1. Home
  2. Training Library
  3. Linux Security and Hardening | CSL4 A3.1 |

File Attributes Demo

Start course
3h 21m

In this section, you’ll take a deep dive into Linux security. You’ll build your knowledge and skills through a comprehensive overview of the key areas that you need to know to secure Linux systems.

You’ll begin with Linux security in general before moving on to physical security and the countermeasures you can employ to protect your hardware. From there, you’ll explore authentication systems and the various account types on a Linux system, and how to secure each one. You'll also learn how to enforce strong passwords and manage account and password expirations.

In the networking section, you'll learn how to secure network services that run on Linux systems. You'll also learn how the local firewall works in Linux and how to configure it. You’ll learn about file system security and how permissions work in detail, including special modes, file attributes, and ACLs. You'll also discover what rootkits are, how to detect them, and how to remove them.

You’ll also find several security resources you can use to continue your security education and stay on top of the latest security issues for Linux distributions.

There are several knowledge checks as you go through these resources. These will help you identify any areas that you might need or want to review. At the end you’ll find a final exam, where you can test yourself on what you’ve learnt.

Learning Objectives

  • Get a general view of Linux security including roles, network services, encryption, accounts, and multifactor authentication
  • Learn specific strategies for mitigating physical security risks and protecting your Linux systems against the most common physical attacks
  • Learn about data encryption and how to implement it on new Linux systems, as well as those that are already in service
  • Understand the different types of accounts you'll find on a Linux system and the special precautions you need to take with each account type
  • Learn how to enforce good password security practices on your Linux systems
  • Learn about multi-factor authentication and how it can be implemented in Linux
  • Learn techniques and strategies to secure network services
  • Learn how to secure your files and directories on Linux through permissions, data sharing, special modes, file attributes, ACLs, and rootkits

Let's make it, so the etc hosts file is immutable because we want to make sure that all of our entries are not changed without some forethought. First, let's look at the attributes of the file. I'm going to do that by running LSATTR and then I'll use the path to the file. In this case, slash etc slash hosts. There are all dashes there. So that means there is currently no attribute set. So I'm going to add the I flag. So I use CHATTR plus I is one way to add an attribute to a file, specify the path. And now if I were to try to edit the file I couldn't. So let me try to edit the file. Let's say I was trying to put some data here and I try to write it and it says it can't open the file for writing. So exit out. Now, I can't delete the file either. Let me try that. Are you sure you want to do that? Yes, I am. But you can't. The operation is not permitted. Now, if I wanna change an entry in the hosts file. I need to remove the immutable attribute first. So one way to do that is CHATTR dash I etc hosts. You can see that the I is gone in the LSATTR output. Now I can go ahead and edit the etc hosts file. Let's say we put in another private link to another database server here and I'll change that. And then I'll go ahead and then set the I attribute back on the hosts file. Now let's make it so that the Apache log files are append only. I'm going to use the equal sign here and we're just going to set these files to have the append only attribute. So a and then all the files in this directory and then we can run LSATTR. And it shows us that indeed the append attribute has been set on those files. So now I can append to them, but I can't prepend or modify any of the existing contents. So if I were to do something like this append some data to the log file, and it shows up in the log file. Now that I've done that, let's see if I can go back and remove that line. And at here, delete the first line, right. Can't open the file for writing. It's not gonna let me do it. I'm gonna go ahead and quit out of the file. Again, with the eight attribute set. I can only append data to that file. So if an attacker tried to cover their tracks they couldn't, unless they had access to the root account to remove the append file attribute.

About the Author