not. Should remain unchanged unless you updated the installation.
2. cat /etc/issue
3. find /etc -name mod
4. ls -alR /boot
5. more /boot/config-*
6. more /boot/abi-* " Linux kernel and GNU C Library define the Linux API. After compilation, the binaries offer an ABI; keeping this ABI stable over a long time is important for ISVs. In computer software, an application binary interface (ABI) is an interface between two binary program modules; often, one of these modules is a library or operating system facility, and the other is a program that is being run by a user."
7. which init
8. ls -l /sbin/init

1. ls -l /bin /sbin /usr /usr/bin /usr/bin /usr/local/bin | wc -l
2. General Security Principle: Keep the foot print to a minimum.

1. ls -l /dev
2. Major and minor numbers

1. ls -l /dev/random /dev/urandom /dev/zero /dev/null
2. ls -l /dev/fuse /dev/kmsg /dev/mem /dev/core
3. Devices are also organized based on their function and usage.
   1. ls -l /dev/loop*
   2. ls -l /dev/block/
   3. find /dev/ -name *by*

1. cat /etc/fstab /etc/exports /etc/samba/smb.conf
2. df -Th

1. cat /proc/cmdline
2. modprobe(8), insmod(8), lsmod(8), modinfo(8) depmod(8, rmmod(8) Volume# 8
3. cat /proc/meminfo

1. ls -l /etc/passwd /etc/shadow /etc/group /etc/sudoers

1. Proc is a psuedo-file system. These are not real files sitting on the HDDs. OS presents its inner settings constructed as files in this directory. There are occasional discrepancies: Even after reporting the size as 0, cat will display size able content.
2. cat /proc/version related to uname -a
3. cat /proc/1/cmdline
4. ls -ld /proc/1/*
5. cat /proc/mounts
6. cat /proc/vmstat
7. cat /proc/interrupts

1. /boot/grub/grub.cfg

1. https://opensource.com/article/17/3/introduction-grub2-configuration-linux 2017
2. http://tldp.org/HOWTO/Remote-Serial-Console-HOWTO/configure-boot-loader-grub.html 2003

1. Replacing Grub Files: Easy if we have "console" access.
2. Replacing Grub Files: Easy if we have remote root access while Linux is running.

1. https://help.ubuntu.com/community/Grub2/Passwords The least you want to do.
2. We assumed that you already secured UEFI / BIOS and TPM.
3. TPM is beyond the scope of this course. https://trustedcomputinggroup.org/

1. https://help.ubuntu.com/community/Grub2/Passwords Required Reading
2. https://help.ubuntu.com/lts/serverguide/user-management.html.en Required Reading
3. https://www.tldp.org/LDP/Linux-Filesystem-Hierarchy/html/proc.html Recommended Reading