Linux System Administration: Getting Started
Cybersecurity Professional | Linux Systems Administrator | Writer/Blogger
First, thank you for taking the time to consider exploring this article further. The focus here and in most posts is Linux System Administration from the perspective of cybersecurity. A basic knowledge of the Linux environment is recommended, along with familiarity with basic commands such as, but not limited to: cd, mkdir, chmod, usermod, ls, etc.. Take note that this article refers to the RHEL 9 + Linux OS. If you’re running a Debian distribution of Linux, be advised that commands such as, but not limited to ‘dnf install’ can be supplemented using ‘apt-get install’ or simply ‘apt install’. The use of ‘sudo’ in such instances may be dependent upon a user's configurations, but from the standpoint of working within and/or creating a secure environment, should be expected to be mandatory while making administrative alterations to user's Linux system.
System administration, no matter the platform, is more than the creation and/or deletion of accounts. One of the major roles of an administrator is setting user permissions (a basic part of security, preventing unauthorized users from accessing data that is not required by their positions), which can be summarized as access control configurations.
Many roles exist within an enterprise environment because a single person cannot tackle all responsibilities. Such roles must be placed into categories/groups made up of numerous users. Consider departments made up of said users (with system access), groups: Accounting, H.R., Marketing, IT, Management, etcetera. These groups would contain sub-groups/departments, and so on. The allocation of resources to the appropriate groups/departments may begin with one question: which groups need which resources and why. To answer, administrators must possess a familiarization with the enterprise hierarchy and the operating system (having a background in business administration is always a huge plus, but may not be a requirement). We’ll refer to this portion of the days/week’s work as inside recon. We’re looking to harden the system with improved security practices and the implementation of advanced techniques many overlook. One must gather as much intel on the system and company as possible. Different purposes will have different uses and ways to access. Should the system be used as a web server, the configurations will differ from that of a local FTP server which manages access to applications to be utilized for accounting, developers, and/or cybersecurity professionals within the company/enterprise. Access to such an FTP server would require extremely strict permissions, whereas a public-facing web server’s configurations would require a completely different setup altogether. For the purpose of this article, let's focus on creating a security-focused web server using Apache2.
If you haven't already, install the Apache2 server on your system using the following command:
sudo dnf install apache2 -y.
Once installed, the var/www directory will hold the files for your web server, making it a critical component of your hosting environment. Now, we will create a separate partition for our web server.
The benefits of creating a separate partition for this directory are:
- Enabling administrators to reduce possible damage an intruder may cause by preventing unauthorized access or exploitation of the web-server files from affecting the rest of the system.
- Administrators are able to provide restrictive mount options to mitigate threats like privilege escalation or execution of malicious scripts. In creating the separate partition.
- Optimizing storage: ensuring that web files do not compete with system processes for disk space, and reducing the risk/likelihood of service disruptions.
- Simplification of backup and maintenance: a dedicated partition makes it easier to create targeted backups or perform maintenance tasks without impacting the entire system.
- Disk quotas: Administrators can implement disk quotas specifically for the web directory to limit the resources consumed by hosted files.
First, check available disk space using the ‘lsblk’ command. Look for output referring to ‘rhel home’ or similar. Different sites/web servers will serve various purposes. Partition your disk according to your respective needs, keeping in mind that the expansion of disk space is optional at a later date.
Now, create the partition using the fdisk (format disk) command: sudo fdisk dev/sdX (replace dev/sdX with the actual name of the partition).
- Follow the prompts
- Create new partition
- Select partition type
- Specify partition size
- Write changes
- Exit.
Format the partition using the appropriate file-system (e.g. ext4): sudo mkfs.ext4 dev/sdXn (replace devsdXn with actual name of partition).
Temporarily create a mount point using: sudo mkdir -p /var_www. Then: sudo mount /dev/sdXn mnt/var_www.
Move the existing data to the new partition using: sudo rsync -av /var/www /mnt/var_www
Update /etc/fstab: sudo vim /etc/fstab
Add the following line: /dev/sdXn /var/www ext4 defaults, noexec, nodev, nousid 0 2
Mount the partition by unmounting the temporary partition and remounting in /var/www:
sudo umount /mnt/var_www
sudo mount -a
Verify the configuration: df -h /var/www
Understanding these configurations:
1. Mount Options:
- noexec: prevents execution of binaries within /var/www
- nodev: Disallows special device files from being created in /var/www
- nosuid: Prevents the use of setuid or setgid bits
(For web-based Penetration Testing, finding these settings when checking a servers configurations are imperative)
2. Permissions:
- Restrict access to the /var/www direcotry ti authorized users and processes.
3. Regular Audits:
- Periodically monitor logs, permissions, and disk usage to ensure the partition remains secure and efficient.