rhel audit
TRANSCRIPT
-
8/13/2019 Rhel Audit
1/18
RHEL/CentOSBy
Shashank Gosavi
-
8/13/2019 Rhel Audit
2/18
Introduction
Red Hat Enterprise Linux is the Linux distro for
enterprise environment, developed by Red Hat
Inc. Due to support of Red Hat Network (RHN), it
is widely used for servers.
Community Enterprise OS (CentOS) is based on
source code of RHEL and freely available. But do
not have RHN support.
-
8/13/2019 Rhel Audit
3/18
Linux directory structure
-
8/13/2019 Rhel Audit
4/18
INODE
Index Node ?
INODE is metadata.
It stores following info
-
8/13/2019 Rhel Audit
5/18
INODE Structure of Directory
It is simple Directory name to INODE number
mapping.
INODE no of .(DOT) is INODE no of Current Directory
-
8/13/2019 Rhel Audit
6/18
INODE Structure of File
-
8/13/2019 Rhel Audit
7/18
INODE Structure of File (cont.) Mode: This keeps information about permission
information and the type of inode (e.g. file,directory or a block device etc.)
Owner Info: Access details like owner of the file,
group of the file etc. Size: This location store the size of the file in
terms of bytes.
Time Stamps: it stores the inode creation time,modification time, etc.
-
8/13/2019 Rhel Audit
8/18
Blocks
Whenever a partition is formatted with a file
system. It normally gets formatted with a
default block size. Now block size is the size of
chunks in which data will be spread.
So if the block size is 4K, then for a file of 15K
it will take 4 blocks(because 4K*4 16), and
technically speaking you waste 1 K.
-
8/13/2019 Rhel Audit
9/18
Direct Block Pointers
In an ext2 file system an inode consists of only 15 blockpointers.
The first 12 block pointers are called as Direct Blockpointers. Which means that these pointers point to theaddress of the blocks containing the data of the file. 12Block pointers can point to 12 data blocks.
So in total the Direct Block pointers can address only48K(12 * 4K) of data. Which means if the file is only of
48K or below in size, then inode itself can address allthe blocks containing the data of the file.
-
8/13/2019 Rhel Audit
10/18
Indirect Block Pointers
Whenever the size of the data goes above 48k(by consideringthe block size as 4k), the 13th pointer in the inode will pointto the very next block after the data(adjacent block after 48kof data), which in turn will point to the next block address
where data is to be copied. Now as we have took our block size as 4K, the indirect block
pointer, can point to 1024 blocks containing data(by takingthe size of a block pointer as 4bytes, one 4K block can pointto 1024 blocks because 4 bytes * 1024 = 4K).
which means an indirect block pointer can address, upto 4MBof data(4bytes of block pointer in 4K block, can point andaddress 1024 number of 4K blocks which makes the data sizeof 4M)
-
8/13/2019 Rhel Audit
11/18
Double indirect Block Pointers
Now if the size of the file is above 4MB + 48K then theinode will start using Double Indirect Block Pointers, toaddress data blocks. Double Indirect Block pointer in aninode will point to the block that comes just after 4M +
48K data, which intern will point to the blocks wherethe data is stored.
Double Indirect block pointer also is inside a 4K blockas every blocks are 4K, Now block pointers are 4bytes in size, as mentioned previously, so Double
indirect block pointer can address 1024 Indirect Blockpointers(which means 1024 * 4M =4G). So with thehelp of a double indirect Block Pointer the size of thedata can go up to 4G.
-
8/13/2019 Rhel Audit
12/18
Triple Indirect Block Pointers
Now this triple Indirect Block Pointers can
address upto 4G * 1024 = 4TB, of file size. The
fifteenth block pointer in the inode will point
to the block just after the 4G of data, whichintern will point to 1024 Double Indirect Block
Pointers.
-
8/13/2019 Rhel Audit
13/18
INODE (cont.) INODE in Commands
ls -i
stat
find -inum ;
cd $(findinum )
Effects of cp and mv commands.
-
8/13/2019 Rhel Audit
14/18
UMASK
User file-creation mode mask
Determines the file permission for newly
created files. Also control the default file
permission for new files
To set umask open /etc/profile and append
umask 022 (or any valid umask value)
To set umask open ~/.bashrc and append
umask 022 (or any valid umask value)
-
8/13/2019 Rhel Audit
15/18
Calculating UMASK
Octal Value Permission
0 Read, Write, Execute
1 Read, Write
2 Read, Execute
3 Read only
4 Write, Execute
5 Write Only
6 Execute only
7 No Permissions
-
8/13/2019 Rhel Audit
16/18
-
8/13/2019 Rhel Audit
17/18
Calculating Final Permissions
Final Permissions = base permissionsumask
File Permissions:
666(base)022(umask)= 644(final)(rw-r--r--) Directory Permissions:
777(base)022(umask)= 755(final)(rwx--x--x)
-
8/13/2019 Rhel Audit
18/18
THANK YOU