Name - Sudhanshu Kharkwal

ID - 4254310

Course - Linux Operating System

Submitted to Mrs. Parwinder Kaur

 1. Define and analyze boot and shut down commands

Ans Boot command :

If you want to boot into command-line permanently, you need to update GRUB
configuration which defines kernel booting parameters.
Open a default GRUB config file with a text editor.
$ sudo vi /etc/default/grub
Look for a line that starts with GRUB_CMDLINE_LINUX_DEFAULT, and comment out
that line by prepending # sign. This will disable the initial splash screen, and enable
verbose mode (i.e., showing the detailed booting procedure).

Then change GRUB_CMDLINE_LINUX="" to:

GRUB_CMDLINE_LINUX="text"

Next, uncomment the line that says "#GRUB_TERMINAL=console".

The updated GRUB defult configuration looks like the following.

Now use update-grub command to re-generate a GRUB2 config file in /boot based on
these changes.
$ sudo update-grub
For systemd-enabled desktop only: If your desktop uses systemd (e.g., for Debian 8
or later or Ubuntu 15.04 or later), there is one additional step needed. That is to change
the default target from "graphical" target to "multi-user" target. Skip this step if your
desktop does not use systemd.
$ sudo systemctl set-default multi-user.target
You can always revert to desktop boot later by restoring GRUB config file and running:
$ sudo systemctl set-default graphical.target
At this point, your desktop should boot into the command line when you reboot it.

Shut down command :

The shutdown command brings the system down in a secure way.

All logged-in users are notified that the system is going down,
and loginoperations are blocked. It is possible to shut the system down
immediately, or after a specified delay.

shutdown does its job by signalling the init process, asking it to change
the runlevel. Runlevel 0 is used to halt the system, runlevel 6 is used
to reboot the system, and runlevel 1 is used to put the system into a state
where administrative tasks can be performed (single-user mode). Runlevel 1
is the default, unless the -h or -r options are specified.

First, open a command-line terminal (select Applications > Accessories > Terminal). For
remote system, login using ssh. Next, switch to the root user by typing su - or sudo -
s and entering the root password, when prompted. Finally, type the following command
to shutdown system immediate as root user:
# shutdown -h now
OR
# shutdown -h +0
 2. What are Core System services
Ans- Linux system has five core services: init, inetd, xinetd, syslog, and cron.

init. Always has a process ID of 1. The mysterious force that tells init when to
change runlevels
is actually the telinit command.

inetd. Not in version 7.0? The role of inetd is as a supervisor for other network server-related
processes, such as telnet and ftp. The directory is /etc/inetd.conf. The file is empty
the inetd.conf.
But xinetd.conf. Another file used instead of inetc.

Security for inetd.conf. Youll find that in most installations of Linux, many services are
turned on
by default. If your system will be available to the Internet at large, the first thing youll want to
do is
turn everything off! Never assume that just because your system is unadvertised to the public,
other
people wont find it.

Needs curly brackest { }syslogd. The syslogd daemon provides a standardized means of
performing logging. Many other UNIXs employ a compatible daemon, thus providing a means
for
cross-platform logging over the network.

The log files that syslogd stores to are straight text files, usually stored in the /var/log directory.
Each log entry consists of a single line containing the date, time, hostname, process name,
process
PID, and the message form that process.
Linux logs all of the processes, straight text files.
The location to which syslogd can send log messages is also quite flexible. It can save messages
to
files and send messages to FIFOs, to a list of users, or to a master log host.

Cron. The cron program allows any user in the system to schedule a program to run on any date,
at
any time, or on a particular day of week, down to the minute. It is a scheduler. It is a
command-line
tool.

Create allow & deny files in /etc/cron.allow and /etc/cron.deny files.

 3. Write down Network Configuration, commands using
both the command line utilities and GUI

Ans NETWORK CONFIGURATION USING THE COMMAND-LINE INTERFACE

Configuring DHCP address for your network card

If you want to configure DHCP address you need to edit the
/etc/network/interfaces and you need to enter the following lines replace
eth0 with your network interface card

sudo vi /etc/network/interfaces

Note :- Use vi editor if you don't have GUI installed

If you have GUI use the following command

gksudo gedit /etc/network/interfaces

# The primary network interface -- use DHCP to find our address

auto eth0
iface eth0 inet dhcp

Configuring Static IP address for your network card

If you want to configure Static IP address you need to edit the
/etc/network/interfaces and you need to enter the following lines replace
eth0 with your network interface card

sudo vi /etc/network/interfaces

Note :- Use vi editor if you don't have GUI installed

If you have GUI use the following command

gksudo gedit /etc/network/interfaces

# The primary network interface

auto eth0
iface eth0 inet static
address 192.168.3.90
gateway 192.168.3.1
netmask 255.255.255.0
network 192.168.3.0
broadcast 192.168.3.255
After entering all the details you need to restart networking services using the
following command
sudo /etc/init.d/networking restart

Setting up Second IP address or Virtual IP address in Ubuntu

If you are a server system administrator or normal user some time you need
to assign a second ipaddress to your Ubuntu machine.For this you need to
edit the /etc/network/interfaces file and you need to add the following
syntax.Below one is the only example you need to chnage according to your
ip address settings

sudo vi /etc/network/interfaces

Note :- Use vi editor if you don't have GUI installed

If you have GUI use the following command

gksudo gedit /etc/network/interfaces

auto eth0:1
iface eth0:1 inet static
address 192.168.1.60
netmask 255.255.255.0
network x.x.x.x
broadcast x.x.x.x
gateway x.x.x.x

You need to enter all the details like address,netmask,network,broadcast

and gateways values after entering all the values save this file and you need
to restart networking services in debian using the following command to
take effect of our new ipaddress.
After entering all the details you need to restart networking services using
the following command

sudo /etc/init.d/networking restart

Setting your ubuntu stytem hostname

Setting up your hostname upon a ubuntu installation is very straightforward.
You can directly query, or set, the hostname with the hostname command.
As an user you can see your current hostname with
sudo /bin/hostname

Example
To set the hostname directly you can become root and run

sudo /bin/hostname newname

When your system boots it will automatically read the hostname from the
file /etc/hostname

If you want to know more about how to setup host name check here
Setting up DNS
When it comes to DNS setup Ubuntu doesn't differ from other distributions.
You can add hostname and IP addresses to the file /etc/hosts for static
lookups.

To cause your machine to consult with a particular server for name lookups
you simply add their addresses to /etc/resolv.conf.

For example a machine which should perform lookups from the DNS server
at IP address 192.168.3.2 would have a resolv.conf file looking like this

sudo vi /etc/resolv.conf

Note :- Use vi editor if you don't have GUI installed

If you have GUI use the following command

gksudo gedit /etc/resolv.conf

enter the following details

search test.com
nameserver 192.168.3.2

NETWORK CONFIGURATION USING THE GRAPHICAL USER INTERFACE (GUI)

There are two ways to start network-admin first thing is you can use your terminal
to type "sudo network-admin" it will start up or you can go to System---
>Administration --->Networking
Once it opens you should see the following screen
In the above screen select wired connection and click on properties tab you
should see the following screen my network card is curretly configured for DHCP
client and you need to make sure "Enable this connection" tick box is checked

If you want to configure the Static ipaddress you need to select drop down box
under "Configuration" select static ip address and you need to make sure
"Enable this connection" tick box is checked
Once you select the static ip address you need to select ip address,subnet
mask,gateway address and click on ok

Now you click on "General" tab here you can enter your hostname,domain name
Next one you need to click on "DNS" tab to configure your system's DNS
settings, hostname, or DNS search path.

Click the Hosts tab, and then either click the Add or Properties button (after
selecting a host) to create or edit an entry in your system's /etc/hosts file
Highlight an existing entry, and then click the Properties button to change
/etc/hosts entries in the Hosts tab of the Network Configuration screen.

You can also assign different locations to your computer, especially very useful if
you are on a laptop and move between several networks each requiring different
configurations. Just select the gray bar at the top of the network-admin window
and select Create Location. Enter a name, such as Home and then repeat this
again to create another location, Work. Each time you switch between locations,
Ubuntu detects that it needs to use configurations specific to those locations, so
for instance you might want to use DHCP at work, but not at home. Simple; just
select the Home location, configure your ethernet connection to use a Static IP
and you are all set to switch between your home and corporate networks.

4. What is Local security and Network Security in Ubuntu

and how you can secure your local and network system
write down the commands and configuration
Ans Local Security :
Local security starts with the physical environment at the location in
which computer is running. Set up your machine in a place where
security is in line with your expectations and needs. The main goal of
local security is to keep users separate from each other, so no user
can assume the permissions or the identity of another. This is a
general rule to be observed, but it is especially true for the user root,
 who holds system administration privileges. root can take on the
identity of any other local user and read any locally-stored file without
being prompted for the password.

Security Overview:

The Security Overview displays a comprehensive list of the most

important security settings for your system. The security status of
each entry in the list is clearly visible. A green check mark indicates a
secure setting while a red cross indicates an entry as being insecure.
Clicking on Help presents an overview of the setting and information
on how to make it secure. To change a setting, click on the
corresponding link in the Status column. Depending on the setting, the
following entries are available:
Enable/Disable

Clicking on this entry will toggle the status of the setting to either enabled or disabled.

Configure

Clicking on this entry will launch another YaST module for configuration. You will
return to the Security Overview when leaving the module.

Unknown

A setting's status is set to unknown when the associated service is not installed. Such a
setting does not represent a potential security risk.

Figure 8-1 YaST Security Center and Hardening - Security Overview

Login Settings:

This dialog lets you configure security-related login settings:

Delay after Incorrect Login Attempt

In order to make it difficult to guess a user's password by repeatedly

logging in, it is recommended to delay the display of the login prompt
that follows an incorrect login. Specify the value in seconds. Make sure
that users who have mistyped their passwords do not need to wait too
long.

Record Successful Login Attempts

With this option turned on, the last successful login attempt is
recorded in /var/log/lastlog and displayed when logging in. This data
is also used by the commandfinger.
 Password Settings :

Passwords that are easy to guess are a major security issue. The Password
Settings dialog provides the means to ensure that only secure passwords
can be used.

Check New Passwords

By activating this option, a warning will be issued if new passwords

appear in a dictionary, or if they are proper names (proper nouns).

Test for Complicated Passwords

When this option is checked, any new password is checked that it

consists of a mixture of characters, digits and special characters. If it
fails to pass this test, a warning is issued upon the entering of the new
password.

Number of Passwords to Remember

When password expiration is activated (via Password Age), this setting

stores the given number of a user's previous passwords, preventing
their reuse.

Password Encryption Method

Choose a password encryption algorithm. Normally there is no need to

change the default (Blowfish).

Minimum Acceptable Password Length

If the user chooses a password with a length shorter than specified

here, a warning will be issued.

Password Age

Activate password expiration by specifying a minimum and a

maximum time limit (in days). By setting the minimum age to a value
greater than 0 days, you can prevent users from immediately changing
their passwords again (and in doing so circumventing the password
expiration). Use the values 0 and 99999 to deactivate password
expiration.
 Network Security :
Network security is important for protecting from an attack that is
started outside the network. The typical login procedure requiring a
username and a password for user authentication is still a local
security issue. In the particular case of logging in over a network,
differentiate between the two security aspects. What happens until
the actual authentication is network security and anything that
happens afterwards is local security.

SSH: Secure Network Operations

In networked environments, it is often necessary to access hosts from

a remote location. If a user sends login and password strings for
authentication purposes as plain text, they could be intercepted and
misused to gain access to that user account without the authorized
user knowing about it. This would open all the user's files to an
attacker and the illegal account could be used to obtain administrator
or root access, or to penetrate other systems. In the past, remote
connections were established with telnet, rsh orrlogin, which
offered no guards against eavesdropping in the form of encryption or
other security mechanisms. There are other unprotected
communication channels, like the traditional FTP protocol and some
remote copying programs like rcp.

sshSecure Shell

By using the ssh program, it is possible to log in to remote

systems and to work interactively. To log in to the host sun as
user tux user one of the following commands:

ssh tux@sun
ssh -l tux sun

If the username is the same on both machines, you may omit

it: ssh sun. The remote host prompts for the remote user's
password. After a successful authentication, you can work on the
remote command line or use interactive applications, such as
YaST in text mode.
 Furthermore, ssh offers the possibility to just run non-interactive
commands on remote systems by
running ssh HOST COMMAND. COMMAND needs to be properly
quoted. Multiple commands can be concatenated as on a regular
shell.

ssh root@sun "dmesg | tail -n 25"

ssh root@sun "cat /etc/issue && uptime"

scpSecure Copy

scp copies files to or from a remote machine. If the username on

jupiter is different than the username on sun, specify the latter
using the username@host format. If the file should be copied into
a directory other then the remote user's home directory, specify
it as sun:DIRECTORY. The following examples show how to copy
a file from a local to a remote machine and vice versa.

# local -> remote

scp ~/MyLetter.tex tux@sun:/tmp
# remote -> local
scp tux@sun:/tmp/MyLetter.tex ~

sftpSecure File Transfer

If you want to copy several files from and/or to different

locations, sftp is a convenient alternative to scp. It opens a shell
with a set of commands similar to a regular ftp shell. Type help at
the sftp-prompt to get a list of available commands. More details
are available from the sftp (1) man page.

sftp sun
Enter passphrase for key '/home/tux/.ssh/id_rsa':
Connected to sun.
sftp> help
 Available commands:
bye Quit sftp
cd path Change remote directory
to 'path'
[...]

Port Forwarding

ssh can also be used to redirect TCP/IP connections. This feature,

also called SSH tunneling, redirects TCP connections to a certain
port to another machine via an encrypted channel.

With the following command, any connection directed to jupiter

port 25 (SMTP) is redirected to the SMTP port on sun. This is
especially useful for those using SMTP servers without SMTP-
AUTH or POP-before-SMTP features. From any arbitrary location
connected to a network, e-mail can be transferred to
the home mail server for delivery.

ssh -L 25:sun:25 jupiter

Similarly, all POP3 requests (port 110) on jupiter can be

forwarded to the POP3 port of sun with this command:

ssh -L 110:sun:110 jupiter