Process management:
Process management in Linux involves managing system processes, which are instances
of programs. Key aspects include:
1. Process Creation: Linux uses the fork() system call to create new processes, with exec()
replacing the process memory if needed.
2. Process States: Processes in Linux can be in various states like running, waiting,
sleeping, stopped, and zombie (terminated but not removed from the process table).
3. Process Control: Commands like ps, top, and htop help monitor processes, while kill,
nice, and renice manage process priority and termination.
4. Process Scheduling: Linux uses scheduling algorithms to allocate CPU time, managing
multitasking and prioritizing processes based on time-sharing and real-time needs.
Each process has attributes like process ID (PID), parent process ID (PPID), user ID
(UID), and priority. Process management ensures efficient resource usage, stability, and
responsiveness.
1) Ps command:
The ps command in Linux is used to display information about active processes. It
provides details on each process running on the system, including process IDs (PID), user
ownership, CPU usage, and memory consumption. Here are a few common options:
i. ps: Lists processes for the current shell session.
ii. ps -e: Shows all system processes.
iii. ps aux: Provides detailed information for all running processes.
iv. ps -ef: Lists all processes in full format.
2) top command:
The top command in Linux provides real-time, dynamic information about system processes
and resource usage. It displays information such as:
CPU Usage: Percent of CPU time each process uses.
Memory Usage: Amount of RAM each process consumes.
Process Information: PID, user, priority, and runtime details.
Load Average: System load over time.
You can use interactive commands within top to sort data (e.g., by memory or CPU usage),
terminate processes, and adjust display settings. This tool helps monitor system performance and
manage resource allocation efficiently.
� 3) kill command:
The kill command in Linux is used to terminate processes. It sends specific signals to a process
to stop it, most commonly SIGTERM (default) or SIGKILL (forceful termination). To use it, you
need the Process ID (PID) of the target process, which can be obtained using commands like ps
or top.
Common Syntax and Signals:
Basic Usage: kill PID
Force Kill: kill -9 PID (sends SIGKILL)
Terminate Gracefully: kill -15 PID (sends SIGTERM)
The killall command can terminate processes by name instead of PID.
4) Nice command:
The nice command in Linux is used to set the priority of a process when it starts,
affecting its access to system resources like CPU time. Lower values (down to -20) mean
higher priority, while higher values (up to 19) mean lower priority. This can help manage
resource allocation among processes.
nice -n [priority] [command]
In Linux, a shell is a command-line interpreter that allows users to interact with the operating
system. It provides a user interface for accessing system commands, running scripts, and
managing files and processes. Popular shells include Bash (Bourne Again Shell), Zsh, Ksh
(KornShell), and Tcsh. The shell interprets commands typed by users or provided in scripts,
translates them into instructions that the kernel can execute, and displays the output. It’s essential
for tasks like automation, scripting, and system administration.
Security in Linux:
Linux security concepts focus on controlling access, managing permissions, and ensuring safe
system configurations. Key elements include:
� 1. File Permissions: Defines who can read, write, or execute files using permission bits
(rwx) for owners, groups, and others.
2. User and Group Management: Controls user access and assigns roles and privileges
through users and groups.
3. Firewalls and iptables: Configures rules to allow or block traffic.
4. Sudo: Allows controlled access to privileged commands without root login.
5. SELinux/AppArmor: Security modules enforcing strict policies on system processes.
In Linux, the rwx notation represents file permissions. Each letter corresponds to a type of
access:
r (read): Allows a user to view the file’s contents.
w (write): Permits modifying or deleting the file.
x (execute): Allows running the file as a program or script.
Permissions are organized into three groups, e.g., rwxr-xr--:
1. User (owner): rwx – full permissions.
2. Group: r-x – read and execute only.
3. Others: r-- – read-only.
Permissions can be changed with the chmod command.
The chmod command in Linux allows you to change file or directory permissions for three
categories: user (u), group (g), and others (o). Permissions can be specified as r (read), w (write),
and x (execute). Here’s how to use it:
1. Add permission: chmod u+rwx file.txt (adds read, write, execute for user).
2. Remove permission: chmod g-w file.txt (removes write for group).
3. Set permissions numerically: chmod 755 file.txt (sets user rwx, group r-x, others r-x).
Example Permissions
chmod 777 file.txt: Full access for all.
chmod 644 file.txt: User can read/write, group and others can only read.
�User authentication in Linux verifies the identity of users before granting access to the system.
Here’s an overview of how it works:
1. User Accounts and Passwords: Stored in /etc/passwd (user details) and /etc/shadow
(hashed passwords).
2. Authentication Mechanisms: Linux can use password-based authentication, but can also
integrate other mechanisms like biometrics, smart cards, or tokens.
3. PAM (Pluggable Authentication Modules): A framework that handles authentication
tasks for Linux applications, providing flexibility to enforce policies like password
complexity and account locking.
4. SSH Keys: Secure Shell (SSH) keys allow for secure, passwordless login for users who
manage remote systems.
Password storage in Linux:
In Linux, password storage is handled through a secure and encrypted system to protect
user credentials. Here's a general overview of how it works:
1. Password Hashing
When a user creates a password, it is hashed (converted into a fixed-length string) using
a cryptographic hash function, such as SHA-512.
This hash is stored, not the plain text password. Hashing is a one-way operation,
meaning you cannot easily retrieve the original password from the hash.
2. Password Hash Storage
The hashed passwords are typically stored in the /etc/shadow file in Linux. The
/etc/shadow file is readable only by the root user, ensuring that normal users cannot view
others' password hashes.
Each entry in the file consists of:
o Username: The user's login name.
o Password hash: The hashed version of the user's password.
o Other information: Such as password expiration details, last change date, etc.
For example:
username:$6$Nq43BHDNkX...$VgNHJfblxLwp7HplJl1lglYj2gmh1.:17955:0:99999:7:::
� In this example, $6$ indicates SHA-512 hashing, followed by the salt and the hash itself.
3. Salting
A salt is added to the password before hashing. This random value prevents attackers
from using precomputed tables (like rainbow tables) to crack the hash.
The salt is typically stored alongside the hashed password, so the system can use the
same salt to validate the password during login.
4. Password Verification
During login, the user enters their password.
The system retrieves the corresponding salt and the stored hash from /etc/shadow.
The system re-hashes the entered password with the salt and compares the resulting hash
with the stored hash.
If they match, the password is correct.
5. Password Hashing Algorithms
MD5: Previously popular, but now considered insecure due to vulnerabilities.
SHA-256 and SHA-512: More secure and commonly used today.
bcrypt and scrypt: Designed to be computationally expensive to resist brute-force
attacks, making them ideal for password hashing.
6. Secure Storage Practices
Linux systems use PAM (Pluggable Authentication Modules) for managing user
authentication. PAM allows for flexible authentication policies, supporting various
password storage techniques, including advanced methods like two-factor
authentication or hardware tokens.
The /etc/passwd file also stores basic user information but not the password hash. It's now
common practice to store hashed passwords exclusively in /etc/shadow to minimize
security risks.
7. File Permissions
The /etc/shadow file is strictly controlled, with only the root user typically having
permission to read and write to it. This limits exposure to unauthorized access.
Encryption Methods:
� 1. File Encryption:
i. GPG (GNU Privacy Guard): (An encryption tool for signing and
encrypting files and communications using both symmetric and
asymmetric encryption).
Purpose: Used for encrypting individual files or messages. It is commonly used for
secure email communication, file encryption, and digital signatures.
Algorithm: GPG can use symmetric encryption (using a passphrase) or asymmetric
encryption (using a public/private key pair). Common algorithms include AES for
symmetric encryption and RSA or ElGamal for asymmetric encryption.
Usage:
o To encrypt a file:
gpg -c filename
o To decrypt:
gpg filename.gpg
Strength: GPG is widely trusted for secure file encryption and is used in many
applications, including signing software packages.
ii. OpenSSL
Purpose: OpenSSL is a robust toolkit for working with encryption, offering both
symmetric and asymmetric encryption features. It is commonly used to create secure
connections and handle certificates but can also be used to encrypt individual files.
Algorithm: OpenSSL supports a wide variety of encryption algorithms such as AES,
RSA, 3DES, and Blowfish.
Usage:
o To encrypt a file with AES:
openssl enc -aes-256-cbc -in file.txt -out file.enc
o To decrypt:
openssl enc -d -aes-256-cbc -in file.enc -out file.txt
2. Disk Encryption
i. LUKS (Linux Unified Key Setup)
Purpose: LUKS is the standard for disk encryption in Linux. It provides full-disk
encryption (FDE) to protect data at rest. LUKS is typically used for encrypting entire disk
partitions or external drives.
Algorithm: LUKS commonly uses AES as the encryption algorithm with CBC mode or
XTS mode for better security. It uses a passphrase or key file to unlock the encrypted
volume.
Usage:
o To create an encrypted LUKS volume:
cryptsetup luksFormat /dev/sdX
� o To open the LUKS volume:
cryptsetup luksOpen /dev/sdX my_encrypted_volume
o To close the LUKS volume:
cryptsetup luksClose my_encrypted_volume
ii.eCryptfs
Purpose: eCryptfs is a layered encryption file system that works at the file level,
allowing users to encrypt specific directories or files, such as home directories.
Algorithm: eCryptfs uses symmetric encryption algorithms like AES and RSA for key
management.
Usage:
o To encrypt a directory:
mount -t ecryptfs /path/to/source /path/to/target
iii.dm-crypt
Purpose: dm-crypt is a Linux kernel feature that provides transparent disk encryption. It
works with LUKS or as a standalone solution for block-level encryption.
Algorithm: Similar to LUKS, dm-crypt can use AES, Blowfish, Twofish, and other
algorithms.
Usage:
o To set up encryption on a block device:
cryptsetup luksFormat /dev/sdX
3. Full Disk Encryption (FDE)
Full disk encryption, often implemented with LUKS or dm-crypt, ensures that all data
stored on a disk (including the operating system) is encrypted.
LUKS with LVM: LUKS can be combined with Logical Volume Manager (LVM) to
enable encrypted volumes with the flexibility of dynamic resizing and better
management.
Usage:
o During Linux installation, many distributions offer the option to enable full disk
encryption (often using LUKS).
4. Network Encryption
i.SSH (Secure Shell)
Purpose: SSH is used to establish secure, encrypted communications between computers
over an insecure network (e.g., the internet).
� Algorithm: SSH can use a variety of encryption algorithms, such as AES, Blowfish, and
ChaCha20 for symmetric encryption, and RSA, DSA, ECDSA, and Ed25519 for
asymmetric encryption.
Usage:
o To create a secure SSH connection:
ssh username@hostname
ii.TLS (Transport Layer Security)
Purpose: TLS is used to encrypt data in transit over the network, ensuring the
confidentiality and integrity of data sent over protocols like HTTPS, FTPS, IMAPS, and
others.
Algorithm: TLS supports a variety of encryption algorithms, including RSA for key
exchange, AES for symmetric encryption, and SHA-256 for hashing.
Usage: TLS is implemented automatically in tools like Apache, Nginx, and web
browsers when accessing websites over HTTPS.
