Linux and SQL -2

-

 

The principle of least privilege in action



As a security analyst, you may encounter a situation like this one: There’s a file called bonuses.txt within a compensation directory. The owner of this file is a member of the Human Resources department with a username of hrrep1. It has been decided that hrrep1 needs access to this file. But, since this file contains confidential information, no one else in the hr group needs access.

You run ls -l to check the permissions of files in the compensation directory and discover that the permissions for bonuses.txt are -rw-rw----. The group owner type has read and write permissions that do not align with the principle of least privilege.  

To remedy the situation, you input chmod g-rw bonuses.txt. Now, only the user who needs to access this file to carry out their job responsibilities can access this file.



examples to check permissions- https://docs.google.com/document/d/1jl9kN7WbrdRwgJw7urDYLPE_JenWoP7MRY1N0GgpG48/template/preview



Add and Delete user:

Responsible use of sudo:


Previously, you explored authorization, authentication, and Linux commands with sudo, useradd, and userdel. The sudo command is important for security analysts because it allows users to have elevated permissions without risking the system by running commands as the root user. You’ll continue exploring authorization, authentication, and Linux commands in this reading and learn two more commands that can be used with sudo: usermod and chown

Responsible use of sudo

To manage authorization and authentication, you need to be a root user, or a user with elevated privileges to modify the system. The root user can also be called the “super user.” You become a root user by logging in as the root user. However, running commands as the root user is not recommended in Linux because it can create security risks if malicious actors compromise that account. It’s also easy to make irreversible mistakes, and the system can’t track who ran a command. For these reasons, rather than logging in as the root user, it’s recommended you use sudo in Linux when you need elevated privileges.

The sudo command temporarily grants elevated permissions to specific users. The name of this command comes from “super user do.” Users must be given access in a configuration file to use sudo. This file is called the “sudoers file.” Although using sudo is preferable to logging in as the root user, it's important to be aware that users with the elevated permissions to use sudo might be more at risk in the event of an attack.

You can compare this to a hotel with a master key. The master key can be used to access any room in the hotel. There are some workers at the hotel who need this key to perform their work. For example, to clean all the rooms, the janitor would scan their ID badge and then use this master key. However, if someone outside the hotel’s network gained access to the janitor’s ID badge and master key, they could access any room in the hotel. In this example, the janitor with the master key represents a user using sudo for elevated privileges. Because of the dangers of sudo, only users who really need to use it should have these permissions.

Additionally, even if you need access to sudo, you should be careful about using it with only the commands you need and nothing more. Running commands with sudo allows users to bypass the typical security controls that are in place to prevent elevated access to an attacker.

Note: Be aware of sudo if copying commands from an online source. It’s important you don’t use sudo accidentally. 

Authentication and authorization with sudo

You can use sudo with many authentication and authorization management tasks. As a reminder, authentication is the process of verifying who someone is, and authorization is the concept of granting access to specific resources in a system. Some of the key commands used for these tasks include the following:


useradd

The useradd command adds a user to the system. To add a user with the username of fgarcia with sudo, enter sudo useradd fgarcia. There are additional options you can use with useradd:

  • -g: Sets the user’s default group, also called their primary group

  • -G: Adds the user to additional groups, also called supplemental or secondary groups

To use the -g option, the primary group must be specified after -g. For example, entering sudo useradd -g security fgarcia adds fgarcia as a new user and assigns their primary group to be security.

To use the -G option, the supplemental group must be passed into the command after -G. You can add more than one supplemental group at a time with the -G option. Entering sudo useradd -G finance,admin fgarcia adds fgarcia as a new user and adds them to the existing finance and admin groups.


usermod


The usermod command modifies existing user accounts. The same -g and -G options from the useradd command can be used with usermod if a user already exists. 

To change the primary group of an existing user, you need the -g option. For example, entering sudo usermod -g executive fgarcia would change fgarcia’s primary group to the executive group.

To add a supplemental group for an existing user, you need the -G option. You also need a -a option, which appends the user to an existing group and is only used with the -G option. For example, entering sudo usermod -a -G marketing fgarcia would add the existing fgarcia user to the supplemental marketing group.

Note: When changing the supplemental group of an existing user, if you don't include the -a option, -G will replace any existing supplemental groups with the groups specified after usermod.  Using -a with -G ensures that the new groups are added but existing groups are not replaced.

There are other options you can use with usermod to specify how you want to modify the user, including:

  • -d: Changes the user’s home directory.

  • -l: Changes the user’s login name.

  • -L: Locks the account so the user can’t log in.

The option always goes after the usermod command. For example, to change fgarcia’s home directory to /home/garcia_f, enter sudo usermod -d /home/garcia_f fgarcia. The option -d directly follows the command usermod before the other two needed arguments.


userdel


The userdel command deletes a user from the system. For example, entering sudo userdel fgarcia deletes fgarcia as a user. Be careful before you delete a user using this command.

The userdel command doesn’t delete the files in the user’s home directory unless you use the -r option. Entering sudo userdel -r fgarcia would delete fgarcia as a user and delete all files in their home directory. Before deleting any user files, you should ensure you have backups in case you need them later.

Note: Instead of deleting the user, you could consider deactivating their account with usermod -L. This prevents the user from logging in while still giving you access to their account and associated permissions. For example, if a user left an organization, this option would allow you to identify which files they have ownership over, so you could move this ownership to other users.


chown


The chown command changes ownership of a file or directory. You can use chown to change user or group ownership. To change the user owner of the access.txt file to fgarcia, enter sudo chown fgarcia access.txt. To change the group owner of access.txt to security, enter sudo chown :security access.txt. You must enter a colon (:) before security to designate it as a group name.

Similar to useradd, usermod, and userdel, there are additional options that can be used with chown

Linux resources

Previously, you were introduced to the Linux community and some resources that exist to help Linux users. Linux has many options available to give users the information they need. This reading will review these resources. When you’re aware of the resources available to you, you can continue to learn Linux independently. You can also discover even more ways that Linux can support your work as a security analyst.

Linux community

Linux has a large online community, and this is a huge resource for Linux users of all levels. You can likely find the answers to your questions with a simple online search. Troubleshooting issues by searching and reading online is an effective way to discover how others approached your issue. It’s also a great way for beginners to learn more about Linux.

The UNIX and Linux Stack Exchange is a trusted resource for troubleshooting Linux issues. The Unix and Linux Stack Exchange is a question and answer website where community members can ask and answer questions about Linux. Community members vote on answers, so the higher quality answers are displayed at the top. Many of the questions are related to specific topics from advanced users, and the topics might help you troubleshoot issues as you continue using Linux.

Integrated Linux support

Linux also has several commands that you can use for support.

man

The man command displays information on other commands and how they work. It’s short for “manual.” To search for information on a command, enter the command after man. For example, entering man chown returns detailed information about chown, including the various options you can use with it. The output of the man command is also called a “man page.”


apropos


The apropos command searches the man page descriptions for a specified string. Man pages can be lengthy and difficult to search through if you’re looking for a specific keyword. To use apropos, enter the keyword after apropos

You can also include the -a option to search for multiple words. For example, entering apropos -a graph editor outputs man pages that contain both the words “graph" and "editor” in their descriptions.


whatis


The whatis command displays a description of a command on a single line. For example, entering whatis nano outputs the description of nano. This command is useful when you don't need a detailed description, just a general idea of the command. This might be as a reminder. Or, it might be after you discover a new command through a colleague or online resource and want to know more. 


ALL commands till now - https://docs.google.com/document/d/1flGzGBZBo8vtX6Wiphf0K78yeL9OhQ-o9ShCX8K58CA/template/preview

Comments

Post a Comment

Popular posts from this blog

The Anatomy of a Backend Request: Layers, Middleware, and Context Explained

-
Backend from First Principles: The Request Life Cycle (Handlers, Services, Repositories, & Middleware) As a backend engineer, your primary job is to manage the flow of data through your application, from the moment a client's request arrives until the final response is sent. While this may sound like a single, simple task, a robust, production-grade backend relies on a layered architecture and a set of critical tools to handle this process securely and efficiently. This guide will break down the essential components of a backend system, tracing the journey of a request and explaining the fundamental patterns that every engineer should know: Handlers, Services, Repositories, Middleware, and Request Context. Now, in this part, we take an deep dive into the server's internal workings. With the request successfully received and its data initially validated and transformed, we explore the internal request life cycle : how the data flows through distinct architectural layers, an...
Read more

Validations and Transformations (Sriniously)

-
Backend from First Principles: Ensuring Data Integrity with Validations and Transformations Building a robust and secure backend isn't just about handling user authentication and authorization; it's equally about meticulously managing the data that flows into and out of your system. This is where data validations and transformations become indispensable tools for every backend engineer. This guide will demystify these crucial concepts, explain where they fit into your API architecture, and highlight why they are non-negotiable for data integrity and security. Where Do Validations and Transformations Fit? The API Layer Cake Before diving into the "what" and "why," let's place validations and transformations within a typical backend architecture. Most well-designed backends follow a layered approach to separate concerns: Repository Layer (Bottom Layer): Purpose: Directly interacts with your database (SQL, NoSQL, Redis, etc.). Responsibilities: Executin...
Read more

JS - Note

-
Image
Variable-     typeof-    typeof undefined- is undefined  let car;  then = typeof car is undefined Equal and Strict equal-  let objOne = { name: "Smith" }; let objTwo = { name: "Smith" }; console.log(objOne === objTwo);  // output false , also false in equal operator (as the onjects are stored in different locations) null==undefined-> true    String Interpolation calculation inside template-string(  ${}) - example- ${firstNumber * secondNumber} Undefined & Null- let x; console.log(x) - gives Undefined const x; console.log(x) - gives Syntax Error Null and Undefined difference-  When a variable is  undefined , it means it has been given no value to hold. Whereas, when a variable is  null , it means the variable has a value, the value  null . OBJECT -    to get keys- Object.keys(objName)- returns array to get values - Object.values(objName)- returns array to get both as array format- Object.entries(...
Read more