Tech Tutorial: 212.4 Security tasks (weight: 3) #
Introduction #
Security in Linux systems is paramount to ensuring the integrity, confidentiality, and availability of the systems and their resources. In this tutorial, we’ll delve into essential security tasks that every Linux system administrator should be familiar with. We’ll cover various utilities and commands associated with auditing and managing user and group permissions, configuring system-wide restrictions, and ensuring that only authorized users can access certain system functionalities.
Key Knowledge Areas #
- Auditing a system to find security vulnerabilities
- Managing user/group permissions and ownership
- Configuring user and group disk quotas
- Using Pluggable Authentication Modules (PAM)
Utilities #
auditd
chown
,chgrp
,chmod
setfacl
,getfacl
usermod
,groupmod
edquota
,repquota
pam_tally2
,faillog
Step-by-Step Guide #
1. Auditing with auditd
#
The auditd
daemon is part of the Linux Auditing System that logs security-relevant information based on preconfigured rules. Here’s how you can configure and use auditd
:
Installation #
sudo apt-get install auditd # Debian/Ubuntu
sudo yum install auditd # CentOS/RHEL
Configuration #
To log all actions by the root
user:
sudo auditctl -w /etc/shadow -p war -k shadow-watch
sudo auditctl -a always,exit -F arch=b64 -S all -F uid=0 -k root-activity
Viewing Logs #
sudo ausearch -k root-activity
2. Managing Permissions #
Changing Ownership with chown
#
To change the owner of a file:
sudo chown newowner filename.txt
To change the owner recursively in a directory:
sudo chown -R newowner /path/to/directory
Changing Group Ownership with chgrp
#
To change the group ownership of a file:
sudo chgrp newgroup filename.txt
Modifying Permissions with chmod
#
To give full permissions to the owner and read/execute to others:
sudo chmod 755 filename.txt
3. Using ACLs with setfacl
and getfacl
#
Setting ACL #
To give a specific user read/write access to a file:
setfacl -m u:username:rw filename.txt
Viewing ACL #
getfacl filename.txt
4. Disk Quotas #
Editing Quotas #
To edit quotas for users:
sudo edquota -u username
Reporting Quotas #
sudo repquota -a
5. Configuring PAM #
Using pam_tally2
to Lock User Accounts
#
To lock an account after three unsuccessful login attempts:
echo "auth required pam_tally2.so deny=3 unlock_time=600" >> /etc/pam.d/common-auth
Checking Account Lock Status #
sudo pam_tally2 -u username
Resetting the Fail Count #
sudo pam_tally2 -u username -r
Conclusion #
In this tutorial, we covered several fundamental security tasks for Linux systems. From auditing with auditd
to managing user permissions and configuring disk quotas, these tasks are critical for maintaining a secure environment. Always ensure to test these configurations in a safe testing environment before deploying them in a production setting. Security is an ongoing process, and staying informed and vigilant is key to protecting your systems.