SlideShare a Scribd company logo

Linux security

Download as PPTX, PDF
T
trilokchandra prakash

In this PPT we are discussing about the Linux security and in that we have Linux server ,operating system , selinux, users and groups

Education
1 of 19
LINUX SECURITY
What is Linux ?  Linux is a free open source operating system (OS) based on UNIX that was created in 1991 by Linus Torvalds. Users can modify and create variations of the source code, known as distributions, for computers and other devices. The most common use is as a server, but Linux is also used in desktop computers, smartphones, e-book readers and gaming consoles etc.  It is also used by Hackers  Linux Types : o Ubuntu o Redhat o Suse o Debian o Centos o Oracle
Hardening  Hardening refers to providing various means of protection in a computer system. Protection is provided in various layers and is often referred to as defense in depth. Protecting in layers means to protect at the host level, the application level, the operating system level, the user level, the physical level and all the sublevels in between. Each level requires a unique method of security.  A hardened computer system is a more secure computer system.  Hardening is also known as system hardening.  Guides :  Guides : CIS Benchmark  Tools : Scap , Lynis
What if we don’t Hardening ?
Users and Groups  Users and Groups are used to control access to files and resources . Different permissions are also applied depending on users and groups. Users:  Every user of the system is assigned a unique user id known as UID.  Users names and UID’S are stored in this location -/etc/passwd. Users can’t read ,write or executable each other’s file without permissions. Groups:  Users are assigned to groups with unique group id numbers known as the gid.  Each user is given their own group . gids are stored in this location - /etc/group.
File Security File Permissions:  Every file and directory in your UNIX/Linux system has following 3 permissions defined for all the 3 owners discussed above.  Read (r): This permission give you the authority to open and read a file. Read permission on a directory gives you the ability to lists its content.  Write (w): The write permission gives you the authority to modify the contents of a file. The write permission on a directory gives you the authority to add, remove and rename files stored in the directory. Consider a scenario where you have to write permission on file but do not have write permission on the directory where the file is stored. You will be able to modify the file contents. But you will not be able to rename, move or remove the file from the directory.
 Execute (x): In Windows, an executable program usually has an extension ".exe" and which you can easily run. In Unix/Linux, you cannot run a program unless the execute permission is set. If the execute permission is not set, you might still be able to see/modify the program code(provided read & write permissions are set), but not run it. Special Permissions:  In this we have four cases. They are : 1) SUID (Set – user Identification) for an execution. 2) SGID (set group ID) for an execution. 3) SGID (set group ID) for an Directory. 4) Sticky bit for a directory LINK: https://thegeeksalive.com/linux-special-permissions/ INODES :  An inode is a data structure on a traditional Unix-style file system such as UFS or ext3. An inode stores basic information about a regular file, directory, or other file system object.  https://www.cyberciti.biz/tips/understanding-unixlinux-filesystem-inodes.html
Linux Server Hardening Steps : • Boot Security • Patching Linux Kernel • Remove Unused Software • Strong Password Policy • Securing Root Login • Process Security
1.Boot Security :  Boot loader is useful in preventing unauthorized users who have physical access to systems from booting using removable media like USB .  LILO and GRUB are two boot security loaders for linux workstations.  GRUB VS LILO GRUB LILO GRUB stands for Grand Unified Boot Loader LILO stands for Linux Loader It support for unlimited boot entries LILO only support up to 16 different boot selection GRUB boot from network LILO does not boot from network There is no need to change GRUB if configure file changed . GRUB is dynamically configure There is need to change LILO if configure file changed . LILO is not dynamically configure GRUB has interactive command interface LILO does not have interactive command interface GRUB has knowledge of file system LILO does not have any knowledge of file system
 LILO Configure File :  Boot =/dev/had  Map =/boot/map  Install =/boot/boot.b  Prompt  Timeout = 100  Compact  Default = Linux  Image = /boot/vmlinuz-2.4.18-14  Label =Linux  Root = /dev/hdb3  Read-only  Password=linux  Other=/dev/had  Label=windowsXP
 GRUB Configure File :  Default=0  Timeout=10  Splashimage=(hd1,2)/grub/splash.xp.gz  Password –md5 $1$0pevt0$y.br.18LYAasRsGdSKLY1p1  Title Red Hat Linux  Password –md5 $1$0pevt0$y.br.18LYAasRsGdSKLY1p1  Root (hd1,2)  Kernal /vmlinuz-2.4.18-14 ro root == LABEL =/initrd /initrd-2.4.18-14.img  Savedefault  boot
2.Patching Linux Kernel: What is a patch?  A patch is a small text document containing a delta of changes between two different versions of a source tree. Patches are created with the diff program.  To correctly apply a patch you need to know what base it was generated from and what new version the patch will change the source tree into. These should both be present in the patch file metadata or be possible to deduce from the filename. Patching Linux includes :  Getting new kernel modules  Editing LILO.conf  Restarting LILO  Write new MBR Kpatch – Dynamic Kernel Patching :  Kpatch is a feature of the linux kernel that allows live patching of a running kernel which allows kernel  Patches to be applied to the kernel for security even through the kernel is still running
3.Remove Unused Software:  Commands:  For Red Hat/ RHEL/ Fedora / Centos : $ yum list installed $ yum list packageName $ yum remove PackageName  Debian/Ubuntu Linux : $ dpkg –l $ dpkg --info packageName $ apt-get remove packageName
4.Strong Password Policy : 1) Configuration of shadow password:  Command: Nano /etc/login.defs  Configuration Parameters: PASS_MAX_DAYS=30 PASS_WARN_AGE=20 ENCRYPT_METHOD SHA512 LOGIN_RETRIES =5 2) Password Files in Linux: /etc/Passwd /etc/shadow It has one way encrypted passwords are stored in a text file. Shadow utils is a package in linux that’s installed by default in most of the distributions. This file is readable by any user in the system. This directory is only accessible to root.
5.Process Security :  It is a mix of administrative, engineering and behavioral activities focused on preventing undesired accidents and unexpected events that may have a negative impact to a given process.  We have some components:  Exec thread  PID  Memory Context  Environment  Priority  Security Credentials  File descriptor
6.Securing Root Login:  Disabling Root access via any console device (tty).  edit the securetty file vim/etc/securetty and comment out the following lines: tty1 #tty2 It means root is allowed to login at tty1. tty2 is disabled.
Operating System  Patching and Software Updates: periodically patches are released for included software either due to security flaws or to include additional functionality.  File System Configuration:  Create Separate Partition for /tmp: grep “[[:Space:]]/tmp[[:space:]]” /etc/fstab  Create Separate Partition for /var: grep “[[:Space:]]/var[[:space:]]” /etc/fstab  Secure Boot Settings :  Set permissions on boot loader config: chmod og-rwx/boot/grub/grub.cfg  Set Boot Loader Password : grub-mkpasswd-pbkdf2  Os Services:  Ensure rsh server is not enabled  Ensure telnet server is not enabled
SELinux  Security-Enhanced Linux (SELinux) is a security architecture for Linux systems that allows administrators to have more control over who can access the system. It was originally developed by the United States National Security Agency (NSA) as a series of patches to the Linux kernel using Linux Security Modules (LSM). In SELinux has MAC and DAC SELinux Configuration files :  Getenforce  Sestatus  Setenforce DAC MAC User has complete control overall programs it owns and execute. Administrators manages the access controls unlike the users in DAC Administrators have no way to control users. Administrators define the access policy
Linux security

Recommended

Linux security introduction
Linux security introduction Linux security introduction
Linux security introduction Mohamed Gad
 
Iptables the Linux Firewall
Iptables the Linux Firewall Iptables the Linux Firewall
Iptables the Linux Firewall Syed fawad Gillani
 
Linux file system
Linux file systemLinux file system
Linux file systemMd. Tanvir Hossain
 
Security and Linux Security
Security and Linux SecuritySecurity and Linux Security
Security and Linux SecurityRizky Ariestiyansyah
 
Linux fundamentals
Linux fundamentalsLinux fundamentals
Linux fundamentalsRaghu nath
 
Kali linux.ppt
Kali linux.pptKali linux.ppt
Kali linux.pptAhmedalhassar1
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Server configuration
Server configurationServer configuration
Server configurationAisha Talat
 

Recommended

Linux security introduction
Linux security introduction Linux security introduction
Linux security introduction Mohamed Gad
 
Iptables the Linux Firewall
Iptables the Linux Firewall Iptables the Linux Firewall
Iptables the Linux Firewall Syed fawad Gillani
 
Linux file system
Linux file systemLinux file system
Linux file systemMd. Tanvir Hossain
 
Security and Linux Security
Security and Linux SecuritySecurity and Linux Security
Security and Linux SecurityRizky Ariestiyansyah
 
Linux fundamentals
Linux fundamentalsLinux fundamentals
Linux fundamentalsRaghu nath
 
Kali linux.ppt
Kali linux.pptKali linux.ppt
Kali linux.pptAhmedalhassar1
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Server configuration
Server configurationServer configuration
Server configurationAisha Talat
 
Linux Operating System Vulnerabilities
Linux Operating System VulnerabilitiesLinux Operating System Vulnerabilities
Linux Operating System VulnerabilitiesInformation Technology
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
 
Linux.ppt
Linux.ppt Linux.ppt
Linux.ppt onu9
 
Nfs
NfsNfs
NfsShingalaKrupa
 
Linux command ppt
Linux command pptLinux command ppt
Linux command pptkalyanineve
 
Linux Administration
Linux AdministrationLinux Administration
Linux AdministrationHarish1983
 
Systems Administration
Systems AdministrationSystems Administration
Systems AdministrationMark John Lado, MIT
 
Linux basics part 1
Linux basics part 1Linux basics part 1
Linux basics part 1Lilesh Pathe
 
Introduction to Shell script
Introduction to Shell scriptIntroduction to Shell script
Introduction to Shell scriptBhavesh Padharia
 
Web application attacks
Web application attacksWeb application attacks
Web application attackshruth
 
Kali linux os
Kali linux osKali linux os
Kali linux osSamantha Lawrence
 
Wireshark
WiresharkWireshark
WiresharkSourav Roy
 
Exploitation techniques and fuzzing
Exploitation techniques and fuzzingExploitation techniques and fuzzing
Exploitation techniques and fuzzingG Prachi
 
Unix/Linux Basic Commands and Shell Script
Unix/Linux Basic Commands and Shell ScriptUnix/Linux Basic Commands and Shell Script
Unix/Linux Basic Commands and Shell Scriptsbmguys
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system gaurav koriya
 
Linux File System
Linux File SystemLinux File System
Linux File SystemAnil Kumar Pugalia
 
Linux systems - Linux Commands and Shell Scripting
Linux systems - Linux Commands and Shell ScriptingLinux systems - Linux Commands and Shell Scripting
Linux systems - Linux Commands and Shell ScriptingEmertxe Information Technologies Pvt Ltd
 
Security models
Security models Security models
Security models LJ PROJECTS
 
Introduction to linux
Introduction to linuxIntroduction to linux
Introduction to linuxStephen Ahiante
 
User management
User managementUser management
User managementMufaddal Haidermota
 
Linux Operating System
Linux Operating SystemLinux Operating System
Linux Operating SystemKunalKewat1
 
Ch1 linux basics
Ch1 linux basicsCh1 linux basics
Ch1 linux basicschandranath06
 

More Related Content

What's hot

Linux Operating System Vulnerabilities
Linux Operating System VulnerabilitiesLinux Operating System Vulnerabilities
Linux Operating System VulnerabilitiesInformation Technology
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
 
Linux.ppt
Linux.ppt Linux.ppt
Linux.ppt onu9
 
Linux command ppt
Linux command pptLinux command ppt
Linux command pptkalyanineve
 
Linux Administration
Linux AdministrationLinux Administration
Linux AdministrationHarish1983
 
Linux basics part 1
Linux basics part 1Linux basics part 1
Linux basics part 1Lilesh Pathe
 
Introduction to Shell script
Introduction to Shell scriptIntroduction to Shell script
Introduction to Shell scriptBhavesh Padharia
 
Web application attacks
Web application attacksWeb application attacks
Web application attackshruth
 
Exploitation techniques and fuzzing
Exploitation techniques and fuzzingExploitation techniques and fuzzing
Exploitation techniques and fuzzingG Prachi
 
Unix/Linux Basic Commands and Shell Script
Unix/Linux Basic Commands and Shell ScriptUnix/Linux Basic Commands and Shell Script
Unix/Linux Basic Commands and Shell Scriptsbmguys
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system gaurav koriya
 
Security models
Security models Security models
Security models LJ PROJECTS
 

What's hot (20)

Linux Operating System Vulnerabilities
Linux Operating System VulnerabilitiesLinux Operating System Vulnerabilities
Linux Operating System Vulnerabilities
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems
 
Linux.ppt
Linux.ppt Linux.ppt
Linux.ppt
 
Nfs
NfsNfs
Nfs
 
Linux command ppt
Linux command pptLinux command ppt
Linux command ppt
 
Linux Administration
Linux AdministrationLinux Administration
Linux Administration
 
Systems Administration
Systems AdministrationSystems Administration
Systems Administration
 
Linux basics part 1
Linux basics part 1Linux basics part 1
Linux basics part 1
 
Introduction to Shell script
Introduction to Shell scriptIntroduction to Shell script
Introduction to Shell script
 
Web application attacks
Web application attacksWeb application attacks
Web application attacks
 
Kali linux os
Kali linux osKali linux os
Kali linux os
 
Wireshark
WiresharkWireshark
Wireshark
 
Exploitation techniques and fuzzing
Exploitation techniques and fuzzingExploitation techniques and fuzzing
Exploitation techniques and fuzzing
 
Unix/Linux Basic Commands and Shell Script
Unix/Linux Basic Commands and Shell ScriptUnix/Linux Basic Commands and Shell Script
Unix/Linux Basic Commands and Shell Script
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system
 
Linux File System
Linux File SystemLinux File System
Linux File System
 
Linux systems - Linux Commands and Shell Scripting
Linux systems - Linux Commands and Shell ScriptingLinux systems - Linux Commands and Shell Scripting
Linux systems - Linux Commands and Shell Scripting
 
Security models
Security models Security models
Security models
 
Introduction to linux
Introduction to linuxIntroduction to linux
Introduction to linux
 
User management
User managementUser management
User management
 

Similar to Linux security

Linux Operating System
Linux Operating SystemLinux Operating System
Linux Operating SystemKunalKewat1
 
Unix Operating System
Unix Operating SystemUnix Operating System
Unix Operating Systemsubhsikha
 
Linux Basics Knowlage sharing.pptx
Linux Basics Knowlage sharing.pptxLinux Basics Knowlage sharing.pptx
Linux Basics Knowlage sharing.pptxbemnitekalegn
 
Poking The Filesystem For Fun And Profit
Poking The Filesystem For Fun And ProfitPoking The Filesystem For Fun And Profit
Poking The Filesystem For Fun And Profitssusera432ea1
 
Unix Security
Unix SecurityUnix Security
Unix Securityreplay21
 
linux system and network administrations
linux system and network administrationslinux system and network administrations
linux system and network administrationshaile468688
 
Basics of Linux Commands, Git and Github
Basics of Linux Commands, Git and GithubBasics of Linux Commands, Git and Github
Basics of Linux Commands, Git and GithubDevang Garach
 
Introduction to Operating Systems.pptx
Introduction to Operating Systems.pptxIntroduction to Operating Systems.pptx
Introduction to Operating Systems.pptxMohamedSaied877003
 

Similar to Linux security (20)

Linux Operating System
Linux Operating SystemLinux Operating System
Linux Operating System
 
Ch1 linux basics
Ch1 linux basicsCh1 linux basics
Ch1 linux basics
 
Linux basics
Linux basics Linux basics
Linux basics
 
Host security
Host securityHost security
Host security
 
Host security
Host securityHost security
Host security
 
Introduction to Unix
Introduction to UnixIntroduction to Unix
Introduction to Unix
 
Linux basics
Linux basics Linux basics
Linux basics
 
Unix Operating System
Unix Operating SystemUnix Operating System
Unix Operating System
 
3CS LSP UNIT 1-1.pdf
3CS LSP UNIT 1-1.pdf3CS LSP UNIT 1-1.pdf
3CS LSP UNIT 1-1.pdf
 
Linux Basics Knowlage sharing.pptx
Linux Basics Knowlage sharing.pptxLinux Basics Knowlage sharing.pptx
Linux Basics Knowlage sharing.pptx
 
Poking The Filesystem For Fun And Profit
Poking The Filesystem For Fun And ProfitPoking The Filesystem For Fun And Profit
Poking The Filesystem For Fun And Profit
 
Presentation on linux
Presentation on linuxPresentation on linux
Presentation on linux
 
Unix Security
Unix SecurityUnix Security
Unix Security
 
13.pptx
13.pptx13.pptx
13.pptx
 
linux system and network administrations
linux system and network administrationslinux system and network administrations
linux system and network administrations
 
prateekporwal
prateekporwalprateekporwal
prateekporwal
 
Linux
LinuxLinux
Linux
 
Basics of Linux Commands, Git and Github
Basics of Linux Commands, Git and GithubBasics of Linux Commands, Git and Github
Basics of Linux Commands, Git and Github
 
Introduction to Operating Systems.pptx
Introduction to Operating Systems.pptxIntroduction to Operating Systems.pptx
Introduction to Operating Systems.pptx
 
Linux Security
Linux SecurityLinux Security
Linux Security
 

Recently uploaded

Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
The byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptxThe byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptxShobhayan Kirtania
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...fonyou31
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Pooja Nehwal
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajanpragatimahajan3
 

Recently uploaded (20)

Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
The byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptxThe byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptx
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 

Linux security

  • 2. What is Linux ?  Linux is a free open source operating system (OS) based on UNIX that was created in 1991 by Linus Torvalds. Users can modify and create variations of the source code, known as distributions, for computers and other devices. The most common use is as a server, but Linux is also used in desktop computers, smartphones, e-book readers and gaming consoles etc.  It is also used by Hackers  Linux Types : o Ubuntu o Redhat o Suse o Debian o Centos o Oracle
  • 3. Hardening  Hardening refers to providing various means of protection in a computer system. Protection is provided in various layers and is often referred to as defense in depth. Protecting in layers means to protect at the host level, the application level, the operating system level, the user level, the physical level and all the sublevels in between. Each level requires a unique method of security.  A hardened computer system is a more secure computer system.  Hardening is also known as system hardening.  Guides :  Guides : CIS Benchmark  Tools : Scap , Lynis
  • 4. What if we don’t Hardening ?
  • 5. Users and Groups  Users and Groups are used to control access to files and resources . Different permissions are also applied depending on users and groups. Users:  Every user of the system is assigned a unique user id known as UID.  Users names and UID’S are stored in this location -/etc/passwd. Users can’t read ,write or executable each other’s file without permissions. Groups:  Users are assigned to groups with unique group id numbers known as the gid.  Each user is given their own group . gids are stored in this location - /etc/group.
  • 6. File Security File Permissions:  Every file and directory in your UNIX/Linux system has following 3 permissions defined for all the 3 owners discussed above.  Read (r): This permission give you the authority to open and read a file. Read permission on a directory gives you the ability to lists its content.  Write (w): The write permission gives you the authority to modify the contents of a file. The write permission on a directory gives you the authority to add, remove and rename files stored in the directory. Consider a scenario where you have to write permission on file but do not have write permission on the directory where the file is stored. You will be able to modify the file contents. But you will not be able to rename, move or remove the file from the directory.
  • 7.  Execute (x): In Windows, an executable program usually has an extension ".exe" and which you can easily run. In Unix/Linux, you cannot run a program unless the execute permission is set. If the execute permission is not set, you might still be able to see/modify the program code(provided read & write permissions are set), but not run it. Special Permissions:  In this we have four cases. They are : 1) SUID (Set – user Identification) for an execution. 2) SGID (set group ID) for an execution. 3) SGID (set group ID) for an Directory. 4) Sticky bit for a directory LINK: https://thegeeksalive.com/linux-special-permissions/ INODES :  An inode is a data structure on a traditional Unix-style file system such as UFS or ext3. An inode stores basic information about a regular file, directory, or other file system object.  https://www.cyberciti.biz/tips/understanding-unixlinux-filesystem-inodes.html
  • 8. Linux Server Hardening Steps : • Boot Security • Patching Linux Kernel • Remove Unused Software • Strong Password Policy • Securing Root Login • Process Security
  • 9. 1.Boot Security :  Boot loader is useful in preventing unauthorized users who have physical access to systems from booting using removable media like USB .  LILO and GRUB are two boot security loaders for linux workstations.  GRUB VS LILO GRUB LILO GRUB stands for Grand Unified Boot Loader LILO stands for Linux Loader It support for unlimited boot entries LILO only support up to 16 different boot selection GRUB boot from network LILO does not boot from network There is no need to change GRUB if configure file changed . GRUB is dynamically configure There is need to change LILO if configure file changed . LILO is not dynamically configure GRUB has interactive command interface LILO does not have interactive command interface GRUB has knowledge of file system LILO does not have any knowledge of file system
  • 10.  LILO Configure File :  Boot =/dev/had  Map =/boot/map  Install =/boot/boot.b  Prompt  Timeout = 100  Compact  Default = Linux  Image = /boot/vmlinuz-2.4.18-14  Label =Linux  Root = /dev/hdb3  Read-only  Password=linux  Other=/dev/had  Label=windowsXP
  • 11.  GRUB Configure File :  Default=0  Timeout=10  Splashimage=(hd1,2)/grub/splash.xp.gz  Password –md5 $1$0pevt0$y.br.18LYAasRsGdSKLY1p1  Title Red Hat Linux  Password –md5 $1$0pevt0$y.br.18LYAasRsGdSKLY1p1  Root (hd1,2)  Kernal /vmlinuz-2.4.18-14 ro root == LABEL =/initrd /initrd-2.4.18-14.img  Savedefault  boot
  • 12. 2.Patching Linux Kernel: What is a patch?  A patch is a small text document containing a delta of changes between two different versions of a source tree. Patches are created with the diff program.  To correctly apply a patch you need to know what base it was generated from and what new version the patch will change the source tree into. These should both be present in the patch file metadata or be possible to deduce from the filename. Patching Linux includes :  Getting new kernel modules  Editing LILO.conf  Restarting LILO  Write new MBR Kpatch – Dynamic Kernel Patching :  Kpatch is a feature of the linux kernel that allows live patching of a running kernel which allows kernel  Patches to be applied to the kernel for security even through the kernel is still running
  • 13. 3.Remove Unused Software:  Commands:  For Red Hat/ RHEL/ Fedora / Centos : $ yum list installed $ yum list packageName $ yum remove PackageName  Debian/Ubuntu Linux : $ dpkg –l $ dpkg --info packageName $ apt-get remove packageName
  • 14. 4.Strong Password Policy : 1) Configuration of shadow password:  Command: Nano /etc/login.defs  Configuration Parameters: PASS_MAX_DAYS=30 PASS_WARN_AGE=20 ENCRYPT_METHOD SHA512 LOGIN_RETRIES =5 2) Password Files in Linux: /etc/Passwd /etc/shadow It has one way encrypted passwords are stored in a text file. Shadow utils is a package in linux that’s installed by default in most of the distributions. This file is readable by any user in the system. This directory is only accessible to root.
  • 15. 5.Process Security :  It is a mix of administrative, engineering and behavioral activities focused on preventing undesired accidents and unexpected events that may have a negative impact to a given process.  We have some components:  Exec thread  PID  Memory Context  Environment  Priority  Security Credentials  File descriptor
  • 16. 6.Securing Root Login:  Disabling Root access via any console device (tty).  edit the securetty file vim/etc/securetty and comment out the following lines: tty1 #tty2 It means root is allowed to login at tty1. tty2 is disabled.
  • 17. Operating System  Patching and Software Updates: periodically patches are released for included software either due to security flaws or to include additional functionality.  File System Configuration:  Create Separate Partition for /tmp: grep “[[:Space:]]/tmp[[:space:]]” /etc/fstab  Create Separate Partition for /var: grep “[[:Space:]]/var[[:space:]]” /etc/fstab  Secure Boot Settings :  Set permissions on boot loader config: chmod og-rwx/boot/grub/grub.cfg  Set Boot Loader Password : grub-mkpasswd-pbkdf2  Os Services:  Ensure rsh server is not enabled  Ensure telnet server is not enabled
  • 18. SELinux  Security-Enhanced Linux (SELinux) is a security architecture for Linux systems that allows administrators to have more control over who can access the system. It was originally developed by the United States National Security Agency (NSA) as a series of patches to the Linux kernel using Linux Security Modules (LSM). In SELinux has MAC and DAC SELinux Configuration files :  Getenforce  Sestatus  Setenforce DAC MAC User has complete control overall programs it owns and execute. Administrators manages the access controls unlike the users in DAC Administrators have no way to control users. Administrators define the access policy