User Management

Learning outcomes:

  • Able to create scripts to do user management including add/delete users and password resets
  • Able to securely manage users
  • Able to create, modify and maintain Control groups such as (add/remove/add members/set defaults), set defaults for new users, set common scripts/aliases Monitor disk usage, use sudo, use/sudo edit/wheel group kill user processes

Would you like to download my PowerPoint to follow along?

  • General guidelines on best practices
    • When someone is hired/fire, what is the procedure? Make a script
    • Document EVERYTHING and keep your documentation up to date
    • Lock admin/root accounts unless absolutely needed (sudo instead)
    • Allow remote access on an as needed basis
    • Backup everything! (onsite vs offsite options)
    • Single sign on (SSO) vs multiple accounts/passwords
    • Use Multi Factor authentication
  • User Security and Least Privilege
    • The principle of Least Privilege
      • Better stability and security
      • Be careful and polite, can lead to antagonistic encounters with users
    • Root vs sudo
    • Disk usage, Is the user using an odd amount for their needs?
    • Tools like fail2ban, Bans login after unsuccessful attempts
  • Password Management
    • Multi factor authentication is recommended for all access
    • When having users set passwords, consider things like:
      • How long is the password? 12? 16? 20? Characters?
      • Should you require special characters like % * or @ as part of your password
      • Check to see if the password has already been stolen before allowing it to be set on places like Have I been Pwned
      • Should you restrict the reuse of old passwords?
      • Do you have your passwords required to change every X amount of days (No longer recommended)
    • You can also consider things like calculating how long it would take to break a password before allowing it's use on somewhere like This Brute Force Calculator
  • Types of Accounts on servers
  • Users and Groups
    • Users identified by UID
    • Group by GUID
    • Both GID and UID default to sequential numbering
    • User names and why names are important to think about
    • How do we keep track of users? When did a user login last?
    • Why we use groups on Servers
    • Home directory (Where is yours? Is everyone's the same? How are they setup?)
    • What shell is being used? Can you change it? How is that decided?
    • Passwords move to /etc/shadow
      • Special symbols in the password file
      • *= nologin account
      • != dissallows login
      • Can also use a false shell or nologin to prevent access without deleting accounts
  • Admin accounts and access
    • Sudo
      • Sudo Su will switch user to root
      • Sudo can run single command with root privilege
      • !! will run previous command, so "sudo !!" will run previous command with sudo without retyping the whole thing
      • Generally it's recommended you use sudo instead of logging in as root for safety
    • Wheel group vs sudoers
      • Legacy option, not recommended - Wheel is as if you have root access
      • Sudoers you can add to group to give access
      • Sudoers has more control
    • Root is the actual administrative account on the system and has full unrestricted access. Lots of places actually don't allow remote root login for security purposes
  • Examples of common and useful scripts you might see on servers
    • Bulk add users
    • Bulk delete users (With or without file clean up)
    • Disk usage monitoring
    • Listing accounts that never logged in
    • List files taken off the server (exfiltration)
  • Important Files in your system NOTE: Your files may be located in other places and called other things, you MUST check your own system and get to know where things are
    • /etc/passwd - user acct info : user:password:UID:GID:comment:shell
    • /etc/shadow - encrypted passwords (* for system nonlogin, ! for no login like root)
    • /etc/group - Groups and their users (wheel special group)
    • /etc/login.defs - (defaults for users)
    • /etc/adduser.conf - (systems using adduser instead of useradd)
    • /etc/sudoers - the list of people in the sudoers group
    • /etc/motd (login message) Message of the Day
    • /etc/skel (Starting directory setup)
  • Commonly used Commands
    • useradd command is used to create new accounts in Linux
    • usermod command used to modify the existing accounts in Linux
    • userdel command is used to delete local account in Linux
    • passwd command used assign password to local accounts or users.
    • change command is used to view & modify users password expiry information
    • groups username #shows groups for a user
    • lastlog to see last login of users (including never logged in
    • chpasswd for group password changes (chpasswd < passchangefile #username:password)

Suggested Activities:

  • On each of your servers try and find the key files, make a note of where they are located, what they are called (if different then the list) and make sure you look at the format so you're familiar with them
  • On each of your servers try the common commands. Make sure you can successfully add users, change groups, change access, and login as the user
  • In pairs, choose one (or more!) of the common and useful scripts, discuss what should go into the script and try putting together the script in a language of your choice
  • In pairs, work together to create a script to add users to your server from a list of names. Try your scripts on level 1 and level 2 names

Would you like to see some more classes? Click here