212.4 Security tasks (weight: 3)

Tech Tutorial: 212.4 Security tasks (weight: 3) #

Introduction #

Security in Linux systems is paramount to ensuring the integrity, confidentiality, and availability of the systems and their resources. In this tutorial, we’ll delve into essential security tasks that every Linux system administrator should be familiar with. We’ll cover various utilities and commands associated with auditing and managing user and group permissions, configuring system-wide restrictions, and ensuring that only authorized users can access certain system functionalities.

Key Knowledge Areas #

  • Auditing a system to find security vulnerabilities
  • Managing user/group permissions and ownership
  • Configuring user and group disk quotas
  • Using Pluggable Authentication Modules (PAM)

Utilities #

  • auditd
  • chown, chgrp, chmod
  • setfacl, getfacl
  • usermod, groupmod
  • edquota, repquota
  • pam_tally2, faillog

Step-by-Step Guide #

1. Auditing with auditd #

The auditd daemon is part of the Linux Auditing System that logs security-relevant information based on preconfigured rules. Here’s how you can configure and use auditd:

Installation #

sudo apt-get install auditd  # Debian/Ubuntu
sudo yum install auditd      # CentOS/RHEL

Configuration #

To log all actions by the root user:

sudo auditctl -w /etc/shadow -p war -k shadow-watch
sudo auditctl -a always,exit -F arch=b64 -S all -F uid=0 -k root-activity

Viewing Logs #

sudo ausearch -k root-activity

2. Managing Permissions #

Changing Ownership with chown #

To change the owner of a file:

sudo chown newowner filename.txt

To change the owner recursively in a directory:

sudo chown -R newowner /path/to/directory

Changing Group Ownership with chgrp #

To change the group ownership of a file:

sudo chgrp newgroup filename.txt

Modifying Permissions with chmod #

To give full permissions to the owner and read/execute to others:

sudo chmod 755 filename.txt

3. Using ACLs with setfacl and getfacl #

Setting ACL #

To give a specific user read/write access to a file:

setfacl -m u:username:rw filename.txt

Viewing ACL #

getfacl filename.txt

4. Disk Quotas #

Editing Quotas #

To edit quotas for users:

sudo edquota -u username

Reporting Quotas #

sudo repquota -a

5. Configuring PAM #

Using pam_tally2 to Lock User Accounts #

To lock an account after three unsuccessful login attempts:

echo "auth required pam_tally2.so deny=3 unlock_time=600" >> /etc/pam.d/common-auth

Checking Account Lock Status #

sudo pam_tally2 -u username

Resetting the Fail Count #

sudo pam_tally2 -u username -r

Conclusion #

In this tutorial, we covered several fundamental security tasks for Linux systems. From auditing with auditd to managing user permissions and configuring disk quotas, these tasks are critical for maintaining a secure environment. Always ensure to test these configurations in a safe testing environment before deploying them in a production setting. Security is an ongoing process, and staying informed and vigilant is key to protecting your systems.