Good day:

Harry Hacker here. As you may have noticed, this blog is all about securing Linux (Large tee hee hee from the audience and a few snickers). Any way the boss wants to know two security commands which can be used, and the definition of each. Well, I’m here to tell you, I’ve come up against two of the most irritating commands ever.

The first command, or step, is not allowing Linux to boot into the root directory. As default, Linux distributions do this. So as the administrator of the system, one should log in as the root user (sudo) and change the runlevel from its default value to 1 for a single user, or 2 for multi-users. Follow these instructions to accomplish this:

1. Boot your workstation, but during the initial splashscreen, press the key combination required to enter either the BIOS or EFT configuration settings (often F1 or F12, check your workstation documentation to verify). Note whether your workstation uses BIOS or EFT for booting.

2. Reboot your workstation, and then press Ctrl+Alt+F2 and log in as an ordinary user in the Linux console. One may also bring up a terminal in the computer search engine on the desktop. This is usually the top icon in the upper left hand corner. Find the terminal in the utility section of the application files.

3. Examine the boot messages on your workstation by typing:

4. dmesg and press Enter. Note what hardware devices have started at boot time for your system.

5. Determine which Linux initialization process your system uses. First, determine if the system is using upstart by typing:

6. /sbin/init --version and press Enter. For an upstart system you'll see a message about the version of upstart installed. For SysV and systemd systems you'll get an error message about an invalid option.

7. If the system isn't using the upstart initialization process, check for the systemd initialization process by typing:

1. systemctl and press Enter. If you get a listing of available options, the system is using systemd. If you get an error message, the system is using the SysV initialization process.

1. View the current system runlevel by typing:

2. runlevel and press Enter. Note the second number listed in the output. That’s the current runlevel of the system.

3. Change to single user mode (runlevel 1) by typing

4. telinit 1 and press Enter. Your system should restart at runlevel 1. If you intend to use the system for multiple users, type telinit 2. If you have any other sessions logged into the system, those sessions will be logged out.

5. Verify the new runlevel by typing:

6. runlevel and press Enter. The current runlevel (the second number) should now show as the choice you entered.

7. Reboot the system by typing:

8. reboot and press Enter.

Ref: Bresnahan, C., & Blum, R. (n.d.). CompTIA Linux powered by Linux Professional institute study guide: Exams LX0-103 and exam LX0-104.

Chapter 5

Never login as root user (su). You should use sudo to execute root level commands when required. sudo greatly enhances the security of the system without sharing root password with other users and admins. sudo provides simple auditing and tracking features too.

Changing the runlevel is necessary because if I want to snoop into Joey’s computer, and the runlevel is set to default: I can steal – I mean appropriate his secret information. An administrator can use scripts which are basically small programs that can be used to automate tedious tasks, and define specific permissions for users. A nasty hacker like myself has to have the secret password in order to access this area of the system, and that is why I say this command is irritating.

My next irritation, I mean command is disabling unwanted services. Some Linux distributions come with multiple server usages. This can be good if one doesn’t want to download software packages for the severs. However, as a hacker (snicker) I’m liking this feature because I may have the ability to find a service that is running in the background and get into the main system. This goes against my grain, but I am going to tell you how to avoid my smiley self from getting in.

Periodically running audit tools on your network will expose the unwanted systems and allow you to close the open ports thus stopping the network activity. Audit tools such as netstat, lsof, and remote scanners can search the network and reveal the programs which are running. Any program one doesn’t want to run can be removed or shut down through the local configuration files of the system.

Netstat is netstat (network statistics) is a command-line network utility tool that displays network connections for the Transmission Control Protocol (both incoming and outgoing), routing tables, and a number of network interface (network interface controller or software-defined network interface) and is run in the command line of the terminal. The syntax (the language used for input) can be configured as the administer desires.

An example is as follows:

Netstat [-a] [-e] [-n] [-o] [-p <Protocol>] [-r] [-s] [<Interval>]

This example shows all of the options as described in the chart below.

Ref: Netstat. (n.d.). Retrieved May 04, 2016, from https://technet.microsoft.com/en-us/library/ff961504.aspx

So as you can see, this utility is a real pain in my side. I could probably tell more about the other utilities, but I hear Anne coming down the hall, and I’ll get into trouble for being on her computer. I hope this information is helpful. If you need more detailed info, I have included references, and a website for more detailed research. Just type in Linux Security Commands and have fun. Later….

Resource for commands:

30 Useful Linux Commands for System Administrators. (n.d.). Retrieved May 04, 2016, from http://www.tecmint.com/useful-linux-commands-for-system-administrators/

SANS Institute Linux Security Checklist. (n.d.). Retrieved May 4, 2016, from www.sans.org/media/score/checklists/linuxchecklist.pdf

Prepared by: Lori Homsher Contributor: Tim Evans Author retains full rights