Shulou(Shulou.com)06/01 Report--

If you are concerned about the security of your Linux system, these commands are something you must know.

There are many problems with the security of the Linux system-from setting up accounts to ensuring that legitimate users do not have more privileges than they need to work. This article introduces some of the most basic security commands used in the daily work of Linux systems.

Sudo

Using sudo to run privileged commands-- rather than switching the user to the root user-- is an essential good practice because it helps ensure that root privileges are used only when needed and limit the impact of errors. Your access to the sudo command depends on the settings in the / etc/sudoers and / etc/group files.

$sudo adduser sharkAdding user `shark'... Adding new group `shark' (1007)... Adding new user `shark' (1007) with group `shark'... Creating home directory `/ home/shark'... Copying files from` / etc/skel'... Enter new UNIX password:Retype new UNIX password:passwd: password updated successfullyChanging the user information for sharkEnter the new value Or press ENTER for the default Full Name []: shark Room Number []: Work Phone []: Home Phone []: Other []: Is the information correct? [Y/n] Y

For example, if you run sudo and ask who you are, you will get confirmation of running the command as root.

$sudo whoamiroot

If you want to manage sudo settings for users, you also need to be familiar with visudo commands.

Visudo

The visudo command allows you to change the / etc/sudoers file by opening the file in a text editor and checking for syntax changes. Use "sudo visudo" to run the command and make sure you understand the syntax. Privileges can be assigned by users or groups. On most Linux systems, the / etc/sudoers file has been configured with groups such as the following that allow privileges to be assigned to groups set in the / etc/group file. In these cases, you don't need to use the visudo command at all-just familiarize yourself with the groups that grant root privileges in this way and update the / etc/group file.

% admin ALL= (ALL) ALL%sudo ALL= (ALL:ALL) ALL%wheel ALL= (ALL:ALL) ALL

Notice that the group name is preceded by a% symbol.

You can display the group that provides sudo access in the / etc/group file like this, because it may be one of these files:

$egrep "admin | sudo | wheel" / etc/groupsudo:x:27:shs,jdoe

The easiest way to give someone sudo privileges is to add them to / etc/group. However, this means that they can run any command as the root user. If you want some users to have root permissions on a limited set of commands (for example, add and delete accounts), you can define the commands you want them to run through command aliases:

Cmnd_Alias ACCT_CMDS = / usr/sbin/adduser, / usr/sbin/deluser

Then enable the user or group to run these commands using the sudo command with one of these commands:

Nemo ALL= (ALL) ACCT_CMDS%techs ALL= (ALL:ALL) ACCT_CMDS

The first line allows the user "nemo" to run the twp (adduser and deluser) commands using sudo, while the second line assigns the same privileges to anyone in the "tech" group in the / etc/group file.

Who and w

The who and w commands will show you who has logged in to the system, but w will show you more information, such as login location, login time, and idle time.

W 18:03:35 up 9days, 22:48, 2 users, load average: 0.00,0.00, 0.00USER TTY FROM LOGIN@ IDLE JCPU PCPU WHATjoe tty2 / dev/tty2 27Apr18 9days 7:34 0.09s / usr/lib/x86_64-linuxshs pts/1 192.168.0.15 09:50 7.00s 0.28s 0.00s w

If you don't like the default editor that is invoked when you run the visudo command, use the "sudo update-alternatives-config editor" command. It will provide many editors as options and change your settings.

Last

The last command displays the user's most recent login information, which is usually useful when you try to track changes or other activities.

$last nemonemo pts/1 192.168.0.15 Wed May 2 07:01-08:29 (01:27) wtmp begins Tue May 1 10:21:35 2018

Nemo hasn't logged in for a while. He may be on holiday (maybe fishing?) Or just left the company. This kind of information can help you decide whether you need to follow up on this.

Find

The find command is used for many types of searches. When it comes to security, you may find yourself looking for files that do not have an owner (no corresponding account) or that are both writable and executable. The Find command is easy to combine, but you need to be familiar with many of its options to define what you are looking for. The first of these two commands will find the file for which the owner is not currently defined. The second way is to find files that anyone can run and modify.

$sudo find / home-nouser$ sudo find /-perm-o=wx

Keep in mind that the-o in the second command refers to the "other" group-- not the owner or the group associated with the file.

File

The file command looks at a file and determines the type of file based on its contents, not its name. Many files, such as jpeg files, contain identifiers near the beginning of the file that identifies them. The ".jpg" file in the following example is obviously not a real jpeg file, but an executable file-- although it has a different name.

Jdoe@stinkbug:~$ ls-ltotal 24trythisjdoe@stinkbug:~$ file myphoto.jpgmyphoto.jpg RWFULI-1 root root 0 Apr 13 09:59 empty-rwxr-xr-x 1 jdoe jdoe 18840 May 10 17:39 myphoto.jpg-rwx- 1 jdoe jdoe 24 May 2 07:06 trythisjdoe@stinkbug:~$ file myphoto.jpgmyphoto.jpg: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter / lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID [sha1] = 5d19f7a492405ea9b022a9aa8151f6fb4143633d, stripped

Which

The which command identifies the executable that will run when you type its name. It's not always what you think. If a Trojan has been inserted into a location on the file system, it is displayed in your search path before it is legal, and it will run. This is a good reason to make sure your search path includes directories, such as / usr/bin before it adds fewer standard locations, especially before. (current directory).

$which date/usr/local/bin/date

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.