LINUX AND NETWORK SECURITY

A short two-part talk introducing:

•Basic Linux/Unix system administration (CentOS/RHEL5)•General Computer/Network security

… for the G53SEC module.

Nick Reynolds.

CentOS 5

Adding AccountsNeed entry in

/etc/passwdNeed password in

/etc/shadowNeed home directory

/home/[username]Correct Permissions

$ man adduser$ adduser <username>

$ man passwd$ passwd <username>

Gui Alternative:redhat-config-users

The Telnet Server (telnetd)Runs on receiving a connection man xintedStart with:

chkconfig krb5-telnet onStop with:chkconfig krb5-telnet off

Configuring the Telnet ServerRead manual page:man telnetd

Set up accounts using:adduser

Change account shell:chsh <username>

(Tip: man ssh, chkconfig sshd on/off)

Other Services ftp server httpd server (apache) ssh server …

Network Configuration (Optional)redhat-config-network-gui

Software Installs – DistributionSearching:yum search [string]

Installing:yum install [package]

Staying up to date:yum update

Lots more!:man yum man yum.conf

Monitoring The SystemCheck logs:/var/log/*

Monitor network activity:tcpdump

Monitor processes:pstop

Useful CommandsMove between accounts:/bin/su – [username]

Permissions and ownership:chmod <mode> <filename>chgrp <group> <filename>chown <user> <filename>

Manual pages:man <command>

Useful ResourcesCentOS5 (RedHat EE) Documentation

http://netlab-gw.cs.nott.ac.uk/centos/5/docs/http://ftp.cs.nott.ac.uk/centos/5/docs/

Linux Documentation Projecthttp://newton.ex.ac.uk/LDP/

Search Engines!

Final CentOS NotesMany ways to achieve the same result.Experiment within a user account.Don’t make to many changes in one go.Stay up to date (yum update)Advanced methods to configure servers:man pam

General Network/Computer SecurityEncryptionAccess PermissionsWho/what do you trust?Network Infrastructure

Encryption

EncryptionUse secure Protocols

Insecure Secure

telnet sshftp scpimap imapshttp https

Access Permissions

Access Permissions File/directory permissions

Firewalls

Who/What do you trust?

Who/What do you trust? DHCP?

IP Addresses?

Network Infrastructure

Network Infrastructure Where does your data go?

Switches? Hubs? Which route?

Wi-fi

The End!