SlideShare a Scribd company logo
1 of 22
Download to read offline
AIR FORCE ASSOCIATION’S
NATIONAL YOUTH CYBER EDUCATION PROGRAM
CYBERPATRIOT
www.uscyberpatriot.org
UNIT EIGHT
Ubuntu Security
AIR FORCE ASSOCIATION’S
NATIONAL YOUTH CYBER EDUCATION PROGRAM
CYBERPATRIOT
www.uscyberpatriot.org
SECTION ONE
Basic GUI Security
1
© Air Force Association
• This unit will show you how
to make many of the same
security settings you made
in Unit 5
‐ Linux has many of the same
vulnerabilities, so the fixes are
similar
• Linux does not have a
Control Panel like in
Windows
• The System Settings menu
offers limited security tools
• Click the System Settings
button in the menu bar
Basic Linux Security
2
© Air Force Association 3
User Accounts
1.
2.
• Click User Accounts in the System Settings window
• As in Windows, it is important to restrict root (Admin) privileges and password
protect all accounts
A. To make account management changes, you must enact root permissions by clicking
Unlock and authenticate yourself by entering your password
B. Switch users from Administrator to Standard User by clicking next to Account Type
C. Change passwords by clicking the asterisks next to the Password option
A.
B.
C.
© Air Force Association
• The open-source community
regularly develops
improvements and patches
for Ubuntu
• You should install these
updates regularly
1. Click the Ubuntu button in
the menu bar and search for
Update Manager
2. Click Settings on the Update
Manager Screen
3. To set automatic updates, go
to the Updates Tab and
make sure “Automatically
check for updates” is set to
“Daily”
4. After applying the changes,
install any available updates
from the main Update
Manager window
4
Installing and Automating Updates
1. 2.
3. 4.
© Air Force Association
• Enable the Ubuntu Built-in Firewall
(UFW) to prevent unauthorized access to
the computer
‐ The UFW is deactivated by default
• By default, UFW is only accessible by
command line
• You can download Gufw, a graphical
firewall interface, from the Software
Center and use it to make changes to the
UFW in the GUI
‐ You might need to install Ubuntu updates
before installing Gufw
Enabling the Firewall
5
Source: https://help.ubuntu.com/community/UFW
© Air Force Association
• After downloading Gufw from the Software Center, click
the Ubuntu button in your menu bar → Search → Firewall
Configuration
• Click the Unlock button on the Gufw window → Enact root
permissions by authenticating → Turn Firewall Status On
• The default (and recommended rules) governing traffic are
to Deny all incoming traffic and Allow all outgoing traffic
• The Reject option is the same as Deny, but also sends a
notification to the sender that connection has been
blocked
6
Using Gufw
• The Preconfigured rule panel allows incoming
and/or outgoing traffic to be controlled for certain
applications or services
‐ Similar to the Windows Firewall Exceptions list
‐ Open entire ports by clicking the Simple or
Advanced tabs
Source: https://help.ubuntu.com/community/Gufw
AIR FORCE ASSOCIATION’S
NATIONAL YOUTH CYBER EDUCATION PROGRAM
CYBERPATRIOT
www.uscyberpatriot.org
SECTION TWO
Basic Command Line Security
7
© Air Force Association
• Gedit is one of many text editor commands in Ubuntu
‐ Syntax: gedit [filepath]
‐ Unlike with other text editors, using gedit will cause a second window to pop-
up where you can easily change the text of a file
‐ This command will allow you to edit security policy files
• You need to enact root permissions before using gedit to edit files
that cannot be accessed by standard users (e.g. system and security
files)
• When using gedit for the first time, go to Edit → Preferences →
Uncheck “Create a backup copy of files” to avoid saving issues
• Try using gedit by opening Terminal and entering gedit hello2.txt
‐ You will not be prompted to authenticate because this is a public file
The gedit Command
8
© Air Force Association
• Like in Windows, the Ubuntu guest account is turned on by default
‐ You should disable it so people can’t access the computer anonymously
• The guest account is controlled by LightDM, the display manager controlling the Ubuntu
login screen
• To turn off the guest account, edit the LightDM file:
‐ After root authenticating, type gedit /etc/lightdm/lightdm.conf
‐ Add the line allow-guest=false to the end of the Light DM file that pops up and click Save
‐ Restart your system and click your username button in the top-right corner of your desktop. The guest
account should be disabled.
Using gedit to Turn off the Guest Account
9
Sources: https://help.ubuntu.com/8.04/serverguide/C/user-management.html,
http://askubuntu.com/questions/451526/removing-guest-session-at-login-in-ubuntu-14-04
© Air Force Association
• Pluggable Authentication Modules
(PAM) are used for logon and
applications
• They simplify user authentication
‐ They do not govern authorization (i.e. grant
privileges to users)
• 4 types of PAM files:
‐ Account – control account conditions (e.g.
not expired, etc.)
‐ Authentication – verify user identities
‐ Password – control some password policies
‐ Session – define actions performed at the
beginning and end of user sessions.
10
PAM Files
Source: http://i.walmartimages.com/i/p/00
/06/41/44/03/0006414403031_500X500.jpg
Source: http://www.linux-mag.com/id/7887/
© Air Force Association
• Type gedit /etc/pam.d/common-password
• Lines in the file starting with “#” are comments to
help the user understand the file. They do not
enforce any policies.
• After making changes, save the file and close it.
11
Editing the PAM Password File
1. To enforce password history of 5 :
Add “remember=5” to the end of the line that has
“pam_unix.so” in it.
3. To enforce password complexity with one of each type of character:*
Add “ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1” to the end of the line with “pam_cracklib.so” in it.**
*ucredit = upper case, lcredit=lower case, dcredit = number and ocredit = symbol
**cracklib may need to be installed before enforcing password complexity
2. To enforce Password length of 8:
Add “minlen=8” to the end of the line that has
“pam_unix.so” in it
Source: http://www.deer-run.com/~hal/sysadmin/pam_cracklib.html
© Air Force Association
• Type gedit /etc/login.defs
• This is a much longer file. To easily find
the section to edit, type Ctrl+F and
then “PASS_MAX_AGE”
• Modify the following variables to the
same recommended settings used in
Windows:
‐ Maximum Password Duration:
• PASS_MAX_DAYS 90
‐ Minimum Password Duration:
• PASS_MIN_DAYS 10
‐ Days Before Expiration to Warn Users
to Change Their Password:
• PASS_WARN_AGE 7
• Save the file and close it
Using gedit to Edit Password History
12
Sources: http://xmodulo.com/2013/12/set-password-policy-linux.html,
© Air Force Association
• Type gedit /etc/pam.d/common-auth
• This file allows you to set an account lockout policy
• Add this line to the end of the file:
auth required pam_tally2.so deny=5 onerr=fail unlock_time=1800
• Save the file and close it
Using gedit to Set Account Policy
13
Source: http://linux.die.net/man/8/pam_tally
Sets the number of
allowed failed login
attempts (in this case 5)
Sets the account
lockout duration in
seconds (in this
case, 30 minutes)
AIR FORCE ASSOCIATION’S
NATIONAL YOUTH CYBER EDUCATION PROGRAM
CYBERPATRIOT
www.uscyberpatriot.org
SECTION THREE
Advanced Ubuntu security
14
© Air Force Association
• The ls command (lower case “L”) lists the contents and properties of a file or
directory
• Syntax: ls [option] [filepath]
‐ –l is a common option (lower case “L”), which provides the user with more
details about the file or directory
• Example: ls –l hello2.txt will yield a description similar to the one below
(exact details may differ)
15
The ls Command
Owner (user who
created the file)
Group (user’s
group when file
was created)
Size
(kb)
Date
Modified
File
Links (refers to how many
files, folder, and shortcuts
link to this file)
hello2.txt
© Air Force Association
1. Type: if this says “d,” the item in question is a directory. A blank means it is a file.
2-4. Owner File Permissions: what the user can do with the file or directory
(Blank 2) Read - r
(Blank 3) Write/modify - w
(Blank 4) Execute – x
5-7. Group File Permissions
(Blank 2) Read - r
(Blank 3) Write/modify - w
(Blank 4) Execute – x
8-10. Other File Permissions
(Blank 2) Read - r
(Blank 3) Write/modify - w
(Blank 4) Execute – x
• File permissions are the first items noted when using the ls command with the –l option
• File permissions are split into the 10 fields outlined below
• If any fields are blank, the users in that section cannot do that action with the file
Viewing File Permissions with the ls Command
16
– r w – r w – r – –
File (1.)
The owner can read
and write (2-4.)
Group members can
read and write (5-7.)
Other users can
read (8-10.)
Example:
© Air Force Association
• Chmod allows you to change file permissions
• Syntax: chmod [u,g or o][+ or -][r,w, or x] [filepath]
‐ Do not put spaces between the three fields after “chmod”
• Example:
1. Type chmod o-r hello2.txt
2. Type ls –l hello2.txt
3. If your permissions originally matched those on the last slide, you should see
hello2.txt’s new file permissions as shown below
The chmod Command
17
Change permissions for
the user, group, or others
Add or subtract
permissions
Specify whether read, write,
or execute privileges are
being changed
Sources: http://condor.depaul.edu/dpowebpg/support/chmod.html,
https://help.ubuntu.com/community/FilePermissions
hello2.txt
© Air Force Association
• Similar to Windows Event Viewer
• From the Search field in the Ubuntu
menu on the left of the desktop, type
System Log to view available logs
• Four types of logs
‐ auth.log: Tracks authentication events
that prompt for user passwords (e.g.,
uses of PAM files and sudo)
‐ dpkg.log: Tracks software events (e.g.,
installations and updates)
‐ syslog: Tracks operating system events
(e.g. error messages)
‐ Xorg.0.log: Tracks desktop events (e.g.,
service changes and graphic card errors.
• Can add different types of logs
System Logs
18
Sources: http://debian-handbook.info/browse/stable/sect.manipulating-packages-with-
dpkg.html, http://ubuntuforums.org/showthread.php?t=900245
© Air Force Association
• Unlike Windows, auditing is not set up
by default in Ubuntu
• Three step process to setting up audits:
1. Install the auditing program by typing
apt-get install auditd
2. Enable audits by typing auditctl –e 1
3. View and modify policies by typing
gedit /etc/audit/auditd.conf
Setting Audit Policies
19
3.
2.
© Air Force Association
• Work very similarly to Windows
‐ Root permissions are required
1. To list all groups:
cat /etc/group
2. To add a group:
addgroup [groupname]
3. To add a user to a group:
adduser [username] [groupname]
20
Groups
© Air Force Association
• Can be viewed and managed in the GUI
• To install, type apt-get install bum in Terminal
• After installing, type bum to run
Services
21
To enable a
service, check the
box next to it
To start a service,
right-click it and
select “Start”
When a service
is started, the
light bulb will
light up. When
stopped, the
light bulb will
be dark.

More Related Content

What's hot

Lesson 3 - Understanding Native Applications, Tools, Mobility, and Remote Man...
Lesson 3 - Understanding Native Applications, Tools, Mobility, and Remote Man...Lesson 3 - Understanding Native Applications, Tools, Mobility, and Remote Man...
Lesson 3 - Understanding Native Applications, Tools, Mobility, and Remote Man...
Gene Carboni
 
Chapter 8 Operating Systems And Utility Programs
Chapter 8 Operating Systems And Utility ProgramsChapter 8 Operating Systems And Utility Programs
Chapter 8 Operating Systems And Utility Programs
norzaini
 
Lesson 4 - Managing Applications, Services, Folders, and Libraries
Lesson 4 - Managing Applications, Services, Folders, and LibrariesLesson 4 - Managing Applications, Services, Folders, and Libraries
Lesson 4 - Managing Applications, Services, Folders, and Libraries
Gene Carboni
 
Lesson 2 - Understanding Operating System Configurations
Lesson 2 - Understanding Operating System ConfigurationsLesson 2 - Understanding Operating System Configurations
Lesson 2 - Understanding Operating System Configurations
Gene Carboni
 
Lesson 1 - Introducing, Installing, and Upgrading Windows 7
Lesson 1 - Introducing, Installing, and Upgrading Windows 7Lesson 1 - Introducing, Installing, and Upgrading Windows 7
Lesson 1 - Introducing, Installing, and Upgrading Windows 7
Gene Carboni
 
Lesson 5 - Managing Devices
Lesson 5 - Managing DevicesLesson 5 - Managing Devices
Lesson 5 - Managing Devices
Gene Carboni
 
Disabling windows file protection
Disabling windows file protectionDisabling windows file protection
Disabling windows file protection
Jhonathansmrt Smart
 
HES2011 - Jon Larimer - Autorun Vulnerabilities on Linux
HES2011 - Jon Larimer - Autorun Vulnerabilities on LinuxHES2011 - Jon Larimer - Autorun Vulnerabilities on Linux
HES2011 - Jon Larimer - Autorun Vulnerabilities on Linux
Hackito Ergo Sum
 
Em library
Em libraryEm library
Em library
shady999
 

What's hot (20)

The Boot Process
The Boot ProcessThe Boot Process
The Boot Process
 
Lesson 3 - Understanding Native Applications, Tools, Mobility, and Remote Man...
Lesson 3 - Understanding Native Applications, Tools, Mobility, and Remote Man...Lesson 3 - Understanding Native Applications, Tools, Mobility, and Remote Man...
Lesson 3 - Understanding Native Applications, Tools, Mobility, and Remote Man...
 
Working with Applications
Working with ApplicationsWorking with Applications
Working with Applications
 
Configuring Devices in Windows
Configuring Devices in WindowsConfiguring Devices in Windows
Configuring Devices in Windows
 
Chapter 8 Operating Systems And Utility Programs
Chapter 8 Operating Systems And Utility ProgramsChapter 8 Operating Systems And Utility Programs
Chapter 8 Operating Systems And Utility Programs
 
Lesson 4 - Managing Applications, Services, Folders, and Libraries
Lesson 4 - Managing Applications, Services, Folders, and LibrariesLesson 4 - Managing Applications, Services, Folders, and Libraries
Lesson 4 - Managing Applications, Services, Folders, and Libraries
 
Lesson 2 - Understanding Operating System Configurations
Lesson 2 - Understanding Operating System ConfigurationsLesson 2 - Understanding Operating System Configurations
Lesson 2 - Understanding Operating System Configurations
 
Lesson 1 - Introducing, Installing, and Upgrading Windows 7
Lesson 1 - Introducing, Installing, and Upgrading Windows 7Lesson 1 - Introducing, Installing, and Upgrading Windows 7
Lesson 1 - Introducing, Installing, and Upgrading Windows 7
 
Lesson 5 - Managing Devices
Lesson 5 - Managing DevicesLesson 5 - Managing Devices
Lesson 5 - Managing Devices
 
Disabling windows file protection
Disabling windows file protectionDisabling windows file protection
Disabling windows file protection
 
Ict 5
Ict 5Ict 5
Ict 5
 
9781111306366 ppt ch7
9781111306366 ppt ch79781111306366 ppt ch7
9781111306366 ppt ch7
 
Red Hat Training
Red Hat   TrainingRed Hat   Training
Red Hat Training
 
1 5 system software and computer management
1 5 system software and computer management1 5 system software and computer management
1 5 system software and computer management
 
Week 6
Week 6Week 6
Week 6
 
HES2011 - Jon Larimer - Autorun Vulnerabilities on Linux
HES2011 - Jon Larimer - Autorun Vulnerabilities on LinuxHES2011 - Jon Larimer - Autorun Vulnerabilities on Linux
HES2011 - Jon Larimer - Autorun Vulnerabilities on Linux
 
9781111306366 ppt ch5
9781111306366 ppt ch59781111306366 ppt ch5
9781111306366 ppt ch5
 
Slim Server Theory
Slim Server TheorySlim Server Theory
Slim Server Theory
 
Em library
Em libraryEm library
Em library
 
9781111306366 ppt ch3
9781111306366 ppt ch39781111306366 ppt ch3
9781111306366 ppt ch3
 

Viewers also liked

Authentication Modules For Linux - PAM Architecture
Authentication Modules For Linux - PAM ArchitectureAuthentication Modules For Linux - PAM Architecture
Authentication Modules For Linux - PAM Architecture
Priyank Kapadia
 
Social Media PowerPoint Presentation - March 2016
Social Media PowerPoint Presentation - March 2016Social Media PowerPoint Presentation - March 2016
Social Media PowerPoint Presentation - March 2016
Misty Hataway-Cone'
 
Why Content Marketing Fails
Why Content Marketing FailsWhy Content Marketing Fails
Why Content Marketing Fails
Rand Fishkin
 

Viewers also liked (14)

Securing Network Access with Open Source solutions
Securing Network Access with Open Source solutionsSecuring Network Access with Open Source solutions
Securing Network Access with Open Source solutions
 
Authentication Modules For Linux - PAM Architecture
Authentication Modules For Linux - PAM ArchitectureAuthentication Modules For Linux - PAM Architecture
Authentication Modules For Linux - PAM Architecture
 
Social Media PowerPoint Presentation - March 2016
Social Media PowerPoint Presentation - March 2016Social Media PowerPoint Presentation - March 2016
Social Media PowerPoint Presentation - March 2016
 
Holistic view of 802.1x integration & optimization
Holistic view of 802.1x integration & optimizationHolistic view of 802.1x integration & optimization
Holistic view of 802.1x integration & optimization
 
The ROI of Trust in Social Selling
The ROI of Trust in Social SellingThe ROI of Trust in Social Selling
The ROI of Trust in Social Selling
 
Be a Digital Trailblazer When Building Your Brand
Be a Digital Trailblazer When Building Your Brand Be a Digital Trailblazer When Building Your Brand
Be a Digital Trailblazer When Building Your Brand
 
How to Create the Perfect Social-Media Post
How to Create the Perfect Social-Media PostHow to Create the Perfect Social-Media Post
How to Create the Perfect Social-Media Post
 
50 Expert Tips for Getting Started on Social Media
50 Expert Tips for Getting Started on Social Media50 Expert Tips for Getting Started on Social Media
50 Expert Tips for Getting Started on Social Media
 
A Complete Guide To The Best Times To Post On Social Media (And More!)
A Complete Guide To The Best Times To Post On Social Media (And More!)A Complete Guide To The Best Times To Post On Social Media (And More!)
A Complete Guide To The Best Times To Post On Social Media (And More!)
 
How Often Should You Post to Facebook and Twitter
How Often Should You Post to Facebook and TwitterHow Often Should You Post to Facebook and Twitter
How Often Should You Post to Facebook and Twitter
 
6 Questions to Lead You to a Social Media Strategy
6 Questions to Lead You to a Social Media Strategy6 Questions to Lead You to a Social Media Strategy
6 Questions to Lead You to a Social Media Strategy
 
How to Determine the ROI of Anything
How to Determine the ROI of AnythingHow to Determine the ROI of Anything
How to Determine the ROI of Anything
 
Go Viral on the Social Web: The Definitive How-To guide!
Go Viral on the Social Web: The Definitive How-To guide!Go Viral on the Social Web: The Definitive How-To guide!
Go Viral on the Social Web: The Definitive How-To guide!
 
Why Content Marketing Fails
Why Content Marketing FailsWhy Content Marketing Fails
Why Content Marketing Fails
 

Similar to Unit+eight+ +ubuntu+security

7 unixsecurity
7 unixsecurity7 unixsecurity
7 unixsecurity
richarddxd
 
How to secure ubuntu 12.04
How to secure ubuntu 12.04 How to secure ubuntu 12.04
How to secure ubuntu 12.04
John Richard
 
Net essentials6e ch9
Net essentials6e ch9Net essentials6e ch9
Net essentials6e ch9
APSU
 
Net essentials6e ch9
Net essentials6e ch9Net essentials6e ch9
Net essentials6e ch9
APSU
 
Five ways to Securing and Hardening your Windows 10 system
Five ways to Securing and Hardening your Windows 10 systemFive ways to Securing and Hardening your Windows 10 system
Five ways to Securing and Hardening your Windows 10 system
Femi Baiyekusi
 

Similar to Unit+eight+ +ubuntu+security (20)

7 unixsecurity
7 unixsecurity7 unixsecurity
7 unixsecurity
 
Linux Security Crash Course
Linux Security Crash CourseLinux Security Crash Course
Linux Security Crash Course
 
Unit+seven+ +introduction+to+linux+and+ubuntu
Unit+seven+ +introduction+to+linux+and+ubuntuUnit+seven+ +introduction+to+linux+and+ubuntu
Unit+seven+ +introduction+to+linux+and+ubuntu
 
101 4.5 manage file permissions and ownership v3
101 4.5 manage file permissions and ownership v3101 4.5 manage file permissions and ownership v3
101 4.5 manage file permissions and ownership v3
 
4.5 manage file permissions and ownership v3
4.5 manage file permissions and ownership v34.5 manage file permissions and ownership v3
4.5 manage file permissions and ownership v3
 
User Management and Privileges on pfSense 2.4 - pfSense Hangout January 2018
User Management and Privileges on pfSense 2.4 - pfSense Hangout January 2018User Management and Privileges on pfSense 2.4 - pfSense Hangout January 2018
User Management and Privileges on pfSense 2.4 - pfSense Hangout January 2018
 
How to secure ubuntu 12.04
How to secure ubuntu 12.04 How to secure ubuntu 12.04
How to secure ubuntu 12.04
 
Net essentials6e ch9
Net essentials6e ch9Net essentials6e ch9
Net essentials6e ch9
 
Net essentials6e ch9
Net essentials6e ch9Net essentials6e ch9
Net essentials6e ch9
 
Chapter 09
Chapter 09Chapter 09
Chapter 09
 
Solaris basics
Solaris basicsSolaris basics
Solaris basics
 
operating system structures
operating system structuresoperating system structures
operating system structures
 
A Day In The Life Of A Linux Administrator
A Day In The Life Of A Linux AdministratorA Day In The Life Of A Linux Administrator
A Day In The Life Of A Linux Administrator
 
ch2.ppt
ch2.pptch2.ppt
ch2.ppt
 
How to Install Odoo 11 on Ubuntu 16.04?
How to Install Odoo 11 on Ubuntu 16.04?How to Install Odoo 11 on Ubuntu 16.04?
How to Install Odoo 11 on Ubuntu 16.04?
 
UNIX/Linux training
UNIX/Linux trainingUNIX/Linux training
UNIX/Linux training
 
Five ways to Securing and Hardening your Windows 10 system
Five ways to Securing and Hardening your Windows 10 systemFive ways to Securing and Hardening your Windows 10 system
Five ways to Securing and Hardening your Windows 10 system
 
How to install odoo 15 steps on a ubuntu 20.04 lts system installation
How to install odoo 15 steps on a ubuntu 20.04 lts system installation How to install odoo 15 steps on a ubuntu 20.04 lts system installation
How to install odoo 15 steps on a ubuntu 20.04 lts system installation
 
Users guide
Users guideUsers guide
Users guide
 
User and group administration in Linux
User and group administration in LinuxUser and group administration in Linux
User and group administration in Linux
 

More from Erdo Deshiant Garnaby (9)

Hackers Cracker Network Intruder
Hackers Cracker Network IntruderHackers Cracker Network Intruder
Hackers Cracker Network Intruder
 
Computer Security Hacking
Computer Security HackingComputer Security Hacking
Computer Security Hacking
 
Org Design
Org DesignOrg Design
Org Design
 
HOS Talent management presentation
HOS Talent management presentationHOS Talent management presentation
HOS Talent management presentation
 
Talent management
Talent managementTalent management
Talent management
 
Unit+two+ +cyber+ethics+and+online+safety
Unit+two+ +cyber+ethics+and+online+safetyUnit+two+ +cyber+ethics+and+online+safety
Unit+two+ +cyber+ethics+and+online+safety
 
Unit+four+ +principles+of+cybersecurity
Unit+four+ +principles+of+cybersecurityUnit+four+ +principles+of+cybersecurity
Unit+four+ +principles+of+cybersecurity
 
introduction to cyber patriot and cyber security
introduction to cyber patriot and cyber securityintroduction to cyber patriot and cyber security
introduction to cyber patriot and cyber security
 
Cyber Ethics
Cyber EthicsCyber Ethics
Cyber Ethics
 

Recently uploaded

一比一原版澳大利亚迪肯大学毕业证如何办理
一比一原版澳大利亚迪肯大学毕业证如何办理一比一原版澳大利亚迪肯大学毕业证如何办理
一比一原版澳大利亚迪肯大学毕业证如何办理
SS
 
一比一原版美国北卡罗莱纳大学毕业证如何办理
一比一原版美国北卡罗莱纳大学毕业证如何办理一比一原版美国北卡罗莱纳大学毕业证如何办理
一比一原版美国北卡罗莱纳大学毕业证如何办理
A
 
如何办理(UCLA毕业证)加州大学洛杉矶分校毕业证成绩单本科硕士学位证留信学历认证
如何办理(UCLA毕业证)加州大学洛杉矶分校毕业证成绩单本科硕士学位证留信学历认证如何办理(UCLA毕业证)加州大学洛杉矶分校毕业证成绩单本科硕士学位证留信学历认证
如何办理(UCLA毕业证)加州大学洛杉矶分校毕业证成绩单本科硕士学位证留信学历认证
hfkmxufye
 
一比一原版(毕业证书)新加坡南洋理工学院毕业证原件一模一样
一比一原版(毕业证书)新加坡南洋理工学院毕业证原件一模一样一比一原版(毕业证书)新加坡南洋理工学院毕业证原件一模一样
一比一原版(毕业证书)新加坡南洋理工学院毕业证原件一模一样
AS
 
一比一原版(TRU毕业证书)温哥华社区学院毕业证如何办理
一比一原版(TRU毕业证书)温哥华社区学院毕业证如何办理一比一原版(TRU毕业证书)温哥华社区学院毕业证如何办理
一比一原版(TRU毕业证书)温哥华社区学院毕业证如何办理
Fir
 
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
AS
 
原版定制美国加州大学河滨分校毕业证原件一模一样
原版定制美国加州大学河滨分校毕业证原件一模一样原版定制美国加州大学河滨分校毕业证原件一模一样
原版定制美国加州大学河滨分校毕业证原件一模一样
A
 
一比一原版(Polytechnic毕业证书)新加坡理工学院毕业证原件一模一样
一比一原版(Polytechnic毕业证书)新加坡理工学院毕业证原件一模一样一比一原版(Polytechnic毕业证书)新加坡理工学院毕业证原件一模一样
一比一原版(Polytechnic毕业证书)新加坡理工学院毕业证原件一模一样
AS
 
一比一原版桑佛德大学毕业证成绩单申请学校Offer快速办理
一比一原版桑佛德大学毕业证成绩单申请学校Offer快速办理一比一原版桑佛德大学毕业证成绩单申请学校Offer快速办理
一比一原版桑佛德大学毕业证成绩单申请学校Offer快速办理
apekaom
 
一比一原版(Soton毕业证书)南安普顿大学毕业证原件一模一样
一比一原版(Soton毕业证书)南安普顿大学毕业证原件一模一样一比一原版(Soton毕业证书)南安普顿大学毕业证原件一模一样
一比一原版(Soton毕业证书)南安普顿大学毕业证原件一模一样
Fi
 
一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书
一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书
一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书
c6eb683559b3
 
一比一定制(USC毕业证书)美国南加州大学毕业证学位证书
一比一定制(USC毕业证书)美国南加州大学毕业证学位证书一比一定制(USC毕业证书)美国南加州大学毕业证学位证书
一比一定制(USC毕业证书)美国南加州大学毕业证学位证书
Fir
 
一比一定制波士顿学院毕业证学位证书
一比一定制波士顿学院毕业证学位证书一比一定制波士顿学院毕业证学位证书
一比一定制波士顿学院毕业证学位证书
A
 
一比一定制加州大学欧文分校毕业证学位证书
一比一定制加州大学欧文分校毕业证学位证书一比一定制加州大学欧文分校毕业证学位证书
一比一定制加州大学欧文分校毕业证学位证书
A
 

Recently uploaded (20)

一比一原版澳大利亚迪肯大学毕业证如何办理
一比一原版澳大利亚迪肯大学毕业证如何办理一比一原版澳大利亚迪肯大学毕业证如何办理
一比一原版澳大利亚迪肯大学毕业证如何办理
 
[Hackersuli] Élő szövet a fémvázon: Python és gépi tanulás a Zeek platformon
[Hackersuli] Élő szövet a fémvázon: Python és gépi tanulás a Zeek platformon[Hackersuli] Élő szövet a fémvázon: Python és gépi tanulás a Zeek platformon
[Hackersuli] Élő szövet a fémvázon: Python és gépi tanulás a Zeek platformon
 
一比一原版美国北卡罗莱纳大学毕业证如何办理
一比一原版美国北卡罗莱纳大学毕业证如何办理一比一原版美国北卡罗莱纳大学毕业证如何办理
一比一原版美国北卡罗莱纳大学毕业证如何办理
 
如何办理(UCLA毕业证)加州大学洛杉矶分校毕业证成绩单本科硕士学位证留信学历认证
如何办理(UCLA毕业证)加州大学洛杉矶分校毕业证成绩单本科硕士学位证留信学历认证如何办理(UCLA毕业证)加州大学洛杉矶分校毕业证成绩单本科硕士学位证留信学历认证
如何办理(UCLA毕业证)加州大学洛杉矶分校毕业证成绩单本科硕士学位证留信学历认证
 
Lowongan Kerja LC Yogyakarta Terbaru 085746015303
Lowongan Kerja LC Yogyakarta Terbaru 085746015303Lowongan Kerja LC Yogyakarta Terbaru 085746015303
Lowongan Kerja LC Yogyakarta Terbaru 085746015303
 
一比一原版(毕业证书)新加坡南洋理工学院毕业证原件一模一样
一比一原版(毕业证书)新加坡南洋理工学院毕业证原件一模一样一比一原版(毕业证书)新加坡南洋理工学院毕业证原件一模一样
一比一原版(毕业证书)新加坡南洋理工学院毕业证原件一模一样
 
一比一原版(TRU毕业证书)温哥华社区学院毕业证如何办理
一比一原版(TRU毕业证书)温哥华社区学院毕业证如何办理一比一原版(TRU毕业证书)温哥华社区学院毕业证如何办理
一比一原版(TRU毕业证书)温哥华社区学院毕业证如何办理
 
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
 
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
 
原版定制美国加州大学河滨分校毕业证原件一模一样
原版定制美国加州大学河滨分校毕业证原件一模一样原版定制美国加州大学河滨分校毕业证原件一模一样
原版定制美国加州大学河滨分校毕业证原件一模一样
 
一比一原版(Polytechnic毕业证书)新加坡理工学院毕业证原件一模一样
一比一原版(Polytechnic毕业证书)新加坡理工学院毕业证原件一模一样一比一原版(Polytechnic毕业证书)新加坡理工学院毕业证原件一模一样
一比一原版(Polytechnic毕业证书)新加坡理工学院毕业证原件一模一样
 
Subdomain enumeration is a crucial phase in cybersecurity, particularly durin...
Subdomain enumeration is a crucial phase in cybersecurity, particularly durin...Subdomain enumeration is a crucial phase in cybersecurity, particularly durin...
Subdomain enumeration is a crucial phase in cybersecurity, particularly durin...
 
一比一原版桑佛德大学毕业证成绩单申请学校Offer快速办理
一比一原版桑佛德大学毕业证成绩单申请学校Offer快速办理一比一原版桑佛德大学毕业证成绩单申请学校Offer快速办理
一比一原版桑佛德大学毕业证成绩单申请学校Offer快速办理
 
GOOGLE Io 2024 At takes center stage.pdf
GOOGLE Io 2024 At takes center stage.pdfGOOGLE Io 2024 At takes center stage.pdf
GOOGLE Io 2024 At takes center stage.pdf
 
一比一原版(Soton毕业证书)南安普顿大学毕业证原件一模一样
一比一原版(Soton毕业证书)南安普顿大学毕业证原件一模一样一比一原版(Soton毕业证书)南安普顿大学毕业证原件一模一样
一比一原版(Soton毕业证书)南安普顿大学毕业证原件一模一样
 
Free on Wednesdays T Shirts Free on Wednesdays Sweatshirts
Free on Wednesdays T Shirts Free on Wednesdays SweatshirtsFree on Wednesdays T Shirts Free on Wednesdays Sweatshirts
Free on Wednesdays T Shirts Free on Wednesdays Sweatshirts
 
一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书
一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书
一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书
 
一比一定制(USC毕业证书)美国南加州大学毕业证学位证书
一比一定制(USC毕业证书)美国南加州大学毕业证学位证书一比一定制(USC毕业证书)美国南加州大学毕业证学位证书
一比一定制(USC毕业证书)美国南加州大学毕业证学位证书
 
一比一定制波士顿学院毕业证学位证书
一比一定制波士顿学院毕业证学位证书一比一定制波士顿学院毕业证学位证书
一比一定制波士顿学院毕业证学位证书
 
一比一定制加州大学欧文分校毕业证学位证书
一比一定制加州大学欧文分校毕业证学位证书一比一定制加州大学欧文分校毕业证学位证书
一比一定制加州大学欧文分校毕业证学位证书
 

Unit+eight+ +ubuntu+security

  • 1. AIR FORCE ASSOCIATION’S NATIONAL YOUTH CYBER EDUCATION PROGRAM CYBERPATRIOT www.uscyberpatriot.org UNIT EIGHT Ubuntu Security
  • 2. AIR FORCE ASSOCIATION’S NATIONAL YOUTH CYBER EDUCATION PROGRAM CYBERPATRIOT www.uscyberpatriot.org SECTION ONE Basic GUI Security 1
  • 3. © Air Force Association • This unit will show you how to make many of the same security settings you made in Unit 5 ‐ Linux has many of the same vulnerabilities, so the fixes are similar • Linux does not have a Control Panel like in Windows • The System Settings menu offers limited security tools • Click the System Settings button in the menu bar Basic Linux Security 2
  • 4. © Air Force Association 3 User Accounts 1. 2. • Click User Accounts in the System Settings window • As in Windows, it is important to restrict root (Admin) privileges and password protect all accounts A. To make account management changes, you must enact root permissions by clicking Unlock and authenticate yourself by entering your password B. Switch users from Administrator to Standard User by clicking next to Account Type C. Change passwords by clicking the asterisks next to the Password option A. B. C.
  • 5. © Air Force Association • The open-source community regularly develops improvements and patches for Ubuntu • You should install these updates regularly 1. Click the Ubuntu button in the menu bar and search for Update Manager 2. Click Settings on the Update Manager Screen 3. To set automatic updates, go to the Updates Tab and make sure “Automatically check for updates” is set to “Daily” 4. After applying the changes, install any available updates from the main Update Manager window 4 Installing and Automating Updates 1. 2. 3. 4.
  • 6. © Air Force Association • Enable the Ubuntu Built-in Firewall (UFW) to prevent unauthorized access to the computer ‐ The UFW is deactivated by default • By default, UFW is only accessible by command line • You can download Gufw, a graphical firewall interface, from the Software Center and use it to make changes to the UFW in the GUI ‐ You might need to install Ubuntu updates before installing Gufw Enabling the Firewall 5 Source: https://help.ubuntu.com/community/UFW
  • 7. © Air Force Association • After downloading Gufw from the Software Center, click the Ubuntu button in your menu bar → Search → Firewall Configuration • Click the Unlock button on the Gufw window → Enact root permissions by authenticating → Turn Firewall Status On • The default (and recommended rules) governing traffic are to Deny all incoming traffic and Allow all outgoing traffic • The Reject option is the same as Deny, but also sends a notification to the sender that connection has been blocked 6 Using Gufw • The Preconfigured rule panel allows incoming and/or outgoing traffic to be controlled for certain applications or services ‐ Similar to the Windows Firewall Exceptions list ‐ Open entire ports by clicking the Simple or Advanced tabs Source: https://help.ubuntu.com/community/Gufw
  • 8. AIR FORCE ASSOCIATION’S NATIONAL YOUTH CYBER EDUCATION PROGRAM CYBERPATRIOT www.uscyberpatriot.org SECTION TWO Basic Command Line Security 7
  • 9. © Air Force Association • Gedit is one of many text editor commands in Ubuntu ‐ Syntax: gedit [filepath] ‐ Unlike with other text editors, using gedit will cause a second window to pop- up where you can easily change the text of a file ‐ This command will allow you to edit security policy files • You need to enact root permissions before using gedit to edit files that cannot be accessed by standard users (e.g. system and security files) • When using gedit for the first time, go to Edit → Preferences → Uncheck “Create a backup copy of files” to avoid saving issues • Try using gedit by opening Terminal and entering gedit hello2.txt ‐ You will not be prompted to authenticate because this is a public file The gedit Command 8
  • 10. © Air Force Association • Like in Windows, the Ubuntu guest account is turned on by default ‐ You should disable it so people can’t access the computer anonymously • The guest account is controlled by LightDM, the display manager controlling the Ubuntu login screen • To turn off the guest account, edit the LightDM file: ‐ After root authenticating, type gedit /etc/lightdm/lightdm.conf ‐ Add the line allow-guest=false to the end of the Light DM file that pops up and click Save ‐ Restart your system and click your username button in the top-right corner of your desktop. The guest account should be disabled. Using gedit to Turn off the Guest Account 9 Sources: https://help.ubuntu.com/8.04/serverguide/C/user-management.html, http://askubuntu.com/questions/451526/removing-guest-session-at-login-in-ubuntu-14-04
  • 11. © Air Force Association • Pluggable Authentication Modules (PAM) are used for logon and applications • They simplify user authentication ‐ They do not govern authorization (i.e. grant privileges to users) • 4 types of PAM files: ‐ Account – control account conditions (e.g. not expired, etc.) ‐ Authentication – verify user identities ‐ Password – control some password policies ‐ Session – define actions performed at the beginning and end of user sessions. 10 PAM Files Source: http://i.walmartimages.com/i/p/00 /06/41/44/03/0006414403031_500X500.jpg Source: http://www.linux-mag.com/id/7887/
  • 12. © Air Force Association • Type gedit /etc/pam.d/common-password • Lines in the file starting with “#” are comments to help the user understand the file. They do not enforce any policies. • After making changes, save the file and close it. 11 Editing the PAM Password File 1. To enforce password history of 5 : Add “remember=5” to the end of the line that has “pam_unix.so” in it. 3. To enforce password complexity with one of each type of character:* Add “ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1” to the end of the line with “pam_cracklib.so” in it.** *ucredit = upper case, lcredit=lower case, dcredit = number and ocredit = symbol **cracklib may need to be installed before enforcing password complexity 2. To enforce Password length of 8: Add “minlen=8” to the end of the line that has “pam_unix.so” in it Source: http://www.deer-run.com/~hal/sysadmin/pam_cracklib.html
  • 13. © Air Force Association • Type gedit /etc/login.defs • This is a much longer file. To easily find the section to edit, type Ctrl+F and then “PASS_MAX_AGE” • Modify the following variables to the same recommended settings used in Windows: ‐ Maximum Password Duration: • PASS_MAX_DAYS 90 ‐ Minimum Password Duration: • PASS_MIN_DAYS 10 ‐ Days Before Expiration to Warn Users to Change Their Password: • PASS_WARN_AGE 7 • Save the file and close it Using gedit to Edit Password History 12 Sources: http://xmodulo.com/2013/12/set-password-policy-linux.html,
  • 14. © Air Force Association • Type gedit /etc/pam.d/common-auth • This file allows you to set an account lockout policy • Add this line to the end of the file: auth required pam_tally2.so deny=5 onerr=fail unlock_time=1800 • Save the file and close it Using gedit to Set Account Policy 13 Source: http://linux.die.net/man/8/pam_tally Sets the number of allowed failed login attempts (in this case 5) Sets the account lockout duration in seconds (in this case, 30 minutes)
  • 15. AIR FORCE ASSOCIATION’S NATIONAL YOUTH CYBER EDUCATION PROGRAM CYBERPATRIOT www.uscyberpatriot.org SECTION THREE Advanced Ubuntu security 14
  • 16. © Air Force Association • The ls command (lower case “L”) lists the contents and properties of a file or directory • Syntax: ls [option] [filepath] ‐ –l is a common option (lower case “L”), which provides the user with more details about the file or directory • Example: ls –l hello2.txt will yield a description similar to the one below (exact details may differ) 15 The ls Command Owner (user who created the file) Group (user’s group when file was created) Size (kb) Date Modified File Links (refers to how many files, folder, and shortcuts link to this file) hello2.txt
  • 17. © Air Force Association 1. Type: if this says “d,” the item in question is a directory. A blank means it is a file. 2-4. Owner File Permissions: what the user can do with the file or directory (Blank 2) Read - r (Blank 3) Write/modify - w (Blank 4) Execute – x 5-7. Group File Permissions (Blank 2) Read - r (Blank 3) Write/modify - w (Blank 4) Execute – x 8-10. Other File Permissions (Blank 2) Read - r (Blank 3) Write/modify - w (Blank 4) Execute – x • File permissions are the first items noted when using the ls command with the –l option • File permissions are split into the 10 fields outlined below • If any fields are blank, the users in that section cannot do that action with the file Viewing File Permissions with the ls Command 16 – r w – r w – r – – File (1.) The owner can read and write (2-4.) Group members can read and write (5-7.) Other users can read (8-10.) Example:
  • 18. © Air Force Association • Chmod allows you to change file permissions • Syntax: chmod [u,g or o][+ or -][r,w, or x] [filepath] ‐ Do not put spaces between the three fields after “chmod” • Example: 1. Type chmod o-r hello2.txt 2. Type ls –l hello2.txt 3. If your permissions originally matched those on the last slide, you should see hello2.txt’s new file permissions as shown below The chmod Command 17 Change permissions for the user, group, or others Add or subtract permissions Specify whether read, write, or execute privileges are being changed Sources: http://condor.depaul.edu/dpowebpg/support/chmod.html, https://help.ubuntu.com/community/FilePermissions hello2.txt
  • 19. © Air Force Association • Similar to Windows Event Viewer • From the Search field in the Ubuntu menu on the left of the desktop, type System Log to view available logs • Four types of logs ‐ auth.log: Tracks authentication events that prompt for user passwords (e.g., uses of PAM files and sudo) ‐ dpkg.log: Tracks software events (e.g., installations and updates) ‐ syslog: Tracks operating system events (e.g. error messages) ‐ Xorg.0.log: Tracks desktop events (e.g., service changes and graphic card errors. • Can add different types of logs System Logs 18 Sources: http://debian-handbook.info/browse/stable/sect.manipulating-packages-with- dpkg.html, http://ubuntuforums.org/showthread.php?t=900245
  • 20. © Air Force Association • Unlike Windows, auditing is not set up by default in Ubuntu • Three step process to setting up audits: 1. Install the auditing program by typing apt-get install auditd 2. Enable audits by typing auditctl –e 1 3. View and modify policies by typing gedit /etc/audit/auditd.conf Setting Audit Policies 19 3. 2.
  • 21. © Air Force Association • Work very similarly to Windows ‐ Root permissions are required 1. To list all groups: cat /etc/group 2. To add a group: addgroup [groupname] 3. To add a user to a group: adduser [username] [groupname] 20 Groups
  • 22. © Air Force Association • Can be viewed and managed in the GUI • To install, type apt-get install bum in Terminal • After installing, type bum to run Services 21 To enable a service, check the box next to it To start a service, right-click it and select “Start” When a service is started, the light bulb will light up. When stopped, the light bulb will be dark.