Free Essay

Linux System Administration

In: Computers and Technology

Submitted By ike1421
Words 291
Pages 2
IT302 Linux System Administration
Research Assignment 1

SELinux or Security Enhanced Linux uses an architecture that separates enforcement from access policy decisions. With this architecture different types of policies can be implemented, including Role-Based Access Control (RBAC), Type Enforcement (TE), and Multi-Level Security (MLS). The module assigns security labels to each subject or object. It uses a security class to determine the kinds of relationship a pair of labels might have. The triplet consisting of a pair of labels and a class are then sent to a policy server to determine if access is allowed. The security labels are assigned dynamic integer security ID's (SID's); the reply from the policy server is cached in an 'access vector cache' for performance reasons. SELinux was developed in coordination with the open source community and the National Security Agency (NSA) to provide the highest level of security for the Linux operating system.

The three basic elements of the VServer are: The security context. A process in one security context cannot see processes in other security contexts, neither with the 'ps' command, nor with 'cat /proc' nor in any other way. As side-effect, this means that a process in one context cannot kill processes in other contexts. Capabilities. The existing Linux kernel provides a wide variety of capabilities which can be taken away from processes. These include the ability to change network addresses, to change the ownership of a file, etc. (See /usr/include/linux/capability.h for details.) The vserver-utils provides a tool to take away capabilities from a process. The chroot jail. The existing Linux kernel provides a way to limit a process to a subdirectory, by changing the 'file system root' for the process to be the subdirectory

Similar Documents

Free Essay

It-302-Linux System Administration

...Security-Enhanced Linux is a Linux feature that provides a mechanism for supporting access control security policies, including United States Department of Defense style mandatory access controls. These functions were run through the Linux Security Modules in the Linux kernel. It is not a Linux distribution, but rather a set of modifications that can be applied to Unix-like operating system kernels, such as Linux and that of BSD. SELinux was developed by the United States National Security Agency, it was released to the open source development community under the GNU GPL on December 22, 2000. SELinux users and roles are not related to the actual system users and roles. For every current user or process, SELinux assigns a three string context consisting of a role, user name, and domain. This system is more flexible than normally required: as a rule, most of the real users share the same SELinux username, and all access control is managed through the third tag, the domain. Circumstance for when the user is allowed to get into a certain domain must be configured in the policies. The command runcon allows for the launching of a process into an explicitly specified context, but SELinux may deny the transition if it is not approved by the policy configuration. The security of an unmodified Linux system depends on the correctness of the kernel, all the privileged applications, and each of their configurations. A problem in any one of these areas may allow the compromise of the......

Words: 907 - Pages: 4

Free Essay

Resume

...Lauren Lamotte | 7714 Lancer Ct | Niceville, FL 32578 | (850) 408-6789 | lauren.lamotte@us.af.mil November 14, 2015 Linda Vinetti Hiring Manager Capriccio Software, Inc. 3556 Gen DeGualle Blvd New Orleans, LA 70128 Dear Ms. Vinetti: I read of your company’s need for a Linux Systems Administrator in the New Orleans area on Indeed.com. I will be returning to New Orleans after my military enlistment is complete, and I believe that I would be an excellent fit for the company. I have worked as an IT professional in the United States Air Force for over six years, with my last three years working as a Linux Systems Administrator, and I am confident in my ability to become a valuable member of your team. I have an Associates degree in IT, and I am working towards by Bachelors degree in Information Systems Management. I am also professionally certified from Microsoft, Cisco, and CompTIA. As a Linux System Administrator, I have extensive experience in the following areas: * System Administration and Repair * Systems Installation, Configuration & Upgrading * Programming and Scripting * System Security, Backup and Recovery As a supervisor in the United States Air Force, I have experience working in teams, and I thrive under pressure. Additionally, I have excellent communication and interpersonal skills, which......

Words: 894 - Pages: 4

Free Essay

It302 Linux System Administration Research Assignment 1

...IT302 Linux System Administration Research Assignment 1 SELinux or Security Enhanced Linux uses an architecture that separates enforcement from access policy decisions. With this architecture different types of policies can be implemented, including Role-Based Access Control (RBAC), Type Enforcement (TE), and Multi-Level Security (MLS). The module assigns security labels to each subject or object. It uses a security class to determine the kinds of relationship a pair of labels might have. The triplet consisting of a pair of labels and a class are then sent to a policy server to determine if access is allowed. The security labels are assigned dynamic integer security ID's (SID's); the reply from the policy server is cached in an 'access vector cache' for performance reasons. SELinux was developed in coordination with the open source community and the National Security Agency (NSA) to provide the highest level of security for the Linux operating system. Linux V-Server – The three basic elements of the VServer are: * The security context. A process in one security context cannot see processes in other security contexts, neither with the 'ps' command, nor with 'cat /proc' nor in any other way. As side-effect, this means that a process in one context cannot kill processes in other contexts. * Capabilities. The existing Linux kernel provides a wide variety of capabilities which can be taken away from processes. These include the ability to change network......

Words: 423 - Pages: 2

Premium Essay

Unix Administration Chapter 2

...Advanced SUSE Linux Enterprise Server Administration (Course 3038) Chapter 2 Configure the Network Manually Objectives • • • • Understand Linux Network Terms Set Up Network Devices with the ip Tools Save Device Settings to a Configuration File Set Up Routing with the ip Tool Advanced SUSE Linux Enterprise Server Administration (Course 3038) 2 Objectives (continued) • Save Routing Settings to a Configuration File • Configure Host Name and Name Resolution • Test the Network Connection with Command-Line Tools Advanced SUSE Linux Enterprise Server Administration (Course 3038) 3 Understand Linux Network Terms • Device – Network adapter built into the system • Link – Used by command-line tool ip to refer to the connection of a device to the network • Address – IP address assigned to a device • Broadcast – Refers to the broadcast address of a network • Route – Path IP packet takes from source to destination host Advanced SUSE Linux Enterprise Server Administration (Course 3038) 4 Set Up Network Devices with the ip Tool • Command-line ip tool – Changes the network card configuration • Used to perform the following tasks – Display the Current Network Configuration – Change the Current Network Configuration Advanced SUSE Linux Enterprise Server Administration (Course 3038) 5 Display the Current Network Configuration • IP address setup – Syntax • ip address show Advanced SUSE Linux Enterprise Server Administration......

Words: 1162 - Pages: 5

Free Essay

Redhat

...LINUX-6 Curriculum chnoworld ive Development | Training | Consultancy Rh124 Red Hat System Administration I Red Hat System Administration I (RH124) is designed for IT professionals who are new to Linux and require core Red Hat Enterprise Linux skills. Focused on administration tasks that will be encountered in the workplace, this course will actively engage students in task-focused activities, labbased knowledge checks, and facilitative discussions to ensure maximum skill transfer and retention. In addition, GUI-based tools will be featured to build on the students' existing technical knowledge, while key command line concepts will be introduced to provide a foundation for students planning to become fulltime Linux system administrators. By the end of the five-day course, students will be able to perform installation, establish network connectivity, manage physical storage, and perform basic security administration. LINUX-6 Course Outline Unit 1: Get Started with the GNOME Graphical Desktop Objective: Get started with GNOME and edit text files with gedit Unit 2: Manage Files Graphically with Nautilus Objective: Manage files graphically and access remote systems with Nautilus Unit 3: Get Help in a Graphical Environment Objective: Access documentation, both locally and online Unit 4: Configure Local Services Objective: Configure the date and time and configure a printer Unit 5: Manage Physical Storage I Objective: Understand basic disk concepts and manage......

Words: 1463 - Pages: 6

Free Essay

Linux

...Syllabus College of Information Systems & Technology POS/420 Version 9 Introduction to UNIX® | |Copyright © 2010, 2009, 2008, 2006, 2005, 2004, 2001, 2000 by University of Phoenix. All rights reserved. Course Description This course is a survey of the UNIX® operations. The student will gain an understanding of the internal operations of the UNIX® system, which enables the user to make efficient use of files, file systems, and processes. Commands for efficient management of UNIX® system files, file systems and process, systems administration and security are also examined. Policies Faculty and students/learners will be held responsible for understanding and adhering to all policies contained within the following two documents: • University policies: You must be logged into the student website to view this document. • Instructor policies: This document is posted in the Course Materials forum. University policies are subject to change. Be sure to read the policies at the beginning of each class. Policies may be slightly different depending on the modality in which you attend class. If you have recently changed modalities, read the policies governing your current class modality. Course Materials Blum, R. (2008). Linux® command line and shell scripting bible. Indianapolis, IN: Wiley. Love, P., Merlino, J., Zimmerman, C., Reed, J. C., & Weinstein, P. (2005). Beginning Unix®. Indianapolis, IN: Wiley. Software RedHat Linux 5 (Virtual......

Words: 1560 - Pages: 7

Free Essay

Unix

...Carrier Objective: Obtaining a challenging career in the field of Information Technology as a Unix/Linux Systems Administrator to utilize the knowledge that I have gained through past years of experience in various industries such as Telecommunications, Banking, Medical, Insurrance and government establishments . Qualification Summary: 5 Years of Unix experience with overall 10+ years of experience in the field of Information technology. Master's Degree in Micro-Electronics & Diploma in Computer Sciences. Specialize in following: Unix Administration on Sun Solaris and Red Hat Linux environment. VERITAS Volume Manager and Cluster Server experience. Websphere Application Server experience Virtualization Technologies VMware ESXi 5 Large 24x7 mission-critical production environment experience. Unix Administration, maintainance providing support in an enterprise enviroment (Resolved, escalated and dispatched technical issues) Experience with EMC/Openfiler SAN,configured and Managed SAN storage for Vmware Vsphere enviroment . Communication skills in handling diversified activities like Customer Support, in various capacities from front-end field engineer to the present capacity working. Well versed with Incident resolution and Change Management process. Performing Datacenter administration ( HP/SUN Servers including C7000,M4000, M5000, T5220, T5240, V440, V480/V490, V880/V890, E4500, E6500) tasks such: Backups, restore, Tape Management, Installation, Upgradation & Decommission...

Words: 1089 - Pages: 5

Premium Essay

It302 Final Exam Reveiw Answers

...IT302 Linux Administration Final Exam Revew Preparation Sheet and Study Guide 1. Which runlevel is textual multi-user mode? A. 1 B. 3 C. 5 D. 6 2. Which system script contains the default runlevel? A. /etc/default.target B. fstab.default C. profile.local D. default.runlevel Use the following information to answer Questions 3-5: A system administrator is manually setting up a new daemon named analyzed. The daemon should be set to run at runlevel 3 and be the very last daemon to load. 3. What should the link to start the daemon be named? A. skanalyzed1 B. 100analyzedstartup C. analyzedstart --last D. S99analyzed 4. Which of the following commands would stop the analyzed daemon? A. analyzed stop B. chkconfig –level 35 analyzed C. service analyzed stop D. chkconfig analyzed boot 5. Which of the following commands would tell the system at which runlevels to start analyzed? A. analyzed stop B. chkconfig –level 35 analyzed C. service analyzed stop D. chkconfig analyzed bootLinux Professor Green IT302 Linux Administration 6. Which of the following commands would let you most safely switch to runlevel 2 without rebooting the computer? A. boot 2 B. telinit 2 C. init 2 D. rl 2 7. Which type of control does SELinux implement? A. Discretionary access control B. Media access control C. Role-based access control D. Mandatory access control 8. Which of the following is not a SELinux state? A. Permissive B. Monitoring C. Enforcing D. Disabled 9. The files hosts.allow and hosts.deny belong...

Words: 1258 - Pages: 6

Premium Essay

Linux Security

...| Linux Security | A review of some current technologies | | | | | In the pre-Internet world you have criminals looking for “hard” assets: money, jewelry and other items that could be easily turned into hard currency. We have always had “white-collar” crime such as embezzlement, fraud and insider trading. With the proliferation of the Internet and our personal and professional lives stored in the cloud; criminals can now take one ubiquitous piece of information and turn themselves into a whole other person. The ease in which such information can be used has turned people who would never think of ever holding up a bank, mugging someone or other physical crime, into criminals. This type crime has spawned a whole new “industry”: cyber security. One of the most important aspects of a network administrator’s job is to secure the system from any person who wishes to do criminal activities. These people are both within and outside the organization. With the Linux system there are three main technologies that are in use today. They are SELinux, chroot jail, and iptables. The first line of defense in a Linux system is chroot jail. Chroot is a process or application that changes the root directory for a user. To the user it appears that they are in their root directory, but they are actually in a modified root directory. This modified root directory is called jail. Without a chroot jail, a user with limited file permissions would still be able to......

Words: 942 - Pages: 4

Free Essay

Financial Analyst

...Assad Rafiq PROFESSIONAL SUMMARY Possessing strong understanding of the Information Technology practice, extensive experience working with PeopleSoft (PIA) Administration for over the last 7 years. Demonstrated strong Technical and Problem Management skills. PeopleSoft Administrator, Oracle Database, LINUX, UNIX skills have enabled me to perform multiple installations, upgrades, performance tuning, and troubleshooting the infrastructure components required to establish and maintain the PeopleSoft PIA Architecture. PeopleSoft Server Administration – Installed and configured PeopleTools, File Server, Application Server, Process Scheduler Server, Tuxedo, WebLogic Web Server, PeopleSoft Internet Architecture (PIA) and Report Distribution, Load Balancing, Failover, Integration Broker, Single Signon, LDAP, Environment Management Framework, PeopleSoft Application Security Administration, Disaster Recovery, Business Continuity Planning for various PeopleSoft Oracle Database Instances. Expertise in performing routine maintenance activities - Environment Refreshes, PS Project Migration, File Object Migration, Performance Tuning of Web Server, Application Server, Tuxedo, Process Scheduler Server and Database, PeopleSoft Application Security. Successfully applied PeopleTools Product Patches, Application Patches, Bundles, Maintenance Packs, and PeopleTools Upgrades. Trouble shoot problems related to Server Components and Failed Process or Jobs, Performance Tuning, Turning on......

Words: 1065 - Pages: 5

Free Essay

Linux Security Basics

...IT302 7/9/2012 Research Linux Security Basics Linux, being one of the most secure operating systems in the world, has many features and services that enhance security to the maximum. Linux isn’t completely secure, like some people like to claim, but many distributions strive to make security a key feature. One of the greatest reasons Linux is more secure, is the simple fact of having a smaller user base than other operating systems; this means that Linux is a smaller target for most malicious intents. That doesn’t mean that distributions rely on this to secure their OS. There are many great and complex security features and services that come with Linux. One of the most complicated security features, I believe, is SELinux. Security Enhanced Linux is a security model developed by the NSA and provides a fine grained permissions system for files, users, groups, sockets, ports, and processes. SELinux was conceived because the current user level security system that Linux, and other operating systems, offer is insufficient for. To ensure a maximum security environment, SELinux uses the MAC security model. This means that an object only has the minimal set of permissions it requires to operate. SELinux uses sets of policies to handle permissions providing the system with a great level of security. These policies can be assigned as roles to users enabling specific rules and regulations for specific individuals. SELinux may be a powerful security feature, but it can also be a......

Words: 1200 - Pages: 5

Premium Essay

Network Administrator

... KENYAN LANGUAGES : ENGLISH AND KISWAHILI AGE : 26 YEARS ID NUMBER : 23769870 CARRIER OBJECTIVES To design and plan an advanced Telecom infrastructure that services over a million subscribers with ‎Triple Play Services (Voice, Data & Video Services).‎ To contribute to the growth of a progressive company with quality products and services in the field of Telecommunications and Information Technology (ICT).‎ SUMMARY OF SKILLS AND EXPERIENCE • Total 2 years and 4 months of experience with Advanced Diploma in Telecommunication Engineering and Cisco Certified Network Associate (CCNA). • 2 years and 8 months of experience as Network Engineer (Windows/Linux/Network). Possess the expertise in the following: Networking • Installations, Configurations and Troubleshooting of; • Wireless local Area network (WLAN) • Local Area Network (LAN) and Wide Area Network (WAN) Security • Wimax CPE (Alvarion) for SAFARICOM and ACCESSKENYA networks • Free Space Optic link (FSO) • Mikrotik CPE and router. • Nanostation 2.4Ghz and 5Ghz • Cisco routers and switches • Firewalls rules implementation • VoIP servers using IP PABX • Network IP planning • Software and hardware Windows •...

Words: 1141 - Pages: 5

Free Essay

It 250 Linux Command Line

...Holds the files needed to bring the system up and run it when it first comes up in single-user mode. Holds system utilities /boot Static files of the boot loader Contains all of the files needed to boot the system. /dev Device files /etc Machine–local system configuration files One of the most important is /etc/passwd /etc/X11 Machine–local configuration files for the X Window System /home User home directories /lib Shared Libraries /lib/modules Loadable kernel modules /mnt Mount point for temporarily mounting filesystems /opt Add-on software packages. (optional) /proc Kernel and process information virtual filesystem /root home directory for root /sbin Essential system binaries Utilities used for system administration are stored in /sbin and /usr/sbin. /sbin *also /sbin directory includes utilities needed during the booting process /usr/sbin holds utilities used after the system is up and running Older versions of linux In older versions of Linux, many system administration utilities were scattered through several directories that often included other system files (/etc, /usr/bin, /usr/adm, /usr/include). /sys Device pseudofilesystem /tmp temporary files /usr Second major hierarchy. Traditionally includes subdirectories that contain information used by the system. Files in /usr subdirectories do......

Words: 640 - Pages: 3

Free Essay

It250 Week 9

...Unit 9: Basic Linux Administration Objectives 9: Administer and maintain a Linux system. 9.1: Create users and groups by using the CLI and GUI tools. 9.2: Back up a Linux system by using the tar utility. 9.3: Maintain effective logs by using the log rotate utility. Readings A Practical Guide to Fedora and Red Hat Enterprise Linux Chapter 11, pp. 407-425 * Chapter 16 In-Class Assessment * Week 9 Quiz: Homework The following homework is designed to cover the course objectives for this unit. Assignment 9.1: Complete the following exercise in your textbook: * Chapter 16: Question 1-5 on page 643 Submit your written answer to your instructor at the start of Unit 10. Labs Instructor Notes: Assign students the following lab which can be printed from Appendix D. Lab 9.1: Using tar to Back Up Files What is the purpose? This lab exercise lets you perform basic file backup on your Linux system. What are the steps? Task 1: Backing up with tar Procedure 1. Open a terminal window as a regular user. 2. Create a directory named backup in your home directory. 3. Copy some files from your home directory into your new directory. 4. Create a backup of your new directory by using tar and compress the file with bzip2. Make sure that the backup file is not placed in the directory you are backing up. You will need to: a. Create permission. b. Choose verbose mode option. c. Choose the bzip2 file format. d.......

Words: 1093 - Pages: 5

Premium Essay

Install a Core Linux Operating System on a Server

...demonstration. Part # 1 Install a Core Linux Operating System on a Server Learning Objectives and Outcomes Upon completing this lab, students should know more about the following tasks: * Install a base Linux operating system using a Fedora core Linux server for production use on the VM server farm * Create secured partitions within the core Linux server for desired security hardening, performance, and application support * Enable a network time server during installation to maintain a synchronized time setting throughout the system * Set a hostname that is descriptive of the role of the server to maintain standard and concise naming conventions during installation * Create a non-privileged user account for system administration access as a secure alternative to logging in as root user Overview In this lab the students will see how to install and partition a Fedora Core Linux Server. The installation process, applying passwords, creating partitions, and system administrator access controls will be part of the operating system configuration requirements. The demonstration will show how to use the terminal or terminal emulator for command line configurations and implementation. Lab Assessment Questions & Answers 1. During the install, the option to sync with a NTP (Network Time Protocol) server was checked. From a security perspective, why is it important for a system to keep accurate time? NTP is......

Words: 1168 - Pages: 5