1. Introduction to Linux system is a true sense of the free operating system, initially by LinusTorvalds for personal hobby, in his spare time to write one operating system, and later on to the Internet and evolved the Linux today.
Today's Linux, attracts millions of programmers, they are in different countries and regions to jointly develop and perfect this free operating system. Linux inherits the characteristics of a UNIX system, its development embodies the world countless developers of painstaking efforts, embodying a world of information to build, share, and the spirit of the times. 2. basic concept 1, users and user groups have very strong Linux user management mechanism, it is through the users and user groups that the two concepts. Users are users who can log on to the system account. Linux is a multi-user operating system, which allows multiple users to log on to the system, Linux to each system account a user ID, to distinguish between different users. While Linux also through user groups to the same set of permissions assigned to users, each group has a group ID, to distinguish between different groups. 2. file and directory permissions for files and directories property determines the file and directory access permissions, that is, who can access or execute the file. Use the command will display the files types ls-l and file permissions, etc. Such as file type, file owner (u) permissions file group ownership (g) permissions to other users (o) permissions-rwxrwxrwx1rootroot437428Sep1521: 21vi (Figure 1) (figure a) triples that file permissions, the first triples is a user owns the file (u), the second triples is owned file group (g), third triples is another user (o). Linux is in this way to license the file permission management, system under each file's permissions to each user on each file's permissions. Throughout the system has a user is not subject to this restriction, that is, the root user, the system root user, it can change a file's permissions. Normal users can also use chmod to change his own file and directory permissions. In addition to the above three kinds of permissions rwx there are two special permissions: s and t. S-bit appears in the Group triples or owner triples third position, x-bit, which indicates that this file is an executable file, and execute the file, the file ID of the owner may file a group ID, not used to run the command ID of the user to run. Executable scripts are reset s bit, there is a potential danger, especially the file owner or group owners is the root of the file. T this symbol in the other user triples in third position, often if a directory with other users on the specified triples and writable permissions, any user regardless of the ownership and permissions can delete any files in that directory, use this setting to prevent users instead of having to delete or modify files in a directory. Third, the system certification Linux system now uses a new authentication method that can be inserted authentication module (PAM: PluggableAuthenticationModules). PAM is raised by the Sun, a certification mechanism. It provides a dynamic link library and a unified set of API, the services provided by the system and the services of the authentication method, allows the system administrator the flexibility needed to different services to configure different authentication method without having to change the service program, but also easy to add new system certification means. System administrator through the PAM configuration file to set certificate policy, which specifies what services the what authentication method; application developer by using the services program and achieve certification PAMAPI method calls; and PAM service module (servicemodule) developers then use PAMSPI (ServiceModuleAPI) to write the certification modules (mainly leads to some function pam_sm_xxxx () for libpam calls), will be a different authentication mechanism (such as traditional Unix Kerberos authentication methods, etc.) into the system; PAM core library (libpam) then reads the configuration files, on this basis will service program and the appropriate authentication method. By using the PAM authentication methods, which can make the whole system of certification with more flexibility, system administrators can adjust according to need authentication module, depending on the security level to configure the system environment. IV. Security sell in a normal system administration, system administrators often through Telnet to the system, system configuration management. But this way, the system user name and password across the network of the transmission is clear, easily stolen, SSH (secureshell) is a client-server application that uses encryption, RSA-based host authentication mechanism, as well as user authentication in a variety of options to provide secure communications. It provides rlogin, rsh and rcp replacement program. It also provides encryption of x window system connection and encrypted TCP sessions. The following figure illustrates the entire SSH authentication connected in the course of the process: through the use of ssh effectively guarantee the user data in the entire communication process safety to ensure that the content of privacy. 5. packet filtering with ipchains in general system setup, the system open to all service port, we use ipchains can put the system configured as a host-based firewall, through appropriate configuration can be valid limits, protection systems and control of access within the LAN.A firewall is to prevent unauthorized user access, leave, through the network system. Linux ipchains command can establish rules, in order to enter, leave, through the system of data streams provide optional restrictions, providing safer firewall functionality. Linuxipchains implement packet filtering firewall feature, the network of each packet filtering based on rules. Using ipchains kernel analysis of each package, find the specified source and destination IP address and port, or specify the ICMP type and code. The entire ipchains packet filtering process follows: ipchains in each packet before the arrival, in accordance with rule checks each IP packet header, for effective filtering. At the same time it also on each of the packages from the native out checks to ensure that everyone go out and come in packages that meet the rule. In addition to ipchains is configured to host-based firewall, you can configure the ipchains into a network-based firewalls, to protect a network segment ipchains. 6. system log Linux use the logs to record user actions and system of some error message. Linux has two important log daemon: syslog and klogd. Syslog is run as a daemon at startup, he reads from the/etc/syslog.conf file with different options, depending on the application of relevant information to the appropriate log file. Klogd is a kernel logging program that records kernel any errors and exceptions. The following figure is a log information flow process.
No comments:
Post a Comment