An Introduction to Linux

Contents
Operating System
Purpose

Intro to Linux
Background Kernel

Purpose of Operating System

To manage hardware and software resources in a system Memory, processor, disk space, programs To ensure the system behaves in a predictable way To provide a stable, consistent high-level interface to the hardware -Individual applications do not need to know hardware implementation details.

Introduction to Linux
Linux is a free distributed implementation of a Unix-like Kernel Developed by Linus Torvalds at the University of Helsinki with the help of programmers across the Internet. The first version of Linux kernel became available on the net in 1991.

Areas of Maximum Usage

Used as server which is powered up and online 24X7. Used as web servers, hosting web sites browsed by the users worldwide.

Uniqueness of Linux
Linux is a cross platform OS that runs on many computer models. Linux & many Linux applications are distributed in source forms. Linux is free in two sense
You pay nothing to obtain it. Linux comes bundled with special documentation or application with technical support.

Background of Linux
Development of Unix
Features Versions

Linux Background Copyright to Copyleft Intro to Kernel

Development of Unix
Ken Thompson & Dennis Ritchie implemented a rudimentary OS on PDP 7 & named it Unics. Developed at Bell Labs by AT&T in 1970s Unix is a trademark administered by the Open Group, and it refers to a computer OS that conforms to a particular specification i.e. Posix (Portable OS Interface) specifications.

Main Features of Unix

Simplicity Reusable Components Filters Open File Systems Portability

Versions of Unix
Sun OS by Sunmicrosystems owned by Bill Joy. System V by AT & T in 1984.

BSD(Berkeley System Division) Unix Written at the University of California, Berkeley in 1978.

Linux Background
AT & T claimed Unix as its intellectual property and began charging hefty license fee who wanted to use Unix. Others followed the suite. In 1983, Richard Stallman, scientist at MIT, launched GNU project which aimed at creating a free Unix- like OS. Like early Unix, it was distributed free in source form.

Linux Background
Stallman used Internet as a means of communication. He founded FSF(Free Software Foundation), a non-profit corporation that seeks to promote free software and eliminate restrictions on the copying, redistributing, understanding and modification of software.

Linux Background
By the early 90s, the FSF had obtained or written all major components of the GNU except the KERNEL. Linus Torvalds working with MINIX, a Unix-like OS written by Andrew Tannenbaum was disappointed with its performance and believed he could do better.

Birth of Linux
He shared his work with others on Internet news groups. Soon other programmers joined to extend & improve his Kernel which he called Linux. Released on Oct 1,1991, Linux grew rapidly. Linux has been integrated with other GNU software to produce a fully functional OS

Copyright to Copyleft
FSF guarantees freedom to users through a special term GNU Public License which gives everyone the right to use, modify & redistribute the software, but only if the redistribution terms are unchanged. According to FSF, Proprietary software developers use copyright to take away the users freedom, we use copyright to guarantee their freedom. Thats why we reverse the name, changing it to copyleft.

Intro to Kernel
Focal point of any OS is kernel. It is a core program that runs programs & manage hardware devices, such as disks and printers. It acts like a bridge between hardware & other user & system programs & applications.

Features
Multitasking -several processes running at the same time independent of each other Multiuser -several users work with the system at the same time Multiplatform -runs on different CPUs, not just Intel.

Features Contd
Multiprocessing -distribute several applications across several processors Multithreading -with kernel support multiple independent threads are controlled within a single process memory space. Architectural Independence -Linux runs on almost all platforms

Features Contd
Demand Loads Executables -reads from disk only those parts of a program that are actually used Virtual Memory Using Paging -pages not there in physical memory but needs to be accessed are loaded Unified Memory Pool -for user programs and disk cache

Features Contd
Shared Libraries -static and dynamic link libraries Core Dumps for Post-Mortem Analysis -Allow use of debugger on a program Support for POSIX 1003.1 Standard Source Code Available -including kernel, drivers, the development tools and all user programs

Features Contd
Various formats for Executable Files -through an iBCS2(standard) compliant emulation module, mostly compatible with SCO Unix, SVR3 & SVR4 at the binary level Memory Protected Mode -has memory protection between processes, so that one program cant bring the whole system down

Features Contd
Support for National Keyboards & Fonts -support for many national or customized keyboards Multiple Virtual Console -several independent login sessions through the console Different File Systems -support several common file systems, including Minix, Xenix and all common System V file systems -has its own advanced file system i.e. ext2 which offers file systems of upto 4TB and names upto 255 characters long.

Features Contd
TCP/IP, SLIP & PPP SUPPORT -Linux can be integrated into local Unix networks. All network services such as NFS, Remote Login can be used Embedded LINUX -The embedded applications such as industrial controllers, outers, entertainment electronics and palmtops

Linux Distribution
Various organizations & individuals package Linux, often combining it with free or proprietary applications. Such a package that includes all the software needed to install and run Linux is called a Linux Distribution. Some Popular Distribution Caldera OpenLinux Slackware Linux Red Hat Linux SUSE Linux Debian Linux Distributions can be obtained from: FTP Servers, E-mail systems, public-domain distributors and some bookshops

Linux Features and Comparison Performance

Characteristic Range of compatible hardware Linux Very wide Windows NT Modest Solaris Narrow

Minimal hardware Representative cost of hardware Average downtime

386 PC Low

486 PC Higher

Pentium Highest

Very low

As low as 30 min./week

Very low

Performance

High

Comparable to Linux

Half of Linux to same as Linux Excellent

Multi-processing capabilities IP Security (IPSec) IPv6

Excellent

Modest

Yes Available

Through Service Pack Privately demonstrated

Later Versions Beta

Overall user satisfaction, per Datapro

Highest

Lowest

Medium

Source code readily available Installed base

Yes

No

No

Millions

Millions

Hundreds of thousands

Relationship between Linux & Unix

There are many similarities as well as differences between Linux and Unix. Similarities Almost all programs that run on Unix can be compiled and run on Linux. Some of commercial applications developed on Unix can run unchanged in binary form on Linux systems.

Similarities
Both share many common applications such as: -GUI, file, and windows managers (KDE, Gnome) -Shells (ksh, csh, bash) -Various office applications -Development tools (perl, php, c, c++) -Posix interface

Relationship
Linux is a UNIX Clone Linux Is Just a Kernel License and cost User-Friendly Security Backup and Recovery File Systems Administration Tools Startup Scripts End User Perspective

System Administrator Perspective

Linux/Unix
Comparison

What is it?

Linux is an example of Open Source software development and Free Operating System (OS). Linux is developed by Open Source development i.e. through sharing and collaboration of code and features through forums etc and it is distributed by various vendors such as Debian, Red Hat, SUSE, Ubuntu, GentuX etc. It is based on UNIX and eventually after adding many features of GUI, Drivers etc, Linus Torvalds developed the framework of the OS that became LINUX in 1992. The LINUX kernel was released on 17th September, 1991

Unix is an operating system that is very popular in universities, companies, big enterprises etc. Unix systems are divided into various other flavors, mostly developed by AT&T as well as various commercial vendors and non-profit organizations.

Development and Distribution

Inception

In 1969, it was developed by a group of AT&T employees at Bell Labs and Dennis Ritchie. It was written in C language and was designed to be a portable, multi-tasking and multi-user system in a time-sharing configuration.

GUI:

Linux typically provides two GUIs, KDE and Gnome. But Linux GUI is optional. In case of Linux, threat detection and solution is very fast, as Linux is mainly community driven and whenever any Linux user posts any kind of threat, several developers start working on it from different parts of the world

Initially Unix was a command based OS, but later a GUI, popularly known as X Window was created for UNIX. In case of Unix, user has to wait for a while, to get the proper bug fixing patch.

Threat detection and solution

Cost

Linux can be freely Different flavors of Unix distributed, downloaded have different cost freely, distributed through structures magazines, Books etc. There are priced versions for Linux also, but they are normally cheaper than Windows. Linux has had about 60100 viruses listed till date A rough estimate of unix viruses is between 85 -120 viruses reported till date.

Security:

User

Linux, like all Unix variants, Unix operating systems is designed to handle were developed mainly for multiple concurrent users. mainframes, servers and workstations. The Unix environment and the client-server program model were essential elements in the development of the Internet

Open Source Software

When programmers on the Internet can read, redistribute, and modify the source for a piece of software, it evolves People improve it, people adapt it, people fix bugs. And this can happen at a speed that, compared to conventional software development, seems astonishing

Unix Architecture
The image cannot be displayed. Your computer may not hav e enough memory to open the image, or the image may hav e been corrupted. Restart your computer, and then open the file again. If the red x still appears, y ou may hav e to delete the image and then insert it again.

UNIX ARCHITECTURE
HARDWRE:The physical component of the computer system is called hardware. UNIX SHELL: The shell or the command interpreter is the mediator which interprets the commands we give and then conveys them to the Kernel which ultimately executes them. It provides the user interface to the Kernel. KERNEL: It is that part of the operating system that carries out the basic functions such as accessing files, allocating memory and handling communications. Its main function is to manage the resources of the computers hardware such as CPU, memory, I/O devices and network communication. USERS: The human beings that use the computer system are called the users.

Micro/Mono
The kernel internally contains many components, such as a memory manager, scheduler, numerous device drivers, a file system, and so on. Monolithic kernel--All of the components mentioned above, and many others, are all lumped into a single operating system file. Microkernel--Only the bare minimum is put into the kernel file, and every thing else is put into separate programs, which the microkernel loads and runs at boot time.

Fundamental Architecture of GNU/Linux

USER SPACE/KERNEL SPACE

Kernel space is where the kernel (i.e., the core of the operating system) executes (i.e., runs) and provides its services. Kernel space can be accessed by user processes only through the use of system calls. User space is that set of memory locations in which user processes (i.e., everything other than the kernel) run. The reason for this separation is that otherwise user data and kernel data could disturb each other which would result in less performance and system instabilities.

GNU C Library (glibc)

This provides the system call interface that connects to the kernel and provides the mechanism to transition between the user-space application and the kernel.

KERNEL
Linux uses a monolithic kernel, the Linux kernel, which handles process control, networking, and peripheral and file system access. Device drivers are integrated directly with the kernel.

Kernel Layers
The Linux kernel is the core of a large and complex operating system, and while it's huge, it is well organized in terms of subsystems and layers. It can be divided into three gross levels. Level 1 SCI which implements the basic functions such as read and write. Level 2 Kernel code which is common to all architectures supported by Linux. Level 3 Architecture-dependent code which forms BSP (Board Support Package). This code serves as the processor and platform specific code for the given architecture.

Major Sub systems of the Linux Kernel

Sub Systems of Kernel

SCI-provides the means to perform function calls from user space into the kernel. PM MM VFS Network Stack Device Drivers arch

Process Management
In the kernel, these are called threads and represent an individual virtualization of the processor (thread code, data, stack, and CPU registers). In user space, the term process is typically used, though the Linux implementation does not separate the two concepts (processes and threads). The kernel provides an application program interface (API) through the SCI to create a new process (fork, exec, POSIX functions), stop a process (kill, exit), and communicate and synchronize between them (signal, or POSIX mechanisms). Share the CPU between the active threads: The kernel implements a novel scheduling algorithm that operates in constant time, regardless of the number of threads vying for the CPU. This is called the O(1) scheduler, denoting that the same amount of time is taken to schedule one thread as it is to schedule many.

Memory management
memory is managed in pages (4KB in size for most architecture). Linux provides abstractions over 4KB buffers, such as the slab allocator. Memory management scheme uses 4KB buffers as its base, but then allocates structures from within, keeping track of which pages are full, partially used, and empty. This allows the scheme to dynamically grow and shrink based on the needs of the greater system. Supporting multiple users of memory, there are times when the available memory can be exhausted. For this reason, pages can be moved out of memory and onto the disk. This process is called swapping because the pages are swapped from memory onto the hard disk. You can find the memory management sources in ./linux/mm

Slab Allocator
Processes generally request memory on the order of bytes, not on the order of pages. To support the allocation of smaller memory requests made through calls to functions like kmalloc(), the kernel implements the slab allocator, which is a layer of the memory manager that acts on acquired pages. The slab allocator seeks to reduce the cost incurred by allocating, initializing, destroying, and freeing memory areas by maintaining a ready cache of commonly used memory areas. This cache maintains the memory areas allocated, initialized, and ready to deploy. When the requesting process no longer needs the memory areas, they are simply returned to the cache.

Virtual file system

The VFS provides a switching layer between the SCI and the file systems supported by the kernel. At the top of the VFS is a common API abstraction of functions such as open, close, read, and writes. At the bottom of the VFS are the file system abstractions that define how the upper-layer functions are implemented. These are plug-ins for the given file system You can find the file system sources in ./linux/fs. Below the file system layer is the buffer cache, which provides a common set of functions to the file system layer (independent of any particular file system). This caching layer optimizes access to the physical devices by keeping data around for a short time (or speculatively read ahead so that the data is available when needed). Below the buffer cache are the device drivers, which implement the interface for the particular physical device.

The VFS between users and file systems

Network stack
The network stack, by design, follows a layered architecture modeled after the protocols themselves. The sockets layer is the standard API to the networking subsystem and provides a user interface to a variety of networking protocols. From raw frame access to IP protocol data units (PDUs) and up to TCP and the UDP, the sockets layer provides a standardized way to manage connections and move data between endpoints. You can find the networking sources in the kernel at ./linux/net.

Device drivers
The vast majority of the source code in the Linux kernel exists in device drivers that make a particular hardware device usable. The Linux source tree provides a drivers subdirectory that is further divided by the various devices that are supported, such as Bluetooth, I2C, serial, and so on. You can find the device driver sources in ./linux/drivers.

Architecture-Dependent code
While much of Linux is independent of the architecture on which it runs, there are elements that must consider the architecture for normal operation and for efficiency. The ./linux/arch subdirectory defines the architecturedependent portion of the kernel source contained in a number of subdirectories that are specific to the architecture (collectively forming the BSP). For a typical desktop, the i386 directory is used. Each architecture subdirectory contains a number of other subdirectories that focus on a particular aspect of the kernel, such as boot, kernel, memory management, and others. You can find the architecture-dependent code in ./linux/arch.

Linux Booting Procedure

How computer startup?

Booting is a bootstrapping process that starts operating systems when the user turns on a computer system A boot sequence is the set of operations the computer performs when it is switched on that load an operating system

Booting sequence
1. 2. 3. 4. 5. 6. Turn on CPU jump to address of BIOS (0xFFFF0) BIOS runs POST (Power-On Self Test) Find bootale devices Loads and execute boot sector form MBR Load OS

BIOS (Basic Input/Output System)

BIOS refers to the software code run by a computer when first powered on The primary function of BIOS is code program embedded on a chip that recognizes and controls various devices that make up the computer.

BIOS on screen BIOS on board

Stage 1 boot loader

The primary boot loader that resides in the MBR is a 512-byte image containing both program code and a small partition table. The first 446 bytes are the primary boot loader, which contains both executable code and error message text. The next sixty-four bytes are the partition table, which contains a record for each of four partitions (sixteen bytes each). The MBR ends with two bytes that are defined as the magic number (0xAA55). The magic number serves as a validation check of the MBR.

Stage 2 boot loader

The secondary, or second-stage, boot loader could be more aptly called the kernel loader. The task at this stage is to load the Linux kernel and optional initial RAM disk. The first- and second-stage boot loaders combined are called Linux Loader (LILO) or GRand Unified Bootloader (GRUB) in the x86 PC environment. GRUB can load a Linux kernel from an ext2 or ext3 file system. It does this by making the two-stage boot loader into a three-stage boot loader.

Boot loader
GRUB and LILO are the most popular Linux boot loader.
Other boot loader (Several OS) bootman NTLDR XOSL BootX loadlin Gujin Boot Camp Syslinux GAG

GRUB: Grand Unified Bootloader

GRUB is an operating system independent boot loader A multiboot software packet from GNU Flexible command line interface File system access Support multiple executable format Support diskless system Download OS from network

GRUB boot process

1. 2. 3. 4. The BIOS finds a bootable device (hard disk) and transfers control to the master boot record The MBR contains GRUB stage 1. Given the small size of the MBR, Stage 1 just load the next stage of GRUB GRUB Stage 1.5 is located in the first 30 kilobytes of hard disk immediately following the MBR. Stage 1.5 loads Stage 2. GRUB Stage 2 receives control, and displays to the user the GRUB boot menu (where the user can manually specify the boot parameters). GRUB loads the user-selected (or default) kernel into memory and passes control on to the kernel.

5.

LILO: LInux LOader

Not depend on a specific file system Can boot from harddisk and floppy Up to 16 different images Must change LILO when kernel image file or config file is changed

Linux Loader (LILO)

LILO is a boot manager. Usually installed in the Master Boot Record Configuration file is /etc/lilo.conf. If any changes are made to lilo.conf, /sbin/lilo needs to be run for the changes to become active. For Linux, LILOs purpose is to identify the location of the kernel: /boot/vmlinuz-2.2.12-20

The Linux Boot Process

1. LILO starts and Linux is selected as the operating system to boot. 2. The Linux kernel is loaded into memory and then probes system hardware. 3. The init process reads /etc/inittab and determines whether runlevel 0-6 should be started. 4. rc scripts are executed for the specified run level to start various services.

Booting
Once the kernel is found and loaded by the boot loader, the default boot process is identical across all architectures. The BIOS The Boot Loader -GRUB -LILO

Booting
Once the second stage boot loader has determined which kernel to boot, it locates the corresponding kernel binary in the /boot/ directory. The boot loader then places the appropriate initial RAM disk image, called an initrd, into memory. The initrd is used by the kernel to load drivers necessary to boot the system. This is particularly important if SCSI hard drives are present or if the systems uses the ext3 file system

Booting
Once the kernel and the initrd image are loaded into memory, the boot loader hands control of the boot process to the kernel. The Kernel When the kernel is loaded, it immediately initializes and configures the computer's memory and various hardware attached to the system, including all processors, I/O subsystems, and storage devices. It then looks for the compressed initrd image in a predetermined location in memory, decompresses it, mounts it, and loads all necessary drivers.

Booting
Next, it initializes virtual devices related to the file system, such as LVM or software RAID before unmounting the initrd disk image and freeing up all the memory the disk image once occupied. The kernel then creates a root device, mounts the root partition read-only, and frees any unused memory. At this point, the kernel is loaded into memory and operational.

Init process
The first thing the kernel does is to execute init program Init is the root/parent of all processes executing on Linux The first processes that init starts is a script /etc/rc.d/rc.sysinit Based on the appropriate run-level, scripts are executed to start various processes to run the system and make it functional

Runlevels
A runlevel is a software configuration of the system which allows only a selected group of processes to exist The processes spawned by init for each of these runlevels are defined in the /etc/inittab file Init can be in one of eight runlevels: 0-6

Runlevels
Runleve Scripts l Directory (Red Hat/Fedora Core)
0 1 2 3 4 5 6 s or S M /etc/rc.d/rc0.d/ /etc/rc.d/rc1.d/ /etc/rc.d/rc2.d/ /etc/rc.d/rc3.d/ /etc/rc.d/rc4.d/ /etc/rc.d/rc5.d/ /etc/rc.d/rc6.d/

State

shutdown/halt system Single user mode Multiuser with no network services exported Default text/console only start. Full multiuser Reserved for local use. Also X-windows (Slackware/BSD) XDM X-windows GUI mode (Redhat/System V) Reboot Single user/Maintenance mode (Slackware) Multiuser mode (Slackware)

Summary
Much like Linux itself, the Linux boot process is highly flexible, supporting a huge number of processors and hardware platforms. In the beginning, the loading boot loader provided a simple way to boot Linux without any frills. The LILO boot loader expanded the boot capabilities, but lacked any file system awareness. The latest generation of boot loaders, such as GRUB, permits Linux to boot from a range of file systems (from Minix to Reiser).

To Summarize: Boot sequence

Load hardware information from BIOS Read MBRs Kernel Loader (master boot record)
For Linux, goto boot (kernel with /boot/vmlinuz-xxxx For DOS, goto boot.ini

Load Linux kernel Execute init program (/sbin/init)to get run-level details (contains in /etc/inittab)
There are 6 levels

init execute /etc/rc.d/rc.sysinit Start kernel external model (/etc/modules.conf) init execute run-levels scripts files init execute /etc/rc.d/rc.local files execute /bin/login program After successful login, shell take over the machine

Daemons
Process that are continuously operational. Linux daemon is a background process. One can query its status any time. Daemon starts at bootup, right after kernel initializes Daemons are responsible to sort out the incoming stream of data, matching parameters and determining priority each command receives.

Daemons
Daemons monitor the system -Cron Daemon works periodically to manage automatic processes.

System-Specific Daemon
Inetd is a daemon that controls and manages several other daemons. It calls those daemons that are needed by the system to perform various duties. Inetd requires root access to run, hence, it is extremely powerful and can call certain processes into life and kill them as well. Inetd relies on configuration file /etc/inetd.conf for spawning any process.

TCP_WRAPPERS
Inetd maintain control over the ports and monitor what services are started through a program named Tcp_Wrappers. Tcp_wrappers allow better access control and logging of network daemons. Tcp_wrappers uses the tcpd daemon which acts a filter on a particular port until the appropriate call is made.

Controlling Generic Daemons

You can choose what daemons you want to startup automatically by either running the command
/sbin/check-config, or /usr/sbin/ntsysv

The normal options used while configuring these daemons are status, start, stop, or restart.

Start Up Scripts
Rc files control daemons. Two basic locations for bootup scripts:- /etc/rc.d directory (global) start deamon when run level changes - users own directory certain programs start automatically at login

Start/stop deamon
Admin can issue the command and either start, stop, status, restart or reload option i.e. to stop the web server:
cd /etc/rc.d/init.d/ (or /etc/init.d/ for S.u.s.e. and Debian) httpd stop

Security

Administering Passwords
Examining Basic Security
Attacks from your own system users. Growth of Internet has multiplied potential targets exponentially Many crackers use drift-net methods for locating, identifying and ensnarling vulnerable machines. Recognize & become familiar with the weakness of your Linux Distribution
Subscribe to BugTraq or any other vulnerability mailing lists

Precautions to secure Linux System

Learn how to implement safety measures & take a proactive approach. Know how to fix the system and clean-up after a suspected break-in. Be able to prevent any future security breaches.

Knowing Your Linux Release

Many Linux Distributions are wide open to security breaches as they leave certain programs running that should not be enabled by default. Subscribe to Red Hats newsletter for example & stay up to date on exploits. Surf the Linux weekly news page to become familiar with basic Linux jargon, procedures and tools. See the site http://www.securityfocus.com formely known as BugTraq to know anything related to security crisis. The CERT mailing list and security site (http://cert.org/) exposes weaknesses for the purpose of strengthening systems.

Keeping Users in Check

Creating and keeping the passwords up to date.
Aging Measures After a certain period of time, users need to issue the system a new password. Encrypt Password Files Using gpasman program

Managing Connections
Security that should be taken care of when sharing server with other users.
Sniffing Packets
Packet Sniffer A program that captures and views the packets as they are transmitted on your machine. Its power can be abused in the wrong hands. A Keyboard Logger A program that track the key pressed during your period of connectivity can also be a potential threat. This means passwords can be transmitted insecurely to the system & can be viewed when in transit as well.

Precautions
Run ps command periodically to identify both the process and the user Determine the users connection by executing either a w or who command. Determining a packet sniffer on monitoring your connections, change all passwords immediately. Run the last command to see who had logged in during that period. Cancel that persons account who is found sniffing packets.

Securing Shell with ssh

An encrypted connection from one machine to another that prevents a mediocre cracker from gaining too much information from the connection. The ssh utility runs as a background daemon and should be started upon bootup. The daemon files are located in /usr/local/ sbin

Security...
Logging into other systems using ssh Must install or configure ssh to run on the client and sshd or the ssh daemon to run on the server. Securely Copying Files across Machines Use the scp command to copy over the data files remotely. The scp program is a part of ssh package. A status bar appears that show in percentages the amount of data successfully transferred.

Firewalling your System

Firewall utilities that set up Name Address

Translation are available as Patches that you can apply to the kernel. With NAT you can provide non-routable IP addresses to machines within your internal & have those then route out through your gateway/ firewall. This allows a nearly limitless number of unique addresses for internal boxes without purchasing expensive routable IP addresses

Filtering Packets on the Server Level

Default method of creating a Linux firewall is with Ipchains( The tool that talks to the kernel and tells it what packets to filter )
It is a successor to the earlier program ipfwadm Ipchains is implemented for closing ports and allowing traffic through from specific hosts. Ipchain script is a customized script thereby firewall can attain varying levels of security. Ipchain is very useful for IP masquerading

Another program is netfilter which accomplishes both packet filtering and static NATing on the server level.

Patches
Available Targets Under Ipchains
ACCEPT DENY REJECT MASQ REDIRECT RETURN Allow a packet to come through Drops the packet silently Notifies the sender that the packet is dropped. Masquerades the packet. Sends the packet to a port on the firewall or the routing Linux machine. Transfers the packet to the end of the current chain

Gaining Added Security

Several programs are available on the internet to keep the system secure and in checking the intruders.
Tripwires: (Proactive Approach)
Tripwire is a program for checking the current files on the Linux system. This program generates a database of the existing directories and files on a newly installed system and then periodically checks for changes to the files. On finding any change to a system file, Tripwire sends an E-mail to notify you about the modification. Install this program immediately after installing Linux on your machine.

Gaining Added Security

Creating Bad passwords: (Reactive Approach) The program crack is used to test the passwords of the users and see whether any of them crack when run against dictionary list and when tested with a decryption algorithm. Securing Your Linux Box Jay Beale and the Bastille Project Developers developed a set of Perl scripts that shore up the most blatant security flaws and discretions. Bastille Linux aims to be the most comprehensive, flexible and educational security handling program for Red Hat Linux Version 6.1 & down. You have choices between two different methods:
Interactive Bastille.pl text user interface + BackEnd.pl script AutomatedBastille.pl script

Cleanup Compromised Boxes

1. Disconnect the machine immediately from the network. 2. Take extreme care when becoming root and use absolute paths when executing commands or programs. 3. Check PATH to ensure it is still the same as before. 4. If the root has been compromised then there is no other alternative than to reformat. 5. If you can see the cracker, he/she can also see you. Hence you will have to be very quick.

Cleanup Compromised Boxes

6. Do not become that user in order to move to crackers home directory. 7. When Root is compromised:
Disconnect that user from off the system. Make sure you know his point of origin i.e his IP address. Place an entry in hosts.deny file denying his access from the last location. Shut down all access from outside your network. Decide whether to reformat or restore needed files from a prestine backup.

Cleanup Compromised Boxes

Tracking down the Culprit
Find the method with which that user gained access to the system. Check to see what it does. Use any text editor to view the contents. Check whether it is binary or a shell script. Use string program to find any questionable strings such as e-mail addresses to forward snooped data. Make certain that the user is off the system.

Cleanup Compromised Boxes

Guilty User
If regular user, get in contact with him/her. If a minor or juvenile, informing parents and cancelling account would be sufficient. If a regular user with valid account, confront that person with proof If that person is not only damaging but also utilizing company resources to advance his/her aims elsewhere, contact criminal authorities to pursue the matter more fully.

Cleanup Compromised Boxes

Ransacking the Log
Check to see when the cracker last logged in Contact the crackers ISP Refer to ftp log file - /var/log/xferlog to know about all downloads and uploads Check who recently became superuser Check /tmp to see that no one is running an executble from that location. Use ps command with grep to isolate any rogue pocess. Do not reboot the system untill you either kill off the process or stop it.

Linux files structure

Linux files structure

 /
This is referred to as the root directory. It's the baseline for the directory structure, which is important when navigating from one directory tree to another.

/bin
Contains essential programs for the operating system in executable form.

/boot
This directory, as the name suggests, contains the boot information for Linux, including the kernel.

/dev
In Linux, devices are treated in the same way as files, so they can be read from and written to in the same way. So, when a device is attached, it will show up in this folder. Bear in mind that this includes every device in the system, including internal motherboard devices and more.

 /etc The default configuration files for Linux applications are stored in this directory. These are text files can be easily edited, but bear in mind that they can sometimes be overridden by copies of the files elsewhere on the system. /home This is where the computer's users files are kept, so in a way it is Linux's equivalent to Windows' "My Documents". Each user gets their own named directory, and security permissions can be set so that users can view and edit, view only, or if required not even see the contents of other users' home directories. /lib This directory contains shared libraries for use by applications running on Linux, similar to Windows' DLL files. /lost+found This is Linux's rescue directory, so that in the event of a crash or other serious event files are stashed here to enable recovery.

 /mnt
In Linux, every storage device is treated as just another directory. This includes floppy disks, hard drives, CD/DVD ROMs and USB card devices. Since it is very unlikely to ever concern you with a dedicated server it is not covered here, but just know that this is the directory in which storage devices are "mounted."

/proc
This "virtual" directory contains a lot of fluid data about the status of the kernel and its running environment. Since Linux treats everything as files, you can view this data using text viewing software, and though even editing these files is sometimes possible,.

/root
Rather than being part of the /home directory, the superuser (or root user)'s directory is placed here. Remember that this is not the same thing as the root directory of the system (/).

 /sbin
This is where system administration software is stored. Unlike applications in the /bin folder, the root user is usually the only user who can run these.

/tmp
Applications store their temporary files in this directory.

/usr
This directory is where users' applications are stored, including the executables, and also sometimes the source code, along with any images and documentation.

/var
Similar to /proc, this directory contains data concerning the status of running application, including many log files. This is worth knowing, because these can be viewed in the event of a system error to help in diagnosing the problem.

The EXT2 File System

The Second Extended File System

The Second Extended File system was devised (by Rmy Card) as an extensible and powerful file system for Linux. It is also the most successful file system so far in the Linux community and is the basis for all of the currently shipping distributions. Due to this, it is extremely well integrated into the kernel, with good performance enhancements.

Ext2 File System Layout

BLOCK GP GP 0 1 N-1 N BLOCK GP . . . . . . . . . . BLOCK GP BLOCK

SUPER BLOCK

GROUP DESCRIPTOR

BLOCK BITMAP

INODE BITMAP

INODE TABLE

DATA BLOCKS

Partition Layout ext2

The Boot sector block is optional, not required if you do not want to make this partition bootable Each Block group has the same number of available data blocks and inodes Having multiple block groups helps counter fragmentation, improves reliability (since backups of the superblock are there) and even speeds up access as the inode table is near the data blocks reduced seek time for data blocks

Partition layout ext2

not all block groups have the superblock . The first block group however, must have it, and it is the one used by the kernel. Others are backups to be used by filesystem checkers for consistency checks.

Some definitions
Boot sector Block which may contain the stage 1 boot loader and which points to the stage 1.5 or stage 2 boot loader Superblock The filesystem header, identifies and represents the filesystem and provides relevant information about the fs. It must be present at block 1 if a boot sector is present, otherwise at block 0 FS/Group descriptor Pointers to the bitmaps and table in the block group It contains a group descriptor data structure for every block group. The group descriptor stores the address of block bitmap and inode bitmap for the block group.

Some definitions
Block bitmap Block usage information, tells which blocks in the block group are empty(0) or used(1) Inode Bitmap Inode usage information i.e allocation status of the inodes in the group. Inode table Table of the inodes. Each inode provides necessary and relevant information about each file.

Inodes
Each inode corresponds to one file, and it stores files primary metadata, such as files size, ownership, and temporal information. Inode is typically 128 bytes in size and is allocated to each file and directory Data blocks blocks where the data is stored!

Inode
inode definition An inode is a data structure on a traditional Unix-style file system such as UFS or ext3. An inode stores basic information about a regular file, directory, or other file system object. Use ls -i command to see inode number of file $ ls -i /etc/passwd

Metadata Concepts
Block Bitmap Super Block Group Desc Table Group 0 Inode Bitmap Inode Table

Block Bitmap Group 1

Inode Bitmap

Inode Table

Block Bitmap Group n

Inode Bitmap Inode Table

Metadata Concepts
Superblock:
The Ext2 superblock is located 1024 bytes from the start of the file system and is 1024 bytes in size Back up copies are typically stored in the first file data block of each block group It contains basic information of the file system, such as the block size, the total number of blocks, etc.

The Ext2 Superblock

The Superblock contains a description of the basic size and shape of this file system. System keeps multiple copies of the Superblock in many Block Groups. It holds the following information : Magic Number : 0xef53 for the current implementation. Revision Level : for checking compatibility Mount Count and Maximum Mount Count : to ensure that the filesystem is periodically checked Block Group Number : The Block Group that holds this copy of Superblock. Block Size : size of block for the file system in bytes.

The Ext2 Superblock

Blocks

per Group : fixed when file system is created

the block bitmap must fit into 1 block, hence number of

blocks per group = 8*block size
Free Free First

Blocks : Number of free blocks in the system Inodes : Number of free Inodes in the system Inode : The first Inode in an EXT2 root file system

excludes the blocks reserved for root excludes inodes reserved for root would be the directory entry for the '/' directory.

Metadata Concepts
Inode Structure

Inodes
The inode holds specific information about the file such as: The permission mode assigned to that file The number of links in place for the file The file owners UID number The group GID number The file size represented in bytes The address of the datablocks (or major and minor device numbers) The time the file was last modified The time that file was last accessed The time any part of the inode was changed When an inode resides on the disk it is called a disk inode, however when a file is opened, the kernel puts the inode onto a generic inode table and the inode is called a generic inode.

The Ext2 Inode

Direct/Indirect Blocks : Pointers to the blocks that contain the data that this Inode is describing. Timestamp: The time that the Inode was created and the last time that it was modified. Size : The size of the file in bytes. Owner info : This stores user and group identifiers of the owners of this file or directory Mode : This holds two pieces of information; what this inode describes and the permissions that users have to it .

Metadata Concepts
Inode Allocation:
If a new inode is for a non-directory file, Ext2 allocates an inode in the same block group as the parent directory. If that group has no free inode or block, Ext2 uses a quadratic search (add powers of 2 to the current group) If quadratic search fails, Ext2 uses linear search.

Metadata Concepts
Inode Allocation:
If a new inode is for a directory, Ext2 tries to place it in a group that has not been used much. Using total number of free inodes and blocks in the superblock, Ext2 calculates the average free inodes and blocks per group. Ext2 searches each of the group and uses the first one whose free inodes and blocks are less than the average. If the pervious search fails, the group with the smallest number of directories is used.

Indexing and Directories

The content of directories is a list of directory entry data structure, which describes file name and inode address. The length of directory entry varies from 1 to 255 bytes. There are two fields in the directory entry:
Name length: the length of the file name Record length: the length of this directory entry

Indexing and Directories

When Ext2 wants to delete a directory entry, it just increase the record length of the previous entry to the end to deleted entry.

Standard Ext2 Features

The Ext2fs supports standard Unix file types: regular files, directories, device special files and symbolic links. Ext2fs is able to manage filesystems created on really big partitions. While the original kernel code restricted the maximal filesystem size to 2 GB, recent work in the VFS layer have raised this limit to 4 TB. Thus, it is now possible to use big disks without the need of creating many partitions. Ext2fs provides long file names. It uses variable length directory entries. The maximal file name size is 255 characters. This limit could be extended to 1012 if needed. Ext2fs reserves some blocks for the super user (root). Normally, 5% of the blocks are reserved to recover data in case of damage

Ext3 Filesystem
Ext2 and Ext3 are the default Linux file system. Ext3 is the new version of Ext2 and adds journaling mechanism, but the basic structures are the same. The metadata is stored throughout the file system, and the metadata which is associated with a file are stored near it.

Ext3 File System

A Journaling File System is a type of file system that allows the OS to keep a log of all file system changes before writing the data to disk. This log is called a journal, and it is usually a circular log in an especially-allocated area of the file system. Other file systems like NTFS, JFS, JFS2 and ReiserFS offers similar capabilities.

Journaling
A file system journaling records updates to the file system can be recovered after a crash. There are two modes of journaling:
Only metadata updates are recorded All updates are recorded

Journaling in Ext3 is done at block level The first block in the journal is journal superblock, and it contains the first logging data address and its sequence number.

 Journaled file system records information in a log area on a disk during each write. Once the log is updated the system then writes the actual data to the appropriate areas of the filesystem and marks an entry in the log to say the data is committed. Updates are done in transactions, and each transaction has a sequence number. Each transaction starts with a descriptor block that contains the transaction sequence number and a list of what blocks are being updated. Following the descriptor block are the updated blocks. When the updates have been written to disk, a commit block is written with the same sequence number.

Journaling

Transaction Sequence
A transaction sequence is made up of the following components: Descriptor block: Every transaction initiates with a block that describes the beginning of the transaction Metadata block: There can be one or many metadata blocks for each transaction, this blocks are where the changes are recorded Commit block: Depending on the journal mode, basically this block indicates the end of a successful transaction. Revoke block: If there is an error during the operation a revoke block is created and holds a list of the file system block that needs to restore during a consistency check.

Journaling

Advantages of Ext3
Availability

The amount of time that the e2fsck program takes is determined primarily by the size of the file system, and for today's relatively large file systems, this takes a long time. The time to recover an ext3 file system depend on the size of the file system or the number of files Using the ext3 file system can provide stronger guarantees about data integrity in case of an unclean system shutdown as choose the type and level of protection that your data receives. Despite writing some data more than once, ext3 is often faster (higher throughput) than ext2 because ext3's journaling optimizes hard drive head motion. You can choose from three journaling modes to optimize speed

Data Integrity

Speed

Easy Transition

It is easy to change from ext2 to ext3 and gain the benefits of a robust journaling file system, without reformatting.

Available Journaling Options

Ext3 offers three modes of journaling: writeback
Only logs changes to file system metadata but relies on the standard file system write process to write file data changes to disk. This is the fastest Ext3 journaling mode.

ordered
Only logs changes to file system metadata (inodes), but flushes file data updates to disk before making changes to associated file system metadata, keeping the journal synchronized with data writes. This is the default Ext3 journaling mode.

Available Journaling Options

Journal
Logs all file system data and metadata changes. This journaling mode minimizes the chance of losing the changes you have made to any file in an Ext3 file system. This approach has a penalty in performance since data is being written twice (once to the journal, a second time to the file system), making it the slowest of the three journaling modes.

Repairing Linux ext2 or ext3 file system

1) File system must be unmounted, you cannot repair it while it is running. Take system down to runlevel one 2) Unmount file system 3) Now run fsck on the partition
fsck will check the file system and ask which problems should be fixed or corrected.

4) Once fsck finished, remount the file system 5) Go to multiuser mode

common options with fsck

-t -p -n -y -c -f -v to specify the file system type Automatic repair (no questions) Make no changes to the filesystem Assume "yes" to all questions Check for bad blocks and add them to the badblock list Force checking even if filesystem is marked clean Be verbose

The exit code returned by fsck

0 - No errors 1 - File system errors corrected 2 - System should be rebooted 4 - File system errors left uncorrected 8 - Operational error 16 - Usage or syntax error 32 - Fsck canceled by user request 128 - Shared library error

Utilities of FS Check
tune2fs : The frequency of the checks at system reboot can be changed with tune2fs. This utility can also be used to change the mount count, which will prevent the system from having to check all filesystems at the 20th reboot dumpe2fs:The dumpe2fs utility will provide important information regarding hard disk operating parameters found in the superblock i.e. prints the super block and blocks group information for the filesystem present on device. Badblocks: badblocks is used to check a filesystem for bad blocks. debugfs :remove areas grown bad on the disk can be

Linux File Hierarchy Principles

A single-rooted, inverted-tree structure is used for organizing files and directories, including distinct physical volumes, such as floppy disks, CD-ROMs, and multiple hard drives. The base of the inverted-tree hierarchy is known as root, or /, and is the top of the file structure.

Names in the Linux file hierarchy are case sensitive. Each shell and process on the system has a designated current or working directory. Two dots (..) refer to the parent directory of any particular directory whereas One dot (.) refers to the current directory. Files and directories whose names begin with a dot (.) are hidden, that is, they are not displayed by default in file-name listings. A user's path is a list of directories that are searched for commands typed at the command line.

File and Directory Names

With the default filesystem, file names may have up to 255 characters. (Depending on the configuration of your system, different restrictions may apply.) File names generally consist of letters, numbers, and certain punctuation marks. All other characters, except the forward slash (/), are valid. Some special characters are best avoided in file names. Avoid the following: <, >, ?, *, and ". Also avoid using tabs, spaces, and other non-printable characters. If you do need to access a file with special characters, enclose the file name in quotation marks. For example: ls -l "file name with spaces.txt If you remove the quotation marks from the above example, you would be asking the system to list four different files. Also keep in mind that file names are case sensitive.

Absolute and Relative Path Names

An absolute path name has these characteristics:
Begins with a forward slash (/) Contains the complete name of each directory that must be traversed from the root file system up to the object being named Can be used anytime, and is valid regardless of the current directory

A relative path name has these characteristics:

Does not begin with a forward slash (/) Specifies the location of the file or directory relative to the current working directory Is usually shorter than the respective absolute

Mounting/Unmounting
floppies, CDs, hard disk partitions, and other storage devices must be attached to some existing directory on your system before they can be accessed. This attaching is called mounting, and the directory where the device is attached is called a mount point. The mount point must be a directory that already exists on your system. When you're done and want to remove the floppy or CD or other device, you need to detach, unmount, it before removing it.

How to mount
For example, to mount your floppy: $ mount /dev/fd0 /mnt/floppy /dev/fd0 is your floppy drive, and /mnt/floppy is the mount point. when you access /mnt/floppy, you'll actually access the files on your floppy. if /mnt/floppy is the default mount point for /dev/fd0 (or whatever your floppy drive is), this would mount your floppy: $ mount /mnt/floppy The default mount points for different devices are configured in a file called /etc/fstab. The root user can freely edit the mount points configured in that file.

How to unmount
Unmounting is done with the umount command When unmounting, you'll need to tell umount what mounted device to unmount, either by telling what's the device or the mount point. For example, if /dev/fd0 is mounted to /mnt/floppy, you'll unmount it with $ umount /mnt/floppy or $ umount /dev/fd0

Different file types

Regular files
it is a one dimensional assortment of bytes that are stored on a disk or other mass storage devices. There are many different types of regular files, text, binary, executable etc. A regular file is referenced by an inode number

Different file types

Directory File
it is a file that provides a mapping mechanism between the names of files and the files (datablocks) themselves. holds inode numbers and filenames. If you delete a file from a directory the entry in the list is zeroed and this is then called a shadow inode. The inode is then freed up.

Different file types

Device Files
A device file refers to a device driver Can create a device file using the mknod command. The files in /dev are used to ensure that we can access hardware such as the printer, cdrom, network etc. Here we can read and write directly to the device, so the user issues a system call to a device, the kernel performs a successful open on that device, if busy the read/write routine cannot operate, if not busy then reads or writes directly to that device.

different types of device files

Character device files writes to and from the device a character at a time. Indicated by a "c" in the first field. Very little preliminary processing required by the kernel so the request is passed directly to the device. Examples: Virtual terminals, terminals and serial modems etc A block device files only receives a request once block buffering has taken place in the kernel. Indicated by a "b" in the first field. A filesystem is an example of a block buffering device. Talks to devices 1 block at a time ( 1 block = 512 bytes to 32KB) Examples: Hard disk, DVD/CD ROM, and memory regions etc

Link Files
Hard Links Inodes are associated with precisely one directory entry at a time. However, with hard links it is possible to associate multiple directory entries with a single inode. To create a hard link use ln command as follows: # ln /root/file1 /root/file2

Link Files
Symbolic Link Symbolic links refer to a symbolic path indicating the abstract location of another file. To create symbolic link : $ ln -s /path/to/file1.txt /path/to/file2.txt

Differences between hardlinks and symlinks

1. You cannot create a hardlink for a directory. 2. If you remove the original file of a hardlink, the link will still show you the content of the file. 3. A symlink can link to a directory. 4. A symlink, like a Windows shortcut, becomes useless when you remove the original file. 5. Hard links always refer to the source, even if moved or removed. 6. Symbolic links are not updated when the source of the link is moved or removed.

Named Pipes
A named pipe (FIFO) is a file that allow two processes to communicate with each other if the processes are on the same computer but are not related to each other. FIFO means, the order of bytes going in is the same coming out. The name of a named pipe is actually a file name within the file system. to create a named pipe with the name pipe1 give the command:
mkfifo pipe

Reading/ Writing data from/to a FIFO

In the first terminal $ cat > fifo we are experimenting with the FIFO This is second line. After opening the fifo in the second terminal for reading/using cat, you will notice the above two lines displayed there. Now open the second terminal and go to the directory containing the FIFO fifo $ cat fifo we are experimenting with the FIFO This is second line. After opening the fifo in the second terminal for reading Now keep on writing to the first terminal. You will notice that every time you press enter, the corresponding line appears in the second terminal. Pressing CTRL+D in the first terminal terminates writing to the fifo. This also terminates the second process because reading from the fifo now generates a BROKEN PIPE signal. The default action for this is to terminate the process.

The Power of root, Managing users and File systems

Types of Users
Every file on Linux system including directories, is owned by a specific user and group. User: The username of the person who owns the file. Group: The usergroup that owns the file. Others: Everyone else who has an account on the system.

Superuser
A special user who has access to all files regardless of access privileges. The user Id of root is 0. Maintains total control over accounts and files. files such as those found in /usr/bin and /sbin are owned by the root or superuser, which has control over all system files. Root controls the creation of normal user accounts and assigning new passwords. Root has the power to change separate user passwords globally. Search and remove suspected files using locate and file command

Need for the root account

Root login is required to perform actions which change the settings for all system-wide users or to modify the users accounts. We shall also have to use the root account for certain system operations: To add new users to the system and administer the user data. To install system-wide software. To configure I/O devices like a scanner or a TV tuner card, for example. To configure system services like a web or FTP server.

Access Permissions
File permissions are three sets or groups of three bits: r, w and x. Each character is assigned a value.
R(read) is given an octal value of 4 W(write) is given an octal value of 2 X(execute) is given an octal value of 1

In Linux, it requires only the permission to be altered in order to execute scripts or programs.

Changing Permissions
Chmod command enables you to change a files attributes. The letters a,u,g,o along with the signs(+,-) are used to take or give away permissions. Another method of setting the permissions is by changing the octal value of a file or a directory. The same rules for setting the permissions on files apply to directories.

Changing Ownership
The command chown changes the user ownership of a certain file while chgrp changes the group ownership. To change these settings, you should either directly own the file or have a root permission to do so.

Set user ID, set group ID, sticky bit

SUID or setuid: change user ID on execution. If setuid bit is set, when the file will be executed by a user, the process will have the same rights as the owner of the file being executed. chmod u+s myfile SGID or setgid: change group ID on execution. Inherits rights of the group of the owner of the file on execution. For directories it also may mean that when a new file is created in the directory it will inherit the group of the directory (and not of the user who created the file). chmod g+s myfile Sticky bit. It was used to trigger process to "stick" in memory after it is finished, now this usage is obsolete. Currently its use is system dependant and it is mostly used to suppress deletion of the files that belong to other users in the folder where you have "write" access to.

chmod +t data

Numeric representation
Octal digit Binary value Meaning 0 000 setuid, setgid, sticky bits are cleared 1 001 sticky bit is set 2 010 setgid bit is set 3 011 setgid and sticky bits are set 4 100 setuid bit is set 5 101 setuid and sticky bits are set 6 110 setuid and setgid bits are set 7 111 setuid, setgid, sticky bits are set

The Powers of Root.

A superuser maintains total control over the accounts and files on the system Each user is given a private account with certain permissions. Root controls the creation of user accounts.
useradd newperson

Safeguard Root Password

Do not write root password anywhere. Think twice before becoming root. Always keep the differentiation with the shell prompt when logging as root and when logging as a regular user. Be sure to create backup copies of any key files you might edit or unable to restore in case they are corrupted. Be authoritative and exercise self control as root.

Establish AUP
AUP is a document that state what is allowable on the machine and the things for which a user would be held accountable. All users must be aware of the rules before granting them an account. Administrator cannot be held liable for any issue for which he or she does not have any power.

Find command
It is hard drive intensive as well incur a larger share of CPU cycles, but can detect nearly all files. You can search for files by name, owner, group, type, permissions, date, and other criteria. The search is recursive in that it will search all subdirectories too.

Locate command
Relies upon self generated database of files that either the user must initialize or the system must perform automatically on a regular basis. This database is highly configurable and desired directories can later be dismissed or used exclusively. Operates quicker and is less hard drive and CPUintensive, but if files are changed since the last database rotation, the command will not find the file in question.

Netstat command
A useful tool for displaying the status of all TCP/IP network services.
Protocol used, bytes in queues, the address of remote hosts and the socket state

Use a option to list all active sockets Use e to display current users using the socket Use n to display the IP address

Powers of Root
Adjust system resources and quotas Change the ownership of any file or directory Create directories and device files in any location including those that root does not specifically own Configure network interfaces Manage all configuration files Mount and unmount file systems Set the system clock Shut down the system cleanly

Ways to become Root and/or any other user

By simply entering su
Will give you root authority in the same working directory retaining the same environmental variables as those of the original user.

By su Will give you access to the same accounts normally granted to root.

By su- <username>
Will give you the same permissions, paths and default locations as that user is.

Changing Directory Ownership

Rules applied to files also apply to directories. To place files at a place other than your home directory, you need to create a new directory in new location as a root and then change ownership over yourself. To create a new directory, the /tmp directory is available for general users.
Admin should periodically check and delete the contents of /tmp. Cron jobs normally clear out older files from /tmp after a certain period of time.

Users needed for Maintenance

/etc/passwd and /etc/group files show various nonexisting users that perform system functions only. They exist for security purposes and mostly run processes such as daemons and other processes. Some such users are:
User bin:
Has /bin as its home directory which contains all binaries that are required for system maintenance and operational checks.

User daemon:
Most daemons have a low UID and are used to execute scripts or programs at the appropriate time with limited scope and functionality.

Users needed for Maintenance

User nobody:
With UID 99, it is a catchall user for software that doesnt need or shouldnt have special permissions.
Apache Web Server uses it to run all httpd processes. NFS daemon uses it for secure file servers on a network.

User fingerd:
the purpose of this daemon is to locate and identify unique users on each separate Linux system.

Expiring and Locking Password

Expire a users password after a certain date using usermod command with :
e option (disable certain users password on a specific date)
usermod e 10/31/10 mca1

-L option : to lock an account

usermod L mca1

-U option : to unlock an account

usermod U mca1

Encrypting Passwords
/etc/passwd file Has permission 644 /etc/shadow file Has permission 400 More secure due to MD5 hashing of password in /etc/passwd file and then encrypted with libcs crypt() function.

Managing new users

To create a regular user account use
/usr/sbin/adduser command

Methods
Textual (command line) GUI Tools

Possible Settings
Determine users home directory Set quotas Permit access to network interface Determine other variables of the users profile

Using Command Line

Best method if logged in remotely. Does not require a high quality video card. Very quick. Save disk space by not installing X-Window files. Minimizes CPU usage. Useful when performing repetitive tasks.

Manually configuring accounts

useradd command (a root owned process) Creates new files and directories Access files owned by root Located in /usr/sbin Goes through a series of steps in creating files, adding directories.
Use absolute path depending how you logged in Creates home directory and installs user in /etc/passwd and /etc/group files. Places specific dotfiles within that users home dir based on the contents of the /etc/skel directory. Set password using passwd command.

Manually configuring accounts

Removing users using userdel command
Located in /usr/sbin directory Search through /etc/passwd and /etc/group files and remove any references Use r to remove all the files and directories owned by the user
To remove the user mca1, execute the command: /usr/sbin/userdel r mca1

Using GUI Tools

Linuxconf : default tool for most of configuration tasks by Red Hat.
Was first included in Red Hat 5.1 Helps configure nearly all aspects of the Linux OS Excellent tool for setting up printers, enabling modems and dial-up accounts and editing the network configuration. Easy to use and helpful for beginners Comes in a variety of versions. The most common is GNOME-based Linuxconf. Used to edit and manage user accounts and also control various aspects of the system. Can be used to configure daemons and processes such as SAMBA and sendmail. Setting the default shell & listing all available shells. Enables to edit and modify existing partitions.

Ways to Run Linuxconf

Command Line Mode
Enable to view scripts so that they can be edited properly. Quickest way to access a remote system and edit settings.

Character Cell Mode GNOME-Linuxconf Web-based Default: depending on $DISPLAY variable, will normally start as GNOME-Linuxconf or as the character cell.