quartz/content/notes/06-network-system-administration.md

title	tags
06-network-system-administration	lecture cosc301

security awareness

• physical and network attacks
• security

Computer/Internet hazards

• SPAM/UCE (Unsolicited Commercial Email)
• Phishing
• Disk crashes/data loss
• Loss of services due to outage
• TCP/IP spoofing and sniffing (privacy)
• Pornography
• Ignorant users
• Grumpy (former) employees
• Administrators of the untrained kind

broken symlink

• broken symlilnk/softlink can be a risk
• If it is pointing to a location that is accessible by an attacker, it ends up retrieving a file belong to the attacker.
• If it is a web server, you end up retrieve and present the attacker’s information.
• Solution: NO_FOLLOW flag to stop following the symlink.

Roles in network community

• Important roles include users, hosts, network components e.g. routers and operating systems.
  • Users - should be trained to be aware of the community. Human beings are usually the weakest link.
  • Host machines - should be allocated different tasks on different server machines
  • Routers/gateways
  • affect network security and performance
  • OS - have different pros and cons
  • UNIX/Linux, Windows, MAC OS, Netware

Host Management

• Shutting down a host
  • Turn off the power?
  • Should use command shutdown
  • shutdown -h time halt the system. time can be now.
  • shutdown -r time reboot the system
• Log files and audits: health barometer of a host
  • syslogd: a daemon for logging messages. Its configuration file is /etc/syslog.conf
  • dmesg: check kernel messages
  • lastlog: check the last login time of every user
  • syslog under /var/log: the log file of the system
  • They should be rotated regularly

User Management

• User account

  • Includes all the files, resources, and info belonging to one user. For commercial systems, it may include billing info.

• Create a new account

  • adduser
  • Account info: username, password, user id, group id, full name of user, home directory, login shell
  • In the /etc/passwd file,
    • Amber❌1000💯Amber Dawn:/home/amber:/bin/bash
  • Check after adding

• Involved files

  • /etc/passwd, /etc/group, /etc/shadow
  • In /etc/shadow,
  • Chloe:$2a$05$wa7xVOqOH4lVOrh.qa9ivSX0G0QUCFqbk11YV6:14743:0:99999:7:::
  • Username:encrypted password:last password change:minimum:expiration⚠️disabled:diabled date:reserved

• User login environment

  • .bash_profile, .bashrc, /etc/profile
  • Place global files such as profile under /etc

• Other scripts can be referred in it

  • Use env/set to check/set your environment

• Paths and prompts

  • Keep a copy of your shell scripts (initial setups) in order to survive them from upgrade of OS/software

• For more detailed info, man bash

• Password

  • Very important for security
  • Should not be names of persons, books, places, your computer, nor your phone number, birthday, car registration plate, login name, words in dictionaries, keyboard sequence
  • Should be composed of letters (lower and upper cases), digits, and special characters like $,@
  • Refer to http://en.wikipedia.org/wiki/Password_strength
  • passwd imposes similar rules to make passwords secure.
  • Change frequently

• User id and group id

  • Users should be divided into groups for security reasons, e.g. students, staff, admin
  • Special users/groups: nobody, mail, ftp

• addgroup

  • In /etc/group,
  • video❌33:hzy,paul,kai
  • Group name:password:group id;list of members

• Remove a user: deluser – The relevant lines from /etc/passwd, /etc/group, and /etc/shadow will be removed. – It is a good idea to first disable the account before you start removing stuff

• Disable a user temporarily – A better way when you are not sure if a user will come back – Way 1: Put an * in the password field of /etc/shadow – Way 2: use passwd -{l|u} username – Way 3: Change the login shell to a script file