Chapter 10

Chapter 10 - Linux Networking and Security Chapter 10 File...

Info iconThis preview shows pages 1–11. Sign up to view the full content.

View Full Document Right Arrow Icon
Linux Networking and Security Chapter 10 File Security
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
File Security Correctly set up special Linux file permissions Monitor log files to check suspicious system activity Automate checks for file integrity and unauthorized modifications
Background image of page 2
Reviewing Linux File Permissions Unauthorized users may want to: view files to access or to see how security settings are configured delete data to make it unavailable, disrupt business plans, or corrupt system configurations modify existing files or create new files, either to corrupt data, to cover signs of their activity, or to alter security settings for their continued purposes The first line of defense is careful use of Linux file permissions
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Reviewing Linux File Permissions
Background image of page 4
Reviewing Linux File Permissions
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Reviewing Linux File Permissions For any file or directory, standard Linux file permissions are: read (represented by r) write (represented by w) execute (represented by x) Each can be assigned to: the owner of a file or directory (u, for user) to a group defined in /etc/group (g) to all other users who are logged in but who are not the owner or part of the named group (o)
Background image of page 6
Reviewing Linux File Permissions Several Linux distributions use a techniques called User Private Groups to enhance file-based security Because every file and directory are assigned both a user and a group, each with separate permissions, it is more secure to have a group with only a single member, then make that the default group for all files created by that user
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Reviewing Linux File Permissions Other group-related techniques to help manage file security When SGID is set on a directory, any file created within that directory is assigned the group of the directory, rather than the group of the user that creates the file Members of a group can be denied access, which implies that all authorized users have a certain level of access, but users of this particular group can not access the file or directory
Background image of page 8
Using the System Log for Security Checks System log files may reveal security problems These files record the activity of programs such as login, FTP, email servers and many others System log files are usually stored in /var/log/messages A number of utilities can help watch for log messages that indicate potential security violations
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Using the System Log for Security Checks Log files require regular attention because they can become very large The logrotate command helps automate the process of compressing and archiving log files so that the logs don’t
Background image of page 10
Image of page 11
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 30

Chapter 10 - Linux Networking and Security Chapter 10 File...

This preview shows document pages 1 - 11. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online