SlideShare a Scribd company logo

Ppt linux

Gurpreet Kaur
Gurpreet Kaur

The document discusses Linux security concepts including user accounts, file permissions, groups, auditing, and PAM authentication. It covers the three layers of the Linux OS - the kernel layer, system layer, and user layer. The kernel layer houses core OS resources while the system and user layers provide interfaces and services to users and applications. Access is controlled through permissions assigned to files and directories for different user categories. Security features like auditing and PAM help enforce access controls and authenticate users.

Technology
1 of 27
Presented by: Gurpreet Kaur 1-1
Linux OS can be represented in the following sphere with three layers: • User Layer • System Layer • Kernel Layer Kernel Layer houses all the operating system resources such as file systems, memory managements, input/output modules and libraries. The outer layer, system land hosts system resources such as Application System Interface (API). 1-2
Problems start when normal users have controlled or could access the kernel, it is a very bad situation. By expanding the basic standard security features we have: 1. User and group separation 2. File system security 3. Audit trails 4. PAM authentication 1-3
User accounts are used to verify the identity of the person using a computer system. Through username and password credentials, the system is able to determine if the user is permitted to log into the system and, if so, which resources the user is allowed to access. Groups are logical constructs that can be used to group user accounts together for a particular purpose. Through group creation and assignment of privileges, access to restricted resources can be controlled for those who need them and denied to others. 1-4
Access to an application or file is granted based on the permission settings for the file. There are three permissions for files, directories, and applications. Symbol Description r Indicates that a given category of user can read a file. w Indicates that a given category of user can write to a file. x Indicates that a given category of user can execute the file. - A fourth symbol indicates that no access is permitted. Each of the three permissions is assigned to three defined categories of users Category Description Owner The owner of the file or application. Group The group that owns the file or application. Everyone All users with access to the system. 1-5
Example: -rwxrwxr-x 1 kambing kambing 0 Sep 2 12:25 foo The permissions for this file are listed at the start of the line, starting with set of rwx. This first set of symbols defines owner access. The next set of rwx symbols define group access, The last set of symbols defining access permitted for all other users. This listing indicates that the file is readable, writable, and executable by the user who owns the file (user kambing) as well as the group owning the file (which is a group named kambing). The file is also world-readable and world-executable, but not world-writable. 1-6
A very true statement of a UNIX/Linux system, everything is a file; if something is not a file, it is a process. Symbol Meaning - Regular file d Directory l Link c Special file s Socket p Named pipe b Block device For each category of users, read, write and execute permissions can be granted or denied. Files without permissions don't exist on Linux 1-7
ls -l Mine -rw-rw-r-- 1 mike users 5 Jul 15 12:39 Mine The file is a regular file Users with user name mike or users belonging to the group users can read and write (change/move/delete) the file, but they can't execute it . All other users are only allowed to read this file, but they can't write or execute it ls -l /bin/ls -rwxr-xr-x 1 root root 45948 Aug 10 15:01 /bin/ls* Executable file, the difference is everybody can run this program, but you need to be root to change it. 1-8
The security scheme takes care of user access to programs; it can serve files on a need-to-know basis or least privilege and protect sensitive data such as home directories and system configuration files. We can use the chmod command to modify the file permission, changing of the access mode of a file. The chmod command can be used with alphanumeric or numeric options >chmod u+rwx,go-rwx hello The + and - operators are used to grant or deny a given right to a given group. It makes the file a private file to user. 1-9
A record showing who has accessed a computer system and what operations he or she has performed during a given period of time. Linux kernel 2.6 comes with auditd daemon. It’s responsible for writing audit records to the disk. During startup, the rules in /etc/audit.rules are read by this daemon. You can open /etc/audit.rules file and make changes such as setup audit file log location and other option. 1-10
In order to use audit facility you need to use following utilities: auditctl A command to assist controlling the kernel’s audit system. You can get status, and add or delete rules into kernel audit system ausearch A command that can query the audit daemon logs based for events based on different search criteria. aureport A tool that produces summary reports of the audit system logs. 1-11
Pluggable Authentication Modules (PAM) was invented by SUN Microsystems. Linux-PAM provides a flexible mechanism for authenticating users. It consists of a set of libraries that handle the authentication tasks of applications on the system. The library provides a stable general interface to which privilege-granting programs (such as login) defer to perform standard authentication tasks. Programs supporting PAM must dynamically link themselves to the modules in charge of authentication. The administrator is in charge of the configuration and the attachment order of modules. All applications using PAM must have a configuration file in /etc/pam.d. 1-12
Each file is composed of four columns: Module type  auth: user authentication  account: user restriction (e.g.: hour restriction)  session: tasks to perform at login and logout e.g.: mounting directories  password: update of the user authentication token success control  required: a least one of the required modules  requisite: all the requisite modules  sufficient: only one sufficient module  optional: a least one of the required modules is necessary if no other has succeeded path to the module Usually /lib/security. optional arguments - 1-13
Proxy servers are software applications that run on your firewall machine in order to provide indirect Internet access to your network. The proxy server takes a packet from inside your network and changes the “from” address to its own address. It then forwards the packet to the destination host. The destination host thinks it is talking only to the firewall. When the firewall receives the response from the destination host, the proxy server sends the packet back to the original requesting machine. A proxy server that passes requests and responses unmodified is usually called a gateway or sometimes tunneling proxy. 1-14
Advantages This method is a big advantage when you access FTP sites that do double- reverse lookups. If the IP address( of the host from DNS server) it receives from this last lookup does not match the requesting one or if the DNS lookup failed to find any entries, the server denies access. When you have to manage several machines across your network, keeping all the entries up to date can be a daunting task. With a proxy server in place, your entire network appears to come from the IP address of the proxy server, thus reducing the total number of properly configured DNS entries you need. Another advantage of using a proxy server is that since all outbound traffic must pass through the firewall, as an administrator, you can monitor which types of Internet activity are occurring. The proxy server has very robust logging capabilities which allow you to see who is accessing what on the Internet. Attempted access from the outside is also logged closely. 1-15
 To keep machines behind it anonymous, mainly for security.  To speed up access to resources (using caching). Web proxies are commonly used to cache web pages from a web server.  To apply access policy to network services or content, e.g. to block undesired sites.  To access sites prohibited or filtered by your ISP or institution.  To log / audit usage, i.e. to provide company employee Internet usage reporting.  To bypass security / parental controls.  To circumvent Internet filtering to access content otherwise blocked by governments.  To scan transmitted content for malware before delivery.  To scan outbound content, e.g., for data loss prevention.  To allow a web site to make web requests to externally hosted resources (e.g. images, music files, etc.) when cross-domain restrictions prohibit the web site from linking directly to the outside domains. 1-16
A proxy server can be placed in the user's local computer or at various points between the user and the destination servers on the Internet. Forward proxy Open proxy Reverse Proxy 1-17
A forward proxy taking requests from an internal network and forwarding them to the Internet. Forward proxies are proxies where the client server names the target server to connect to. Forward proxies are able to retrieve from a wide range of sources (in most cases anywhere on the Internet). User Proxy Internet 1-18 Internal Network
An open proxy forwarding requests from and to anywhere on the Internet. An open proxy is a forwarding proxy server that is accessible by any Internet user. An anonymous open proxy allows users to conceal their IP address while using other Internet services. Internet Proxy Internet 1-19
A reverse proxy (or surrogate) is a proxy server that appears to clients to be an ordinary server. Requests are forwarded to one or more origin servers which handle the request. The response is returned as if it came directly from the proxy server. A reverse proxy taking requests from the Internet and forwarding them to servers in an internal network. Those making requests connect to the proxy and may not be aware of the internal network. User Proxy Internet Internal Network 1-20
Reverse proxies are installed in the neighborhood of one or more web servers. All traffic coming from the Internet and with a destination of one of the neighborhood's web servers goes through the proxy server. A reverse proxy is (usually) an Internet-facing proxy used as a front- end to control and protect access to a server on a private network, commonly also performing tasks such as load-balancing, authentication, decryption or caching. 1-21
mail - send and receive mail Mail is an intelligent mail processing system, which has a command syntax with lines replaced by messages. This command starts up the mail utility and prints a summary line for each email message currently in your mail box. There is now a new prompt (&), at which you can enter any of the mail commands. 1-22
SYNOPSIS mail [-iInv ] [-s subject ] [-c cc-addr ] [-b bcc-addr ] to-addr... mail [-iInNv -f ] [name ] mail [-iInNv [-u user ] ] -v Verbose mode. The details of delivery are displayed on the user's terminal. -i Ignore tty interrupt signals. This is particularly useful when using mail on noisy phone lines. -I Forces mail to run in interactive mode even when input isn't a terminal. In particular, the `~ ' special character when sending mail is only active in interactive mode. -n Inhibits reading /etc/mail.rc upon startup. -N Inhibits the initial display of message headers when reading mail or editing a mail folder. 1-23
-s Specify subject on command line (only the first argument after the -s flag is used as a subject; be careful to quote subjects containing spaces.) -c Send carbon copies to list of users. -b Send blind carbon copies to list List should be a comma-separated list of names. -f Read in the contents of your mbox (or the specified file) for processing; when you quit mail writes undeleted messages back to this file. -u Is equivalent to: mail -f /var/spool/mail/user 1-24
Sending mail To send a message to one or more people, mail can be invoked with arguments which are the names of people to whom the mail will be sent & mail goofy@domain.com Type in your message. When you are finished you hit Ctrl-d to exit the editor. The system then gives you the option specify "Cc" recepients. Hitting "return" will send the message off. 1-25
Reading mail In normal usage mail is given no arguments and checks your mail out of the post office, then prints out a one line header of each message found. The current message is initially the first message (numbered 1) and can be printed using the print command (which can be abbreviated `p ' ) . You can move among the messages much as you move between lines, with the commands `+ ' and `- ' moving backwards and forwards, and simple numbers. Mail version 8.1.2 01/15/2001. Type ? for help. "/var/mail/jhaas": 2 messages 2 unread >U 1 jhaas@beethoven Sun Nov 11 15:31 17/500 test2 U 2 jhaas@beethoven Sun Nov 11 15:34 17/500 test4 & The following command displays the content of the second message: &2 You can reply to this message by entering "r" and hitting the return key: &r 1-26
Ending a mail processing session. You can end a mail session with the quit `q ' ) command. Messages which have been examined go to your mbox file unless they have been deleted in which case they are discarded. 1-27

Recommended

Unix.system.calls
Unix.system.callsUnix.system.calls
Unix.system.calls
GRajendra
 
Studying a decade of Linux system calls
Studying a decade of Linux system callsStudying a decade of Linux system calls
Studying a decade of Linux system calls
corpaulbezemer
 
Part 04 Creating a System Call in Linux
Part 04 Creating a System Call in LinuxPart 04 Creating a System Call in Linux
Part 04 Creating a System Call in Linux
Tushar B Kute
 
Chapter 14 - Protection
Chapter 14 - ProtectionChapter 14 - Protection
Chapter 14 - Protection
Wayne Jones Jnr
 
Chapter 10
Chapter 10Chapter 10
Chapter 10
cclay3
 
Presentation Prepared By: Mohamad Almajali
Presentation Prepared By: Mohamad AlmajaliPresentation Prepared By: Mohamad Almajali
Presentation Prepared By: Mohamad Almajali
webhostingguy
 
Distributed operating system
Distributed operating systemDistributed operating system
Distributed operating system
Moeez Ahmad
 
System protection in Operating System
System protection in Operating SystemSystem protection in Operating System
System protection in Operating System
sohaildanish
 

Recommended

Unix.system.calls
Unix.system.callsUnix.system.calls
Unix.system.calls
GRajendra
 
Studying a decade of Linux system calls
Studying a decade of Linux system callsStudying a decade of Linux system calls
Studying a decade of Linux system calls
corpaulbezemer
 
Part 04 Creating a System Call in Linux
Part 04 Creating a System Call in LinuxPart 04 Creating a System Call in Linux
Part 04 Creating a System Call in Linux
Tushar B Kute
 
Chapter 14 - Protection
Chapter 14 - ProtectionChapter 14 - Protection
Chapter 14 - Protection
Wayne Jones Jnr
 
Chapter 10
Chapter 10Chapter 10
Chapter 10
cclay3
 
Presentation Prepared By: Mohamad Almajali
Presentation Prepared By: Mohamad AlmajaliPresentation Prepared By: Mohamad Almajali
Presentation Prepared By: Mohamad Almajali
webhostingguy
 
Distributed operating system
Distributed operating systemDistributed operating system
Distributed operating system
Moeez Ahmad
 
System protection in Operating System
System protection in Operating SystemSystem protection in Operating System
System protection in Operating System
sohaildanish
 
2071
20712071
2071
Brave Sithu
 
It04 roshan basnet
It04 roshan basnetIt04 roshan basnet
It04 roshan basnet
rosu555
 
Linuxnishustud
LinuxnishustudLinuxnishustud
Linuxnishustud
Vicky Singh
 
Operating System and Basic Networks
Operating System and Basic NetworksOperating System and Basic Networks
Operating System and Basic Networks
Jherome Tenorio
 
Coda file system
Coda file systemCoda file system
Coda file system
Sneh Pahilwani
 
Ch16 system administration
Ch16 system administration Ch16 system administration
Ch16 system administration
Raja Waseem Akhtar
 
Coda file system tahir
Coda file system tahirCoda file system tahir
Coda file system tahir
Mohammad Faizan
 
Ch22
Ch22Ch22
Ch22
guestaf6c9b
 
OSCh20
OSCh20OSCh20
OSCh20
Joe Christensen
 
Introduction to distributed file systems
Introduction to distributed file systemsIntroduction to distributed file systems
Introduction to distributed file systems
Viet-Trung TRAN
 
Exploitation and distribution of setuid and setgid binaries on Linux systems
Exploitation and distribution of setuid and setgid binaries on Linux systemsExploitation and distribution of setuid and setgid binaries on Linux systems
Exploitation and distribution of setuid and setgid binaries on Linux systems
Zero Science Lab
 
Ch07
Ch07Ch07
Ch07
Raja Waseem Akhtar
 
Ch14 system administration
Ch14 system administration Ch14 system administration
Ch14 system administration
Raja Waseem Akhtar
 
Linux introductory-course-day-1
Linux introductory-course-day-1Linux introductory-course-day-1
Linux introductory-course-day-1
Julio Pulido
 
Distributed File Systems
Distributed File Systems Distributed File Systems
Distributed File Systems
Maurvi04
 
Chapter 8 distributed file systems
Chapter 8 distributed file systemsChapter 8 distributed file systems
Chapter 8 distributed file systems
AbDul ThaYyal
 
Distributed File System
Distributed File SystemDistributed File System
Distributed File System
Ntu
 
Dfs (Distributed computing)
Dfs (Distributed computing)Dfs (Distributed computing)
Dfs (Distributed computing)
Sri Prasanna
 
Unit 1-a-brief-history-of-unix-ppt
Unit 1-a-brief-history-of-unix-pptUnit 1-a-brief-history-of-unix-ppt
Unit 1-a-brief-history-of-unix-ppt
Rahul Mashal
 
Ch09
Ch09Ch09
Ch09
Raja Waseem Akhtar
 
OS Unit IV.ppt
OS Unit IV.pptOS Unit IV.ppt
OS Unit IV.ppt
FarhanaMariyam1
 
prateekporwal
prateekporwalprateekporwal
prateekporwal
prateekporwal
 

More Related Content

What's hot

2071
20712071
2071
Brave Sithu
 
It04 roshan basnet
It04 roshan basnetIt04 roshan basnet
It04 roshan basnet
rosu555
 
Linuxnishustud
LinuxnishustudLinuxnishustud
Linuxnishustud
Vicky Singh
 
Operating System and Basic Networks
Operating System and Basic NetworksOperating System and Basic Networks
Operating System and Basic Networks
Jherome Tenorio
 
Coda file system
Coda file systemCoda file system
Coda file system
Sneh Pahilwani
 
Ch16 system administration
Ch16 system administration Ch16 system administration
Ch16 system administration
Raja Waseem Akhtar
 
Coda file system tahir
Coda file system tahirCoda file system tahir
Coda file system tahir
Mohammad Faizan
 
Ch22
Ch22Ch22
Ch22
guestaf6c9b
 
OSCh20
OSCh20OSCh20
OSCh20
Joe Christensen
 
Introduction to distributed file systems
Introduction to distributed file systemsIntroduction to distributed file systems
Introduction to distributed file systems
Viet-Trung TRAN
 
Exploitation and distribution of setuid and setgid binaries on Linux systems
Exploitation and distribution of setuid and setgid binaries on Linux systemsExploitation and distribution of setuid and setgid binaries on Linux systems
Exploitation and distribution of setuid and setgid binaries on Linux systems
Zero Science Lab
 
Ch07
Ch07Ch07
Ch07
Raja Waseem Akhtar
 
Ch14 system administration
Ch14 system administration Ch14 system administration
Ch14 system administration
Raja Waseem Akhtar
 
Linux introductory-course-day-1
Linux introductory-course-day-1Linux introductory-course-day-1
Linux introductory-course-day-1
Julio Pulido
 
Distributed File Systems
Distributed File Systems Distributed File Systems
Distributed File Systems
Maurvi04
 
Chapter 8 distributed file systems
Chapter 8 distributed file systemsChapter 8 distributed file systems
Chapter 8 distributed file systems
AbDul ThaYyal
 
Distributed File System
Distributed File SystemDistributed File System
Distributed File System
Ntu
 
Dfs (Distributed computing)
Dfs (Distributed computing)Dfs (Distributed computing)
Dfs (Distributed computing)
Sri Prasanna
 
Unit 1-a-brief-history-of-unix-ppt
Unit 1-a-brief-history-of-unix-pptUnit 1-a-brief-history-of-unix-ppt
Unit 1-a-brief-history-of-unix-ppt
Rahul Mashal
 
Ch09
Ch09Ch09
Ch09
Raja Waseem Akhtar
 

What's hot (20)

2071
20712071
2071
 
It04 roshan basnet
It04 roshan basnetIt04 roshan basnet
It04 roshan basnet
 
Linuxnishustud
LinuxnishustudLinuxnishustud
Linuxnishustud
 
Operating System and Basic Networks
Operating System and Basic NetworksOperating System and Basic Networks
Operating System and Basic Networks
 
Coda file system
Coda file systemCoda file system
Coda file system
 
Ch16 system administration
Ch16 system administration Ch16 system administration
Ch16 system administration
 
Coda file system tahir
Coda file system tahirCoda file system tahir
Coda file system tahir
 
Ch22
Ch22Ch22
Ch22
 
OSCh20
OSCh20OSCh20
OSCh20
 
Introduction to distributed file systems
Introduction to distributed file systemsIntroduction to distributed file systems
Introduction to distributed file systems
 
Exploitation and distribution of setuid and setgid binaries on Linux systems
Exploitation and distribution of setuid and setgid binaries on Linux systemsExploitation and distribution of setuid and setgid binaries on Linux systems
Exploitation and distribution of setuid and setgid binaries on Linux systems
 
Ch07
Ch07Ch07
Ch07
 
Ch14 system administration
Ch14 system administration Ch14 system administration
Ch14 system administration
 
Linux introductory-course-day-1
Linux introductory-course-day-1Linux introductory-course-day-1
Linux introductory-course-day-1
 
Distributed File Systems
Distributed File Systems Distributed File Systems
Distributed File Systems
 
Chapter 8 distributed file systems
Chapter 8 distributed file systemsChapter 8 distributed file systems
Chapter 8 distributed file systems
 
Distributed File System
Distributed File SystemDistributed File System
Distributed File System
 
Dfs (Distributed computing)
Dfs (Distributed computing)Dfs (Distributed computing)
Dfs (Distributed computing)
 
Unit 1-a-brief-history-of-unix-ppt
Unit 1-a-brief-history-of-unix-pptUnit 1-a-brief-history-of-unix-ppt
Unit 1-a-brief-history-of-unix-ppt
 
Ch09
Ch09Ch09
Ch09
 

Similar to Ppt linux

OS Unit IV.ppt
OS Unit IV.pptOS Unit IV.ppt
OS Unit IV.ppt
FarhanaMariyam1
 
prateekporwal
prateekporwalprateekporwal
prateekporwal
prateekporwal
 
Host security
Host securityHost security
Host security
Nguyen Tam
 
Host security
Host securityHost security
Host security
Nguyen Tam
 
Unix/Linux Basic Commands and Shell Script
Unix/Linux Basic Commands and Shell ScriptUnix/Linux Basic Commands and Shell Script
Unix/Linux Basic Commands and Shell Script
sbmguys
 
linux system and network administrations
linux system and network administrationslinux system and network administrations
linux system and network administrations
haile468688
 
Threats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in LinuxThreats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in Linux
Amitesh Bharti
 
File Protection in Operating System
File Protection in Operating SystemFile Protection in Operating System
File Protection in Operating System
Meghaj Mallick
 
Expo ciberseguridad
Expo ciberseguridadExpo ciberseguridad
Expo ciberseguridad
LuisFranciscoLopez4
 
cibers
ciberscibers
cibers
Luis Francisco López Urrea
 
04-1-Linux.ppt
04-1-Linux.ppt04-1-Linux.ppt
04-1-Linux.ppt
EidTahir
 
OPERATING SYSTEMS PRESENTATION.pptx
OPERATING SYSTEMS PRESENTATION.pptxOPERATING SYSTEMS PRESENTATION.pptx
OPERATING SYSTEMS PRESENTATION.pptx
PokormanZuda
 
Bba203 unit 2 operating system concepts
Bba203 unit 2 operating system conceptsBba203 unit 2 operating system concepts
Bba203 unit 2 operating system concepts
kinjal patel
 
Linux@assignment ppt
Linux@assignment pptLinux@assignment ppt
Linux@assignment ppt
Rama .
 
Title Fedora Linux OS Access Control__20231104_222610_0000.pptx
Title Fedora Linux OS Access Control__20231104_222610_0000.pptxTitle Fedora Linux OS Access Control__20231104_222610_0000.pptx
Title Fedora Linux OS Access Control__20231104_222610_0000.pptx
kaverizanzane1
 
Module 4 qui parle de la sécurisation des applications
Module 4 qui parle de la sécurisation des applicationsModule 4 qui parle de la sécurisation des applications
Module 4 qui parle de la sécurisation des applications
EwenBenana
 
Linux Operating System
Linux Operating SystemLinux Operating System
Linux Operating System
KunalKewat1
 
101 4.5 manage file permissions and ownership v3
101 4.5 manage file permissions and ownership v3101 4.5 manage file permissions and ownership v3
101 4.5 manage file permissions and ownership v3
Acácio Oliveira
 
01. english version operating system
01. english version operating system01. english version operating system
01. english version operating system
Jimmi Sitorus
 
Desktop support qua
Desktop support quaDesktop support qua
Desktop support qua
maheshnimbalkar
 

Similar to Ppt linux (20)

OS Unit IV.ppt
OS Unit IV.pptOS Unit IV.ppt
OS Unit IV.ppt
 
prateekporwal
prateekporwalprateekporwal
prateekporwal
 
Host security
Host securityHost security
Host security
 
Host security
Host securityHost security
Host security
 
Unix/Linux Basic Commands and Shell Script
Unix/Linux Basic Commands and Shell ScriptUnix/Linux Basic Commands and Shell Script
Unix/Linux Basic Commands and Shell Script
 
linux system and network administrations
linux system and network administrationslinux system and network administrations
linux system and network administrations
 
Threats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in LinuxThreats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in Linux
 
File Protection in Operating System
File Protection in Operating SystemFile Protection in Operating System
File Protection in Operating System
 
Expo ciberseguridad
Expo ciberseguridadExpo ciberseguridad
Expo ciberseguridad
 
cibers
ciberscibers
cibers
 
04-1-Linux.ppt
04-1-Linux.ppt04-1-Linux.ppt
04-1-Linux.ppt
 
OPERATING SYSTEMS PRESENTATION.pptx
OPERATING SYSTEMS PRESENTATION.pptxOPERATING SYSTEMS PRESENTATION.pptx
OPERATING SYSTEMS PRESENTATION.pptx
 
Bba203 unit 2 operating system concepts
Bba203 unit 2 operating system conceptsBba203 unit 2 operating system concepts
Bba203 unit 2 operating system concepts
 
Linux@assignment ppt
Linux@assignment pptLinux@assignment ppt
Linux@assignment ppt
 
Title Fedora Linux OS Access Control__20231104_222610_0000.pptx
Title Fedora Linux OS Access Control__20231104_222610_0000.pptxTitle Fedora Linux OS Access Control__20231104_222610_0000.pptx
Title Fedora Linux OS Access Control__20231104_222610_0000.pptx
 
Module 4 qui parle de la sécurisation des applications
Module 4 qui parle de la sécurisation des applicationsModule 4 qui parle de la sécurisation des applications
Module 4 qui parle de la sécurisation des applications
 
Linux Operating System
Linux Operating SystemLinux Operating System
Linux Operating System
 
101 4.5 manage file permissions and ownership v3
101 4.5 manage file permissions and ownership v3101 4.5 manage file permissions and ownership v3
101 4.5 manage file permissions and ownership v3
 
01. english version operating system
01. english version operating system01. english version operating system
01. english version operating system
 
Desktop support qua
Desktop support quaDesktop support qua
Desktop support qua
 

Recently uploaded

AI in the Workplace Reskilling, Upskilling, and Future Work.pptx
AI in the Workplace Reskilling, Upskilling, and Future Work.pptxAI in the Workplace Reskilling, Upskilling, and Future Work.pptx
AI in the Workplace Reskilling, Upskilling, and Future Work.pptx
Sunil Jagani
 
From Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMsFrom Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMs
Sease
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
Jason Yip
 
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptxPRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
christinelarrosa
 
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving
 
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
Fwdays
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
Mydbops
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
c5vrf27qcz
 
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeckPoznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
FilipTomaszewski5
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
operationspcvita
 
Christine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptxChristine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptx
christinelarrosa
 
Christine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptxChristine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptx
christinelarrosa
 
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid ResearchHarnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Neo4j
 
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillinQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
LizaNolte
 
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
AlexanderRichford
 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
UiPathCommunity
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
DianaGray10
 
MySQL InnoDB Storage Engine: Deep Dive - Mydbops
MySQL InnoDB Storage Engine: Deep Dive - MydbopsMySQL InnoDB Storage Engine: Deep Dive - Mydbops
MySQL InnoDB Storage Engine: Deep Dive - Mydbops
Mydbops
 
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
zjhamm304
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
Pablo Gómez Abajo
 

Recently uploaded (20)

AI in the Workplace Reskilling, Upskilling, and Future Work.pptx
AI in the Workplace Reskilling, Upskilling, and Future Work.pptxAI in the Workplace Reskilling, Upskilling, and Future Work.pptx
AI in the Workplace Reskilling, Upskilling, and Future Work.pptx
 
From Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMsFrom Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMs
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
 
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptxPRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
 
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
 
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
 
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeckPoznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
 
Christine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptxChristine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptx
 
Christine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptxChristine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptx
 
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid ResearchHarnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
 
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillinQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
 
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
 
MySQL InnoDB Storage Engine: Deep Dive - Mydbops
MySQL InnoDB Storage Engine: Deep Dive - MydbopsMySQL InnoDB Storage Engine: Deep Dive - Mydbops
MySQL InnoDB Storage Engine: Deep Dive - Mydbops
 
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
 

Ppt linux

  • 1. Presented by: Gurpreet Kaur 1-1
  • 2. Linux OS can be represented in the following sphere with three layers: • User Layer • System Layer • Kernel Layer Kernel Layer houses all the operating system resources such as file systems, memory managements, input/output modules and libraries. The outer layer, system land hosts system resources such as Application System Interface (API). 1-2
  • 3. Problems start when normal users have controlled or could access the kernel, it is a very bad situation. By expanding the basic standard security features we have: 1. User and group separation 2. File system security 3. Audit trails 4. PAM authentication 1-3
  • 4. User accounts are used to verify the identity of the person using a computer system. Through username and password credentials, the system is able to determine if the user is permitted to log into the system and, if so, which resources the user is allowed to access. Groups are logical constructs that can be used to group user accounts together for a particular purpose. Through group creation and assignment of privileges, access to restricted resources can be controlled for those who need them and denied to others. 1-4
  • 5. Access to an application or file is granted based on the permission settings for the file. There are three permissions for files, directories, and applications. Symbol Description r Indicates that a given category of user can read a file. w Indicates that a given category of user can write to a file. x Indicates that a given category of user can execute the file. - A fourth symbol indicates that no access is permitted. Each of the three permissions is assigned to three defined categories of users Category Description Owner The owner of the file or application. Group The group that owns the file or application. Everyone All users with access to the system. 1-5
  • 6. Example: -rwxrwxr-x 1 kambing kambing 0 Sep 2 12:25 foo The permissions for this file are listed at the start of the line, starting with set of rwx. This first set of symbols defines owner access. The next set of rwx symbols define group access, The last set of symbols defining access permitted for all other users. This listing indicates that the file is readable, writable, and executable by the user who owns the file (user kambing) as well as the group owning the file (which is a group named kambing). The file is also world-readable and world-executable, but not world-writable. 1-6
  • 7. A very true statement of a UNIX/Linux system, everything is a file; if something is not a file, it is a process. Symbol Meaning - Regular file d Directory l Link c Special file s Socket p Named pipe b Block device For each category of users, read, write and execute permissions can be granted or denied. Files without permissions don't exist on Linux 1-7
  • 8. ls -l Mine -rw-rw-r-- 1 mike users 5 Jul 15 12:39 Mine The file is a regular file Users with user name mike or users belonging to the group users can read and write (change/move/delete) the file, but they can't execute it . All other users are only allowed to read this file, but they can't write or execute it ls -l /bin/ls -rwxr-xr-x 1 root root 45948 Aug 10 15:01 /bin/ls* Executable file, the difference is everybody can run this program, but you need to be root to change it. 1-8
  • 9. The security scheme takes care of user access to programs; it can serve files on a need-to-know basis or least privilege and protect sensitive data such as home directories and system configuration files. We can use the chmod command to modify the file permission, changing of the access mode of a file. The chmod command can be used with alphanumeric or numeric options >chmod u+rwx,go-rwx hello The + and - operators are used to grant or deny a given right to a given group. It makes the file a private file to user. 1-9
  • 10. A record showing who has accessed a computer system and what operations he or she has performed during a given period of time. Linux kernel 2.6 comes with auditd daemon. It’s responsible for writing audit records to the disk. During startup, the rules in /etc/audit.rules are read by this daemon. You can open /etc/audit.rules file and make changes such as setup audit file log location and other option. 1-10
  • 11. In order to use audit facility you need to use following utilities: auditctl A command to assist controlling the kernel’s audit system. You can get status, and add or delete rules into kernel audit system ausearch A command that can query the audit daemon logs based for events based on different search criteria. aureport A tool that produces summary reports of the audit system logs. 1-11
  • 12. Pluggable Authentication Modules (PAM) was invented by SUN Microsystems. Linux-PAM provides a flexible mechanism for authenticating users. It consists of a set of libraries that handle the authentication tasks of applications on the system. The library provides a stable general interface to which privilege-granting programs (such as login) defer to perform standard authentication tasks. Programs supporting PAM must dynamically link themselves to the modules in charge of authentication. The administrator is in charge of the configuration and the attachment order of modules. All applications using PAM must have a configuration file in /etc/pam.d. 1-12
  • 13. Each file is composed of four columns: Module type  auth: user authentication  account: user restriction (e.g.: hour restriction)  session: tasks to perform at login and logout e.g.: mounting directories  password: update of the user authentication token success control  required: a least one of the required modules  requisite: all the requisite modules  sufficient: only one sufficient module  optional: a least one of the required modules is necessary if no other has succeeded path to the module Usually /lib/security. optional arguments - 1-13
  • 14. Proxy servers are software applications that run on your firewall machine in order to provide indirect Internet access to your network. The proxy server takes a packet from inside your network and changes the “from” address to its own address. It then forwards the packet to the destination host. The destination host thinks it is talking only to the firewall. When the firewall receives the response from the destination host, the proxy server sends the packet back to the original requesting machine. A proxy server that passes requests and responses unmodified is usually called a gateway or sometimes tunneling proxy. 1-14
  • 15. Advantages This method is a big advantage when you access FTP sites that do double- reverse lookups. If the IP address( of the host from DNS server) it receives from this last lookup does not match the requesting one or if the DNS lookup failed to find any entries, the server denies access. When you have to manage several machines across your network, keeping all the entries up to date can be a daunting task. With a proxy server in place, your entire network appears to come from the IP address of the proxy server, thus reducing the total number of properly configured DNS entries you need. Another advantage of using a proxy server is that since all outbound traffic must pass through the firewall, as an administrator, you can monitor which types of Internet activity are occurring. The proxy server has very robust logging capabilities which allow you to see who is accessing what on the Internet. Attempted access from the outside is also logged closely. 1-15
  • 16.  To keep machines behind it anonymous, mainly for security.  To speed up access to resources (using caching). Web proxies are commonly used to cache web pages from a web server.  To apply access policy to network services or content, e.g. to block undesired sites.  To access sites prohibited or filtered by your ISP or institution.  To log / audit usage, i.e. to provide company employee Internet usage reporting.  To bypass security / parental controls.  To circumvent Internet filtering to access content otherwise blocked by governments.  To scan transmitted content for malware before delivery.  To scan outbound content, e.g., for data loss prevention.  To allow a web site to make web requests to externally hosted resources (e.g. images, music files, etc.) when cross-domain restrictions prohibit the web site from linking directly to the outside domains. 1-16
  • 17. A proxy server can be placed in the user's local computer or at various points between the user and the destination servers on the Internet. Forward proxy Open proxy Reverse Proxy 1-17
  • 18. A forward proxy taking requests from an internal network and forwarding them to the Internet. Forward proxies are proxies where the client server names the target server to connect to. Forward proxies are able to retrieve from a wide range of sources (in most cases anywhere on the Internet). User Proxy Internet 1-18 Internal Network
  • 19. An open proxy forwarding requests from and to anywhere on the Internet. An open proxy is a forwarding proxy server that is accessible by any Internet user. An anonymous open proxy allows users to conceal their IP address while using other Internet services. Internet Proxy Internet 1-19
  • 20. A reverse proxy (or surrogate) is a proxy server that appears to clients to be an ordinary server. Requests are forwarded to one or more origin servers which handle the request. The response is returned as if it came directly from the proxy server. A reverse proxy taking requests from the Internet and forwarding them to servers in an internal network. Those making requests connect to the proxy and may not be aware of the internal network. User Proxy Internet Internal Network 1-20
  • 21. Reverse proxies are installed in the neighborhood of one or more web servers. All traffic coming from the Internet and with a destination of one of the neighborhood's web servers goes through the proxy server. A reverse proxy is (usually) an Internet-facing proxy used as a front- end to control and protect access to a server on a private network, commonly also performing tasks such as load-balancing, authentication, decryption or caching. 1-21
  • 22. mail - send and receive mail Mail is an intelligent mail processing system, which has a command syntax with lines replaced by messages. This command starts up the mail utility and prints a summary line for each email message currently in your mail box. There is now a new prompt (&), at which you can enter any of the mail commands. 1-22
  • 23. SYNOPSIS mail [-iInv ] [-s subject ] [-c cc-addr ] [-b bcc-addr ] to-addr... mail [-iInNv -f ] [name ] mail [-iInNv [-u user ] ] -v Verbose mode. The details of delivery are displayed on the user's terminal. -i Ignore tty interrupt signals. This is particularly useful when using mail on noisy phone lines. -I Forces mail to run in interactive mode even when input isn't a terminal. In particular, the `~ ' special character when sending mail is only active in interactive mode. -n Inhibits reading /etc/mail.rc upon startup. -N Inhibits the initial display of message headers when reading mail or editing a mail folder. 1-23
  • 24. -s Specify subject on command line (only the first argument after the -s flag is used as a subject; be careful to quote subjects containing spaces.) -c Send carbon copies to list of users. -b Send blind carbon copies to list List should be a comma-separated list of names. -f Read in the contents of your mbox (or the specified file) for processing; when you quit mail writes undeleted messages back to this file. -u Is equivalent to: mail -f /var/spool/mail/user 1-24
  • 25. Sending mail To send a message to one or more people, mail can be invoked with arguments which are the names of people to whom the mail will be sent & mail goofy@domain.com Type in your message. When you are finished you hit Ctrl-d to exit the editor. The system then gives you the option specify "Cc" recepients. Hitting "return" will send the message off. 1-25
  • 26. Reading mail In normal usage mail is given no arguments and checks your mail out of the post office, then prints out a one line header of each message found. The current message is initially the first message (numbered 1) and can be printed using the print command (which can be abbreviated `p ' ) . You can move among the messages much as you move between lines, with the commands `+ ' and `- ' moving backwards and forwards, and simple numbers. Mail version 8.1.2 01/15/2001. Type ? for help. "/var/mail/jhaas": 2 messages 2 unread >U 1 jhaas@beethoven Sun Nov 11 15:31 17/500 test2 U 2 jhaas@beethoven Sun Nov 11 15:34 17/500 test4 & The following command displays the content of the second message: &2 You can reply to this message by entering "r" and hitting the return key: &r 1-26
  • 27. Ending a mail processing session. You can end a mail session with the quit `q ' ) command. Messages which have been examined go to your mbox file unless they have been deleted in which case they are discarded. 1-27