SlideShare ist ein Scribd-Unternehmen logo

Linux security

Als PPTX, PDF herunterladen
T
trilokchandra prakash

In this PPT we are discussing about the Linux security and in that we have Linux server ,operating system , selinux, users and groups

Bildung
1 von 19
LINUX SECURITY
What is Linux ?  Linux is a free open source operating system (OS) based on UNIX that was created in 1991 by Linus Torvalds. Users can modify and create variations of the source code, known as distributions, for computers and other devices. The most common use is as a server, but Linux is also used in desktop computers, smartphones, e-book readers and gaming consoles etc.  It is also used by Hackers  Linux Types : o Ubuntu o Redhat o Suse o Debian o Centos o Oracle
Hardening  Hardening refers to providing various means of protection in a computer system. Protection is provided in various layers and is often referred to as defense in depth. Protecting in layers means to protect at the host level, the application level, the operating system level, the user level, the physical level and all the sublevels in between. Each level requires a unique method of security.  A hardened computer system is a more secure computer system.  Hardening is also known as system hardening.  Guides :  Guides : CIS Benchmark  Tools : Scap , Lynis
What if we don’t Hardening ?
Users and Groups  Users and Groups are used to control access to files and resources . Different permissions are also applied depending on users and groups. Users:  Every user of the system is assigned a unique user id known as UID.  Users names and UID’S are stored in this location -/etc/passwd. Users can’t read ,write or executable each other’s file without permissions. Groups:  Users are assigned to groups with unique group id numbers known as the gid.  Each user is given their own group . gids are stored in this location - /etc/group.
File Security File Permissions:  Every file and directory in your UNIX/Linux system has following 3 permissions defined for all the 3 owners discussed above.  Read (r): This permission give you the authority to open and read a file. Read permission on a directory gives you the ability to lists its content.  Write (w): The write permission gives you the authority to modify the contents of a file. The write permission on a directory gives you the authority to add, remove and rename files stored in the directory. Consider a scenario where you have to write permission on file but do not have write permission on the directory where the file is stored. You will be able to modify the file contents. But you will not be able to rename, move or remove the file from the directory.
 Execute (x): In Windows, an executable program usually has an extension ".exe" and which you can easily run. In Unix/Linux, you cannot run a program unless the execute permission is set. If the execute permission is not set, you might still be able to see/modify the program code(provided read & write permissions are set), but not run it. Special Permissions:  In this we have four cases. They are : 1) SUID (Set – user Identification) for an execution. 2) SGID (set group ID) for an execution. 3) SGID (set group ID) for an Directory. 4) Sticky bit for a directory LINK: https://thegeeksalive.com/linux-special-permissions/ INODES :  An inode is a data structure on a traditional Unix-style file system such as UFS or ext3. An inode stores basic information about a regular file, directory, or other file system object.  https://www.cyberciti.biz/tips/understanding-unixlinux-filesystem-inodes.html
Linux Server Hardening Steps : • Boot Security • Patching Linux Kernel • Remove Unused Software • Strong Password Policy • Securing Root Login • Process Security
1.Boot Security :  Boot loader is useful in preventing unauthorized users who have physical access to systems from booting using removable media like USB .  LILO and GRUB are two boot security loaders for linux workstations.  GRUB VS LILO GRUB LILO GRUB stands for Grand Unified Boot Loader LILO stands for Linux Loader It support for unlimited boot entries LILO only support up to 16 different boot selection GRUB boot from network LILO does not boot from network There is no need to change GRUB if configure file changed . GRUB is dynamically configure There is need to change LILO if configure file changed . LILO is not dynamically configure GRUB has interactive command interface LILO does not have interactive command interface GRUB has knowledge of file system LILO does not have any knowledge of file system
 LILO Configure File :  Boot =/dev/had  Map =/boot/map  Install =/boot/boot.b  Prompt  Timeout = 100  Compact  Default = Linux  Image = /boot/vmlinuz-2.4.18-14  Label =Linux  Root = /dev/hdb3  Read-only  Password=linux  Other=/dev/had  Label=windowsXP
 GRUB Configure File :  Default=0  Timeout=10  Splashimage=(hd1,2)/grub/splash.xp.gz  Password –md5 $1$0pevt0$y.br.18LYAasRsGdSKLY1p1  Title Red Hat Linux  Password –md5 $1$0pevt0$y.br.18LYAasRsGdSKLY1p1  Root (hd1,2)  Kernal /vmlinuz-2.4.18-14 ro root == LABEL =/initrd /initrd-2.4.18-14.img  Savedefault  boot
2.Patching Linux Kernel: What is a patch?  A patch is a small text document containing a delta of changes between two different versions of a source tree. Patches are created with the diff program.  To correctly apply a patch you need to know what base it was generated from and what new version the patch will change the source tree into. These should both be present in the patch file metadata or be possible to deduce from the filename. Patching Linux includes :  Getting new kernel modules  Editing LILO.conf  Restarting LILO  Write new MBR Kpatch – Dynamic Kernel Patching :  Kpatch is a feature of the linux kernel that allows live patching of a running kernel which allows kernel  Patches to be applied to the kernel for security even through the kernel is still running
3.Remove Unused Software:  Commands:  For Red Hat/ RHEL/ Fedora / Centos : $ yum list installed $ yum list packageName $ yum remove PackageName  Debian/Ubuntu Linux : $ dpkg –l $ dpkg --info packageName $ apt-get remove packageName
4.Strong Password Policy : 1) Configuration of shadow password:  Command: Nano /etc/login.defs  Configuration Parameters: PASS_MAX_DAYS=30 PASS_WARN_AGE=20 ENCRYPT_METHOD SHA512 LOGIN_RETRIES =5 2) Password Files in Linux: /etc/Passwd /etc/shadow It has one way encrypted passwords are stored in a text file. Shadow utils is a package in linux that’s installed by default in most of the distributions. This file is readable by any user in the system. This directory is only accessible to root.
5.Process Security :  It is a mix of administrative, engineering and behavioral activities focused on preventing undesired accidents and unexpected events that may have a negative impact to a given process.  We have some components:  Exec thread  PID  Memory Context  Environment  Priority  Security Credentials  File descriptor
6.Securing Root Login:  Disabling Root access via any console device (tty).  edit the securetty file vim/etc/securetty and comment out the following lines: tty1 #tty2 It means root is allowed to login at tty1. tty2 is disabled.
Operating System  Patching and Software Updates: periodically patches are released for included software either due to security flaws or to include additional functionality.  File System Configuration:  Create Separate Partition for /tmp: grep “[[:Space:]]/tmp[[:space:]]” /etc/fstab  Create Separate Partition for /var: grep “[[:Space:]]/var[[:space:]]” /etc/fstab  Secure Boot Settings :  Set permissions on boot loader config: chmod og-rwx/boot/grub/grub.cfg  Set Boot Loader Password : grub-mkpasswd-pbkdf2  Os Services:  Ensure rsh server is not enabled  Ensure telnet server is not enabled
SELinux  Security-Enhanced Linux (SELinux) is a security architecture for Linux systems that allows administrators to have more control over who can access the system. It was originally developed by the United States National Security Agency (NSA) as a series of patches to the Linux kernel using Linux Security Modules (LSM). In SELinux has MAC and DAC SELinux Configuration files :  Getenforce  Sestatus  Setenforce DAC MAC User has complete control overall programs it owns and execute. Administrators manages the access controls unlike the users in DAC Administrators have no way to control users. Administrators define the access policy
Linux security

Empfohlen

OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)TzahiArabov
 
Linux.ppt
Linux.ppt Linux.ppt
Linux.ppt onu9
 
Basic Linux Security
Basic Linux SecurityBasic Linux Security
Basic Linux Securitypankaj009
 
Linux security introduction
Linux security introduction Linux security introduction
Linux security introduction Mohamed Gad
 
Install and configure linux
Install and configure linuxInstall and configure linux
Install and configure linuxVicent Selfa
 
Security and Linux Security
Security and Linux SecuritySecurity and Linux Security
Security and Linux SecurityRizky Ariestiyansyah
 
Linux User Management
Linux User ManagementLinux User Management
Linux User ManagementGaurav Mishra
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniquesIGZ Software house
 

Empfohlen

OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)TzahiArabov
 
Linux.ppt
Linux.ppt Linux.ppt
Linux.ppt onu9
 
Basic Linux Security
Basic Linux SecurityBasic Linux Security
Basic Linux Securitypankaj009
 
Linux security introduction
Linux security introduction Linux security introduction
Linux security introduction Mohamed Gad
 
Install and configure linux
Install and configure linuxInstall and configure linux
Install and configure linuxVicent Selfa
 
Security and Linux Security
Security and Linux SecuritySecurity and Linux Security
Security and Linux SecurityRizky Ariestiyansyah
 
Linux User Management
Linux User ManagementLinux User Management
Linux User ManagementGaurav Mishra
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniquesIGZ Software house
 
Linux file system
Linux file systemLinux file system
Linux file systemMd. Tanvir Hossain
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewMichael Furman
 
Active directory
Active directory Active directory
Active directory deshvikas
 
Filepermissions in linux
Filepermissions in linuxFilepermissions in linux
Filepermissions in linuxSubashini Pandiarajan
 
8. Software Development Security
8. Software Development Security8. Software Development Security
8. Software Development SecuritySam Bowne
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Amit Tyagi
 
Shell scripting
Shell scriptingShell scripting
Shell scriptingManav Prasad
 
Introduction to Network and System Administration
Introduction to Network and System AdministrationIntroduction to Network and System Administration
Introduction to Network and System AdministrationDuressa Teshome
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Introduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesIntroduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesMaxime ALAY-EDDINE
 
Types of attacks
Types of attacksTypes of attacks
Types of attacksVivek Gandhi
 
Bash shell scripting
Bash shell scriptingBash shell scripting
Bash shell scriptingVIKAS TIWARI
 
Secure Code Review 101
Secure Code Review 101Secure Code Review 101
Secure Code Review 101Narudom Roongsiriwong, CISSP
 
Presentation on samba server
Presentation on samba serverPresentation on samba server
Presentation on samba serverVeeral Bhateja
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Access Controls
Access ControlsAccess Controls
Access Controlsprimeteacher32
 
Disk and File System Management in Linux
Disk and File System Management in LinuxDisk and File System Management in Linux
Disk and File System Management in LinuxHenry Osborne
 
Systems Administration
Systems AdministrationSystems Administration
Systems AdministrationMark John Lado, MIT
 
Shell programming
Shell programmingShell programming
Shell programmingMoayad Moawiah
 
Linux Operating System
Linux Operating SystemLinux Operating System
Linux Operating SystemKunalKewat1
 
Ch1 linux basics
Ch1 linux basicsCh1 linux basics
Ch1 linux basicschandranath06
 

Weitere ähnliche Inhalte

Was ist angesagt?

OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewMichael Furman
 
Active directory
Active directory Active directory
Active directory deshvikas
 
8. Software Development Security
8. Software Development Security8. Software Development Security
8. Software Development SecuritySam Bowne
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Amit Tyagi
 
Introduction to Network and System Administration
Introduction to Network and System AdministrationIntroduction to Network and System Administration
Introduction to Network and System AdministrationDuressa Teshome
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Introduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesIntroduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesMaxime ALAY-EDDINE
 
Bash shell scripting
Bash shell scriptingBash shell scripting
Bash shell scriptingVIKAS TIWARI
 
Presentation on samba server
Presentation on samba serverPresentation on samba server
Presentation on samba serverVeeral Bhateja
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Disk and File System Management in Linux
Disk and File System Management in LinuxDisk and File System Management in Linux
Disk and File System Management in LinuxHenry Osborne
 

Was ist angesagt? (20)

Linux file system
Linux file systemLinux file system
Linux file system
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's New
 
Active directory
Active directory Active directory
Active directory
 
Filepermissions in linux
Filepermissions in linuxFilepermissions in linux
Filepermissions in linux
 
8. Software Development Security
8. Software Development Security8. Software Development Security
8. Software Development Security
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)
 
Shell scripting
Shell scriptingShell scripting
Shell scripting
 
Introduction to Network and System Administration
Introduction to Network and System AdministrationIntroduction to Network and System Administration
Introduction to Network and System Administration
 
Cia security model
Cia security modelCia security model
Cia security model
 
Introduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesIntroduction to Software Security and Best Practices
Introduction to Software Security and Best Practices
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
 
Bash shell scripting
Bash shell scriptingBash shell scripting
Bash shell scripting
 
Secure Code Review 101
Secure Code Review 101Secure Code Review 101
Secure Code Review 101
 
Presentation on samba server
Presentation on samba serverPresentation on samba server
Presentation on samba server
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 
Access Controls
Access ControlsAccess Controls
Access Controls
 
Disk and File System Management in Linux
Disk and File System Management in LinuxDisk and File System Management in Linux
Disk and File System Management in Linux
 
Systems Administration
Systems AdministrationSystems Administration
Systems Administration
 
Shell programming
Shell programmingShell programming
Shell programming
 

Ähnlich wie Linux security

Linux Operating System
Linux Operating SystemLinux Operating System
Linux Operating SystemKunalKewat1
 
Unix Operating System
Unix Operating SystemUnix Operating System
Unix Operating Systemsubhsikha
 
Linux Basics Knowlage sharing.pptx
Linux Basics Knowlage sharing.pptxLinux Basics Knowlage sharing.pptx
Linux Basics Knowlage sharing.pptxbemnitekalegn
 
Poking The Filesystem For Fun And Profit
Poking The Filesystem For Fun And ProfitPoking The Filesystem For Fun And Profit
Poking The Filesystem For Fun And Profitssusera432ea1
 
Unix Security
Unix SecurityUnix Security
Unix Securityreplay21
 
linux system and network administrations
linux system and network administrationslinux system and network administrations
linux system and network administrationshaile468688
 
Basics of Linux Commands, Git and Github
Basics of Linux Commands, Git and GithubBasics of Linux Commands, Git and Github
Basics of Linux Commands, Git and GithubDevang Garach
 
Introduction to Operating Systems.pptx
Introduction to Operating Systems.pptxIntroduction to Operating Systems.pptx
Introduction to Operating Systems.pptxMohamedSaied877003
 

Ähnlich wie Linux security (20)

Linux Operating System
Linux Operating SystemLinux Operating System
Linux Operating System
 
Ch1 linux basics
Ch1 linux basicsCh1 linux basics
Ch1 linux basics
 
Linux basics
Linux basics Linux basics
Linux basics
 
Host security
Host securityHost security
Host security
 
Host security
Host securityHost security
Host security
 
Introduction to Unix
Introduction to UnixIntroduction to Unix
Introduction to Unix
 
Linux basics
Linux basics Linux basics
Linux basics
 
Unix Operating System
Unix Operating SystemUnix Operating System
Unix Operating System
 
3CS LSP UNIT 1-1.pdf
3CS LSP UNIT 1-1.pdf3CS LSP UNIT 1-1.pdf
3CS LSP UNIT 1-1.pdf
 
Linux Basics Knowlage sharing.pptx
Linux Basics Knowlage sharing.pptxLinux Basics Knowlage sharing.pptx
Linux Basics Knowlage sharing.pptx
 
Poking The Filesystem For Fun And Profit
Poking The Filesystem For Fun And ProfitPoking The Filesystem For Fun And Profit
Poking The Filesystem For Fun And Profit
 
Presentation on linux
Presentation on linuxPresentation on linux
Presentation on linux
 
Unix Security
Unix SecurityUnix Security
Unix Security
 
13.pptx
13.pptx13.pptx
13.pptx
 
linux system and network administrations
linux system and network administrationslinux system and network administrations
linux system and network administrations
 
prateekporwal
prateekporwalprateekporwal
prateekporwal
 
Linux
LinuxLinux
Linux
 
Basics of Linux Commands, Git and Github
Basics of Linux Commands, Git and GithubBasics of Linux Commands, Git and Github
Basics of Linux Commands, Git and Github
 
Introduction to Operating Systems.pptx
Introduction to Operating Systems.pptxIntroduction to Operating Systems.pptx
Introduction to Operating Systems.pptx
 
Linux Security
Linux SecurityLinux Security
Linux Security
 

Kürzlich hochgeladen

Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...PsychoTech Services
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajanpragatimahajan3
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Disha Kariya
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024Janet Corral
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingTeacherCyreneCayanan
 

Kürzlich hochgeladen (20)

Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
 

Linux security

  • 2. What is Linux ?  Linux is a free open source operating system (OS) based on UNIX that was created in 1991 by Linus Torvalds. Users can modify and create variations of the source code, known as distributions, for computers and other devices. The most common use is as a server, but Linux is also used in desktop computers, smartphones, e-book readers and gaming consoles etc.  It is also used by Hackers  Linux Types : o Ubuntu o Redhat o Suse o Debian o Centos o Oracle
  • 3. Hardening  Hardening refers to providing various means of protection in a computer system. Protection is provided in various layers and is often referred to as defense in depth. Protecting in layers means to protect at the host level, the application level, the operating system level, the user level, the physical level and all the sublevels in between. Each level requires a unique method of security.  A hardened computer system is a more secure computer system.  Hardening is also known as system hardening.  Guides :  Guides : CIS Benchmark  Tools : Scap , Lynis
  • 4. What if we don’t Hardening ?
  • 5. Users and Groups  Users and Groups are used to control access to files and resources . Different permissions are also applied depending on users and groups. Users:  Every user of the system is assigned a unique user id known as UID.  Users names and UID’S are stored in this location -/etc/passwd. Users can’t read ,write or executable each other’s file without permissions. Groups:  Users are assigned to groups with unique group id numbers known as the gid.  Each user is given their own group . gids are stored in this location - /etc/group.
  • 6. File Security File Permissions:  Every file and directory in your UNIX/Linux system has following 3 permissions defined for all the 3 owners discussed above.  Read (r): This permission give you the authority to open and read a file. Read permission on a directory gives you the ability to lists its content.  Write (w): The write permission gives you the authority to modify the contents of a file. The write permission on a directory gives you the authority to add, remove and rename files stored in the directory. Consider a scenario where you have to write permission on file but do not have write permission on the directory where the file is stored. You will be able to modify the file contents. But you will not be able to rename, move or remove the file from the directory.
  • 7.  Execute (x): In Windows, an executable program usually has an extension ".exe" and which you can easily run. In Unix/Linux, you cannot run a program unless the execute permission is set. If the execute permission is not set, you might still be able to see/modify the program code(provided read & write permissions are set), but not run it. Special Permissions:  In this we have four cases. They are : 1) SUID (Set – user Identification) for an execution. 2) SGID (set group ID) for an execution. 3) SGID (set group ID) for an Directory. 4) Sticky bit for a directory LINK: https://thegeeksalive.com/linux-special-permissions/ INODES :  An inode is a data structure on a traditional Unix-style file system such as UFS or ext3. An inode stores basic information about a regular file, directory, or other file system object.  https://www.cyberciti.biz/tips/understanding-unixlinux-filesystem-inodes.html
  • 8. Linux Server Hardening Steps : • Boot Security • Patching Linux Kernel • Remove Unused Software • Strong Password Policy • Securing Root Login • Process Security
  • 9. 1.Boot Security :  Boot loader is useful in preventing unauthorized users who have physical access to systems from booting using removable media like USB .  LILO and GRUB are two boot security loaders for linux workstations.  GRUB VS LILO GRUB LILO GRUB stands for Grand Unified Boot Loader LILO stands for Linux Loader It support for unlimited boot entries LILO only support up to 16 different boot selection GRUB boot from network LILO does not boot from network There is no need to change GRUB if configure file changed . GRUB is dynamically configure There is need to change LILO if configure file changed . LILO is not dynamically configure GRUB has interactive command interface LILO does not have interactive command interface GRUB has knowledge of file system LILO does not have any knowledge of file system
  • 10.  LILO Configure File :  Boot =/dev/had  Map =/boot/map  Install =/boot/boot.b  Prompt  Timeout = 100  Compact  Default = Linux  Image = /boot/vmlinuz-2.4.18-14  Label =Linux  Root = /dev/hdb3  Read-only  Password=linux  Other=/dev/had  Label=windowsXP
  • 11.  GRUB Configure File :  Default=0  Timeout=10  Splashimage=(hd1,2)/grub/splash.xp.gz  Password –md5 $1$0pevt0$y.br.18LYAasRsGdSKLY1p1  Title Red Hat Linux  Password –md5 $1$0pevt0$y.br.18LYAasRsGdSKLY1p1  Root (hd1,2)  Kernal /vmlinuz-2.4.18-14 ro root == LABEL =/initrd /initrd-2.4.18-14.img  Savedefault  boot
  • 12. 2.Patching Linux Kernel: What is a patch?  A patch is a small text document containing a delta of changes between two different versions of a source tree. Patches are created with the diff program.  To correctly apply a patch you need to know what base it was generated from and what new version the patch will change the source tree into. These should both be present in the patch file metadata or be possible to deduce from the filename. Patching Linux includes :  Getting new kernel modules  Editing LILO.conf  Restarting LILO  Write new MBR Kpatch – Dynamic Kernel Patching :  Kpatch is a feature of the linux kernel that allows live patching of a running kernel which allows kernel  Patches to be applied to the kernel for security even through the kernel is still running
  • 13. 3.Remove Unused Software:  Commands:  For Red Hat/ RHEL/ Fedora / Centos : $ yum list installed $ yum list packageName $ yum remove PackageName  Debian/Ubuntu Linux : $ dpkg –l $ dpkg --info packageName $ apt-get remove packageName
  • 14. 4.Strong Password Policy : 1) Configuration of shadow password:  Command: Nano /etc/login.defs  Configuration Parameters: PASS_MAX_DAYS=30 PASS_WARN_AGE=20 ENCRYPT_METHOD SHA512 LOGIN_RETRIES =5 2) Password Files in Linux: /etc/Passwd /etc/shadow It has one way encrypted passwords are stored in a text file. Shadow utils is a package in linux that’s installed by default in most of the distributions. This file is readable by any user in the system. This directory is only accessible to root.
  • 15. 5.Process Security :  It is a mix of administrative, engineering and behavioral activities focused on preventing undesired accidents and unexpected events that may have a negative impact to a given process.  We have some components:  Exec thread  PID  Memory Context  Environment  Priority  Security Credentials  File descriptor
  • 16. 6.Securing Root Login:  Disabling Root access via any console device (tty).  edit the securetty file vim/etc/securetty and comment out the following lines: tty1 #tty2 It means root is allowed to login at tty1. tty2 is disabled.
  • 17. Operating System  Patching and Software Updates: periodically patches are released for included software either due to security flaws or to include additional functionality.  File System Configuration:  Create Separate Partition for /tmp: grep “[[:Space:]]/tmp[[:space:]]” /etc/fstab  Create Separate Partition for /var: grep “[[:Space:]]/var[[:space:]]” /etc/fstab  Secure Boot Settings :  Set permissions on boot loader config: chmod og-rwx/boot/grub/grub.cfg  Set Boot Loader Password : grub-mkpasswd-pbkdf2  Os Services:  Ensure rsh server is not enabled  Ensure telnet server is not enabled
  • 18. SELinux  Security-Enhanced Linux (SELinux) is a security architecture for Linux systems that allows administrators to have more control over who can access the system. It was originally developed by the United States National Security Agency (NSA) as a series of patches to the Linux kernel using Linux Security Modules (LSM). In SELinux has MAC and DAC SELinux Configuration files :  Getenforce  Sestatus  Setenforce DAC MAC User has complete control overall programs it owns and execute. Administrators manages the access controls unlike the users in DAC Administrators have no way to control users. Administrators define the access policy