Linux consist of three
types of users-
·
system user (id 0
to 499)
·
root user (id
= 0)
· Local users (id >499).
useradd command will add new users and at that time /etc/passwd /etc/shadow /etc/group files get updated.
The /etc/passwd file contains the user account information which have 7 values such
as user id, group id, home directory, shell etc.
AMITESHSJSK:x:1000:1000:AMITESH SHARMA:/home/AMITESHSJSK:/bin/bash
1 2 3 4 5 6 7
The first
one is the user name. Second field stands the password, x indicates encrypted
password in the /etc/shadow file. Third field is user id (UID), UID 0 is
assigned for root user and 1 to 499 is using by other predefined accounts.
Fourth field is the group id (GID) stored in /etc/group file. Fifth field is
the user ID info location where we can add users such as users full name,phone
number etc. . The sixth field is for user home directory. The last and seventh
field provides the shell path assigned for the user.
The /etc/shadow
file contains 7 values and including the actual password in encrypted format. It
stores a secured user information. Each fields are separated by (: ).
Kisna:$6$vukpeAB.$mdMBWJXASvivCK0Mv53qIzlqX3yCFpT9kNLWQ70pGdJGxJjigaNreVqEuPUIip03MJjBRBslDQYggG0ls5wIs1:19151:0:99999:7::19151:
To check whether a user account is locked, use passwd -S.
[root@amiteshjsk
usr]# passwd -S Kisna
Kisna LK 2020-07-27 0 99999 7 -1 (Password locked.)
chage -l will shows various timers
To lock user Account –
[root@amiteshjsk usr]#
usermod -L Kisna
[root@amiteshjsk usr]# passwd -S Kisna
Kisna LK 2020-07-27 0 99999 7 -1 (Password locked.)
After that Kisna user
cannot access Server.
Unlock User Account –
[root@amiteshjsk usr]#
usermod -U Kisna
[root@amiteshjsk usr]# passwd -S Kisna
Kisna PS 2020-07-27 0 99999 7 -1 (Password set, SHA512 crypt.)
Now you will get access with
same password.
- What is sticky bit and file attributes?
The sticky bit can be assigned to file or directory. If sticky bit is enabled, only the owner or root can delete or rename that file or directory.
[root@amiteshjsk /]#
mkdir backup
[root@amiteshjsk /]# ls
-ltr | grep -i backup
drwxr-xr-x. 2 root root 6 Jul 27 17:10 backup
To add sticky bit use
chmod +t
[root@amiteshjsk /]#
chmod +t backup
[root@amiteshjsk /]# ls
-ltr | grep -i backup
drwxr-xr-t. 2 root root 6 Jul 27 17:10 backup
‘t’ denotes that sticky
bits enabled.
To remove sticky bit use
chmod -t
[root@amiteshjsk /]#
chmod -t backup
[root@amiteshjsk /]# ls
-ltr | grep -i backup
drwxr-xr-x. 2 root root 6 Jul 27 17:10 backup
- Attributes-
The attributes is
nothing it is prevent anyone including root user from deleting a file. Attributes
can be set through chattr command.
[root@amiteshjsk /]#
touch backup.txt
[root@amiteshjsk /]#
chattr +i backup.txt
[root@amiteshjsk /]#
lsattr backup.txt
----i-----------
backup.txt
[root@amiteshjsk /]# ls
-ltr | grep backup.txt
-rw-r--r--. 1 root root 0 Jul 27 17:17 backup.txt
[root@amiteshjsk /]# rm
-rf backup.txt
rm: cannot remove
‘backup.txt’: Operation not permitted
[root@amiteshjsk /]#
To delete the file we have to remove the attributes using chattr -i command.
[root@amiteshjsk /]#
chattr -i backup.txt
[root@amiteshjsk /]# rm
-rf backup.txt
[root@amiteshjsk /]#
- What is ACL?
Access control list can
be set to files and directories for read, write and executable permissions to
more categories of users and groups. setfacl command can be use to assign the
acl permissions and same can view by using getfacl command.
- What is SGID and SUID?
SUID (Set owner User ID up on execution) is a special type of file
permissions given to a file. Normally in Linux/Unix when a program runs, it
inherits access permissions from the logged in user. SUID is defined as giving
temporary permissions to a user to run a program/file with the permissions of
the file owner rather that the user who runs it. In simple words users will get file owner’s permissions as
well as owner UID and GID when executing a file/program/command.
[root@amiteshjsk /]# ls
-ltr | grep backup
dr-sr-sr-x. 2 root root 6 Jul 27 17:10 backup
The first s stands for SUID and second S stands for SGID.
SUID can be used in such situations,
1) Where root login is required to execute some
commands/programs/scripts.
2) Where you don’t want to give credentials of a particular
user, but want to run some programs as the owner.
3) Where you don’t want to use SUDO command, but want to give
execute permission for a file/script etc.
To set SUID-
[root@amiteshjsk /]# chmod 2555 backup
[root@amiteshjsk /]# ls -ltr | grep backup
dr-sr-xr-x. 2 root root 6 Jul 27 17:10 backup
SGID permission is similar to the SUID permission, only difference
is – when the script or command with SGID on is run, it runs as if it were a
member of the same group in which the file is a member.
To set SGID-
[root@amiteshjsk /]#
chmod 2555 backup
[root@amiteshjsk /]# ls
-ltr | grep backup
dr-sr-sr-x. 2 root root 6 Jul 27 17:10 backup
- How we can check system performance?
a) CPU utilization – To check CPU performance
use the following commands,
1) top – It display CPU usage, Memory usage, Swap Memory,
Cache Size, Buffer Size, Process PID, User, Commands and much more.
2) vmstat – To display statistics of virtual memory, kernerl
threads, disks, system processes, I/O blocks, interrupts, CPU activity and much
more.
3) lsof – To display list of all the open files and the
processes. The open files included are disk files, network sockets, pipes,
devices and processes.
4) tcpdump – A command-line network packet analyzer or
packets sniffer program that is used capture or filter TCP/IP packets that
received or transferred on a specific interface over a network.
5) netstat – A command line tool for monitoring incoming
and outgoing network packets statistics as well as interface statistics.
6) iotop – monitor and display real time Disk I/O and
processes. This tool is much useful for finding the exact process and high used
disk read/writes of the processes.
7) iostat – This will collect and show system input and
output storage device statistics.This tool is often used to trace
storage device performance issues including devices, local disks, remote disks
such as NFS.
8) iptraf – An open source console-based real time network
(IP LAN) monitoring utility for Linux. It collects a variety of information
such as IP traffic monitor that passes over the network, including TCP flag
information, ICMP details, TCP/UDP traffic breakdowns, TCP connection
packet and byne counts. It also gathers information of general and detaled
interface statistics of TCP, UDP, IP, ICMP, non-IP, IP checksum errors,
interface activity etc.
9) sar – Sar is part of the sysstat package. Using sar
utility you can do two things: A) Monitor system real time performance (CPU,
Memory, I/O, etc) B) Collect performance data in the background on an on-going
basis and do analysis on the historical data to identify bottlenecks.
10) free – Free command displays information about the
physical (RAM) and swap memory of your system.
b) RAM usage – free , cat /proc/meminfo, top, can be used to
monitor memory usage.
c) HDD usage – iotop, iostat,
d) buggy Software – Check the software logs .
e) Network Checking
- What is Server hardening?
It is the process of enhancing server security through a variety
of means which results in a much more secure server operating environment. Eg,
System access level, files or directories permission, unwanted services
disabling, patch installation etc..
No comments:
Post a Comment