Intro to Linux (cont)
description
Transcript of Intro to Linux (cont)
![Page 1: Intro to Linux (cont)](https://reader036.fdocuments.net/reader036/viewer/2022062411/56816935550346895de0913f/html5/thumbnails/1.jpg)
Intro to Linux (cont)
![Page 2: Intro to Linux (cont)](https://reader036.fdocuments.net/reader036/viewer/2022062411/56816935550346895de0913f/html5/thumbnails/2.jpg)
Week 2 Objectives• Intro to Linux cont ppt
– Logs– Quotas– iptables
• Linux boot ppt • Security goals ppt• Hands on
– vi, software install / packages, CLI, config files, cron
![Page 3: Intro to Linux (cont)](https://reader036.fdocuments.net/reader036/viewer/2022062411/56816935550346895de0913f/html5/thumbnails/3.jpg)
log files• log files are often overlooked by newbies• log files are important
– valuable system information– footprints left behind by system abusers and
crackers• system log daemon
– syslog default• /etc/syslog.conf
– syslog-ng popular alternative• /etc/syslog-ng.conf
![Page 4: Intro to Linux (cont)](https://reader036.fdocuments.net/reader036/viewer/2022062411/56816935550346895de0913f/html5/thumbnails/4.jpg)
log files• syslog configuration file
– log facilities sources of log entries• auth• authpriv• cron
– log levels severity of log entries• emerge• alert• crit
![Page 5: Intro to Linux (cont)](https://reader036.fdocuments.net/reader036/viewer/2022062411/56816935550346895de0913f/html5/thumbnails/5.jpg)
log files• syslog-ng configuration file
– significantly different syntax that syslog– more cumbersome
• requires definition of:– sources of log entries– destinations of log entries
![Page 6: Intro to Linux (cont)](https://reader036.fdocuments.net/reader036/viewer/2022062411/56816935550346895de0913f/html5/thumbnails/6.jpg)
log files• if left unattended, log files grow without
bound• it is possible to create a denial of service
(DoS) on your own system by completely filling the /var/log partition
• this is not a good thing!!!
![Page 7: Intro to Linux (cont)](https://reader036.fdocuments.net/reader036/viewer/2022062411/56816935550346895de0913f/html5/thumbnails/7.jpg)
log files• the real issue with log files is that they be
read!• automated log file analyzers can be a big
help in this area– crontab
• define a time interval for review (nightly?)• must pick up next time where it left off last time!
– daemon• faster notification that a crontab utility• but more CPU intensive
![Page 8: Intro to Linux (cont)](https://reader036.fdocuments.net/reader036/viewer/2022062411/56816935550346895de0913f/html5/thumbnails/8.jpg)
log files• log file analysis is greatly facilitated by
maintaining a single aggregate log file– /var/log/messages
• additional separate log files may be maintained as well for the convenience of the system administrator
![Page 9: Intro to Linux (cont)](https://reader036.fdocuments.net/reader036/viewer/2022062411/56816935550346895de0913f/html5/thumbnails/9.jpg)
quotas• quotas allow the system administrator to
limit file system resources available to users
• types– per user– per group
• limits– hard limit– soft limit
• grace periods
![Page 10: Intro to Linux (cont)](https://reader036.fdocuments.net/reader036/viewer/2022062411/56816935550346895de0913f/html5/thumbnails/10.jpg)
quotas• hard limit
– can not be exceeded– offending file can not be saved!
• soft limit– warning message– offending file can be saved!
![Page 11: Intro to Linux (cont)](https://reader036.fdocuments.net/reader036/viewer/2022062411/56816935550346895de0913f/html5/thumbnails/11.jpg)
quotas• steps to implement:
– edit file /etc/fstab• /dev/hda3 /home /ext2 defaults,usrquota,grpquota 1 2
– create database files for quotas• touch /home/aquota.user /home/aquota.group• chmod 600 /home/aquota.usr /home/aquota.group
– initialize database• quotacheck -avug
– activate quotas• quotaon -ug /home
![Page 12: Intro to Linux (cont)](https://reader036.fdocuments.net/reader036/viewer/2022062411/56816935550346895de0913f/html5/thumbnails/12.jpg)
quotas• steps to implement: (cont'd)
– system startup scripts (/etc/init.d/boot.local)• quotacheck -avug• quotaon -avug
– edit /etc/crontab• 0 3 * * * root /sbin/quotacheck -avug
![Page 13: Intro to Linux (cont)](https://reader036.fdocuments.net/reader036/viewer/2022062411/56816935550346895de0913f/html5/thumbnails/13.jpg)
quotas• system administration commands:
– quota -uv <user> u = user– quota -gv <group> g = group
– quotaon -u <filesystem> a = all– quotaon -g <filesystem> v = verbose– quotaon -a
– quotaoff -u <filesystem>– quotaoff -g <filesystem>– quotaoff -a
![Page 14: Intro to Linux (cont)](https://reader036.fdocuments.net/reader036/viewer/2022062411/56816935550346895de0913f/html5/thumbnails/14.jpg)
quotas• system administration commands:
(cont'd)– quotacheck -u <filesystem>– quotacheck -g <filesystem>– quotacheck -a
– edquota -u <user> define / modify
– edquota -g <group> quotas!
– repquota -u <filesystem> summary report– repquota -g <filesystem> quotas– repquota -a
![Page 15: Intro to Linux (cont)](https://reader036.fdocuments.net/reader036/viewer/2022062411/56816935550346895de0913f/html5/thumbnails/15.jpg)
iptables and firewalls• Linux has evolved significantly over the
past five years regarding firewall software– kernel 2.0 ipfwadm– kernel 2.2 ipchains– kernel 2.4 iptables (netfilters)
• each upgrade introduced additional capabilities and simpler syntax
![Page 16: Intro to Linux (cont)](https://reader036.fdocuments.net/reader036/viewer/2022062411/56816935550346895de0913f/html5/thumbnails/16.jpg)
iptables and firewalls• iptables focuses on five facets of packet
movement into, across, and out from a gateway host
• these five facets are represented by tables– PREROUTING– INPUT– FORWARD– OUTPUT– POSTROUTING
![Page 17: Intro to Linux (cont)](https://reader036.fdocuments.net/reader036/viewer/2022062411/56816935550346895de0913f/html5/thumbnails/17.jpg)
iptables and firewalls
INPUT OUTPUT
FORWARD
PRE POST
![Page 18: Intro to Linux (cont)](https://reader036.fdocuments.net/reader036/viewer/2022062411/56816935550346895de0913f/html5/thumbnails/18.jpg)
iptables and firewalls• each table consists of rules pertaining to
packets– source / source port– destination / destination port– interface– protocol: icmp, udp, tcp
• each rule specifies and action– -j ACCEPT– -j DROP no answer to
sender– -j REJECT answer to sender
![Page 19: Intro to Linux (cont)](https://reader036.fdocuments.net/reader036/viewer/2022062411/56816935550346895de0913f/html5/thumbnails/19.jpg)
iptables and firewalls• rules within each table are processed in
order– first rule to match triggers action
• creating iptable rules is a non-trivial activity!
![Page 20: Intro to Linux (cont)](https://reader036.fdocuments.net/reader036/viewer/2022062411/56816935550346895de0913f/html5/thumbnails/20.jpg)
Package Management
![Page 21: Intro to Linux (cont)](https://reader036.fdocuments.net/reader036/viewer/2022062411/56816935550346895de0913f/html5/thumbnails/21.jpg)
RPM
![Page 22: Intro to Linux (cont)](https://reader036.fdocuments.net/reader036/viewer/2022062411/56816935550346895de0913f/html5/thumbnails/22.jpg)
Apt