Loading...

Services within Linux

Course video 0 of 17

This module covers Linux security. What does a system administrator need to know in order to adequately protect their systems.

Linux Server Management and Security

Sistema Universitario de Colorado

Curso 3 de 4 en Computer Security and Systems Management Programa Especializado

Whether you are accessing a bank website, Netflix or your home router, chances are that your computer is interacting with a Linux system. The world runs on Linux. In this course, we will dive into how Linux works from an enterprise perspective. In week 1 we will look at what Linux is used for in the enterprise. By the end of week 1, you will be able to differentiate between different versions of Linux and understand how they are used in an enterprise environment. In week 2, we will explore how Linux systems are configured. By the end of week 2, you will be able to demonstrate different Linux commands and how they are used. You will also be able to interact with a Linux system. In week 3, we will explore Linux authentication mechanisms and how to add users and user controls to a Linux system. By the end of week 3, you should be able to demonstrate how to appropriately add users to a Linux machine and secure them. In week 4, we will explore how to harden a Linux system. By the end of week 4, you should be able to classify different technologies to secure Linux and differentiate access control methods for Linux applications.

Impartido por:

Greg Williams
Lecturer

Transcripción

In this lesson, I will discuss Linux and its services.

In this lesson, I will discuss Linux services.

Linux services are usually started up

on startup to run some kind of process on the system.

Software or services that are not used should be able

to decrease the attack surface of the system.

As with any operating system installation,

the system is already installed with general packages that may or may not be used.

One example of this is Bluetooth.

Do you necessarily need Bluetooth on a server?

I've never seen Bluetooth used on a server,

so that is definitely one that we can disable.

Let's look at Linux services.

And this is my CentOS system.

This is gonna be different from

Ubuntu and different from some of the other versions, however,

mainstream, in enterprises, we tend to use CentOS as I mentioned in previous lessons.

In order to see what services we have in startup,

we're gonna type in chkconfig.

We have netconsole, network, and splunk.

These are different runlevels here.

So we have runlevels zero through six.

And you'll notice that zero and one are off,

and then we have turned on for just the network portion,

runlevels two through five.

Now, I added splunk just to show

you what it would look like if that service were running on the server,

but I've since turned it off now.

If I had turned that back on,

which I can do real quick,

and then I'll type in chkconfig splunk on.

OK, and let's look at that first command again – I just type in "chkconfig".

And notice` that my runlevels again,

now they're turned on from two to five.

And let's turn that off again,

so chkconfig splunk off.

And I can do this with other services as well.

However, not many services come with chkconfig turned on.

In order to see what else is running in the system,

by the system account,

we're gonna type in systemctl.

Systemctl gives us what services are currently loaded and running in the kernel,

so things like kernel processes.

Here's one for printing down below.

CUPS is a standard printing service that we may want to disable.

Let's look at other things.

So Bluetooth, for example,

we don't need Bluetooth.

These are all... quite a few of these are

services that need to be disabled to make sure

that we decrease the attack surface of a system.

So in order to do that,

we're gonna disable a couple services here.

Notice that there's 152 processes running.

So I'm gonna type in systemctl and type in status.

Let's look at Bluetooth.

So here's our Bluetooth,

looks like it's active.

And if we type in systemctl status and then the service,

we can get a lot more information about what's running in the kernel.

So let's turn this off – systemctl bluetooth.

Oops. Let's type in

systemctl disable bluetooth.

Now let's look to see if it's running.

We're gonna type in status again.

It's disabled but it's still running,

so we would have to kill that process.

So what I did there is I typed in pkill bluetooth,

which means process kill,

and then the process name which is bluetooth.

And now notice that it's inactive.

So, it's dead.

So I've just turned off Bluetooth,

which is probably a good thing for my attack surface.

OK, let's briefly look at a couple more here.

And we'll type in "systemctl" again.

As we go through here,

it looks like our splunk services failed,

which is fine because I turned that off.

But we can see what's active and what's running, what's inactive.

Now on some servers, especially this server,

the server's running a GUI so I can show you what

the command line looks like and some of the other processes very easily.

Typically, on an enterprise server,

you're not gonna have a GUI.

Again, it's just another way to increase the attack surface,

and it also increases the amount of memory.

We need to disable that.

The GUI is, in Linux, is called X server.

So, we may want to remove the X Window System from our server.

So we would type in yum groupremove and then,

in quotes, X Window System.

That'll just disable that.

There are things that we should disable are things that we're not gonna

use, things like IPv6.

If you don't use IPv6,

you should definitely turn that off.

The reason why is it's,

again, another attack surface.

It's a big attack surface if you're not using it.

One of the other functions that we're gonna look at,

one of the other commands is finding permissions that may be turned on.

Some processes need to run with elevated privileges.

So think about how you change your passwords,

so passwd for example.

I'm root here but technically that's a root-only process.

So in order for a normal user to access or

run passwd or some of the other functions which we'll see here in a second,

we need to turn on what we call sticky bits,

and that allows the process to run as the system account or root.

So what I'm gonna do is I'm gonna look for

those processes that have sticky bits turned on for

both the process running as a root or the group root.

So in order to do that,

I'm gonna type in "find" and where to find it.

And let's look at the permissions,

so that, and then put a forward slash, parenthesis,

then the permission -perm

-4000 -o -perm -2000,

and then we'll print that out.

And as you notice,

all these commands that have our sticky bits turned on.

So su or password,

group password, sudo, these are processes that you run all the time.

And the reason why we have the sticky bit turned on is so that we

can run them as root, as a normal user.

So you should consider disabling some of those.

So in order to change or remove the sticky bits,

we're gonna type in chmod -s and then the filename.

So if we wanted to disable locate,

for example, which we're not gonna do but let's say that we wanted to do that,

we're just gonna type in chmod -s and

then usr, sbin, and locate.

There are some other processes that you may want to consider disabling as well

and have been known to be not harmful to disable to the system.

Now, I'll post those as part of your reading for this week.

In conclusion, services are a big part of any operating system.

However, they increase the attack surface,

so consider disabling those services that don't need to be running,

such as Bluetooth or your GUI,

for example, if this is a server.

Acerca de Coursera

Cursos, programas especializados y títulos en línea impartidos por los principales instructores de las mejores universidades e instituciones educativas del mundo.

Join a community of 40 million learners from around the world

Earn a skill-based course certificate to apply your knowledge

Gain confidence in your skills and further your career

Coursera brinda acceso universal a la mejor educación del mundo, al asociarse con las mejores universidades y organizaciones, para ofrecer cursos en línea.

© 2019 Coursera Inc. Todos los derechos reservados.

Descargar en la App Store

Consíguelo en Google Play