Linux Administration - Security

[top]

Common actions

Commands

 w
Display who is logged in

 ps -fe OR -auxww
Display processes running

 passwd -l
Disable login

 last
Displays when users login schedule
Reads - /var/log/wtmp
*crackers* - rm this file, rm history

[top]

gpg

Commands

 gpg --gen-key
Generate a key

 gpg --list-public-keys
Lists all of my public keys

 gpg -kv
Lists all keys in keyring

 gpg --armor --export 77454014 > dsd.key
Exports my public key to a file The --armor arg tells gpg to output in ASCII format to be compatible w/ email transfer

 gpg --import program.key
Copy n paste key block into file

 gpg --verify program.asc
Download signature file and verify

[top]

logs

Commands

 grep fail /var/log/messages
Display fail records

 grep repeat /var/log/messages
Display fail records

 grep error /var/log/messages
Display fail records
Do not let hard drive errors go (replace drive)
DVD/CD errors may occur at any time

[top]

lsof

Commands

 lsof
List open files

 lsof | grep smtp
List open smtp files

[top]

md5sum

Commands

 md5sum package.tar.gz
Compare checksum output and contents of package.tar.gz.md5

[top]

shred

Commands

 shred -u [filename]
Overwrites file 25 times and then removes it.
This is used to obliterate data on disks, or at least make it difficult to retrieve.

[top]

SUID/SGID Programs

Commands

 find / -perm +6000 -type f
Finds all files with the SUID or SGID permissions assigned.

[top]

Tripwire

Files

/etc/tripwire					- tripwire directory
/etc/tripwire/twinstall.sh			- setups up tripwire and prompts for passphrases to authenticate access to Tripwire utilities.
/etc/tripwire/twcfg.txt => /etc/tripwire/tw.cfg - overal config options
/etc/tripwire/twpol.txt => /etc/tripwire/tw.pol - information on files being monitored

Commands
tripwire --init
Generate checksums and hashes on files it is configured to monitor.

tripwire --check
Check state of system files against Tripwire database.

tripwire --update
Update Tripwire database if package changes have occured.

[top]

chkrootkit

Commands

 chkrootkit
Similar to virus scanning. All output should end with "not infected" or "no suspect files found".

[top] mail aliases

Files

/etc/aliases
/etc/postfix/aliases
/etc/mail/aliases
Commands
 newaliases
Converts the configured 'aliases' file to the 'aliases.db' binary file.

[top] PAM (Pluggable Authentication Modules) pam_limits

Files

/etc/pam.d
/etc/security/limits.conf

format: domain type item value
domain	- username, groupname (@groupname) or * (everybody)
type	- hard (can never be exceeded), soft (temporarily can be exceeded), - (both)
item	- core (core size), data (program data size), fsize (file size), nofile (# of open files), 
	  rss (resident set size), stack (stack size), cpu (cpu time of a single process), 
	  nproc (# of concurrent processes), maxlogins, priority (process priority)
value	- value to be applied to limit

[top] Allow only root access

Files

/etc/nologin
If this file exists, only root can login to the computer.