var q installvirtualboxwithoutadminprivilegesinvistaOracle acquired Sun Microsystems in 2010, and since that time Oracles hardware and software engineers have worked sidebyside to build fully integrated systems and. InformationWeek. com News, analysis and research for business technology professionals, plus peertopeer knowledge sharing. Engage with our community. Unix Toolbox. Unix Toolbox. This document is a collection of UnixLinuxBSD commands and tasks which are useful for IT work or for advanced users. This is a practical guide with concise explanations, however the reader is supposed to know what she is doing. Hardware Statistics Users Limits Runlevels root password Compile kernel Repair grub Misc. Running kernel and system information. Get the kernel version and BSD version. Full release info of any LSB distribution. Truth be told, New York is playing a bit of catch up, after Los Angeles offered its public library card holders streaming movie privileges last month. Welcome to the Citrix Community page where you can connect with experts and join the conversation about Citrix technologies. I believe Program Files is where the newest version of Chrome is meant to be installed I do recall reading that Google changed the default install location in one. Su. SE release Get Su. SE version. cat etcdebianversion Get Debian version. Use etcDISTR release with DISTR lsb Ubuntu, redhat, gentoo, mandrake, sun Solaris, and so on. See also etcissue. Show how long the system has been running load. Display the IP address of the host. Linux only. man hier Description of the file system hierarchy. Show system reboot history. Hardware Informations. Kernel detected hardware. Detected hardware and boot messages. Read BIOSLinux cat proccpuinfo CPU model. Hardware memory. grep Mem. Total procmeminfo Display the physical memory. Watch changeable interrupts continuously. Used and free memory m for MB. Configured devices. Show PCI devices. Show USB devices. Show a list of all devices with their properties. Show DMISMBIOS hw info from the BIOSFree. BSD sysctl hw. model CPU model. Gives a lot of hardware information. CPUs installed. sysctl vm Memory usage. Hardware memory. sysctl a grep mem Kernel memory settings and info. Configured devices. Show PCI devices. Show USB devices. Show ATA devices. Show SCSI devices. Load, statistics and messages. The following commands are useful to find out what is going on on the system. IO statistics 2 s intervals. BSD summary of system statistics 1 s intervals. BSD tcp connections try also ip. BSD active network connections. BSD network traffic through active interfaces. BSD CPU and and disk throughput. System V interprocess. Last 5. 00 kernelsyslog messages. System warnings messages see syslog. Users id Show the active user id with login and group. Show last logins on the system. Show who is logged on the system. Add group admin and user colin LinuxSolaris. Colin Barschel g admin m colin. G lt group lt user Add existing user to group Debian. A lt user lt group Add existing user to group Su. SE. userdel colin Delete user colin LinuxSolaris. Free. BSD add user joe interactive. Free. BSD delete user joe interactive. Use pw on Free. BSD. Add a new member to a group. Colin Barschel g admin m s bintcsh. Encrypted passwords are stored in etcshadow for Linux and Solaris and etcmaster. Free. BSD. If the master. To temporarily prevent logins system wide for all users but root use nologin. The message in nologin will be displayed might not work with ssh pre shared keys. Sorry no login now etcnologin Linux. Sorry no login now varrunnologin Free. BSDLimits. Some application require higher limits on open files and sockets like a proxy. The default limits are usually too low. Linux. Per shellscript. The shell limits are governed by ulimit. The status is checked. For example to change the open files limit from. This is only valid within the shell. The ulimit command can be used in a script to change the limits for the script only. Per userprocess. Login users and applications can be configured in etcsecuritylimits. For example. cat etcsecuritylimits. Limit user processes. Limit application open files. System wide. Kernel limits are set with sysctl. Permanent limits are set in etcsysctl. View all system limits. View max open files limit. Change max open files limit. Permanent entry in sysctl. How many file descriptors are in use. Free. BSDPer shellscript. Use the command limits in csh or tcsh or as in Linux, use ulimit in an sh or bash shell. Per userprocess. The default limits on login are set in etclogin. An unlimited value is still limited by the system maximal value. Kernel limits are also set with sysctl. Permanent limits are set in etcsysctl. The syntax is the same as Linux but the keys are different. View all system limits. XXXX maximum number of file descriptors. Permanent entry in etcsysctl. Typical values for Squid. TCP queue. Better for apachesendmail. How many file descriptors are in use. How many open sockets are in use. Default is 1. 02. See The Free. BSD handbook Chapter 1. And also Free. BSD performance tuninghttp serverfault. Solaris. The following values in etcsystem will increase the maximum file descriptors per proc. Hard limit on file descriptors for a single proc. Soft limit on file descriptors for a single proc. Runlevels. Linux. Once booted, the kernel starts init which then starts rc which starts all scripts belonging to a runlevel. The scripts are stored in etcinit. N. d with N the runlevel number. The default runlevel is configured in etcinittab. It is usually 3 or 5. The actual runlevel can be changed with init. For example to go from 3 to 5. Enters runlevel 5. Shutdown and halt. Single User mode also S2       Multi user without network. Multi user with network. Multi user with X6       Reboot. Use chkconfig to configure the programs that will be started at boot in a runlevel. List all init scripts. Report the status of sshd. Configure sshd for levels 3 and 5. Disable sshd for all runlevels. Debian and Debian based distributions like Ubuntu or Knoppix use the command update rc. Default is to start in 2,3,4 and 5 and shutdown in 0,1 and 6. Activate sshd with the default runlevels. With explicit arguments. Disable sshd for all runlevels. Shutdown and halt the system. Free. BSD. The BSD boot approach is different from the Sys. V, there are no runlevels. The final boot state single user, with or without X is configured in etcttys. All OS scripts are located in etcrc. The activation of the service is configured in etcrc. The default behavior is configured in etcdefaultsrc. The scripts responds at least to startstopstatus. Go into single user mode. Go back to multi user mode. Shutdown and halt the system. Reboot. The process init can also be used to reach one of the following states level. For example init 6 for reboot. Halt and turn the power off signal USR21       Go to single user mode signal TERM6       Reboot the machine signal INTc       Block further logins signal TSTPq       Rescan the ttys5 file signal HUPWindows. Start and stop a service with either the service name or service description shown in the Services Control Panel as follows. WSearch. net start WSearch start search service. Windows Search. net start Windows Search same as above using descr. Reset root password. Linux method 1. At the boot loader lilo or grub, enter the following boot option. The kernel will mount the root partition and init will start the bourne shell. Use the command passwd at the prompt to change the password and then reboot. Forget the single user mode as you need the password for that. If, after booting, the root partition is mounted read only, remount it rw. Free. BSD method 1. On Free. BSD, boot in single user mode, remount rw and use passwd. You can select the single user mode on the boot menu option 4 which is displayed for 1. The single user mode will give you a root shell on the partition. Unixes and Free. BSD and Linux method 2. Other Unixes might not let you go away with the simple init trick. Comp. TIA Security SY0 4. Authorized Cert Guide OS Hardening and Virtualization Foundation Topics. Out of the box operating systems can often be insecure for a variety of reasons and need to be hardened to meet your organizations policies, Trusted Operating System TOS compliance, and government regulations. But in general, they need to be hardened so that they are more difficult to compromise. This chapter focuses on the hardening of operating systems and the securing of virtual operating systems and will help you prepare for the Comp. TIA Security SY0 4. This chapter is from the book This chapter covers the following subjects Hardening Operating Systems Service packs, patches, hotfixesThis section details what you need to know to make your operating system strong as steel. Group policies, security templates, and baselining put on the finishing touches to attain that bullet proof system. Virtualization Technology This section delves into virtual machines and other virtual implementations with an eye on applying real world virtualization scenarios. This chapter covers a portion of the Comp. TIA Security SY0 4. Imagine a computer with a freshly installed server operating system OS placed on the Internet or on a DMZ that went live without any updating, service packs, or hotfixes. How long do you think it would take for this computer to be compromised A week Sooner It depends on the size and popularity of the organization, but it wont take long for a nonhardened server to be compromised. And its not just servers Workstations, routers, switches You name it they all need to be updated regularly, or they will fall victim to attack. By updating systems frequently and by employing other methods such as group policies and baselining, we are hardening the system, making it tough enough to withstand the pounding that it will probably take from todays technology. Another way to create a secure environment is to run operating systems virtually. Virtual systems allow for a high degree of security, portability, and ease of use. However, they are resource intensive, so a balance needs to be found, and virtualization needs to be used according to the level of resources in an organization. Of course, these systems need to be maintained and updated hardened as well. By utilizing virtualization properly and by implementing an intelligent update plan, operating systems, and the relationships between operating systems, can be more secure and last a long time. Hardening Operating Systems. An operating system, or OS, that has been installed out of the box is inherently insecure. This can be attributed to several things, including initial code issues and backdoors, the age of the product, and the fact that most systems start off with a basic and insecure set of rules and policies. How many times have you heard of a default OS installation where the controlling user account was easily accessible and had no passwordAlthough these types of oversights are constantly being improved upon, making an out of the box experience more pleasant, new applications and new technologies offer new security implications as well. So regardless of the product, we must try to protect it after the installation is complete. Hardening of the OS is the act of configuring an OS securely, updating it, creating rules and policies to help govern the system in a secure manner, and removing unnecessary applications and services. This is done to minimize OS exposure to threats and to mitigate possible risk. Although it is impossible to reduce risk to zero, Ill show some tips and tricks that can enable you to diminish current and future risk to an acceptable level. This section demonstrates how to harden the OS through the use of service packs, patches and patch management, hotfixes, group policies, security templates, and configuration baselines. We then discuss a little bit about how to secure the file system and hard drives. But first, lets discuss how to analyze the system and decide which applications and services are unnecessary, and then remove them. Removing Unnecessary Applications and Services. Unnecessary applications and services use valuable hard drive space and processing power. Plus, they can be vulnerabilities to an operating system. For example, instant messaging programs might be fun for a user but usually are not productive in the workplace to put it nicely plus, they often have backdoors that are easily accessible to attackers. They should be discouraged or disallowed by rules and policies. Be proactive when it comes to these types of programs. If users cant install an IM program on their computer, you will never have to remove it from the system. But if you do have to remove an application like this, be sure to remove all traces that it ever existed. Make sure that related services are turned off and disabled. Then verify that their inbound ports are no longer functional, and that they are closed and secured. For example, AOL Instant Messenger AIM uses inbound port 5. IM programs, such as ICQ or Trillian. Confirm that any shares created by an application are disabled as well. Basically, remove all instances of the application or, if necessary, re image the computer That is just one example of many, but it can be applied to most superfluous programs. Another type of program you should watch out for are remote control programs. Applications that enable remote control of a computer should be avoided if possible. Personally, I use a lot of programs. But over time, some of them fall by the wayside and are replaced by better programs. The best procedure is to check a system periodically for any unnecessary programs. For example, in Windows 7 we can look at the list of installed programs by going to the Control Panel Programs Programs and Features, as shown in Figure 3 1. Notice in the figure that Camtasia Studio 5 is installed. This is an older version of the program. If in the future I decide to install the latest version of Camtasia, or use another program, such as Adobe Captivate or something similar, and Camtasia 5 is no longer necessary, then it should be removed. This can be done by right clicking the application and selecting Uninstall. Or an application might have an uninstall feature built into the Start menu that you can use. Programs such as this can use up to 5. MB, 1. 00 MB, and possibly much more, so it makes sense to remove them to conserve hard drive space. This becomes more important when you deal with audiovideo departments that would use an application such as Camtasia, and most likely many others like it. The applications are always battling for hard drive space, and it can get ugly Not only that, but many applications place a piece of themselves in the Notification Area in Windows. So, a part of the program is actually running behind the scenes using processorRAM resources. If the application is necessary, there are often ways to eliminate it from the Notification Area, either by right clicking it and accessing its properties, or by turning it off with a configuration program such as the System Configuration Utility in Windows which can be executed by going to Start Run and typing msconfig. Consider also that apps like this might also attempt to communicate with the Internet in an attempt to download updates, or for other reasons. It makes this issue not only a resource problem, but also a security concern, so it should be removed if it is unused.