Original URL: https://trevorsmale.github.io/techblog/post/pacu5/

Managing Users & Groups

The overarching theme of this Unit is in the title, we are looking at Managing Users & Groups. Managing users and groups in Linux within an enterprise involves creating, modifying, and organizing user accounts and permissions to enforce security and control over resources.

Organizing permissions to enforce security is more important than it has ever been, as we live in a hyper connected world with many bad actors and large amounts of sensitive data.

Linux is fundamentally well suited for Managing Users & Groups because permissions permeate every aspect of a Linux environment. Everything is a file and every file has associated permissions, Therefore we have granular control over the comings and goings of users as administrators.

Lab Work 🧪🥼

Primary Commands / Tools

• alias: Creates a shortcut or alias for a command.
• unalias: Removes an alias that was previously defined.
• awk: A powerful text-processing tool used for pattern scanning and processing.
• useradd: Adds a new user to the system.
• vi .bashrc: Opens the .bashrc file in the vi editor to customize shell settings.
• UID_MIN 1000: The minimum user ID value for normal users (as defined in /etc/login.defs).
• UID_MAX 60000: The maximum user ID value for normal users (as defined in /etc/login.defs).
• groupadd –g 60001 project: Creates a new group named “project” with a GID of 60001.
• id user4: Displays the user ID (UID), group ID (GID), and group memberships of user “user4.”

etc directories

• Looking at etc directories relating to Users, Groups and Associated Security

   /etc/passwd
  

• contains essential information about users, including their username, user ID (UID), group ID (GID), home directory, and default shell, with each entry separated by a colon.

   /etc/group
  

• stores group information, listing each group’s name, group ID (GID), and its members, with each entry separated by a colon, allowing users to belong to one or more groups for access control purposes.

   /etc/shadow
  

• contains encrypted password information and related security details for user accounts, such as password aging and expiration

   /etc/gshadow
  

• stores encrypted passwords for group accounts, as well as information about group administrators and members, providing enhanced security for group access by restricting who can modify or access specific group data.

   /etc/login.defs
  

• configuration settings for user account creation and login parameters, such as password aging policies, UID and GID ranges, and the default paths for user home directories, helping to control system-wide authentication behavior.

   /etc/skel/
  

• provides template files that are automatically copied to a new user’s home directory when the user is created, ensuring they have default configuration settings.

Other interesting directories

• Brief Description

• Associated permissions

   /etc/fstab
  

• This file contains information about disk partitions and other block storage devices and how they should be automatically mounted during the boot process.

• Permissions: Usually -rw-r–r– (readable by all users, writable only by the root).

   /etc/hostname
  

• This file stores the system’s hostname, which is a unique identifier for the machine in a network.

• Permissions: Usually -rw-r–r– (readable by all users, writable only by the root).

   /proc
  

• This is a virtual filesystem that provides detailed information about processes and system resources. It does not contain actual files but rather system and process information in real-time.

• Permissions: dr-xr-xr-x (readable and executable by all users, writable only by root).

   /boot
  

• Contains the kernel, initial ramdisk, and bootloader files needed to start the system.

• Permissions: drwxr-xr-x (readable and executable by all users, writable only by root).

   /root
  

• This is the home directory for the root user (the system administrator).

• Permissions: drwx—— (only root has read, write, and execute permissions).

   /usr/bin
  

• Contains binary executables for user programs.

• Permissions: drwxr-xr-x (readable and executable by all users, writable by root).

Mapping unknown infrastructure 🗺️🤔

Objectives:

• Map the Internal ProLUG Network (192.168.200.0/24):
• Map the network from one of the rocky nodes.
• Using a template that you build or find from the internet
• Provide a 1 page summary of what you find in the network.

Approach 🤔

A briefing on the infra. 🔍🖥️

Het’ server is unique to me. He uses an injest system that makes a jump to the actual server for security purposes. Within the main server we have a warewulf managed cluster running a series of Rocky Linux VM’s. ⛰

Since we will be doing this from one of the Rocky Nodes within the system, the jump server will not be an issue I recon. 🤔

Mapping Strategy 📍🗺️

So I shouldn’t just pop into the server and go willy nilly with scanning commands. This sever is managed by someone who understands security. So it is best to do some Dead Reckoning beforehand.

The Basic Commands ⌨️

Mapping the remote servers open ports with nmap. nmap stands for Network Mapper. A quick perusal of the man page states it is an exploration tool and security / port scanner. It was designed to rapidly scan large networks. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.

In order to Map the network I am going to use the ip address for the argument/target of the nmap command.

nmap 

Checking mounted filesystem’ with df. stands for Display Free disk space. It is a utility that displays statistics about the amount of free disk space on the specified mounted file system or on the file system of which file is a past.

I will be using the -h flag for human readable format, which ads unit suffixes eg. Gibibyte (GiB) to the ends of values. There is more to it, but I am mentioning the bread and butter of the flag.

df -h

Digging Deeper ⛏️

Getting to know nmap 🫶

nmap is actually a big command, by big I mean the number of options and capabilities are vast. It is quite popular with pen testers and is packaged with Kali Linux – a security analysis and exploitation focused distribution of Linux, so best believe it is something important. This essentially means I should take some time to get to know it more.

Stealth 🥷

Beware that nmap can and will trigger detection software like an active firewall, because nmap is conducting Funny Bizniz by way of packet trickery inside a network, both are technical terms. Luckily there is a stealth option ( -s ) that enables the mapping to take place un-detected –for the most part.

Contrary to what I assumed, the lower case s does not even stand for stealth, though it still helps as a mnemonic. No, it actually stands for SYN and SYN stands for Synchronize. It is part of the TCP three-way handshake, which is a process used to establish a reliable connection between two devices on a network and has nothing to do with guys meeting at a bar.

I thought we were trying to be stealthy, not synchronized 🤔 Well is actually a form of Funny Bizniz wherein SYN is sent and never acknowledged, thustly not completing the handshake process and therefore hiding activity somehow

but how? Well… it reduces the chance of being logged by the target system’s monitoring tools, such as firewalls or intrusion detection systems. Now we both know.

Keep in mind this is only one command option, just imagine how deep the rabbit hole goes.

Important Mapping Command List

Ninjas mark stealthier techniques.