Module 10 - Security

LPI Lin

ux Cer

tifica

tion

http://

www.bkacad

.com

Module 10

Security

LPI Lin

ux Cer

tifica

tion

http://

www.bkacad

.com

Objectives

Objective 1: Perform Security Administration Tasks

LPI Lin

ux Cer

tifica

tion

http://

www.bkacad

.com

Perform Security Administration Tasks

The (In)Security of SUIDAlthough SUID is a useful option when it comes to

delegating roles to non-root usersEverything that program is able to do will be done as the

root user. Its potential security vulnerabilities:

If /bin/vi is SUID, every user who edits any file with vi will have the privileges of the root user, meaning that any user could edit any file on the system

Because of this potentially dangerous situation, a good system administrator must be aware of what programs on his system have the SUID and/or SGID bit set.

LPI Lin

ux Cer

tifica

tion

http://

www.bkacad

.com


The (In)Security of SUIDThe find command has an option to search for files

based on their permissions

Some programs (such as ping) are not required by the operating system, and it is therefore safeto remove the SUID bit from them.

LPI Lin

ux Cer

tifica

tion

http://

www.bkacad

.com


LPI Lin

ux Cer

tifica

tion

http://

www.bkacad

.com


su

LPI Lin

ux Cer

tifica

tion

http://

www.bkacad

.com


LPI Lin

ux Cer

tifica

tion

http://

www.bkacad

.com


The NOPASSWD option will allow the user adam to run the dumpe2fs command without being prompted for a password

LPI Lin

ux Cer

tifica

tion

http://

www.bkacad

.com


User IDs and PasswordsEvery user on a system is assigned a user ID (UID) that

uniquely identifies that user. Convention dictates that “system” users have UIDs

below 100The file /etc/passwd acts as the source for username-

to-UID mapping

LPI Lin

ux Cer

tifica

tion

http://

www.bkacad

.com


User IDs and Passwords

LPI Lin

ux Cer

tifica

tion

http://

www.bkacad

.com


User IDs and Passwords

LPI Lin

ux Cer

tifica

tion

http://

www.bkacad

.com


/etc/shadow

LPI Lin

ux Cer

tifica

tion

http://

www.bkacad

.com


/etc/shadow

LPI Lin

ux Cer

tifica

tion

http://

www.bkacad

.com


Chage command

LPI Lin

ux Cer

tifica

tion

http://

www.bkacad

.com


Setting Limits on UsersThe Linux kernel has the ability to control many limits on

what users can and can’t do. These limits are defined in the file /etc/security/limits.conf

and are viewed or modified interactively by the ulimit command

LPI Lin

ux Cer

tifica

tion

http://

www.bkacad

.com


Setting Limits on Users

LPI Lin

ux Cer

tifica

tion

http://

www.bkacad

.com


Setting Limits on UsersLimits are defined on Linux as being either hard or soft

limits. A hard limit is set by the superuser for a user or group of users

and cannot be exceeded. A soft limit is also set by the superuser,but it may be temporarily

overridden by a user if the need arises (by the user calling the ulimit command)


• Setting Limits on Users

LPI Lin

ux Cer

tifica

tion

http://

www.bkacad

.com


Setting Limits on Users

LPI Lin

ux Cer

tifica

tion

http://

www.bkacad

.com


Querying System Services

LPI Lin

ux Cer

tifica

tion

http://

www.bkacad

.com



LPI Lin

ux Cer

tifica

tion

http://

www.bkacad

.com



LPI Lin

ux Cer

tifica

tion

http://

www.bkacad

.com



LPI Lin

ux Cer

tifica

tion

http://

www.bkacad

.com



LPI Lin

ux Cer

tifica

tion

http://

www.bkacad

.com



LPI Lin

ux Cer

tifica

tion

http://

www.bkacad

.com



LPI Lin

ux Cer

tifica

tion

http://

www.bkacad

.com



LPI Lin

ux Cer

tifica

tion

http://

www.bkacad

.com



Date post:	12-Dec-2015
Category:	Documents
Upload:	anhduc120790
View:	228 times
Download:	6 times

Module 10 - Security

Documents