1. Home
  2. Training Library
  3. Linux Security and Hardening | CSL4 A3.1 |

Account Security Demo #1 (UID 0)

Start course
Overview
Difficulty
Beginner
Duration
3h 21m
Description

In this section, you’ll take a deep dive into Linux security. You’ll build your knowledge and skills through a comprehensive overview of the key areas that you need to know to secure Linux systems.

You’ll begin with Linux security in general before moving on to physical security and the countermeasures you can employ to protect your hardware. From there, you’ll explore authentication systems and the various account types on a Linux system, and how to secure each one. You'll also learn how to enforce strong passwords and manage account and password expirations.

In the networking section, you'll learn how to secure network services that run on Linux systems. You'll also learn how the local firewall works in Linux and how to configure it. You’ll learn about file system security and how permissions work in detail, including special modes, file attributes, and ACLs. You'll also discover what rootkits are, how to detect them, and how to remove them.

You’ll also find several security resources you can use to continue your security education and stay on top of the latest security issues for Linux distributions.

There are several knowledge checks as you go through these resources. These will help you identify any areas that you might need or want to review. At the end you’ll find a final exam, where you can test yourself on what you’ve learnt.

Learning Objectives

  • Get a general view of Linux security including roles, network services, encryption, accounts, and multifactor authentication
  • Learn specific strategies for mitigating physical security risks and protecting your Linux systems against the most common physical attacks
  • Learn about data encryption and how to implement it on new Linux systems, as well as those that are already in service
  • Understand the different types of accounts you'll find on a Linux system and the special precautions you need to take with each account type
  • Learn how to enforce good password security practices on your Linux systems
  • Learn about multi-factor authentication and how it can be implemented in Linux
  • Learn techniques and strategies to secure network services
  • Learn how to secure your files and directories on Linux through permissions, data sharing, special modes, file attributes, ACLs, and rootkits
Transcript

First let's look at the first entry in the Etsy password file. There are several fields in the Etsy password file, each separated by a colon. The first field is the account name, which is root. The second field is the password field. When it has an X in it like it does here, that means the password is stored in the Etsy shadow file. The next field is the UID of the account, which is zero. This is what is used by the OS. It will translate this UID into the account name for the sake of us humans, but it acts on the UID. Let me show you. I'm going to create an account called Jim. I'm going to set a password for Jim here. I'll switch to that account and you can see that it's just another account on the system. And it's nothing special. If I run the who am I command, it shows that yep, I'm Jim. So I'll go ahead and exit out of this account. So if I were to set the UID of Jim to be zero then that account would act just like the root account. Let me do that real quick. Come down here to the gym account. And instead of 1003, we'll place zero in the UID slot. So now I'm going to switch users to Jim. So look at what just happened. Look at the prompt. I have a root prompt. The system treats the account exactly like the root account because it has a UID of zero. Let me show you the UID real quick. Again, ID is equal to zero so it thinks it's the root account. And if I say, who am I? It says you're root because UID zero is associated with the root account. So it's extremely important that only one account have a UID of zero on a Linux system. And that account should be the root account. Here's the command you could run to print out all the accounts on a system that have a UID of zero. We'll use awk dash F dash capital F stands for field separator. Since Etsy password is made up of several fields separated by a colon we'll use dash capital F with a colon. Go ahead and start the awk commands here. And what this does is if the third field represented by dollar three is equal to zero, then we'll print that line. Here you can see that there are two accounts with a UID of zero. Let me go ahead and remove the UID of zero from the Jim account. And I'll rerun that command. And you can see that this is what we expect to happen. Only one account, the root account has a UID of zero.

About the Author