Intro to Linux (cont)

Week 2 Objectives• Intro to Linux cont ppt

– Logs– Quotas– iptables

• Linux boot ppt • Security goals ppt• Hands on

– vi, software install / packages, CLI, config files, cron

log files• log files are often overlooked by newbies• log files are important

– valuable system information– footprints left behind by system abusers and

crackers• system log daemon

– syslog default• /etc/syslog.conf

– syslog-ng popular alternative• /etc/syslog-ng.conf

log files• syslog configuration file

– log facilities sources of log entries• auth• authpriv• cron

– log levels severity of log entries• emerge• alert• crit

log files• syslog-ng configuration file

– significantly different syntax that syslog– more cumbersome

• requires definition of:– sources of log entries– destinations of log entries

log files• if left unattended, log files grow without

bound• it is possible to create a denial of service

(DoS) on your own system by completely filling the /var/log partition

• this is not a good thing!!!

log files• the real issue with log files is that they be

read!• automated log file analyzers can be a big

help in this area– crontab

• define a time interval for review (nightly?)• must pick up next time where it left off last time!

– daemon• faster notification that a crontab utility• but more CPU intensive

log files• log file analysis is greatly facilitated by

maintaining a single aggregate log file– /var/log/messages

• additional separate log files may be maintained as well for the convenience of the system administrator

quotas• quotas allow the system administrator to

limit file system resources available to users

• types– per user– per group

• limits– hard limit– soft limit

• grace periods

quotas• hard limit

– can not be exceeded– offending file can not be saved!

• soft limit– warning message– offending file can be saved!

quotas• steps to implement:

– edit file /etc/fstab• /dev/hda3 /home /ext2 defaults,usrquota,grpquota 1 2

– create database files for quotas• touch /home/aquota.user /home/aquota.group• chmod 600 /home/aquota.usr /home/aquota.group

– initialize database• quotacheck -avug

– activate quotas• quotaon -ug /home

quotas• steps to implement: (cont'd)

– system startup scripts (/etc/init.d/boot.local)• quotacheck -avug• quotaon -avug

– edit /etc/crontab• 0 3 * * * root /sbin/quotacheck -avug

quotas• system administration commands:

– quota -uv <user> u = user– quota -gv <group> g = group

– quotaon -u <filesystem> a = all– quotaon -g <filesystem> v = verbose– quotaon -a

– quotaoff -u <filesystem>– quotaoff -g <filesystem>– quotaoff -a

quotas• system administration commands:

(cont'd)– quotacheck -u <filesystem>– quotacheck -g <filesystem>– quotacheck -a

– edquota -u <user> define / modify

– edquota -g <group> quotas!

– repquota -u <filesystem> summary report– repquota -g <filesystem> quotas– repquota -a

iptables and firewalls• Linux has evolved significantly over the

past five years regarding firewall software– kernel 2.0 ipfwadm– kernel 2.2 ipchains– kernel 2.4 iptables (netfilters)

• each upgrade introduced additional capabilities and simpler syntax

iptables and firewalls• iptables focuses on five facets of packet

movement into, across, and out from a gateway host

• these five facets are represented by tables– PREROUTING– INPUT– FORWARD– OUTPUT– POSTROUTING

iptables and firewalls

INPUT OUTPUT

FORWARD

PRE POST

iptables and firewalls• each table consists of rules pertaining to

packets– source / source port– destination / destination port– interface– protocol: icmp, udp, tcp

• each rule specifies and action– -j ACCEPT– -j DROP no answer to

sender– -j REJECT answer to sender

iptables and firewalls• rules within each table are processed in

order– first rule to match triggers action

• creating iptable rules is a non-trivial activity!

Package Management

RPM

Apt