Unix Admin1

8/14/2019 Unix Admin1

1/33

Unix: System Administration and SecurityUnix: System Administration and Security

- Amol Chiplunkar


2/33

Agenda

The role of a system administrator

System Administration Tasks

Summary


3/33

Role of a System AdministratorRole of a System Administrator

Understanding allaspects of the system,and the operating

environment.Provide an environmentwhere users get whatthey want.

They get it in an easyand efficient manner

Maintaining Authority

Providing consistentuser experience

Tracking changes

Crisis management

Disaster management


4/33

System Administration TasksSystem Administration Tasks

Administering user accounts and groups

Administering File Systems

Administering disk devices

Packaging

Securing systems

Other tasks


5/33


6/33

User AdministrationUser Administration

Unix users and groups Pseudo users

/etc/passwd /etc/shadow /etc/group

CLI administration utilities

Environment initialization

RBAC Profiles and Roles /etc/security/ prof_attr, exec_attr


7/33

Users and GroupsUsers and Groups

username and user id. ( identification )

User database ( /etc/passwd )username:x:UID:GID:user information:home-directory:login-shell

Shadow password file

Group database ( /etc/group )name:*:GID:additional-users

Standard users and groupsroot, daemon, bin, sys, adm, nobody, noaccess,...

root, bin, sys, adm, mail, daemon, ...


8/33

User Management CommandsUser Management Commands

Standard Unix useradd, usermod, userdel

groupadd, groupmod, groupdel

groups passwd

chown, chgrp

Solaris profiles, auths, roles

Solaris Management Console: User Tools


9/33

Environment InitializationEnvironment Initialization

Home directory and default shell.

Environment initialization files

.profile, .login, .cshrc, .bashrc Settings PATH, aliases, shell variables

Administering passwords

passwd

Forcing password change, Locking andunlocking

Setting expiry, warning about the expiry


10/33

Administering File SystemsAdministering File Systems

File system types

Solaris File System

Managing file systems Sharing file systems


11/33

File System TypesFile System Types

Disk based filesystems

ufs, hsfs/cdfs, ...

Network based filesystemsnfs

Virtual file systems

tmpfss/swap, lofs, ...

ZFS


12/33

File Systems: DetailsFile Systems: Details

Stored in physical media, HDD, CD, DVD UFS (bsd and solaris default )

PCFS( read and write access)

hsfs/cdfs/iso9660: CD/DVD

nfs: Uniformly used across all unix flavours

Virtual File systems Mostly memory based, provide access to special

kernel information or facilities. ( e.g. procfs,

Some can use disk, such as tmpfs


13/33

Default Solaris File SystemDefault Solaris File System Hierarchy starting with the '/' directory.


14/33

Immense capacity

First 128 bit filesystem

End to end data integrity

Copy on write transactions Easy administration

Storage pools and notvolumes

Huge Performance gains Especially architected for

speed

ZFSZFS

Storage Pool

ZFS

ZFS


15/33

Managing File SystemsManaging File Systems

Mounting and unmounting

File system usage ( df, fuser )

Quotas to limit usage per user Filesystem configuration files.

Automounts

Validating file systems ( fsck )


16/33


17/33

PartitioningPartitioning Logical separation or demarcation of

physical disk devices into multiple partitionsaka slices


18/33

Managing Disk DevicesManaging Disk Devices

Block device files /dev/dsk

used by commands like mount

Transfer large blocks of data at a time Raw device files /dev/rdsk

used by commands like newfs

Transfer smaller chunks of data. /dev/[r]dsk/cxtydmsn


19/33

Slices and File SystemsSlices and File Systems Slices ( logical disk partitions ) are

assigned one or more file systems.

A file system cannot span across slices.

Each slice is treated as a separate drive bythe operating system.

Min 3 slices are recommended

/ for root partition

/swap for tmpfs, procfs, volatile

/ partition such as /export/home


20/33

Tools and CommandsTools and Commands

format

fdisk

mount

newfs

mkfs fsck


21/33

PackagingPackaging


22/33

Introduction to PackagingIntroduction to Packaging

All unix like os use packages.

Collection of files such as scripts, binaries,configuration files, images, ...

A logical group of files that constitute aproduct or a component/feature of aproduct.

Enabled easy management of files.


23/33

Managing Solaris PackagesManaging Solaris Packages

Adding packages (pkgadd) Usually interactive

Source could be a single file or a directory structure

pkgtrans

Removing packages (pkgrm)

Listing installed packages (pkginfo)

Checking package integrity

pkginfo, pkgparam

pkgchk


24/33

Admin FileAdmin File File with default installation actions instructions

/var/sadm/install/admin/default

mail=

instance=unique

partial=ask

runlevel=ask

idepend=ask

rdepend=ask

space=ask

setuid=ask

conflict=ask

action=ask

basedir=default


25/33

Package Manifest and Other FilesPackage Manifest and Other Files

pkginfo file

pkgmap file

install directory reloc


26/33

Creating a PackageCreating a Package

prototype file

File and directory entries

Class

permissions

pkgproto command

pkgmk


27/33

Patch ManagementPatch Management

What is a Patch

Adding patches (patchadd)

patch pre and post install scripts Obsolete patches

Removing patches (patchrm)

backout / patchrm scripts


28/33

Other TasksOther Tasks

OS installation and upgrades

Configuring services such as mail, printerand network connectivity etc.

Booting, halting, reconfiguring the system

Managing devices in addition to disks

Backup, restore.

Occasionally analyze crash dumps

Just about anything that's related to thesystems


29/33

Solaris SecuritySolaris Security

Secure installation

Complete distribution

Core distribution

Patch updates.

http://sunsolve.sun.com

Recommended and Security Patches

Auditing

Audit configuration files

Audit trail analysis
http://sunsolve.sun.com/http://sunsolve.sun.com/


30/33

Solaris Security ToolkitSolaris Security Toolkit

(JASS) jumpstart architecture and security scripts.

Simplifies the process of

Hardening the system.

Minimizing packages

Auditing


31/33

Summary

A thankless but most vital job.

All about providing predictable servicelevels

At the same time, maintaining your ownauthority and system's integrity.


32/33

[email protected]


33/33

Thank You !

Unix Admin1

Documents

Transcript of Unix Admin1