60 Chapter 5
Summary Linux’s use of permissions to protect a user’s or group’s files and directories
from other users in the system can be used for offensive and defensive pur-
poses. You should now know how to manage these permissions and how to
exploit weak points in this security system—in particular,
SUID
and
SGID
bits.
E XERCISES Before you move on to Chapter 6, put the knowledge you learned from this
chapter to the test by completing the following exercises:
1. Select a directory and run a long listing on it. Note the permissions on the
files and directories.
2. Select a file you don’t have permission to execute and give yourself execute
permissions using the
chmod
command. Try using both the numeral method
(
777
) and the UGO method.
3. Choose another file and change its ownership using
chown
.
4. Use the
find
command to find all files with the
SGID
bit set.
6 P R O C E S S M A N A G E M E N T At any given time, a Linux system typically
has hundreds, or sometimes even thousands,
of processes running simultaneously. A process is simply a program that’s running and using
resources. Examples of a process include a terminal,
web server, any running commands, any databases, the
GUI interface, and much more. Any good Linux administrator—and par
ticularly a hacker—needs to under stand how to manage their processes to
optimize their systems. For example, once a hacker takes control of a target
system, they might want to find and stop a certain process, like an antivirus
application or firewall. To do so, the hacker would first need to know how to
find the process. The hacker might also want to set a scanning script to run
periodically to find vul nerable systems, so we’ll also look at how to schedule
such a script.
In this chapter, you’ll learn to manage those processes. First, you’ll
learn to view and find processes and how to discover which processes
are using the most resources. Then, you’ll learn to manage processes by
62 Chapter 6
running them in the background, prioritizing them, and killing them if
necessary (no blood involved). Finally, you’ll learn to schedule processes to
run on specified days and dates and at specific times.
