Abstract: This is an overview of Linux tailored to the needs of CEG 429/629 students who are expected to have had fair exposure to Linux already. It provides background material on Linux and our choices in the OSIS lab. It tries to instill a sense of responsibility a student is expected to have as the super user. It gives pointers to reliable information on Linux system administration.
The CEG 429/629 Internet Security course depends on Linux for all its lab experiments. Most of the details of a lab depend only on "the" general Linux environment, not on specifics of a distribution of Linux. Even though you have taken a prerequisite OS course, it is likely that the issues covered/mentioned in this article are unfamiliar to you.
We will be dealing primarily with ext2/ext3/ext4 file system. Become familiar with the following.
| mkfs | create an empty file volume on the given partition | |
| tune2fs | adjust filesystem parameters on ext2/ext3/ext4 file volumes | |
| blkid | show block device attributes | |
| debugfs | ext2/ext3/ext4 file system debugger/repairer | |
| dd | low-level copying and conversion of raw data |
The /proc directory presents many of the OS internal data structures as if they were files. These data structures, and hence these files, do not exist when the OS is not running. Look at the output of tree /proc. This listing, on my home PC, is 70605 lines long. A few selected entries from /proc, that you should know about, are shown below in the ls -l format. Be aware that the size fields shown as 0 are inaccurate. So, e.g., cat /proc/cmdline shows the arguments supplied to the Linux kernel by the OS boot loader.
-r-------- 1 root root 140737486266368 Mar 29 15:20 kcore dr-xr-xr-x 8 root root 0 Mar 29 15:01 1 -r--r--r-- 1 root root 0 Mar 29 15:24 cmdline -r--r--r-- 1 root root 0 Mar 29 15:35 cpuinfo dr-xr-xr-x 1 root root 0 Mar 29 15:01 sys -r--r--r-- 1 root root 0 Mar 29 15:24 version_signature -r--r--r-- 1 root root 0 Mar 29 15:24 meminfo -r--r--r-- 1 root root 0 Mar 29 15:32 kallsyms -r--r--r-- 1 root root 0 Mar 29 15:35 interrupts -r--r--r-- 1 root root 0 Mar 29 15:35 ioports -r--r--r-- 1 root root 0 Mar 29 15:44 vmstat
Look at the output of tree /sys. This listing, on my home PC, is 25447 lines long. An ls -l /sys listing is shown below.
drwxr-xr-x 20 root root 0 Mar 29 15:01 bus drwxr-xr-x 46 root root 0 Mar 29 15:01 class drwxr-xr-x 4 root root 0 Mar 29 15:01 dev drwxr-xr-x 14 root root 0 Mar 29 15:01 devices drwxr-xr-x 4 root root 0 Mar 29 15:01 firmware drwxr-xr-x 6 root root 0 Mar 29 15:01 fs drwxr-xr-x 2 root root 0 Mar 29 15:37 hypervisor drwxr-xr-x 7 root root 0 Mar 29 15:01 kernel drwxr-xr-x 130 root root 0 Mar 29 15:01 module drwxr-xr-x 2 root root 0 Mar 29 15:02 power
Look at the output of tree /dev. This listing, on my home PC, is 655 lines long. A few selected entries from /dev, that you should know about, are shown below.
drwxr-xr-x 2 root root 940 Mar 29 15:01 block drwxr-xr-x 2 root root 4200 Mar 29 15:02 char drwxr-xr-x 3 root root 300 Mar 29 15:01 input drwxr-xr-x 2 root root 60 Mar 29 15:01 cpu drwxr-xr-x 2 root root 60 Mar 29 15:01 net brw-rw---- 1 root disk 7, 0 Mar 29 15:01 loop0 brw-rw---- 1 root disk 8, 0 Mar 29 15:01 sda brw-rw---- 1 root disk 8, 1 Mar 29 15:01 sda1 brw-rw---- 1 root disk 1, 0 Mar 29 15:01 ram0 crw------- 1 root root 5, 1 Mar 29 15:02 console crw--w---- 1 root tty 4, 14 Mar 29 15:01 tty14 crw-rw---- 1 root dialout 4, 64 Mar 29 15:01 ttyS0 crw------- 1 root root 10, 1 Mar 29 15:01 psaux crw------- 1 root root 1, 11 Mar 29 15:01 kmsg srw-rw-rw- 1 root root 0 Mar 29 15:01 log crw-r----- 1 root kmem 1, 1 Mar 29 15:01 mem crw-rw-rw- 1 root root 1, 8 Mar 29 15:01 random crw-rw-rw- 1 root root 1, 3 Mar 29 15:01 null crw-rw-rw- 1 root root 1, 5 Mar 29 15:01 zero lrwxrwxrwx 1 root root 15 Mar 29 15:01 stderr -> /proc/self/fd/2 lrwxrwxrwx 1 root root 15 Mar 29 15:01 stdin -> /proc/self/fd/0 lrwxrwxrwx 1 root root 15 Mar 29 15:01 stdout -> /proc/self/fd/1[Depending on the distribution, some of these "files" may not exist.] Physical memory is mapped to /dev/mem, kernel's virtual memory space is mapped to /dev/kmem. The /proc/kcore is also the kernel's virtual memory space in the in ELF format of: # file /proc/kcore produces /proc/kcore: ELF 64-bit LSB core file x86-64, version 1 (SYSV), SVR4-style, from 'BOOT_IMAGE=(hd0,5)/vmlinuz ro root=LABEL=KubuntuPrecise ro' on my home PC. Standard ELF utilities, such as objdump, can be used.
A program is a binary file produced by a linker that links several object code files produced by a compiler. Every OS has a small number of formats for for programs. On Linux, this standard is known as ELF. A program is a passive entity. In particular, it does not "run" -- a process does.
A process is created by the OS as a result of "invoking" a program. A process is an active entity: it is born, it has a life and it is expected to die.
Scripts are files of text written for a specific interpreter. Linux expects the first line to name the interpreter in a so-called "shebang" (#!) line. Script files often have executable permissions, which means that the shebang-named program should be invoked and then given the script file to interpret.
Become familiar with the following commands.
| ldd | show shared library dependencies | |
| strace | trace system calls and signals | |
| ltrace | trace library calls | |
| nm | list symbols from object files | |
| strip | Discard symbols from object files. | |
| size | list section sizes and total size of a program | |
| fork | create a child process | |
| vfork | create a child process and block parent | |
| pgrep | look up or signal processes based on name and other attributes | |
| pmap | show memory map of a process |
A certain amount Linux sysadmin learning is necessary in this course. There are many tutorials on the web. I have listed several on-line "books" below.
At a minimum, you must learn how to set the network up. This is covered in the NetUtils Lab. Note that even though we have a dhcp server running in the lab that doles out static IP addresses based on Ethernet addresses, most of the lab experiments require that the PCs you are using are isolated from the LAN that the server is on.
Become familiar with the content and functionality of the following files/directories.
| /etc/fstab | File volumes and their mount points | |
| /etc/passwd | User ids and their default first program | |
| /etc/group | User groups | |
| /etc/shadow | Encoded passwords of users | |
| /etc/hosts | table of hostnames and their IP addresses | |
| /etc/resolv.conf | network config related | |
| /etc/services | network config related | |
| /etc/exports | NFS exported file volumes | |
| /etc/inittab | config file for init | |
| /boot/grub/grub.cfg | config file for OS boot loader grub2 | |
| /boot/grub/menu.lst | config file for OS boot loader grub1 | |
| /boot/vmlinuz* | Linux kernel in compresses form | |
| /boot/initrd* | Initial Ram Disk for use by the kernel during boot | |
| /lib/modules/* | loadable kernel modules | |
| /dev/null | a write-able "file" that never becomes full. | |
| /dev/zero | a read-able "file" of un-ending zeros. | |
| /dev/urandom | a read-able "file" of random bytes. | |
| /sbin/ | has system programs needed during boot | |
| /usr/sbin | has system programs needed during normal operation | |
| /usr/lib/ | library files ; | |
| /etc/udev/* | dynamic device management | |
| /etc/init/* | config files of init | |
| /etc/init.d/* | config files ofservices invoked by init | |
| /etc/sysctl.conf | sysctl(8) preload/configuration file | |
| /var/log | log files and directories |
Become familiar with the following commands.
| ifconfig | configure a network interface | |
| route | show / update the IP routing table | |
| netstat | Print network connections, etc | |
| nc | arbitrary TCP and UDP connections and listens | |
| init 1 | change run level of init to 1 | |
| dmesg | display messages of the kernel | |
| sysctl | configure kernel parameters at runtime | |
| cron | daemon to execute commands at scheduled times | |
| md5sum | compute and check MD5 message digest | |
| sha1sum | compute and check SHA1 message digest | |
| file | heuristically determine the type of a given file | |
| chroot | run command or interactive shell with given directory as / (root) |
As you will see in the next section, it is easy to become root (superuser) in the OSIS lab. When you become root, be careful. Very careful.
Even though security in the OSIS Lab is deliberately loose so that it is a playground for security courses, we take ethics and personal responsibility seriously.
Along with being root comes a great deal of responsibility way beyond what was described above. Double, triple- check a command before you hit return. Be very sure of the arguments you supply to the commands.
This term (Spring 2012) we are trying two different variations on the Linux Live DVD setup, in addition to the default hard disk installed Debian/Ubuntu. As before, the PCs can also be booted from removable media. Among the many available (visit http://www.frozentech.com/content/ livecd.php for a list), I chose Knoppix and BackTrack. Below are a few more details, and tips.
The Grub boot menu looks like this:
For ALL Classes: Windows 7 For ALL Classes: Linux Ubuntu For CEG429 ONLY: Linux Knoppix For CEG429 ONLY: Linux BackTrack
The Debian ( www.debian.org ) development group has so extremely conservative goals that their so-called stable distribution uses several year old Linux kernel, is so unaware of the effect of their naming conventions that their so-called "unstable" distribution is more stable than most releases from RedHat, Mandrake and Suse.
Knoppix ( http://www.knoppix.org/) is based on the Debian distribution. Knoppix chooses a careful mix of packages from the stable, unstable, testing and experimental versions of Debian. Knoppix also pioneered pretty accurate hardware detection. Knoppix also pushed the development of compressed file systems that uncompress on-the-fly the needed portions. This make it possible for Knoppix to include in the space of some 650 MB the equivalent of 2 GB uncompressed files. Knoppix selects the "most useful" of the software packages to install in that 650 MB compressed file system. It includes everything needed in a typical CS class: C/C++ compilers, Gnu Emacs, gdb, Open Office, etc.
When you boot from this live DVD, you are automatically logged in, without a password, as a user named knoppix. Through the KDE-K/KNOPPIX/RootShell, you can get a root shell without password.
BackTrack ( http://www.backtrack-linux.org/) is an Ubuntu-based distribution with a collection of security and forensics tools. When you boot from this live DVD, you are automatically logged in, without a password, as root.
"Linux is a cancer that attaches itself in an intellectual property sense to everything it touches." -- Steve Ballmer, Microsoft CEO, June 1, 2001. Quotable quote?
We encourage you to set up Linux on your own machines. www.linuxnewbie.net/, New to GNU/Linux? Scan the various forums of this site to get a feel for what is involved in setting up Linux on a machine that you will be in charge.
Linux is open source. It is cost-free only if you download ISO images available from certain sites. OSIS Lab has several ISO images available for download. Your instructor is willing to provide burned in ISO image CDs in exchange for blank CDs. These CDs do contain al the documentation and several books in the .html and .pdf formats. If you were to buy Linux distributions, you will also get a printed copy or two.
Linux's hardware requirements are quite low. It is available on non-PC platforms, with non-x86 CPUs, such as Apple old Macs, Sun, and SGI, but it is easiest and cheapest to do it on a PC clone.
Linux driver releases for various hardware items are often several months behind the corresponding Windows drivers. Typical hardware items that have this problem are video cards and wireless devices (mice, keyboards, and 802.11). I suggest you chose hardware that is about six-months old. Linux does work on 386, 486, ..., but it is going to be difficult to install a modern Linux distribution on such old systems.
As long as the CPU is a Pentium III (equivalent) or above, the MHz GHz speed is unimportant. Hard disk size depends on how carefully you will prune the Linux installation. WSU electronic surplus often sells machines for under $50 that would be suitable for your Linux setup.
There is not much point, in this document, to go into the polemics of why I chose Debian Ubuntu for OSIS Lab. So, for your Linux system on your own computer, you may wish to chose other distributions. Here are some suggestions.
Visit www.distrowatch.com for pointers to distributions. Consider either the "major", "live CD" distributions or the ones mentioned below.
The typical distribution will require you to devote one or two partitions exclusively for Linux use. Currently (2012), Ubuntu, Red Hat/ Fedora, Suse/Novell are the leading commercial choices. Debian is often called a meta distribution because many other distributions, both commercial and free, are derived from it. Debian used to be hard to to install, but not any more (> 2005). The number of pre-compiled ready to install packages that Debian has is unmatched.
If you are not comfortable partitioning a HDD, do not chose such a distribution; consider a live CD/DVD Linux. There are excellent "live CD" distributions that run entirely off the CD. These do not alter the contents of your HDD in any way. However, these lock the CD in the drive. If you have only one CD drive, you cannot eject the live-Linux-CD to play another CD. Obviously, your own work must be saved somewhere else -- removable media or a separate file server. Currently (April 2012), Knoppix, and BackTrack are excellent choices.
The Linux distribution http://www.gentoo.org/ expects you to compile every thing from source code bundles, after configuring everything to suit you. On a typical PC, this can take tens of hours. "Extreme performance, configurability and a top-notch user and developer community are all hallmarks of the Gentoo experience."
Linux installation is now quite easy. Power on the PC, insert the CD before BIOS POST finishes, and answer questions. However, there are two places where you must be careful.
A full scale Linux can be installed on a 4 to 8 GB USB drive. CEG 233 has a lab experiment on this; see the links below.
There is a so-called "frugal installation" of a DVD-unpacked files on to a HDD. The following provides the grub stanza for BackTrack 5 where the directory /boot/BT5R2/ contains the files of casper/ directory of the unpacked DVD.
title BackTrack5R2 based on Ubuntu Linux LiveDVD Mar 2012 kernel (hd0,0)/boot/BT5R2/vmlinuz boot=casper live-media-path=/boot/BT5R2 \ root=/dev/ram0 noeject noprompt persistent vga=0x317 initrd (hd0,0)/boot/BT5R2/initrd.gz
There are two USB connectors in the front of the machines. If you have a USB drive inserted prior to booting either Knoppix or BackTrack, it will be automounted. Google and find out how to use config.tbz and establish persistent homes in a USB drive.
There is no lab associated with this article. But do remember that the following applies to all labs.
All work should be carried out in the Operating Systems and Internet Security (OSIS) Lab, 429 Russ. Use any of the PCs numbered 192.168.17.19 to .30. No other WSU facilities are allowed.