LPI 101-500 – 110.1: Perform security administration tasks
- find, chage, passwd, ulimit, lsof, fuser
This is now the first video on the last major issue, which is safety. You are already familiar with most of the commands that you will find on the overview page for this chapter 110 one. This topic is only about using them to increase the security of the system or to detect security threads. Let’s start with Find. First, files can be found using Find. For example, if you want to display all text files in a folder, then you could use Find home manual and then Name, and then for example, txt. As I said, the aim here is to detect security threats with the help of Find. How can this work? You can use Find not only to search for specific names, but also to search for specific permissions.
For example, there are programs that work with a set uid bit, user can operate a program with elevated rights, so to speak. With some programs this is necessary, but it can also be a security risk. To find programs that use the suid bit, you could use the following command pseudo find and then permu plus s for example so we are looking from the root directory and we are looking for permissions and we are looking for programs that have the suid bit set. And as you can see, we have a lot of these programs. And now you could investigate if there are programs that do not need such a bit and then you can change that. Of course.
We can of course also search for programs that have set the sgid bit with pseudo find and then root again with the option perm and then g plus s. And now we also find some files here. The password command is used to set a password for user. This is exactly how we got to know it before. And this is also how it is explained here in this chapter. So password changing password, current password is this one and new password and retype of the new password. Okay, password is unchanged because I’ve typed in three times the same password, so it does not work. So I have to choose another password. Check this one and now it works.
Okay, with the change command we can determine when a password expires, when a password should be changed, and so on. So change l and we will not go through the exact options again at this point. Should you no longer know how this works, please take a look at the relevant chapter again. The security of the system not only includes the security settings that must be set to keep threads from inside and outside, this also includes settings that should be used to or that should be used so that a single user does not unintentionally use the full resources of a server. And the server is so busy that it can no longer perform various tasks. This is where the U Limit program comes into play.
With U Limit we can set appropriate limits for users. With you limit and the option A, we can display the current limits on the system. And here we can see things like the maximum memory size, the maximum open files, the maximum file size and so on. With ulimit the man page doesn’t help us much and that’s it. As I said, manpage does not help. Better is here U limit help. And here we see the options we can use to change certain ulimit values. At the very top we see the options S for soft and H for hard. What does that mean? The so called hard limit limit, which can be set with age, is a limit set by the root.
The soft limit can be changed by the user himself, but only up to the set heart limit value. We can try that out right away. I would log in as root and set the heart limit for the core size of files. At the moment it is zero, so there is no limit. And then u limitc 500. We will check you limit A, and here you see the 50,000. So 50 megabytes were taken over of the core file size. Now as a user I’m trying to change something so you limit C 30,000, and that worked before. So we have the confirmation here 30,000. Let’s try to set the limit to 60,000. You limit C 60,000 and we get an error message that this is not possible.
This is due to the set hard limit of 50 megabytes, which we have just set as root. The program’s netstat and nmap can be used to detect security threats in which programs establish connections to other computers outside the network unnoticed. We have discussed in detail how nmap and netstart work in the last few videos, which is why I won’t go into it again here. If you are unsure, just watch the corresponding lessons. Again, we come to the topic of open files. The lsof command lists files that are currently open on the system. incidentally, lsof is the abbreviation for lists open files.
Okay, I will run lsof now. All files are now displayed that are open system wide. Since that’s a lot, lsof is less likely to be used without options, the option that is often used here is probably option I. lsof with the I option shows files that are opened and connected to the Internet. So you can also check whether there is a program that we don’t even know. In my case it is only the firefox browser, and that’s okay. firefox browser needs the Internet or need access to the Internet, of course. Otherwise you can still use lsof to find out which programs might be blocking something.
Example you want to unplug USB stick, but you get a message that this is currently not possible because the device is currently in use. With lsof, you can check which process is accessing the USB stick in order to close it if necessary to do this, just use the command lsof and the path to the USB stick. For example lsof media USB and in my case I don’t have a USB stick now on my computer, so of course I get an error message here and not but normally as a result you would then be shown the program including the process ID and then you could close or kill this program.
A very similar program is the F user program or fuser. Unlike lsof, we can’t just start fuser as a single command. See, we only get a help page here. We always have to attach a file or directory to this program. For example fusel home manual and here we now get different results. These are all process IDs. With PS we can find out which programs the process IDs belong to. For example PS EF grab and then 2840. And here it is something with X server so X authority so you can find out which processes open here.
- w, who, sudo, su, /etc/sudoers
We come to the W and who commands, both of which are very similar. W shows us who is currently locked into the system and what this person is currently doing. Just the W and we see that I am currently the only one who works on the system, which terminal I use, since when I have been locked in and what I am currently doing. By the way, look at the first line. This one here. Does it look familiar to you? It is the same line that you get with uptime line for home use. You will probably know or not need W in networks in which there are several administrators. It may well be that there are currently several admins on the server to solve a problem or to carry out other tasks.
With W you can get an overview. The who program basically does exactly the same thing. Who also shows us who is currently locked onto the server. To do this, however, we have to use the U option. U shows the registered user. So who you? I’m still the only one. Of course, another interesting option would be the option D. D stands for debt and indicates debt processes. And in my case, however, there is no debt process. The Last program shows us who was last locked into the system. So Last can be used to find out who was locked onto the system and when, and thus possibly to find out who is responsible for a major error.
Very simple example someone actually just wanted to lock out of the system, but instead accidentally restarted the entire system. Then you could of course find out from the lock file that the system was rebooted manually and with the help of Last you could see who was locked in at this time. Finally we come to working with elevated rights. Pseudo should be well known to you by now. Pseudo lets us execute a command once with root rights. I don’t think I need to do a big demonstration of pseudo here because in principle I did that almost continuously throughout the whole course. Of course, not every user is allowed to run pseudo.
Usually it is sufficient to add the user who is allowed to execute pseudo to the pseudo group. So grepseudo. And then at the group we see here that the group pseudo exists and that this group has only one member so far. With user mod you could now add more users. The Etsy suitors file is responsible for accessing pseudo. You can edit and save the file. At Cseudo is quite normal normally with VI, but it is better to use the VI sudo tool here because VI pseudo carries out a syntax check. Okay, let’s take a look at the file. Since we are not going to make any changes to this file, I will be using VI. Soudo VI at Cseudowers I have changed my password in the Last video. Sorry.
Okay, the line this one here the line root all equals all colon all. All means that the user root can do everything on the system. The line below with the percent admin says the following with percent a group is specified first. In this case the group admin. Although this group has now been abolished, it is still in this file. To maintain compatibility with older versions, we see a difference to the root line. There were two all within the brackets here, separated by a colon. In this case there is only one all. This means that any user has the appropriate rights, provided he belongs to the admin group. It’s like the command ch own here with ch own or change owner, you first enter the user and then after colon a group.
It’s the same here. In this case no group is specified. So we can say any user but not any group. Only users of the admin group fits into this line here sudo looks like root again here any user from any group any user from any group can use pseudo as long as they are member of the pseudo group. In theory you could use the pseudo’s file to define exactly which user or group is allowed to do what and what is not. For example, you could add such a line like this here I will not save that martin manual MB so the user Martin, if he existed, could execute the command shut down with the option h now on the system manual and b so you can shut down the system.
The no password option ensures that Martin does not have to enter a password here and go out as an alternative to pseudo. You can of course use also ASU is the abbreviation for switch user. This means that you can switch to another user if you have the right to do so. So if I want to switch to test user, I could do this su minus test user and now I could switch to the user test user. Of course this user has or must exist, otherwise it of course would not work. Alternatively, you can also use the following command as ul test user and that would be the same result. You could of course also look it as root with su, for example with su root and in my case this doesn’t work. I am getting legitimation error.
That’s because I didn’t have to set an extra root password when installing Ubuntu. There are two options for logging in permanently as root either I assign a password for root with password, so with the command password and yeah, then I can also use to log in as root or I use the following command pseudo su and here I also become root, but there is no separate password query. Now I can also set root’s password password and you can see that I am not asked for the old password at all, which is the confirmation that there was no separate root password so far. So now I try to switch user route. First I have to exit route, of course, as you root. And now it works too.