User Tools

Site Tools


linux:administration:security

Security

Users

  • show all logged in users
    users
  • show user/groups assignments and identifiers
    id

Sudoers

File /etc/sudoers defines users (and options) related to command sudo. On a Debian or Ubuntu system it might make sense to specify a varying umask in ~/.bashrc.

if [[ $(id -u) -eq 0 ]]; then
   umask 0022
else
   umask 0027
fi

Firewall

Commands

  • show iptables firewall rules:
    iptables -L -n -v

OpenSSL

Commands

  • show contents of PEM coded certificate
    openssl x509 -in <cert>.pem -text

NSS

The Netscape Security Suite (NSS) manages certificates and PKCS#11 modules. There is also a GUI application, called nss-gui.

Commands

  • show all stored certificates in database cert8.db (see also Certificate Database Tool of Netscape Security Suite)
    certutil -L -d ~/.local/share/evolution
  • show all stored certificates on a (G&D StarSign) ElsterStick
    certutil -L -d ~/.local/share/evolution -h "ElsterStick 1.0"
  • add a new PKCS#11 module to database secmod.db (see also Security Module Database of Netscape Security Suite)
    modutil -add "StarSign USB Token" -libfile /usr/local/lib/libstarsignpkcs11.so -dbdir ~/.local/share/evolution

    This also works for Firefox, using certutil -L -h “StarSign USB Token” -d ~/.mozilla/firefox/*.default, but requires the package libnss3-tools. The cryptographic modules should then be shown as for example in this figure.

Especially on CentOS you should start the PC/SC damon (pcscd) on system boot, and not driven by udev (configure for example using Gnome application system-config-services). This ensures Firefox is running properly also without a USB security stick plugged in.

  • to show all cryptographic modules use:
    modutil -list -dbdir .

SELinux

linux/administration/security.txt · Last modified: 2017/12/13 21:17 by Ralf Hoppe