Unix Admin1

Unix: System Administration and Security - Amol Chiplunkar

Agenda • The role of a system administrator • System Administration Tasks • Summary

Role of a System Administrator •Understanding all aspects of the system, and the operating environment. •Provide an environment where users get what they want. •They get it in an easy and efficient manner

•Maintaining Authority •Providing consistent user experience •Tracking changes •Crisis management •Disaster management

System Administration Tasks • Administering user accounts and groups • Administering File Systems • Administering disk devices • Packaging • Securing systems • Other tasks

Super User • Super (root) User Privileged user with unrestricted access to the system resources. $ su Password: Not echoed # id uid=0(root) gid=0(root) ... # su root -c “ <params>”

User Administration • Unix users and groups • Pseudo users • /etc/passwd /etc/shadow /etc/group

• CLI administration utilities • Environment initialization • RBAC Profiles and Roles • /etc/security/ prof_attr, exec_attr

Users and Groups • username and user id. ( identification ) • User database ( /etc/passwd ) username:x:UID:GID:user information:home-directory:login-shell

• Shadow password file • Group database ( /etc/group ) name:*:GID:additional-users

• Standard users and groups root, daemon, bin, sys, adm, nobody, noaccess,... root, bin, sys, adm, mail, daemon, ...

User Management Commands • Standard Unix – – – – –

useradd, usermod, userdel groupadd, groupmod, groupdel groups passwd chown, chgrp

• Solaris – profiles, auths, roles – Solaris Management Console: User Tools

Environment Initialization • Home directory and default shell. • Environment initialization files – .profile, .login, .cshrc, .bashrc – Settings PATH, aliases, shell variables

• Administering passwords – passwd <user> – Forcing password change, Locking and unlocking – Setting expiry, warning about the expiry

Administering File Systems • • • •

File system types Solaris File System Managing file systems Sharing file systems

File System Types • Disk based filesystems – ufs, hsfs/cdfs, ... • Network based filesystems – nfs • Virtual file systems – tmpfss/swap, lofs, ... • ZFS

File Systems: Details • Stored in physical media, HDD, CD, DVD – UFS (bsd and solaris default ) – PCFS( read and write access) – hsfs/cdfs/iso9660: CD/DVD

• nfs: Uniformly used across all unix flavours • Virtual File systems – Mostly memory based, provide access to special kernel information or facilities. ( e.g. procfs, – Some can use disk, such as tmpfs

Default Solaris File System • Hierarchy starting with the '/' directory.

ZFS • Immense capacity – First 128 bit filesystem

• End to end data integrity – Copy on write transactions

• Easy administration – Storage pools and not volumes ZFS

ZFS

• Huge Performance gains – Especially architected for speed Storage Pool

Managing File Systems • • • • • •

Mounting and unmounting File system usage ( df, fuser ) Quotas to limit usage per user Filesystem configuration files. Automounts Validating file systems ( fsck )

Sharing File Systems • NFS – Mounting – /etc/dfs/dfstab on solaris # share [-F fstype] [ -o options] [-d ""] <pathname> [resource] # share -F nfs -o rw=engineering -d "home dirs" /export/home2

• Samba

Partitioning • Logical separation or demarcation of physical disk devices into multiple partitions aka slices

Managing Disk Devices • Block device files /dev/dsk – used by commands like mount – Transfer large blocks of data at a time • Raw device files /dev/rdsk – used by commands like newfs – Transfer smaller chunks of data. • /dev/[r]dsk/cxtydmsn

Slices and File Systems • Slices ( logical disk partitions ) are assigned one or more file systems. • A file system cannot span across slices. • Each slice is treated as a separate drive by the operating system. • Min 3 slices are recommended – / for root partition – /swap for tmpfs, procfs, volatile – / partition such as /export/home

Tools and Commands • format • fdisk • • • •

mount newfs mkfs fsck

Packaging

Introduction to Packaging • All unix like os use packages. • Collection of files such as scripts, binaries, configuration files, images, ... • A logical group of files that constitute a product or a component/feature of a product. • Enabled easy management of files.

Managing Solaris Packages • Adding packages (pkgadd) – Usually interactive – Source could be a single file or a directory structure – pkgtrans

• Removing packages (pkgrm) • Listing installed packages (pkginfo) • Checking package integrity – pkginfo, pkgparam – pkgchk

Admin File • File with default installation actions instructions /var/sadm/install/admin/default mail= instance=unique partial=ask runlevel=ask idepend=ask rdepend=ask space=ask setuid=ask conflict=ask action=ask basedir=default

Package Manifest and Other Files • • • •

pkginfo file pkgmap file install directory reloc

Creating a Package • prototype file – File and directory entries – Class – permissions • pkgproto command • pkgmk

Patch Management • • • • • •

What is a Patch Adding patches (patchadd) patch pre and post install scripts Obsolete patches Removing patches (patchrm) backout / patchrm scripts

Other Tasks • OS installation and upgrades • Configuring services such as mail, printer and network connectivity etc. • Booting, halting, reconfiguring the system • Managing devices in addition to disks • Backup, restore. • Occasionally analyze crash dumps • Just about anything that's related to the systems

Solaris Security • Secure installation – Complete distribution – Core distribution

• Patch updates. – http://sunsolve.sun.com – Recommended and Security Patches

• Auditing – Audit configuration files – Audit trail analysis

Solaris Security Toolkit (JASS) jumpstart architecture and security scripts. Simplifies the process of

• Hardening the system. • Minimizing packages • Auditing

Summary • A thankless but most vital job. • All about providing predictable service levels • At the same time, maintaining your own authority and system's integrity.

[email protected]

Thank You !