Linux Essentials for Cybersecurity, 1st edition William Rothwell Solution Manual by Ace Test Banks

Linux Essentials for Cybersecurity, 1st edition By William Rothwell

Email: Richard@qwconsultancy.com

INSTRUCTOR’S GUIDE TO ACCOMPANY LINUX ESSENTIALS FOR CYBERSECURITY CHAPTER 1 DISTRIBUTIONS AND KEY COMPONENTS CHAPTER OBJECTIVES When students have finished reading this chapter and completing the exercises, they will be able to do the following: • • • •

Describe the various parts of Linux Identify the major components that make up the Linux operating system Describe different types of Linux distributions Identify the steps for installing Linux

CHAPTER OVERVIEW In this first chapter, you learn about some of the essential concepts of Linux. You discover what a distribution is and how to pick a distribution that best suits your needs. You are also introduced to the process of installing Linux, both on a bare-metal system and in a virtual environment.

CHAPTER OUTLINE 1.

Introducing Linux a. Linux Distributions b. Shells c. GUI Software Installing Linux a. Which Distro? b. Native or Virtual Machine? c. Installing a Distro

SUGGESTED CLASS STRUCTURE During class, lead a discussion of the chapter’s concepts using the PowerPoint presentation provided in the instructor materials. The PowerPoint slides provide some basic facts and topics, but you will want to supplement this information with information from the textbook and other resources and with stories from your own experience. End with the Key Terms review, the Review Questions quiz, and one or more of the corresponding lab exercises.

TEACHING NOTES AND TIPS PER TOPIC 1.

Introducing Linux

Teaching Note: This section introduces Linux by providing some basic information about its structure and interfaces. It includes a discussion of command-line shells and GUI interfaces. Review the descriptions of each component on page 5. Teaching Tip: Use Figure 1-1 as a starting point for discussing the components that make up Linux and their relationship to the kernel. Point out that not all the components in Figure 1-1 are essential. Teaching Tip: Differentiate between the common distribution types using the bulleted list on page 6, including commercial, home/amateur, security-enhanced, and live. Ask students to name some other types of distros. These could include education, young learners, beginners, gaming, and older computers. Teaching Note: Even though technically a shell can be any user interface, in Linux it typically refers to a command-line interface, or CLI. Some of the most popular shells are BASH and Bourne. Note that BASH is the shell used in this book in most cases. 2.

Installing Linux Teaching Note: This section guides students through the process of selecting a distro, deciding where to install it, and performing the installation. Teaching Tip: Note that many of the most popular distros fall into one of two categories: Red Hat-based or Debian-based. Ask students to name as many different distros in each of these categories as they can, making a list on the board. Teaching Tip: Discuss whether or not virtual machines are more secure than bare-metal installations. The Security Highlight box on page 9 brings up some points for conversation. Teaching Tip: If students are going to create VMs for multiple versions of Linux for this class, walk them through the process of setting up VirtualBox and installing their first VM; then have them create the additional VMs they need for this class on their own.

ACTIVITIES FOR CLASS I.

Discussion Topics Question 1: What are the advantages and disadvantages of a CLI? Answer 1: Advantages: more powerful, more commands and functions. Easier and quicker for experienced users. Can be more secure. Consumes fewer system resources. Disadvantages: Higher learning curve for newer users, not as enjoyable to use for most people. Question 2: When studying Linux, as you will do in this book, what are the pros and cons of using a VM vs a native installation? Answer 2: A VM may be a better choice for study because you can have several different distros and switch between them easily. However, if it is a very old computer without much CPU and RAM, the strain of running a hypervisor and a VM may make it run more slowly than if you installed Linux natively.

II.

Exercises and Activities Lab Exercises: Assign one or more of the following lab exercises: 1.1 Installing CentOS

1.2 Installing Ubuntu 1.3 Installing Kali Web Search Exercise: The textbook mentions that using a GUI can pose a security risk. Why is this so? One reason is that every time you add more software to the system, you add a potential security risk. Find some articles that discuss this topic and write a summary of the opinions and reasonings you discover. Review Key Terms: Review these terms from the chapter. If desired, you can create a matching exercise from these words, matching the terms to their definitions. • • • • • • • • • • •

Kernel Shell File system Kernel modules Libraries Distribution Distro CLI GUI Virtual machine VM

WEB RESOURCES DistroWatch: https://distrowatch.com VirtualBox: https://www.virtualbox.org CentOS download: https://www.centos.org/download Fedora download: https://getfedora.org Red Hat Enterprise Linux: https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux Ubuntu download: https://ubuntu.com/download Kali download: https://www.kali.org/downloads Mint download: https://linuxmint.com/download.php Debian download: https://www.debian.org/distrib

uCertify If you are using the uCertify course and labs product, be sure to review the associated online labs for this chapter. Students can do these labs as homework or during class time for hands-on practice to reinforce core learning objectives.

INSTRUCTOR’S GUIDE TO ACCOMPANY LINUX ESSENTIALS FOR CYBERSECURITY CHAPTER 2 WORKING ON THE COMMAND LINE CHAPTER OBJECTIVES When students have finished reading this chapter and completing the exercises, they will be able to do the following: •

Manage files and directories

•

Use shell features such as shell variables

•

Be able to re-execute previous commands using the shell feature called history

•

Identify regular expressions and know how to use them with commands like find, grep, and sed

•

Manage file-compression utilities

CHAPTER OVERVIEW The goal of this chapter is to introduce you to some of the more essential command-line utilities. You learn commands used to manage files and directories, including how to view, copy, and delete files. You also learn the basics of a powerful feature called regular expressions, which allows you to view and modify files using patterns. This chapter introduces some of the more commonly used file-compression utilities, such as the tar and gzip utilities.

CHAPTER OUTLINE 1.

File Management a. The Linux Filesystem b. Command Execution i. The pwd Command ii. The cd Command iii. The ls Command iv. File Globbing v. The file Command vi. The less Command vii. The head Command viii. The tail Command ix. The mkdir Command x. The cp Command xi. The mv Command xii. The rm Command xiii. The rmdir Command xiv. The touch Command Shell Features

a. Shell Variables i. echo ii. set iii. unset iv. The PS1 Variable v. The Path Variable b. Environment Variables c. Initialization Files d. Alias e. Command History i. History Variables ii. The .bash_history File f. Redirecting Input and Output i. Piping ii. Subcommands Advanced Commands a. The find Command b. Regular Expressions c. The grep Command d. The sed Command e. Compression Commands i. The tar Command ii. The gzip Command iii. The gunzip Command iv. The bzip2 Command v. The xz Command

TEACHING NOTES AND TIPS PER TOPIC 1.

File Management Teaching Note: This section introduces the Linux file system and teaches some of the essential commandline tools for file management. Teaching Tip: The table of FHS locations on page 15 is important. Linux admins should have these locations memorized because doing so makes it so much easier to find the files they need in everyday usage. Consider making this table into a matching exercise for an in-class activity. Teaching Tip: Clarify the difference between options and arguments, as explained on page 16. Teaching Tip: Show in-class examples of each of the commands covered in this section: pwd, cd, ls, file, less, head, tail, mkdir, cp, mv, rm, rmdir, and touch. Teaching Tip: Students may not recognize the term “file glob” but they have probably used one. It is what Windows and some other OSes call wildcards. Besides the common * and ? globs, Linux has the [ ] brackets. Show how each of these three work.

Shell Features Teaching Note: This section shows some of the BASH shell features that you can use to customize your working environment.

Teaching Tip: Review Table 2-10 on pages 22-23 and discuss each of these shell variables. Then, show how to combine them with the echo command to display the values stored in variables. Teaching Tip: Explain how the order in which the OS looks for a particular command is based on the path variable. Show what happens when you have two different versions of the same executable, located in two different places. Based on the order of the directories in the path, it may encounter and run one or the other first. Teaching Tip: Point out that an alias is a shortcut for running a certain command with certain options and variables. Review the examples in Example 2-1 on page 28. Teaching Tip: Demonstrate how to write the command history to .bash_history using the -w option. Demonstrate how to execute a command in the history by using the ! followed by the command number. Reference Table 2-14 on page 29 for other techniques to use with the history command. Teaching Tip: Explain how to redirect input and output using cmd and using piping. Point out the pipe symbol on your keyboard, and if there are other keyboards in the classroom, ask students to find it on their own keyboard, as its location can vary. 3.

Advanced Commands Teaching Note: This section covers some of the more advanced commands that users are likely to want to use on a regular basis. It is not a comprehensive reference by any means; point students to online references that are more complete. Teaching Tip: Demonstrate several uses of the find command, using the options in Tables 2-17 through 219. Differentiate between find and grep. Teaching Tip: Define regular expression, or regex. Review the entries in Table 2-20 and 2-21. Show the find command’s support of the -regexp option to use regular expression to perform pattern matching of the filename. Teaching Tip: Review the sed command, covered on page 37. Ask students to think about how a hacker could use this command. Teaching Tip: Ask students about their experiences with compressed archive files. The most common format on Windows PCs is ZIP, but the most common on Linux systems is tar. Demonstrate the tar command, using the examples and options on page 38. Compare it to gzip and gunzip, covered on page 39.

ACTIVITIES FOR CLASS I.

Discussion Topics Question 1: What are the similarities and differences between the Linux command line interface, which is based on Unix, and the Windows command line interface, which is based on DOS? Answer 1: There are many possible answers. Students may name some commands that are different or the same in each shell. They might mention that Linux is case-sensitive, and Windows is not. They might mention the different disk filesystems. They might bring up the FHS locations in Linux.

Question 2: The history command is useful for recalling recently used commands from the shell, but it can also play a role in security. How so? Answer 2: The history command could be used to see what has been recently done from the command line on that computer, which could be useful for someone snooping, but also useful for someone trying to follow the trail of a hacker. II.

Exercises and Activities Lab Exercises: Assign one or more of the following lab exercises: 2.1 Manage files 2.2 Using shell features 2.3 Compressing files Web Search Exercise: Find at least three comprehensive Linux command references online. Which do you think is better and why? Which ones will you bookmark for later personal use? Present your findings to the class. Review Key Terms: Review these terms from the chapter. If desired, you can create a matching exercise from these words, matching the terms to their definitions. current directory

root directory

parent directory

subdirectory

child directory

Filesystem Hierarchy Standard

option

argument

absolute path

relative path

file glob

wildcard

variable

local variable

environment variable

non-login shell

initialization file

alias

redirection

piping

subcommand

regular expression

WEB RESOURCES Linux Basic Shell Reference Guide: http://www.penguintutor.com/linux/basic-shell-reference 20 Linux Commands Every Sysadmin Should Know: https://opensource.com/article/17/7/20-sysadmin-commands A to Z Linux Commands: https://www.tecmint.com/linux-commands-cheat-sheet/ Linux Command Line Reference: http://www.pixelbeat.org/cmdline.html

INSTRUCTOR’S GUIDE TO ACCOMPANY LINUX ESSENTIALS FOR CYBERSECURITY CHAPTER 3 GETTING HELP CHAPTER OBJECTIVES When students have finished reading this chapter and completing the exercises, they will be able to do the following: • • •

Discover information about commands by using specific command-line options Get help about a command, feature, or configuration file by using man or info pages Use additional documentation on the system to solve problems

CHAPTER OVERVIEW Linux comes with a great help system. Almost every command, feature, configuration file, and service has enough documentation to help you when your brain refuses to recall that important option, setting, or value. In this chapter, you learn how to make use of this documentation.

CHAPTER OUTLINE 1. Man Pages a. Man Page Components b. Man Page Sections c. Man Page Locations 2. Command Help Options 3. The help Command 4. The info Command 5. The usr/share/doc Directory 6. Internet Resources

TEACHING NOTES AND TIPS PER TOPIC 1. Man Pages Teaching Note: This section defines man pages and shows how to access them, including movement commands, components, sections, and locations. Teaching Tip: Refer students to Table 3-1 for some movement commands that work in a man page. Discuss how navigation in a man page is different from navigation in a graphical text editor such as Notepad in Windows. Teaching Tip: Use Figure 3-1 to point out the components of a man page, and refer to Table 3-2 to describe each of the components. Differentiate between components and sections, and use Figure 3-2 and

Table 3-3 to discuss sections. Demonstrate the use of the -f option to show the section names. Note that the man -f command is the same as the whatis command. Teaching Tip: Demonstrate how to access a man page that is not in a standard location and show how to create a MANPATH variable. 2. Command Help Options Teaching Note: This section shows how to get help with the syntax of a command. Teaching Tip: Note that when using the help option, it is preceded by two minus signs: --help. However, a few commands use -h instead of --help. Teaching Note: If you are using Microsoft Word to create quizzes or other learning materials for this chapter, be aware that Word automatically changes two minus signs (--) to a long dash (—) as you type. 3. The help Command Teaching Note: This section explains how to use the help command to get help on built-in shell commands. Teaching Tip: Explain the difference between a built-in shell command and an external command with a separate executable and provide some examples. Teaching Tip: Point out Example 3-4 on page 47, which demonstrates using help -s to get a list of built-in commands. Teaching Tip: Mention that it is not important to memorize which commands are shell commands and which aren’t; if man doesn’t work for getting help for a command, you can quickly use the help command. 4. The info Command Teaching Note: This section explains info pages and differentiates them from man pages. Teaching Tip: Use Figure 3-3 to show how an info page is different from a man page. For one thing, there are hyperlinks. Teaching Tip: Point out the movement commands for the info command in Table 3-4 and compare them to the movement commands for the man command back in Table 3-1. 5. The usr/share/doc Directory Teaching Note: This section introduces the /usr/share/doc directory, where additional documentation may be available, depending on what software has been installed. Teaching Tip: Point out that, as shown in Example 3-5 on page 48, the /usr/share/doc directory contains subdirectories for the various installed applications. 6. Internet Resources Teaching Note: This section discusses the availability of Internet resources to help students get information about Linux commands and their syntax and usage.

ACTIVITIES FOR CLASS I.

Discussion Topics Question 1: Why would an application developer choose to provide info pages instead of man pages? Answer 1: Info pages provide more capabilities, such as the ability to include hyperlinks to create a linked set of page documents, rather than having to put everything in a single document. Question 2: Why are there no man pages for built-in shell commands? Answer 2: Because there are no separate executable files for these commands, so there is no command file to associate a man page with. Man pages accompany executables.

II.

Exercises and Activities Lab Exercises: Assign one or more of the following lab exercises: • •

3.1 Getting help with man 3.2 Getting help with info

Web Search Exercise: Find documentation online that was not referenced in this chapter for at least two different shells and two different distros. Write a one-paragraph review of each site you found. Review Key Terms: Review these terms from the chapter. • •

man page info page

WEB RESOURCES Red Hat Enterprise Linux guide: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux GNUSoftware Foundation gzip manual: https://www.gnu.org/software/gzip/manual/gzip.html The Linux Documentation Project: http://www.tldp.org Linux Today: www.linuxtoday.com Linux Forums: http://www.linuxforums.org

INSTRUCTOR’S GUIDE TO ACCOMPANY LINUX ESSENTIALS FOR CYBERSECURITY CHAPTER 4 EDITING FILES CHAPTER OBJECTIVES When students have finished reading this chapter and completing the exercises, they will be able to do the following: • •

Edit text files using the vi editor Become familiar with additional text editors, such as Emacs, joe, and gedit

CHAPTER OVERVIEW Text editors are important because the Linux operating system is configured largely by hundreds of text files. In this chapter, students learn how to use text editors. The primary focus will be on the vi/vim editor, but additional editors are also introduced.

CHAPTER OUTLINE 1. The vi Editor a. What is vim? b. Essential vi Commands c. Use Basic vi Modes d. Entering the Insert Mode e. Movement Commands f. Repeater Modifiers g. Undoing h. Copying, Deleting, and Pasting i. Finding Text j. Find and Replace k. Saving and Quitting l. Expand Your vi Knowledge 2. Additional Editors a. Emacs b. gedit and kwrite c. nano and joe d. lime and bluefish

TEACHING NOTES AND TIPS PER TOPIC 1. The vi Editor

Teaching Note: This lengthy section, which occupies most of this chapter, introduces the vi editor, which is the staple of most Linux text editing. Teaching Tip: Students accustomed to graphical interfaces may find the vi/vim editor awkward and unwieldy at first, but they need to get started becoming comfortable with it as soon as possible. Teaching Tip: Point out that on some distributions, when you run the vi command, it is actually a shortcut to the vim editor. Other distributions might only have vi, or might require separate commands to open vi and vim. Teaching Tip: Make sure students understand the three basic vi modes: command mode, insert mode, and last line (ex) mode, and how to switch among them. Refer them to Figure 4-2 for an explanation of how to move between modes. Discuss the purpose of each mode. Teaching Tip: Review the commands in the unnumbered table on page 55 for issuing commands to enter Insert mode in various ways. For example, i makes the new text appear before the cursor position and a makes new text appear after it. Teaching Tip: Review the movement commands and keyboard shortcuts on page 56, and the commands for copying, deleting, and pasting on pages 58-59. Teaching Tip: Point out the instructions for installing vim on page 62. They vary depending on your distro. 2. Additional Editors Teaching Note: This section presents an overview of alternative text editors that work in Linux. Some are command-line; others are GUI. The applications covered include Emacs, gedit, kwrite, nano, joe, lime, and bluefish. Teaching Tip: An advantage of Emacs is that it works both as a GUI and in command line mode. Reference the screen captures in Figures 4-8 and 4-9, which show both modes. Teaching Tip: As the note at the bottom of page 64 points out, if you install the vim-X11 software package, you get a GUI-based version of the vim editor. To execute, run gvim or vim -g. Teaching Tip: gedit and kwrite are both GUI editors, similar to Notepad in Windows. Gedit comes with the GNOME desktop and kwrite comes with the KDE desktop. Demonstrate one or the other in class if possible. Teaching Tip: The lime and bluefish editors are GUI editors that are enhanced to help write code by highlighting syntax and automatically indenting lines. Reference the bluefish editor in Figure 4-11 on page 66, and, if possible, show the lime editor in class.

ACTIVITIES FOR CLASS I.

Discussion Topics Question 1: Why is it important to be very familiar with the vi editor in order to be a Linux system administrator? Answer 1: Linux uses text files extensively for many different reasons, and as an administrator you must be able to quickly open up text files, find text strings in them, make edits, and save and close them.

Opening a graphical shell and a graphical text editor simply takes too much time, not to mention system resources. Experienced Linux professionals are expected to be able to use the vi editor as easily as a mechanic uses basic hand tools. Although other editors may sometimes be available as an admin you will not always be on your preferred machine and distro, so you can’t count on other editors being available. Question 2: What are some “life hacks” you could use to remind yourself of the keyboard shortcuts needed to operate within vi/vim until you have memorized them? Brainstorm some methods. Answer 2: Students might create a “cheat sheet” to keep beside the computer, or a cardboard overlay to put over the back of the keyboard to remind them. They could have a second PC or monitor next to their Linux machine screen, or run Linux in a windowed VM and have keyboard shortcuts in a window on the host machine. They could also use sticky notes along the edges of the monitor. II.

Exercises and Activities Lab Exercises: Assign the following lab exercise: •

4.1 Edit files with the vim editor

Web Search Exercise: Find at least two other Linux text editors besides those referenced in this chapter. Download and install one of them on your Linux machine (or VM) and write a one-paragraph review of it. Review Key Terms: This chapter has only one key term listed at the end of the chapter: vi mode. Here are a few additional key terms you might consider including on a key term quiz for this chapter: command mode, insert mode, vim, Emacs, last line mode, gedit, kwrite, nano, joe, bluefish, lime.

WEB RESOURCES GNU Emacs: https://www.gnu.org/software/emacs gedit: https://wiki.gnome.org/Apps/Gedit KWrite Text Editor: https://www.kde.org/applications/utilities/kwrite GNU Nano Editor: https://www.nano-editor.org JOE – Joe’s Own Editor: https://joe-editor.sourceforge.io Lime Text Editor: www.limetext.org Bluefish Editor: http://bluefish.openoffice.nl/index.html

INSTRUCTOR’S GUIDE TO ACCOMPANY LINUX ESSENTIALS FOR CYBERSECURITY CHAPTER 5 WHEN THINGS GO WRONG CHAPTER OBJECTIVES When students have finished reading this chapter and completing the exercises, they will be able to do the following: • •

Correctly use troubleshooting skills to diagnose system problems Notify users of system issues during login or while a user is logged in to the system

CHAPTER OVERVIEW In this chapter, you learn the techniques and practices you should follow when things do not work out quite the way you were hoping. You also discover techniques that you can use as an administrator to inform users about system issues.

CHAPTER OUTLINE 1. The Science of Troubleshooting a. Step 1: Gathering Information b. Step 2: Determine the Likely Cause c. Step 3: Document Your Plan of Attack (POA) d. Step 4: Perform the Actions e. Steps 5 and 6: Is the Problem Solved? f. Step 7: Are There Other Problems? g. Step 8: Store the Documentation h. Step 9: Prevent Future Problems 2. Notifying Users a. Pre- and Post-login Messages i. The /etc/issue File ii. The /etc/issue.net File iii. Additional Pre-login messages iv. The /etc/motd File b. Broadcasting Messages i. The wall Command ii. The shutdown Command

TEACHING NOTES AND TIPS PER TOPIC 1. The Science of Troubleshooting

Teaching Note: This section outlines a nine-step methodology for troubleshooting. It summarizes the steps on pages 68-69 and then provides a detailed look at each step in its own sub-section. Step 1: Gathering Information Step 2: Determine the Likely Cause Step 3: Document Your Plan of Attack (POA) Step 4: Perform the Actions Steps 5 and 6: Is the Problem Solved? Step 7: Are There Other Problems? Step 8: Store the Documentation Step 9: Prevent Future Problems Teaching Tip: Error messages are one source of information gathering when an error occurs. Ask students to list some of the Linux error messages they have seen at a command prompt and what the likely cause was for each one. Teaching Tip: Review the sources of help listed on page 70, including reading documentation, asking coworkers, asking the system administrator, and researching a problem online. 2. Notifying Users Teaching Note: This section provides some ways that you can communicate with Linux users as a system administrator. Teaching Tip: Open a sample /etc/issue file and use Table 5-1 to decipher the meaning of each line in the file. Make some simple changes and then demonstrate the effect. Teaching Tip: Differentiate between /etc/issue and etc/issue.net, making sure students understand when one is in effect vs. the other. Teaching Tip: Differentiate between pre-login and post-login messages. Post-login messages are placed in /etc/motd. Contrast both of these to broadcast messages that go out to users who are already signed in, such as wall and shutdown messages.

ACTIVITIES FOR CLASS I.

Discussion Topics Question 1: Why is it useful to document a plan of attack prior to performing the actions, rather than waiting to see what works? Answer 1: Documenting the plan of attack can help you remember what you have previously tried, so you don’t re-try things that didn’t work the first time. They can also be useful when consulting with others, or when escalating a problem to the next level of tech support. Question 2: What are some best practices for storing the documentation you create about problems and their solutions? Answer 2: This information should be stored in a central location where all employees who need it can access it, but with enough security that it is not accessible by unauthorized individuals. Files should be named with descriptive names, using a consistent naming structure that will help people in the future find the needed record quickly.

Question 3: Suppose you need to reach all users of a Linux system but they log in with a variety of methods—some remote, some local, some GUI, some command line. Describe all the places you would have to put the message in order for everyone to see it. Answer 3: You would put the message in /etc/issue for remote users and /etc/issue.net for local users. You would put it in /etc/gdm/custom.conf (for Red Hat) or /etc/gdm/gdm.conf-custom (for Debian) for GUI users, and /etc/vsftpd/vsftpd.conf for those who use FTP. II.

Exercises and Activities Lab Exercises: Assign one or more of the following lab exercises: • •

5.1 Troubleshooting Linux issues 5.2 Configuring user notifications

Web Search Exercise: The nine-step troubleshooting method presented in this chapter is not the only troubleshooting model for IT problems. Find several other models, and evaluate how well you think they would work when troubleshooting Linux system problems. Review Key Terms: This chapter has no key terms as presented in the textbook. Here are some files and commands you might use as key terms for a chapter quiz or review: •

etc/issue

•

etc/issue.net

•

etc/vsftpd/vsftpd.conf

•

etc/gdm/custom.conf

•

etc/gdm/gdm.conf-custom

•

etc/motd

•

wall

•

shutdown

WEB RESOURCES General Troubleshooting in Linux: https://www.nixtutor.com/linux/general-troubleshooting-in-linux/ How to Troubleshoot Common Site Issues on a Linux Server: https://www.digitalocean.com/community/tutorials/how-to-troubleshoot-common-site-issues-on-a-linux-server

INSTRUCTOR’S GUIDE TO ACCOMPANY LINUX ESSENTIALS FOR CYBERSECURITY CHAPTER 6 MANAGING GROUP ACCOUNTS CHAPTER OBJECTIVES When students have finished reading this chapter and completing the exercises, they will be able to do the following: • • • •

Understand the concept of Linux groups Manage groups, including creating, modifying, and deleting group accounts Understand the security feature called User Private Groups (UPGs) Learn how to create group administrators

CHAPTER OVERVIEW This chapter focuses on group accounts, including how to add, modify, and delete groups. Special attention is placed on system (or special) groups as well as understanding the difference between primary and secondary groups.

CHAPTER OUTLINE 1. What Are Groups Used For? a. Primary versus Secondary Groups b. The /etc/group File c. Special Groups d. User Private Groups e. The etc/gshadow File 2. Managing Groups a. Creating Groups b. Modifying Groups c. Deleting Groups d. Adding Users to Groups e. Group Administrators

TEACHING NOTES AND TIPS PER TOPIC 1. What Are Groups Used For? Teaching Note: This section explains some of the ways that groups are used in Linux, as well as some of the differentiations among groups, such as primary vs. secondary groups, special groups, and user private groups.

Teaching Tip: Note that a group in itself is not “primary” or “secondary.” That quality refers to whether or not it is a particular user’s primary group or not. Explain the significance of a user’s primary group membership. Teaching Tip: Compare and contrast the id command and the groups command. Both display information about the current user by default, and both accept an argument of another user account name. Teaching Tip: Open an etc/passwd file and show where the primary group membership for each user is stored. Then, open an etc/group file and show the secondary user membership. Example 6-1 shows an etc/group file. Each line in the file describes one group. There are two parts to each line, separated by a colon. Refer to Table 6-2, which describes the fields. Teaching Tip: Discuss special groups and refer to Table 6-3 for a list of the most commonly used ones. Teaching Tip: Explain the reasoning behind user private groups. Refer to the explanation at the bottom of page 86 through page 87, and the examples in Figures 6-1 and 6-2. 2. Managing Groups Teaching Note: This section explains how to create, modify, and delete groups and how to manage a group’s membership. Teaching Tip: Demonstrate using the groupadd command to create a new group. Change the group’s name. Add some users to it, including making at least one user a group administrator. Then, delete the group using the groupdel command.

ACTIVITIES FOR CLASS I.

Discussion Topics Question 1: What are some reasons you might create user groups? Answer 1: Answers will vary. You might create groups for a department that should share a unique set of folders and printers, for example. You might create a group for entry-level system administrators who have certain administrative privileges but not a full set. Question 2: What is the purpose of the etc/gshadow file? Answer 2: It is like the etc/group file except it contains more sensitive information about the group that should be viewable only by the root user. This includes the group password, the group administrator, and the group user list (which should match up with the corresponding field in the etc/group file).

II.

Exercises and Activities Lab Exercises: Assign one or more of the following lab exercises: • •

6.1 Manage group accounts 6.2 Manage group administrators

Web Search Exercise: Find at least two articles that delve deeply into the topic of User Private groups (UPG) in Linux. Create a list of at least 5 things about UPGs that were not presented in the textbook.

Review Key Terms: Review these terms from the chapter. If desired, you can create a matching exercise from these words, matching the terms to their definitions. group account

Primary group

Secondary group

Group ID (GID)

Special groups

User Private Group (UPG)

User ID (UID)

WEB RESOURCES Linode - Linux Users and Groups: https://www.linode.com/docs/tools-reference/linux-users-and-groups/ ArchLinux – Users and Groups: https://wiki.archlinux.org/index.php/Users_and_groups Linux.com – How to Manage Users with Groups in Linux: https://www.linux.com/learn/intro-tolinux/2017/12/how-manage-users-groups-linux Kali Training – Managing Users and Groups: https://kali.training/topic/managing-users-and-groups POFTUT – How to List All Users and Groups in Linux: https://www.poftut.com/list-users-groups-linux/

INSTRUCTOR’S GUIDE TO ACCOMPANY LINUX ESSENTIALS FOR CYBERSECURITY CHAPTER 7 MANAGING USER ACCOUNTS CHAPTER OBJECTIVES When students have finished reading this chapter and completing the exercises, they will be able to do the following: • • • • •

Understand the concept of Linux user accounts Manage users, including creating, modifying, and deleting user accounts Understand network-based user accounts Use su and sudo to gain privileged system access Restrict user accounts using PAM

CHAPTER OVERVIEW This chapter covers the details regarding user accounts. You learn how to create and secure these accounts as well as how to teach users good security practices in regard to protecting their accounts.

CHAPTER OUTLINE 1. The Importance of User Accounts a. User Account Information b. The /etc/passwd File c. Special Users d. The /etc/shadow File 2. Managing Users a. Creating Users i. Setting the Account Password ii. Using Defaults iii. Using Skel Directories b. Modifying Users c. Managing GECOS d. Deleting Users e. Restricted Shell Accounts 3. Network-Based User Accounts 4. Using su and sudo 5. Restricting User Accounts a. PAM Categories b. PAM Control Values c. PAM Modules d. Using PAM to Alter the Password Policy

TEACHING NOTES AND TIPS PER TOPIC 1. The Importance of User Accounts Teaching Note: This section explains why user accounts are so important to Linux system security. They grant system access, secure files and directories, control who has access to security processes, provide special privileges to accounts, and verify users for running certain applications. Teaching Tip: Review the locations for local users account data in the etc folder: passwd, shadow, group, and gshadow. Make sure students can explain what goes into each one of these. Refer to Example 7-1 and Table 7-2 to further explain the passwd file contents. Refer to Example 7-2, Table 7-3, and Figure 7-1 to discuss the shadow file contents. Teaching Tip: Make sure students understand the concept of daemon accounts, as one of the types of special user accounts. Discuss the nobody account, which is used to apply permissions for files that are shared via NFS. Then, refer to Table 7-2, which lists several other default user accounts and their purposes. 2. Managing Users Teaching Note: This section explains how to create new users, modify existing users, and delete users, which all require the privilege provided by the root account. Teaching Tip: Remind students of the group-related commands from Chapter 6 when working with their user-related counterparts (for example, groupadd and useradd). Teaching Tip: Refer to Table 7-4 when discussing the options for the useradd command. Teaching Tip: On page 105, in the unnamed table in the center of the page, point out the case-sensitivity of the command options. The -m option is different from the -M option. This is something to keep in mind overall about Linux. Unlike Windows, it is case-sensitive. 3. Network-Based User Accounts Teaching Note: This section introduces the idea of a network-based account that logs users into different systems, rather than a single local machine. This is covered in more detail later in the book, such as in Chapter 19. A network-based user account requires login to a network server, which then grants permissions. Examples include LDAP, NIS, Active Directory, and Samba. 4. Using su and sudo Teaching Note: This section introduces these two useful commands: su to switch user and sudo to execute specific tasks as the administrator without actually switching to that account. Teaching Tip: Demonstrate how to set up an account to allow it to have sudo access to temporary elevate its privileges. 5. Restricting User Accounts Teaching Note: This section demonstrates how to use one particular method of limiting user accounts: Pluggable Authentication Modules (PAM).

Teaching Tip: Review the list of restriction types that PAM is capable of on page 111. Then, point out in Example 7-7 that each authentication-based software program has its own separate configuration file in the etc/pam.d directory. Open a few of these files and browse them, or work through Example 7-9 on page 112. Teaching Tip: Discuss the relationship of PAM to security. For example, review the information starting on page 115 about using PAM to alter the password policy.

ACTIVITIES FOR CLASS I.

Discussion Topics Question 1: When would you want to create a restricted shell account? Answer 1: Restricted shell accounts are useful when you need to restrict the permissions of a guest on your system, such as someone assisting in hardware repair that requires testing on the network, or a kiosk-based system that should have limited functionality. Question 2: Why does the textbook recommend not logging into the system as the root user to perform tasks? What can you do instead that is safer? Answer 2: Logging in as the root user opens up the system to all kinds of security risks if you step away from the machine for even a minute. It is better to use su to switch to the root user when needed and then exit from the privileged shell as soon as the task is complete.

II.

Exercises and Activities Lab Exercises: Assign one or more of the following lab exercises: • • •

7.1 Manage user accounts 7.2 Secure user accounts 7.3 Configure sudo

Web Search Exercise 1: Learn more about the different types of Linux login servers, including LDAP and Active Directory with Samba. Write a paragraph explaining each one, documenting your sources of information. Web Search Exercise 2: Explore the man and info pages and online resources for the sudo and visudo commands, as well as the sudoers file. Write a few paragraphs to explain what you learned about the differences between and uses of these items. Review Key Terms: Review these terms from the chapter. If desired, you can create a matching exercise from these words, matching the terms to their definitions. daemon

NFS

skel directory

GECOS

LDAP

NIS

Active Directory

Samba

NSS

PAM

WEB RESOURCES Linux System Administrator’s Guide: Chapter 11: Managing User Accounts: http://www.tldp.org/LDP/sag/html/managing-users.html Indiana University – In Unix, What are the sudo and su Commands?: https://kb.iu.edu/d/amyi Linux.com – How to use Sudo and SU Commands in Linux: An Introduction: https://www.linux.com/blog/howuse-sudo-and-su-commands-linux-introduction

INSTRUCTOR’S GUIDE TO ACCOMPANY LINUX ESSENTIALS FOR CYBERSECURITY CHAPTER 8 DEVELOP AN ACCOUNT SECURITY POLICY CHAPTER OBJECTIVES When students have finished reading this chapter and completing the exercises, they will be able to do the following: • •

Use Kali Linux to perform security probes on systems Create a security policy for user accounts

CHAPTER OVERVIEW This chapter explains how to create a security policy for user and group accounts by using the knowledge acquired in Chapters 6 and 7. The recommended policy includes physical security, educating users, and account security best practices.

CHAPTER OUTLINE 1. 2. 3. 4.

Introducing Kali Linux Security Principles Creating a Security Policy Securing Accounts a. Physical Security b. Educating Users c. Account Security i. User Account Names ii. Users with No Password iii. Preventing a User from Changing a Password iv. Application Accounts v. Enabling Process Accounting vi. Avoiding Commands Being Run as the Superuser 5. Security Tools a. The john and Johnny Tools b. The hydra tool

TEACHING NOTES AND TIPS PER TOPIC 1. Introducing Kali Linux Teaching Note: This section introduces and describes Kali Linux, which is a security-based distro. Teaching Tip: Discuss how one distro differs from another. When we say Kali Linux is a security-based distro, what does that mean? What does it have that other distros don’t?

Teaching Tip: Kali Linux is not the only security-based distro. Refer students to Figure 8-1 for a list of other popular ones. Teaching Tip: If you are not able to show a live Kali distro in class, refer to Figure 8-2. 2. Security Principles Teaching Note: This section provides a basic definition of security and entities, and discusses finding a balance between system security and system availability. Teaching Tip: Discuss the statement made on page 120 that “there is always a way to compromise a system if someone has enough time, resources, and knowledge.” Ask students if they believe this is true, and why or why not. 3. Creating a Security Policy Teaching Note: This section defines the minimum that a good security policy should include: • • • •

A set of rules that determines what is and is not allowed A means to ensure the rules are followed A well-defined plan to handle when a system is compromised A way to actively change the policy as new information becomes available

Teaching Tip: Introduce the term incident response plan, and briefly make sure students understand what it consists of. 4. Securing Accounts Teaching Note: This section covers three aspects of securing accounts: physical security of the system or network, education of users, and ensuring accounts are not susceptible to attack. Teaching Tip: Ask students to describe the qualities of a strong password, and have them develop a few examples of good passwords. Teaching Tip: Discuss the benefits and drawbacks of assigning user names that are not directly related to the person’s actual name. It could make it more difficult for hackers to gain access, but it could also prevent users from finding each other in directories and listings that only show people’s user names. Teaching Tip: Explain what is meant by process accounting and show the psacct tool, which is used for process accounting. Demonstrate how to download it and install it, as explained at the top of page 123. 5. Security Tools Teaching Note: This section explores some tools that can be used to find security weaknesses. They come with Kali Linux but can also be installed and used in other Linux distros. Teaching Tip: Refer to Figure 8-3, which shows the Applications menu in Kali Linux. Point out how the various security tools are in categories on the menu. The Password Attacks category is shown here. If time permits, go through each category and point out some of the highlights. Teaching Tip: Give students an opportunity to try out the John the Ripper (john) tool and the Johnny utility, which is a GUI version of the john utility. Or, if that is not possible, refer to Figures 8-4 and 8-5.

Teaching Tip: Discuss how the hydra tool probes a system via a specific protocol, and why that might be useful. Students should not try this tool out on any system for which they do not have written authorization to perform security analysis. Refer to Figure 8-6.

ACTIVITIES FOR CLASS I.

Discussion Topics Question 1: Thinking about physical security, what measures could you take to ensure that mission-critical servers are protected? Answer 1: You would secure the physical location of the hardware, restrict the ability to physically connect to the network, and prevent unauthorized people from viewing your systems, particularly terminal windows. You could also password-protect the BIOS of mission-critical systems. These are just a few of many possible answers. Question 2: What are some of the most clueless things you have seen end-users do (or can imagine them doing), and how would you train/educate users not to do them? Answer 2: Answers will vary.

II.

Exercises and Activities Lab Exercises: Assign one or more of the following lab exercises: • •

8.1 Test the security of accounts 8.2 Develop an account security policy

Web Search Exercise: Looking at the list of password attacks provided by Kali Linux in Figure 8-3, choose three that were not discussed in this chapter, and find out the following information about each one: • • • •

What (specifically) it can do Whether it is a GUI or a command-line program Whether it is well-liked among security professionals and hackers How it can be acquired

Review Key Terms: This chapter has no key terms listed. If you would like to create a key term exercise, you could potentially use some of these terms: Kali Linux, security, entities, security policy, incident response plan, physical security, account security, process accounting, John the Ripper, hydra.

WEB RESOURCES Distro Watch: www.distrowatch.com Kali Linux: https://www.kali.org Kali for Windows: https://www.microsoft.com/en-us/p/kali-linux/9pkr34tncv07 Kali Linux Downloads – Virtual Images: https://www.offensive-security.com/kali-linux-vm-vmware-virtualboxhyperv-image-download/

INSTRUCTOR’S GUIDE TO ACCOMPANY LINUX ESSENTIALS FOR CYBERSECURITY CHAPTER 9 FILE PERMISSIONS CHAPTER OBJECTIVES When students have finished reading this chapter and completing the exercises, they will be able to do the following: • • • • • •

Display and set standard Linux permissions Use special Linux permissions to accomplish advanced security operations Create an umask value for setting default permissions Use access control lists to fine-tune the permissions on files and directories Use file attributes to limit access to system files Perform basic SELinux operations

CHAPTER OVERVIEW This chapter focuses on securing files using Linux permissions. It also dives into more advanced topics, such as special permissions, including SUID, SGID, and sticky bit. These permissions provide special access to files and directories and are typically managed by the system administrator. Several permission-related topics will also be introduced, including default permissions, access control lists (ACLs), and changing the user and group ownership of files and directories.

CHAPTER OUTLINE 1. Standard Permissions a. Viewing Permissions b. Files versus Directories c. Changing Permissions 2. Default Permissions 3. Special Permissions a. SUID b. SGID c. Sticky Bit 4. Access Control Lists (ACLs) a. The mask Value b. Default ACLs 5. Changing Ownership a. chown b. chgrp 6. File Attributes 7. Introduction to SELinux a. Users Create Security Holes b. Daemon Processes Create Security Holes

c. SELinux Essentials i. Security Context ii. SELinux Conclusion

TEACHING NOTES AND TIPS PER TOPIC 1. Standard Permissions Teaching Note: This section introduces standard permissions (read, write, and execute) and how to view and change them. Teaching Tip: Here’s a concise way of explaining permissions: The first 10 characters of the output denote the file type (- for file or d for directory) and the permissions for the file. Permissions are broken into three sets: the user owner of the file, the group owner, and all other users. Each of these sets has three possible permissions, r, w, and x. If the permission is set, the character is displayed; otherwise a hyphen character is displayed. Teaching Tip: Show students the permissions on a group of files using the ls -l command. Have them interpret the permissions for each file or directory using the above explanation as a guide. Teaching Tip: Explain what it means for a file versus a directory to have read, write, or execute permissions. Refer to the bulleted lists on page 131. Teaching Tip: Explain the chmod command and have students practice creating permission sets using the numeric codes for each permission: Read = 4, Write = 2, and Execute = 1. 2. Default Permissions Teaching Note: This section explains the concept of default permissions, which are set when a user creates a file or directory. It also introduces the unmask command, which sets a value that is used to determine the default permissions for files and directories. Teaching Tip: Explain the unmask command’s argument, the mask value. Refer to Table 9-2 for the maximum possible permissions for new files or directories. Note that new files are never given execute permissions. That permission set must always be added after the new file is created. Discuss the commonly used unmask values in Table 9-3 and walk through a few examples. 3. Special Permissions Teaching Note: This section discusses special permission sets that are used in specific situations, including Set User ID (SUID), SGID, and sticky bit. Teaching Tip: As the Security Highlight box on the bottom of page 135 points out, one way to tighten security is to use the find command to discover SUID programs and evaluate each one to determine whether any of them do not really need to be SUID. Doing so can also look for programs that a hacker has made SUID in order to create a back door. Teaching Tip: Discuss the difference between SUID and SGID. Whereas SUID allows execution of a command based on user permissions, SGID does the same thing based on group permissions. Walk through the example on pages 136-137. Teaching Tip: Review Table 9-4, which summarizes the steps for setting and removing the SUID, SGID, and Sticky Bit permission sets.

4. Access Control Lists (ACLs) Teaching Note: This section explains the need for ACLs and describes how they work, enabling the owner of a file to give permissions for specific users and groups. Teaching Tip: Demonstrate the setfacl command in several examples, using the syntax provided on page 140. Refer to Example 9-3 on pages 140-141. Teaching Tip: Explain the purpose of a mask value, to temporarily disable or restrict ACLs. Refer to Examples 9-4 and 9-5 on page 141, and walk students through what is happening there. Teaching Tip: Show how to set default ACLs with the -m option with the setfacl command. The syntax is default:what:who:permission. Refer to Examples 9-6 and 9-7 on page 142. 5. Changing Ownership Teaching Note: This section introduces the chown and chgrp commands to change the user and group owner. Teaching Tip: There are several ways to use the chown command. Refer to the examples in Table 9-5 and the options presented in Table 9-6. Compare these to the chgrp command and its options in Table 9-7. Teaching Tip: Make sure students understand that only the root user can change the owner of a file. To change the group owner of a file, the user who executes the command must own the file and be a member of the new group receiving the ownership of the file. 6. File Attributes Teaching Note: This section explains file attributes and their role in permissions. Teaching Tip: Review the file attributes in Table 9-8 that pertain to system security: a, A, e, i, and u. Refer to Table 9-9 for the options for the chattr command. 7. Introduction to SELinux Teaching Note: This section introduces Security Enhanced Linux (SELinux) and explains its role in impacting file and directory permissions. SELinux allows processes to be “locked down” so each can only access a certain set of files. Teaching Tip: Demonstrate how to use the getenforce command to determine whether SELinux is installed. Then, demonstrate setenforce 0 to disable the SELinux security policy. Show examples of using SELinux to set a security context for a file or directory.

ACTIVITIES FOR CLASS I.

Discussion Topics Question 1: Why is the SUID permission often applied to files that are owned by the root user? Answer 1: Doing so allows others who need to use those programs from doing so without having to actually log in as the root user. Question 2: What does the sticky bit permission do?

Answer 2: It changes the behavior of the write permission, when applied to a directory. Users can add files, as long as doing so would not overwrite another user’s file, but cannot delete from the directory unless they own the file or directory or are a system administrator. Question 3: What are some reasons you might want to make a file immutable with the chattr command? Answer 3: Answers will vary, but will all involve situations where a file should never change. For example, you could set the passwd file to be immutable, so no users could be added and no passwords could be changed. It adds an extra layer of security. II.

Exercises and Activities Lab Exercises: Assign one or more of the following lab exercises: • • • • •

9.1 Manage file permissions 9.2 Manage special permissions 9.3 Enable Access Control Lists 9.4 Manage file attributes 9.5 Monitor security issues with SELinux

Web Search Exercise: Locate at least three websites that have good SELinux references. Evaluate them in terms of completeness and ease of use. Select a favorite, and write a paragraph explaining why you chose that site over the others. Review Key Terms: Review these terms from the chapter. If desired, you can create a matching exercise from these words, matching the terms to their definitions. Permission

Mask

SUID

sticky bit

Access control list

SELinux

SGID

WEB RESOURCES SELinux Wiki: www.selinuxproject.org Opensource.com - A Sysadmin’s Guide to SELinux: 42 Answers to the Big Questions: https://opensource.com/article/18/7/sysadmin-guide-selinux Linux.com - Understanding Linux File Permissions: https://www.linux.com/learn/understanding-linux-filepermissions

INSTRUCTOR’S GUIDE TO ACCOMPANY LINUX ESSENTIALS FOR CYBERSECURITY CHAPTER 10 MANAGE LOCAL STORAGE: ESSENTIALS CHAPTER OBJECTIVES When students have finished reading this chapter and completing the exercises, they will be able to do the following: • • • •

Create partitions and filesystems Perform advanced filesystem manipulation tasks Mount partitions manually and automatically Create and activate swap devices

CHAPTER OVERVIEW The focus of this chapter is the key concepts and essential management of local storage devices. You start by learning some key concepts, including what partitions and filesystems are and how they play an essential role on a Linux operating system. You then learn how to create partitions and filesystems, followed by how to make these new storage devices available to the operating system. We complete this chapter by diving into the topic of swap devices, which are devices used to provide virtual memory space.

CHAPTER OUTLINE 1. Filesystem Essentials a. Partitions b. Filesystems c. Why So Many Partitions/Filesystems? d. Which Partitions/Filesystems Should Be Created? 2. Filesystem Types a. Managing Partitions i. MBR ii. GPT iii. Creating MBR Partitions b. Creating Filesystems c. Ext-Based Filesystem Tools i. fsck.* ii. dumpe2fs iii. tune2fs iv. debugfs d. Xfs-Based Filesystem Tools i. xfsdump and xfsrestore ii. xfs_info iii. xfs_check and xfs_repair e. Additional Filesystem Tools

i. du ii. df 3. Mounting Filesystems a. The unmount Command b. The mount Command c. Mounting Filesystems Manually d. Problems Unmounting Filesystems e. Mounting Filesystems Automatically f. Device Descriptors g. Mount Options h. Mounting Removable Media i. Swap Space j. Creating Swap Devices

TEACHING NOTES AND TIPS PER TOPIC 1. Filesystem Essentials Teaching Note: This section explains the basics of the Linux filesystem, including partitions, physical filesystems, and virtual filesystems. It also explains why many Linux installations have several partitions, and why students may want multiple partitions on their systems. Teaching Tip: What the book calls a virtual file system, some other references may call a folder tree or folder structure. It is the hierarchy of directories on the volume. The top level, or root level, is signified by a forward slash (/). Teaching Tip: Explain mount points, which is how physical filesystems are merged together into virtual file systems, which is what the user sees as the directory structure. The root directory is the usual mount point, but other directories such as /var and /usr can also be mount points. Teaching Tip: Review the list of directories that the book recommends be mount points for separate physical file systems on page 155, and discuss why each is recommended. 2. Filesystem Types Teaching Note: This section explains the various filesystem types for Linux, such as ext2, ext3, ext4, xfs, btrfs, USF, ISO9660, and HFS. It also covers how to manage MBR and GPT partitions. Teaching Tip: Students who have been in IT for awhile are probably already familiar with MBR, the traditional partition type. Ask them what they already know about MBR partitions. Teaching Tip: The best way to practice working with partitions and filesystems is in a virtual machine because it is much easier to add drives. Have students use fdisk, parted, and mkfs to commission several partitions and volumes. Teaching Tip: Review the ext-based and xfs-based filesystem tools covered starting on page 161. For ext they include fsck.*, dumpe2fs, tune2fs, and debugfs. For xfs, they are xfsdump, xfsrestore, xfs_info, xfs_check, and xfs_repair. Show examples of as many of these as you have available. Teaching Tip: Point out that not all Linux distributions have the xfs filesystem available. To practice xfs cmmands, use CentOS 7 because xfs is its default filesystem. 3. Additional Filesystem Tools

Teaching Note: This section introduces the du and df commands, which display information about filesystems. They are both independent of the filesystem type. Teaching Tip: The du command estimates the amount of disk space usage in a directory structure. Point out the options in Table 10-4, the -h option and the -s option. The df command displays usage of partitions and logical drives. Its options are summarized in Table 10-5: the -h option and the -i option. 4. Mounting Filesystems Teaching Note: This section introduces the commands used to mount and unmount file systems manually, and how to modify the system to automatically mount filesystems during the boot process by creating entries in the /etc/fstab file. Teaching Tip: Have students practice the mount and unmount commands. A virtual machine’s filesystems work fine for this. Review the examples starting on page 171, especially the section on mounting filesystems manually starting on page 173. Then, review the section “Problems Unmounting File Systems” on page 174 to look at some common errors. Teaching Tip: Discuss the value of using labels for device names rather than names that describe the drive’s position in the physical system. Teaching Tip: Review the mount options on pages 177-178, which affect the filesystem’s behavior. Refer to Table 10-8 as needed.

ACTIVITIES FOR CLASS I.

Discussion Topics Question 1: What are some reasons you might want to create multiple partitions on a Linux system? Answer 1: Some possible answers include • • • • •

Flexibility of mounting options Using different filesystem types Having different quota limits for different areas of the virtual filesystem Having different backup frequencies per filesystem Making /home, /var, and /tmp separate file systems so users will not fill up the entire physical drive if they store large files

Question 2: Under what circumstances might you use the ro option to mount a filesystem as read-only? Answer 2: It can help with troubleshooting a problem or attempting to identify a hacker’s backdoor without allowing problematic code to be executed. It could also be useful in a kiosk environment where the program files are well established and nobody should be able to change them. If you ever did need to change them you could unmount and re-mount the volume. II.

Exercises and Activities Lab Exercises: Assign one or more of the following lab exercises: • •

10.1 Create partitions and filesystems 10.2 Mount filesystems at boot

•

10.3 Manage swap devices

Web Search Exercise: There are varying opinions as to which is the “best” Linux filesystem to use and why. Find three different opinions online and summarize the most compelling arguments made for each of the filesystems. Review Key Terms: Review these terms from the chapter. If desired, you can create a matching exercise from these words, matching the terms to their definitions. physical filesystem

virtual filesystem

mount point

mounting

label

UUID

syncing

swap space

journal

snapshot

inode

WEB RESOURCES Opensource.com – Understanding Linux filesystems: ext4 and beyond: https://opensource.com/article/18/4/ext4filesystem Archlinux – File Systems: https://wiki.archlinux.org/index.php/file_systems General Overview of the Linux File System: https://www.tldp.org/LDP/intro-linux/html/sect_03_01.html

INSTRUCTOR’S GUIDE TO ACCOMPANY LINUX ESSENTIALS FOR CYBERSECURITY CHAPTER 11 MANAGING LOCAL STORAGE: ADVANCED FEATURES CHAPTER OBJECTIVES When students have finished reading this chapter and completing the exercises, they will be able to do the following: • • • • •

Create and mount encrypted filesystems Manage autofs Manage logical volumes Set up disk quotas Manage hard and soft links

CHAPTER OVERVIEW The focus of this chapter is managing advanced local storage device features. The first part of this chapter covers encrypting filesystems so you can secure mobile devices. Next, the feature of autofs is explored. This feature allows you to automatically make devices appear in the directory structure when a user moves into a specific directory. This feature is useful for both local and remote storage devices. Remote storage devices are covered in Chapter 12, “Manage Network Storage.” Lastly, you learn the basics of logical volume management, a replacement for traditional partitions.

CHAPTER OUTLINE 1. Encrypted Filesystems 2. Managing autofs 3. Logical Volume Manager a. Logical Volume Manager Concepts i. Advantages of LVM on a System with a Single Drive b. LVM Essentials i. Extents ii. Logical Volumes iii. Device Naming c. Using Logical Volumes and Additional LVM Commands i. Displaying LVM Information ii. Additional LVM Commands d. Resizing Logical Volumes e. LVM Snapshots 4. Disk Quotas a. Setting Up a disk Quota for a Filesystem b. Editing, Checking, and Generating User Quota Reports i. quotaon ii. edquota

iii. quota iv. repquota 5. Hard and Soft Links a. Why Use Links? b. Creating Links c. Displaying Linked Files

TEACHING NOTES AND TIPS PER TOPIC 1. Encrypted Filesystems Teaching Note: This section explains the difference between file-level encryption and filesystem-level. It shows how to use cryptsetup and cryptmount to mount an encrypted filesystem. Teaching Tip: Explain the LUKS standard and its place in Linux security. It is not an official standard, and does not provide any software. You can apply LUKS using any of a variety of software tools. Teaching Tip: Demonstrate using the DMCrypt kernel module and the cryptsetup and cryptmount commands to set up and mount an encrypted filesystem. 2. Managing autofs Teaching Note: This section explains the purpose of autofs and describes how to configure the auto.master file. Teaching Tip: Review Table 11-1 for the default /etc/auto.master settings, and discuss how you would use each of these settings. Then cover the auto.misc file, an example of which appears in Example 11-3 on page 188. 3. Logical Volume Manager Teaching Note: This section describes LVM, which can be used in place of traditional partition management. Using LVM you can incorporate new storage space into an existing storage device, essentially extending the capacity of a device that already contains a filesystem. Teaching Tip: LVM provides a lot of the benefits of RAID, but id doesn’t provide redundancy. Discuss how you can solve this problem by creating software RAID 1 devices and including them as storage devices in your LVM. Teaching Tip: Discuss how LVM can benefit a system that has a single hard disk. Refer to page 191 for ideas. Teaching Tip: Introduce the concept of physical extents, and compare them to the concept of clusters, or allocation units. 4. Disk Quotas Teaching Note: This section explains the purpose of disk quotas and how to implement them. Teaching Tip: Make sure students can explain the difference between hard and soft limits in disk quotas. Teaching Tip: Quotas are applied to entire filesystems, not individual directories. Discuss how this is one reason to use multiple filesystems on a single system.

Teaching Tip: Demonstrate the use of the essential commands for editing, checking, and generating user quota reports. Turn quotes on with quotaon. Create or edit a user quota using edquota. Display quota information with quota or repquota. 5. Hard and Soft Links Teaching Note: This section introduces the concepts of hard links and soft links and shows how to create them. Teaching Tip: A soft link is similar to a shortcut in Windows. The soft link isn’t the original file; it just points to it. In contrast, a hard link is an actual copy of the original file, to the point where you can’t distinguish which is the original and which is the copy. Deleting one does not affect the existence or access of the other one. Teaching Tip: Differentiate between a hard link and a copy. A copy can be modified separately from the original; a hard link keeps the copies synchronized with each other.

ACTIVITIES FOR CLASS I.

Discussion Topics Question 1: Why is encrypting a filesystem better and more secure than encrypting the individual files? Answer 1: Answers will vary. Some of the reasons are that it is much less tedious to set up, less information is available about the encrypted files to unauthorized users (such as metadata), and encrypting the entire filesystem prevents security lapses from users forgetting to encrypt new files and directories when they create them. Question 2: Describe some situations where using LVM might be useful. Answer 2: LVM incorporates many of the benefits of RAID, or of Microsoft Dynamic Disks in Windows. It can help you combine multiple physical storage devices to create a single logical storage device. It can also add space to existing filesystems without reformatting. It also enables striping, so you can have data written to multiple hard disks concurrently, increasing I/O speed. It can also take a snapshot that allows you to back up an image of the filesystem.

II.

Exercises and Activities Lab Exercises: Assign one or more of the following lab exercises: • • • •

11.1 Manage encrypted filesystems 11.2 Configure Logical Volumes 11.3 Administer disk quotas 11.4 Manage hard and soft links

Web Search Exercise: LVM is great, but it’s not foolproof. Problems do occur. What are some of the most common problems people have with LVM? Make a list of at least five problems that people frequently have with LVM and some fixes for them. Review Key Terms: Review these terms from the chapter. If desired, you can create a matching exercise from these words, matching the terms to their definitions.

LUKS

autofs

LVM

snapshot

WEB RESOURCES Linux.com – How to Encrypt a Linux File System with DM-Crypt: https://www.linux.com/learn/how-encryptlinux-file-system-dm-crypt Hard Link Definition: http://www.linfo.org/hard_link.html GeeksforGeeks – Soft and Hard Links in Unix/Linux: https://www.geeksforgeeks.org/soft-hard-links-unixlinux/ DigitalOcean – An Introduction to LVM Concepts, Terminology, and Operations: https://www.digitalocean.com/community/tutorials/an-introduction-to-lvm-concepts-terminology-and-operations Opensource.com – A Linux User’s Guide to Logical Volume Management: https://opensource.com/business/16/9/linux-users-guide-lvm LVM HOWTO: http://www.tldp.org/HOWTO/LVM-HOWTO/index.html

INSTRUCTOR’S GUIDE TO ACCOMPANY LINUX ESSENTIALS FOR CYBERSECURITY CHAPTER 12 MANAGE NETWORK STORAGE CHAPTER OBJECTIVES When students have finished reading this chapter and completing the exercises, they will be able to do the following: • • • •

Create and access Samba shares Create and access NFS shares Share storage locations via iSCSI Use an iSCSI resource on a client system

CHAPTER OVERVIEW This chapter introduces several ways to provide users with the ability to transfer files from one system to another, including a SAMBA server, Network File System (NFS) servers, and iSCSI.

CHAPTER OUTLINE 1. Samba a. Samba Configuration i. The [global] Section ii. The [homes] Section iii. The [printers] Section iv. Custom Shares b. Samba Server c. Samba Accounts i. Mapping Local Accounts ii. Accessing SAMBA Servers iii. Mounting SAMBA Shares 2. Network File System a. Configuring an NFS Server i. The /etc/exports File ii. User ID Mapping iii. NFS Server Processes iv. Understanding portmap v. NFS Server Commands b. Configuring an NFS Client 3. iSCSI

TEACHING NOTES AND TIPS PER TOPIC 1. Samba Teaching Note: This section introduces SAMBA server, which can make it easier to transfer files between different operating systems. It covers key configuration settings and how to share a directory or printer using the SAMBA server, as well as how to secure these shares with SAMBA user accounts. Teaching Tip: To explain what SAMBA is, you must first explain the concept of server message blocks (SMB). SAMBA is Linux-based software that allows for SMB sharing. Teaching Tip: Describe the three separate SAMBA packages to consider installing: SAMBA (the server), SAMBA-client (the client programs), and SAMBA-common (a package that contains software used both by the client and the server). A fourth package, SAMBA-swat, provides a web-based interface SAMBA administration tool. Teaching Tip: Open the /etc/SAMBA/smb.conf file and explain its contents or refer to Example 12-1 on page 215. Demonstrate running the testparm command to verify the cyntax of the configuration file, or refer to Example 12-2 on page 219. Teaching Tip: Demonstrate creating a SAMBA user account using the smbpasswd command and discovering SAMBA servers in your workgroup with the nmblookup command. Demonstrate accessing a specific share with the smbclient command. 2. Network File System Teaching Note: This section introduces NFS, a distributed file system (DFS) protocol that is an alternative to SAMBA. Teaching Tip: Point out that NFS requires the RPC service, which allows interaction between the NFS client and server. RPC is provided by the portmap utility. Teaching Tip: Show an example of the /etc/exports file, which is the primary configuration file for the NFS server. Teaching Tip: Discuss what the author means at the top of page 226 when he says, “This is one of the reasons why you do not see NFS used outside of a LAN.” What security risks are created by the use of NFS? 3. iSCSI Teaching Note: This section describes the use of iSCSI as a network storage solution based on the SCSI communication protocol. Teaching Tip: Review the key terms at the bottom of page 231; these are important to know in order to understand how iSCSI works. Teaching Tip: Point out the important notes at the top of page 236 for configuring and using iSCSI.

ACTIVITIES FOR CLASS I.

Discussion Topics Question 1: How is iSCSI fundamentally different from file-sharing services like Samba and NFS? Answer 1: Samba and NFS are commonly referred to as NAS, or Network-Attached Storage. They are designed to share a portion of a filesystem. iSCSI provides a client system with a device that works like a local hard disk, but is remotely located. Question 2: What advantages and disadvantages does NFS have compared to Samba? Answer 2: Depending on the version of NFS, it can provide better performance than Samba, especially with large file transfers and all-Linux networks. However, Samba provides better security and is simpler to configure.

II.

Exercises and Activities Lab Exercises: Assign one or more of the following lab exercises: • • •

12.1 Configure Samba 12.2 Administer NFS 12.3 Manage iSCSI

Web Search Exercise: Find at least two websites that provide more thorough coverage of iSCSI than is provided in the textbook. Evaluate the two sites. Choose which one you think is better, and write a paragraph explaining why you chose the one you did, along with at least four things you learned about iSCSI from it that the textbook did not include. Review Key Terms: Review these terms from the chapter. If desired, you can create a matching exercise from these words, matching the terms to their definitions. SMB

DFS

CIFS

NetBIOS

Active Directory

RPC

user ID mapping

TCP wrappers

iSCSI

target

initiator

WWID

LUN

WEB RESOURCES Samba: https://www.samba.org/ Microsoft – Deploy Network File System: https://docs.microsoft.com/en-us/windows-server/storage/nfs/deploynfs Microsoft – Network File System Overview: https://docs.microsoft.com/en-us/windows-server/storage/nfs/nfsoverview Datamation – Best Linux File Sharing Tips: https://www.datamation.com/open-source/best-linux-file-sharingtips.html

Varonis - CIFS vs. SMB: What’s the Difference?: https://blog.varonis.com/cifs-vs-smb/ How-To Geek – How to Share Files Between Windows and Linux: https://www.howtogeek.com/176471/how-toshare-files-between-windows-and-linux/

INSTRUCTOR’S GUIDE TO ACCOMPANY LINUX ESSENTIALS FOR CYBERSECURITY CHAPTER 13 DEVELOP A STORAGE SECURITY POLICY CHAPTER OBJECTIVES When students have finished reading this chapter and completing the exercises, they will be able to do the following: • • •

Develop a security plan for securing storage devices Create a backup strategy Utilize backup utilities

CHAPTER OVERVIEW Securing storage devices poses a challenge because often the individuals who compromise these devices already have valid access to these systems. This chapter focuses on how to secure data using the skills you learned in Chapters 9–12. You also learn how to create backups of files and directories as well as develop a backup policy to ensure you can recover lost data.

CHAPTER OUTLINE 1. Developing the Plan 2. Backing Up Data a. Creating a Backup Strategy i. What Needs to Be Backed Up? ii. How Often? iii. Full or Incremental? iv. Where Will the Backup Be Stored? v. What Backup Tool Will Be Used? b. Standard Backup Utilities i. The dd Command ii. The tar Command iii. The rsync Command c. Third-Party Backup Utilities i. Amanda ii. Bacula

TEACHING NOTES AND TIPS PER TOPIC 1.

Developing the Plan Teaching Note: This section provides a list of security considerations for storage devices.

Teaching Tip: Provide students with some scenarios and ask them to discuss what the security policies should include in each of the following areas: • • • • 2.

How will sensitive data be protected from prying eyes? Where will the data be stored? How and how often will the data be backed up, and where will backups be stored? What data recovery system should be in place?

Backing Up Data Teaching Note: This section discusses how to develop a consistent and effective backup strategy for important storage resources. Teaching Tip: Provide students scenarios (perhaps the same scenarios as in the previous section’s discussion), and ask them to develop sensible rules/policies for each of the following factors. • • • • •

What needs to be backed up? How often must the backup occur? Full or incremental backups? Where will the backups be stored? What backup tool will be used?

Teaching Tip: Review the examples in the “Full or Incremental?” section beginning on page 243. Figure 13-1 shows an incremental backup. Figure 13-2 shows a differential backup (although the textbook does not call it that). Discuss the pros and cons of each of these two approaches. Teaching Tip: Ask students which of the backup utilities discussed in this chapter that they have encountered before, and what their experiences with them have been.

ACTIVITIES FOR CLASS I.

Discussion Topics Question 1: What are the most important directories to include when backing up a Linux system? Answer 1: Refer to Table 13-1 on page 242 for a good list of these. See how many the students can name on their own before referring to the table. Question 2: Are there some directories that do not need to be backed up? If so, what are they, and why? Answer 2: Directories that hold temporary files do not need to be backed up. These include all the locations on the list at the top of page 243. Depending on the situation, there may also be other files or directories that you choose not to back up as well. For example, you might choose not to back up archive files containing applications that you have downloaded (and could easily download again if needed).

II.

Exercises and Activities Lab Exercises: Assign one or more of the following lab exercises: • •

13.1 Backup a filesystem 13.2 Develop a backup security policy

Web Search Exercise: Backups need not be performed by an internal IT department. There are many cloud-based backup services available for businesses of all sizes, as well as for personal computer systems. Suppose you have a company with about 20 servers and 2,000 end-users. Find two cloud-based backup systems and create a spreadsheet that compares their costs and benefits. Review Key Terms: Review these terms from the chapter. Tower of Hanoi

tape device

Amanda

Bacula

tar ball

WEB RESOURCES Advanced Maryland Automatic Network Disk Archiver (Amanda): http://www.amanda.org/ Bacula.org: http://blog.bacula.org/ TecMint – 22 Outstanding Backup Utilities for Linux Systems in 2018: https://www.tecmint.com/linux-systembackup-tools/ ArchLinux – Synchronization and Backup Programs: https://wiki.archlinux.org/index.php/Synchronization_and_backup_programs

INSTRUCTOR’S GUIDE TO ACCOMPANY LINUX ESSENTIALS FOR CYBERSECURITY CHAPTER 14 CRONTAB AND AT CHAPTER OBJECTIVES When students have finished reading this chapter and completing the exercises, they will be able to do the following: • • • •

Set up user crontab tables Administer system crontab tables Configure a command to execute once in the future with the at command Secure the crontab and at commands by limiting which users can schedule tasks using these commands

CHAPTER OVERVIEW This chapter covers the crontab and at automation tools, including how a system administrator can secure them from misuse. The crontab system allows users to execute programs at regular intervals, such as once a month or twice a week. The at system provides users with a way to execute a program at one specific time in the future.

CHAPTER OUTLINE 1. Using crontab a. Configure User Access to the cron Service b. /etc/crontab c. /etc/anacrontab 2. Using at a. atq b. atrm c. Configure User Access to at Services

TEACHING NOTES AND TIPS PER TOPIC 1.

Using crontab Teaching Note: This section introduces the crontab command, which allows a user to view or modify their crontab file. The crontab file enables a user to schedule a command to be executed on a regular basis, such as once an hour or twice a month. Teaching Tip: Explain the structure of the crontab file; it is a table. The fields in this table are described in Table 14-2.

Teaching Tip: Show how to create a crontab entry by executing the crontab command with the -e option. That option opens the crontab file in an editor (by default the vi editor). Refer to Table 14-1 for other options you can use with the crontab command. Teaching Tip: Demonstrate how to alter configuration files so that a user can use the crontab commands. The applicable files are /etc/cron.deny and etc/cron.allow. Table 14-3 provides some details about how they work. Teaching Tip: Explain the difference between the user’s crontab file and the system-level crontab file at /etc/crontab. Point out the run-parts for different intervals, such as etc/cron.hourly, etc/cron.daily, and so on. These files are often hacker targets for placing backdoors into the system. 2.

Using at Teaching Note: This section shows how to use the at command to schedule commands to be executed at one specific time in the future. Teaching Tip: Demonstrate the at command and note that it changes the command prompt to at> when it is active. You can then type multiple commands that should execute at the specified time. Use Ctrl+d to end the entry and create the at job. Teaching Tip: Explain that an at job is for the current user only. The atq command lists all the current user’s at jobs, which can tell you the job number of a particular job. The atrm command removes an at job (specified by its job number) before it is executed. Teaching Tip: Point out that, like the crontab command, the at command has /etc/at.deny and /etc/at.allow files to control who has access to the at command.

ACTIVITIES FOR CLASS I.

Discussion Topics Question 1: When would crontab be appropriate instead of the at command, and vice-versa? Answer 1: The crontab command enables you to schedule regularly occurring activities; the at command is for one-time-use only. Therefore, you would use crontab for anything that needs to happen repeatedly, as a time-saver, such as initiating a backup or other disk maintenance, for example. Question 2: How might a hacker user crontab to compromise a system’s security? Answer 2: Answers will vary. Suppose, for example, that a hacker gains root access to the system, but knows the breach will be discovered and his account will be terminated soon. He adds a line to the etc/cron.daily file that recreates the conditions that allowed him to gain access to the system every day. Until this addition to the cron.daily file is discovered and fixed, the hacker will continue to be able to access the system.

II.

Exercises and Activities Lab Exercises: Assign one or more of the following lab exercises: • •

14.1 Manage crontab 14.2 Configure at commands

Web Search Exercise: The text does not go into great detail about the syntax for expressing time specifications using the at command. Find this information online and summarize it. Review Key Terms: Review these terms from the chapter. at

daemon

crontab

WEB RESOURCES Crontab – Quick Reference: http://www.adminschoice.com/crontab-quick-reference Crontab.org: http://crontab.org/ Computer Hope – Linux crontab Command: https://www.computerhope.com/unix/ucrontab.htm

INSTRUCTOR’S GUIDE TO ACCOMPANY LINUX ESSENTIALS FOR CYBERSECURITY CHAPTER 15 SCRIPTING CHAPTER OBJECTIVES When students have finished reading this chapter and completing the exercises, they will be able to do the following: • •

Describe key features of different scripting languages, including Perl, Python, and BASH scripting Create and read BASH scripts

CHAPTER OVERVIEW Scripting is creating small programs based on the Linux commands that you want to routinely (or occasionally) execute. Scripting also provides some programming features, such as flow control and the passing of parameters to the script. In this chapter, you will learn how to create and read BASH shell scripts.

CHAPTER OUTLINE 1. Linux Programming a. BASH Shell Scripting b. Perl Scripting c. Python Scripting 2. Basics of BASH Scripting a. Conditional Expressions i. Integer Comparisons ii. File Test Comparisons 3. Flow Control Statements a. The while Loop b. The for Loop c. Loop Control d. The case Statement 4. User Interaction 5. Using Command Substitution 6. Additional Information

TEACHING NOTES AND TIPS PER TOPIC 1.

Linux Programming Teaching Note: This section differentiates between compiled and interpreted Linux programming languages and provides a brief overview of BASH, Perl, and Python scripting, which are all interpreted.

Teaching Tip: Point out that BASH shell scripting is essentially creating batch files that consist of valid Linux commands. In this way it is similar to writing your own .bat files in Windows/DOS. However, it does have some additional programming features, so you can use variables, loops, and exit status values. Teaching Tip: Use the find / -name “*.sh” | wc -1 command to find the BASH shells scripts on a Linux system and then open up a few of the found scripts for inspection by the class. Teaching Tip: Review the advantages of Perl and its common uses on page 266. Do the same for Python on page 267. Invite students to create a spreadsheet summarizing and comparing Perl and Python. 2.

Basics of BASH Scripting Teaching Note: This section provides a start at creating BASH scripts, including how to start and end a script, how to save it, and how to include conditional expressions. Teaching Tip: Show the if statement example on page 269 and explain if, elif, and fi. Review Example 15-1 on pages 269-270. Point out the significance of the spacing around the square brackets. Teaching Tip: Review the integer and file test comparison codes on page 271.

Flow Control Statements Teaching Note: This section explains several additional ways to control the program flow in addition to if statements: while, until, case, and for. Teaching Tip: Review the four flow control methods provided in the text. Show your own examples for the ones that don’t have examples in the text. Teaching Tip: When discussing the while loop, make sure you explain the egrep command in the example, as well as the > /dev/null 2>&1.

User Interaction Teaching Note: This section explains how to gather user input and use it as a variable. Teaching Tip: Review Example 15-4 on page 273, which shows how to use the read statement to prompt the user to provide information.

Using Command Substitution Teaching Note: This section shows how to execute a subcommand within a larger command. Teaching Tip: Explain both methods of command substitution: the $(cmd) method and the `cmd` method. Note that the ` symbol is not a standard apostrophe—it is the backtick character. This symbol is usually above the Tab key on most keyboards.

Additional Information Teaching Note: This section provides two resources for getting information about BASH scripts: the man page (man bash) and a website (http://tldp.org).

ACTIVITIES FOR CLASS I.

Discussion Topics Question 1: In what situations would Perl be the best choice of scripting tool? In what situations would Python be? Answer 1: Answers will vary. Perl is a very flexible language, and easy to learn, so you might use it for a quick script that is designed for temporary use, or for simple and informal projects. Python is more structured (more consistency), so it might be a good choice for a large project with multiple developers. Question 2: What are some reasons you might use flow control statements in a BASH script that executes a series of Linux commands? Answer 2: Answers will vary. There are many possible reasons. For example, you might check to see what the date and time is, and if it is within a certain time range, a certain command might execute. Or you might run one of three different scripts depending on an evaluation of whether or not a statement was true.

II.

Exercises and Activities Lab Exercises: Assign one or more of the following lab exercises: • •

15.1 Script project #1 15.2 Script project #2

Web Search Exercise: In the Additional Information section at the end of the chapter, a website is referenced that the author says is out of date. Find at least three other websites that provide useful guidance for Bash scripting and are more up-to-date. Review Key Terms: Review these terms from the chapter. If desired, you can create a matching exercise from these words, matching the terms to their definitions. Perl

Python

conditional expression

variable

WEB RESOURCES The Linux Documentation Project: http://tldp.org The Perl Programming Language: https://www.perl.org Perl.com: https://www.perl.com Python.org: https://www.python.org Python for Beginners: https://www.python.org/about/gettingstarted Ryans Tutorials – What is a Bash Script?: https://ryanstutorials.net/bash-scripting-tutorial/bash-script.php BASH Programming – Introduction HOW-TO: http://tldp.org/HOWTO/Bash-Prog-Intro-HOWTO.html Advanced Bash-Scripting Guide: https://www.tldp.org/LDP/abs/html/ Bash Guide for Beginners: https://www.tldp.org/LDP/Bash-Beginners-Guide/html/

Bash Scripting Tutorial: https://linuxconfig.org/bash-scripting-tutorial

INSTRUCTOR’S GUIDE TO ACCOMPANY LINUX ESSENTIALS FOR CYBERSECURITY CHAPTER 16 COMMON AUTOMATION TASKS CHAPTER OBJECTIVES When students have finished reading this chapter and completing the exercises, they will be able to do the following: •

Plan common automation tasks

CHAPTER OVERVIEW This chapter explores some common automation use case and provides demonstration scripts and crontab entries.

CHAPTER OUTLINE 1. Exploring Scripts that Already Exist on Your System a. The /etc/cron.* Directories i. logrotate ii. man-db.cron iii. mlocate b. Repositories 2. Creating Your Own Automation Scripts

TEACHING NOTES AND TIPS PER TOPIC 1.

Exploring Scripts that Already Exist on Your System Teaching Note: This section directs students toward scripts that run on regular schedules on their current systems, as well as some BASH shell repositories online. Teaching Tip: Remind students that they learned about /etc/cron in Chapter 14, with its subdirectories based on how often scripts should run (hourly, daily, weekly, or monthly). Teaching Tip: Show the contents of several of the existing scripts, or if that’s not possible, refer students to the examples in the text. The logrotate example (pp. 276-277) has some useful explanation and commentary following the sample script. Teaching Tip: Explain the difference between find and locate commands. Explain the connection between the locate command and the mlocate script.

Creating Your Own Automation Scripts

Teaching Note: This section offers some best practices when writing your own scripts, such as deciding which routine activities would benefit from scripting, delaying a script’s running with cron or at, and scheduling a job to run regularly with the crontab file.

ACTIVITIES FOR CLASS I.

Discussion Topics Question 1: What is the point of studying existing scripts on your system and looking at repositories of scripts online? Answer 1: Existing scripts will model the correct syntax and command usage for you, which can be useful when you are learning to write your own scripts. They can also give you ideas for how to handle basic actions such as user input and flow control, which you learned about in Chapter 15. Question 2: How can you be sure to “keep legal” when using scripts that others have written? Answer 2: There is no one type of licensing for scripts; a script’s creator can specify any terms they like, and you must agree to them in order to use the script. Look in the code itself for licensing restrictions or a website reference that may provide license information. If that doesn’t provide the needed information, contact the owner of the script (or the site where you found the script) directly.

II.

Exercises and Activities Lab Exercises: Assign one or more of the following lab exercises. Note that the project numbers begin with “15” even though this is Chapter 16. • •

15.3 Script project #3 15.4 Script project #4

Web Search Exercise: Find at least three other Bash script repositories besides the ones listed at the end of this chapter. Rank them from most to least useful based on your browsing of the site. Factors that make a site useful might include ease of browsing, ease of searching, number of scripts available, and quality of scripts. Review Key Terms: Review these terms from the chapter. If desired, you can create a matching exercise from these words, matching the terms to their definitions. Exit status

sourcing

repository

WEB RESOURCES John Chambers’ Directory of Useful Tools: http://trillian.mit.edu/~jc/sh Cameron Simpson’s Scripts: https://cskk.ezoshosting.com/cs/css

INSTRUCTOR’S GUIDE TO ACCOMPANY LINUX ESSENTIALS FOR CYBERSECURITY CHAPTER 17 DEVELOP AN AUTOMATION SECURITY POLICY CHAPTER OBJECTIVES When students have finished reading this chapter and completing the exercises, they will be able to do the following: • •

Create a security policy for the use of crontab and at Create a security policy for BASH scripts

CHAPTER OVERVIEW Now that you have learned how to automate processes (Chapter 14, “crontab and at”) and create BASH scripts (Chapter 15, “Scripting,” and Chapter 16, “Common Automation Tasks”), it is time to learn how to create a security policy for these features. This chapter focuses on what you should consider when creating an automation security policy.

CHAPTER OUTLINE 1. Securing crontab and at 2. Securing BASH Scripts a. Access to Scripts b. Script Contents c. Dealing with Data d. Shell Settings e. Shell Style

TEACHING NOTES AND TIPS PER TOPIC 1.

Securing crontab and at Teaching Note: This section discusses using /etc/at.allow and /etc/at.deny and the equivalent cron files to determine who can use the at and cron commands, and the considerations for writing these into your security policy. Teaching Tip: This section has a fairly long list of specific permission sets along with recommended settings for each one. Ask students to practice deciphering the permissions by stating what the read, write, and execute permissions are for the user, group, and others. Teaching Tip: Remind students that removing a user’s ability to use the crontab and at commands only prevents them from creating more jobs, not running existing ones.

Securing BASH Scripts Teaching Note: This section outlines some security features you should consider when creating a security policy for BASH scripts. Teaching Tip: Ask students to think of examples of scripts that everyone should be able to use, and ask them where they would place those scripts to ensure everyone could do so. Teaching Tip: Discuss: the author recommends performing validity checks on all user-related data. Why would this be a good security practice? Teaching Tip: Why is it good security practice to use shell settings such as set -u and set -e?

ACTIVITIES FOR CLASS I.

Discussion Topics Question 1: Why should you not place a SUID or SGID permission in a BASH script? Answer 1: A hacker who knows BASH can take advantage by running extra commands from the script, which could provide access to files that the hacker would not normally be able to access. Question 2: Why should scripts be free of sensitive data, such as user names and password? Answer 2: In order to execute a script, read permission has to be enabled. That means that, unlike with most system binary commands, a user can see everything in any BASH script that he or she has permission to run.

II.

Exercises and Activities Lab Exercises: Assign one or more of the following lab exercises: • •

17.1 Secure crontab and at 17.2 Create an automation security policy

Web Search Exercise: The Shell Style section mentions the Google Shell Style Guide, which contains some best practices for shell scripts. Find at least other four online articles on setting policies for shell scripts. In each article, find one useful tip that was not mentioned in this chapter. Review Key Terms: This chapter has no key terms. If you would like to do a vocabulary review for this chapter anyway, here are some terms you could use. crontab command

etc/cron.allow

etc/cron.deny

Etc/at.allow

Etc/at.deny

at command

BASH script

read command

set -u

set -f

set -e

WEB RESOURCES Google Shell Style Guide: https://google.github.io/styleguide/shell.xml

Helpsystems – How to Automate Security Policy Enforcement: https://www.helpsystems.com/blog/howautomate-security-policy-enforcement Redhat – Security Policy: https://access.redhat.com/documentation/enus/red_hat_enterprise_linux/7/html/installation_guide/sect-security-policy-x86 Automating Security Compliance with Ease: https://rhelblog.redhat.com/2018/06/19/automating-securitycompliance-with-ease/ BeyondTrust – Improving Efficiency in IT Administration via Automated Policy Workflows in UNIX/Linux: https://www.beyondtrust.com/wp-content/uploads/Improving-IT-Administration-Efficiency.pdf

INSTRUCTOR’S GUIDE TO ACCOMPANY LINUX ESSENTIALS FOR CYBERSECURITY CHAPTER 18 NETWORKING BASICS CHAPTER OBJECTIVES When students have finished reading this chapter and completing the exercises, they will be able to do the following: • • • • •

Explain essential network terminology Define network addresses, including subnetting Describe common network ports Identify the primary differences between IPv4 and IPv6 Describe common network protocols

CHAPTER OVERVIEW This chapter discusses some essential network terms, including hosts, IP addresses, and protocols. It also includes a discussion of subnetting and network ports.

CHAPTER OUTLINE 1. Network Terminology 2. IPv4 Versus IPV6 3. IPv4 Addresses a. Determining a Network Address from an IP Address and Subnet b. Private IP Addresses 4. Common Protocol Suites 5. Network Ports

TEACHING NOTES AND TIPS PER TOPIC 1.

Network Terminology Teaching Note: This section introduces some network concepts and terms, including LAN/WAN, packets, IP addresses, ports, subnets, servers, and clients. The concepts in this section are basic and many students will already be familiar with them, but it’s a good idea to review them anyway to catch any students who may not have previously studied networking. Teaching Tip: Describe network communication using packets, and how routers read the packet headers and route traffic appropriately. Teaching Tip: Define protocols and discuss how different protocols are in effect at different levels of communication. This is made clear later, but mentioning it now may help some students avoid confusion.

IPv4 Versus IPV6 Teaching Note: This section defines IPv4 and IPv6 and explains their addressing. IPv4 is covered in detail in the next section, so no need to delve into it too deeply here. Teaching Tip: Review the differences between IPv4 and IPv6 in Table 18-1. Teaching Tip: Introduce the hexadecimal notation used in IPv6 and explain how it makes more addresses available, which is necessary due to the expansion of the Internet, which uses TCP/IP.

IPv4 Addresses Teaching Note: This section explains IPv4 addressing in more detail, including how it represents binary numbers in each octet. Teaching Tip: Use Figure 18-3 as a basis for describing the translation of binary to decimal numbering. Teaching Tip: Discuss classful addressing and refer to Table 18-2 to cover the five classes of addresses and their ranges. Teaching Tip: Explain how subnets fit into the class picture as well, although this may be a lot for less experienced students to take in. Use Table 18-3 to show some examples to help. Teaching Tip: Introduce the concept of private IP addresses, and make sure students can name the ranges that are in this category.

Common Protocol Suites Teaching Note: This section reviews several important protocol suites used in networking, including IP, TCP, UDP, and ICMP. Teaching Tip: Students may not be accustomed to separating the discussion of TCP from that of IP; they are normally grouped together. It is useful to understand that they work at different levels; you may want to show the OSI model or some other model to explain this conceptually.

Network Ports Teaching Note: This section explains the concept of a port and lists some common network ports and their assignments. Teaching Tip: Show the /etc/services file and discuss how it lists the ports to use for various services.

ACTIVITIES FOR CLASS I.

Discussion Topics Question 1: If you were the IT director for a large network, would you convert it from IPv4 to IPv6? How would you make that decision? Answer 1: IPv6 is the future, so when creating a new network, it’s an easy choice. However, it’s not a simple task to convert an existing network, so there should be a reason that makes it cost-effective. IPv6 has better security, although that security is primarily of benefit within the LAN. You are unlikely to run

out of IPv4 addresses even in the largest corporation’s network, so the main reason the Internet is switching to it is not applicable for a private network. Question 2: Review the common network ports in Table 18-5. What applications do you associate with each of these? Name as many as you can. Answer 2: Answers will vary. II.

Exercises and Activities Lab Exercises: Assign the following lab exercise: •

18.1 Explore networking components

Web Search Exercise: What is the status of the Internet’s changeover from IPv4 to IPv6? Look at some reputable news sites to find out, making sure that you are viewing articles only from the last year to make sure the information you find is current. Review Key Terms: Review these terms from the chapter. If desired, you can create a matching exercise from these words, matching the terms to their definitions. LAN

WAN

network packet

packet header

IP address

host

network

Ethernet

fiber optic

subnet

protocol

dotted decimal notation

hexadecimal notation

routing

DHCP

FTP

SSH

telnet

VLSM

CIDR

NAT

private IP addresses

TCP

UDP

ICMP

SMTP

DNS

HTTP

POP3

NTP

Net-BIOS

IMAP

SNMP

LDAP

HTTPS

SMTPS

syslog

LDAPS

IMAPS

WEB RESOURCES IP Address Basics: https://www.es.paessler.com/info/ip_address_basics_ii Subnet Calculator: https://www.adminsub.net/ipv4-subnet-calculator IP Address Classes: The Definitive Guide: https://www.routerfreak.com/definitive-guide-ip-address-classes/ Classes of IP Addresses: https://study-ccna.com/classes-of-ip-addresses/

INSTRUCTOR’S GUIDE TO ACCOMPANY LINUX ESSENTIALS FOR CYBERSECURITY CHAPTER 19 NETWORK CONFIGURATION CHAPTER OBJECTIVES When students have finished reading this chapter and completing the exercises, they will be able to do the following: • • • •

Configure network devices, both on the fly and persistently Define network routes Perform network troubleshooting tasks Configure wireless network devices

CHAPTER OVERVIEW This chapter explores how to configure network devices. It primarily focuses on Ethernet devices—the most common network device you will find on Linux systems. You learn how to assign an IP address and subnet mask to a network interface. You also discover how to configure routes as well as define the DNS servers your system will use. This chapter also explores wireless network device configuration in the event you need to configure networking on a laptop.

CHAPTER OUTLINE 1. Ethernet Network Interfaces a. Displaying Ethernet Port Configurations b. Changing Ethernet Port Settings c. Network Configuration Tools d. The arp Command e. The route Command f. The ip Command g. The hostname Command h. The host Command i. The dig Command j. The netstat Command 2. Persistent Network Configurations a. The /etc/hostname File (Universal) b. The /etc/hosts File (Universal) c. The /etc/resolv.conf File (Universal) d. The /etc/nsswitch.conf File (Universal) e. The /etc/sysctl.conf File (Universal) f. The /etc/sysconfig/network File (Red Hat) g. The /etc/sysconfig/network-scripts/ifcfg-interface-name Files (Red Hat) h. The /etc/network/interfaces File (Debian) 3. Network Troubleshooting Commands

a. The ping Command b. The traceroute Command c. The netcat Command 4. Access to Wireless Networks a. The iwconfig Command b. The iwlist Command

TEACHING NOTES AND TIPS PER TOPIC 1.

Ethernet Network Interfaces Teaching Note: This section explains how to configure Ethernet port interfaces. It looks at port configurations and settings, network configuration tools, and several network-related shell commands. Teaching Tip: The ifconfig command is one of the most essential; spend some time demonstrating this command and interpreting the results. Refer to Example 19-1 if you do not have a live PC to work with. Table 19-1 describes the key portions of the eth0 section of Figure 19-1’s output. Teaching Tip: The Windows command equivalent to ifconfig is ipconfig. Teaching Tip: Provide a basic demonstration of each of the commands presented in this section and discuss what each is useful for. The commands are: arp, route, ip, hostname, host, dig, and netstat.

Persistent Network Configurations Teaching Note: This section describes the files that you can edit to modify a network configuration. Some of the subsections are marked as Universal, meaning they occur in all distros. Others are marked for certain distro families, such as Red Hat. Teaching Tip: Provide a basic explanation of each of the files discussed in the subsections, as much as possible given your demo distro. The universal files (all are located in /etc) are: hostname, hosts, resolv.conf, nsswitch.conf, and sysctl.conf. For Red Hat there is also sysconfig/network and sysconfig/network-scripts/ifcfg-interface-name. For Debian there is also /network/interfaces.

Network Troubleshooting Commands Teaching Note: This section focuses on commands useful for network troubleshooting, including ping, traceroute, and netcat. Teaching Tip: Demonstrate the ping, traceroute, and netcat commands in class, discussing situations in which each would be useful. Help students understand the difference between ping, which only tells you if the host is reachable, and traceroute, which tells you the path taken to reach it.

Access to Wireless Networks Teaching Note: This section covers commands that are specific to working with wireless networks: iwconfig and iwlist. Teaching Tip: Point out that iwconfig is like ifconfig except it is for wireless. For the lo and eth0 devices, it provides no data because they are not wireless. Refer to Example 19-2.

Teaching Tip: The iwlist command shows a list of available wireless routers. Point out that in a GUI environment, any wireless routers broadcasting their SSID would show up in the network connection app, but at a command line, you must run iwlist to get that information.

ACTIVITIES FOR CLASS I.

Discussion Topics Question 1: Utilities such as Network Manager are available to configure network settings, so what is the value of learning how to modify the many different configuration files manually, as covered in this chapter? Answer 1: One reason is that knowing exactly where settings are configured can help you when troubleshooting, and also when trying to detect security breaches, because you will understand how the configuration files should look and can see any anomalies. Question 2: Suppose you are having trouble reaching a particular web server. How might you troubleshoot that? Answer 2: You could first use ping to see if it is reachable at all. If it isn’t, you know that either the server is down or there is no route to it. Next you could use traceroute to see the hops from here to there. This can be useful to determine whether the problem is within your own network (and therefore something you can control).

II.

Exercises and Activities Lab Exercises: Assign one or more of the following lab exercises: • •

19.1 Configure networking on CentOS 19.2 Configure networking on Ubuntu

Web Search Exercise: What utilities are available to simplify the process of Linux network configuration? Find at least three and provide brief reviews of each one, listing its pros and cons and your overall opinion of it. Review Key Terms: Review these terms from the chapter. If desired, you can create a matching exercise from these words, matching the terms to their definitions. ARP table

ARP

ESSID

eth0

gateway

MAC

promiscuous mode

route

router

WAP

WEP

WEB RESOURCES Red Hat – Network Configuration Using the Command-Line Interface: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/networking_guide/secnetwork_config_using_cli Ubuntu – Network Configuration: https://help.ubuntu.com/lts/serverguide/network-configuration.html.en

YoLinuxcom – Linux Network Configuration: http://www.yolinux.com/TUTORIALS/LinuxTutorialNetworking.html

INSTRUCTOR’S GUIDE TO ACCOMPANY LINUX ESSENTIALS FOR CYBERSECURITY CHAPTER 20 NETWORK SERVICE CONFIGURATION: ESSENTIAL SERVICES CHAPTER OBJECTIVES When students have finished reading this chapter and completing the exercises, they will be able to do the following: • • • • •

Configure and secure a BIND DNS server Set up a DHCP server Explain key email features Configure a Postfix server Configure email delivery software, including procmail and Dovecot

CHAPTER OVERVIEW In this chapter, you explore some of these servers, including DNS, DHCP, and mail servers. You will start by learning key components of the Doman Name Service (DNS) and how to configure a BIND DNS server. Then you learn how to set up a Dynamic Host Configuration Protocol (DHCP) server and discover how this server can interact with a DNS server. This chapter concludes with an in-depth discussion on email services, including setting up and configuring Postfix, procmail, and Dovecot.

CHAPTER OUTLINE 1. DNS Servers a. Essential Terms b. How Name Resolution Works c. Basic BIND Configuration i. The /etc/named.conf File ii. The allow-query Setting iii. Additional /etc/named.conf Settings 2. Zone Files a. Zone File Basics b. Zone File Entries in the /etc/named.conf File c. Zone File Syntax d. Zone Record Types i. The SOA Record Type ii. The Address Record Type iii. The Canonical Name Type iv. The Name Server Record Type v. The Mail eXchange Record Type vi. The Pointer Record Type e. Putting It All Together 1

f. Slave BIND Servers g. Testing the DNS Server h. The dig Command Securing BIND a. Sending BIND to Jail i. Creating the chroot Directory and Files ii. Configuring named to Start in the Jail b. Split BIND Configuration c. Transaction Signatures i. The dnssec-keygen Command ii. The dnssec-signzone Command DHCP Server a. DHCP Configuration Basics i. The ddns-update-style and ignore client-updates Directives ii. The subnet Directive b. Configuring Static Hosts c. DHCP Log Files Email Servers a. SMTP Basics b. Configuring Postfix i. Postfix Configuration File ii. Important Postfix Settings iii. Aliases iv. Postfix Virtual Domains Managing Local Email Delivery a. procmail Basics b. procmail Rules c. procmail Examples d. mbox and Maildir Formats Remote Email Delivery a. IMAP and POP Essentials b. The Dovecot Server

TEACHING NOTES AND TIPS PER TOPIC 1.

DNS Servers Teaching Note: This section explains the essential terms involved with DNS servers. It explains how name resolution works and covers basic BIND configuration. Teaching Tip: Make sure students understand these terms: host, domain name, top-level domain, FQDN, subdomain, name server, authoritative name server, zone file, record, caching name server, TTL, DNS forwarder, forward lookup, reverse lookup, and BIND. Teaching Tip: Explain the process of name resolution, starting with root servers. Use Figures 20-1 through 20-3 for a reference. Teaching Tip: When covering BIND configuration, refer to Example 20-2 for the /etc/named.conf file, and then review Table 20-1 to explain the various lines in that file.

Zone Files

Teaching Note: This section explains how to configure zone files for an authoritative DNS server for one or more domains. It includes the syntax of zone files as well as how to create and administer resource records within the zone files. Teaching Tip: Review the zone file record files in Table 20-3. Then open a zone file and have students find and identify each of the fields from the table in an actual file. Point out the SOA record and explain its purpose. Then refer to Table 20-4 for a description of its data. Teaching Tip: Differentiate between a master DNS server and a slave BIND server, and cover the additional steps required to set up a slave server. Teaching Tip: Show how to test a DNS server using the named-checkconf and named-checkzone commands. 3.

Securing BIND Teaching Note: This section covers some of the most common methods for securing the BIND server. Teaching Tip: Explain what a jail is, and why you would lock up the BIND server. Use the explanation on page 338 as a reference. Demonstrate how to create a chroot jail and copy the files from your current configuration into the new locations. Then, make sure all the new files are owned by the named user and group accounts, and configure named to start in the jail. Teaching Tip: Explain the concept of a split BIND configuration and compare the options of using DNS views vs. using two DNS servers. Refer to Figures 20-4 and 20-5 to describe the concept. Teaching Tip: Define zone transfer and explain how you can use allow-transfer to limit which systems can perform a zone transfer.

DHCP Server Teaching Note: This section provides basic information about DHCP configuration, including configuring static hosts and DHCP log files. Teaching Tip: The author recommends using two different physical machines connected to a wired network to practice setting up a DHCP server and client. There are issues with using virtual machines because typically a VM manager acts as a DHCP server. Remind students not to connect the practice DHCP server to a live network in use by other systems. Teaching Tip: Demonstrate configuring the DHCP server by editing the /etc/dhcpd.conf file. By default this file may be empty or contain only comments. Have students copy the sample file provided in Example 20-8 as a starting point. Teaching Tip: Discuss why some hosts might benefit from having static IP addresses assigned, and demonstrate how to set that up within the subnet directive of the /etc/dhcpd.conf file.

Email Servers Teaching Note: This section explains how SMTP functions and describes the major components of email systems: MUA, MSA, MTA, and MDA. It also provides techniques for managing email servers, specifically Postfix.

Teaching Tip: Review the definitions of the components of email systems on page 348. This will be helpful in providing students a top-level overview of how the mail sending process works. Refer to Figure 20-6 as a visual aid. Teaching Tip: Postfix is the most popular Linux sendmail server, so if students learn about only one mail server, this is the one. Show its configuration file, /etc/postfix/main.cf, and review its settings. Point out that you can use the postconf command to change this file rather than making changes to it by hand. Use Example 20-10 as a visual aid, and review the essential Postfix settings in Table 20-6. 6.

Managing Local Email Delivery Teaching Note: This section focuses on the procmail tool, a program designed to filter email messages in order to redirect mail, block SPAM, and make copies of messages to distribute to other accounts. Teaching Tip: Ask students what advantages procmail has over MTAs. One is the capability to use rules to perform actions on messages before they are sent to the mail spool. See the bulleted list at the bottom of page 354 for other advantages. Teaching Tip: Review the procmail rule syntax on page 355, and the flags in Table 20-7.

Remote Email Delivery Teaching Note: This section describes how IMAP and POP operate to receive mail, and explains how to use the Dovecot server, an open-source IMAP and POP3 server for Linux and UNIX systems. Teaching Tip: Review the differences between IMAP and POP3 in Table 20-10. Discuss why some clients may want to use one or the other in their differing situations. Teaching Tip: If possible, show a live version of the Dovecot server in class, and browse its configuration file. Use dovecot -n to see a clean configuration, as in Example 20-14 on page 359. Review the settings in Table 20-11.

ACTIVITIES FOR CLASS I.

Discussion Topics Question 1: Why should you never modify the /var/named/named.ca file? Answer 1: It contains the list of root servers. These will seldom change, and, if they do, updating the BIND software will update this file. Updating the file manually could introduce errors. Question 2: What is the difference between a forward lookup and a reverse lookup, and why should you provide reverse lookups? Answer 2: With a forward lookup, the query provides a domain name and the result is an IP address. With a reverse lookup, it’s the opposite: the query provides the IP address and the result is a domain name. If you don’t provide reverse lookup, some network services may not work, because they perform a forward lookup and then a reverse lookup to ensure that the values are the same both ways. Question 3: Why would you want a split BIND configuration? Answer 3: You might have several servers, not all of which are public-facing, and you might put the private ones behind a firewall or with private IP addresses requiring NAT to access the Internet.

II.

Exercises and Activities Lab Exercises: Assign one or more of the following lab exercises: • • •

20.1 Configure a BIND server 20.2 Configure a Postfix server 20.3 Administer procmail and Dovecot

Web Search Exercise: On page 343 the author states that there is more to the zone transfer security process than described in this book. Find at least two websites that detail the process more thoroughly, including the additional settings in /etc/named.config that the author mentions. Review Key Terms: Review these terms from the chapter. If desired, you can create a matching exercise from these words, matching the terms to their definitions. push server

pull server

mail spool

mbox

Maildir

SMTP

ESMTP

MUA

MSA

MDA

POP

IMAP

DHCP

static hosts

Domain Name Service (DNS)

fully qualified domain name (FQDN)

subdomain

name server

authoritative name server

record

caching

name server

forward lookup

reverse lookup

DNS forwarder

Berkeley Internet Name Domain (BIND)

root servers

DNS master

DNS slave

zone transfer

forward DNS lookup

reverse DNS lookup

time to live (TTL)

WEB RESOURCES Ubuntu Community Help Wiki – Dovecot: https://help.ubuntu.com/community/Dovecot Ubuntu Documentation – Dovecot Server: https://help.ubuntu.com/lts/serverguide/dovecot-server.html.en PostFix Documentation: www.postfix.org/documentation.html OpenSource.com – Build Your Own DNS Server on Linux: https://opensource.com/article/17/4/build-your-ownname-server Centos.org – Zone Files: https://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-bind-zone.html YoLinux.com – Linux DHCP Server Configuration: http://www.yolinux.com/TUTORIALS/DHCP-Server.html Linux.com – Process Your Email with Procmail: https://www.linux.com/news/process-your-email-procmail 5

ArchLinux – Procmail: https://wiki.archlinux.org/index.php/Procmail

INSTRUCTOR’S GUIDE TO ACCOMPANY LINUX ESSENTIALS FOR CYBERSECURITY CHAPTER 21 NETWORK SERVICE CONFIGURATION: WEB SERVICES CHAPTER OBJECTIVES When students have finished reading this chapter and completing the exercises, they will be able to do the following: • • •

Configure an Apache Web Server Enable security features on Apache Web Servers Configure a proxy server

CHAPTER OVERVIEW In this chapter, you not only learn how to configure a popular Linux web server (the Apache Hypertext Transfer Protocol Server), but you learn how to enable important security features. This chapter also introduces you to proxy servers. Proxy servers are used for several reasons, including to speed up access to data and to provide an extra layer of security to servers (including web servers). You learn the basics of proxy servers and how to configure two of the more popular proxy servers.

CHAPTER OUTLINE 1. Apache Web Server 2. Basic Apache Web Server Configuration a. Starting the Apache Web Server b. Apache Web Server Log Files c. Enable Scripting 3. Apache Web Server Security a. Essential Settings b. User Authentication 4. Virtual Hosts a. Configuring IP-Based Virtual Hosts b. Configuring Name-Based Virtual Hosts 5. HTTPS a. SSL Essentials b. SSL Issues c. Self-Signing 6. SSL and Apache a. SSL Server Certificate b. Apache SSL Directives 7. Proxy Servers a. Tunneling Proxy b. Forward Proxy c. Reverse Proxy

d. Squid Basics i. Squid Access Rules ii. Built-In ACLs iii. Understanding the Squid Rules e. Nginx Configuration f. Client Configuration

TEACHING NOTES AND TIPS PER TOPIC 1.

Apache Web Server Teaching Note: This section introduces the Apache web server. It identifies the locations for the configuration files, which differ depending on the distro.

Basic Apache Web Server Configuration Teaching Note: This section describes the process for configuring an Apache web server. Teaching Tip: Review the basic Apache directives in Table 21-1, and discuss their purposes. Teaching Tip: Show the access_log and error_log files and describe how they can be used in testing and troubleshooting. Teaching Tip: Walk through the steps for enabling PHP and Perl scripting, using the steps on pages 367370.

Apache Web Server Security Teaching Note: This section describes some ways to secure an Apache web server. Teaching Tip: Review the bulleted list on page 370 for some basic best-practices for Apache web server security, including limiting the number of users, installing only the minimum software, limiting processes, securing critical directories and files with permissions, and implementing a firewall. Teaching Tip: Discuss the essential settings example at the bottom of page 370, and use Table 21-2 to help students understand those settings.

Virtual Hosts Teaching Note: This section describes how to host more than one website on a single machine by using virtual hosting. Teaching Tip: Explain the two methods of virtual hosting: IP-based and name-based. Then, review the configuration process for each one.

HTTPS Teaching Note: This section covers the HTTPS protocol and differentiates it from standard HTTP. Teaching Tip: Make sure students remember that HTTPS uses port 443 and HTTP uses port 80. Teaching Tip: Describe how SSL works using asymmetric cryptography, or PKC. Review the concept of PKC, referring to Figure 21-4 as a visual aid.

SSL and Apache Teaching Note: This section explains how to implement SSL with Apache using mod_ssl. Teaching Tip: Explain how to create the SSL certificate. You can either have a CA digitally sign it or you can self-sign. Refer to Examples 21-4 through 21-7 starting on page 378. Teaching Tip: Review the critical Apache SSL directives in Table 21-3.

Proxy Servers Teaching Note: This section explains what a proxy server is and looks at the various types of them, including tunneling, forward, and reverse. It also covers Nginx and client configuration. Teaching Tip: The conceptual drawings in Figures 21-6 through 21-8 can be helpful in explaining the differences among the various proxy server types.

ACTIVITIES FOR CLASS I.

Discussion Topics Question 1: What are some of the potential security issues with using SSL? Answer 1: Some of the issues include: 1) having a large number of CA machines increases the chance that one could be compromised; 2) you have to blindly trust the CA; 3) man in the middle attacks are possible; 4) SSL is a challenge for virtual hosts because each virtual host should have its own digital signature; and 5) the security of the private key is critical. Question 2: What are some of the advantages of using a reverse proxy server? Answer 2: Some advantages include: 1) load balancing capability; 2) limiting the load from the server by caching static data; 3) performing SSL-based operations at the proxy server instead of the web server; 4) can hide the web server from the client, making it more secure; and 5) a proxy server can optimize communication by compressing the data.

II.

Exercises and Activities Lab Exercises: Assign one or more of the following lab exercises: • •

21.1 Configure and administer an Apache server 21.2. Configure a proxy server

Web Search Exercise: At the beginning of the chapter the author states that Apache actually has many different open-source projects, but that it is best known for the web server. What are the other Apache projects? Make a list that describes each one. Review Key Terms: Review these terms from the chapter. If desired, you can create a matching exercise from these words, matching the terms to their definitions. virtual host

Apache

HTTP

HTML

PHP

Perl

HTTPS

SSL

TLS

asymmetric cryptography

PKC

man-in-the-middle attack

self-signing

proxy server

WEB RESOURCES Ubuntu Documentation – Squid Proxy Server: https://help.ubuntu.com/lts/serverguide/squid.html.en ArchLinux – Nginx: https://wiki.archlinux.org/index.php/Nginx Linux.com – How to Install an SSL Certificate on Linux Server: https://www.linux.com/blog/how-install-sslcertificate-linux-server

INSTRUCTOR’S GUIDE TO ACCOMPANY LINUX ESSENTIALS FOR CYBERSECURITY CHAPTER 22 CONNECTING TO REMOTE SYSTEMS CHAPTER OBJECTIVES When students have finished reading this chapter and completing the exercises, they will be able to do the following: • • • • •

Configure an LDAP server Define values in an LDAP server Connect a client system to an LDAP server Configure and connect to an FTP server Establish secure connections via SSH

CHAPTER OVERVIEW Several different types of network servers can be found on most networks, and you will need to be able to create connections to these servers and maintain them. Lightweight Directory Access Protocol (LDAP) servers provide database-like access to key network information, such as network users and groups. File Transfer Protocol (FTP) servers are used to transfer files between systems. When you need to connect to any remote Linux system in order to run commands on that system, Secure Shell (SSH) is the most common method. This chapter discusses the essential setup and configuration of these servers as well as how to connect and communicate with each from the client side.

CHAPTER OUTLINE 1. LDAP a. Key LDAP Terms b. The slapd.conf File i. Customizing Your LDAP Domain ii. Configuring Logging iii. Configuring the Database Directory c. Starting the LDAP Server d. Open LDAP Objects e. OpenLDAP Schemas f. OpenLDAP Database Changes g. Using the ldapdelete Command h. Using the ldapsearch Command i. Using the ldappasswd Command j. Connecting to an LDAP Server 2. FTP Servers a. Configuring vsftpd i. Anonymous FTP ii. Limiting User Accounts

iii. Additional Settings b. Connecting to an FTP server i. Active versus Passive Mode 3. Secure Shell a. Configuring the Secure Shell Server i. Basic Configuration Settings ii. Settings That Affect User Access b. Secure Shell Client Commands i. The ssh_config File ii. The ssh Command iii. The scp and sftp Commands c. Advanced SSH Features

TEACHING NOTES AND TIPS PER TOPIC 1.

LDAP Teaching Note: This section introduces Lightweight Directory Access Protocol (LDAP). It explains how to install and configure LDAP and how to connect to an LDAP server. Teaching Tip: Make sure students understand the LDAP key terms in Table 22-1, including object, attribute, schema, LDIF, DN, CN, and SSSD. Teaching Tip: Stress the importance of making a wise structural choice before configuring your LDAP server. Refer to the examples in Figures 22-1 and 22-2, and discuss the pros and cons of structuring by domain name structure vs. by geographical location. Teaching Tip: Walk students through the configuration process, including working with slapd.conf, configuring logging, customizing the domain, and configuring the database directory. Teaching Tip: Explain how to create LDAP objects and schemas, as described on pages 401-402.

FTP Servers Teaching Note: This section explains how to use an FTP server to transfer files on a Linux network. It shows how to configure vsftpd and how to connect to an FTP server. Teaching Tip: Demonstrate how to install vsftpd, or to find it if it is already installed. Then, show how to configure it, including controlling anonymous FTP settings, limiting user accounts, and changing various directives in the vsftpd.conf file. Teaching Tip: Demonstrate how to connect to an FTP server with the ftp command. Point out that the ftp > help command provides a summary of commands once you are in the application. Discuss active vs. passive mode, referring to Figures 22-3 and 22-4 for reference. Example 23-13 shows how to enable passive mode.

Secure Shell Teaching Note: This section explains the benefits of SSH and shows how to configure the Secure Shell Server.

Teaching Tip: Walk students through SSH Server configuration. For example, review the log levels on page 417, and discuss how you would decide which level is appropriate to use. Differentiate between the ssh_config file and the sshd_config file. Teaching Tip: Explain the two authentication methods for SSH servers: PasswordAuthentication and PubkeyAuthentication. Discuss situations when one might be a better choice than the other. The latter is covered in the Advanced SSH Features section at the end of the chapter. Teaching Tip: Familiarize students with the SSH client commands, such as ssh, scp, and sftp.

ACTIVITIES FOR CLASS I.

Discussion Topics Question 1: What is the difference between a directory service and a database? Answer 1: Databases are normally designed to be equally efficient at writing data and reading data. Directory services are designed to provide an efficient method of reading data. Directory services are also specifically designed to provide sets of records organized in a hierarchical structure. As a result, directory services often provide company data in a hierarchy that mirrors the company structure. Question 2: What is the benefit of the Secure Shell (SSH) protocol over programs and protocols like telnet, ftp, rlogin, rsh, rcp, and rexec? Answer 2: SSH provides better security by encrypting the data sent across the network. The primary problem with all those other communication methods is that they send data in plain text, rather than in encrypted format. Some of them, such as telnet and ftp, even send the user name and password in plain text.

II.

Exercises and Activities Lab Exercises: Assign one or more of the following lab exercises: • • •

22.1 Create an LDAP server 22.2 Configure a FTP server 22.3 Administer a SSH server

Web Search Exercise: What are some other FTP applications that work in Linux besides the ones mentioned in this chapter. Find several and install at least two. Review their features and write a paragraph explaining which you like better and why. Review Key Terms: Review these terms from the chapter. If desired, you can create a matching exercise from these words, matching the terms to their definitions. LDAP

OpenLDAP

Active Directory

object

attribute

schema

LDIF

SSSD

white pages

anonymous FTP

active FTP mode

passive FTP mode

WEB RESOURCES OpenLDAP: https://www.openldap.org/ LDAP Linux HOWTO: https://www.tldp.org/HOWTO/LDAP-HOWTO/ Configuring a System to Authenticate Using OpenLDAP: https://access.redhat.com/documentation/enus/red_hat_enterprise_linux/5/html/deployment_guide/s1-ldap-pam vsftpd: https://security.appspot.com/vsftpd.html HowtoForge – How to Install and Configure VSFTPD: https://www.howtoforge.com/tutorial/how-to-install-andconfigure-vsftpd/ Pure-FTPd: https://www.pureftpd.org/project/pure-ftpd ProFTPd: http://www.proftpd.org/ SSH Protocol: https://www.ssh.com/ssh/protocol/

INSTRUCTOR’S GUIDE TO ACCOMPANY LINUX ESSENTIALS FOR CYBERSECURITY CHAPTER 23 DEVELOP A NETWORK SECURITY POLICY CHAPTER OBJECTIVES When students have finished reading this chapter and completing the exercises, they will be able to do the following: • • • •

Modify kernel parameters to provide better network security Implement TCP Wrappers Configure the system time manually Configure the system to use a Network Time Protocol server

CHAPTER OVERVIEW This chapter focuses on the three key components of a network security policy: kernel parameters, TCP Wrappers, and the Network Time Protocol. It is not meant as a stand-alone guide to developing a network security policy, as other chapters also provide important information about security features as well.

CHAPTER OUTLINE 1. Kernel Parameters a. The /etc/sysctl.conf File b. Ignoring ping Requests c. Ignoring Broadcast Requests d. Enabling TCP SYN Protection e. Disabling IP Source Routing 2. TCP Wrappers 3. Network Time Protocol a. Setting the System Clock Manually b. Setting the Time Zone Manually c. Setting the System Date Using NTP

TEACHING NOTES AND TIPS PER TOPIC 1.

Kernel Parameters Teaching Note: In this chapter students learn some of the important kernel parameters for network security. This section introduces kernel parameters in a basic way; the discussion is continued in Chapter 28. Teaching Tip: Show the contents of the /etc/sysctrl.conf file, which is where kernel parameters are modified. Use Example 23-1 on page 427 if you cannot show a live example.

Teaching Tip: Discuss the pros and cons of the kernel parameters the author mentions changing in this section, including ignoring broadcast requests, enabling TCP SYN protection, and disabling IP source routing. 2.

TCP Wrappers Teaching Note: This section explains what TCP wrappers are and how to manage them. It explains how to determine which services use the libwrap library with the ldd command and how the hosts files work with the libwrap library. Teaching Tip: Explain how the /etc/hosts.allow and /etc/hosts/deny files function with the libwrap library, referring to Figure 23-1 as a visual aid.

Network Time Protocol Teaching Note: This section spotlights the importance of maintaining an accurate system clock and describes how to do so with a Network Time Protocol (NTP) server. Teaching Tip: Demonstrate how to set the system clock in Linux with the date command. Refer to Table 23-1 for date formats. Example 23-3 shows an example of the timedatectl command. Table 23-2 provides commands for changing the system clock. Teaching Tip: Make sure students are familiar with the concept of a time zone, and show how the tzselect utility allows you to set a time zone. Refer to Example 23-4. Teaching Tip: Show the /etc/ntp.conf file’s contents (an example of which appears in Example 23-5) and review its settings, which are described in Table 23-3.

ACTIVITIES FOR CLASS I.

Discussion Topics Question 1: What are the pros and cons of ignoring ping requests? Answer 1: Allowing ping requests poses some security challenges. A hacker can use ping to probe for active systems, and responding to ping requests can leave a system vulnerable to DoS attacks. However, ping requests are made for legitimate reasons also. If you set all of your systems to ignore ping requests, that means you cannot use the ping command to determine if a machine is responding via the network, which makes it harder to troubleshoot network issues. Question 2: Why would you use NTP rather than setting the system time manually? Answer 2: NTP provides a consistent and reliable date and time that does not vary as the machine ages and loses or gains a few seconds now and then. Using it across multiple devices ensures they are all synchronized.

II.

Exercises and Activities Lab Exercises: Assign one or more of the following lab exercises: • • •

23.1 Administer kernel security parameters 23.2 Secure the system with TCP Wrappers 23.3 Configure Network Time Protocol

•

23.4 Create a networking security policy

Web Search Exercise: Not all websites allow you to ping them; some of them ignore ping requests. Find at least three large companies’ websites that ignore ping requests. (Use the ping command with the website’s domain name.) What message do you get when you try to ping them? Review Key Terms: Review these terms from the chapter. If desired, you can create a matching exercise from these words, matching the terms to their definitions. NTP

router

DoS attack

DDoS attack

SYN flood attack

IP source routing

man-in-the-middle attack

WEB RESOURCES Network Time Foundation: www.ntp.org Man page for sysctl.conf: http://man7.org/linux/man-pages/man5/sysctl.conf.5.html TecMint – How to Secure Ntwork Services Using TCP Wrappers in Linux: https://www.tecmint.com/securelinux-tcp-wrappers-hosts-allow-deny-restrict-access/

INSTRUCTOR’S GUIDE TO ACCOMPANY LINUX ESSENTIALS FOR CYBERSECURITY CHAPTER 24 PROCESS CONTROL CHAPTER OBJECTIVES When students have finished reading this chapter and completing the exercises, they will be able to do the following: • • • • •

Describe what processes and jobs are Start and stop processes and jobs List processes and jobs that are currently running Change process priority Display CPU and RAM information

CHAPTER OVERVIEW On any operating system, it is important to have the ability to determine what programs are running and to alter the states of these programs. In Linux, this can be accomplished by a collection of commands that allow you to display running programs, pause and restart programs, stop programs, and change program CPU priority. In this chapter, you explore these topics as well as how to display essential CPU and memory information.

CHAPTER OUTLINE 1. Viewing Processes a. The ps Command b. The pgrep Command c. The top Command d. The uptime Command e. The free Command 2. Running Processes a. Pausing and Restarting Processes 3. Killing Processes a. The kill Command b. The pkill Command c. The killall Command d. The xkill Command 4. The nohup Command 5. Process Priority a. The nice Command b. The renice Command

TEACHING NOTES AND TIPS PER TOPIC 1.

Viewing Processes

Teaching Note: This section defines process and explains how to view processes and start and stop processes. Teaching Tip: Demonstrate the ps command for listing the processes running on the system. Show it with default options and explain the information in the output, and then describe the various options available. Teaching Tip: After showing the ps command, show the various alternatives to it for seeing process information. Show the pgrep command, which is a combination of ps and grep, and the top command, which displays process information sorted by a particular criterion (by default CPU utilization). Continue by showing the uptime and the free commands. 2.

Running Processes Teaching Note: This section explains how to run processes. Teaching Tip: Processes can be run in the background by adding an ampersand character to the end of the command. (Separate the command and the ampersand with a single space.) Teaching Tip: Demonstrate the jobs command and explain how it is different from the ps command. Teaching Tip: Make sure students are familiar with the Ctrl+z shortcut for pausing a program running in the foreground. Then, show how to restart a paused process in either the background or the foreground with bg or fg respectively.

Killing Processes Teaching Note: This section explains how to kill (terminate) a process. Several methods are described, including kill, pkill, killall, and xkill. Teaching Tip: You first determine its process ID or job number, and then you provide that number as an argument to the kill command. Demonstrate using jobs to get the number and then using kill to kill it. Review the kill signals in Table 24-6 to see the options. Teaching Tip: After reviewing the basic kill command, explain each of the other kill-related commands and contrast it to kill: pkill, killall, and xkill. Refer to Tables 24-7 and 24-8 for the options for pkill and killall.

The nohup Command Teaching Note: This section explains the purpose of the nohup command—to avoid having child processes terminated when a parent process is terminated.

Process Priority Teaching Note: This section describes how process priorities are set, with nice values, and demonstrates how to set or change a process’s priority. Teaching Tip: The difference between nice and renice is that nice is for new processes and renice is for processes that are already running.

ACTIVITIES FOR CLASS I.

Discussion Topics

Question 1: From a security standpoint, why is it useful to view a list of running processes? Answer 1: You can look for processes that you do not expect, which may potentially be from some malicious source. You can also look for processes that are using more memory or CPU time than they ought to. By viewing the list of processes, you can get the process ID of a particular process so you can kill it if it is causing a problem or if you suspect it of being unauthorized. Question 2: Why would you want to change a running process’s priority? Answer 2: If a process is using too much system resources, you might lower its priority to ease its effects on the system. Conversely, if a process is taking too much time to complete on a busy system, you could bump up its priority to help it finish more quickly. II.

Exercises and Activities Lab Exercises: Assign one or more of the following lab exercises: • •

24.1 Manage system processes 24.2 Display system information

Web Search Exercise: There are many tools and utilities for managing Linux processes using graphical interfaces. Find several of these tools online. Pick two that have good reviews and try them out. Report your findings. Review Key Terms: Review these terms from the chapter. If desired, you can create a matching exercise from these words, matching the terms to their definitions. process

PID

TTY

terminal

kill

job

background process

foreground process

HUP

WEB RESOURCES Linux Administration Made Easy – Managing Processes: https://www.tldp.org/LDP/lame/LAME/linux-adminmade-easy/managing-processes.html Pgrep man page: https://linux.die.net/man/1/pgrep MUO - 7 Different Ways to Kill Unresponsive Programs in Linux: https://www.makeuseof.com/tag/6-differentways-to-end-unresponsive-programs-in-linux/

INSTRUCTOR’S GUIDE TO ACCOMPANY LINUX ESSENTIALS FOR CYBERSECURITY CHAPTER 25 SYSTEM LOGGING CHAPTER OBJECTIVES When students have finished reading this chapter and completing the exercises, they will be able to do the following: • • • • •

View system logs Configure syslog to create custom log entries Rotate older log files View journald logs Customize journald

CHAPTER OVERVIEW System logs are critical for several reasons: These logs provide administrators with useful information to aid in troubleshooting problems. They are also useful in identifying potential hacking attempts. Additionally, logs can be used to provide general information about services, such as which web pages have been provided by a web server. This chapter covers two different logging methods: syslog (including rsyslog and syslog-ng) and journald.

CHAPTER OUTLINE 1. Syslog a. The syslogd Daemon b. The /var/log Directory c. The /etc/syslog.conf File i. The /etc/rsyslog.conf File d. Creating Your Own /etc/syslog.conf Entry i. Adding an Entry ii. Using the logger Command 2. The logrotate Command a. The /etc/logrotate.conf File 3. The journalctl Command a. The /etc/system/journald.conf file

TEACHING NOTES AND TIPS PER TOPIC 1.

Syslog Teaching Note: This section explains the syslog service. It describes the syslogd daemon, the /var/log directory, and the /etc/syslog.conf file, and describes how to create your own /etc/syslog.conf entry.

Teaching Tip: Introduce the syslogd daemon and review its options in Table 25-1. Point out that the -m timestamp option is unnecessary because log entries already include a timestamp. Explain that most modern distros use rsyslogd instead of syslogd, and that rsyslogd may be either in /etc/default/rsyslog (on Ubuntu) or /etc/sysconfig/rsyslog (on Fedora). Teaching Tip: The /var/log directory contains many different log files. Show a listing of this directory’s contents and explain the purpose of each of the files found there. Some of them are summarized on pages 454-455, but there will be others there as well. Teaching Tip: Show a sample syslog.conf file. Explain each of the available facilities, referring to the bulleted list on page 454. Teaching Tip: Demonstrate how to add an entry to /etc/syslog.conf. Then, show how to use the logger command to test the new rule. 2.

The logrotate Command Teaching Note: This section introduces the logrotate command, a utility that ensures that the partition that holds the log files has enough room. It makes backup copies of older log files and eventually removes the older copies.

The journalctl Command Teaching Note: This section describes the journalctl command and its syntax and usage, along with its configuration file journald.conf. Teaching Tip: Compare and contrast the system-journald service’s use with earlier methods of logging. Use Example 25-2 to show the results of the journalctl command. Discuss the command’s options (Table 25-4) and the settings for the journald.conf file (Table 25-5).

ACTIVITIES FOR CLASS I.

Discussion Topics Question 1: If most modern systems use journalctl for logging, why do we study syslog? Answer 1: You don’t know what systems you will be working with as an admin, so you need to be prepared. Also, syslog is the basis for syslog-ng and rsyslog. Question 2: How often would you want to run logrotate, and why? Answer 2: You would typically set it up to run automatically as a cron job on a daily basis. You would run logrotate to make sure backups of older log files are made and eventually removed, to prevent the drive from filling up with outdated backups.

II.

Exercises and Activities Lab Exercises: Assign one or more of the following lab exercises: • •

25.1 Manage log files 25.1 Configure log rotation

Web Search Exercise: The author mentions on page 453 that the options for rsyslogd are slightly different from those of syslogd as provided in Table 25-1. Find and summarize those differences. Review Key Terms: Review these terms from the chapter. log

facility

priority

WEB RESOURCES Syslog.conf Linux man page: https://linux.die.net/man/5/syslog.conf Linux Journal – syslog Configuration: https://www.linuxjournal.com/article/5476 DigitalOcean – How to Use Journalctl to View and Manipulate Systemd Logs: https://www.digitalocean.com/community/tutorials/how-to-use-journalctl-to-view-and-manipulate-systemd-logs NBSoftSolutions - Introduction to Journald and Structured Logging: https://nbsoftsolutions.com/blog/introduction-to-journald-and-structured-logging

INSTRUCTOR’S GUIDE TO ACCOMPANY LINUX ESSENTIALS FOR CYBERSECURITY CHAPTER 26 RED HAT-BASED SOFTWARE MANAGEMENT CHAPTER OBJECTIVES When students have finished reading this chapter and completing the exercises, they will be able to do the following: • • • •

View package information with the rpm and yum commands Install software packages using the rpm and yum commands Use the rpm and yum commands to delete software packages Perform advanced package management operations, including creating software repositories

CHAPTER OVERVIEW This chapter explains how to administer software on Red Hat-based systems such as Fedora and CentOS. It covers the rpm and yum software management tools, as well as some advanced package management operations, including creating software repositories.

CHAPTER OUTLINE 1. Red Hat Packages a. How to Obtain Packages b. The /var/lib/rpm Directory 2. Using the rpm Command a. Listing rpm Information i. Viewing Package Dependencies ii. Package Listing Tricks b. Installing Packages with rpm i. Before You Install That Package… c. Removing Packages with rpm d. rpm2cpio 3. The yum Command a. Repositories i. Accessing a Repo ii. Creating a Repo b. Using the yum Command i. Displaying Package Information with yum ii. Software Groups iii. Installing Software with yum iv. Removing Software with yum v. Using yum Plug-Ins 4. Additional Tools

TEACHING NOTES AND TIPS PER TOPIC 1.

Red Hat Packages Teaching Note: This section explains the structure of a Red Hat software package, which is a compressed archive file containing a complete software package plus metadata and dependencies. Teaching Tip: Use Figure 26-1 to discuss the components of a Red Hat package name. Note the extension of .rpm. Review the information following the figure for additional details. Teaching Tip: Discuss how to obtain packages. The process is different using a command like yum or dnf, as opposed to using the rpm command. Warn students to obtain packages only from reliable sources. Teaching Tip: Explain the concept of package metadata and point out the /var/lib/rpm directory where it is stored.

Using the rpm Command Teaching Note: This section explains how to use rpm to install software. It covers listing rpm information, installing and removing packages, and rpm2cpio. Teaching Tip: Demonstrate using the rpm -qa command to display all installed packages. Refer to Example 26-1 if a live demonstration is not possible. Then, demonstrate how to view the information for a particular package with rpm -qi packagename. Refer to Example 26-2. If time permits, show the additional command options that can list the files installed with a package (-ql); see a package’s configuration files (qc); see its documentation files (-qd); view what package a file originated from (-qf); get a list of the state of all files of a package (-V); and view a package’s dependencies (-qR). Teaching Tip: Point out that if you suspect a new package is causing problems on the system, you can run the rpm -qa --last command, which will display installed packages in order from the installation date. Teaching Tip: Demonstrate how to install a package, and how to remove one, with rpm. Use Table 26-1 to select an installation method. Teaching Tip: Demonstrate using rpm2cpio to convert RPM files into CPIO data streams. Explain what a CPIO data stream is and walk through the example on page 475.

The yum Command Teaching Note: This section explains how to use the yum command to view, add, and remove software packages. Teaching Tip: Explain how yum improves on some weak points in rpm. Refer to the bulleted list on page 475. The What Could Go Wrong? box on page 475 provides a good example of a situation where yum is clearly better. Teaching Tip: Explain the concept of repositories (repos) and discuss how yum uses them. Demonstrate how to configure the yum command to access a repo, using a combination of the /etc/yum/conf file and files in the /etc/yum.repos.d directory. Refer to Example 26-9, Table 26-2, and Figure 26-2. Teaching Tip: Demonstrate how to use the yum command to install and remove software. Refer to Table 26-3 for the primary yum commands and options. Example 26-15 provides an example if you do not have a live machine available to use.

Teaching Tip: Use the examples and instructions in the “Displaying Package Information with yum” section starting on page 478 to review the process for using yum to display various types of package information. 4.

Additional Tools Teaching Note: This section lists some additional tools related to software management. It specifically mentions dnf (Dandified yum), which comes with modern versions of Fedora and replaces yum.

ACTIVITIES FOR CLASS I.

Discussion Topics Question 1: Why is it important to obtain software only from known reliable sources? Answer 1: Because software must be installed by the root user, it provides an easy way for hackers to compromise a system. Hackers might repackage valid software with some additional tools designed to cause harm. Question 2: Why would you want to use rpm rather than yum or dnf? Answer 2: A package with no dependencies is very easy to install with rpm. The rpm command is also good at performing database queries and has more features for doing so than either yum or dnf. It can also show you information about an rpm file you have received before installing it.

II.

Exercises and Activities Lab Exercises: Assign one or more of the following lab exercises: • •

26.1 Manage software packages with rpm 26.2 Manage software packages with yum

Web Search Exercise: The author states that a complete discussion of cpio is beyond the scope of this book. Find at least two comprehensive references for cpio online. Evaluate them and decide which site you prefer, and then write a paragraph explaining your findings. Review Key Terms: Review these terms from the chapter. If desired, you can create a matching exercise from these words, matching the terms to their definitions. package

metadata

dependency

digital signature

repository

recursive acronym

library

plug-in

mirror

WEB RESOURCES CentOS download: https://www.centos.org/download Fedora download: https://getfedora.org

Red Hat Enterprise Linux: https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux RPM packages: www.rpmfind.net RPM packages: http://rpm.pbone.net GitHub: www.github.com

INSTRUCTOR’S GUIDE TO ACCOMPANY LINUX ESSENTIALS FOR CYBERSECURITY CHAPTER 27 DEBIAN-BASED SOFTWARE MANAGEMENT CHAPTER OBJECTIVES When students have finished reading this chapter and completing the exercises, they will be able to do the following: • • •

View, install, and remove packages using the dpkg command Create software sources for APT commands View, install, and remove packages using APT commands

CHAPTER OVERVIEW This chapter covers the package management system used in Debian-based Linux distributions like Ubuntu and Mint, including the commands dpkg, apt, apt-get, and apt-cache.

CHAPTER OUTLINE 1. Managing Packages with dpkg a. Listing Package Information with dpkg b. Installing Software with dpkg c. Reconfiguring Software with dpkg d. Extracting Files from a Debian Package e. Removing Packages with the dpkg Command 2. Managing Packages with APT a. APT Repositories b. Creating a Source Repository c. Listing Package Information with APT Commands d. Installing Packages with APT Commands e. Removing Packages with APT Commands f. Additional APT Features

TEACHING NOTES AND TIPS PER TOPIC 1.

Managing Packages with dpkg Teaching Note: This section explains how to use dpkg to list package information, install and remove software, reconfigure software, and extract files from a Debian package. Teaching Tip: Start by demonstrating how to view all the currently installed packages with the dpkg -l | head command. (That’s a lowercase L, not a 1.) Refer to Example 27-1 and Figure 27-1 as needed. More information about what you see in Figure 27-1 is available on page 487, following the figure. Show the -s

option, as in Example 27-2, for detailed information. Pages 488-489 provide examples of other available options. Teaching Tip: Demonstrate how to use dpkg -i to install software. Refer to Example 27-5. Make sure students do not confuse the lowercase i option to install a package with the uppercase I option to display information about a package file. Show how to extract files from a package using the dpkg -x command. Teaching Tip: Review the two methods of removing packages on Debian-based systems: the -r option (removes the package but keeps the configuration files) and -P (removes both the package and the configuration files). 2.

Managing Packages with APT Teaching Note: This section explains how to use APT to manage packages, including working with repositories, listing package information, and installing and removing packages. Teaching Tip: Make sure students remember the information about repositories from Chapter 26. They are called sources in APT. Demonstrate how to configure a system to access an APT source by editing the /etc/apt/sources.list file (see Example 27-8 for reference), or, in some distros, files in the /etc/apt/sources.list.d directory. Refer to Figure 27-3 and Table 27-1. Teaching Tip: Demonstrate using the apt list command to list all packages, both installed and available to be installed. Refer to Example 27-9. Make sure students are aware of the two key options: --installed displays only the packages that are installed and --upgradable displays packages that are installed and have a newer version available.

ACTIVITIES FOR CLASS I.

Discussion Topics Question 1: Which is better to use to install packages: dkpg or apt? Answer 1: Each has its uses. The dpkg command is primarily used to view package information, but can also be used for simple package installations and removals. Most people use apt as their primary package management tool. Question 2: Why does the author discourage you from using GUI-based package management tools? Answer 2: They use a lot of system resources (RAM, CPU). Also, if you become dependent upon a GUIbased tool, you won’t be able to competently use the command-line tools when the situation demands them.

II.

Exercises and Activities Lab Exercises: Assign one or more of the following lab exercises: • •

27.1 Manage software packages with dpkg 27.2 Manage software packages with apt

Web Search Exercise: There are three additional features referenced on page 500 in the Additional APT Features section. Choose one of them learn more about it online. Write a paragraph describing how it would be used and demonstrating the correct syntax for it.

Review Key Terms: Review these terms from the chapter. If desired, you can create a matching exercise from these words, matching the terms to their definitions. source

uniform resource identifier (URI)

component

source repository

WEB RESOURCES Debian Wiki – Aptitude: https://wiki.debian.org/Aptitude What is APT and Aptitude?: https://www.tecmint.com/difference-between-apt-and-aptitude/ Ubuntu Community Help Wiki – Tasksel: https://help.ubuntu.com/community/Tasksel Synaptic: https://www.nongnu.org/synaptic/

INSTRUCTOR’S GUIDE TO ACCOMPANY LINUX ESSENTIALS FOR CYBERSECURITY CHAPTER 28 SYSTEM BOOTING CHAPTER OBJECTIVES When students have finished reading this chapter and completing the exercises, they will be able to do the following: • • • • •

Describe the four stages of the boot process Configure Legacy GRUB and GRUB 2 Modify key components of the kernel Load and unload kernel modules Modify services that are enabled at boot

CHAPTER OVERVIEW This chapter covers the different stages of system booting, including the boot loader phase, the kernel loading phase, and the init phase. It describes how to configure Legacy GRUB and GRUB 2, how to work with the kernel and its modules, and how to modify services that are enabled at boot.

CHAPTER OUTLINE 1. Phases of the Boot Process a. The BIOS/UEFI Phase b. the Bootloader Phase c. The Kernel Phase d. The Post-Kernel Phase 2. GRUB a. Legacy GRUB Configuration i. Changing Legacy GRUB During Boot ii. Booting to Single-User Mode in Legacy GRUB iii. Securing Legacy GRUB b. GRUB 2 Configuration i. Saving GRUB 2 Changes ii. GRUB 2 Titles iii. Booting to Single-User Mode in GRUB 2 iv. Securing GRUB 2 3. Kernel Components a. Kernel Documentation b. Tweaking the Kernel c. Kernel Images d. Kernel Modules i. Module Files ii. Listing Modules That Are Loaded

iii. Loading Modules into Memory iv. Unloading Modules from Memory v. Listing Module Information e. The /proc/sys Filesystem 4. The init Phase a. Configuring system i. Using Service Units 529 ii. Using Target Units

TEACHING NOTES AND TIPS PER TOPIC 1.

Phases of the Boot Process Teaching Note: This section explains the four phases of the Linux boot process: BIOS/UEFI, bootloader, kernel, and post-kernel. Teaching Tip: Describe the four stages in an overview, and then discuss each phase in more detail, explaining what happens in each phase. Teaching Tip: Ask students about their experiences of BIOS vs. UEFI. Since we are in a transitional period, they have probably encountered systems with both. Discuss the differences between them. BIOS is 16-bit, whereas UEFI is 32-bit, for example. UEFI support larger boot partitions, supports Safe Boot, and has other desirable features. Teaching Tip: Explain the concept of a bootloader, and list some of the possible bootloaders, including LILO, GRUB 2, and Legacy GRUB. This concept may seem foreign to students who are accustomed to Windows, where the bootloader is not a choice. Teaching Tip: Go through the numbered steps on page 503 to explain what happens as the kernel configures itself and loads kernel modules. Explain the purpose of initrd/initramfs images. The kernel is discussed in more detail in the Kernel Components section later in the chapter.

GRUB Teaching Note: This section explains GRUB and compares it to GRUB 2. It covers the configuration steps for both GRUB (also called Legacy GRUB) and GRUB 2. Teaching Tip: Practicing Legacy GRUB configuration is best done using CentOS 5.x. Most mainstream distros no longer use Legacy GRUB. Teaching Tip: Demonstrate editing the /boot/grub/grub.conf file, or review Example 28-1. Reference Table 28-1 when looking through the file to interpret common configuration settings. Table 28-2 provides a reference for the title settings. Teaching Tip: Demonstrate editing the primary configuration file for GRUB 2 by editing the /etc/default/grub file. Explain that those changes are populated out into /boot/grub2/grub (Red Hat) or /boot/grub/grub/cfg (Debian). Refer to Example 28-3.

Kernel Components Teaching Note: This section explains what a kernel is and how it fits into the overall Linux operating system. It discusses kernel documentation, images, and modules, and describes how to tweak the kernel.

Teaching Tip: Now is the time to make sure students understand what the kernel is. It is a core program and a collection of smaller programs, kernel modules (LKMs), that can be loaded and unloaded as required. The kernel manages hardware devices with the help of a driver for each hardware device. Modules are loaded and unloaded as needed. Teaching Tip: Point students to the kernel documentation, which is useful to make changes to the kernel or compile a custom kernel. It is either in /usr/src/linux/Documentation or /usr/share/doc/kerneldoc*/Documentation. For newer versions you need to install the kernel-doc package in order to get it. Teaching Tip: Go through the example in the section “Tweaking the Kernel” as an example of using the documentation to make a kernel change. Teaching Tip: Review the concept of Loadable Kernel Modules (LKMs) and their role in kernel functionality. Then compare their use to the concept of merging the kernel with modules into a kernel image. Review the example information on page 519 to continue the discussion of kernel images. 4.

The init Phase Teaching Note: This section explains the different init phase technologies that have been used historically in Linux, and explains how to configure system, the standard modern one. Teaching Tip: Introduce system to students as the process for managing what processes are started during system boot. It also provides other features, such as journald logging. Students who are familiar with Windows may find this function roughly analogous to controlling startup parameters via msconfig (preWindows 10) or via the Startup tab in Task Manager (in Windows 10). Teaching Tip: Explain the concept of a target unit. It’s essentially a collection of other units (usually service units). You can list all the different target units with systemctl list-unit-files --type=target. Refer to Example 28-15.

ACTIVITIES FOR CLASS I.

Discussion Topics Question 1: What are some key differences between Legacy GRUB and GRUB 2? Answer 1: Here are some possible answers. GRUB 2 supports more operating systems. It can use UUIDs to identify disk devices. (Some newer versions of Legacy GRUB can, too.) GRUB 2 supports LVM and RAID devices. The configuration files are also different. Legacy GRUB uses a single, simple configuration file. GRUB 2 uses a more complex system in which you should not edit the actual configuration file. Question 2: The author recommends setting the GRUB timeout value to 0 and removing any external drives and ports, such as CD-ROM drives and USB ports. He also recommends password-protecting the BIOS, password-protecting GRUB itself, and placing a physical lock on the case of the system. What are all these security measures hoping to guard against? Answer 2: They all have a common purpose of preventing someone from interfering with the boot process, which could be done if someone could change the boot order in BIOS and get the system to recognize external removable media such as USB or CD-ROM. Then, they could boot from one of these with a bootable Linux image, bypassing the hard drive’s GRUB program. They could then mount the hard drive and modify the root password.

II.

Exercises and Activities Lab Exercises: Assign one or more of the following lab exercises: • •

28.1 Configure GRUB 28.2 Manage the startup process

Web Search Exercise: Find several online references for configuring GRUB using a command line interface. Use one of these references to identify ten useful commands you could execute from the grub> prompt. Review Key Terms: Review these terms from the chapter. If desired, you can create a matching exercise from these words, matching the terms to their definitions. firmware

BIOS

UEFI

bootloader

MBR

LILO

GRUB

UUID

splashimage

LKM

kernel image file

unit

WEB RESOURCES Kernel.org Documentation: https://www.kernel.org/doc GRUB bootloader – Full Tutorial: https://www.dedoimedo.com/computers/grub.html GRUB 2 bootloader – Full Tutorial: https://www.dedoimedo.com/computers/grub-2.html GNU GRUB Manual 2.02: https://www.gnu.org/software/grub/manual/grub/grub.html The Linux Kernel: https://www.tldp.org/LDP/tlk/tlk.html

INSTRUCTOR’S GUIDE TO ACCOMPANY LINUX ESSENTIALS FOR CYBERSECURITY CHAPTER 29 DEVELOP A SOFTWARE MANAGEMENT SECURITY POLICY CHAPTER OBJECTIVES When students have finished reading this chapter and completing the exercises, they will be able to do the following: • • •

Read Common Vulnerabilities and Exposures (CVE) to discover possible security vulnerabilities Utilize distribution resources to better secure your systems Configure and secure legacy services

CHAPTER OVERVIEW Installing software comes with a responsibility: to ensure that the software placed on your systems does not pose a security risk. In this chapter, you learn how to discover possible security risks that software poses and how to minimize your exposure to risk. This chapter also explains how to configure and secure legacy services using xinetd.

CHAPTER OUTLINE 1. Ensuring Software Security a. Keep Packages Up to Date b. Consider Removing Unnecessary Packages c. Ensure You Install from Trusted Sources d. CVE e. Distribution-Specific Security Alerts 2. xinetd

TEACHING NOTES AND TIPS PER TOPIC 1.

Ensuring Software Security Teaching Note: This section focuses on key elements of creating a security policy that should be followed when managing software on a Linux distribution. Teaching Tip: Stress the importance of installing software updates that fix bugs or security vulnerabilities. Teaching Tip: Discuss some time-efficient options for finding and removing unnecessary packages. Use the suggestions on page 535, such as dividing the installed packages into categories and dealing with each category: 1) software that should be installed, 2) software that is optional, and 3) software that should not be installed. Show how to view package information with rpm, as in Listing 29-1.

Teaching Tip: Stress the importance of installing from trusted sources, and reviewing the configuration files that point the yum, dnf, or apt-get commands to repositories. A hacker could potentially redirect these. 2.

xinetd Teaching Note: This section describes xinetd, which is a collection of legacy services and is a replacement for the older inetd. Teaching Tip: Show the primary configuration file for the xinetd daemon, /etc/xinetd.conf. Refer to Table 29-1 for its settings and to Listing 29-2 for a sample configuration file. Table 29-2 contains some of the common settings in the /etc/xinetd.d directory.

ACTIVITIES FOR CLASS I.

Discussion Topics Question 1: Why is it important to keep a log of software updates? Answer 1: Answers will vary. Sometimes system problems are caused by updates, and logging updates will make troubleshooting easier. Also, any time you opt not to install an update, the reason should be clearly stated in a log entry, so another administrator does not install the update without knowing the reason why the update was omitted. Question 2: The author recommends that you not use a crontab job to perform updates automatically on servers. Why is this? Answer 2: An update could cause problems, especially an update to the core OS software. For mission critical servers, it is better to have a lab system that is identical and perform updates on the lab system. After testing it, the software updates should be safe to install on the server. You could also be prepared to undo updates if there is a problem, and, if you did an automatic update, you might not notice the problem immediately. Finally, an update might require a reboot, and if it were done automatically you might not notice the reboot. If the system doesn’t come back up as expected, you would not be there to fix the problem immediately.

II.

Exercises and Activities Lab Exercises: Assign one or more of the following lab exercises: • •

29.1 Explore Common Vulnerabilities and Exposure reports 29.2 Manage and secure legacy services

Web Search Exercise: This chapter refers to xinetd as a super daemon, which is also sometimes called a super service. What does that mean? Find out by reading some articles online and write a one-paragraph explanation of super daemons. Make sure to reference your sources. Review Key Terms: Review these terms from the chapter. CVE

RHSA

sniff

WEB RESOURCES Common Vulnerabilities and Exposures (CVE): http://cve.mitre.org

xinetd

Red Hat Security Advisories: https://access.redhat.com/security/security-updates/ Linux Journal – Using xinetd: https://www.linuxjournal.com/article/4490

INSTRUCTOR’S GUIDE TO ACCOMPANY LINUX ESSENTIALS FOR CYBERSECURITY CHAPTER 30 FOOTPRINTING CHAPTER OBJECTIVES When students have finished reading this chapter and completing the exercises, they will be able to do the following: • •

Use probing tools, such as nmap Scan the local network

CHAPTER OVERVIEW This chapter covers the techniques that hackers use to discover information about systems. By learning about these techniques, you should be able to form a better security plan.

CHAPTER OUTLINE 1. Understanding Footprinting 2. Common Footprinting Tools a. The nmap Command b. The netstat Command c. The lsof Command d. The nc Command e. The tcpdump Command f. Additional Utilities 3. Kali Linux Utilities a. Essential Information Gathering b. DNS Analysis Tools c. Host Identification Tools d. OSINT Tools e. Route Analysis Tools

TEACHING NOTES AND TIPS PER TOPIC 1.

Understanding Footprinting Teaching Note: This section defines footprinting and explains why hackers do it. Teaching Tip: Use the analogy presented in the text for a discussion. Select a building that all students are familiar with, and have them brainstorm what they would need to know about that building in order to break into it. Then pivot the discussion to a network or IT system. What would you need to know about it? How would you go about finding its weaknesses?

Teaching Tip: Caution students that they must have the written consent of the organization to perform footprinting actions on any of its systems. Being an employee of the company is not sufficient permission. 2.

Common Footprinting Tools Teaching Note: This section lists many Linux commands that hackers commonly use for footprinting and briefly explains each one. The commands covered include nmap, netstat, lsof, nc, and tcpdump. Teaching Tip: Demonstrate nmap and its various options, or refer to Examples 30-1 through 30-7. Students may be surprised how easy it is to find open ports. Use this opportunity to discuss firewalls and their usefulness in protecting ports. Teaching Tip: Demonstrate netstat with the -s option, displaying a summary of network packet information broken down by protocol. Refer to Example 30-8. Point out the other available options for the command, such as -r for the routing table and -i to show each interface separately. Table 30-1 provides other options, too. Teaching Tip: Refer students to the note on page 551 that explains that netstat is obsolete and also explains why it is still covered in this book. Teaching Tip: Explain that the nc command is a multipurpose command. It can listen for connections on a port, open TCP connections, send UDP packets, and scan ports, for example. Show several of its options, including -w, -6, -k, -u, and -z. Teaching Tip: Remind students what a packet sniffer is, allowing you to view local network traffic. Then demonstrate the tcpdump command, which captures network traffic. Refer to Example 30-10.

Kali Linux Utilities Teaching Note: This section provides an overview of the utilities that come with Kali Linux that can help with footprinting. Teaching Tip: As shown in Figure 30-1, Kali Linux organizes its tools by category, such as Information Gathering, Vulnerability Analysis, and so on. Figure 30-2 shows how a category expands to subcategories. Browse the categories as students watch, noting the important tools in each category, or have students follow along on their own Linux machines if possible.

ACTIVITIES FOR CLASS I.

Discussion Topics Question 1: What is the difference between a port and a socket? And what is the difference between nmap and lsof? Answer 1: A port is an opportunity for a connection to exist, like an open door. A socket is one end of an actual connection, like the connectors at each end of a cable that connects two computers. The nmap command shows open ports. The lsof command shows open sockets. Question 2: Why is it useful to become familiar with all of the utilities that come with Kali Linux? Answer 2: Hackers are familiar with them and will likely use some of these tools to attack your system. If you are familiar with a tool and its capabilities, you will better understand the scope of the potential threats.

II.

Exercises and Activities Lab Exercises: Assign one or more of the following lab exercises: • •

30.1 Use probing tools 30.2 Scan the network

Web Search Exercise: Find some online tutorials for using Kali Linux to hack systems. Read through them and make a list of some possible things a hacker could do to a Linux server. Consider what you could do to protect yourself against those things. Summarize your findings and your analysis. Review Key Terms: Review these terms from the chapter. If desired, you can create a matching exercise from these words, matching the terms to their definitions. footprinting

port scanner

socket

packet sniffer

WEB RESOURCES Kali Linux: https://www.kali.org/ SANS Institute InfoSec Reading Room – Footprinting: What Is It, Who Should Do It, and Why?: https://www.sans.org/reading-room/whitepapers/auditing/footprinting-what-is-it-who-should-do-it-and-why-62

INSTRUCTOR’S GUIDE TO ACCOMPANY LINUX ESSENTIALS FOR CYBERSECURITY CHAPTER 31 FIREWALLS CHAPTER OBJECTIVES When students have finished reading this chapter and completing the exercises, they will be able to do the following: • • • •

Identify the essential components of a firewall Create a firewall to control access to a system or network Block access to external systems Configure NAT (Network Address Translation)

CHAPTER OVERVIEW In this chapter, you learn the essentials to creating firewalls in order to control access to a system or network and block access to external systems. It also explains how to configure Network Address Translation (NAT), which further impedes hackers’ attempts to access a system by changing the IP address.

CHAPTER OUTLINE 1. Introduction to Firewalls 2. Essentials of the iptables Command a. Overview of Filtering Packets b. Important Terms 3. Using iptables to Filter Incoming Packets a. Filtering by Protocol b. Multiple Criteria c. Filtering Based on Destination d. Changing the Default Policy e. Revisiting the Original Rules f. Saving the Rules 4. Using iptables to Filter Outgoing Packets 5. Implementing NAT

TEACHING NOTES AND TIPS PER TOPIC 1.

Introduction to Firewalls Teaching Note: This section defines the term firewall and explains that there are many options available for firewall software.

Essentials of the iptables Command

Teaching Note: This section introduces iptables, a firewall that is available by default on most Linux distributions. Teaching Tip: The iptables command can be used to create rules that execute several types of security functions. Review these, as presented in the bulleted list on pages 560-561. Teaching Tip: Use Figures 31-1 through 31-3 as visual aids to discuss filtering incoming packets. Make sure students understand the concepts of filtering point, table, chain, target, and default chain policy. Teaching Tip: Review the different types of targets at the bottom of page 563. 3.

Using iptables to Filter Incoming Packets Teaching Note: This section shows how to configure iptables to allow or block incoming packets for a single host or an entire network. Teaching Tip: Demonstrate how to see the current rules with the iptables -t filter -L INPUT command. Review the various option to use with INPUT, including -D, -F, and -A.

Using iptables to Filter Outgoing Packets Teaching Note: This section explains how to use iptables to restrict the flow of outgoing packets using the OUTPUT-filter chain. Teaching Tip: It is more user friendly to use the REJECT target, which responds with an error message, rather than the DROP target, which generates no response.

Implementing NAT Teaching Note: This section reviews the various forms of NAT. Teaching Tip: Review the types of NAT: DNAT, SNAT, and MASQUERADE. Discuss the situations where one might be better than another.

ACTIVITIES FOR CLASS I.

Discussion Topics Question 1: Why would you want to block outgoing packets using a firewall? Answer 1: You might want to restrict users from visiting certain websites or file repositories, for various reasons. You might also want to prevent applications from sending information from your system without your permission. Question 2: Why are there so many filtering points? Answer 2: Each filtering point represents a “gate” that packets must pass through. Having multiple filtering points enables fine-tuning of the rules that allow or disallow network traffic through the system. You don’t have to set up filters at every filtering point; they are simply options designed to give you maximum flexibility.

II.

Exercises and Activities

Lab Exercises: Assign one or more of the following lab exercises: • •

31.1 Create a firewall to protect a system 31.2 Implement NAT

Web Search Exercise: The author mentions on page 569 that there are many iptables helper utilities, including GUI-based ones. Find several of these. Review them to determine the pros and cons of each tool, and provide an analysis and a recommendation of the tool you would use. Review Key Terms: Review these terms from the chapter. If desired, you can create a matching exercise from these words, matching the terms to their definitions. firewall

NAT

mangle

filtering point

table

chain

target

default chain policy

firewalld

UFS

router

rule

WEB RESOURCES Firewall diagram by Jan Engelhardt: https://upload.wikimedia.org/wikipedia/commons/3/37/Netfilter-packetflow.svg Firewalld: https://firewalld.org Ubuntu Community Help Wiki – IptablesHowTo: https://help.ubuntu.com/community/IptablesHowTo Iptables – Linux man page: https://linux.die.net/man/8/iptables

INSTRUCTOR’S GUIDE TO ACCOMPANY LINUX ESSENTIALS FOR CYBERSECURITY CHAPTER 32 INTRUSION DETECTION CHAPTER OBJECTIVES When students have finished reading this chapter and completing the exercises, they will be able to do the following: • • •

Use tools to determine if the network has been compromised Determine if key system files have been compromised Explore additional IDS (intrusion detection system) tools and techniques

CHAPTER OVERVIEW The goal of this chapter is to introduce some of these tools, including repurposing tools that you have learned in previous chapters. With the knowledge that you gain in this chapter, you can begin the process of creating an intrusion detection procedure that is customized to your environment.

CHAPTER OUTLINE 1. Introduction to Intrusion Detection Tools a. Determining If a Security Breach Has Occurred b. Taking Actions 2. Intrusion Detection Network Tools a. The netstat Command b. The nmap Command c. The tcpdump Command 3. Intrusion Detection File Tools a. Modifying the /etc/passwd and /etc/shadow Files to Create a Backdoor b. Creating an SUID Program to Create a Backdoor c. Incorporating File-Change Tools in the Intrusion Detection Plan 4. Additional Intrusion Detection Tools

TEACHING NOTES AND TIPS PER TOPIC 1.

Introduction to Intrusion Detection Tools Teaching Note: This section provides an overview of intrusion detection. It talks about some major hacks that have occurred in the recent past and introduces the concept of a recovery plan. Teaching Tip: Review the bulleted list on page 573 that lists the topics to include in a recovery plan. Ask students if they can think of additional items that might be useful in a recovery plan.

Intrusion Detection Network Tools Teaching Note: This section covers some of the intrusion detection tools that are installed by default on most Linux distributions. Teaching Tip: Suggest that students create scripts and then run some of these commands on a regular basis using crontab. Teaching Tip: Remind students of what they already know about netstat from Chapter 19. Point out the ways to use netstat to monitor for evidence of intrusion, including netstat -ta and netstat -taupe. Review the example of the latter in Example 32-1. Teaching Note: The textbook incorrectly captions Example 32-1; the correct caption should be The results of the netstat -taupe command. Teaching Tip: Remind students what they know of the nmap command from Chapter 30. Point out that it is not as vulnerable to hackers replacing it as netstat is because you run this command from a different system than the potentially hacked system. Teaching Tip: Remind students what they know of the tcpdump command from Chapter 30.

Intrusion Detection File Tools Teaching Note: This section provides two examples of how intrusions occur and discusses incorporating file-change detection tools into your intrusion detection plan. Teaching Tip: Explain how a hacker could modify the /etc/passwd and /etc/shadow files to create a backdoor. This process is covered on page 576. Teaching Tip: Explain how a hacker could create an SUID program to create a backdoor. Refer to the explanation on pages 576-577. Teaching Tip: Remind students about the rpm -V command to determine if a file has changed since it was installed. This was covered in Chapter 26.

Additional Intrusion Detection Tools Teaching Note: This section lists some of the IDS categories available and recommends some additional tools. Teaching Tip: Make sure students understand the differences between passive IDS, reactive or active IDS, network-based IDS, and host-based IDS. Teaching Tip: In Kali Linux, review categories 09, 10, and 11 to survey the available IDS tools.

ACTIVITIES FOR CLASS I.

Discussion Topics Question 1: The author suggests that you should always assume systems and data are compromised and then work from that position. What is the rationale for this?

Answer 1: Too often security experts assume that the system hasn’t been fully compromised and use tools to attempt to fix problems, only to discover that the tools themselves have been compromised. If the tools for detecting and fixing an intrusion are themselves hacked/compromised, using them could cause even more damage because there is no telling what the hacker has re-programmed them to do. Question 2: When developing a recovery plan, what information should it contain? Brainstorm a list. Answer 2: It should include plans for taking the compromised systems offline, and identifying every system affected by the compromise. There should be a list of people to be notified in a specific order, and what information should be provided to each person. There should be a plan to bring a replacement server online, but only after the security hole that was used in the compromise has been plugged. There should be a full diagnostic performed on the server. There should be a plan to notify management, customers, clients, government agencies, and the public, and who should make these notifications. The plan should specify that nobody other than those authorized should speak about the situation. II.

Exercises and Activities Lab Exercises: Assign one or more of the following lab exercises: • •

32.1 Scan the system to determine if it has been compromised 32.2 Use IDS Tools

Web Search Exercise: There are many commercial intrusion detection systems, by Cisco and other vendors, that make it easier to implement an IDS plan. Identify at least three of these, and summarize their capabilities and benefits. Review Key Terms: Review these terms from the chapter. intrusion detection

IDS

passive IDS

reactive or active IDS

NIDS

HIDS

WEB RESOURCES Wireshark: www.wireshark.org Linux 101 Hacks – md5sum Command Examples: https://linux.101hacks.com/unix/md5sum/ Ubuntu Manpage – sha1sum: http://manpages.ubuntu.com/manpages/xenial/man1/sha1sum.1.html Security Onion: https://securityonion.net Tripwire: https://www.tripwire.com AIDE: http://aide.sourceforge.net/

INSTRUCTOR’S GUIDE TO ACCOMPANY LINUX ESSENTIALS FOR CYBERSECURITY CHAPTER 33 ADDITIONAL SECURITY TASKS CHAPTER OBJECTIVES When students have finished reading this chapter and completing the exercises, they will be able to do the following: • • • •

Configure the fail2ban service Set up a virtual private network Encrypt files using gpg Use security sites to become informed about security issues

CHAPTER OVERVIEW In this chapter, you learn how to use the fail2ban service to temporarily block access to a system. You also learn how to set up a basic VPN (virtual private network) and secure files using the gpg utility. Lastly, you learn about security sites that provide useful alerts.

CHAPTER OUTLINE 1. The fail2ban Service 2. OpenVPN a. Configuring the Certificate Authority b. Generating the VPN Server Certificate c. Generating the VPN Client Certificate d. Setting Up the Basic Server e. Setting Up the Basic Client 3. gpg 4. Security Alert Services

TEACHING NOTES AND TIPS PER TOPIC 1.

The fail2ban Service Teaching Note: This section introduces the fail2ban daemon, which scans specific logs looking for IP addresses of systems that attempt to breach a system via repeated connection attempts. Teaching Tip: Point out that you should not modify the /etc/fail2ban/jail.conf file directly, but instead should create .local files. Refer to Table 33-1 for the configuration settings you can use.

OpenVPN

Teaching Note: This section covers OpenVPN, which is an open source variation of VPN software that enables you to create a VPN in Linux. Teaching Tip: Students can acquire OpenVPN via apt-get with apt-get install openvpn easy-rsa. Teaching Tip: There are five steps to configuring OpenVPN. Each is covered in a section in this chapter. Walk students through these examples, showing as much live as possible. • • • • • 3.

Configure a Certificate Authority (CA) Generate the VPN Server certificate Generate the VPN Client certificate Configure the VPN server Configure the VPN client

gpg Teaching Note: This section explains the GNU Privacy Guard utility (gpg), which creates public and private encryption keys that can be used for encrypting files. Teaching Tip: Review the results of the gpg --gen-key command shown in Example 33-6, and discuss the content of the output. Teaching Tip: Explain how to generate a public key with gpg, and then send it to someone whom you want to use it. Show how you can import a received key into your GPG database, and then encrypt a file with it.

Security Alert Services Teaching Note: This section lists three security alert services to be aware of: BugTraq, CERT, and USCERT.

ACTIVITIES FOR CLASS I.

Discussion Topics Question 1: What is the difference between CERT and US-CERT? Answer 1: CERT is privately maintained by Carnegie Mellon University’s CERT Coordination Center, whereas US-CERT is maintained by the U.S. government. Question 2: What are the pros and cons of using OpenVPN versus a commercial VPN service? Answer 2: OpenVPN can save money, and, if you have IT people who are experienced in using it, it is a perfectly good option. A commercial service can be more convenient and can relieve the burden of maintaining the VPN if your IT staff is overtaxed or inexperienced.

II.

Exercises and Activities Lab Exercises: Assign one or more of the following lab exercises: • •

33.1 Configure fail2ban 33.2 Implement a VPN

•

33.3 Encrypt files with gpg

Web Search Exercise: This chapter mentioned three security alert services: BugTraq, CERT, and USCERT. Find three more, and summarize what they offer. Review Key Terms: Review these terms from the chapter. If desired, you can create a matching exercise from these words, matching the terms to their definitions. CERT

VPN

certificate

public key

private key

RSA

WEB RESOURCES Fail2ban: https://www.fail2ban.org/wiki/index.php/Main_Page OpenVPN: https://openvpn.net BugTraq-Team Downloads: http://www.bugtraq-team.com/ CERT: https://www.sei.cmu.edu/about/divisions/cert/index.cfm US-CERT: https://www.us-cert.gov