The format of the numeric attribute should be 3 octal numbers from 0 to 7, in the order of (u)(g)(o) file names, separated by spaces, and wildcard characters are supported.
The meaning of the permissions represented by numbers is as follows: 0001 is the owner's execution permission; 0002 is the owner's write permission; 0004 is the owner's read permission; 0010 is the group's execution permission; 0020 is the group's write permission; 0040 is the group's read permission; 0100 is the execution permission of others; 0200 is the write permission of others; 0400 is the read permission of others; 1000 is the paste position; 2000 means that if this file is an executable file, the group ID is the position, otherwise the file locked position is the position; 4000 means that if this file is an executable file, the user ID is the position.
3. Example
If a system administrator writes a form (tem) for all users to fill in, the user must be authorized to have read and write permissions on the file. You can use the command:
#chmod 666 tem
In the above code, how is this 666 number calculated? 0002 is the owner's write permission, 0004 is the owner's read permission, 0020 is the group's write permission, 0040 is the group's read permission, 0200 is the other person's write permission, and 0400 is the other person's read permission. The sum of these 6 numbers is 666 (note that the above numbers are all octal numbers).
The permissions of the tem file are -rw-rw-rw-, that is, the user has read and write permissions to this file.
If you use character permission settings, use the following command:
#chmod a =wx tem
chown
1. Function
Change the owner and group of one or more files or directories. The usage permission is superuser.
2. Format
chown [Options] User or Group File
3. Main parameters
--dereference: The affected object indicated by the symbolic link, not the symbolic link itself.
-h, -no-dereference: It affects the symbolic link itself, not the destination indicated by the symbolic link (this option is only valid when the system supports changing the owner of the symbolic link).
--from=Current Owner: Currently groups will only change the owner and group if the owner and group of each file meet the specified option. One of them can be omitted, and the omitted attribute does not need to conform to the original attribute.
-f, --silent, --quiet: Remove most error information.
-R, --recursive: Recursively process all files and subdirectories.
-v, --verbose: The information will be displayed when processing any file.
4. Explanation
chown changes the owner of the specified file to the specified user or group. The user can be a user name or user ID; the group can be a group name or group ID; the file is a list of files that need to be changed by spaces, and supports wildcard characters. System administrators often use the chown command to allow users to have permission to use the file after copying the file to another user's directory.
5. Application examples
1. Change the owner of the file to wan
$ chown wan
2. Change the owner of the directory/hi and all files and subdirectories under it to wan, and change the group to users.
$ chown - R /hi
chattr
1. Function
Modify the ext2 and ext3 file system attributes (attribute) to use permissions super user.
2. Format
chattr [-RV] [-+=AacDdijsSu] [-v version] File or directory
3. Main parameters
-R: Recursively process all files and subdirectories.
-V: Display the modified content in detail and print the output.
-: Failed attribute.
+: Activate attributes.
= : Specify the attribute.
A: Atime, tell the system not to modify the last access time to this file.
S: Sync, once the application performs a write operation on this file, the system immediately writes the modified result to disk.
a: Append Only, the system only allows data to be added after this file, and no process is allowed to overwrite or truncate this file. If the directory has this property, the system will only allow files to be created and modified in this directory, and will not allow any files to be deleted.
i: Immutable, the system does not allow any modification to this file. If the directory has this attribute, then any process can only modify the files under the directory and does not allow the creation and deletion of files.
D: Check for errors in the compressed file.
d: No dump, when performing file system backup, the dump program will ignore this file.
C: Compress, the system compresses this file in a transparent manner. When reading from this file, the data returned is decompressed; and when writing data to this file, the data is first compressed before it is written to the disk.
s: Secure Delete, let the system use 0 to fill the area where the file is located when deleting this file.
u: Undelete, when an application requests to delete this file, the system will retain its data blocks so that it can be restored and deleted in the future.
4. Explanation
The chattr command is very useful, and some of the functions are supported by the Linux kernel version. If the Linux kernel version is lower than 2.2, many functions cannot be implemented. Similarly - D The function of checking errors in compressed files requires kernels above 2.5.19 to support them. In addition, modifying properties through the chattr command can improve system security, but it is not suitable for all directories. The chattr command cannot protect the /, /dev, /tmp, /var directories.
5. Application examples
1. Restore/root directory, that is, all files in the subdirectory
# chattr -R +u/root
2. Use the chattr command to prevent a key file in the system from being modified.
In Linux, some configuration files (passwd, fatab) are not allowed to be modified by anyone. In order to prevent them from being deleted or modified by mistake, the "immutable bit" of the file can be set, and the command is as follows:
# chattr +i /etc/fstab
sudo
1. Function
sudo is a command that is based on restricting commands in configuration files, is given to users for a limited time and is recorded in the log, with permissions being all users.
2. Format
sudo [-bhHpV] [-s ] [-u <user>] [instruction]
sudo [-klv]
3. Main parameters
-b: Execute commands in the background.
-h: Show help.
-H: Set the HOME environment variable to the HOME environment variable of the new identity.
-k: The expiration date of the password, that is, you will need to enter the password next time.
-l: List the commands that can be used by the current user.
-p: Change the prompt symbol for asking for password.
-s: Execute the specified shell.
-u <User>: The specified user is the new identity, and the default is root when not in use.
-v: Extend password validity for 5 minutes.
4. Explanation
The sudo command is configured in the /etc/sudoers file. When a user uses sudo, a password is required to verify the user's identity. The defined commands can be used in the following period of time. When using commands not in the configuration file, there will be an alarm record. sudo is a program used by system administrators to allow certain users to run some/all system commands as root. An obvious purpose is to enhance the security of the site. If you need to do some daily work as a super user every day and often execute some fixed commands that can only be executed by the super user, then using sudo is very suitable.
ps
1. Function
ps displays the dynamics of the instant process (process), and the usage permissions are for all users.
2. Format
ps [options] [--help]
3. Main parameters
There are many parameters for ps, and this list only lists a few commonly used parameters.
-A: List all processes.
-l: Show long list.
-m: Display memory information.
-w: Display widening can display more information.
-e: Show all processes.
-a: Display all processes on the terminal, including processes of other users.
-au: Show more detailed information.
-aux: Display all processes containing other users.
4. Explanation
To monitor and control the process, you must first understand the current process, that is, you need to view the current process. The ps command is the most basic and very powerful process viewing command. Use this command to determine which processes are running, their running status, whether the process is over, whether there are zombies in the process, which processes occupy too much resources, etc. Figure 2 shows a detailed explanation of the ps-aux command. Most of the information can be obtained by executing this command. The three most commonly used parameters are u, a, and x. The following is a detailed description of the function of the ps command based on these three parameters: ps aux
In line 2 of the code, USER represents the process owner; PID represents the process identifier; %CPU represents the CPU usage occupied; physical memory usage occupied by %MEM; VSZ represents the virtual memory occupied by the process; RSS is the physical memory value occupied by the process; TTY is the secondary device number of the terminal.
STAT represents the state of the process, where D is an uninterruptible stationary (I/O action); R is being executed; S is still state; T is paused to execute; Z does not exist, but cannot be eliminated for the time being; W does not have enough memory paging to allocate; high priority processes; N low priority processes; L has memory paging allocated and locked in the memory body (real time system or I/O). START is the process start time. TIME is the execution time. COMMAND is the instruction executed.
4. Application examples
When performing system maintenance, there are often situations where memory usage is amazing, and it is not known which process occupies a large number of processes. In addition to using the top command to view memory usage, you can also use the following command:
ps aux sort +5n
who
1. Function
Who shows which users log in to the system in the system. The displayed information includes the user ID, the login terminal used, the online time, the sluggish time, the CPU usage, and what has been done. The usage permissions are for all users.
2. Format
who - [husfV] [user]
3. Main parameters
-h: Do not display the title column.
-u: Do not display the user's actions/work.
-s: Use a short format to display.
-f: Do not display the user's online location.
-V: Show program version.
4. Explanation
This command is mainly used to view the current user situation online. If the user wants to establish instant communication with other users, such as using the talk command, the first thing to be sure is that the user is indeed online, otherwise the talk process will not be established. For example, the system administrator wants to monitor what each logged in user does at this moment, and also uses the who command. The who command is very simple to apply and can accurately grasp the user's situation, so it is widely used.
Hands-on practice
1. Use Linux commands to detect system intruders
Users who have installed Mandrake Linux and Red Hat Linux will know that the Linux system will have three different levels of firewalls (standard, high, and higher). After installing the Linux server and some basic settings, the server should be said to be relatively safe, but there will also be hackers using the system administrator's negligence to intrude into the system through various methods. It is very important to find hackers quickly. Generally speaking, you can use commands to check whether a hacker is invading, see Table 1.
For example, if a hacker sniffs a network, it must put the network card interface in a mixed mode and query it using the following command:
#ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:00:E8:A0:25:86
inet addr:192.168.1.7 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING PROMISCUOUS MTU:1500 Metric:1
......
From the output of this command, you can see the concepts mentioned above. 00:00:E8:A0:25:86 in the first line is the mac address, 192.168.1.7 in the second line is the IP address, and the fourth line is the receiving data status, which is being sniffed by the hacker at this time. Generally speaking, network cards have several states that receive data frames, such as Broadcast, Multicast, Promiscuous, etc. Broadcast refers to receiving data frames of all types of broadcast messages; Multicast refers to receiving specific multicast messages; Promiscuous refers to the commonly referred to as a mixed mode, which refers to the working mode in which the destination hardware address in the message is not checked and all received.
Previous page1234Next pageRead the full text