WEBVTT 1 00:00:00.120 --> 00:00:01.760 Welcome to your custom deep dives. 2 00:00:01.800 --> 00:00:01.919 Oh. 3 00:00:02.680 --> 00:00:07.080 Today we're cracking open some choice sections from Mohamaj Kabir's 4 00:00:07.080 --> 00:00:11.199 book Red Hat Linux Security and Optimization. Oh nice, ready 5 00:00:11.240 --> 00:00:14.960 to yeah the chans dirty and make your Linux system 6 00:00:15.000 --> 00:00:17.920 both a speed demon and a digital fortress. 7 00:00:18.440 --> 00:00:20.719 Kabir packs a lot of wisdom into this book, so 8 00:00:20.760 --> 00:00:24.239 I'm excited to you know, perfect help distill the most 9 00:00:24.280 --> 00:00:25.079 important bits. 10 00:00:25.199 --> 00:00:28.879 We'll start with the foundation. Yeah, making your red hat 11 00:00:28.920 --> 00:00:33.840 system run like a well oiled machine. But here's a twist. 12 00:00:34.200 --> 00:00:37.840 It's not just about speed. It's about ensuring your security 13 00:00:37.880 --> 00:00:41.000 services run smoothly too, right. I never thought about it 14 00:00:41.039 --> 00:00:41.439 that way. 15 00:00:41.560 --> 00:00:43.159 It's like a real world fortress. 16 00:00:43.520 --> 00:00:43.840 Okay. 17 00:00:44.159 --> 00:00:47.679 If the guards are sluggish and the drawbridge takes forever 18 00:00:47.799 --> 00:00:50.640 to raise, it doesn't matter how thick the walls are. 19 00:00:51.320 --> 00:00:54.479 Performance is a key part of security. 20 00:00:54.679 --> 00:00:58.560 That makes total sense. Yeah, okay, so how do we 21 00:00:58.640 --> 00:01:01.280 even know if our system is performing well? I mean, 22 00:01:01.439 --> 00:01:02.799 besides it feeling slow? 23 00:01:03.359 --> 00:01:05.920 Kubut. It gives us a few command line tools to 24 00:01:06.040 --> 00:01:08.640 act as our system's vital sign monitors. 25 00:01:08.719 --> 00:01:09.040 Okay. 26 00:01:09.200 --> 00:01:12.159 Knobs, for example, is like a quick glance under the hood. Okay, 27 00:01:12.239 --> 00:01:15.319 it shows you the process is currently running. But if 28 00:01:15.319 --> 00:01:19.159 you really want to see what's hogging resources, TOP is 29 00:01:19.200 --> 00:01:22.200 your go to. Okay, it's like a live dashboard showing 30 00:01:22.239 --> 00:01:27.000 you CPU usage, right, memory consumption, and which processes are 31 00:01:27.040 --> 00:01:28.079 the greediest TOP. 32 00:01:28.280 --> 00:01:30.560 That's what I use all the time. Yeah, but I 33 00:01:30.640 --> 00:01:32.400 have to admit sometimes I'm not sure what all the 34 00:01:32.480 --> 00:01:34.680 numbers mean. Right, What should I be looking for? 35 00:01:34.840 --> 00:01:38.840 You want to watch out for any processes consistently using 36 00:01:38.920 --> 00:01:41.799 a large percentage of CPU or memory. Okay, that's a 37 00:01:41.879 --> 00:01:46.159 sign they might be bottlenecks slowing down your system. Kabir 38 00:01:46.200 --> 00:01:52.319 also mentions vmstat, which goes even deeper into memory, input, output, operations, 39 00:01:52.400 --> 00:01:53.400 and system load. 40 00:01:53.879 --> 00:01:56.760 So vmstat is for when I need to do some 41 00:01:56.920 --> 00:02:01.000 serious performance detective work exactly. But wouldn't be great to 42 00:02:01.040 --> 00:02:03.239 see how performance changes over time? 43 00:02:03.799 --> 00:02:06.079 Like is this slow down a new thing or has 44 00:02:06.079 --> 00:02:07.319 it been brewing for a while? 45 00:02:07.640 --> 00:02:11.759 Good point. Kaber mentions VTAD for that. Okay, it analyzes 46 00:02:11.919 --> 00:02:15.400 historical performance data. Okay, think of it like your system's 47 00:02:15.479 --> 00:02:16.439 performance journal. 48 00:02:16.520 --> 00:02:19.199 Okay, I'm putting VTAT on my list to check out. Nice, 49 00:02:19.240 --> 00:02:21.879 but let's shift gears a bit. Kabir talks about the 50 00:02:21.919 --> 00:02:26.280 importance of a lean, mean kernel for performance. 51 00:02:26.400 --> 00:02:26.719 Okay. 52 00:02:26.919 --> 00:02:29.400 Now, I get that the kernel is the heart of 53 00:02:29.400 --> 00:02:32.280 the operating system, right, but what does it actually mean 54 00:02:32.599 --> 00:02:33.400 to make it lean? 55 00:02:33.840 --> 00:02:37.919 It's all about customizing your kernel by compiling it yourself. 56 00:02:38.319 --> 00:02:40.840 It's like building a race car. You only include the 57 00:02:40.840 --> 00:02:44.680 components you need, stripping away any excess weight that would 58 00:02:44.680 --> 00:02:45.319 slow you down. 59 00:02:45.759 --> 00:02:48.800 So we're talking about a custom built kernel tailored to 60 00:02:48.840 --> 00:02:52.919 my system's specific needs. That sounds a bit intimidating, to 61 00:02:52.919 --> 00:02:53.400 be honest. 62 00:02:53.560 --> 00:02:56.319 It's definitely more advanced than using a pre built kernel, okay, 63 00:02:56.560 --> 00:03:00.919 But Kabir breaks the process down into manageable steps. First, 64 00:03:01.240 --> 00:03:03.120 you choose your processor support. Right. 65 00:03:03.199 --> 00:03:05.639 You can go for broad compatibility so your kernel works 66 00:03:05.639 --> 00:03:08.479 on a wider range of hardware, or you can target 67 00:03:08.520 --> 00:03:11.439 a specific processor for maximum performance on that hardware. 68 00:03:11.479 --> 00:03:14.680 Got it. So it's a trade off, yeah, compatibility versus performance. 69 00:03:15.199 --> 00:03:18.240 But let's say I'm ready to go for the performance boost. Okay, 70 00:03:18.360 --> 00:03:19.319 what's next? Next? 71 00:03:19.439 --> 00:03:22.680 Up file systems Okay, these are the building blocks of 72 00:03:22.719 --> 00:03:24.120 how your system stores data. 73 00:03:24.319 --> 00:03:24.560 Okay. 74 00:03:24.759 --> 00:03:28.919 Enabling only the essential ones keeps things streamlined. Think X 75 00:03:28.960 --> 00:03:32.479 two for your main system, ISO nine six sixty for 76 00:03:32.800 --> 00:03:36.639 CDs okay, and proc for interacting with the kernel, and 77 00:03:36.680 --> 00:03:40.199 if it's a desktop or laptop, okay, you'd enable settings 78 00:03:40.240 --> 00:03:42.400 for things like printing and music playback. 79 00:03:42.479 --> 00:03:45.639 It's all about keeping things tidy and removing anything that 80 00:03:45.719 --> 00:03:49.919 could cause unnecessary drag. Yep, so less is more in 81 00:03:50.000 --> 00:03:56.360 this case, exactly. But this compiling business, it sounds pretty involved. 82 00:03:56.520 --> 00:04:00.560 It is a multi step process, involving checking dependents the 83 00:04:00.599 --> 00:04:04.439 source code, compiling the kernel and modules, and then installing it. 84 00:04:04.479 --> 00:04:05.319 All okay, but. 85 00:04:05.319 --> 00:04:09.599 Trust me, for performance enthusiasts, it's a really rewarding endeavor. 86 00:04:09.639 --> 00:04:13.039 Okay, you've convinced me, right, I'm adding compile a custom 87 00:04:13.199 --> 00:04:15.159 kernel to my to do list. 88 00:04:15.319 --> 00:04:15.759 Awesome. 89 00:04:16.000 --> 00:04:18.680 Now we've optimized the kernel, but what about the file 90 00:04:18.720 --> 00:04:20.399 systems themselves come faster too? 91 00:04:20.519 --> 00:04:21.079 Absolutely? 92 00:04:21.120 --> 00:04:21.639 Okay. Good. 93 00:04:22.040 --> 00:04:25.560 Kaber goes deep on file system tuning, especially for the 94 00:04:25.720 --> 00:04:28.279 X two two file system. Okay, But before we get there, 95 00:04:28.360 --> 00:04:32.240 let's compare some hardware. He notes that while SCSI and 96 00:04:32.319 --> 00:04:37.240 IDE are common hard disc types, se SI usually outperforms 97 00:04:37.279 --> 00:04:39.439 IDE because of its advanced architecture. 98 00:04:39.560 --> 00:04:43.920 Interesting, So, if I'm looking for the best possible disc performance, 99 00:04:44.480 --> 00:04:45.120 s CSI is. 100 00:04:45.040 --> 00:04:48.399 The way to get generally, Yes, Now back to X 101 00:04:48.399 --> 00:04:48.920 two tuning. 102 00:04:49.600 --> 00:04:49.959 Okay. 103 00:04:50.000 --> 00:04:53.920 Kaber introduces the E two f S Brogus Utility, a 104 00:04:53.959 --> 00:04:56.319 toolbox for managing X two file systems. 105 00:04:56.360 --> 00:04:56.600 Right. 106 00:04:56.639 --> 00:04:59.199 First, you need to compile and install it, but once 107 00:04:59.240 --> 00:05:02.240 you do, you have a lot of power to tweak 108 00:05:02.279 --> 00:05:03.680 and optimize your file system. 109 00:05:03.959 --> 00:05:07.480 Okay, that's on my list. Now, compile and install E 110 00:05:07.600 --> 00:05:08.560 two f sprogs. 111 00:05:09.439 --> 00:05:10.079 Sounds good. 112 00:05:10.399 --> 00:05:11.959 What kind of tweaks are we talking about. 113 00:05:12.120 --> 00:05:15.399 One of the big ones is using a journaling file system. 114 00:05:15.680 --> 00:05:15.920 Okay. 115 00:05:16.120 --> 00:05:18.120 It's like a safety net for your data. 116 00:05:18.199 --> 00:05:18.439 Okay. 117 00:05:18.560 --> 00:05:21.759 It logs changes before actually writing them to disc which 118 00:05:21.800 --> 00:05:24.199 can improve both speed and reliability. 119 00:05:24.360 --> 00:05:26.600 So journaling sounds like a good thing. Yeah, but you 120 00:05:26.639 --> 00:05:29.480 mentioned reliability. Are there any downsides? 121 00:05:29.879 --> 00:05:32.560 There's a slight risk of data loss if something goes 122 00:05:32.600 --> 00:05:36.839 wrong during the journaling process, though it's pretty rare. Kabir 123 00:05:36.920 --> 00:05:40.800 also points out that journaling can have issues with bad media, 124 00:05:41.240 --> 00:05:44.560 so make sure your discs are healthy. He highlights a 125 00:05:44.600 --> 00:05:48.519 few specific journaling file systems. X three, a journaled version 126 00:05:48.560 --> 00:05:51.759 of X two, and riser FS right, which can be 127 00:05:52.120 --> 00:05:54.439 even faster than X two in certain situations. 128 00:05:54.480 --> 00:05:57.879 So X three for good balance and riser FS if 129 00:05:57.879 --> 00:06:00.759 I'm chasing the absolute best performance exact, got it? 130 00:06:01.079 --> 00:06:01.279 Yep? 131 00:06:01.720 --> 00:06:03.600 But is there anything we can do to make our 132 00:06:03.639 --> 00:06:07.040 storage even more robust and easier to manage? 133 00:06:07.160 --> 00:06:08.120 There? Absolutely is. 134 00:06:08.240 --> 00:06:08.800 Good. 135 00:06:09.160 --> 00:06:13.240 Let's talk about the Logical Volume Manager, or LVM. It's 136 00:06:13.279 --> 00:06:17.040 like creating a virtual layer on top of your physical discs. Okay, 137 00:06:17.279 --> 00:06:21.439 you can combine multiple discs into logical volumes, which gives 138 00:06:21.480 --> 00:06:25.000 you a ton of flexibility and makes administration much easier. 139 00:06:25.240 --> 00:06:27.839 LVM sounds like something every serious Linux user should know. 140 00:06:28.000 --> 00:06:32.399 You're telling me, and Kabir emphasizes that LVM skills aren't 141 00:06:32.439 --> 00:06:35.680 just for techies. They're a valuable asset in the job 142 00:06:35.759 --> 00:06:39.079 market as more and more companies rely on Linux, especially 143 00:06:39.079 --> 00:06:40.720 for their enterprise storage needs. 144 00:06:40.759 --> 00:06:43.360 All right, LVM is officially going on my list of 145 00:06:43.439 --> 00:06:44.079 things to learn. 146 00:06:44.199 --> 00:06:44.519 Nice. 147 00:06:45.480 --> 00:06:47.279 But let's zoom out for a minute and talk about 148 00:06:47.279 --> 00:06:50.000 the network. Okay, we all know how frustrating a slow 149 00:06:50.079 --> 00:06:53.680 network can be. How can we optimize network performance on 150 00:06:53.720 --> 00:06:55.040 a red hat system. 151 00:06:55.319 --> 00:06:58.600 It all starts with understanding your network traffic flow. Okay, 152 00:06:58.759 --> 00:07:03.879 imagine three web servers, an NFS server for file sharing, 153 00:07:04.120 --> 00:07:07.720 and a database server, all crammed onto the same network 154 00:07:07.800 --> 00:07:11.439 segment and connected with a hub instead of a switch. Okay, 155 00:07:11.480 --> 00:07:12.399 what do you think happens? 156 00:07:12.879 --> 00:07:14.879 Ugh, it's only a recipe for disaster. 157 00:07:15.120 --> 00:07:15.560 Exactly. 158 00:07:15.720 --> 00:07:17.879 All that traffic trying to squeeze through one tiny pipe 159 00:07:17.920 --> 00:07:18.480 at the same. 160 00:07:18.319 --> 00:07:22.560 Time, you get congestion, collisions and everyone's performance suffers. The 161 00:07:22.600 --> 00:07:26.959 solution is traffic control. We need to create dedicated lanes 162 00:07:27.360 --> 00:07:30.439 on the network highway for different types of traffic. 163 00:07:30.560 --> 00:07:32.759 I like that analogy, So how do we actually create 164 00:07:32.800 --> 00:07:33.360 these lanes? 165 00:07:33.480 --> 00:07:36.439 Could be your talks about a few techniques. You can 166 00:07:36.639 --> 00:07:42.360 use network segmentation to physically separate different types of traffic. 167 00:07:43.079 --> 00:07:46.839 You can prioritize certain types of traffic over others. And 168 00:07:46.879 --> 00:07:50.600 you can even use a DNS server to balance the load, 169 00:07:51.199 --> 00:07:55.959 distributing requests across multiple servers so no single server gets overwhelmed. 170 00:07:56.040 --> 00:07:59.199 Okay, that makes sense. Now let's talk about something near 171 00:07:59.240 --> 00:08:03.120 and dear to my heart. Web server performance. All right, 172 00:08:03.360 --> 00:08:06.839 I'm a web development and I'm obsessed with making websites 173 00:08:06.920 --> 00:08:10.759 load as fast as humanly possible. Where do we even 174 00:08:10.839 --> 00:08:13.519 begin with optimizing Apache for speed? 175 00:08:13.800 --> 00:08:17.360 Apache's modular architecture is our friend here. Instead of being 176 00:08:17.480 --> 00:08:21.360 one monolithic program, it's built from individual modules. 177 00:08:21.519 --> 00:08:21.720 Right. 178 00:08:22.240 --> 00:08:25.439 This means you can customize your Apache server by choosing 179 00:08:25.480 --> 00:08:29.680 only the modules you need. It's like decluttering your digital closet. 180 00:08:30.000 --> 00:08:32.000 You get rid of the stuff you don't wear anymore, 181 00:08:32.519 --> 00:08:34.320 leaving more space for the essentials. 182 00:08:34.559 --> 00:08:39.639 So step one is identifying and removing any unnecessary modules. 183 00:08:39.879 --> 00:08:42.440 Exactly how do I even know what's unnecessary? 184 00:08:42.799 --> 00:08:46.919 Kud Beer suggests starting with the httpd dash l command. 185 00:08:47.559 --> 00:08:50.320 This shows you all the modules compiled into your current 186 00:08:50.360 --> 00:08:53.600 Apache setup. Once you've spotted the ones you don't need, 187 00:08:54.200 --> 00:08:57.440 you can use the dot configure script with various options 188 00:08:57.480 --> 00:08:59.639 to choose the essentials for your custom build. 189 00:09:00.279 --> 00:09:03.879 So we've streamlined Apache by stripping away the excess baggage. 190 00:09:04.360 --> 00:09:06.039 But is there anything else we can do to make 191 00:09:06.039 --> 00:09:06.919 our web server a. 192 00:09:06.879 --> 00:09:11.840 Speed demon There are a few key directives in apaches 193 00:09:11.879 --> 00:09:15.320 configuration file that can make a big difference. For example, 194 00:09:15.440 --> 00:09:21.080 keep alive allows for persistent TCP connections, which reduces the 195 00:09:21.120 --> 00:09:24.960 overhead of establishing a new connection for every request your connection. 196 00:09:25.039 --> 00:09:29.200 Yeah, less work for the server, faster page loads. Got it? 197 00:09:29.720 --> 00:09:30.480 What else is there? 198 00:09:30.600 --> 00:09:34.799 There's max clients, which limits the numbers of simultaneous connections 199 00:09:34.799 --> 00:09:38.480 a patche can handle, preventing it from being overloaded. Then 200 00:09:38.519 --> 00:09:42.720 we have our limit MEM and our limit MPROCA, which 201 00:09:42.799 --> 00:09:47.639 control resource management, setting limits on memory usage okay, and 202 00:09:47.720 --> 00:09:50.039 the number of processes a catchy can spawn. 203 00:09:50.360 --> 00:09:53.039 So it's like setting boundaries for a patche to operate within, 204 00:09:53.519 --> 00:09:56.000 ensuring it doesn't hog all the resources and slow down 205 00:09:56.000 --> 00:09:56.879 the entire system. 206 00:09:57.000 --> 00:09:58.080 Exactly smart. 207 00:09:58.159 --> 00:10:00.960 Yeah, But what if I'm mainly serving stat content like 208 00:10:01.039 --> 00:10:05.480 images or downloadable files? Right? Is there anything specific for that? 209 00:10:05.840 --> 00:10:10.960 For static content? Kaber recommends considering cage tpd. Okay, a 210 00:10:11.039 --> 00:10:13.039 kernel module that acts as a web server. 211 00:10:13.200 --> 00:10:13.519 All right. 212 00:10:13.840 --> 00:10:17.080 It operates directly within the kernel space, which gives it 213 00:10:17.159 --> 00:10:19.440 super fast access to the network and files. 214 00:10:19.679 --> 00:10:24.200 Well, a kernel level web server. That sounds seriously powerful. 215 00:10:24.320 --> 00:10:26.919 It is, but I have to admit I'm a little 216 00:10:26.960 --> 00:10:29.480 nervous about something running at such a low level. Okay, 217 00:10:29.600 --> 00:10:31.200 are there any risks involved? 218 00:10:31.639 --> 00:10:35.159 It's a trade off, okay. Kgtpd is super efficient for 219 00:10:35.320 --> 00:10:39.840 dedicated static content serving, but it's not a replacement for 220 00:10:39.919 --> 00:10:42.000 a full featured web server like apatche. 221 00:10:42.080 --> 00:10:42.440 Okay. 222 00:10:42.480 --> 00:10:46.200 It's best for specific use cases like image hosting or 223 00:10:46.279 --> 00:10:47.399 serving large files. 224 00:10:47.600 --> 00:10:49.879 Okay, I'll keep that in mind, and let's talk about 225 00:10:49.879 --> 00:10:53.799 web applications. I know dynamic content can be more resource 226 00:10:53.840 --> 00:10:56.600 intensive than static content. Right, what are some ways to 227 00:10:56.679 --> 00:10:58.240 boost performance in that area? 228 00:10:58.360 --> 00:11:01.600 Kaber discusses a few technique, each with its own pros 229 00:11:01.600 --> 00:11:05.320 and cons. One option is mod Pearl, which embeds a 230 00:11:05.399 --> 00:11:08.159 Pearl interpreter directly into Apache. 231 00:11:08.279 --> 00:11:11.600 So instead of launching a separate Pearl process for each request, 232 00:11:12.360 --> 00:11:14.519 the interpreter is already there, ready to go. 233 00:11:14.759 --> 00:11:18.639 Exactly. That eliminates a lot of overhead and can significantly 234 00:11:18.679 --> 00:11:22.360 speed up Pearl based web applications. Okay, but there's a 235 00:11:22.360 --> 00:11:26.960 trade off. Your Pearl code now runs within apaches process space. 236 00:11:27.240 --> 00:11:27.519 Right. 237 00:11:27.600 --> 00:11:30.279 That means if there's a vulnerability in your Pearl code, 238 00:11:30.720 --> 00:11:33.679 it could potentially compromise the entire web server. 239 00:11:34.240 --> 00:11:39.039 Yikes. Yeah, so mod Pearl is powerful, but it's not 240 00:11:39.240 --> 00:11:40.519 something to use lightly. 241 00:11:40.919 --> 00:11:41.200 Right. 242 00:11:41.399 --> 00:11:45.759 It sounds like it requires careful consideration of the security implications. 243 00:11:46.000 --> 00:11:46.399 Exactly. 244 00:11:46.440 --> 00:11:48.399 What about fast cgi you mentioned that earlier. 245 00:11:48.440 --> 00:11:51.440 Fast cgi is a great option for scaling web applications. 246 00:11:51.840 --> 00:11:54.559 It lets you run your application code in separate processes, 247 00:11:54.799 --> 00:12:00.000 which improves isolation and potentially performance, And unlike mod Pearl, 248 00:12:00.159 --> 00:12:02.960 it's not limited to just peerl Okay, you can use 249 00:12:03.000 --> 00:12:07.600 fast cgi with various languages like CC plus plus and 250 00:12:07.639 --> 00:12:08.919 even Java, so. 251 00:12:09.039 --> 00:12:12.480 Fast CGI offers more flexibility. But speaking of Java, I 252 00:12:12.519 --> 00:12:15.879 remember getting a bad rap for being slow in web applications. 253 00:12:16.240 --> 00:12:16.919 Has that changed? 254 00:12:17.039 --> 00:12:17.399 It has? 255 00:12:17.600 --> 00:12:17.919 Okay? 256 00:12:18.200 --> 00:12:21.120 While Java was once considered clunky for the web, it's 257 00:12:21.159 --> 00:12:25.399 evolved into a powerhouse. Technologies like Java servlets and Java 258 00:12:25.399 --> 00:12:30.159 server pages are highly scalable and robust, and Java's strength 259 00:12:30.279 --> 00:12:35.159 in distributed applications makes it perfect for complex web systems. 260 00:12:35.200 --> 00:12:39.120 Fascinating how technology changes, it is. Okay, we've covered a 261 00:12:39.159 --> 00:12:41.919 lot of ground on performance, from the kernel to the 262 00:12:41.960 --> 00:12:45.720 network to the web server itself. But let's shift gears 263 00:12:45.879 --> 00:12:51.519 and talk about something equally important. Security. Okay, it's time 264 00:12:51.600 --> 00:12:55.879 to turn our red hat system into an impenetrable digital fortress. 265 00:12:56.120 --> 00:12:56.720 Let's do it. 266 00:12:57.000 --> 00:12:58.360 But where do we even begin? 267 00:12:58.600 --> 00:12:58.879 Yeah? 268 00:12:58.960 --> 00:13:01.960 Security can feel like such a vast and complex topic. 269 00:13:02.240 --> 00:13:05.759 Kaber starts with the foundation file and directory permissions. 270 00:13:05.919 --> 00:13:06.039 Right. 271 00:13:06.320 --> 00:13:09.840 These determine who can read, write, and execute files. Okay, 272 00:13:10.000 --> 00:13:13.240 and they're absolutely crucial for preventing unauthorized access. 273 00:13:13.360 --> 00:13:16.720 Right. I know about permissions, those strings of letters and dashes. 274 00:13:16.759 --> 00:13:21.000 It always seems so cryptic, right, But honestly, I sometimes 275 00:13:21.000 --> 00:13:22.440 wonder if I'm setting them correctly. 276 00:13:22.519 --> 00:13:22.759 Sure? 277 00:13:22.759 --> 00:13:23.919 Are they really that important? 278 00:13:24.039 --> 00:13:25.320 They're absolutely critical? 279 00:13:25.480 --> 00:13:25.799 Okay. 280 00:13:25.879 --> 00:13:30.720 Kabar stresses that even a seemingly minor misconfiguration can open 281 00:13:30.799 --> 00:13:34.279 up huge security holes right. For example, he gives a 282 00:13:34.360 --> 00:13:38.480 chilling example of how a simple Perl script, if it's 283 00:13:38.559 --> 00:13:43.799 mistakenly given SUID permissions, could be exploited to gain complete 284 00:13:43.799 --> 00:13:44.679 control of the system. 285 00:13:44.759 --> 00:13:47.360 Wait back up a second. What are SUID permissions? 286 00:13:47.960 --> 00:13:50.000 SUID stands for set user ID. 287 00:13:50.399 --> 00:13:50.799 Okay. 288 00:13:50.879 --> 00:13:53.399 It's a special setting that allows a program to run 289 00:13:53.440 --> 00:13:56.320 with the privileges of the file's owner, which is often 290 00:13:56.360 --> 00:13:57.039 the route user. 291 00:13:57.080 --> 00:13:59.759 Okay, Now I'm really spooked. We need to be incredibly 292 00:13:59.759 --> 00:14:03.320 care full with SUID permissions. But are there any ways 293 00:14:03.360 --> 00:14:05.240 to lock down our files even further? 294 00:14:05.399 --> 00:14:06.000 Absolutely? 295 00:14:06.120 --> 00:14:06.399 Okay? 296 00:14:06.559 --> 00:14:10.279 Kabir introduces the chatcar command okay, which lets you make 297 00:14:10.320 --> 00:14:14.519 files immutable. That means they can't be modified, deleted, or 298 00:14:14.600 --> 00:14:18.200 even renamed, even by the root user. Wow, it's like 299 00:14:18.240 --> 00:14:22.480 putting your most valuable files in an unbreakable vault. 300 00:14:23.039 --> 00:14:26.519 Checked. Another one for the security toolbox. Yep, But what 301 00:14:26.600 --> 00:14:29.879 if someone has already modified a file without us knowing? 302 00:14:30.840 --> 00:14:32.879 How can we detect those sneaky changes. 303 00:14:32.960 --> 00:14:34.799 That's where file integrity checkers come in. 304 00:14:34.879 --> 00:14:35.200 Okay. 305 00:14:35.320 --> 00:14:40.559 Kabir talks about three powerful tools, Tripwire, AID and ICU. 306 00:14:40.720 --> 00:14:43.080 Okay, let's start with tripwire. What makes it so special? 307 00:14:43.360 --> 00:14:46.000 Tripwire is like a watchdog for your files? 308 00:14:46.159 --> 00:14:46.519 Okay. 309 00:14:46.600 --> 00:14:49.840 It creates a database of checksums, which are like unique 310 00:14:49.840 --> 00:14:53.960 fingerprints for each file. It then regularly scans your system 311 00:14:54.279 --> 00:14:58.000 and compares the current checksums against the database. If there's 312 00:14:58.039 --> 00:15:01.159 a mismatch, it means a file has altered, right, and 313 00:15:01.240 --> 00:15:02.759 Tripwire will sound the alarm. 314 00:15:02.960 --> 00:15:05.519 So it's constantly on the lookout for any unauthorized changes. 315 00:15:05.919 --> 00:15:08.759 Sound pretty effective it is, But I'm curious about something. 316 00:15:08.879 --> 00:15:13.960 Kaper mentions storing the trip r database on read only media. Right, 317 00:15:14.519 --> 00:15:15.559 Why is that important? 318 00:15:15.759 --> 00:15:17.480 It's all about preventing tampering. 319 00:15:17.759 --> 00:15:18.919 Okay, think about it. 320 00:15:19.039 --> 00:15:23.399 If an attacker compromises your system, they could potentially modify 321 00:15:23.480 --> 00:15:26.519 the trip wire database itself to hide their tracks. Ye. 322 00:15:27.039 --> 00:15:29.960 Storing it on read only media like a CD ROM 323 00:15:30.360 --> 00:15:33.200 makes it much harder for attackers to mess with the system. 324 00:15:33.360 --> 00:15:36.159 Ah, that's a clever security measure. Yeah, so it's like 325 00:15:36.200 --> 00:15:39.399 a read only safeguard for the security tool itself. Exactly 326 00:15:39.480 --> 00:15:43.000 what about those other file integrity checkers aid in ICUs Sure, 327 00:15:43.039 --> 00:15:43.960 what are their strengths? 328 00:15:44.159 --> 00:15:48.720 Aid is an alternative to tripwire, offering similar functionality okay. 329 00:15:49.240 --> 00:15:52.000 Ice You, on the other hand, goes beyond simple file 330 00:15:52.039 --> 00:15:56.240 integrity checks. It can automate various security tasks like password 331 00:15:56.240 --> 00:16:00.440 aging enforcement and file permission checks, making it especially for 332 00:16:00.519 --> 00:16:02.360 managing multiple Linux systems. 333 00:16:02.440 --> 00:16:06.279 Docket eight is another watchdog option yes and ICU for 334 00:16:06.360 --> 00:16:11.679 a more comprehensive security management approach exactly, but Kabir also 335 00:16:11.759 --> 00:16:15.440 highlights some essential security tools right that don't directly relate 336 00:16:15.519 --> 00:16:18.120 to file integrity. Tell me more about those. 337 00:16:18.360 --> 00:16:24.519 He dives into two incredibly handy tools, elsoft and ENINGP. 338 00:16:24.960 --> 00:16:28.559 Okay, let's start with ulsoft. What does it do and 339 00:16:28.639 --> 00:16:30.279 how does it help us with security? 340 00:16:30.360 --> 00:16:32.799 Belsoft stands for List Open Files. 341 00:16:32.879 --> 00:16:33.240 Okay. 342 00:16:33.399 --> 00:16:35.559 It gives you a detailed view of all the files 343 00:16:35.559 --> 00:16:38.679 that are currently open on your system, including which processes 344 00:16:38.720 --> 00:16:39.240 open to them. 345 00:16:39.360 --> 00:16:39.600 Okay. 346 00:16:39.840 --> 00:16:44.440 This can be incredibly helpful for security investigations. For instance, 347 00:16:44.480 --> 00:16:46.519 it can help you uncover files that are opened by 348 00:16:46.559 --> 00:16:49.799 a process that has been deleted but is still mysteriously 349 00:16:49.879 --> 00:16:54.600 consuming disk space, a potential sign of malware, or it 350 00:16:54.639 --> 00:16:58.120 can help you identify the process responsible for a remote 351 00:16:58.159 --> 00:17:01.639 connection on a specific port, which could be useful for 352 00:17:01.759 --> 00:17:04.160 tracking down unauthorized network activity. 353 00:17:04.440 --> 00:17:07.799 So elsoff is like a detective tool for our system exactly, 354 00:17:07.839 --> 00:17:11.400 helping us uncover hidden connections and suspicious processes. Yeah. 355 00:17:11.440 --> 00:17:14.640 What about en rep end rep is a network packet 356 00:17:14.680 --> 00:17:19.599 analyzer with incredibly powerful filtering capabilities. Okay, it's like TCP dump, 357 00:17:19.640 --> 00:17:21.799 but it presents the captured data in a more user 358 00:17:21.799 --> 00:17:27.160 friendly format, making it easier to troubleshoot network problems, monitor 359 00:17:27.240 --> 00:17:31.039 traffic patterns, and even detect potential security threats. 360 00:17:31.400 --> 00:17:34.559 Okay, these tools sound incredibly useful, but before we move on, 361 00:17:34.720 --> 00:17:37.759 I want to circle back to something Kaber mentions in 362 00:17:37.799 --> 00:17:41.559 his introduction. Okay, he talks about the concept of high 363 00:17:41.559 --> 00:17:45.880 performance as it relates to security service delivery. Can you 364 00:17:45.960 --> 00:17:46.799 unpack that for me? 365 00:17:46.960 --> 00:17:50.880 It's a crucial point. Okay, think of your security services 366 00:17:50.960 --> 00:17:55.359 as the guards protecting your system. If your system is sluggish, 367 00:17:56.319 --> 00:17:59.880 those guards are going to be slow to react, make 368 00:18:00.160 --> 00:18:01.759 you more vulnerable to attack. 369 00:18:01.960 --> 00:18:02.240 Okay. 370 00:18:02.440 --> 00:18:06.240 A high performance system ensures your security services can operate 371 00:18:06.279 --> 00:18:08.480 at their peak, keeping your defenses strong. 372 00:18:08.720 --> 00:18:11.480 That's a really important point. It's not enough to just 373 00:18:11.559 --> 00:18:14.799 have security measures in place. They need to be able 374 00:18:14.839 --> 00:18:18.440 to perform at their best to be truly effective. Exactly, 375 00:18:18.799 --> 00:18:23.480 So optimizing performance is a key part of maximizing security 376 00:18:23.519 --> 00:18:23.880 as well. 377 00:18:24.000 --> 00:18:25.920 They go hand in hand, exactly. 378 00:18:26.640 --> 00:18:29.319 All Right, I'm starting to feel like a Linux performance 379 00:18:29.400 --> 00:18:32.559 in security guru. Nice, But I know we've only scratched 380 00:18:32.599 --> 00:18:35.440 the surface of what Kabir covers in his book. What's 381 00:18:35.440 --> 00:18:36.079 coming up next? 382 00:18:36.079 --> 00:18:38.039 In this deep dive, We're about to level up our 383 00:18:38.079 --> 00:18:41.920 security skills even further. Okay, Get ready to explore advanced 384 00:18:41.960 --> 00:18:46.319 security measures, including the crucial role of firewalls and protecting 385 00:18:46.359 --> 00:18:48.440 your Linux systems or stay tuned. 386 00:18:48.200 --> 00:18:48.960 Looking forward to it. 387 00:18:49.079 --> 00:18:50.759 Yeah, me too, all right, see. 388 00:18:50.559 --> 00:18:51.039 You next time. 389 00:18:51.119 --> 00:18:54.119 That's good. Okay, ready to dive back in definitely. 390 00:18:54.720 --> 00:18:57.920 What other security secrets does Kabir have in store for us? 391 00:18:58.200 --> 00:19:01.720 Let's delve into an other layer of security that often 392 00:19:01.759 --> 00:19:06.200 gets overlooked. Shadow passwords, the shadow passwords. Okay, they're like 393 00:19:06.480 --> 00:19:09.880 a secret vault for your user accounts passwords. 394 00:19:09.920 --> 00:19:13.519 Okay, shadow passwords. That sounds intriguing. Yeah, why do we 395 00:19:13.559 --> 00:19:16.480 need a separate vault for passwords? Right? Isn't storing them 396 00:19:16.519 --> 00:19:20.599 in the usual etcetera pass wood file good enough, not really, okay. 397 00:19:20.759 --> 00:19:24.759 The problem is that the etcetera password file is readable 398 00:19:24.839 --> 00:19:26.680 by all users on the system. 399 00:19:27.119 --> 00:19:27.359 Right. 400 00:19:27.400 --> 00:19:30.559 That's a potential security risk, as anyone could snoop around 401 00:19:30.559 --> 00:19:31.680