Linux Security Basics

By Nayla Greige
Outline
• Basic Commands
• Users and groups
• Permissions and access control
• Running commands with privilege
• Authentication
Introduction to Linux

• What is Linux?
• Definition: Linux is an open-source operating system
kernel created by Linus Torvalds in 1991. It serves as the
foundation for many operating systems known as Linux
distributions.
• Open Source: The source code of Linux is freely available,
allowing users to view, modify, and distribute it.
• Examples: Ubuntu, CentOS, Fedora, Debian, Arch Linux,
and Mint.
 Linux File System Hierarchy
• Root Directory (/): The top-level directory in the Linux file system hierarchy.
• Home Directory (/home): Contains user-specific files and directories.
• Binary Directory (/bin): Contains essential command binaries such as ls, cp, mv.
• System Configuration (/etc): Contains configuration files for system-wide settings.
• Library Directory (/lib): Contains essential libraries needed for system binaries.
• Temporary Files (/tmp):Used for temporary file storage by applications.
• Device Files (/dev): Contains device files that represent hardware devices.
• Mount Points (/mnt, /media): Used for mounting external storage devices.
 Basic Commands
• File Operations:
ls: List directory contents.
cp: Copy files or directories.
mv: Move or rename files or directories.
rm: Remove files or directories.
touch: Create an empty file or update the timestamp of an existing file.
• Directory Operations:
cd: Change directory.
pwd: Print the current working directory.
mkdir: Create a new directory.
rmdir: Remove an empty directory.
 Basic Commands
• File Viewing:
cat: Concatenate and display file contents.
more, less: View file contents page by page.
head, tail: Display the beginning or end of a file.

• Permissions:
chmod: Change file permissions.
chown: Change file ownership.
chgrp: Change file group ownership.
USER AND GROUP
Users
• User and Group Files:
/etc/passwd: Stores user account information.
/etc/group: Stores group account information.
• File Permissions:
Types: Read (r), Write (w), Execute (x).
Ownership: Each file has an owner, a group, and permission settings for user, group, and
others.
Users
• In Linux, each user is assigned a unique user ID
• User ID is stored in /etc/password

• Find user ID
Add Users & Switch to Other Users
• Add users
• Directly add to /etc/password
• Use “adduser” command

• Switch to another user

Group
• Represent a group of users
• Assigning permissions based on group
• A user can belong to multiple groups
• A user’s primary group is in /etc/password
Which Group Does a User Belong
To?
Group Management
How to add users

User Management Commands:

useradd: Add a new user.
usermod: Modify an existing user.
userdel: Delete a user.
groupadd: Add a new group.
groupdel: Delete a group.
PERMISSIONS AND ACCESS
CONTROL
Traditional Permission Model
• Types of access on files
• read (r): user can view the contents of the file
• write (w): user can change the contents of the file
• execute (x): user can execute or run the file if it is a program or script
• Types of access on directories
• read (r): user can list the contents of the directory (e.g., using ls)
• write (w): user can create files and sub-directories inside the directory
• execute (x): user can enter that directory (e.g., using cd)
File Permissions
Default File Permissions
• umask value: command to determine the default permissions set for
new files and directories when they are created. It specifies which
permissions should be masked out or restricted from the default
permissions.
• Example
 How umask Works
•Default Permissions: When a file or directory is created, it has default
permissions:
•Files: Typically 666 (read and write for everyone)
•Directories: Typically 777 (read, write, and execute for everyone)

•Masking: The umask value is subtracted from these default permissions to

determine the actual permissions set for the new file or directory.

666 - 022 = 644 (read and

write for the owner, read-only
for group and others)
Examples (umask)
chmod
• It is a command used in Unix and Unix-like operating systems (such as
Linux) to change the file permissions or modes of files and directories.
• We use indicators to represent these values, and form short
“permissions statements” such as u+x, where “u” means ” user”
(who), “+” means add (what), and “x” means the execute permission
(which).
•User Types: •Permissions: •Operations:
•u: User (owner) • r: Read • +: Add permission
•g: Group • w: Write • -: Remove permission
•o: Others • x: Execute • =: Set permission explicitly
•a: All (user, group,
and others)
RUNNING COMMAND WITH
PRIVILEGE
Understanding Superuser Privileges
•Superuser:
Often referred to as the root user, has full control over the system.
The root user can perform any action on the system, including those
that could potentially harm the system.
•Privileges:
Include the ability to read, write, and execute any file, change
system configurations, and manage other users.
Importance of a root shell
A root shell is a command-line interface (CLI) session where the user has
superuser (root) privileges. In this shell, the user can execute commands
with the highest level of permissions, allowing them to perform
administrative tasks that affect the entire system.

• Full System Access: The root shell grants unrestricted access to all
files and system resources, including the ability to modify system
configurations, install or remove software, and manage user
accounts.
• Privileges: Commands executed in a root shell can change system
settings, install updates, and access all files, regardless of the file
permissions set for other users.
How to access a root shell?
1. Using su (Substitute User)
2. Start a Root Shell:
sudo -i
Common Methods to Grant
Superuser Privileges

• sudo
• Set-uid programs (covered in a separate chapter)
• POSIX capabilities
Using sudo
• sudo: Super-user Do
• Allows permitted users to execute commands as a superuser
• A user must be authorized (/etc/sudoers)
• Here is how the seed user is allowed to run sudo
 Running Command Using Another
User
su (substitute user): Allows switching to another user, typically the root
user. You need to provide the root password.
POSIX Capabilities
• Divide the root privilege into smaller privilege units
• Known as capabilities
• Use “man capabilities” to find all the capabilities
• Examples
Setting File Capabilities (1)
• Before

• Setting the capabilities

AUTHENTICATION
The Password File (/etc/passwd file)
• Stores basic user account information such as username, user ID,
group ID, home directory, and default shell.
• Password is not stored here (used to be). It is now replaced with a
placeholder such as x or * and the actual passwords are stored in
the /etc/shadow file
The Shadow File (/etc/shadow file)
•Secure Password Storage: Unlike the /etc/passwd file, which is world-
readable, /etc/shadow is readable only by privileged users (usually root). This
file stores hashed passwords and additional account information in a more
secure manner.
•Password Management: It contains data on password aging and account
expiration, which helps in managing password policies and user account
securit
The Purpose of Salt
• Defeat brute-force attacks
• dictionary attack, rainbow table attack
• These 3 accounts have the same password