LPI Lin
ux Cer
tifica
tion
http://
www.bkacad
.com
Module 10
Security
LPI Lin
ux Cer
tifica
tion
http://
www.bkacad
.com
Objectives
Objective 1: Perform Security Administration Tasks
LPI Lin
ux Cer
tifica
tion
http://
www.bkacad
.com
Perform Security Administration Tasks
The (In)Security of SUIDAlthough SUID is a useful option when it comes to
delegating roles to non-root usersEverything that program is able to do will be done as the
root user. Its potential security vulnerabilities:
If /bin/vi is SUID, every user who edits any file with vi will have the privileges of the root user, meaning that any user could edit any file on the system
Because of this potentially dangerous situation, a good system administrator must be aware of what programs on his system have the SUID and/or SGID bit set.
LPI Lin
ux Cer
tifica
tion
http://
www.bkacad
.com
Perform Security Administration Tasks
The (In)Security of SUIDThe find command has an option to search for files
based on their permissions
Some programs (such as ping) are not required by the operating system, and it is therefore safeto remove the SUID bit from them.
LPI Lin
ux Cer
tifica
tion
http://
www.bkacad
.com
Perform Security Administration Tasks
LPI Lin
ux Cer
tifica
tion
http://
www.bkacad
.com
Perform Security Administration Tasks
su
LPI Lin
ux Cer
tifica
tion
http://
www.bkacad
.com
Perform Security Administration Tasks
LPI Lin
ux Cer
tifica
tion
http://
www.bkacad
.com
Perform Security Administration Tasks
The NOPASSWD option will allow the user adam to run the dumpe2fs command without being prompted for a password
LPI Lin
ux Cer
tifica
tion
http://
www.bkacad
.com
Perform Security Administration Tasks
User IDs and PasswordsEvery user on a system is assigned a user ID (UID) that
uniquely identifies that user. Convention dictates that “system” users have UIDs
below 100The file /etc/passwd acts as the source for username-
to-UID mapping
LPI Lin
ux Cer
tifica
tion
http://
www.bkacad
.com
Perform Security Administration Tasks
User IDs and Passwords
LPI Lin
ux Cer
tifica
tion
http://
www.bkacad
.com
Perform Security Administration Tasks
User IDs and Passwords
LPI Lin
ux Cer
tifica
tion
http://
www.bkacad
.com
Perform Security Administration Tasks
/etc/shadow
LPI Lin
ux Cer
tifica
tion
http://
www.bkacad
.com
Perform Security Administration Tasks
/etc/shadow
LPI Lin
ux Cer
tifica
tion
http://
www.bkacad
.com
Perform Security Administration Tasks
Chage command
LPI Lin
ux Cer
tifica
tion
http://
www.bkacad
.com
Perform Security Administration Tasks
Setting Limits on UsersThe Linux kernel has the ability to control many limits on
what users can and can’t do. These limits are defined in the file /etc/security/limits.conf
and are viewed or modified interactively by the ulimit command
LPI Lin
ux Cer
tifica
tion
http://
www.bkacad
.com
Perform Security Administration Tasks
Setting Limits on Users
LPI Lin
ux Cer
tifica
tion
http://
www.bkacad
.com
Perform Security Administration Tasks
Setting Limits on UsersLimits are defined on Linux as being either hard or soft
limits. A hard limit is set by the superuser for a user or group of users
and cannot be exceeded. A soft limit is also set by the superuser,but it may be temporarily
overridden by a user if the need arises (by the user calling the ulimit command)
Perform Security Administration Tasks
• Setting Limits on Users
LPI Lin
ux Cer
tifica
tion
http://
www.bkacad
.com
Perform Security Administration Tasks
Setting Limits on Users
LPI Lin
ux Cer
tifica
tion
http://
www.bkacad
.com
Perform Security Administration Tasks
Querying System Services
LPI Lin
ux Cer
tifica
tion
http://
www.bkacad
.com
Perform Security Administration Tasks
Querying System Services
LPI Lin
ux Cer
tifica
tion
http://
www.bkacad
.com
Perform Security Administration Tasks
Querying System Services
LPI Lin
ux Cer
tifica
tion
http://
www.bkacad
.com
Perform Security Administration Tasks
Querying System Services
LPI Lin
ux Cer
tifica
tion
http://
www.bkacad
.com
Perform Security Administration Tasks
Querying System Services
LPI Lin
ux Cer
tifica
tion
http://
www.bkacad
.com
Perform Security Administration Tasks
Querying System Services
LPI Lin
ux Cer
tifica
tion
http://
www.bkacad
.com
Perform Security Administration Tasks
Querying System Services
LPI Lin
ux Cer
tifica
tion
http://
www.bkacad
.com
Perform Security Administration Tasks
Querying System Services
LPI Lin
ux Cer
tifica
tion
http://
www.bkacad
.com
Perform Security Administration Tasks
Querying System Services