SYSTEM ADMINISTRATION & TECHNOLOGY MANAGEMENT Introduction to Windows/.Linux System Administration Ayaz

System Administration Duties 1. Installing System Patches 2. Making System Checklists 3. Editing system configuration files 4. Keeping track of programs 5. Recording device file permissions 6. Keep track of world, group writable files, directories 7. Record encrypted checksum of all system binaries 8. Verify password strength for system, user accounts 9. Expiring inactive accounts 10. Restrict root/Admin access to the system console

System Administration Duties 11. Allow no guest accounts, no multiple users/account, 1 user/account 12. Disable r-commands 13. Monitor NFS (Network File System)usage using nfsstat, nfswatch. Check /etc/exports 14. Monitor NIS (Network Information Service)system usage 15. Monitor modem file device permissions 16. Disable UUCP (Unix-to-Unix Copy)or verify the computer hangs up the phone correctly 17. Install the LATEST version of Sendmail (8.9.x) 18. Disable tftp services 19 Verify FTP client and server configurations 20. Setup an alias for the FTP account

System Admin Duties 21. Set correct system-wide umask 22. Allow no.rhost,.netrc files 23. Verify backup/restore procedures 24. Check sticky bit file permissions 25. Check cron and at job files for completeness 26. Enable system accounting, system auditing functions 27. Check system-wide path definitions 28. Install tools: portsentry, logcheck, TCPWrappers, tripwire,lsof, CIS Security Benchmark document 29. Check for IP forwarding in the kernel 30. Check X Windows security

SysAdmin Tricks/Hints 6. Some free third party system management tools to get: perl - language for scanning text files, extracting data from them and formatting reports. Written by Larry Wall. top - provides continuous, customizable display of system process status. Written by Phil LeFebvre. lsof - finds out who has open files on a FS that prevent you from dismounting the FS. nfswatch - dynamically charts NFS traffic on a host. Written by Dave Curry. tcpdump - packet monitoring program for displaying packets to/from a system.

SysAdmin Tricks/Hints More Tools (cont'd) Tripwire - system auditing package that runs a series of checks for basic system security. Written by Dan Farmer. Crack - very powerful password cracking program that works on Unix systems that don't have shadow password files. Written by Alec Muffet. 7. Useful Unix commands In addtion to commands like: find, ls, diff, last, lastcomm, ps, vmstat, iostat, su and the above mentioned tools, the 'strings' command is a useful tool to examine binary files for ascii strings.

Windows System Administration Very vast topic New technologies introduced with every new release of Windows (currently Windows 7 and Windows 2008 R2) Technologies change according to the needs of the consumer and corporations Goals Align IT to business goals Attain the right balance between security and convenience

Did you ever wonder… What enables you to login with the same username and password on multiple computers? How come you get the correct printer assigned automatically when you login? What puts a login message, enforces password security or forces you to logoff when idle?

Active Directory It is the brain of the Windows Server network Its a database that keeps track of a huge amount of information and provides a centralized way to manage networked workstations, users and resources Items are objects in an active directory database

AD Domain A Domain is a security boundary or an administrative boundary e.g. I.T AD domain (IT.QUEST.edu.pk) is separate from MUET site domain (MUET.edu.pk) which is separate from HEC domain (hec.edu.pk). A domain has at least one Domain controller (which hosts the AD database)

Server role Windows Server is designed around certain roles and features. A role is a primary duty that a server performs. Example Server Roles Domain Controller DNS server File and Print Services Terminal Services Web Server etc

AD Domain

DNS DNS is the application in TCP/IP-based networks that provides name resolution services. Active directory is dependant on DNS to provide both name resolution and locator service Clients and servers will not be able to locate each other without a functioning DNS infrastructure

OUs, Users, Computers and Groups An organizational unit (or OU) is a logical container that you use to arrange groups of objects for convenient administration and access. OUs can contain the following Users, Computers, Groups, Printers, Network File Shares, Nested OUs In order to login, both the user and the computer have to be part of AD

Example OU Windows server provides a GUI based administration tool called Active Directory Users and Computers (shown in the figure).