60 required commands for Linux [5] network security

Although Linux and WindowsNT/2000 systems are the same multi-user systems, there are many important differences between them. For many habits

Although Linux is a multi-user system like Windows NT/2000, there are many important
. For many administrators who are used to Windows, there are many new challenges to ensure the security and reliability of the Linux operating system. This article focuses on Linux system security commands.

Passwd

1. Role
The passwd command is used to change the logon password of an account. The permission is granted to all users.

2. Format
Passwd [option] account name

3. main parameters
-L: the name of the named account is locked and can only be used by users with super user permissions.
-U: unlock the account lock status. only users with super user permissions can use it.
-X,-maximum = DAYS: maximum password usage time (DAYS), only users with super user permissions can
.
-N,-minimum = DAYS: minimum password usage time (DAYS), only users with super user permissions can
.
-D: delete the user's password. only users with super user permissions can use it.
-S: check the password authentication type of a specified user. only users with super user permissions can use the password.

4. application instance

$ Passwd
Changing password for user cao.
Changing password for cao
(Current) UNIX password:
New UNIX password:
Retype new UNIX password:
Passwd: all authentication tokens updated successfully.

 

As you can see above, the passwd command requires entering the old password and then entering the new password twice.

Su

1. Role
Su is used to change the identity of another user. except for a super user, you need to enter the user's password.

2. Format
Su [option]… [-] [USER [ARG]…]

3. main parameters
-F,-fast: do not need to read the startup file (such as csh. cshrc). it is only used for csh or tcsh shells.
-L,-login: After this parameter is added, it is like logging on to the user again. most environments
Variables (such as HOME, SHELL, and USER) are dominated by the USER, and the working directory is changed.
. If no USER is specified, the default value is root.
-M,-p,-preserve-environment: the environment variable is not changed when su is executed.
-C command: the USER who changed the account to USER, and then changed it back to the original USER after executing the command.
.
USER: USER account to be changed. ARG is used to input New Shell parameters.

4. application instance
Change the account to a super user, and restore the user after executing the df command. Su-c df root

Umask

1. Role
Umask sets the default blocking value for creating user files and directories. if you put this command into the profile file, you can
Control the access permission for subsequent files created by the user. It tells the system not to grant access permission to anyone when creating a file. Permission
All users.

2. Format
Umask [-p] [-S] [mode]

3. parameters
-S: determines the current umask settings.
-P: modify umask settings.
[Mode]: modify the value.

4. description
The umask value of traditional Unix is 022, which prevents repair by other users in the same group and other groups.
Modify the user's file. Since each user has a private group, this "group protection mode"
You don't need it anymore. Strict permission settings constitute the foundation of Linux security, and making mistakes in permissions is fatal. Yes
Note that the umask command is used to set the read and write permissions of the files created by the process. The maximum value is 0077, that is, disable
The read and write permissions of all processes other than the process where the file is created are-rw ---. In ~ /. Bash_profile,
By adding a line of command umask 0077, you can ensure that the umask permissions of the process can be correctly set every time you start the Shell.

5. application instance

Umask-S
U = rwx, g = rx, o = rx
Umask-p 177
Umask-S
U = rw, g =, o =

 

The preceding five-line command first shows the current status, and then changes the umask value to 177. only the file owner has
The permission to read and write a file. other users cannot access the file. This is obviously a very safe setting.

Chgrp

1. Role
Chgrp indicates the group to which one or more files or directories belong. The permission is a Super User.

2. Format
Chgrp [option]… Group files...
Or
Chgrp [option]… -Reference = reference file...

Set <文件> Is set <组> .

3. parameters
-C,-changes: like-verbose, but the result is only displayed when there is a change.
-Dereference: affects the objects indicated by the symbolic link, rather than the symbolic link itself.
-H,-no-dereference: affects the destination indicated by the symbolic link instead of the symbolic link (when the system
You can change the owner of a symbolic link. this option is valid ).
-F,-silent,-quiet: removes most error messages.
-Reference = reference File: use <参考文件> Rather than the specified <组> .
-R,-recursive: recursively processes all files and subdirectories.
-V,-verbose: displays information when processing any file.

4. Application Description
This command changes the user group to which the specified file belongs. Group can be the user group ID or
The group name of the user group in the/etc/group file. File names are separated by spaces to change the list of files in the group. wildcard configuration is supported.
. If the user is not the owner or super user of the file, the file group cannot be changed.

5. application instance
Change the owner group of all files in/opt/local/book/and its subdirectories to book. the command is as follows:
$ Chgrp-R book/opt/local/book

Chmod

1. Role
The chmod command is very important for changing the access permissions of files or directories. you can use it to control files or directories.
Directory access permission, which is a Super User.

2. Format
The chmod command can be used in two ways. One is the character setting method that contains letters and operator expressions (relative permission setting
); The other is the number setting method (absolute permission setting) that contains numbers ).

(1) character setting method
Chmod [who] [+ |-| =] [mode] file name

◆ The Operation object who can be any one of the following letters or their combination
U: indicates the user, that is, the owner of the file or directory.
G: indicates users in the same group, that is, all users with the same group ID as the file owner.
O: other users.
A: all users. it is the default value.

◆ Operation symbol
+: Add a permission.
-: Cancel a permission.
=: Grant the given permission and cancel all other permissions (if any ).

◆ Set the mode permission to any combination of the following letters
R: readable.
W: writable.
X: executable.
X: append the x attribute only when the target file is executable to some users or the target file is a directory.
S: During file execution, set the owner or group ID of the process to the file owner of the file. Method "u + s" to set the file
User ID bit. set the group ID bit for "g + s.
T: save the program text to the swap device.
U: The same permissions as the file owner.
G: users in the same group as the file owner have the same permissions.
O: The same permissions as other users.
File name: List of files separated by spaces to change permissions. wildcards are supported.
Multiple permission methods can be provided in a command line, separated by commas.

(2) number setting method
The general format of the number setting method is: chmod [mode] file name

The numeric attribute must be in the format of three octal numbers 0 to 7. The order is (u) (g) (o) file names, separated by spaces
List of files with changed permissions. wildcards are supported.

The number indicates the permission. 0001 indicates the execution permission of the owner, and 0002 indicates the write permission of the owner;
0004 is the read permission of the owner, 0010 is the execution permission of the group, 0020 is the write permission of the group, and 0040 is the read permission of the group;
0100 is the execution permission of others; 0200 is the write permission of others; 0400 is the read permission of others; 1000 is the paste bit
Placement; 2000 indicates that if the file is an executable file, the group ID is the location; otherwise, the file is locked.
4000 indicates that if the file is an executable file, the user ID is the location.

3. instance
If a system administrator writes a form (tem) for all users to enter, the user must be authorized
You can run the command: # chmod 666 tem

In the code above, how is the 666 number calculated? 0002 is the write permission of the owner, and 0004 is all
0020 is the write permission of the group, 0040 is the read permission of the group, 0200 is the write permission of other people, and 0400 is the read permission of the group.
The read permission of others. The total number of these six numbers is 666 (The above numbers are octal numbers). The result is shown in.
Use the chmod numeric method to set file permissions
It can be seen that the permission of the tem file is-rw-, that is, the user has the read and write permission on the file.

Use the following command to set the character permission:
# Chmod a = wx tem
Chown

1. Role
Change the owner and group of one or more files or directories. The permission is a Super User.

2. Format
Chown [option] user or group file

3. main parameters
-Dereference: objects indicated by symbolic links are affected, rather than symbolic links.
-H,-no-dereference: affects the destination indicated by the symbolic link instead of the symbolic link (when the system
You can change the owner of a symbolic link. this option is valid ).
-From = current owner: the current group is changed only when the owner of each file and the group meet the requirements specified by the option.
Groups and groups. One of these attributes can be omitted. the omitted attributes do not need to conform to the original attributes.
-F,-silent,-quiet: removes most error messages.
-R,-recursive: recursively processes all files and subdirectories.
-V,-verbose: displays information when processing any file.

4. description
Chown changes the owner of a specified file to a specified user or group. The user can be a user name or user ID.
Is the group name or group ID. files are separated by spaces to change the permission list. wildcards are supported. System administrators often
Run the chown command to grant the user the permission to use the file after copying the file to another user's directory.
.

5. application instance
1. change the owner of the shiyan. c file to wan
$ Chown wan shiyan. c

2. change the owner of the directory/hi and all files and subdirectories to wan and the group to users.
$ Chown-R wan. users/hi

Chattr

1. Role
Modify the attributes of the ext2 and ext3 file systems and use the permission superuser.

2. Format
Chattr [-RV] [-+ = AacDdijsSu] [-v version] file or directory

3. main parameters
-R: recursively processes all files and subdirectories.
-V: displays the modified content in detail and prints the output.
-: Invalid attribute.
+: Activation attribute.
=: Specifies the attribute.
A: Atime: tell the system not to modify the last access time of this file.
S: Sync. Once the application writes the file, the system immediately writes the modification result to the disk.
.
A: Append Only. The system Only allows data to be appended to this file. no process is allowed to overwrite or intercept this file.
Files. If the directory has this attribute, the system will only allow you to create and modify files under this directory, but not delete files.
Except any files.
I: Immutable. The system does not allow any modifications to this file. If the directory has this attribute
Any process can only modify files under the Directory and cannot create or delete files.
D: check for errors in the compressed file.
D: No dump. during File system backup, the dump program ignores this file.
C: Compress. The system compresses the file transparently. When reading from this file, decompress
Before writing data to this file, the data is first compressed before being written to the disk.
S: Secure Delete. The system will use 0 to fill in the region where the file is located when deleting the file.
U: Undelete: When an application requests to delete this file, the system will keep its data block so that
Restore and delete the file.

4. description
The chattr command has a great role. some of the functions are supported by the Linux kernel version.
If the version is earlier than 2.2, many functions cannot be implemented. Similarly, if-D is used to check the error feature in the compressed file, you must
2.5.19 or later kernels are supported. In addition, modifying attributes using the chattr command can improve system security, but it
Not all directories. The chattr command cannot protect the/,/dev,/tmp, and/var directories.

5. application instance
1. restore the/root directory, that is, all files in the subdirectory.
# Chattr-R + u/root

2. use the chattr command to prevent the modification of a key file in the system.
In Linux, some configuration files (passwd, fatab) cannot be modified by anyone. to prevent accidental deletion
Or modify, you can set the file's "immutable", the command is as follows:
# Chattr + I/etc/fstab

Sudo

1. Role
Sudo is a type of command that is used to restrict the commands in the configuration file within a limited period of time and is recorded to the day.
The command in log. The permission is for all users.

2. Format

Sudo [-bhHpV] [-s ] [-U <用户> ] [Instructions]
Sudo [-klv]

 

3. main parameters

-B: execute commands in the background.
-H: displays help.
-H: set the HOME environment variable as the HOME environment variable of the new identity.
-K: End the password's validity period, that is, you will need to enter the password next time.
-L: list the commands available to the current user.
-P: the prompt symbol for changing the query password.
-S : Execute the specified Shell.
-U <用户> : Use the specified user as the new identity. the default value is root when the user is not in use.
-V: The password is valid for 5 minutes.

 

4. description
The sudo command is configured in the/etc/sudoers file. When using sudo, you need to enter a password to verify
User identity. After a period of time, you can use the defined commands.
There will be an alarm record. Sudo is a system administrator who allows some users to run some/all system commands as root.
Program. An obvious purpose is to enhance the security of the site.
Usually, some fixed commands that can only be executed by the super user identity are often executed, so sudo is very suitable
.

Ps

1. Role
Ps displays the dynamics of the instantaneous process. The permission is applied to all users.

2. Format
Ps [options] [-- help]

3. main parameters
There are many ps parameters. only a few common parameters are listed here.

-A: list all processes.
-L: displays the long list.
-M: displays memory information.
-W: Display widening can display more information.
-E: displays all processes.
A: displays all processes on the terminal, including those of other users.
-Au: displays more detailed information.
-Aux: displays all processes that contain other users.

 

4. description
To monitor and control processes, you must first understand the current process, that is, you need to view the current process.
Ps command is the most basic and powerful process View command. Use this command to determine which processes are running
Line, running status, process termination, process botnets, and processes that occupy excessive resources. To
Detailed explanation of the ps-aux command is provided. Most of the information can be obtained by executing this command. The three most common parameters are u,,
X. The following three parameters are used to describe the role of the ps command: ps aux
Ps-aux command details
In line 2nd of the code, USER indicates the process owner; PID indicates the process identifier; % CPU indicates the CPU usage
Rate; % MEM physical memory usage; VSZ indicates the virtual memory size occupied; RSS indicates the physical memory occupied by the process
Value; TTY is the secondary device number of the terminal.

STAT indicates the state of the process, where D is an uninterrupted static (I/O action); R is in progress; S is static
State; T pause execution; Z does not exist, but cannot be eliminated temporarily; W does not have enough memory to be allocated by page;
Processes; N low-priority processes; L memory paging allocation and lock in the memory body (real-time system or I/O ). START is a process
Start time. TIME indicates the execution TIME. COMMAND is the executed COMMAND.

4. application instance
During system maintenance, the memory usage is often astonishing, but you do not know which process occupies a large amount of resources.
Process status. In addition to using the top command to view memory usage, you can also use the following command:
Ps aux | sort + 5n

Who

1. Role
Who displays which users are logged on to the system. the displayed information includes the user ID, login terminal used,
Launch time, idle time, CPU usage, and what has been done. The permission is granted to all users.

2. Format
Who-[husfV] [user]

3. main parameters

-H: do not display the title column.
-U: do not display user actions/work.
-S: Display in short format.
-F: do not display the user's online location.
-V: displays the program version.

 

4. description
This command is used to view the current online users. If you want to establish instant communication with other users,
For example, to use the talk command, you must first determine that the user is indeed online, otherwise the talk process will not be able to establish
. Another example is that the system administrator also needs to use the who command to monitor what every login user is doing at this moment.
The who command is very simple to use and can accurately grasp the user's situation, so it is widely used.

Hands-on exercises

1. use Linux commands to detect system intruders
Users who have installed Mandrake Linux and Red Hat Linux will know that the Linux system has three built-in differences.
Level (standard, high, and higher) firewall. after installing the Linux server and some basic settings
It should be said that the server is relatively safe, but some hackers may exploit the system administrator's negligence to intrude into the system through various methods.
It is important to quickly find hackers. In general, you can use commands to query whether a hacker is intruded. See table 1.

Table 1 commands for querying hacker intrusions
For example, if a hacker sniffers a network, the network interface must be in the mixed mode. run the following command
Row query:

# Ifconfig-
Eth0 Link encap: Ethernet HWaddr 00: 00: E8: A0: 25: 86
Inet addr: 192.168.1.7 Bcast: 192.168.1.255 Mask: 255.255.255.0
Up broadcast running promiscuous mtu: 1500 Metric: 1
......

 

From the output of this command, we can see the concepts mentioned above. The first row's 00: 00: E8: A0: 25: 86 is
The mac address. 192.168.1.7 in the second line is the IP address, and the fourth line is about the receiving data status, which is being sniffed by hackers.
Probe. Generally, NICs have several statuses for receiving data frames, such as Broadcast, Multicast, and Promiscuous.
. Broadcast refers to the data frame that receives all types of Broadcast packets, and Multicast refers to receiving specific Multicast packets;
Promiscuous is generally called a hybrid mode, which means that the destination hardware address in the packet is not checked, all connected
Receiving mode.

2. restrict the abuse of su commands
We know that super users have the greatest right in Linux, and almost all hackers want to achieve this goal.
Linux adds restrictions on switching to super users. Use PAM (Pluggable Authentication Modules
Can prohibit anyone except in the wheel group from su to root, modify the/etc/pam. d/su file, remove the blocking ID #
. Use/usr/sbin/usermod G10 bjecadm to add the account bjecadm to the group with the gid of 10, that is
Group. The command is as follows:

/Etc/pam. d/su # Password verification #
Auth sufficient/lib/security/pam_wheel.so debug
# Only users in the wheel group can switch to the root node #
Auth required/lib/security/pam_wheel.so use_uid
Chmod-G10 bjecadm

In addition, whenever a user tries to use the su command to access the system user, the command will write one in the/usr/adm/sulog file
Information. if the file records a large number of invalid operations that attempt to use su to enter the root, it indicates that someone may attempt to crack
Root password.

Linux commands have powerful functions. For Linux system administrators
Skills, combined to form a security line of defense. From the perspective of computer security, there is no absolutely secure computer system in the world,
Linux is no exception.