Page 305 - DCAP403_Operating System
P. 305

Operating System




                    Notes          Access to the root account should be limited for a couple of reasons. First, the more people with
                                   root access, the more people who have complete control over the system. This makes access
                                   control diffi cult.
                                   Also, the more people that have root access, the more fingers get pointed. There are people who

                                   are going to deny having done something wrong. Often this results in a corrupt system, as there
                                   are everyone has the power to do everything, someone did something that messed up the system
                                   somehow and no one will admit. Sound familiar?

                                   The fewer people that have root, the fewer fingers need to be pointed and the fewer people can
                                   pass the buck. Not that what they did was malicious, mistakes do happen. If there are fewer
                                   people with root access and something goes wrong, tracking down the cause is much easier.
                                   Rather than several users all having the root password, some people think that it is safer to create
                                   several users all with the UID of root. Their belief is that since there are several lognames, it’s
                                   easier to keep track of things. Well, the problem in that thinking is that the system keeps track of
                                   track of users by the UID. There is no way to keep these users separate, once they log in.

                                   Another security precaution is to defi ne secure terminals. These are the only terminals that the
                                   root user can login from. In my opinion, it is best to only consider directly connected terminals as
                                   “secure”. That is, the root user can log into the system console, but not across the network. To get

                                   access as root across the network, a user must first login under their own account and then use
                                   su. This also provides a record of who used the root account and when.
                                   If the system is connected to the Internet, such as for a HTTP or FTP server, then security is a
                                   primary consideration.
                                   One way of avoiding compromising your system is to have your WWW server connected to the
                                   Internet, but not to your internal network. Should someone be able to break into the WWW server,
                                   the worst that can happen is that the WWW server is down for a day or so as you reload from
                                   backups. If the intruder had access to the internal network, your livelihood could be threatened.
                                   One very common attack is the dictionary attack. Here the hacker uses common words, encrypts

                                   them using the same as the password taken from the password file and then the two are compared.

                                   Remember that the /etc/passwd file is readable by everyone and the seed is contained within the
                                   encrypted password is always the first two characters.

                                   Although this seems to be a major security hole, it is very effective if you use passwords that are
                                   not easy to guess. The reason is that the encryption goes only one way.

                                   13.11 Summary

                                   Linux is a modular Unix-like operating system. Linux operates in two modes - the Kernel mode
                                   (kernel space) and the User mode (user space). The Linux kernel is a monolithic kernel. Any
                                   application that runs on a Linux system is assigned a process ID or PID. This is a numerical
                                   representation of the instance of the application on the system. There are generally two types
                                   of processes that run on Linux. Interactive processes are those processes that are invoked by a
                                   user and can interact with the user. Interactive processes can be classified into foreground and

                                   background processes. The foreground process is the process that you are currently interacting
                                   with, and is using the terminal as its stdin (standard input) and stdout (standard output). A
                                   background process is not interacting with the user and can be in one of two states - paused or
                                   running. All processes are derived from the init process and can trace their roots back to init.
                                   All processes run partially in user mode and partially in system mode. Virtual memory is used
                                   in Linux. It uses the Buddy algorithm to effectively allocate and deallocate blocks of pages. Its
                                   developers and users use the web to exchange information ideas, code, and Linux itself is often
                                   used to support the networking needs of organizations. This unit describes how Linux supports
                                   the network protocols known collectively as TCP/IP.




          298                              LOVELY PROFESSIONAL UNIVERSITY
   300   301   302   303   304   305   306   307   308   309   310