Difference between revisions of "Linux Security"
Views
Actions
Namespaces
Variants
Tools
m
no edit summary
imported>Tele |
imported>Cscs m |
||
Line 24: | Line 24: | ||
When you run this command, you will be asked for a password, this will be the password of your normal user account. | When you run this command, you will be asked for a password, this will be the password of your normal user account.<br /> | ||
For more information about editing configuration files owned as root see [[Viewing_and_editing_configuration_files|this article on configuration files]]. | |||
Line 31: | Line 32: | ||
While {{ic|sudo}} and {{ic|su}} look similar and both involve root access they are very different. {{ic|sudo}} runs a single command as another user and requests the password of your normal user account. {{ic|su}} lets you *become* root and requests the password of the root user. In general, it is usually safer to use sudo than to use su. | While {{ic|sudo}} and {{ic|su}} look similar and both involve root access they are very different. {{ic|sudo}} runs a single command as another user and requests the password of your normal user account. {{ic|su}} lets you *become* root and requests the password of the root user. In general, it is usually safer to use sudo than to use su. | ||
{{warning|Never run a graphical program as root or with sudo, it should only be used with command line programs}} | |||
{{warning|Never run a graphical program | |||
Line 39: | Line 39: | ||
Sometimes you will take an action in the terminal or through a GUI application and will get prompted for your password. This is because the action you are trying to take cannot be completed by you user and requires elevated rights. Whenever you get a password prompt like this it is important to pause and think if the action you are taking *should* be asking for elevated rights before entering your password. | Sometimes you will take an action in the terminal or through a GUI application and will get prompted for your password. This is because the action you are trying to take cannot be completed by you user and requires elevated rights. Whenever you get a password prompt like this it is important to pause and think if the action you are taking *should* be asking for elevated rights before entering your password. | ||
{{Note|Usually these password prompts will be looking for the password of your normal user account but occasionally they will need the password of the root account}} | |||
{{ | |||
Line 50: | Line 49: | ||
To change the password of a different user on the same system you can use sudo: | To change the password of a different user on the same system you can use sudo: | ||
sudo passwd | sudo passwd USERNAME | ||
Line 63: | Line 62: | ||
To see which groups a given user belongs to use the command | To see which groups a given user belongs to use the command | ||
groups | groups USERNAME | ||
Line 71: | Line 70: | ||
= | =File Permissions= | ||
At the most basic level, files are designated as '''r'''ead, '''w'''rite or e'''x'''ecute to the '''u'''ser(owner), the '''g'''roup and '''o'''ther. To understand how this works let's look at a real world example. | At the most basic level, files are designated as '''r'''ead, '''w'''rite or e'''x'''ecute to the '''u'''ser(owner), the '''g'''roup and '''o'''ther. To understand how this works let's look at a real world example. | ||
Line 118: | Line 117: | ||
= | =Internet and Network Security= | ||
==Firewalls== | ==Firewalls== | ||
The [[Firewalls]] article has a full description of the Firewall solutions available on Manjaro | The [[Firewalls]] article has a full description of the Firewall solutions available on Manjaro. | ||
= | =Checksums= | ||
Checksums are used to validate processed files. | |||
By checking the file checksum, you can detect changes to the file, but the method is not perfect. | By checking the file checksum, you can detect changes to the file, but the method is not perfect. | ||
* The larger the file, the greater the probability of receiving the same checksum. This phenomenon is called collision. This is a disadvantage for checking whether a file is identical and it is also a security defect. | * The larger the file, the greater the probability of receiving the same checksum. This phenomenon is called collision. This is a disadvantage for checking whether a file is identical and it is also a security defect. | ||
* | * Certain algorithms (MD5, SHA-0, SHA-1) are prone to collision, generally antiquated for security purposes, and thus not modernly recommended for use. | ||
* | * Servers can make use of checksums instead of passwords. One advantage is this makes it possible to generate several passwords that will match the same checksum. | ||
* | * Checksums can also be used to detect changes in files rather than for security. Sample programs for checking file integrity Tripwire, AIDE. | ||
List of hash functions | List of hash functions | ||
Line 154: | Line 137: | ||
= | =GPG keys= | ||
* | |||
* GPG keys can be used to encrypt messages in asynchronous encryption. In theory, a thief can steal the key message and still will not be able to decrypt the message. Therefore, this method is considered the most secure method. | |||
* Keys are used to sign the files, but does not give it a high level of safety. Because you can copy, edit the key from file. But it is useful for checking from which the package repository comes from, if we use several repositories and if we are able to verify. | * Keys are used to sign the files, but does not give it a high level of safety. Because you can copy, edit the key from file. But it is useful for checking from which the package repository comes from, if we use several repositories and if we are able to verify. | ||
=Understanding processes= | =Understanding processes= | ||
* You can change the priorities of processes. | * You can change the priorities of processes. | ||
* You can display the process tree. '''pstree''' command | * You can display the process tree. '''pstree''' command | ||
Line 166: | Line 151: | ||
* You can limit the maximum number of processes. This is protection against fork bomb attack, but it does not guarantee system stability, if the user's process will be important for the stability of the system. | * You can limit the maximum number of processes. This is protection against fork bomb attack, but it does not guarantee system stability, if the user's process will be important for the stability of the system. | ||
* "'''Sandbox'''" is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. I heard about two. The first is to set up a separate account with restricted rights for programs. Second this is '''Firejail''', but when I tested it it does not work efficiently. During the system start, all rules are loaded instead of just for only programs which will running. You can also use virtual machines, but this is not their main purpose. | * "'''Sandbox'''" is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. I heard about two. The first is to set up a separate account with restricted rights for programs. Second this is '''Firejail''', but when I tested it it does not work efficiently. During the system start, all rules are loaded instead of just for only programs which will running. You can also use virtual machines, but this is not their main purpose. | ||
[[Category:Contents Page]] | [[Category:Contents Page]] |