basic red hat linux

8/8/2019 Basic Red Hat Linux

1/5

Werner PuschitzLast fiddled: July 7, 2002.

For information on Red Hat Linux, Installation, Documentation, Kernel, Oracle, and Linux in general,

see www.puschitz.com.

Securing Red Hat Linux 7.3This is a work in progress and is NOT completed! Actually I started to write this article a few days ago.

This article will become a step-by-step procedure for securing a RedHat Linux server.

If you are maybe interested in Oracle9i on RedHat Linux 7.x, then check my otherarticle.

General

Log Files

Errors and system messages:

/var/log/dmesg (kernel boot messages)/var/log/boot (runlevel boot logging messages)/var/log/messages (system messages)

...

Authentication Files:

/var/run/utmp/var/log/wtmp/var/log/btmp/var/log/secure/var/log/lastlog

Server-specific Logs:

/var/log/xferlog (ftpd logging information)/var/log/maillog (sendmail logging information)/var/log/pacct...

Connect Accounting Utilities

Here is a list of commands you can use to get data about user logins:

who Shows a listing of currently logged-in users. This command reads /var/log/utmp.

w Shows who is logged on and what they are doing.last Shows a list of last logged-in users, including login time, logout time etc. This command reads

/var/log/wtmp.

lastb Same as last, except that by default it shows a log of the file /var/log/btmp, which contains

all the bad login attempts.

lastlog This command reports data maintained in /var/log/lastlog, which is a record of the last

time a user logged in.

ac Prints out the connect time in hours on a per-user basis or daily basis etc. This command reads

/var/log/wtmp.

dump-utmp Converts the raw data from /var/run/utmp or/var/log/wtmp into ASCII-parsable format.

ftpwho The ftpwho program utility displays all active ftp users, and their current process information

ing Red Hat Linux (Step-by-Step Security Guide/HOWTO), http://www.blacksheepnetworks.com/security/resources/redhat-7.3

2/25/2010 1


2/5

on the system.

The output of the command is in the format of the "/bin/ps" command.

ftpcount The ftpcount program utility, a simplified version offtpwho, shows only the current number of

users logged in to

the system, and the maximum number of users allowed.

RedHat Package Manager (RPM)

You should make sure that you remove all packages you don't need on a production server (e.g compilers,development packages, X, etc.).

Here are some basic RPM options for maintaining packages:

To install a RPM package:

rpm -ivh package_name.rpm

To delete a RPM package:

rpm -e package_name.rpm

To check what happens if a package gets deleted (dependency checks etc.):

rpm -e --test package_name.rpm

To install or upgrade a RPM package that is currently installed to a newer version: rpm -Uvh package_name.rpm

To upgrade a RPM package only if an earlier version currently exists:

rpm -Fvh package_name.rpm

To query for all packages:

rpm -qa

To get package information about a specific package:

rpm -qi package_name.rpm

To list all files and directories that belong to a RPM package:

rpm -ql package_name.rpm

To query for the package that owns a specific file on your server:

rpm -qf /bin/ls

The /etc/inittab File

"Control-Alt-Del"

You might want to disable the "Control-Alt-Del" key sequence. To do that, make sure the

following line is commented out in the /etc/inittab file:#ca::ctrlaltdel:/sbin/shutdown -t3 -r now

Make sure that the change becomes effective immediately by invoking the following command:

init q

"Single User Mode Password"

Some recommend to add, for example, the following line in the /etc/inittab file to ensure that

a root password is required for the Single User Mode logon:

~~:S:wait:/sbin/sulogin

But this would give you a false sense of security. When you get into the Single User Mode, it will

certainly ask you for the root password. But it's too easy to get around. Instead of using "linux

single", you can also use "linux init=/bin/bash" which will not ask for the root password.


2/25/2010 1


3/5


4/5

and /etc/shadow files as follows:

/etc/passwd::x:UID_MIN+:GROUP::HOME/:SHELL

/etc/shadow::::PASS_MIN_DAYS:PASS_MAX_DAYS:PASS_WARN_AGE:INACTIVE:EXPIRE:

Here is an example how to add a user with the useradd command:

useradd -n -c "Werner Puschitz" -G wheel wernerp

-n specifies that the user's primary group name should not be the same as the user being added; the user's

primary group will be "users".

-c specifies the name of the user.

-G weel specifies that the user will be added to the supplementary group "wheel". Users who are member of

the "wheel" group will be able to successfully switch to the userroot with the "su" command. See PAM how

you can use pam_wheel to enforce the restriction of successful "su to root" executions.

Pluggable Authentication Modules (PAM)

/etc/pam.d/su: /lib/security/pam_wheel.so parameters

This PAM module permits root authentication to members of the wheel group only. Ensure that the following

parameters are set:

/lib/security/pam_wheel.so use_uid

TO BE CONTINUED... :-)

Linux Security Books

If you want to read a very good book on Linux Security, then you should check out Gerhard Mourani's

security book, which covers security very thoroughly and which is intended for a technical audience and

Linux administrators. But it also covers material for home users and others as well. I had the opportunity to

contribute to the development of the second edition. The edition " Securing & Optimizing Linux: The

Ultimate Solution " is now the successor of the very popular book "Securing and Optimizing Linux: Red Hat

Edition".

Securing and Optimizing Linux: Red Hat Edition (First Edition)

This edition can be downloaded for free in PDF format at http://www.linuxsecurity.com/docs/Securing-

Optimizing-Linux-RH-Edition-1_3.pdf , or

You can browse through the book in HTML format at http://www.linuxdoc.org/LDP/solrhe/Securing-

Optimizing-Linux-RH-Edition-v1.3 .

Securing & Optimizing Linux: The Ultimate Solution (Second Edition)

You can buy this 850 pages book at www.openna.com or


2/25/2010 1


5/5

You can buy it in PDF format at www.openna.com

If you find any errors or mistakes, please let me know at [email protected] !

Warning and Disclaimer: Every effort has been made to provide the information as accurate as possible, but no warranty or fitness is

implied. The author shall have no liability nor responsibility to any loss or damages arising from the information contained on this

web site.

Comments? [email protected]


basic red hat linux

Documents