Chapter V

Security – Linux Operating System

5.1. Introduction

What is security?
Security for information technology (IT) refers to the methods, tools and personnel used to
defend an organization's digital assets. The goal of IT security is to protect these assets, devices
and services from being disrupted, stolen or exploited by unauthorized users, otherwise known
as threat actors. These threats can be external or internal and malicious or accidental in both
origin and nature.
An effective security strategy uses a range of approaches to minimize vulnerabilities and target
many types of cyberthreats. Detection, prevention and response to security threats involve the
use of security policies, software tools and IT services.
Unfortunately, technological innovation benefits both IT defenders and cybercriminals. To
protect business assets, companies must routinely review, update and improve security to stay
ahead of cyberthreats and increasingly sophisticated cybercriminals.
Linux Operating System
One of Linux's many advantages over Windows is that it is more secure--much more. In
Windows, users are generally given administrator access by default, which means they pretty
much have access to everything on the system, even its most crucial parts. So, then, do viruses.
With Linux, on the other hand, users do not usually have such "root" privileges; rather, they're
typically given lower-level accounts. What that means is that even if a Linux system is
compromised, the virus won't have the root access it would need to do damage system wide;
more likely, just the user's local files and programs would be affected.

UNIX:

Unix is a multi-user, multi-tasking operating system.

You can have many users logged into a system simultaneously, each running many
programs.
 It's the kernel's job to keep each process and user separate and to regulate access to
system hardware, including cpu, memory, disk and other I/O devices.

First Version was created in Bell Labs in 1969.

It is also called as epoch.

1973 Unix is re-written mostly in C, a new language developed by Dennis Ritchie.

1991 Linux was originated.

5.2. LINUX System and Network Concept:

5.2.1. Introduction

Linux is a free Unix-type operating system originally created by Linus Torvalds with the
assistance of developers around the world.

Developed under the GNU General Public License , the source code for Linux is freely
available to everyone.

True multi-tasking, multi-user OS.

LINUX Distributions

Mandrake

RedHat

Fedora

SuSE/Novell

Debian

Ubuntu

Ubuntu

Ubuntu is a Debian-based Linux operating system and distribution for personal computers,
smartphones and network servers. It uses Unity as its default user interface.

5.2.2. Linux system

The Linux system excel in many area, ranging from end user concerns such as stability,
speed, ease of use, to serious concerns such as development and networking.

• Linux kernel
 • Linux networking

• Linux file system

5.2.2.1. Linux Kernel

The kernel is the central nervous system of Linux, include OS code which runs the whole
computer. It provides resources to all other programs that you run under Linux, and manages all
other programs as they run.

The kernel includes the code that performs certain specialized tasks, including TCP/IP
networking.

The kernel design is modular, so that the actual OS code is very small to be able to load when
it needs, and then free the memory afterwards, thus the kernel remains small and fast and highly
extensible.

5.2.2.2. Linux Networking

Networking comes naturally to Linux. In a real sense, Linux is a product of the Internet
or World Wide Web (www).

Linux is made for networking. Probably all networking protocols in use on the Internet
are native to Unix and/or Linux.

TCP/IP model

OSI TCP/IP

Networking Protocols

The Linux kernel supports several networking protocols:

• TCP/IP - Transport Control Protocol/Internet Protocol

• IP is the primary network protocol supported by Linux

 • IPX - Internetwork Packet Exchange

• Applettalk DDP

• Amateur Radio AX.25 Level 2

TCP/UDP Overview

 TCP (Transmission Control Protocol)

o Connection-Oriented

o Reliable Protocol

 UDP (User Datagram Protocol)

o Connectionless

o Unreliable Protocol

IP Overview

 32-bit Unique IP Address

 Network Address

 Subnet Address

 Host Address

5.2.2.3. Linux File System

 Linux has an hierarchical, unified file system

 Supports 256-character filenames.

 All command line entries are case sensitive.

 Use the slash(/) rather than the backslash(\) you have been using in DOS.
 Standard Directories in Unix/Linux

/bin Essential tools and other programs (or binaries).

/dev Files representing the system's various hardware devices. For example, you use the
file `/dev/cdrom' to access the CD−ROM drive.

/etc Miscellaneous system configuration files, startup files, etc.

/home The home directories for all of the system's users.

/lib Essential system library files used by tools in `/bin'.

/proc Files that give information about current system processes.

/root The superuser's home directory, whose username is root. (In the past, the home
directory for the superuser was simply `/'; later, `/root' was adopted for this purpose to
reduce clutter in `/'.)

/sbin Essential system administrator tools, or system binaries.

/tmp Temporary files.

/usr Subdirectories with files related to user tools and applications.

Directories, Files and Inodes

Every directory and file is listed in its parent

directory.

In the case of the root directory, that parent is itself.

 A directory is a file that contains a table listing the
files contained within it, giving file names to the
inode numbers in the list.

The information about all the files and directories is

maintained in INODE TABLE

An Inode (Index Nodes) is an entry in the table

containing information about a file (metadata)
including file permissions, UID, GID, size, time
stamp, pointers to files data blocks on the disk etc.

5.2.3. Security

 Two broad categories of attack exist:

o unauthorized access

o denial of service

 Defense against the attacks:

o enforce the use of password

o use TCP wrappers to limit which resources are made available to which categories
of users.

 monitor internal users, protect your organization against unauthorized or inappropriate

use of the computer facilities to harass personnel
 Encryption commonly used to secure data. It is the ancient technique of hiding
information in plain sight.
 The ssh (Secure Shell) and its tools use strong encryption to allow remotely located
systems to exchange data securely.

5.3. Linux User administration

In UNIX/LINUX, there is a concept of user and an associated group

The system determines whether or not a user or group can access a file or program based
on the permissions assigned to them.

Apart from all the users, there is a special user called Super User or the root which has
permission to access any file and directory

5.3.1. Creating User Account

 Use useradd or adduser command to create a new user (adduser username) and groupadd
to create a new group (groupadd group-name). You will have to assign a password
(passwd login-name)

The entry is added in /etc/passwd and /etc/shadow file.

In GUI: Applications à System Settings à Users and Groups

/etc/passwd Holds user account info

Included fields are:

Login name

User Id (uid)

Group Id (gid)

General Comment about the user

Home Directory

Shell

/etc/shadow Contains the encrypted password information for users' accounts and
optionally the password aging information. Included fields are:

Login name

Encrypted password

Days since Jan 1, 1970 that password was last changed

Days before password may not be changed

Days after which password must be changed

Days before password is to expire that user is warned

Days after password expires that account is disabled

Days since Jan 1, 1970 that account is disabled

5.3.2. Deletion of User

Remove login id from /etc/passwd & /etc/shadow file and delete home directory

deluser <username>
 Use GUI to Delete the user

5.3.3. Access permission

There are three permissions for any file, directory or application program.

The following lists the symbols used to denote each, along with a brief description:

r — Indicates that a given category of user can read a file.

w — Indicates that a given category of user can write to a file.

x — Indicates that a given category of user can execute the file.

Each of the three permissions are assigned to three defined categories of users.

The categories are:

owner — The owner of the file or application.

group — The group that owns the file or application.

others — All users with access to the system.

One can easily view the permissions for a file by invoking a long format listing using the
command ls -l.

For instance, if the user juan creates an executable file named test, the output of the
command ls -l test would look like this:

-rwxrwxr-x 1 juan student 0 Sep 26 12:25 test

The permissions for this file are listed are listed at the start of the line, starting with rwx.

This first set of symbols define owner access.

The next set of rwx symbols define group access

The last set of symbols defining access permitted for all other users.

5.3.4. Changing Ownership

The ownership of the file or directory can be changed using the command

chown <owner> <file/directory name>

The group of the file or directory can be changed using the command

chgrp <group> <file/directory name>

 The permissions of the file can be changed using chmod command

chmod -R ### <filename or directory>

-R is optional and when used with directories will traverse all the sub-directories of the
target directory changing ALL the permissions to ###.

The #'s can be:

0 = Nothing 1 = Execute 2 = Write 3 = Execute & Write (2 + 1)

4 = Read 5 = Execute & Read (4 + 1) 6 = Read & Write (4 + 2)
7 = Execute & Read & Write (4 + 2 + 1)

5.4. Linux Resource monitoring and management

5.4.1. Viewing System Status in /proc

• The /proc file system is a specialized file system that lets you view and control system
resources such as processes, memory, and kernel networking parameters

• When you query a filename in /proc, the Linux kernel responds with live information
about the status of a process, memory, or other resource

5.4.2. Viewing Device Information

5.4.3. Viewing Process Information

• The /proc file system contains detailed information about each process running on Linux
 • Before you can access information in /proc regarding a specific process, you need to find
the process’s PID number

• To find the PID for a running process, use the ps command

5.4.3.1. Managing Processes

• To manage your system effectively, you will often need to display detailed information
about specific processes

• The ps command has many options to select processes to be included in the command
output

• You can select what information is displayed about each process

5.4.3.2. Changing Process Priorities

• Each process in Linux is assigned a priority, called a nice level

• The root user can change the priority of any process; other users can raise the nice level
of processes they have started

• The nice and renice commands set a process’s nice level; other command-line and
graphical programs also let you change a process’s nice level
5.4.4. Viewing Processor Usage with top

• The top command lists processes according to how much CPU time they are using

• The output of top is updated every few seconds

• The top command can also be used to control processes by sending them signals

5.4.5. Managing Memory

• The Gnome System Monitor provides memory management features

• You can manage physical memory (RAM) and virtual memory

• The Linux kernel and Linux programs can only interact with information stored in RAM

• The free command displays information about RAM and virtual memory usage

• All the information displayed by free is in kilobytes

• A buffer is memory used by an application for data storage

5.4.5.1. Viewing Virtual Memory Information

• You can use the vmstat command to view detailed information about how swap space is
used

• When vmstat is run as a regular command, its output is based on information averaged
over time since the system was booted.

5.4.6. Managing System Logs

• Log files record the activities of Linux programs

 • The main system log used by the kernel and many daemons is /var/log/messages

• A message is a description of what is happening within a program

• Any program running on Linux can call the shared programming function syslog and
pass it a message

• syslogd watches for messages submitted by programs

• The klogd daemon (kernel logging daemon) watches for messages submitted by the
Linux kernel

• Both syslogd and klogd rely on a single configuration file: /etc/syslog.conf

• Each line in syslog.conf defines a set of messages and what action to take with those
messages

5.5. Linux Service/Server Administration

5.5.1. Services

There are 113 daemons, Out of them; the following are most widely used:

apmd : Power Management

autofs : Automount services

crond : Periodic Command Scheduler

cups : Common Unix Printing System

dhcpd : The DHCP server

dovecot : IMAP (Internet Message Access Protocol) and POP3 (Post Office Protocol)
server

gpm : Mouse

httpd : Apache Web server

 iptables : Kernel based Packet Filtering firewall

kudzu: Finds new Hardware

mysqld : MySQL server

named : BIND server

network : Networking

nfs : Network File Share

nfslock : NFS file locking

ntpd : NTP (Network Time Protocol) server

portmap : RPC (Remote Procedure Call) support

postgresql : The Postgresql Database Engine

sendmail : Sendmail Mail Server

smb : Samba Network Services

snmpd : Simple Network Management Protocol

squid : Squid Proxy Server

sshd : Open SSH and SFTP server

syslog : System Logging

xinetd : Provides support for telnet, ftp, talk, tftp etc.

ypbind : NIS Server

 Usage

service <service name> start/stop/restart

to start, stop or restart a service from command line

5.5.2. Mail Server

A mail server (sometimes also referred to an e-mail server) is a server that handles and delivers
e-mail over a network, usually over the Internet. A mail server can receive e-mails from client
computers and deliver them to other mail servers.
Types of Mail Servers

Mail servers can be broken down into two main categories: outgoing mail servers and incoming
mail servers. Outgoing mail servers are known as SMTP, or Simple Mail Transfer Protocol,
servers. Incoming mail servers come in two main varieties. POP3, or Post Office Protocol,
version 3, servers are best known for storing sent and received messages on PCs' local hard
drives. IMAP, or Internet Message Access Protocol, servers always store copies of messages on
servers. Most POP3 servers can store messages on servers, too, which is a lot more convenient.

The Process of Sending an Email

The basic steps of this process are outlined below.

Step #1: After composing a message and hitting send, your email client - whether it's Outlook
Express or Gmail - connects to your domain's SMTP server.

Step #2: Your email client communicates with the SMTP server, giving it your email address,
the recipient's email address, the message body and any attachments.

Step #3: The SMTP server processes the recipient's email address - especially its domain. If the
domain name is the same as the sender's, the message is routed directly over to the domain's
POP3 or IMAP server.

Step #4: In order to find the recipient's server, the sender's SMTP server has to communicate
with the DNS, or Domain Name Server. The DNS takes the recipient's email domain name and
translates it into an IP address.

Step #5: Now that the SMTP server has the recipient's IP address, it can connect to its SMTP
server.

Step #6: The recipient's SMTP server scans the incoming message. If it recognizes the domain
and the user name, it forwards the message along to the domain's POP3 or IMAP server. From
there, it is placed in a sendmail queue until the recipient's email client allows it to be
downloaded. At that point, the message can be read by the recipient.

5.5.3. Samba Server

If you want to share files between your Ubuntu and Windows computers, your best option is to
use Samba file sharing. One of the most common ways to network Ubuntu and Windows
computers is to configure Samba as a File Server. The server will be configured to share files
with any client on the network without prompting for a password.

Installation

The first step is to install the samba package. From a terminal prompt enter:
sudo apt-get install samba smbfs

Configuration

Run the following command to open the configuration file, substituting your editor of choice:

sudo gedit /etc/samba/smb.conf

Find this section in the file:

####### Authentication #######

# “security = user” is always a good idea. This will require a Unix account
# in this server for every user accessing the server. See
# /usr/share/doc/samba-doc/htmldocs/Samba-HOWTO-Collection/ServerType.html
# in the samba-doc package for details.
; security = user

Uncomment the security line

Create a new section at the bottom of the file, or uncomment one of the examples, for the
directory to be shared:

[share]
comment = Ubuntu File Server Share
path = /srv/samba/share
browsable = yes
guest ok = yes
read only = no
create mask = 0755

a. comment: a short description of the share. Adjust to fit your needs.

b. path: the path to the directory to share.

This example uses /srv/samba/sharename because, according to the Filesystem

Hierarchy Standard (FHS), /srv is where site-specific data should be served.
Technically Samba shares can be placed anywhere on the filesystem as long as
the permissions are correct, but adhering to standards is recommended.

c. browsable: enables Windows clients to browse the shared directory using

Windows Explorer.
d. guest ok: allows clients to connect to the share without supplying a password.
e. read only: determines if the share is read only or if write privileges are granted.
Write privileges are allowed only when the value is no, as is seen in this example.
If the value is yes, then access to the share is read only.
f. create mask: determines the permissions new files will have when created.

Changing permissions
Now that Samba is configured, the directory needs to be created and the permissions changed.
From a terminal enter:

sudo mkdir -p /srv/samba/share

sudo chown nobody:nogroup /srv/samba/share/

Enabling New Configuration

Finally, restart the samba services to enable the new configuration:

3. sudo restart smbd

4. sudo restart nmbd

From a Windows client you should now be able to browse to the Ubuntu file server and see the
shared directory. If your client doesn't show your share automatically, try to access your server
by its IP address, e.g. \\192.168.1.1, in a Windows Explorer window.