START Track II - Introduction to GNU/Linux

• A Brief History of Time...
  • UNIX
  • Free UNIX-like OSes
  • History of GNU/Linux
• Quick System Overview
  • The Boot Sequence
  • Command-Line
  • Graphical
• Comparison to Windows
  • Filesystem Comparison
  • New Software Installation / Maintenance
  • Registry
  • Services

• The GNU/Linux System
  • The Kernel
  • The Other Stuff
  • GNU/Linux Distributions
• Resources
  • LSU's redhat.lsu.edu
  • Linux Documentation
• Security
  • Locking Down
  • Logging
  • Detecting
  • Testing
  • LSU Specific

• Installation
  • Sample Dedicated Installation of Red Hat v7.2

• Test

A Brief History of Time...

UNIX

UNICS (UNiplexed Information and Computing Service) was created at AT&T Bell Laboratories in the fall of 1969 by Ken Thompson (and a few other researchers) after failed attempts working on the MULTICS project. Their work was the result of trying to create a multi-user time-sharing operating system. They started licensing their code to universities in 1974.

"...the number of UNIX installations has grown to 10, with more expected..." - Dennis Ritchie and Ken Thompson, June 1972

While on sabbatical in 1978, Ken Thompson helped student Bill Joy write the Berkeley Software Distribution (BSD). AT&T's UNIX became a stable commercial product while BSD's became a research project and teaching tool. This split between AT&T UNIX and BSD UNIX remains today. However, most commercial and free UNIXes are a blend of both.

It should be pointed out that the first Operating System that Microsoft sold was Xenix, in August of 1980, their UNIX-like OS that ran on both Intel and Motorola processors. Microsoft did not sell their first DOS until 1981 and 1982.

Free UNIX-like OSes

In 1984 and 1985, Richard M. Stallman started GNU and founded the Free Software Foundation. His goal was to create a totally free (libris) UNIX-like operating system. Though many supporting tools were written quickly, the kernel, called the Hurd, was many years in coming. In 1985 Carnegie Mellon created the MACH kernel based on a micro-kernel architecture.

In 1987 Andrew S. Tanenbaum -- a professor in Amsterdam, the Netherlands -- created MINIX as a teaching aid for his Operating Systems class. This was one of the first complete implementations of a "free" UNIX-like OS, although you had to buy Dr. Tanenbaum's book to get it.

Starting in the early 1990's there were several projects that branched off of BSD. The NetBSD and FreeBSD projects both started in 1993. In 1995 a disgruntled NetBSD contributor left and founded the OpenBSD project.

History of GNU/Linux

As part of his schooling at a university in Helsinki, Finland, Linus Torvalds started to write a new filesystem for MINIX. In 1991, after several disputes with Dr. Tanenbaum, Linus decided to write his own operating system. Over time, with the help of others on the Internet, Linus got parts of Stallman's GNU software (shells, compilers, etc.) working with his kernel.

From: torvalds@klaava.Helsinki.FI (Linus Benedict Torvalds)
Newsgroups: comp.os.minix
Subject: What would you like to see most in minix?
Summary: small poll for my new operating system
Message-ID: <1991Aug25.205708.9541@klaava.Helsinki.FI>
Date: 25 Aug 91 20:57:08 GMT
Organization: University of Helsinki

Hello everybody out there using minix -
I'm doing a (free) operating system (just a hobby, won't be big and
professional like gnu) for 386(486) AT clones. This has been brewing
since april, and is starting to get ready. I'd like any feedback on
things people like/dislike in minix, as my OS resembles it somewhat
(same physical layout of the file-system (due to practical reasons)
among other things).
I've currently ported bash(1.08) and gcc(1.40), and things seem to work.
This implies that I'll get something practical within a few months, and
I'd like to know what features most people would want. Any suggestions
are welcome, but I won't promise I'll implement them :-)
Linus (torvalds@kruuna.helsinki.fi)
PS. Yes - it's free of any minix code, and it has a multi-threaded fs.
It is NOT protable (uses 386 task switching etc), and it probably never
will support anything other than AT-harddisks, as that's all I have :-(.

In 1994 he released the kernel v1.0 and the associated GNU tools as the first widespread public GNU/Linux distribution.

Return to top of page

Quick System Overview

The Boot Sequence

After the BIOS checks the hardware, it reads the Master Boot Record (MBR) from the first Hard Drive (HD) in the machine. Since we installed GRUB (GRand Unified Bootloader), the first thing you see after the BIOS is done is the graphical GRUB screen. GRUB is responsible for loading and transferring control to the operating system kernel. The menu allows you to select which operating system (currently only GNU/Linux) or kernel version (SMP, UP, hand-compiled, etc.) to load.

GRUB then loads the kernel which immediately starts detecting hardware and loading drivers. As soon as the kernel is fully loaded and initialized (remember, the Linux kernel is a macrokernel architecture that has a lot built into it), it starts init which displays the Welcome to Red Hat Linux message. Newer versions of init allow you to press "I" to enter an interactive mode, letting you selectively choose which services to start (or not start), similar to jumping into Extension Manager on a Macintosh system, or pressing F5 at boot on a DOS/Windows system.

As each service is started, its name is echoed on the left of the screen. If the service starts successfully, a message [  OK  ] appears on the right. If the service failed to start successfully, a message [FAILED] appears on the right.

One of the services that starts by default on a traditional install is Kudzu which provides minimal "Plug-and-Play" functionality. If new hardware is added to a system, Kudzu will (hopefully) detect, configure, and load the appropriate driver for it. Once Kudzu has finished with the new hardware more services will continue to load.

Once all of the services have loaded (init has finished) the login prompt appears. Since we purposefully selected a Text-based login (vs. a Graphical login) we get the default message and prompt.

Graphical

Graphics were not a native part of the original UNIX environment. The X-Window system, part of the Athena project at MIT, was created to provide a mechanism to display graphics in UNIX. The X-Window system is only a client / server based protocol for displaying graphics. The system where the graphics are viewed runs an X-Window server. The system where the graphics are generated runs an X-Window client. They can be the same machine (as you should be familiar with in the Windows environment), or they can be two different systems an Internet apart.

Most commercial UNIXes provide proprietary X-Window servers for their version of UNIX. The free UNIX world has concentrated on XFree86 as the primary X-Window server (despite the "86" referring to the Intel x86 architecture, XFree86 has been ported to numerous architectures).

Besides the X-Window server, the X-Window protocol requires a window manager to display the windows, however it chooses. The two currently dominant window managers in the free UNIX world are KDE and GNOME. KDE was developed by an independent group of programmers and is a loose approximation of the commercial CDE environment. GNOME development was started under a free license by Red Hat but has since moved to another company called Ximian who continues devlopment and provides free availability.

Running an X-Window server and window manager on a machine provides a familiar graphical interface. However, both GNOME and KDE require higher amounts of system resources than older, more simpler window managers like fvwm. Luckily, in the free UNIX world the user has a choice (kind of).

The computer mouse was invented in 1968 by Douglas Englebart while at Stanford University.

Command-Line

The command line is the simplest, most fundamental and most common interface for most UNIX-like OSes. Commands in UNIX are typically short (2-4 characters) and usually arcane (i.e. awk, ls). It is beyond the scope of this presentation to teach you all of the obfuscation necessary to become a comfortable UNIX user. However, here is a list of some of the most useful commands:

Command	Description	DOS/Windows Equivalent
awk	File processing and report generating	N/A
cat	Show contents of a file	type
cd	Change directory	cd
cp	Copy a file	copy
echo	Display output	echo
exit	Terminate a session	exit
file	Determine file type	File Extension
find	Find a file	Windows Explorer Find
grep	Find lines in a file	N/A
kill	Terminate a running process	Task Manager
ln	Link a file to another file	Create Shortcut
ls	Display files in a directory	dir
man	Get help about commands	Help
mkdir	Create a directory	mkdir
more	Display a file one page at a time	more
mv	Move or rename a file	rename
passwd	Change user's password	Change Password
ps	List running processes	Task Manager
rm	Remove a file	delete
rmdir	Remove a (empty) directory	rmdir
sed	Stream editor	N/A
vi	Edit a file	edit or notepad
wc	Count words, lines and characters in a file	N/A

Return to top of page

Comparison to Windows

The combination of the Linux kernel, GNU (and other) tools, and a modern X-Window server with GNOME or KDE provides an experience similar to today's Windows systems. Many Windows-like capabilities have been replicated in the modern GNU/Linux/X-Window environment like desktop icons, file browsing, drag-and-drop, GUI configuration tools, etc.

KDE can argueably be considered the closest thing to the Microsoft Windows interface and is indeed used by the major Windows "clones," namely Lycoris, Lindows, and Xandros. However, Red Hat, in their v8.0 release, has taken a giant step forward, according to some people. They have developed a common, consistant, interface called Blue Curve. Regardless of whether the user picks GNOME or KDE, the GUI looks 95% identical.

Filesystem Comparison

UNIX filesystems use a true hierarchical filesystem that starts at a single point: / (pronounced "root" [not to be confused with the root user or /root, the root user's home directory]). Even if several hard disks are in a system, all access to the disks will be through /. This is unlike the Windows world where seperate disks/partitions are accessed via different drive letters (C:, D:, etc.).

The next most difficult thing to grasp about the UNIX filesystem is that everything in UNIX is treated as a file. Several of the "default" directories in GNU/Linux equate to locations in Windows. EVERYTHING! This includes directories, partitions, disk drives, mice, serial ports, printers, displays, network interfaces, etc. Everything.

As mentioned above, everything starts at the "root" (/). This means that all of the devices in a system have a unique path in a UNIX system (i.e. /dev/rmt0 would be a tape drive connected to the system).

Here is a brief table comparing UNIX filesystem locations with their closest Windows equivalents:

Path	Windows Equivalent	Description
/	C:	The start of the filesystem (or main drive in Windows)
/home	My Documents or Profiles or D:	User's private files
/usr or /usr/local	Program Files	Installed software
/dev	Windows or Windows\System	Device drivers
/etc	The Registry or .ini files	Application and operating system configuration information
/tmp	Windows\Temp	Temporary system files
/bin	Windows	System executable files

Finally, like Windows, GNU/Linux can access remote filesystems across the network. Windows calls this "Sharing". UNIX calls it NFS (Network File System). Like Windows, which can both share and access Shares, GNU/Linux using NFS can export and mount filesystems. Also, a GNU/Linux system can use Samba to allow Windows machines the ablility to mount part of its filesystem as a Share.

New Software Installation / Maintenance

Modern Windows systems usually install software to a common place: "Program Files". GNU/Linux systems put most software under /usr, either in /usr/bin or /usr/local/bin. Windows installers commonly use "Wise" (or something similar) so that most software installations look and feel the same. Red Hat GNU/Linux uses RPM, the Red Hat Package Manager. Software on Red Hat systems is bundled in a "package." A package includes all of the binary data for the software, rules detailing prerequisite software, and possibly scripts to be executed before, during, and after installation.

Packages come in either source or binary form. Binary packages are architecture-specific (i.e. Intel uses i386, i486, i586, and i686; PowerPC uses ppc, SPARC uses sparc, etc.) and can only be installed on the appropriate hardware. The package manger command is rpm, and it sports a wide array of features. Here is a table of commonly used rpm commands and what they do:

Command	Description
rpm -qa	List all installed packages
rpm -qi package	Show information about an installed package
rpm -qil package	Show information about an installed package including all files in the package
rpm -qip package	Show information about an uninstalled package
rpm -qilp package	Show information about an uninstalled package including all files in the package
rpm -qf file	Determine which installed package a file belongs to
rpm -Uvh package	Install or upgrade a package
rpm -Fvh package	Update an installed package (freshen)
rpm -e package	Uninstall a package
rpm --verify package	Verify the integrity of an installed package
rpm --help	Get help on rpm (there are many more options available)

After a Windows installation, the first thing you need to do is update the system. Similarly, after a GNU/Linux OS installation you need to apply critical updates. Windows provides a website http://windowsupdate.com/ to obtain updated software. Red Hat provides a website https://www.redhat.com/apps/support/errata/ to do the same. LSU mirrors updates for specific versions of Red Hat at http://redhat.lsu.edu/. Our automated service will also e-mail a user when new updates appear on the mirror. The updates are available over the web at http://redhat.lsu.edu/8.0/updates/ or via NFS at redhat.lsu.edu:/redhat/8.0/updates.

We have already created a document describing the procedure used to update software on a GNU/Linux machine (http://status.lsu.edu/security/linuxmanagement.html#updates) and we will use this document to update our newly installed machine.

Registry

While Windows maintains a binary "Registry" to hold system and installed software settings, GNU/Linux puts everything in files, most of which are text. As shown in our table above, the /etc directory tree in GNU/Linux contains most of the files to configure your system and installed software.

As an example, to change the DNS servers on a Windows machine you have to get to the Network Control Panel applet and navigate through several panels, make the change, and (depending on your Windows version) reboot the machine. In Red Hat, all you have to do is edit the /etc/resolv.conf file. You can optionally use the text based tool netconfig or a GUI tool.

Services

Older Windows v9x use the System Tray to emulate "services" running on the system. Windows NT and above actually implement true services which can be controlled using Server Manager. Red Hat controls services via scripts found in /etc/rc.d/init.d/ and automatically starts or stops these services based on entries in the /etc/rc.d/rcx.d/ directories.

For instance, to stop the web server, you simply type:

/etc/rc.d/init.d/httpd stop

To start the web server again, type:

/etc/rc.d/init.d/httpd start

The command ntsysv provides a text menu method of controlling which services start automatically when the machine is rebooted. There is also a nice GUI utility to do the same thing.

Return to top of page

The GNU/Linux System

The Kernel

Though he worked hard initially to get the GNU tools working with his kernel, the only code that Linus writes (and controls) today is the kernel. The kernel is at the heart of the operating system. It controls all of the hardware in the machine and provides coordinated access to that hardware. It starts and stops processes (programs), allocates memory to programs, manages virtual memory (swap), associates drivers with hardware, controls interrupts (hardware and software), provides TCP/IP network capabilities, and provides a multi-tasking environment by cycling through all running applications.

Whereas Tanenbaum's MINIX was based on a microkernel architecture that does only a very few things, Linus' kernel is based on a modular, macrokernel architecture where a lot of functionality is built into the kernel itself. Because the running kernel always has priority over user applications, a macrokernel can improve the speed and efficiency of critical operating system functions.

Because of its modularity and open source nature, anybody can add functionality to the kernel. However, Linus has final authority over what is officially added to a kernel release. The "official" kernel can be found at http://www.kernel.org/. Kernels are released in "stable" and "development" versions. Stable versions are always even numbered: 2.0.7-3, 2.2.12, and 2.4.9-13 are all stable kernels. Development versions are always odd numbered: 2.1.4, 2.3.5-2, and 2.5.1 are all development kernels. After freezing enhancements and bug fixes to a stable kernel, a new development kernel tree starts. When a development tree becomes stable enough, it gets renumbered as a new stable release.

A final benefit of Linus' open source, modular, macrokernel is the user's ability to remove or include only the parts of the kernel they want or need. This has resulted in full blown router engines, based on GNU/Linux, that fit on a floppy disk. Also, as a system administrator for a server, you can fully optimize the kernel code for what your server does.

The Other Stuff

The only part of GNU/Linux that belongs to Linus is the kernel. Everything else comes from other places. Initially, the majority of the code came from Stallman's GNU project (shells, compilers, tools, etc.) Today, however, there is a large repository of code that, while still open source, isn't licensed under the GPL. Other software is provided under LGPL, BSD, Artistic, Mozilla Public, Netscape Public, etc. licenses.

GNU/Linux Distributions

In keeping with the idea of Stallman's free software, Linus gave his kernel away for free. Various people and organizations took his kernel, modified it to their needs, selected other open source tools (from the GPL, BSD, etc.), got them working and packaged them all together to release a distribution. Early distributions included (but weren't limited to) Slackware, Yggdrasil, and Debian. The primary distribution in the U.S. today is Red Hat. The primary distribution in Europe today is SuSE. Today's other major distributions include (but aren't limited to) Mandrake (based on Red Hat), YellowDog (for PPCs), Slackware, Debian and Gentoo. Visit http://www.distrowatch.com/top.php for a nearly complete list of GNU/Linux distributions.

It is important to note that the kernel is completely seperate from any distribution. Kernel development and releases continue on their own schedule. When a new kernel is released, distributions take time to get their configuration and tools working with the new kernel (by adding and removing code to and from the kernel).

Even though most (usually all) of the software in a distribution of software is free (money-wise), distributors still sell GNU/Linux. Purchasing GNU/Linux usually provides you with printed manuals (books), free installtion support, and sometimes commercial software. However, almost every distribution allows you to download a CD ISO image.

Return to top of page

Resources

Many resources exist at LSU and across the Internet to make using GNU/Linux easier. Here are just a few.

LSU's redhat.lsu.edu

OCS's High Performance Computing group maintains the system redhat.lsu.edu to support on-campus users. This system sports a number of features:

• ISO images so that you can make your own CDs
• Supports on-campus NFS installs
• Supports HTTP installs
• Supports on-campus NFS updates
• Automatic e-mail notification of updates
• Provides DOC CDs
• Everything is web browsable
• Provides installation and updating instructions
• Includes Redhat 5.2, 6.1, 6.2, 7.0, 7.1, 7.2 and 7.3.

Linux Documentation

The Linux Documentation Project has been around a long time and is one of the most valuable resources around. This project includes many different documents that will ease the use of GNU/Linux. Here are a few examples:

• The HOWTOs - These are wonderful documents that explain how to do just about everything you could want.
• The Mini HOWTOs - These are smaller documents that often cover new topics or very simple concepts.
• The Unmaintained HOWTOs - These are older HowTos that no one is keeping current but they often have useful information.
• Redhat - Along with selling the dominant U. S. GNU/Linux distribution, they provide numerous guides, patches, and forums.

Return to top of page

Security

"Security" is not a single act, but rather a process and a method of thinking. There needs to be a continual cycle of analysis, implementation, testing, and re-evaluation for security to function properly within an organization.

Possibly the most important aspect of security is education. It's essential that Managers, Directors and other Executives in the organization understand the security process and know its implications so they can justify the time spent on security measures, and so that a security policy can be developed for your organization. A well written and thought out security policy, written by Managers and Information Technology workers alike, and with authority and cooperation behind it, provides a vehicle for all other security functions within the organization.

Information Technology workers, like Systems Administrators, need education to make them aware of security threats as well as to provide them the knowledge to protect their systems. The security policy helps to define expectations of these workers as well as justifies time spent on security measures. To aid in this education, the Security Focus site has an excellent Security Basics section for the beginner who is earnestly interested in learning about the field.

Locking Down

Perhaps the best starting point in securing systems, after a policy statement has been created, is to prevent intruders from being able to get into your systems. Below are a few topics to consider when "locking the doors" to your UNIX machines. This list is not comprehensive, but should serve as a good beginning.

• Provide a pre-connection banner. A banner, stating that use of the machine implies no privacy, will help you during the discovery / recovery phase in getting help from law enforcement agencies. The tcpwrappers program is a useful way to get banners sent to a client before the server attempts authentication. Here is the currently approved LSU banner:

  NOTICE: This is the Louisiana State University computer system, which may be accessed and used only by authorized persons. LSU reserves the right to review and/or monitor system transactions for compliance with its policies and/or applicable law. Upon reasonable cause, LSU may disclose such transactions to authorized persons for official purposes, including criminal and other investigations, and permit the monitoring of system transactions by law enforcement agencies. Access or use of this computer system by any person, whether authorized or unauthorized, constitutes consent to these terms.

• Secure the "real" network
  • Work with your Network Administrators to understand the network topology and hardware your systems are connected to. Have them turn off all non-essential protocols between the public network and your systems (ICMP replies). Have a point of contact you can call if you need them to filter IP addresses during an attack or to have them enable a sniffer to capture an intruders packets.
  • Place systems on a private subnet if they don't need to be exposed to the public network. If a web server needs to talk to a database server, connect the two systems with a private network so the database server is hidden from public view.
• Turn off services you don't need:
  • inittab

    Disable starting any services you don't need (i.e. a print server).

  • inetd

    Comment out all un-needed services (i.e. chargen, telnet, ftp)

  • rc.* (or equivalent)

    Whether your system uses rc.* or an /etc/rc directory structure, you should disable the starting of any services that aren't needed by the running system (i.e. httpd, apmd)

• Secure running services:
  • Change any default passwords used to manage needed services (i.e databases, network monitors), or create a new administrative user ID and disable the default ID.
  • Make sure services are running with the least authority (i.e a non-root user).
  • Add cryptographic capabilities to needed services (i.e. SSL to web servers, encryption to databases).
  • For larger services like sendmail, bind, or apache make sure you are at the latest version of code.
• Secure access:
  • OpenSSH provides a free SSH v1 and SSH v2 compatible encrypted remote command, interactive login, and file copy mechanism for use on your systems. root passwords are protected from sniffing and any potentially sensitive data is encrypted while in transit.
  • OpenSSL provides a free SSL / TSL implementation to be used with the OpenSSH package or other services.
  • Take advantage of /etc/hosts.allow and /etc/hosts.deny provided by tcpwrappers (see below) to limit access to services.
  • Use shadow passwords.
  • Use password management features to include "good" passwords.
  • Delete unused / old accounts.
  • Limit who has root access and change the password frequently.
  • Limit physical access to the machine.
• Secure the "UNIX" network:
  • Verify that NFS exports are not world exported.
  • Verify that NIS maps are only root writable.
  • Use an access controlled portmap for NIS systems.
  • Periodically check for promiscuous mode NICs.
  • Restrict "r" commands (rsh, rexec, etc.) by creating empty, root owned .rhosts and .netrc files.
  • Verify that /etc/hosts.equiv is empty and only root writable.
  • Attempt to lock down X-Window by restricting xhost + sessions.
• Secure the UNIX Filesystem:
  • Verify the absence of SUID and SGID bits on all shell scripts.
  • Verify all programs with SUID and SGID bits set.
  • Verify appropriate filesystem permissions.
  • Verify adequate system backup and restore procedures are in place and working.
• APPLY ALL OF THE LATEST OS PATCHES!!!

Logging

Logging provides invaluable clues as to what's going on in your system as well as to what others are attempting to do with your system - so make sure you make the most of it. Take the time to understand each service on your machines and its logging capabilities. Know where your logs are and learn how to analyze them.

Here are several logging issues to consider:

• syslogd
  • Disable the ability for another machine to log to your syslogd unless you absolutely need this feature (though there is a practical use of this feature...)
  • Set the logging level as verbose as disk space will allow (recommended level of 9).
  • Log to a seperate filesystem.
  • Enable logging of as many system services as possible.
  • Verify that the overall level is set to info.
• tcpwrappers

  This tool, written by Wietse Venema, allows any inetd registered service to allow or deny, as well as log, each connection attempt. Other services, like SSH, are also tcpwrappers aware. This is the "de facto" standard and is the first line of defense.

• SMTP / HTTP / FTP logs

  These services are historically known to be the source of many system intrusions. Monitor these logs for suspicious connections or activity.

• Automated compression and rotation

  A tool like logrotate provides a mechanism to automatically compress, archive and delete logs based on age, allowing you to maximize logging while minimizing disk consumption. Remember, logs are your only record of past behavior. Older logs should be dumped to tape or transferred to another system for archival.

• Automated analysis of logs

  No one should have enough time to read all the logs you capture. A tool like xxx helps by summarizing activity and establishing a base-line of normal activity to help detect abberant behavior.

• .sh_history (or equivalent)

  Verify that each user has one and monitor it periodically for "suspicious" activity.

• Process Accounting

  Process accounting should be enabled and the logs analyzed nightly. You need a base-line of "normal" behavior to detect suspicious behavior. These logs should also be rotated and archived.

• Software tools to generate special logs:
  • Perro - a set of three daemons that logs incoming IP/TCP, IP/UDP and IP/ICMP packets
  • PortSentry - a program designed to detect and respond to port scans against a target host in real-time by automatically updating /etc/hosts.deny

Detecting

Hopefully monitoring your logs will tip you off to suspicious activity. But how do you go from suspicion to confirmation? There are several tools available that can "automagically" alert you to changes in the system, like TripWire. These, used along with some other by-hand techniques, will more often than not tell you if a system has been compromised.

The most recent types of compromises involve root-kits. root-kits are a package that provides a set of replacement programs for all of the standard utilities, like ps, ls, find, etc. The root-kit tools are designed to hide all traces of the intruder being in your system (see rootshell for more info on root-kits).

root-kits exist primarily for GNU/Linux and Sun environments, but almost any system can have their standard utilities replaced. Most intruders place the root-kit configuration files in the /dev structure, but due to replacement of ls and find, it can be very hard to detect the new entries.

• Command tools:
  • ifstatus - checks NICs for promiscuous mode
  • lsof - lists open files for running processes
  • tcpdump - network packet analysis
• Larger change detection packages:
  • Tripwire - a tool that can detect file replacement on your system (i.e. an intruder has replaced your ps)
  • rpm -Va will indicate whether files have been modified since installation on GNU/Linux systems supporting RPM.
  • lppchk is similar to the rpm command, but for AIX systems.

Testing

If you don't check the security of your systems, intruders will be glad to do it for you. It's imperative for a Systems Administrator to routinely check the external security of their machines. Several tools exist to check / probe your machines for openings.

It's also very important to update your testing software or add the latest modules to the testing suite.

If you are responsible for an entire network (subnet) worth of machines, you should announce that you are going to scan / test the entire network before you actually do it -- you might be surprised how many other people are watching and will detect your scans!

• secure-sun-check - checks for common SunOS security configuration problems
• Nessus - suite of vulnerability and misconfiguration detectors
• SecureScan - checks for IRIX security problems
• pmap_tools - toolsuite to check for portmap, rpc, rpcbind vulnerabilities
• nmap - multi-level security scanner
• ISS - multi-level security scanner
• Fremont - a network discovery tool

LSU Specific

• security@lsu.edu

  The security@lsu.edu e-mail address has been established to receive security breach and security information on campus. Please feel free to e-mail any intrusion information you might have, questions, etc. to that address. Dr. Icaza is maintaining a database of UNIX security related events and we periodically send updates to the Computer Crimes squad of the FBI down in New Orleans. You are also encouraged to give the e-mail address to people outside of LSU who suspect an LSU machine is intruding them.

  Any information we receive and feel should be made public knowledge will be filtered to protect the original sender and disseminated through the NETCON@listserv.lsu.edu and TECHALRT@listserv.lsu.edu e-mailing lists. These addresses can also be used as a forum to discuss security related issues.

• abuse@lsu.edu

  The abuse@lsu.edu e-mail address has been established to receive e-mail abuse information. If your systems are allowing e-mail relay, we've probably received an e-mail complaining about spam passing through it. This address is not to be used to report security incidents.

• InfraGard

  LSU has membership in InfraGard with Dr. Emilio Icaza, Isaac Traxler, Brian Ropers-Huilman and Hortensia Valdez active members of InfraGard. InfraGard is a joint multi-governmental agency / civilian organization whose mission is to share information about security issues and educate organizations about security risks. As part of our membership, we receive periodic e-mails from NIPC concerning known or potential security threats, both cyber and physical. If any information in these bulletins is relavent, it is forwarded to the NETCON and TECHALRT e-mailing lists.

Return to top of page

Installation

For most distributions, there are several ways to install:
• Boot from floppy and install from CD
• Boot from floppy and install from hard drive (HD)
• Boot from CD and install from CD
• Boot from CD and install from hard drive (HD)
• Boot from floppy and install from the network:
  • NFS
  • HTTP
  • FTP

Sample Dedicated Installation of Red Hat v7.2

The first step is determining which method you will use. For this demonstration, we'll use "boot from floppy and install from CD." We remind you that we maintain a Red Hat network installation server on LSU's network. Here are the installation steps:
1. Insert the boot floppy and the first CD and boot the system
2. At the boot: prompt, type expert (this gives you more control over the install)
3. After the initial RAM disk image (initrd.img) and kernel (vmlinuz) load off of the floppy you'll get the "Welcome to Red Hat GNU/Linux" screen asking for a driver disk. Unless you have exotic hardware (either requiring or shipped with a driver disk), select "No"
4. For the Installation Process Language, select "English"
5. For the Keyboard Type, select "us"
6. For the Instalation Method, select "Local CDROM"
   Anaconda, Red Hat's install program, will then start and a graphical Red Hat Logo screen will appear
7. For the Mouse Configuration, select your proper mouse type, then check "Emulate 3 Buttons" (Macs use one, Windows uses two, UNIX uses three), then click "Next"
8. Click "Next" to get past the welcome screen
9. Check "Custom" (this gives you more control over the install) then click "Next"
10. Check "Manually partition with Disk Druid" (this gives you more control over the disk) then click "Next"
11. Delete any existing partitions
12. Create partitions by clicking "New" and enter the following information in order:

    Mount Point	Filesystem Type	Size	Primary Partition
    /boot	ext3	128	Yes
    N/A	swap	256	No
    /	ext3	3072	Yes
    /home	ext3	Fill to maximum allowable size	Yes

    
    When you're done creating partitions, click "Next"
13. For the Boot Loader Configuration, leave "GRUB" selected, leave "Master Boot Record (MBR)" selected then click "Next"
14. For the Boot Loader Password Configuration, leave "Use a GRUB Password" unselected then click "Next"
15. For the Network Configuration, deselect "Configure using DHCP" then enter IP information:

    Label	Value
    IP Address	130.39.199.80
    Netmask	255.255.252.0
    Network	130.39.196.0
    Broadcast	130.39.199.255
    Hostname	emacc.ocs.lsu.edu
    Gateway	130.39.196.1
    Primary DNS	130.39.254.5
    Secondary DNS	130.39.244.30
    Tertiary DNS	130.39.3.5

    
    When you're done entring IP information, click "Next"
16. For the Firewall Configuration, leave "Medium", then check the services you need: SSH, WWW, then for "Other ports" type dns nfs ntp ssl, then click "Next"
17. For the Language Support Selection, leave "English (USA)" selected then click "Next"
18. For the Time Zone Selection, in the "Location" tab, scroll to and select "America/Chicago"
19. For the Time Zone Selection, in the "UTC Offset" tab, scroll to and select "UTC-06 US Central" and check "Use Daylight Saving Time (US only)" then click "Next"
20. For the Account Configuration, you must provide a good, matching password for root (the local administrator of the machine), the click "Add" then enter New User information:

    Label	Value
    User Name	Ron
    Full Name	Ron D. Hay
    Password	work2hard
    Confirm	work2hard

    Then click "OK"

    
    When you're done entring New User information, click "Next"
21. For the Authentication Configuration, leave "Enable MD5 passwords" and "Enable shadow passwords" checked then click "Next"
22. For the Package Group Selection, starting with the defaults make the following changes:
    • disable "Dialup Support" (we have no modem)
    • enable "Graphics and Image Manipulation"
    • enable "NFS File Server"
    • enable "Windows File Server"
    • enable "Web Server"
    • enable "Utilities"
    • enable "Software Development"
    • enable "Games and Entertainment"
    
    If you want to, you can check "Select individual packages"
    For Individual Package Selection:
    • open the "Applications" folder, then the "Databases" folder
      • select "mysql"
      • select "mysql-server"
      • select "mysql-client9"
    • open the "Development" folder, then the "Languages" folder
      • select "php-mysql"
      • select "gcc3-c++"
    • open the "System Environment" folder, then the "Shells" folder
      • select "pdksh"
    
    When you're done selecting Individual Packages, click "Next"
23. If the packages you have selected require the installation of dependent packages, you will go to Unresolved Dependencies
    Leave "Install packages to satisfy dependencies" selected, then click "Next"
24. For the Graphical Interface (X) Configuration (because we let X-Window be installed), leave the default (discovered) selections, then click "Next"
25. For the About to Install, click "Next"
    Sit back, relax, and watch the show! (an install on a PII 400MHz takes about 20 minutes)
    When the Please insert disc 2 to continue window pops up, switch the CD and click "OK"
26. For the Boot Disk Creation, make sure "Skip boot disk creation" is not checked, insert a blank floppy, then click "Next"
27. For the Monitor Configuration (because we let X-Window be installed), make sure your proper monitor is selected, then click "Next"
28. For the Customize Graphics Configuration (because we let X-Window be installed), leave "Color Depth" High Color (16 Bit), leave "Screen Resolution" at 1024x768, change "login type" to Text, then click "Test Setting" to make sure everything works
    After the X-Window system starts and the Can you see this dialog appears, click "Yes"
    When the Customize Graphics Configuration returns, click "Next"
29. For the Restart System, click "Next"

You're done! Congratulations!

Return to top of page

---

The statements and opinions included in these pages are those of Isaac W. Traxler, Allen B. Gordon and Brian D. Ropers-Huilman only. Any statements and opinions included in these pages are not those of Louisiana State University or the LSU Board of Supervisors.
© 1998-2002 Brian D. Ropers-Huilman, Allen B. Gordon, Isaac W. Traxler

---