information systems security linux introduction supplemental notes
TRANSCRIPT
Information Systems SecurityInformation Systems SecurityLinux IntroductionSupplemental Notes
Command Line InterfacesCommand Line InterfacesVirtual Terminals
◦ CTL-ALT-F#◦ Consoles 1-6 are command line interfaces◦ Console 7 is the graphical interface◦ Each console is independent of the others
Terminal Window (Konsole)◦ Accessed as a shell window in the graphical
interface.◦ Provides an emulation of a virtual console.
2
Linux Help ResourcesLinux Help Resources man pages
◦ online reference manuals◦ example: man man◦ Uses less pager for navigation (man less)
info pages◦ more sophisticated navigation than man pages
(info info) Release notes
◦ /usr/share/doc/release-notes Howto files (Linux Documentation Project)
◦ /usr/share/doc/howto/en/html or txt Package help files
◦ /usr/share/doc/packages/package-name
3
YaST Management UtilityYaST Management UtilityYet another Setup UtilityWorks with command line or graphical
environmentAllows management of
◦ Software packages◦ User & Group Accounts◦ Printer Configuration◦ View Hardware Configuration◦ X Windows configuration
4
Linux Filesystem StructureLinux Filesystem Structure Hierarchical
◦ Tree-structured directories Paths
◦ Absolute Paths always start from / /home/username/.bashrc ~/.bashrc
◦ Relative Paths always start from current directory ../../tmp/test.txt ./bin/test.sh .bashrc
5
Important DirectoriesImportant Directories/ Root directory --- highest layer of file system tree
/bin/ Important executable files required when no other systems are mounted.
/boot/ Static boot loader files, backed up master boot record, kernel files
/dev/ Device files for system hardware components.
/etc/ System configuration files and shell scripts.
/home/ User (home) directories.
/media/ Mount points for removable media
/opt/ Static files for installed applications.
/root/ The home directory for the system administrator.
/sbin/ System binaries. Important programs for system administration.
/tmp/ Temporary files.
/usr/ Application programs, graphical interface files, libraries, shared documentation
/var/ Variable files that can be modified while the system is running.
/proc/ Process files generated dynamically by the kernel. A virtual file system.6
Useful Commands for Useful Commands for DirectoriesDirectories
Command What it does
ls
ls -a
ls -l
ls -R
Lists files
Lists "all" filesLists files in "long" format
Lists files recursively
cd newdir
cd ..
cd -
Change directory to specified directory
Change to parent directory
Change to last directory
pwd Display absolute path for the present working directory
7
Commands to Create and Commands to Create and View FilesView Files
Command What it does
touch filename Creates a new (empty) file, or updates the timestamp on an existing file.
cat filename Displays the content of the specified (text) file(s) on the screen.
less filename Display the contents of a file one page at a time.
head filenamehead -5 filename
Displays the first 10 lines of a file.
Displays the first (5) lines of a file.
tail filename
tail -15 filename
tail -f filename
Displays the last 10 lines of a file.
Displays the last (15) lines of a file.
Displays continuously updated view of the last lines of the file.
8
Commands to Manage Files and Commands to Manage Files and DirectoriesDirectories
Command What it does
cp source dest
cp -R source dest
Copies a file from source to destination
Recursively copies files
mv source dirmv source dest
Moves files from source to destination directory
Renames a file from source to destination
mkdir newdir Creates a new directory named newdir
rmdir dir Removes an EMPTY directory
rm filesrm -r dir
Removes specified files
Recursively removes the content of directories.
9
Linux File System Wild Linux File System Wild CardsCards
Wild cards can be used to represent one or more characters in a path or filename.◦ ? can be used to represent 1 character◦ * can be used to represent a string of 0 or more
characters.Examples:
◦ ls test?.txt lists files like test0.txt, test1.txt, testA.txt, etc.
◦ ls test*.txt lists files like test.txt, test0.txt, test01.txt, testA.txt,
test3X.Y.txt, etc.
10
Commands to Find FilesCommands to Find Files
Command What it does
find path criteria action Dynamic search for files on the command line, starting from "path" to meet specified "criteria" and perform an "action"
locate Search for files using system database of files. Use updatedb command to update the database.
whereis Returns location of binary files (-b), manual pages (-m), or source code (-s) for specified command.
which Returns the full path of the specified command based on a complete search of the PATH variable.
type Determines whether the specified command is a shell built-in command or an external command.
11
Search File Content using Search File Content using grepgrep
Syntax: grep pattern filename(s) Searches the specified file(s) for the given pattern. Patterns may be specified as:
◦ simple patterns (text)◦ regular expressions (symbolic patterns)◦ extended regular expressions (symbolic patterns (use egrep
instead of grep)◦ Use quotation marks to prevent the shell from interpreting special
characters such as ? or *◦ See man 7 regex for more information about regular expressions.
grep examples...◦ grep "root" /etc/*
12
Commands for Archiving and Commands for Archiving and Compressing FilesCompressing FilesCommand What it does
tar cvzf new.tgz dir Creates a zipped (gzip), archive file for the specified directory
tar xvzf new.tgz Extracts a zipped (gzip), archive file into the current directory using a relative directory structure.
gzip -r dir Recursively compresses (zips) all files in the specified directory and its subdirectories.
gzip -d file Uncompresses (unzips) the specified zipped file.
13
•Archiving combines multiple files into a single file.
•Compressing (zipping) a file reduces its size by removing unneeded characters.
•In Linux/UNIX, archiving and compressing a file are two separate steps.
Command ShellsCommand Shells The command shell program provides the command line
interface in a nongraphical environment.◦ Accepts commands entered by the user on the
command line.◦ Runs the specified command and displays the result on
the screen.◦ Also called the command interpreter.
Linux supports a variety of shells:◦ bash - the Bourne Again SHell, default Linux shell◦ sh - the Bourne SH, the original UNIX shell◦ csh - the c shell◦ ksh - the Korn shell◦ zsh - the z shell
14
Using the Command LineUsing the Command LineStart a shell window (Konsole)Using commands --- previous examples...Pipes and redirection
◦ cat /etc/passwd | less (pipe)◦ cat /etc/passwd > mypasswd.txt (redirect)◦ cat /etc/group >> mypasswd.txt
(append)
15
File Ownerships and File Ownerships and PermissionsPermissions All files have a user owner, a group owner, and a set of
permissions. Three permission types: (r)ead, (w)rite, and e(x)ecute Three access classes: (u)ser owner, (g)roup owner, and (o)ther To view ownerships and permissions: ls -l Modifying permissions: chmod
16
Directory Ownerships and Directory Ownerships and PermissionsPermissions
Directories are also files, and have a user owner, a group owner, and a set of permissions.
Read permissions allow a user to list the contents of a directory. Write permissions allow a user to add or remove files in the directory. Execute permissions allow a user to access a file within the directory. Directory permissions are modified with the chmod command.
17
Permissions for Files and Permissions for Files and DirectoriesDirectories
Permissions Regular File Directory
(r)ead View the file View the directory listing
(w)rite Modify the file Add or remove files in the directory
e(x)ecute Run the file Access the directory
18
File and Directory File and Directory PermissionsPermissionsPermissions control access to and use of files
and directories in UNIX/Linux.Use ls -l to view permissions for files.Use chmod to change the permissions for
files.Syntax:
◦ Symbolic: chmod [ugoa][+-=]rwx file(s)◦ Octal: chmod nnn files(s)
19
chmod Symbolic Notationchmod Symbolic Notation chmod [ugoa] [+ - =] [rwx] file(s)
◦ ugoa --- to whom does the change apply? u = user (owner), g = group, o = others, a = all
◦ + - = --- is the change relative or absolute? + => add the specified permission - => remove the specified permission = => set exactly the specified permissions
◦ rwx --- what permissions are being applied? r = permission to read the file or directory w = permission to write to the file or directory x = permission to execute (run) the file or access the directory.
20
chmod exampleschmod examples[elvis@station elvis]$ ls -l foo
-rw-rw-r-- 1 elvis elvis 42 Jan 16 08:09 foo
What is the effect of the following commands? chmod o-r foo chmod g-w foo chmod ug+x foo chmod o+w foo chmod go-rwx foo chmod a-w foo chmod uo-r foo chmod go=rx foo
21
chmodchmod Octal Notation Octal Notation
We've seen symbolic notation with chmod:$ chmod og-r diary
Symbolic notation allows you to add or subtract permissions relative to the current permissions.
We can also use octal notation with chmod:$ chmod 600 diary
Octal notation allows you to easily set all permissions with one command.
22
Interpreting Octal Interpreting Octal NotationNotation In octal notation, each permission has a
specific value: r = 4 w = 2 x = 1The octal permission value for u, g, o is the
sum of the specific permission values:
7 = 4 + 2 + 1 = rwx (all) permissions6 = 4 + 2 = rw- permissions5 = 4 + 1 = r-x permissions4 = 4 = r-- permissions3 = 2 + 1 = -wx permissions2 = 2 = -w- permissions1 = 1 = --x permissions0 = 0 = --- permisssions
23
Octal Notation ExamplesOctal Notation Examples
What is the meaning of the permission values in the following examples?
$ chmod 755 ./project
$ chmod 644 .plan
$ chmod 600 schedule
$ chmod 777 ./bin
$ chmod 750 ./cent297c
24
Text EditorsText EditorsNeeded for editing Linux configuration files,
which are usually ASCII text files.Graphical text editors
◦ gedit, kedit, kate, etc....◦ Work fine as long as there is a GUI...
Terminal based text editors◦ vi, emacs, pico◦ MUST be used in a command-line environment
such as a virtual console as there is no support for graphical text editors.
25
Overview of Terminal Based Text Overview of Terminal Based Text EditorsEditors vi or vim
◦ Most commonly used by system administrators◦ Moderately complex and powerful tool.◦ Installed by default on ALL UNIX/Linux systems --- so it's
always available emacs
◦ Frequently used by programmers.◦ Very complex to learn and use and very powerful.◦ NOT installed by default and is not always available.
pico◦ Simple, menu-driven text editor◦ Easy to learn and use.◦ Not very powerful.◦ May not always be installed, but usually is.
26
vim introvim intro
vivisual editorcommonly used Unix text editor
vimvi improvedupdated version of vi that’s somewhat easier to usedefault version of vi provided with Linux
27
vim basicsvim basics
vim filenamecreates and new file and opens it for editing
vi modescommand mode --- used for entering commands, saving files, and quitting viinsert mode --- used for entering text
The following file includes a summary of vi commands 01_vi.pdf
28
Shell ScriptsShell Scripts
A shell script in Unix is essentially the same thing as a batch file in DOS
A file that contains a sequence of commands that the Unix operating system can interpret and run
To create a Unix scriptCreate the script file using vi or vimSave the fileSet the permissions of the file to make it executable
29
Example of a shell scriptExample of a shell script
prompt% vim myscript.shi (change to insert mode)#! /bin/bash# display the default shellecho $SHELL# display the terminal typeecho $TERMESC (exit insert mode/return to command mode):wq (save file and exit)
30
Setting permissions Setting permissions prompt% ls -l myscript
(displays permissions)
prompt% chmod u+x myscript
uses chmod to make the file myscript executable by adding execute (x) permission to the user (u) permissions.
31
Running the scriptRunning the script
prompt% ./myscript
Note: the filename myscript is preceded by the symbols ./ to indicate that the file is located in the current directory.
In Unix/Linux, the current directory is frequently not in the default search path, so entering myscript without ./ would result in an error message that the command was not found.
32
Sending output to a fileSending output to a fileprompt% ./myscript > myscript.out
As in DOS, the symbol > can be used to redirect the output of a command to a file.
The symbols >> can be used to append the output of a command to an existing (or new) file.
33
If . (or any other path) is not If . (or any other path) is not in your path:in your path:
For bash shell: ◦Edit the .bashrc file: vi ~/.bashrc◦Add the line: export
PATH=$PATH:/addedpath◦set (instead of export) works too◦Source the file: source ~/.bashrc
For csh or tcsh:◦Edit .cshrc file or .tcshrc◦Add line: set PATH = ($PATH addedpath) ◦Source the file
34
How will you know if it’s not How will you know if it’s not in your path?in your path?You won’t be able to run the
command
Use “which” command to find out where the command is◦which ifconfig◦If it is not found, you got to find it and
add it’s path to your PATH variableRun: $PATH to find out what your
path is
35
Networking commands Networking commands and filesand files
http://www.reallylinux.com/docs/admin.shtml Basic commands for sys admins (everything, not only networking)
http://www.yolinux.com/TUTORIALS/LinuxTutorialNetworking.html#CONFIGFILES
http://www.yolinux.com/TUTORIALS/LinuxTutorialNetworking.html Comprehensive sys admin tutorial
36