Basic Administration and Security - LINUX: Easy Linux For Beginners, Your Step-By-Step Guide to Learning The Linux Operating System and Command Line (2015)

LINUX: Easy Linux For Beginners, Your Step-By-Step Guide to Learning The Linux Operating System and Command Line (2015)

Chapter Eight: Basic Administration and Security

Your system is up and running now and the next thing you should think about is securing it. System administrators consider two aspects of security– host security and network security. If multiple users are using a computer, user directories and files should be secured and should not be accessed by any unauthorized person. Since your computer is connected to the internet, you have to protect it from access over the internet too. Let’s discuss about these in the next sections.

Basic System Administration

Similar to popular operating systems like Windows and Mac OS, Linux distributions also come with GUI tools that can be used for performing administrative tasks. Adding and removing user accounts, performing software upgrades, managing hardware, installing new applications, maintaining the system’s performance, and setting up and monitoring security are some of the activities that an administrator executes.

Figure 25: SUSE YaST for Administrative Tasks

The administrative tasks mentioned above can be performed using the YaST Tool when using SUSE. These functionalities are also available in Ubuntu and Fedora distributions.

Figure 26: Settings Screen for Ubuntu

Figure 27: Settings Screen for Fedora

Monitoring System Performance

To effectively monitor your computer’s performance, the following aspects should be checked:

· CPU and Memory Usage

To see the processes that are consuming the most CPU resource and memory allocation, use thetop command. This command displays the CPU load and used memory averages, the process IDs, the percentage of CPU used by the process, and the percentage of the memory used.Thetop command results are refreshed every 5 seconds.To exit thetop command output display, press Q.

Figure 28: top command

To get asnapshot of the system status at the time the command was issued, useuptime. This command prints the load average for the last one, five, and fifteen minutes.

· Hard disk space

Monitor the hard disk space to ensure that there is enough space for the system to perform tasks such as logging and backups.Use thedf-h command to validate the disk space.

Here’s a sample output:

Filesystem Size Used Avail Use % Mounted on

/dev/hda1 7.1G 3.9G 2.9G 59% /

/dev/hda2 99M 18M 77M 19% /boot

In the monitoring, set specific thresholds at which you, as the administrator will take an action. For example, once the used disk space percentage reaches a certain threshold like 80%, do a file cleanup to free up disk space. If the CPU reaches the allowed threshold, investigate which processes are using up the resources and do the necessary action (eg. wait for a process to finish, kill a process, etc). This is similar to killing processes in windows using the Task Manager.

User Management

Linux automatically creates multiple user accounts upon installation, even if you are the only one using your computer. The system uses these accounts for running programs. Different accounts safeguard the system, including files and directories, from unauthorized access. Users can be assigned to groups for easier facilitation.

To add, modify, or delete a user or group account, you can either use the GUI or do it via the command line. As a beginner, it would be good for you to try out both so you can see which one is the best method for you.

Managing Users and Groups Via GUI

Open YaST if you are using SUSE or the equivalent Settings Menu in your distribution. Click on the Security and Users or any similar User Management category.

Figure 29: YaST Add User

Click on the Add user button and supply the necessary information such as the user’s full name, preferred username, and password. You can explore and configure additional information such as login attempt limit, password settings, and user groups. Once done, click on the OK button to continue creating the user account.

You can also modify or delete an account using the GUI. Perform the necessary account modifications and click on the OK button to proceed with the changes.

To create, modify, or delete a group, select Groups instead of users. The photo below shows the YaST screen for adding a new group. Provide the necessary information and click on the OK button to finish creating the group.

Figure 30: Add Group

Managing Users and Groups via CLI

Adding a new user via CLI consist only of a few lines of command. First, login as root by using the commandsu–

Use the command below to create a new account:

/usr/sbin/useradd -c "Kevin Jones" kjones

Next, set the password. Once you issue the command below, you will be prompted twice to enter and confirm the password.

passwd kjones

To modify an account, use theusermod command paired with the option that pertains to the information that you want to modify. To delete the user account, use the/usr/sbin/userdel username command.

To add a user group, you need to use the commandgroupadd groupname

For example, let’s create a group named office. To create this group, enter the command below.

groupadd office

Since Kevin is a colleague at work, we will add him to the office group. To do this, use the command below:

usermod -G office kjones

To delete the group, use the commandgroupdel office

Again, I encourage you to use themancommand to know more about the options that can be used for a specific command.

File Ownership

A user and group account owns a Linux file or directory.To see the owner of a particular file, use the commandls –l filename

Here is a sample output of the command. Choose a filename and try it on your terminal too!

-rw-rw-r-- 1 kjones office 40909 Jul 16 20:37 file1.txt

The first set of letters stands for the permission settings (execute, read, write). The second part with the value of kjones office signifies the user account and the group account that owns the file.

In case you want to change the ownership of the file fromkjones to another userrbentley, login as root and use the command below:

chown rbentley file1.txt


Also, to change the group owner of the file, input the command:

chgrp staff file1.txt


Basic Security in Linux

Setting-up Passwords

When creating an account, make it a point as an administrator to create good passwords that are difficult to crack. Remember to stay away from passwords formed from personal information (such as birthdays, street address, or names), single words that can be found in the dictionary, and simple combinations of alphanumeric numbers.

Use a password that contains mixed case (upper and lower case letters), has numbers or punctuations, or is written in reverse order. Also implement other preventive mechanism such as prompting the user to change his password every X number of days and to lock an account after Y number of login attempts.

Files Protection

To protect files from unauthorized access (view and modify), revisit your file permissions setting. In the preceding section, we talked about assigning the user and group owner for a file. Next, we need to specify the correct file permissions for the owner, the group, and global (all other users).

Let’s go back to the result of an ls command:

rw-rw-r-- 1 kjones office 40909 Jul 16 20:37 file1.txt

The first set of letters (in green) signifies the file permissions for the user. The next set (in blue) is for the group, while the section in orange stands for the global permission.

· r – permitted to read the file contents

· w – permitted to write on the file

· x – permitted to execute (if the file contains a bash script)

This means that kjones has read and write permissions to the file. This is the same permission as the office group account. All other users (global) will only be allowed to read the file.

To change permissions, use the octal representation of the permission and specify the value for the 3 levels (user, group, and global).

Permission

Representation

rwx

7

rw-

6

r--

4

r-x

5

--x

1

Table 11: Permission Values

Let’s now try to remove the write access from the group.

chmod 644 file1.txt

When you list the details for file1.txt again, the write access for the group should be already removed.

rw-r--r-- 1 kjones office 40909 Jul 16 20:37 file1.txt

There are several ways to secure your system such as setting up firewalls, securing internet services, and encrypting files, and using digital certificates. For the purposes of this book (Linux for Beginners), I only discussed the basic and initial security practices.

In the next chapter, I will give an overview about scripting, which is another aspect that you can practice in if you want to learn more about Linux.