Transcript Review week nine lab assignment

..\..\Local Settings\Temporary
Internet
Files\Content.IE5\WL2C8E1D\j04
11667[1].jpg
Week Ten Agenda
•Announcements
•Link of the week
•Review supplemental information
•Review week nine lab assignment
•Week ten expected outcomes
•Next lab assignment
•Break-out problems
•Upcoming deadlines
•Lab assistance, questions, and concerns
Link of the week
Protocol Directories
http://www.protocols.com/pbook/
This site is a protocol directory. It provides a break down of
TCP/IP, VoIP, Cellular, and general protocols.
http://www.javvin.com/protocolsuite.html
Network Protocol Suite Directory and Index
Sites contains software, books, tools, and services.
Network communication is defined by network protocols.
Link of the week
Define: Network Protocol serves as a communication
language among computing devices. A network
protocol facilitates device identification and data
transfer. What type of things are determined by a
network protocol?
1. Type of error checking to be used.
2. Data compression method to be used.
3. How the sending device will indicate that it has
finished sending a message.
4. How the receiving device will indicate that it has
received a message.
Review week nine lab assignment
Physical Link
ln small_passwd small_passwd_hard
-rwx---r-x 2 dandrear faculty
402 Mar 1 10:43
small_passwd
-rwx---r-x 2 dandrear faculty
402 Mar 1 10:43
small_passwd_hard
A physical link provides an additional path to the
data.
Most all file name entries in a directory are hard
links.
Review week nine lab assignment
Symbolic Link
ln –s small_passwd small_passwd_soft
lrwxrwxrwx 1 dandrear faculty
12 Mar 7 12:22
small_passwd_soft -> small_passwd
Provide an additional path to the data.
Symbolic links allow data to be referenced across
different file systems (no restrictions).
Review week nine lab assignment
“Initializing” or “booting” the machine
The startup process of a computing system is the
installation of software. Many pieces of the software are
configured into subsystems and are interdependent upon each
other.
Both Red Hat Linux and Solaris are based on the UNIX
System V boot up procedure.
Steps involved in the boot procedure
CPU mode is set to RESET
CPU is pre-programmed to begin execution at hex address
0Xfffffff0. Address 0Xfffffff0 is mapped to ROM (Read Only
Memory). This ROM (BIOS ) address contains a set of
routines that are burnt on the chip.
Review week nine lab assignment
The I/O routines on the BIOS continue the boot process
by reading Track 0, Sector 1 of the hard disk. This is the
location of the Master Boot Record (MBR). The size of
the MBR is 512 bytes. The MBR contains the disk
partition tables, and executable code which is the first
part of the boot loader. The MBR is independent of the
kernel.
In Linux operating systems, most modern boot loaders
(such as LILO or GRUB), users can change which
process the kernel spawns at the end of its initialization
from the normal default of /sbin/init file.
The boot loader is responsible for loading the kernel into
memory. Boot loaders are independent of the operating
system and are executable code found inside the MBR.
The boot loader must share the 512 bytes with the
partition table.
Review week nine lab assignment
When Unix was written over 40 years ago, one unusual design
feature was that every physical device connected to the
computer was represented as a file.
There are differences between devices that is apparent. Disk
devices are random-access, and others like terminals are
sequential-access.
A practical difference is that filesystems can only be mounted on
block devices, not on character ones. For example, tapes are
character devices. It is possible to copy the contents of a raw,
quiescent (unmounted and not being modified) filesystem to a
tape, but you will not be able to mount the tape, even though it
contains the same information as the disk.
Review week nine lab assignment
Define: Linux initrd
The /dev/initrd file is a read-only block device. Device
/dev/initrd is a RAM disk that is loaded by the boot
loader into memory before the kernel is started. The
kernel utilizes this block device for a two phased
system boot-up.
During the first phase, the kernel starts up and mounts
an initial root filesystem from the contents of the
/dev/initrd (RAM disk initialized by the boot loader).
The second phase, additional drivers or other module
information are loaded from the initial root device as
contents. After loading all modules, a new root
filesystem (/etc/fstab) is mounted from a different
device.
Review week nine lab assignment
Ls –l /dev/initrd
brw-rw---- 1 root
disk
1, 250 Jun 24 2004 initrd
Review week nine lab assignment
Role of the kernel
Once the drivers have been loaded, execution is turned over to
the kernel.
The kernel then executes a series of steps.
- Determines memory size
- Initializes Data Structure
- Mount root partition
- Hardware Configuration
Kernel configures information based on
probing the system bus, and querying
drivers for information. Devices that are
missing drivers are considered disabled.
- Hand crafted/Spontaneous processes.
Review week nine lab assignment
Linux Kernel Data Structure (task_struct)
The task_struct data structure contains the following fields:
- Process state
running
returning from system call
processing an interrupt routine
processing a system call
ready
waiting
- Processes priority
- Clock ticks (10ms intervals) which the process can continue
executing without forced rescheduling.
- Error number of the last faulting system call
- Describe a processes:
original parent, parent, youngest child, younger sibling, and
finally older sibling.
- Process ID
- Timing information; for example, the amount of time the process has
spent in user mode.
Review week nine lab assignment
The Linux kernel process table is a data structure that
describes all processes that currently exist. The process
table is implemented as an array of pointers to task
structures.
The kernel process table is limited in size to 512 entries.
Review week nine lab assignment
Structures
Examples of
structures:
struct date {
int day;
int month;
int year;
int yearday;
char mon_name[9];
};
struct key {
char *keyword;
int keycount;
};
struct key keytab[NKEYS];
Review week nine lab assignment
A Process’s Files
task_struct
inode
fs_struct
count
fs
files
inode
*toot
*pwd
files_struct
file
count
f_mode
fd[1]
N
W
E
S
inode
Review week nine lab assignment
task_struc
t
mm
Process’s Virtual
Memory
mm_struct
count
vm_area_struct
vm_end
vm_start
Data
0x8059BB8
vm_next
mmap_avl
vm_area_struct
Code
vm_end
vm_start
0x8048000
0x0000000
Review week nine lab assignment
Role of the init process
The kernel starts a few spontaneous/handcrafted processes in user space.
The origin of the init process is from the kernel and not the fork and execute
procedure. The init process has Process ID (PID) of one (1) and a Parent
Process ID of zero (0).
The init process is the ultimate parent in the running system and plays an
important role in the startup process. All future processes on the system are
descendents of the init process.
Once the system processes are created, then the kernels work is basically
completed.
The init process performs the following tasks:
Executions the /etc/rc.d/rc.sysinit script
Sets the system clock
Activates the paging process
Starts the RAID devices
Check and mounts other file systems
Executes the /etc/inittab script
Execution of run commands
Switch to multi user mode
After the run commands (rc) have executed, the system is fully operational.
Review week nine lab assignment
init process
It looks for the file /etc/inittab to see if there is an entry of the type
initdefault. The initdefault entry determines the initial run level of the
system.
init login process
1. Init process spawns the getty or minigetty
process.
2. The getty process invokes the login process. After the user name
has been entered, it is passed to the login process.
3. The login process prompts the user for a user password, and
verifies it. If authentication is successful, the user’s shell is created.
Otherwise, a failure causes an error message, ends and then init
process will respawn getty or minigetty.
4. The user’s preferred shell will be invoked creating a session.
Eventually, the user will logout.
Review week nine lab assignment
Power-up / CPU
RESET
Linux Boot Process
Summary
System startup
Stage 1 bootloader
Master Boot
Record
Stage 2 bootloader
LILO, GRUB,
etc.
Kernel
Init
Operational
BIOS
Linux
User-Space
Review week nine lab assignment
In UNIX, a process is a name given to a program being executed by the operating
system.
In Linux, that same program is referred to as a task or process. Linux considers
both names as the same.
A process consist of:
- Program code, data, and stack
- Open files (stdin, stdout, stderr)
- System data structures
- Environment (terminal type, user login directory)
A Linux system will share code and system libraries among processes so that
memory can be conserved and only keep one copy of the code is in memory at
a time.
Each Linux process is allocated a unique process identifier (PID). The range of
PIDs is usually between 2 and 32,768.
Review week nine lab assignment
Process
A process can be terminated in a couple of ways:
- Foreground process by typing Ctl-C or Ctl-Z
- Background process with PID=n and typing kill -n
Zombie Process
A child process that terminates before its parent but still has an
entry in the process table. This entry still needs to allow the
process that started the zombie process to read its exit status.
Orphan Process
Is a process that is still executing, but whose parent has died.
An orphan process is eventually adopted by the init process.
Review week nine lab assignment
Process
Processes go through various process states during their
existence. These transitory states are managed by the operating
system (OS). The specifics of these process states vary from
one OS to another, as well as the state names.
Process states:
1. Created (fork and exec)
2. Waiting (process scheduler - load from secondary
storage to main memory)
3. Running (after a process is assigned a processor by a short –
term scheduler, context switch is performed)
4. Blocked (waiting for resources - user input or secondary
storage input. Then process is moved back to “waiting”
state)
5. Terminated (finished execution, waits to be removed from
main memory)
Review week nine lab assignment
Process Summary
In Unix-like operating systems, the kernel is invoked
when a process issues a system call.
All processes have owners.
Processes transition through various states.
When an original process (parent) creates or spawns
another processes (child), it inherits the file access
and execution privileges belonging to the parent.
Review week nine lab assignment
Define Thread
The amount of work performed by a process or
task.
- A single threaded process is a process only
performs one task.
- A multi-threaded process is a process that
performs multiple tasks concurrently
without incurring additional overhead
needed to create a new process.
Review week nine lab assignment
System run levels
0 - Halt system
1 - System maintenance
2 – Multi-user mode
3 - Remote file sharing state
4 – unused
5 - X11 (X Window System for graphical desktop environment)
6 - Shutdown
Shutdown command
The shutdown command brings the system down in a graceful
manner. This is the preferred way to shutdown your computer at the
end of the day as it logs you out of the computer, clears the system
memory of any errors that have developed over the course of the day,
and leaves the machine ready for you to login immediately the next
day. It also allows any needed updates to install automatically over the
course of the night.
Review week nine lab assignment
One commonly issued form of this command is shutdown -h now, which will shut down a
system immediately. Another one is shutdown -r now to reboot. Another form allows the user
to specify an exact time or a delay before shutdown: shutdown -h 20:00 will turn the
computer off at 8:00 PM, and shutdown -r -t 60 will automatically reboot the machine within
60 seconds (one minute) of issuing the command.
The complete syntax of the Linux version of the command is:
usage: shutdown [-akrhfnc] [-t secs] time [message]
-a use /etc/shutdown.allow
-k don't really shutdown, only warn
-r reboot after shutdown
-h halt after shutdown
-f do a 'fast' reboot (skip fsck)
-F force fsck on reboot
-n do not go through "init" but go down real fast
-c cancel a running shutdown
-t secs delay between warning and kill signal
Caveat:
• The command kill sends the specified signal to the specified process or process group. As a
precaution, avoid indiscriminate use of the kill command on jobs involving text editors,
databases programs, mail programs, or any other program that has a large amount of user
interaction. The kill command terminates a job without saving any of the user input or
program results.
Week ten, eleven, twelve expected
outcomes
Upon successful completion of this module, the student will be
able to:
Manipulate user accounts.
•
Describe how cron is used to invoke repetitive processes.
•
Manipulate process structure including: A. fork/execute, B.
Initialization process, C. Background/foreground, D. PS
tool.
•
Explain basic UNIX and Linux security issues.
•
Describe disk and file system structure.
•
Use backup and restore archival operations on a system.
•
Establish network services.
•
Investigate the structure of the LDAP directory using LDAP
commands.
Next Lab Assignment
Network daemon – Linux uses xinetd to monitor all configured
ports and starts system resources usage only on-demand, since
the daemons aren’t running all the time. Security and resource
usage is the main objective..
Chroot jail – Utilized by Linux and UNIX OS to create an
artificial root directory. Creating a temporary root directory
prevents a program from accessing or modifying files outside
the directory hierarchy starting at its root. Chroot affects only
the current process and its child processes.
The files need to be placed in the jail directory (such as /users)
in directories that mimic their placement in the root (/) file
system. So you need to copy all required files. For example,
/usr/bin/rssh is located on / file system. If your jail is located at
/users, then copy /usr/bin/rssh to /users/usr/bin/rssh.
Next Lab Assignment
Define fork()
Create a new process that is a clone of its parent. The clone
reflects only the basic components of the parent, not the
parents resource usage, and pending signals.
Define exec
Overlay the calling process virtual memory with a new program,
and transfer control to it.
exit(status)
Exit with a status, destroying the process.
Parent process waits for exit (or other status change) of a child.
Next Lab Assignment
Password File
Location: /etc/passwd
Field separators: Colon (:)
File format:
Username:Password:UID:GID:UserID:Home
directory:Command/shell
Example:
dandrear:x:1020:1021:dandrear
user:/export/home/dandrear:/bin/bash
Permissions on Einstein:
-rw-r--r-- 1 root root
1636 Aug 16 10:37 /etc/passwd
Next Lab Assignment
Password File
•
Username: It is used when user logs in. It should be between 1
and 32 characters in length.
•
Password: An x character indicates that encrypted password is
stored in /etc/shadow file.
•
User ID (UID): Each user must be assigned a user ID (UID). UID
0 (zero) is reserved for root and UIDs 1-99 are reserved for other
predefined accounts. Further UID 100-999 are reserved by
system for administrative and system accounts/groups.
•
Group ID (GID): The primary group ID (stored in /etc/group file)
•
User ID Info: The comment field. It allow you to add extra
information about the users such as user’s full name, phone
number etc. This field use by finger command.
•
Home directory: The absolute path to the directory the user will be
in when they log in. If this directory does not exists then users
directory becomes /
•
Command/shell: The absolute path of a command or shell
(/bin/bash). Typically, this is a shell. Please not it does not have to
be a shell.
Next lab assignment
Shadow File
Location: /etc/shadow
Field separators: Colon (:)
File format:
username:passwd:lastpasswdch:min:max:warn:inactive:expire:unused
Example:
dandrear:$1$dhBysgdhfteM9gd00:13064:0:99999:7:::
Permissions on Einstein:
-r-------- 1 root root
(Permission denied)
1107 Sep 5 15:24 /etc/shadow
Next lab assignment
Shadow File
•
•
•
•
•
•
•
•
•
User name : It is your login name
Password: It your encrypted password. The password should be
minimum 6-8 characters long including special characters/digits
Last password change (last changed): Days since Jan 1, 1970 that
password was last changed
Minimum: The minimum number of days required between password
changes i.e. the number of days left before the user is allowed to change
his/her password
Maximum: The maximum number of days the password is valid (after
that user is forced to change his/her password)
Warn : The number of days before password is to expire that user is
warned that his/her password must be changed
Inactive : The number of days after password expires that account is
disabled
Expire : days since Jan 1, 1970 that account is disabled i.e. an absolute
date specifying when the login may no longer be used
Unused field:
Next lab assignment
Group File
Location: /etc/group
Field separators: Colon (:)
File format:
Group name:Password:GID:User_list
Example:
faculty:x:410:
staff:x:430:
Permissions on Einstein:
-rw-r--r-- 1 root root
833 Aug 16 10:37 group
Next lab assignment
Group File
Group name: Name of the group.
Password: The group password would be
encrypted. If this field is empty, no password
is needed.
GID: The numerical group ID and/or unique
group identifier.
User_list: All the group member's user names,
separated by commas.
Next lab assignment
The Group File
• Permissions for users can be managed on a
group basis.
• Defines which users are members of which
group.
• A user can be a member of more than one
group (Some systems restrict number of groups
a user can be a member of).
• The group associated with a user in /etc/passwd
file is the user’s primary group.
12
Next lab assignment
The Group File
• Group Name: on many systems, restricted to 8 char.
• Password:
– Obsolete, still used in Linux.
– Often contains an ‘x’ or nothing.
– If field has ‘*’, means group is disabled.
• GID
–
–
–
–
A unique group identifier
unsigned 32 bit Integer
0 for group root, 1 for bin, 2 for daemon
Most systems: UID < 100: system groups, UID >= 100: user
groups
– Redhat: UID < 500: system groups, UID >= 500: user groups
• User List: comma separated, no spaces
14
Next lab assignment
The Group File
• If a user is defined as a member of a
group in /etc/passwd but not in /etc/group,
the file /etc/passwd takes precedence.
• On Linux, the file /etc/group can be edited
with vigr
• Linux supports a shadow group file.
– Its location is /etc/gshadow
– It is used to store group passwords.
15
Next lab assignment
Adding Users
• 3 different ways to add users:
– Manually
– Using the ‘useradd’ command
– Using a GUI based system administration
tool.
19
Break-out problems
simple_script &
What is a zombie process?
What files are updated on a Linux system when a
new user is added?
fork()
What information is stored in the /etc/passwd file?
What information is stored in the /etc/shadow file?
What information is stored in the /etc/group file?
What is a background process?
What is a foreground process?
What is an orphan process?
kernel
nice command
init process
Upcoming deadlines
Lab Assignment 9-1 is due November 15, 2009.
Lab Assignment 10-1 is due November 22, 2009.
Lab Assignment 10-2 is due November 22, 2009.
Lab Assignment 13-1 is due December 13, 2009.
First presentation date November 30, 2009.
Second presentation date December 7, 2009.
Lab assistance, questions and answers
• Questions
• Comments
• Concerns
• I will be available after this Franklin Live
session to discuss any problems and/or
concerns regarding lab assignments.
SELinux developed by the U.S. National Security Agency
(NSA), implements Mandatory Access Control (MAC) in the
Linux kernel. MAC enforces security policies that limit what
a user or program can do. It defines a security policy that
controls some or all objects, such as files, devices, sockets, and
ports, and some subjects like processes. Utilizing SELinux,
you can grant a process only those permissions it needs to be
functional.
TCP Wrapper is part of the client/server model, and can be used
with any daemon that is linked against libwrap.a, and relies on
the /etc/hosts.allow and /etc/hosts.deny files as the basis of a
simple access control language. This access control language
defines rules that selectively allow clients to access server
daemons on a local system based on the client’s address and
the daemon the client tries to access.
iptables utility that builds and manipulates network packet
filtering rules in the Linux kernel. You can use iptables to
create a firewall that protects a system from outside intruders.