--- title: "06-network-system-administration" tags: - lecture - cosc301 --- security awareness - physical and network attacks - [[security]] Computer/Internet hazards - SPAM/UCE (Unsolicited Commercial Email) - Phishing - Disk crashes/data loss - Loss of services due to outage - TCP/IP spoofing and sniffing (privacy) - Pornography - Ignorant users - Grumpy (former) employees - Administrators of the untrained kind broken symlink - broken symlilnk/softlink can be a risk - If it is pointing to a location that is accessible by an attacker, it ends up retrieving a file belong to the attacker. - If it is a web server, you end up retrieve and present the attacker’s information. - Solution: NO_FOLLOW flag to stop following the symlink. Roles in network community - Important roles include users, hosts, network components e.g. routers and operating systems. - Users - should be trained to be aware of the community. Human beings are usually the weakest link. - Host machines - should be allocated different tasks on different server machines - Routers/gateways - affect network security and performance - OS - have different pros and cons - UNIX/Linux, Windows, MAC OS, Netware Host Management - Shutting down a host - Turn off the power? - Should use command shutdown - shutdown -h time halt the system. time can be now. - shutdown -r time reboot the system - Log files and audits: health barometer of a host - syslogd: a daemon for logging messages. Its configuration file is /etc/syslog.conf - dmesg: check kernel messages - lastlog: check the last login time of every user - syslog under /var/log: the log file of the system - They should be rotated regularly User Management - User account - Includes all the files, resources, and info belonging to one user. For commercial systems, it may include billing info. - Create a new account - adduser - Account info: username, password, user id, group id, full name of user, home directory, login shell - In the /etc/passwd file, - Amber:x:1000:100:Amber Dawn:/home/amber:/bin/bash - Check after adding - Involved files - /etc/passwd, /etc/group, /etc/shadow - In /etc/shadow, - Chloe:$2a$05$wa7xVOqOH4lVOrh.qa9ivSX0G0QUCFqbk11YV6:14743:0:99999:7::: - Username:encrypted password:last password change:minimum:expiration:warning:disabled:diabled date:reserved - User login environment - .bash_profile, .bashrc, /etc/profile - Place global files such as profile under /etc - Other scripts can be referred in it - Use env/set to check/set your environment - Paths and prompts - Keep a copy of your shell scripts (initial setups) in order to survive them from upgrade of OS/software - For more detailed info, man bash - Password - Very important for security - Should not be names of persons, books, places, your computer, nor your phone number, birthday, car registration plate, login name, words in dictionaries, keyboard sequence - Should be composed of letters (lower and upper cases), digits, and special characters like $,@ - Refer to http://en.wikipedia.org/wiki/Password_strength - passwd imposes similar rules to make passwords secure. - Change frequently - User id and group id - Users should be divided into groups for security reasons, e.g. students, staff, admin - Special users/groups: nobody, mail, ftp - addgroup - In /etc/group, - video:x:33:hzy,paul,kai - Group name:password:group id;list of members - Remove a user: deluser – The relevant lines from /etc/passwd, /etc/group, and /etc/shadow will be removed. – It is a good idea to first disable the account before you start removing stuff - Disable a user temporarily – A better way when you are not sure if a user will come back – Way 1: Put an * in the password field of /etc/shadow – Way 2: use passwd -{l|u} username – Way 3: Change the login shell to a script file