CIS 218 Advanced UNIX 1 User and System Information CIS 218.

Slides:

Advertisements

Similar presentations

Detecting Intruders from log files and traces Special Intruder Detection Systems (IDS) are now a market niche, and there are many products on the market.

Advertisements

Race Condition Zutao Zhu 10/09/09. Outline Race Condition –Some functions –File format of /etc/passwd and /etc/shadow –Input Redirection Format-string.

Unix Refresher This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.

Linux+ Guide to Linux Certification, Second Edition Chapter 14 Network Configuration.

User Account Management WeeSan Lee. Roadmap Add An Account Delete An Account /etc/{passwd,shadow} /etc/group How To Disable An Account? Root Account Q&A.

Syslogd Tracking system events. Log servers Applications are constantly encountering events which should be recorded –users attempt to login with bad.

Information Networking Security and Assurance Lab National Chung Cheng University Investigating Unix System.

Linux+ Guide to Linux Certification, Second Edition

Chapter 3 Unix Overview. Figure 3.1 Unix file system.

CS 497C – Introduction to UNIX Lecture 35: - TCP/IP Networking Tools Chin-Chih Chang

1 Network File System. 2 Network Services A Linux system starts some services at boot time and allow other services to be started up when necessary. These.

Linux System Administration LINUX SYSTEM ADMINISTRATION.

Va-scanCopyright 2002, Marchany Securing Solaris Servers Randy Marchany.

Chapter 3.1:Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access.

New SA Training Topic 9: Logging, Monitoring, and Performance  Logging  Windows – “Auditing”  Linux – syslog  Monitoring  MRTG  Big Brother  Performance.

Linux Filesystem Management

Mid 1960 ’ s - Multics - proposed by AT&T, Honeywell, GE & MIT; funded by DARPA Thompson & Ritchie create Unix 1978 to 84 - Bill Joy & Chuck Haley.

System Monitoring and Automation CSCI N321 – System and Network Administration Copyright © 2000, 2011 by Scott Orr and the Trustees of Indiana University.

Guide to Linux Installation and Administration, 2e1 Chapter 8 Basic Administration Tasks.

ITI-481: Unix Administration Meeting 5. Today’s Agenda Network Information Service (NIS) The Cron Program Syslogd and Logging.

CIS 191 – Lesson 2 System Administration. CIS 191 – Lesson 2 System Architecture Component Architecture –The OS provides the simple components from which.

CIS 450 – Network Security Chapter 16 – Covering the Tracks.

Adding New Users User as an entity - username(UID), GID. UID - typically a number for system to identify the user. GID – a number that recognizes a set.

ITI-481: Unix Administration Meeting 3. Today’s Agenda Hands-on exercises with booting and software installation. Account Management Basic Network Configuration.

IT2204: Systems Administration I 1 6b). Introduction to Linux.

Linux+ Guide to Linux Certification, Second Edition Chapter 14 Network Configuration.

System Monitoring and Automation. 2 Section Overview Automation of Periodic Tasks Scheduling and Cron Syslog Accounting.

TELE 301 Lecture 10: Scheduled … 1 Overview Last Lecture –Post installation This Lecture –Scheduled tasks and log management Next Lecture –DNS –Readings:

Day 11 SAMBA NFS Logs Managing Users. SAMBA Implements the ability for a Linux machine to communicate with and act like a Windows file server. –Implements.

1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.

Guide to Linux Installation and Administration, 2e1 Chapter 10 Managing System Resources.

Linux+ Guide to Linux Certification, Third Edition

Adv. UNIX: info/191 Advanced UNIX v Objectives –examine a few system data files (and their C interfaces) which record user and system information.

Linux Administration. Pre-Install Different distributions –Redhat, Caldera, mandrake, SuSE, FreeBSD Redhat Server Install –Check HCL –Significant issues.

Users Greg Porter V1.0, 26 Jan 09. What is a user? Users “own” files and directories Permission based on “ownership” Every user has a User ID (UID) 

Managing Users  Each system has two kinds of users:  Superuser (root)  Regular user  Each user has his own username, password, and permissions that.

Guide To UNIX Using Linux Third Edition Chapter 8: Exploring the UNIX/Linux Utilities.

Ch11: Syslog and Logfiles Presented by: Apichana Thiantanawat 06/11/02.

1 Periodic Processes and the cron Daemon The cron daemon is where all timed events are initiated. The cron system is serviced by the cron daemon. What.

Unix Security.  Security architecture  File system and user accounts  Integrity management  Auditing and intrusion detection.

Chapter 3 & 6 Root Status and users File Ownership Every file has a owner and group –These give read,write, and execute priv’s to the owner, group, and.

1 Chapter 9 Intruders. 2 Outline Intruders –Intrusion Techniques –Password Protection –Password Selection Strategies –Intrusion Detection Statistical.

FTP File Transfer Protocol Graeme Strachan. Agenda  An Overview  A Demonstration  An Activity.

1 LINUX SECURITY. 2 Outline Introduction Introduction - UNIX file permission - UNIX file permission - SUID / SGID - SUID / SGID - File attributes - File.

1 Daemons & inetd Refs: Chapter Daemons A daemon is a process that: –runs in the background –not associated with any terminal Unix systems typically.

CCNA4 v3 Module 6 v3 CCNA 4 Module 6 JEOPARDY K. Martin.

Chapter 9 Intruders.

ITI-481: Unix Administration Meeting 3 Christopher Uriarte, Instructor Rutgers University Center for Applied Computing Technologies.

System Administration. Logging in as System Administrator System Admin login (aka superuser, aka root) –login id: root –Default PS1 prompt: # –Home directory:

SCSC 455 Computer Security Chapter 3 User Security.

Lecture – Users and groups

CSC414 “Introduction to UNIX/ Linux” Lecture 6. Schedule 1. Introduction to Unix/ Linux 2. Kernel Structure and Device Drivers. 3. System and Storage.

Chapter 6 Adding New Users. Computer Center, CS, NCTU 2 Steps to add a new user 1.Edit the password and group files >vipw, pw 2.Set an initial password.

1 Introduction to Unix. 2 What is UNIX?  UNIX is an Operating System (OS).  An operating system is a control program that helps the user communicate.

Managing Users CSCI N321 – System and Network Administration Copyright © 2000, 2011 by Scott Orr and the Trustees of Indiana University.

Hesiod Jonathan Reed What is Hesiod? The Hesiod Name Service is an important component of Athena. Used transparently by Athena, user rarely.

APRICOT 2008 Network Management Taipei, Taiwan February 20-24, 2008

ITIS 3110 IT Infrastructure II

Chapter 11: Managing Users

Chapter 2: System Structures

Log management AfNOG 2008 Rabat, Morocco.

Adding New Users, Storage, File System

Unix Access Control Basic CE 2

Unix : Introduction and Commands

LINUX SYSTEM ADMINISTRATION

Daemons & inetd Refs: Chapter 12.

Module 13 System and User Security

Linux Filesystem Management

Rootly Powers Chapter 3.

Adding New Users.

Presentation transcript:

CIS 218 Advanced UNIX 1 User and System Information CIS 218

CIS 218 Advanced UNIX 2 System resources v System resources: cpu, memory, disk, processes (32K or 64K)  Display CPU using: top  Display CPU/Memory using: vmstat  Display disk using: iostat or vmstat  Display disk using: ps –ef, ps aux, ps -aux

CIS 218 Advanced UNIX 3 File Systems  Separate areas on disks are placed under different directories called mountpoints  The are displayed with the mount command  Different areas can be formatted with different filesystem formats.  The are displayed with the df command

CIS 218 Advanced UNIX 4 /etc/passwd v The password file: root:jheVopR58x9Fx:0:1:The superuser:/:/bin/sh nobody:*:65534:65534::/: stevens:3hKVD8R58r9Fx:224:100: Richard Stevens:/home/stevens:/bin/ksh v Colon separates seven fields:userid, encrypted password, uid, gid, user info (finger), HOME –$ man passwd

CIS 218 Advanced UNIX 5 Special /etc/passwd values  root has the user ID 0 v “system” uids less than 100  nobody cannot login, but programs can run as nobody. nobody can only access world readable or writable files  / sbin/nologin used for “daemon” processes that don’t login but used to secure files and directories

CIS 218 Advanced UNIX 6 /etc/shadow  Passwords now stored in /etc/shadow  The password is encrypted using crypt() –one-way: there is no known way to decrypt (decode) a password  nobody cannot login, but programs can run as nobody. nobody can only access world readable or writable files

CIS 218 Advanced UNIX 7 /etc/shadow  /etc/shadow stores encrypted password strings –only readable by root. suid by login –/etc/passwd contains only ‘ x ’s in its password fields –In older systems pwconv pwconv converts to /etc/shadow usage  This prevents password cracking by copying /etc/passwd and then using ‘guess and test’ –many passwords are very simple unless newer system enforces password xcompleity rules.

CIS 218 Advanced UNIX 8 Finger  finger accesses the GECOS field: stevens:3hKVD8R58r9Fx:224:100: Richard &, B232, , : /home/stevens:/bin/ksh –different fields within GECOS are separated by commas: u user name, office, work and home phone numbers –& is replaced by the capitalised user name

CIS 218 Advanced UNIX 9 / etc/group v Lists every group on the system, an optional password, its group ID, and the users who are members: wheel:*:0:root, rachel uucp:*:10:uucp vision:AweHG67Ket4Ds:101:keith, arlin users:*:100: $ man group

CIS 218 Advanced UNIX 10 Joining Groups  /etc/group lists group users in addition to the ones who are members because of their /etc/passwd group ID. –e.g. stevens is in users because he has group ID 100  A user can change group with newgrp –usually must be a member of that group –some groups have passwords (e.g. vision )

CIS 218 Advanced UNIX 11 Supplementary Group IDs v In earlier UNIXs, each user belonged to one group at a time. –change was possible with newgrp v Current systems use same uid and gid by default for ordinary user ids v Some UNIXs now have supplementary group IDs: –a user can belong to up to 16 additional groups –no longer need to use newgrp (so much)

CIS 218 Advanced UNIX 12 v Keeps track of the network addresses for every host on the local network. v Often incomplete since the system can also ask address servers on other machines.  Typical /etc/hosts : localhost ratree.psu.ac.th ratree loghost ns.psu.ac.th ns ratree2.psu.ac.th ratree2 /etc/hosts

CIS 218 Advanced UNIX 13 /etc/protocols v Stores details about network protocols supported by the system.  Fragment of /etc/protocols : tcp 6 TCP # transmission control protocol : udp 17 UDP # user datagram protocol :

CIS 218 Advanced UNIX 14 /etc/services v Stores details on the network services supported by the system –built on top of network protocols  Fragment of /etc/services ftp21/tcp smtp25/tcpmail : irc194/tcp# internet relay chat irc194/udp :

CIS 218 Advanced UNIX 15 Login Accounting  /var/run/utmp –records which users are currently logged in –used by who, users, finger, ps –may be located in /var/adm/  /var/log/wtmp –records all logins, logouts, shutdowns, reboots –used by last –may be located in /var/adm/

CIS 218 Advanced UNIX 16 last (reboot)  Displays wtmp in an understandable form. v Lists all logins, logouts, etc. since file creation.  $ last | grep boot reboot System boot Fri Aug 15 22:15 reboot System boot Fri Aug 15 15:21 reboot System boot Fri Aug 4 17:24 reboot System boot Fri Aug 4 15:41 continued

CIS 218 Advanced UNIX 17 last (user)  $ last rich ttypbmit.usa Tue Aug 19 13:19 still logged in zonkttyp Tue Aug 19 13: :14 (00:02) rich ttypalisa.ac.thTue Aug 19 13:11 still logged in zonk ttyp3lennyTue Aug 19 12: :21 (00:14) :  $ last rich rich ttypbmit.usaTue Aug 19 13:19 still logged in rich ttypafoo.lisa.ac.th Tue Aug 19 13:11 still logged in rich ttyp0goo.lisa.ac.th Mon Aug 18 11: :45 (00:44) rich ftpmit.usaSat Aug 16 00: :04 (00:01)

CIS 218 Advanced UNIX 18 The System Log: syslog syslogd user process /dev/log UDP port 514 /dev/klog kernel routines Unix domain datagram socket Internet domain datagram socket TCP/IP network syslog() files, console or Kernel log() $ man syslogd

CIS 218 Advanced UNIX 19 Logging Messages  Any program can generate log messages using syslog(). v A log message includes: –the program name, a facility, a priority, and the message text v Example: login: Root LOGIN REFUSED on ttya –sent by an authorization facility ( login ); it is critical

CIS 218 Advanced UNIX 20 Some syslog Facilities  NameFacility kern The kernel. user Regular user processes. mail The mail system. lpr The printer system. : auth The authorization system, or programs that ask for user names and passwords (e.g. login, su, getty, ftp ).

CIS 218 Advanced UNIX 21 Some Syslog Priorities (levels)  PriorityMeaning emerg Emergency (e.g. crash). alert Fix immediately (e.g. bad db). crit Critical (e.g. hardware error). err Ordinary error. : notice Not an error, but important. : debug Debug messages.

CIS 218 Advanced UNIX 22 Other system info commands uptime system since last reboot w who. Lists users, login times, and status. finger Shows personal information. date Shows current date and time. man MANual pages. Complete online reference. ps ProceSses. Show programs are being run. top shows top users of CPU and RAM (see also ps -aux and vmstat) unameDisplay UNIX information iostatdevice utilization vmstatvirtual memory statistics sarsystem activity reporter iostat some systems, displays disk IO activity df (-v) display file system utilization df (-v) display file system utilization dudisplay directory utilization mount display file system mountpoints, type hostnamedisplay the hostname dmesgdisplay OS startup info ulimitsystem resource limits (see /etc/security/limits.conf)