 Hello and welcome, my name is Panos Kalarjani, I am a system security engineer and Linux distribution developer. Thank you for joining in this session, this technical talk will focus on Linux administration and Linux security. Security is very important nowadays because there are many vulnerabilities, many data bridges and malware. Not only malware, there are ransomware too. And how can we secure a system? We need to update the system properly, we have to understand how to update a system, update the kernel version, update the packages and to manage the repositories. In addition we need to manage the system services like which services are active, which demons are active, which open ports are listening and which are closed. We can of course perform scanning to our system with vulnerability auditing tools like OpenVus, like AirMap, we will see them later on. We can use PAM, Plugable Application Modules, we can set a limit on a user's processes. We can monitor processes, which ones belong to a specific user and of course we can automate everything with bus. We can automate the process with bus and we can execute it daily or monthly with the help of the Chrome tab. So let's move on. These are the topics that I will cover. First of all is the user management. I will explain to you how to create a user, how to delete a user, how to set a password, how to set a secure password, to set the home directory to user. I will show you how to monitor your processes with a bunch of tools, command line tools, because you could have a server edition and you could not have a desktop environment, so text tools are very important to administration. I will show you how to update a system, either it is Debian or Red Hat or CentOS, how to manage repositories, what are they, which are stable, which are unstable, how to perform a vulnerability scan with OpenVus, like I mentioned before. I will show you how to set palm modules, I will explain them later and how to write scripts, like how to make a backup script, how to make a vulnerability scanning script. We will see them later on. Okay, let's start. First of all, we have the Linux user management. I will show you how to create a user, how to delete a user and how to set a password for the user. I will show you how to modify a user so a user can access some system resources or access some services. He will be in a group that can access some resources. I will explain to you what is the password, the shadow, the group file in ATC directory and finally how to disable an account. Okay, let's start with user add, user del and password command. It's for user creation, user delision and set a password accordingly. For this purpose, I will use a virtual machine. I will use Kali, a derivative of Debian, so you can see practical examples of what I'm doing. So let's begin. Okay, to create a user, we will type the user add command. So the user add, falling by the user. I will name him user... User A. We can add the dash M to create the home directory for the user, user A. Okay, we can set a password for the user to do this. We can simply use the password command falling by the username. Okay, you can use a very powerful password. So it will be difficult for an attacker to crack this password. You can use a passphrase. 12 or more character passwords full of capital letters, numbers and symbols. We'll use a simple one just to demonstrate this faster. And let's try to login with the user so we can ensure that everything is under control. Fine. We are in the home directory of the user A. Let's see an example how to delete a user. We will create a user, another user, because we will use user A for some examples. So user add, user B, K. And to delete this user we can type user dash B for the second user we want to delete. Okay, that's a user add, user del and password command. Let's see what's next. This is the user mode command, which we can modify user. As I told you before, we can set a user so he can access some system resources. Let's see some examples. Okay, user A. Okay, we are there in the home directory of the user A. Let's create a file with root privileges. Okay, why not? We can do this with touch command. Example 160. Okay, the password for the root for the sudo password. Okay, we can clearly see that the username is not in the sudoers. That's why we want to use the user mode command. We can add the user A to the sudoers right now. Not only the sudoers, we can add the user to another group like Wireshark, so he can capture pockets and many more examples. Okay, sudo user mode. Thus, I will explain to you what all of those do sudo user A. Okay, with this command, the user A here is appended to a group, which one is sudo with user mode. So, we added the user A to the sudo. Let's switch back to the user A. Fine, user A. Let's try now to create an example 1.txt with sudo privileges. User A. Okay, as we can see, we can create the example 1 with sudo privileges because the user A can access the sudoers. Fine, okay. Let's see another example of the user mode command. Okay, we can change the home directory of the user A. So, to do this, we type user mode D for the new home directory. The previous one as you saw is the home slash user A. Right now, it will be OPT. Why not? User A. So, when we will login to the user A, user, let's see, where are we? Okay, we are in the OPT directory because we changed the home directory of the user A to OPT. Okay, let's clear the screen. Let's see what's next. All right. Let's see which is the purpose of the password file in NTC directory. Let's change back to the Kali machine and output the contents of ETC password. Okay, right here, you can see a plenty information. Like you can see users, you can see numbers, you can see shell. So, what are those? Okay, let's begin. Here is the user, here is the user A, the user that we've had created before. Here is the password, but the password is moved to ETC side of I. Don't worry, we will explain it later. Here is the user ID. Every user has a specific user ID, just now. Here is the group ID. Here is some information about the user. For example, we could write for user A, here is a test user. Okay, here is a test user. Here is the home directory of the user. And here is the default shell. As you can see, my main user Panos has the user ID of 1001. The group ID of 1001 has the home directory as Home Panos and the default shell is the ZSH. Okay, that's all about the ETC password file. Let's continue to see what's next. Let's see which is the purpose of the shadow file in the ETC directory. As I told you before, passwords were moved from the ETC password file to the ETC shadow file. The shadow file contains the passwords of the users or of the system users in an encrypted form inside this file. So let's see more about it. Okay, here I have output, I have printed out the shadow file in the ETC directory. As you can see, this is the user root, the system users as I mentioned before. Other system users and here is my user Panos. This will be the example for this section, for the ETC shadow file explanation. So let's begin. As you can see, in the ETC password file there are semicolons between values. We will explain those values as well. So let's begin. Panos, here the first one is the user name. So it's something easy. It will be your user, your username. Second, secondly we have our password which is uncreated. As you can see, the sign rate here is the encryption method. In my case it's the ACH512, it's a cryptographic algorithm. There are many cryptographic algorithms, you can search them online. You should see a dollar one in your shadow file, which means that your password is uncreated in MD5. MD5 is another cryptographic algorithm. Some others belong to dollar 2A, and another version of bluff is to dollar 2Y. There are another cryptographic algorithm in the ETC shadow file, which is the dollar 5, which is the SHA256. So there are other cryptographic algorithms, which are very powerful. They can do many things, they can encrypt your password with some keys. So let's move to this value between the password and the zero. It's the last password change since 1st January 1970. So as you can see it counts the days that the password is changed from then. This zero here is the maximum days required between the password changes. So it does not require any password changes between some days. Here is the maximum days that the password is valid. So as you can see our password is valid forever. It's an extremely big amount of days that our password is valid. Here we have the number of days that the password is going to expire and a word will be sent to our user. We don't have the word because our password as we can see will not require, but in case you set some security modules and you set the password to expire, you have to change the value because you can manage the days that the word message will be sent to the user. Okay we have some blank values here so we could change them. The first one is the number of days that the password is expired and the account is disabled. And the last one is the days since 1st January 1970 that the account is disabled. So that's all about the ETC Shadow file. Let's see what's next. Okay let's see what is the purpose of the ETC Group file. Let's see it's back to the Kali machine. Let's output its content. Okay as before you can see users, system users, semicolons etc. So let's see. Here is the user A, here is the user Panos, here is the password, but it is blank because here you can use privileged groups. Here is the group ID and here is a list of users that contained in a group. Let's see for example the group sudo. Okay here you can see that in the group sudo, the group sudo contains the user Kali, the user Panos and the user A. Okay that's all the group, the ETC Group file. Let's switch back to our presentation to see what's next. Okay the next one is how to disable the root account. This is a very important section because to increase the security level you should lock the root account, you should use a user account with root privileges so an attacker cannot enter with the root account. Okay let's see how it's done. To do this we can simply change the default cell of the user in the ETC password. That's why I explained to you this file. So we can use a text editor like Veeam or Nano, I will use Nano. Okay I'm sorry, yep fine. Here is the user root which has the default cell bash and we will change it to SBIN. In SBIN there are all the root software, the root system building commands and as the default cell we will use no login. Okay let's save it, fine let's login as root. Okay as you can see this account is currently not available. We have managed to lock the account. To divert it simply we can use again a default cell like BIN, BASH. Let's save it, let's login as root. As you can see we can login as root again. Exit, clear and let's see what's next. Alright, here we have the Linux process monitoring. Linux process monitoring is very important in Linux administration and Linux security. It is one of the most important tasks of a system administrator in general because behind every user there are many processes. So it's very important to monitor everything about this. So let's start. What is a process? A process refers to a program execution, it's running instance of a program. For example when we open Firefox a new process is created, when we open terminal a new process is created and so on. Also there are two types of processes, there are the foreground and the background processes. Foreground processes are the interactive ones where we can control them. For example Firefox or Thunderbird or Virtual Box is an interactive process, it's a foreground process. Background processes are the non-interactive ones. They are running in the background, they usually are started in the system boot so they are controlled by the init process like the systemd and many other services. For example SSHD and many other processes that are running in the background. So how we can monitor processes? There are many tools, there are many terminal tools. So let's take a look on some. Here's a list that I have prepared to explain. First of all is the PS. So let's start with PS. I will change back to the Kali machine. Let's type PS, as we can see. Here are the processes that are running in my terminal. So it's the ZGL and the PS command. We can type PS-A to see all the active processes. As you can see there are many of those. Let's see about KWorker. We can see Xorg about our desktop environment. We can see LightDM. As we can see those are the active processes like Apache, ZSL and many other. Another example is the PS.x. Here we will output all the processes that belong to our user. This is Kali right now. Sorry, it's a small X. As we can see every process here is running by our user Kali. Let's see another example. Here with this PSFG, for example, we can type the TorService. The TorNetwork which anonymizes our traffic. Here is to list all processes for the group. The group name which is Debian Tor, we can see the process, user green Tor, etc. In this UID and this PID. Another useful example and another valuable example is the PS.eForest. Which will output all the active processes but it will output all the linked process to its parent. As you can see here we have the XFC4Panel which is a child process of the Xorg of the LightDM which is a process of the LightDM service. Those are the examples. Here is the POTSY2 of the service of POTSY2. We can see how to list the performance of the system. Which process consumes the memory or which process consumes the CPU. How to see about the formats, how to see about memory, about CPU. Here is the user, here is the PID, here is the CPU consumption, the memory consumption and the command which is the process command. Let's see how we can see about memory and CPU consumption. Right here you can see all the parameters that you can use in the output. There are many useful outputs. Here is the CPU, here is the memory that we are going to test. So let's clear the screen. So let's output everything. Sorry, no, no, no. CMD, memory, CPU and let's sort it out by, let's begin with memory. As we can see every process with this PID, with this command and the memory consumption. Let's output the first five. This will be done with the help of the HEAD command. And the number we want the first five, so HEADN for number five. We can see the first 10 processes by the most CPU consumption, so let's change it to CPU. Let's clear the screen. Here are the first 10 processes which have the most tool list CPU consumption. Let's clear the screen and let's see about the next tool. The next tool is TOP. TOP is a very powerful tool for process monitoring like PS. Let's see about TOP, how we can use it. As I told you before, process monitoring is very important to security. Imagine that malware analysts use process monitoring when they analyze malware. When they perform dynamic analysis of malware or evil code. So we need to think process monitoring as a very important task. So let's see about TOP. If you press TOP, you can see all the processes for the user root, for the user cali, my user. You can see the PID. As you saw in the previous command PS, you can see the CPU consumption, the memory consumption, the utilization. So what can we do? First of all, we can use many parameters, many keystrokes. First of all, we will try TOP U for user and our user, which is cali. As you can see, every process right now is by the user cali, not root. So it's a perfect example for monitoring all the specific processes. Let's see something else. Let's go back to our TOP and let's use the Z option. If you press Z, you will see in color all the active processes. Right now, you can see all the running processes. So it's very useful. You can see all them in red. We don't have any inactive. If we had any, the color would be white. So we are OK for now. Let's press SHIFT P to sort by the CPU utilization. As you can see, SHIFT P, here's the process with the most CPU utilization. OK, 9.2 from the XORG. OK, another example is the output. So when you have to prepare a report for the process monitoring to give to a colleague or another user, you can use TOP-Ni-1 for execution that will make one loop of the process searching. Slash B and output to a TXT. Let's name it process report TXT. OK, if we cut it, I'm sorry. OK, we have a report for all the processes. OK, I think we are done with TOP. As we can see, PS and TOP is some very powerful command line tools. Let's move on to H-TOP. H-TOP is another powerful tool. It's like TOP, but it's a more interactive process monitoring tool. Let's see about this. I will change back to the Kalima scene and let's type H-TOP. OK, as you can see, it has a very beautiful interface, even though it's not graphical, but it's a terminal text interface. We have many options. We have just to press F-buttons. For example, let's press F5. We can see a tree like we saw on the PS command with the forest parameter. OK, it's very useful. Let's try F6. OK, we can select which parameter we want to output first. Let's see about PID. OK, we have the user root with PID1, a process with PID1, 272. And we have more below. Let's sort by another filter. We should use about memory utilization. Why not? OK, as we can see, the memory section is in a blue color. The other one is in green. So we can see the process with the most consumption with 2.3. OK, as we can see, it is a very nice tool. You can press F9 to kill a process, but I do not want to kill a process. So we'll press Escape and quit with F10. OK, as we can see, it is a very beautiful, very, very beautiful tool. OK, I'm sorry. Nice, it's clear. And let's switch back to see what's next. Nice. OK, the next one is the Enmon tool. Enmon is another impressive tool which we can use to monitor processes. So let's see about it. OK, let's press Enmon. OK, as we can see, there are many options that we can use. We can press C for the CPU, M for memory. We can see information about disks, information about kernel, about network. So let's see about CPU, let's press C. OK, we have some information about the CPU utilization. OK, let's go back. OK, let's try VM for memory information. OK, we can see many useful information about our RAM usage, about our subspace. The subspace is used when the RAM is full, so we have 100% free subspace. OK, let's go back and see some other information. Enmon, let's press R for the resource. OK, why not? We can see the version of our Linux distribution. I have the 2020.3, OK, very nice. And let's see another tool, Bustop. Bustop is another powerful tool. It's not like top and it's top, but it's quite a beautiful tool. Let's see about it. OK, as you can see, it has a very impressive interface. You can see the CPU utilization. You can see your CPU information. I have risen 7. It shows the memory utilization. And the subspace again. And the processes. As you can see, I have many active processes. So it's quite beautiful. You can press K to kill the process. So I will not use it right now. Let's see another tool. Let's quit from here. OK, the next one and the final one is Glances. Glances is another valuable tool. Glances, OK. Let's wait. OK, we have many useful information. A more detailed CPU utilization and memory too. That's what is very important and we need those information. We can see the read and write speed about our file system, about our disk. We can see information about our network, but I have disconnected my virtual machine from the network. Finally, as the previous tools, you can see the active processes. As you can see, this change is over time, so it's an interactive tool. OK, that's all about the process monitoring. Of course there are many other beautiful tools, but those are my favorite ones that I use the most. Let's move on to another section. OK, the next one is about managing Linux system services. What is a system service? A system service is a software that runs in the background, so we can say that a system service is a non-interactive process. In addition, the service carries out essential tasks of the operating system. To explain it more in depth, we need to know that the first process of the Linux operating system is the init process, which in turn starts all the system services. How can we manage these system services? There are two service managers. The first one is the system D, and the second one is the CSV init service manager. Let's see some examples. We will change back to the virtual machine. First of all, we have to type sudo because we need root privileges, and then sysstemctl, listunits, type equals service, because we need services and state equals active. OK, as you can see, there are many units. We can see that they are loaded, they are active, and some are active, some are running, and some are exited. We need to know that it is not necessary for a service to be running. It is just started in the boot time, so it will be active, but not necessary running. So can we list all the running services? Just as we can, we can exit from here and change the state active to state equals running. OK, we have only 19 running services. We can see the current service. Current is a service which executes a cell script when we want, in a specific time. We can see the modern manager service, we can see the RCS log, which is used about logs, and we can see many other services, and how we can list all the services with the sysbinit service manager. Let's clear the screen, we will type sudo because as previous we want root privileges, we will type service status all. Right now, we can see all the services. Again, they have a minus symbol, which means that it is closed, and we can see the plus symbol that means that they are already running. As the system deservice manager, we can see that current is running right now, we can see the bus running right now. So for example, let's open a service, let's open Apache 2. OK, sudo service, sorry, Apache to start. And let's output, let's list the services, status, all. As we can see, Apache right now has a plus symbol. So how can we start Apache 2 at boot time? Because every time we will boot the operating system, the services will be the same. Some will have the plus and some will have the minus symbol. To start a service at boot time, we just have to use the system deservice manager to enable Apache 2. Right now, if we restart the system, we will see the Apache 2 running. But it is not always security, it is not very secure to have a service running. Because for example, when we have Apache 2 running, we will have an open port. OK, of course we can close it with firewall, but again, we should know where and when we open a system service. One more time, let's list only the active services with sysvinit service manager. So we'll type service, status, all, and we can use grep. Because grep is a powerful tool to output only the lines we want. So when we input something like plus, this command will output all the services that are running right now. As you can see, we have all the running services. If we stop the Apache and list all the running services, we will not see the Apache 2 because we have closed the service. OK, that's all about the services. Let's move on to another section, which is a very important section. It's about managing Linux updates and packages. OK, let's start with repositories. So what is a repo or a repository? A repository is a storage location where your operating system receives updates and applications. It's a server far from your computer, and when you update your system, your package manager will receive all the applications from the repositories. Let's see about the repository categories. First of all, we have the stable repos. The stable repos are repositories which contain stable and tested software releases. The software usually has all the security fixes, have fixed bugs, and it's tested from bugs. So whenever the team says that the software is tested and fully stable, this software belongs to the stable repositories. For example, let's open up my terminal and let's cut my stable repos. OK, here you can see the Debian Buster's stable repos. My opinion is that the stable repos are very secure because they have stable software. You don't have to worry about security issues because the team behind the operating system can ensure that the software is almost 100% secure. So let's clear the screen and let's see what's next. We have the unstable repositories. The unstable repositories contain software that are in the latest update version. For example, if I have a software that is in version 1.1 and I include one bug fix or I will include a new feature, I will update its version and I will include it to a stable repo. For example, an unstable repo is from CentOS here. Here's the repos from CentOS 8 or we can see from the Kali machine that I have the unstable repos. OK, it is very useful to have an stable repos, especially if you are a developer, because you can test the latest update of a software of an application. But if you are a system administrator or a system engineer, it is recommended that you use a stable repo. Let's see what's next. We have the testing repositories. These kinds of repos contain the upcoming version of a stable version. To explain it again, the tested repo contains software and stable software that are going to be included in the stable repos. For example, Debian Seed contains software that it will include in the stable repos of the Debian's bullseye the upcoming 11 version. OK, that's one of the useful features of the repositories and let's go to the packages. You have to update your system every since then. I recommend that an administrator should update his system every week or every two or three days. In CentOS, he can issue the YAM update and the packages they want to install or YAM check update. In Debian systems, you should use a sudopped update. As you can see, I fetch all the updates from the repositories. As you can see, here are all the software and the applications, the libraries that are going to be updated. OK, this is very useful and let's see what we have next. The next section is about system vulnerability scanning and auditing. First of all, what is vulnerability? Vulnerability is a weakness or a flaw which can leave a system open to attack. There are the system and the software vulnerabilities. In many cases vulnerability comes from a misconfigured software. So how can we resolve any vulnerability issues? Users and the system administrator have to patch their software to the latest update. If you see an announcement or an update that the software has a vulnerability issue, they have to update their systems properly. This is very important to update the system and how can we scan the system for vulnerabilities? To scan for vulnerabilities, I'm sorry, in the roadkits, we have to use scanning and auditing tools. I have prepared some tools to show you. As you can see, here's the end map. The end map is the GUI version, the graphical user interface version of the end map. I have prepared the arcade hunter. The arcade hunter is a tool to scan for roadkits and lemmings, which is an auditing tool for vulnerabilities. So let's start with the end map. The end map stands for the network mapper. It's a free and open source scanner licensed standard GPL. It can be used for hostage discovery, port scanning, network service and version detection. This is a feature that we will go to use and operating system detection. In addition, end map uses the NSC, end map security engine, skeleton engine, which is a very useful and valuable feature. It gives us the option for service detection and operating system detection and also for vulnerability detection. Here is the path of the script location, of the NSC script location. Let's switch back to the call machine. Let's scan for vulnerabilities and let's scan the end map server scanme.enmap.org. The end map stands for script and for service version. We will use the default version of the script. Let's start the scan. Let's wait to scan the scanme.enmap.org. It will take a while. As we can see, we have the open ports. We can see that the server that is hosted everything is Apache. In the version 2.4.7 we can see that it contains the SSH service. In the port 22, the version is 6.6.1p1. To scan for vulnerabilities, as we can see, we have to open a browser and scan for vulnerabilities. Or we can see about the searchploit. It is a very useful tool for scanning vulnerabilities. Let's see an example. We will use the Apache version to scan for vulnerabilities. Apache, fine. We can see the versions. We can see that we do not have any vulnerability. The Apache version shows you from exploitDB database if you have any software misconfiguration. That is a very useful tool if you combine it with the end map. Let's see what we have next. We have the Linux. Linux is another powerful tool for vulnerability scanning. Let's use it. Let's part of the sudo linux audit system. But if you don't know which options you can provide, you can press the dash dash help. You can always see which parameters can you use. Audit system, update. It is the Linux version. I will use the audit system to show you how it can be used. sudo linux audit system. It detects the version of the kernel, the version of the hardware architecture. Let's let it finish. It is a very powerful and helpful tool because it suggests which software we can use to protect our system. As you can see, the Linux is an insecure service so it did not fund the service. As you can see there are many features. What else? It checks if we have any database up and running, if we have any PHP service up and running. It tells you that if it found any vulnerabilities, if we have updated the system. As you can see, it is a very powerful tool. Let's see another tool, which is RK Hunter. RK Hunter is an open source tool and free open source tool that scans the local system for rootkits and backdoors. It is very powerful. Let's use it. First of all, we can see which options we can pass as arguments. We can use the update to update the database. We can press dotcr dot dot check to check the system for rootkits. So let's use this option. RKHounder dot dot check. Okay, it scans all the user bin software to see if it finds any malicious software. We have a warning but okay, it's very secure. Let's continue the scan. As you can see, it did not find any rootkits from the known ones. These are the known rootkits. As we can see, we are very secure. Just remember to execute once in a while to ensure that your system is up to date and secure. Okay, let's wait. It scans for kernel module names. If a kernel module is vulnerable or untrusted, it will tell us it will output that warning. Okay, let's continue. It checks for open ports. Continue. Okay, as we can see, it checked the file system. Here's the VAR log. In the VAR log directory, the RKHounder dot log is logs to the RKHounder report. So we can read it in time when we perform the scan. So we can be up to date with the most secure software and system. Let's see what we'll get next. The next section is about Linux Plugable Authentication Modules. All right, let's begin. So what is PAM? PAM, or Linux Plugable Authentication Modules, stands for a set of modules or for a set of libraries which are used to authenticate Linux user to a system service or to some applications. There are four types of Linux PAM modules. The first one is the authentication management modules which help in the user authentication. The second one is the password management modules which help in updating a password. An example is the cracklib. We will see an example later. We'll show you a practical example. The third one is the season management modules which help to set up or to clean a service or to set some process per user. We also see an example about this. And finally we have the account management modules which help about account verification. So let's see some examples. First of all, we will see about set up some process limits per user. So we'll type sudo nano. You can use any other text editor. You can use Veeam or you can use GND to leafpad. There are many other options. This is the directory of the PAM Limits resource file and Limits Conf. Here you can see some comments. What we can use to enable the module domain. You can see what is the domain. The name can be a group name. It can be a user name. The type could be soft or hard. So what is soft and what is the hard limit? Soft are the limits that a normal user can change that later. And the hard limits are the limits which can only be changed by the root user. Item you can use the code, the data, the CPU, then broke. This is the example I will use, then broke. The value is an integer number of how many processes will be used by a specific user. So let's give an example. Let's go down here or let's get here. We will set process limits about myUserCali. Type will be hard. So only root user can change that later. Item will be a broke. I will limit the process for this user. This will enhance the security level and the value will be... Let's set to 150. Let's set it to 75. Let's save it. And now we managed to set some limits for our userCali. Another example is password. We can ensure that the user will set strong passwords. The system will not allow him to set some weak passwords. So let's clear the screen. We will change this line. First of all let's explain what is this. We will require requisite password. Here is the library, the third object. Here is the try for the max password. The system will ask the user to prompt a password three times before sending an error. The main length of the password is the size of the password. Defoc is the number of the character changes in the new password that differentiates it from the old password. So let's change it. We will set the try from page 4. We will change from minimum length from 8 to 18. Why not? As we said before, we need to set a password instead of a password. Defoc will let it three. It's not a problem. You can set your credit. Your credit stands for uppercase letters. Let's set it to three. Elcredit let's set it to four or to five. Elcredit is a lowercase character. Decredit let's put to eight. This stands for digit in the password. And let's set the credit which set for the symbol in the password. And let's set it to five. Okay we have three plus five plus eight plus five. It's ten, eighteen, twenty-one. So let's decrease it. Okay we have sixteen, okay we have five. Now we have the minimum length eighteen. Let's save it. So we set the digit, the lowercase, the uppercase and the symbols. Okay let's exit and let's change the password. I will press one to three. Okay we can see that the password is way short and the password is too little. So our module is working. So everything is under control by this module. Let's clear the screen and see what's next. Okay the next one is the next one. Its section is the buscrafting. So buscrafting it is used for automation. We will use the buscrafting language. It is not a programming language but it's a set of tools which helps to automate tasks. So before we automate something we need to ask some questions. The first one is what does automation mean? Automation means something that we do not have to input data every time. So we need to write a script where in turn will execute after the software execution. The second question is what tools could be used to achieve automation? We will use many tools, many graphical, many text mode tools. We can use text editing like grep to pattern files, to pattern output. We can use all and many other commands, building commands. The third question is the process truly automated. If we have managed to reduce the input from the software, so an application or a software executes with for example one input, we have managed to successfully automate it. Ok, so let's see some examples of automation with buscrafting liveboards. Ok, the first one is the backup. Let's change to this directory. I have prepared two files but we will create another two files. I have created the email txt that contains a random fake email. And I have created the password txt which contains a random password. So we will create a phone txt which contains some important contacts. We will append the name John to phone txt. We will append his phone. So it will be 6902 to phone txt. Let's output this text file. Ok, as you can see we have a contact John with his phone. So right now we do not want in any case to lose those three files. So in case of data corruption or system corruption, we will have to an external location those three files. So let's see the process of the backup. First of all, I have created a variable which contains the date into a txt. So let's see another example. Ok, as you can see today is Saturday, October, 10th of October and my time zone and the year. So we want to save the backup with a special name because we will automate this process. So we want a specific file name for this one. So we will emit as backup, dash and the date but we want the first three columns this other day, the October and the 10th of October. You can use whatever you want, you can use only the month, you can use the month and the number of months. Or you can use only the day. So I will show you how to make this data and how to do this. The second variable is the auth which will print the first column, the second column and the third column of this file. So I will show you an example. So date to date txt, cut date txt and we have the full date. Now we will oak the output so we will keep this other day the October and 10th with oak. Oak is a tool that helps output specific patterns in a file. So oak, this is a syntax print and if we want to print this other day I will type dollar one for column one. The second column which is October will print it as dollar two and the 10th with dollar three. You can use only the month and the days as I mentioned before so you can use these but I will use this other day so I will use dollar one and three. Okay, and I will specify the filing. As you can see we have only this other day, the October and the 10th. Okay, adaptably you can use the date command, you can use the command parameters, the options but I use oak. I find it more useful. So instead of spaces we want to put in dashes so we will use tr. tr is a command line tool which helps to replace content inside the line. So in the above example we will use tr, double quotes, space. So we will replace space with double quotes, dash, double quotes. Okay, as you can see right now we have Saturday, October, 10th and we have the tar command which will verbose which files will be archived, will be bundled into the tar file. First of all we specify the file name so it will be backup, dash, brackets and the name here. So because we will take it as a variable, this variable equals to the output of this command. So it will be this output so when we want an output of a command to be appended to a line or to a variable we can use dollar and parenthesis inside we can execute whatever we want. And as a second parameter we will use our directory or our home directory or another directory in our file system like var or opt you can use whatever directory you want to bundle and compress. I use this div because we want to bundle the email, the password and the phone, the txt file. Let's remove the date. Okay, and afterwards I remove the date txt because we do not want to save the date again and again. So let's have the backup script. Okay, as you can see I have many outputs, I have many files, two files with backup of this directory. Let's remove the first one. Let's remove this directory. As you can see I do not have the directory deal. So let's extract the file. Okay, as you can see there is the directory deal. Okay, and inside we have the email txt, the password txt and the phone txt as well. This was the first example. Let's clear the screen. Okay, let's clear the second example, which is very useful. It is the end map script. So as you saw earlier in the vulnerability, the auditing and scanning section I used end map with nse, with end map script and genshin to scan a server for services, for open services and the version of the services. So we could automate this process. We do not have to type end map, dash, hbsc, script, default and the server IP every time. So let's see how we can automate the process. Okay, here is the script. As you can see here I have some variables, a read command. This script can be used in two ways. The first one is to read the user's input. It will prompt this question. Please insert your server's IP and the user has to input the server IP or the domain. You can use whatever you want. Afterward, it takes this variable input and will output it to the end map command, end map scanning command and will save it as a report. You can use the previous way to save the report with a date, but to show you I will keep it as simple as possible. So let's save it. Okay, let's execute the script. Please insert your server's IP. I will use the domain which I used earlier. Scan me to 10map.org and we hope to see the safety report in many formats. Let's see when the script will finish. Let's give it some time to finish. The script is finished. We have many report files. Let's cut one of them. It's the same output. So the first way of the end map usage and end map scanning script usage is successful. Let's clear the screen. Let's remove every report file and let's see it again. The second way is more easier. As you can see, I have prepared a variable named serverIP equals to something. So you can change it statically. And this variable value will be outputted to the end map command. So let's run it. As you can see, the previous example was interactive. As you can see now, this script is non-interactive. You can statically set the value to the server IP and it will scan it and it will automate the scan. Okay, fine. We have the same output. Let's see the report. It's the same. So we are good to go. We have managed to create the scripts. Let's remove them. Let's clear the screen. And I will show you a very important and interesting way to automate your scripts. Every now and then you can use this way that I will show you to automate your scripts every day, every hour, every specific day of demand or the week. So let's see about it. It's a Chrome. As you know, if you don't know, Chrome is a utility that schedules tasks, it schedules jobs to run at a specific time. The Chrome format is very simple. First of all, we have an Asterisk for the minute, which is from 0 to 59 for hours, 40 days, 7 days, the 31 days of demand. I'm sorry, 31 days. 12 months, day of the week and secondly, we specify the path where our script belongs and we can use a command or we can use a script. We can use whatever we want, a script or a command or anything else that can be executed and to make this done, we can use Chrome.dash.e I will show you right now. Chrome.dash.e Okay, I have prepared this Chrome. I have input some script execution. The first one is that it will be executed every ninth of the month. I can change it. So we can execute this script every tenth of the month or eleventh. So when you have to change the value from this side to this side, you can use zeros until you will set an input right here. So if we had to change the month, if we had to change to make executions every April, we had to use zero, zero, zero and four. Okay, it's very simple and easy. And the second example is that the script but the backup script will be executed every hour or will be executed hourly. And the end map script will be executed every eleventh of the month. Okay, that's all about the Chrome. You can provide something else. We can make some other execution every fifteenth of the month and USR being top to report top TXT. Right now, as you can see, every fifteenth of the month, it will be generated the processes of the current send to a report desktop TXT file. Okay, that's all about the Chrome. That was the end of the presentation. Thank you very much. I really hope you enjoyed this section. I really wish you have many questions that I can help you and you found it very useful and important because security has a big role in Linux administration and administration in general. So if you have any questions, you can directly ask them to me you can use mymail panaskalorog.gmail.com and I will answer you as soon as possible. Thank you very much again. Bye.