Practice Exercise: Understanding Linux Security Principles

Objectives

• Gain a fundamental understanding of Linux security principles.
• Learn about security layers, permissions, users, and groups.
• Explore common security best practices and tools.

Scenario

Security is a critical aspect of using Linux effectively. Whether you are a system administrator or a Linux user, understanding Linux security principles is essential. In this exercise, you will explore key concepts related to Linux security, including security layers, file permissions, user and group management, and security best practices.

Tasks

Task 1: Managing File Permissions

• Create a sample directory and a few files within it.
• Use the ls command with the -l option to display the file permissions for the directory and files.
• Explain the meaning of the various fields in the file permissions display.
• Demonstrate how to change file permissions using the chmod command.
• Set specific permissions to restrict or allow access to files and directories.

  [intern@intern-a1t-inf-lnx1 ~]$ ls -lh *.sh
  -rwxr-xr-x  1 intern  intern   994B Sep 20 07:53 advance_script.sh
  -rwxr-xr-x  1 intern  intern   1.1K Sep 20 06:48 advanced_case.sh
  -rwxr-xr-x  1 intern  intern   643B Sep 20 07:00 advanced_looping.sh
  -rwxr-xr-x  1 intern  intern   433B Sep 20 06:40 advanced_string_manipulation.sh
  -rwxr-xr-x  1 intern  intern   1.1K Sep 20 07:40 array_operations.sh
  -rwxr-xr-x  1 intern  intern   321B Sep 20 05:14 arrays.sh
  -rwxr-xr-x  1 intern  intern   525B Sep 20 06:42 basic_case.sh
  -rwxr-xr-x  1 intern  intern   177B Sep 20 07:17 basic_debugging.sh
  -rwxr-xr-x  1 intern  intern   309B Sep 20 07:50 command_line_args.sh
  -rwxr-xr-x  1 intern  intern   662B Sep 20 06:15 complex_construct.sh
  -rwxr-xr-x  1 intern  intern   372B Sep 20 05:02 conditional.sh
  
  [intern@intern-a1t-inf-lnx1 ~]$ chmod u+rwx advance_script.sh
  [intern@intern-a1t-inf-lnx1 ~]$ ls -l advance_script.sh
  -rwxr-xr-x  1 intern  intern  994 Sep 20 07:53 advance_script.sh
  
  [intern@intern-a1t-inf-lnx1 ~]$ chmod -R g-w projects
  [intern@intern-a1t-inf-lnx1 ~]$ ls -l projects
  total 16
  -rw-------  1 intern  intern  68 Sep 20 03:54 my_history
  -rwsr-xr-x  1 intern  intern  68 Sep 19 05:42 myscript.sh
  -rw-r--r--  1 intern  intern   0 Sep 19 02:28 project_plan.txt
  
  [intern@intern-a1t-inf-lnx1 ~]$ chmod 755 advance_script.sh
  [intern@intern-a1t-inf-lnx1 ~]$ ls -l advance_script.sh
  -rwxr-xr-x  1 intern  intern  994 Sep 20 07:53 advance_script.sh
  
  [intern@intern-a1t-inf-lnx1 ~]$ chmod u=rw,g=r,o=r advance_script.sh
  [intern@intern-a1t-inf-lnx1 ~]$ ls -l advance_script.sh
  -rw-r--r--  1 intern  intern  994 Sep 20 07:53 advance_script.sh
  
  [intern@intern-a1t-inf-lnx1 ~]$ chmod o= advance_script.sh
  [intern@intern-a1t-inf-lnx1 ~]$ ls -l advance_script.sh
  -rw-r-----  1 intern  intern  994 Sep 20 07:53 advance_script.sh
  

Task 2: Managing Users and Groups

• List the users currently present on your Linux system.
• Create a new user account using the useradd command.
• Assign the new user to a specific group using the usermod command.
• Demonstrate how to switch between user accounts using the su command.

  [intern@intern-a1t-inf-lnx1 ~]$ cut -d: -f1 /etc/passwd
  
  ##
  # User Database
  #
  # Note that this file is consulted directly only when the system is running
  # in single-user mode.  At other times this information is provided by
  # Open Directory.
  #
  # See the opendirectoryd(8) man page for additional information about
  # Open Directory.
  ##
  nobody
  root
  daemon
  
  [intern@intern-a1t-inf-lnx1 ~]$ sudo useradd new_user
  
  [intern@intern-a1t-inf-lnx1 ~]$ sudo usermod -G another_group new_user
  
  [intern@intern-a1t-inf-lnx1 ~]$ groups new_user
  new_user : new_user another_group
  

Task 3: Password Policies and Authentication

• Discuss the importance of strong password policies in Linux security.
• Review the /etc/passwd and /etc/shadow files to understand how user authentication works.
• Use the passwd command to change your own password and enforce password policies.
• Explore authentication methods such as SSH keys and their advantages.

  [intern@intern-a1t-inf-lnx1 ~]$ ls -l /etc/passwd /etc/shadow
  -rw-r--r-- 1 root root   1724 Sep 20 15:04 /etc/passwd
  -rw-r----- 1 root shadow  993 Sep 20 15:04 /etc/shadow
  
  [intern@intern-a1t-inf-lnx1 ~]$ sudo cat /etc/passwd | tail
  pollinate:x:105:1::/var/cache/pollinate:/bin/false
  sshd:x:106:65534::/run/sshd:/usr/sbin/nologin
  intern:x:1000:1000:intern:/home/intern:/bin/bash
  syslog:x:107:113::/home/syslog:/usr/sbin/nologin
  uuidd:x:108:114::/run/uuidd:/usr/sbin/nologin
  tcpdump:x:109:115::/nonexistent:/usr/sbin/nologin
  lxd:x:999:100::/var/snap/lxd/common/lxd:/bin/false
  another_user:x:1001:1001::/home/another_user:/bin/sh
  ftp:x:110:117:ftp daemon,,,:/srv/ftp:/usr/sbin/nologin
  new_user:x:1002:1003::/home/new_user:/bin/sh
  
  [intern@intern-a1t-inf-lnx1 ~]$ sudo cat /etc/shadow | tail
  pollinate:*:19213:0:99999:7:::
  sshd:*:19213:0:99999:7:::
  intern:$y$j9T$yBU/35SZaq/FCfLN7zKH1.$eV37UwFhbiWrQWKTE0g6Gxt/PFfzxp8Ea32C7lvJvkB:19620:0:99999:7:::
  syslog:*:19356:0:99999:7:::
  uuidd:*:19356:0:99999:7:::
  tcpdump:*:19356:0:99999:7:::
  lxd:!:19356::::::
  another_user:!:19619:0:99999:7:::
  ftp:*:19619:0:99999:7:::
  new_user:!:19620:0:99999:7:::
  
  [intern@intern-a1t-inf-lnx1 ~]$ passwd
  Changing password for intern.
  Current password:
  New password:
  Retype new password:
  passwd: password updated successfully
  

Task 4: Security Auditing and Monitoring

• Describe the concept of security auditing and monitoring.
• Explore tools like auditd and rsyslog for monitoring system activities and logs.
• Set up basic auditing rules to track specific events on your system.
• Analyze system logs to identify potential security issues or anomalies.

  [intern@intern-a1t-inf-lnx1 ~]$ sudo auditctl -w /etc -p wa
  [intern@intern-a1t-inf-lnx1 ~]$ sudo auditctl -l
  -w /etc -p wa
  
  # `/var/log` are where logs are stored
  [intern@intern-a1t-inf-lnx1 ~]$ ls /var/log/
  audit              dnf.log              maillog-20230926   secure-20230926
  boot.log           dnf.rpm.log          maillog-20231003   secure-20231003
  boot.log-20230818  firewalld            messages           spooler
  boot.log-20230821  hawkey.log           messages-20230820  spooler-20230820
  btmp               hawkey.log-20230820  messages-20230827  spooler-20230827
  btmp-20231002      hawkey.log-20230827  messages-20230926  spooler-20230926
  checker            hawkey.log-20230926  messages-20231003  spooler-20231003
  cron               hawkey.log-20231003  private            sssd
  cron-20230820      kdump.log            qemu-ga            tuned
  cron-20230827      lastlog              sa                 wtmp
  cron-20230926      maillog              secure
  cron-20231003      maillog-20230820     secure-20230820
  dnf.librepo.log    maillog-20230827     secure-20230827
  

---

Conclusion

In this exercise, you've delved into the fundamental principles of Linux security. You've learned about security layers, file permissions, user and group management, password policies, security best practices, and security auditing. Understanding these principles is essential for safeguarding Linux systems and data from potential threats.