110 Security KT Flashcards
110.1 Perform security administration tasks
The following is a partial list of the used files, terms and utilities:
find passwd fuser lsof nmap chage netstat sudo /etc/sudoers su usermod ulimit who, w, last
find
Command: GNU find searches the directory tree rooted at each given starting-point by evaluating the given expression from left to right, according to the rules of precedence until the outcome is known, at which point find moves on to the next file name.
find [-H] [-L] [-P] [-D debugopts] [-Olevel] [starting-point…] [expression]
passwd
Command: The passwd command changes passwords for user accounts. A normal user may only change the password for his/her own account, while the superuser may change the password for any account.
passwd [options] [LOGIN]
fuser
Command: fuser displays the PIDs of processes using the specified files or file systems.
fuser [-fuv] [-a|-s] [-4|-6] [-c|-m|-n space] [ -k [-i] [-M] [-w] [-SIGNAL] ] name …
lsof
Command: lsof revision 4.91 lists on its standard output file information about files opened by processes.
lsof [ -?abChlnNOPRtUvVX ] [ -A A ] [ -c c ] [ +c c ] [ +|-d d ] [ +|-D D ] [ +|-e s ] [ +|-E ] [ +|-f [cfgGn] ] [ -F [f] ] [ -g [s] ]
[ -i [i] ] [ -k k ] [ -K k ] [ +|-L [l] ] [ +|-m m ] [ +|-M ] [ -o [o] ]
[ -p s ] [ +|-r [t[m]] ] [ -s [p:s] ] [ -S [t] ] [ -T [t] ] [ -u s ]
[ +|-w ] [ -x [fl] ] [ -z [z] ] [ -Z [Z] ] [ – ] [names]
nmap
Command: Nmap (“Network Mapper”) is an open source tool for network exploration and security auditing.
nmap [Scan Type…] [Options] {target specification}
chage
Command: The chage command changes the number of days between password changes and the date of the last password change.
chage [options] [LOGIN]
netstat
Command: Netstat prints information about the Linux networking subsystem. The type of information printed is controlled by the first argument.
netstat [address_family_options] [–tcp|-t] [–udp|-u] [–udplite|-U] [–sctp|-S] [–raw|-w] [–l2cap|-2] [–rfcomm|-f] [–listening|-l] [–all|-a] [–numeric|-n] [–numeric-hosts] [–numeric-ports] [–numeric-users] [–symbolic|-N] [–extend|-e[–extend|-e]] [–timers|-o] [–program|-p] [–verbose|-v] [–continuous|-c] [–wide|-W]
sudo
Command: sudo allows a permitted user to execute a command as the superuser or another user, as specified by the security policy.
sudo [-AbEHnPS] [-C num] [-g group] [-h host] [-p prompt] [-r role] [-t type] [-T timeout] [-u user] [VAR=value] [-i | -s] [command]
/etc/sudoers
The /etc/sudoers file controls who can run what commands as what users on what machines and can also control special things such as whether you need a password for particular commands.
su
Command: su allows to run commands with a substitute user and group ID.
su [options] [-] [user [argument…]]
usermod
Command: The usermod command modifies the system account files to reflect the changes that are specified on the command line.
usermod [options] LOGIN
ulimit
Command: The ulimit utility sets or reports the file-size writing limit imposed on files written by the shell and its child processes (files of any size may be read).
/usr/bin/ulimit [-f] [blocks]
ulimit [-[HS][c|d|f|n|s|t|v]] limit
who, w, last
who: Print information about users who are currently logged in.
who [OPTION]… [ FILE | ARG1 ARG2 ]
w: w displays information about the users currently on the machine, and their processes.
w [options] user […]
last: last searches back through the /var/log/wtmp file (or the file designated by the -f option) and displays a list of all users logged in (and out) since that file was created.
last [options] [username…] [tty…]
110.2 Setup host security
The following is a partial list of the used files, terms and utilities:
/etc/nologin /etc/passwd /etc/shadow /etc/xinetd.d/ /etc/xinetd.conf systemd.socket /etc/inittab /etc/init.d/ /etc/hosts.allow /etc/hosts.deny
/etc/nologin
The file /etc/nologin.txt exists to support the nologin command/utility. The /etc/nologin.txt will displays its contents to the user instead of the default message.
/etc/passwd
/etc/passwd is a text file that contains the attributes of each user or account on a computer running Linux or another Unix-like operating system.