Linux Setup Notes by David K. Levine, Department of Economics, UCLA top | general | research | classes | links | David		"Need an elephant sandwich? Not a problem - just go out and shoot an elephant." Anonymous Unix Security Guru

Red Hat 7 Notes:

Procedure to set up on internet with some degree of safety:

• unplug ethernet cable
• install the os as a gnome or kde workstation
• configure the x-server to the correct resolution during setup
• make sure that nothing dangerous is running
  • get superuser status by using the su command
  • use ps -A to see what processes are running and their psid's
  • kill sendmail using kill psid
  • that should be the only dangerous program running
• make a copy of the ps executable and put it in a different directory and give it a different name
• create a subdirectory of home directory for downloads
• plug in the ethernet cable
  • to doublecheck that no dangerous programs are running to go to www.grc.com and use the port scanner
  • the only port that should be open is the IDENT port; this does not pose a security hazard
• download server software
  • xinetd
  • apache
  • openssh
  • mysql
  • php
  • tripwire
• download security patches for everything else
• unplug the ethernet cable
• install the servers
• uninstall
  • at 3
  • inews2 (trn too)
  • telnet (probably not installed)
• delete the /etc/hosts.equiv (probably does not exist)
• files which should be owned by root and with permissions set to 600
  • /etc/hosts.lpd (probably does not exist)
• suid audit using find / -type f -perm +6000 -ls; remove the suid bit with chmod u-s file_path
• run tripwire to create the initial "snapshot" of your system (basically signatures of all the files including the binaries) tripwire scripts and configuration advice
• plug in the ethernet cable
• stuff for later
  • assign /bin/false to all non-user accounts
  • set up httpd sensibly: disable symbolic links, server side includes, indices (directory listing)
  • restrict cron to administrative accounts

Reading List:

Bastille Linux walkthrough

Security Checklist

http://httpd.apache.org/docs/misc/security_tips.html

http://www.bastille-linux.org/jay/security-articles-jjb.html

http://www.ox.compsoc.org.uk/~steve/portfw-2.2.html

Commands

• ~ home directory
• <tab> file name completion
• & at the end of a command runs it in the background
• pwd show current directory
• mkdir
• cd
• ls list files -al detailed listing
• rm delete file
• cp copy file
• mv move file
• less filename display contents
• man command help with the command
• su become superuser
• ps -A show all processes running
• jobs list of job numbers rather than psids
• kill psid shut down the process
• kill psid -HUP signal process to restart
• kill -9 psid make it dead
• kill %job_number this works for suspended jobs; killing the psid does not
• fg/bg [%job_number] put in foreground or background
• pico filename edit
• grep -i string filenames case insensitive line listing
• chkconfig runlevel service listings
• alias newname='long command line'
• mount -t smbfs -o username=un,password=pa,workgroup=wg //ipaddress/share /directoryname
• note that a mount point must be an existing directory that is empty
• locate filename find it whereis appears to do the same
• ln filename linkname create a hard link -s if you want a symbolic link
• chmod chown chgrp change mode, owner, group
• du -ks directory_name total size of files in and below directory
• df free disk space
• fdisk -l partition information
• dig url get dns information about the url

Random Stuff

• the system logs are in /var/log and can be viewed as su using pico; the message log seems to be the most useful one
• gedit occasionally fails to save without any user notification
• in mozilla/netscape clicking on a hyperlink that is supposed to open in a new frame (target="_blank") causes it to load the page twice which can cause problems with scripts
• serial commands: setserial; stty; wvdialconf
• running serial commands against non-existent serial ports appears to be able to crash the system
• logging out under adverse circumstances appears to lead to a silly screen with some dots and an x for the mouse and no keyboard input allowed or way to escape...
• segmentation faults are bad; maybe even real bad
• you probably need to install the kernel source before compiling any kernel drivers
• there is no decent way to view files as superuser under gnome without actually logging into gnome as superuser in the first place; in particular, doing su, then launching gmc (gnome midnight commander) does not work
• booting up after failing to close down cleanly takes a really long time
• linuxconf is more likely to cause a system crash than to successfully reconfigure the system; it is useful for viewing system settings though