1. Authentication and access control
(1). Account and password protection
① Linux account and password protection
ⓐ Files that are associated with the account and password
- /etc/password : user basic information file(username, UID, GID, shell,
homedirectory)
- /etc/shadow : password encrypted file, password policy
- /etc/group : group basic information file
- /etc/default/useradd : file with basic information file when you create a user
account
- /etc/login.defs : configuration file for all linux system user limit
- /etc/skel : Location of the file that is created by default in the home directory
when you create a user account
- cat /etc/passwd
root : x : 0 : 0 : root : /root : /bin/bash
ⓑ cat /etc/shadow
root : $1$F8oEBqlg$in....... : 15551 : 0 : 99999 : 7 : : :
ⓒ User account management commands
- useradd <username>
- userdel <username>
- passwd <changed passwd>
- usermod <options> : -c, -d, -e, -f, -l, -p, -s, -L, -U
- useradd -D (how to check the basic content of the user account)
② Windows user and password protection
Start -> Programs -> Administrative Tools -> Computer Management
③ Windows user policy
Control Panel -> Administrative Tools -> Local Security Policy -> Account Policy
(2). File system protection
① Windows file system
ⓐ FAT(1976 MS Ltd 빌게이츠) -> FAT12(1980초 Flopydisk용) -> FAT16(1980말
Hard disk) -> VFAT(1995 FAT improve performance, long file name enable)
-> FAT32(1996 development by extending the VFAT, High-capacity hard disk(2g))
② Linux file system
ⓐ minix -> ext2(FSCK) -> ext3(journaling file sys)
③ Cloud file system
ⓐ Ceph
ⓑ GlusterFS
ⓒ Google file system(GFS)
ⓓ Hadoop distributed file system
ⓔ Lustre file system
ⓕ Panasas file system
ⓖ OASIS
(3). System file management
① Linux system file management
ⓐ The directory structure
http://oreilly.com/catalog/debian/chapter/book/appa_01.html
ⓑ Mount
ex) mount /dev/sda2 /usr, mount /dev/hda5 /home2
- vi /etc/fstab 부팅시에도 적용되게 하기위해 편집한다.
LABEL=/ / ext3 defaults 1 1
defaults(rw, suid, dev, exec, auto, nouser), noexec, nosuid
ⓒ Shell
- /etc/profile, .bashrc, .bash_profile, .bash_history
ⓓ quota
② File system check & Recovery
③ Permission
ⓐ d rwx r-x r-x root root /tool
④ umask 0022 : 666 - 022 = 644(file creation), 777 - 022 = 755(directory crea)
⑤ setuid, setgid, sticky bits
ⓐ setuid, setgid ( -rwsr-xr-x)
setuid /usr/bin/passwd
ⓑ sticky bit (drwxrwxrwt)
tmp
(4). System access control technology.
linux - iptables firewall
window - ipsec
① Linux iptables
iptables start
]$ service iptables start / stop / restart / status
iptables -L
iptables -A chain -j target
chain : INPUT, OUTPUT, FORWARD
creating a basic firewall policy
# iptables -P INPUT DROP
# iptables -P OUTPUT DROP
# iptables -P FORWARD DROP
Deny policy ( INPUT : DROP, OUTPUT : DROP, FORWARD : DROP)
DROP -> ACCEPT
Allow policy ( INPUT : ACCEPT, OUTPUT : ACCEPT, FORWARD : ACCEPT)
ACCEPT -> DROP
can keep after the restart
# /sbin/service iptables save
or
# vi /etc/sysconfig/iptables-config
IPTABLES_SAVE_ON_STOP="no"
and
IPTABLES_SAVE_ON_RESTART="no"
creating a common iptables rules
ex) # iptables -A INPUT -p tcp -m tcp --sport 80 -j ACCEPT
the main rule
-A, -D, -C, -I, -R, -L, -F, -Z, -N, -X, -P
iptables option
-p, -s, -d, -i, -j, -y, -f
② Windows ipsec
Control Panel> Administrative Tools> Local Security Policy> IP Security Policies
2. Security Management
(1). OS install
(2). System optimization
① Optimization of Linux system resources
CPU, memory, disk, network I/O
② Monitoring of Linux system resources
ⓐ Check the CPU problems : top, ps, uptime, vmstat, pstree
ⓑ Check the memory problems : free, vmstat
ⓒ Check the disk I/O problems : df, du, iostat
ⓓ Check the network problems : netstat, ping, traceroute, tcpdump
③ Optimization of Windows system resources
(3). Configuration and management of the system log
① Log of Linux system (/var/log)
messages, lastlog, wtmp, last, btmp utmp (/var/run/utmp), w, who, dmesg, secure
httpd access_log, error_log (/var/log/httpd/access_log, error_log), xferlog
댓글
댓글 쓰기