intro to linux (cont)
DESCRIPTION
Intro to Linux (cont). Week 2 Objectives. Intro to Linux cont ppt Logs Quotas iptables Linux boot ppt Security goals ppt Hands on vi, software install / packages, CLI, config files, cron . log files. log files are often overlooked by newbies log files are important - PowerPoint PPT PresentationTRANSCRIPT
Intro to Linux (cont)
Week 2 Objectives• Intro to Linux cont ppt
– Logs– Quotas– iptables
• Linux boot ppt • Security goals ppt• Hands on
– vi, software install / packages, CLI, config files, cron
log files• log files are often overlooked by newbies• log files are important
– valuable system information– footprints left behind by system abusers and
crackers• system log daemon
– syslog default• /etc/syslog.conf
– syslog-ng popular alternative• /etc/syslog-ng.conf
log files• syslog configuration file
– log facilities sources of log entries• auth• authpriv• cron
– log levels severity of log entries• emerge• alert• crit
log files• syslog-ng configuration file
– significantly different syntax that syslog– more cumbersome
• requires definition of:– sources of log entries– destinations of log entries
log files• if left unattended, log files grow without
bound• it is possible to create a denial of service
(DoS) on your own system by completely filling the /var/log partition
• this is not a good thing!!!
log files• the real issue with log files is that they be
read!• automated log file analyzers can be a big
help in this area– crontab
• define a time interval for review (nightly?)• must pick up next time where it left off last time!
– daemon• faster notification that a crontab utility• but more CPU intensive
log files• log file analysis is greatly facilitated by
maintaining a single aggregate log file– /var/log/messages
• additional separate log files may be maintained as well for the convenience of the system administrator
quotas• quotas allow the system administrator to
limit file system resources available to users
• types– per user– per group
• limits– hard limit– soft limit
• grace periods
quotas• hard limit
– can not be exceeded– offending file can not be saved!
• soft limit– warning message– offending file can be saved!
quotas• steps to implement:
– edit file /etc/fstab• /dev/hda3 /home /ext2 defaults,usrquota,grpquota 1 2
– create database files for quotas• touch /home/aquota.user /home/aquota.group• chmod 600 /home/aquota.usr /home/aquota.group
– initialize database• quotacheck -avug
– activate quotas• quotaon -ug /home
quotas• steps to implement: (cont'd)
– system startup scripts (/etc/init.d/boot.local)• quotacheck -avug• quotaon -avug
– edit /etc/crontab• 0 3 * * * root /sbin/quotacheck -avug
quotas• system administration commands:
– quota -uv <user> u = user– quota -gv <group> g = group
– quotaon -u <filesystem> a = all– quotaon -g <filesystem> v = verbose– quotaon -a
– quotaoff -u <filesystem>– quotaoff -g <filesystem>– quotaoff -a
quotas• system administration commands:
(cont'd)– quotacheck -u <filesystem>– quotacheck -g <filesystem>– quotacheck -a
– edquota -u <user> define / modify
– edquota -g <group> quotas!
– repquota -u <filesystem> summary report– repquota -g <filesystem> quotas– repquota -a
iptables and firewalls• Linux has evolved significantly over the
past five years regarding firewall software– kernel 2.0 ipfwadm– kernel 2.2 ipchains– kernel 2.4 iptables (netfilters)
• each upgrade introduced additional capabilities and simpler syntax
iptables and firewalls• iptables focuses on five facets of packet
movement into, across, and out from a gateway host
• these five facets are represented by tables– PREROUTING– INPUT– FORWARD– OUTPUT– POSTROUTING
iptables and firewalls
INPUT OUTPUT
FORWARD
PRE POST
iptables and firewalls• each table consists of rules pertaining to
packets– source / source port– destination / destination port– interface– protocol: icmp, udp, tcp
• each rule specifies and action– -j ACCEPT– -j DROP no answer to
sender– -j REJECT answer to sender
iptables and firewalls• rules within each table are processed in
order– first rule to match triggers action
• creating iptable rules is a non-trivial activity!
Package Management
RPM
Apt