Download
cs 468 advanced unix class 6 n.
Skip this Video
Loading SlideShow in 5 Seconds..
CS 468: Advanced UNIX Class 6 PowerPoint Presentation
Download Presentation
CS 468: Advanced UNIX Class 6

CS 468: Advanced UNIX Class 6

134 Views Download Presentation
Download Presentation

CS 468: Advanced UNIX Class 6

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. CS 468: Advanced UNIXClass 6 Dr. Jesús Borrego Regis University

  2. Topics IA Lab visit was scheduled for today; attempting to reschedule for next week Review of Homework 4 Managing Devices Security Homework 5 Q&A

  3. New disk installation • Attach the drive and reboot to allow system to recognize it • sudo fdisk -l • Partition disk if required • cfdisk, fdisk, sfdisk, parted, gparted • Allocate space to the partition without installing a file system • Note the device name (something like /dev/sdc1)

  4. New disk installation (Cont’d) • Prepare for use: $ sudo pvcreate /dev/sdc1 • Create volume group (vgname) $ sudo vgcreate vgname /dev/sdc1 • Create logical volume $ sudo lvcreate –l 100%FREE –n volname vgname • Create file system: $ sudo mkfs –t ext4 /dev/vgname/volname

  5. New disk installation (Cont’d) • Create mount point: $ sudo mkdir mountpoint • Set mount opt, mntpoint: $ sudo vi /etc/fstab • In /etc/fstab add a line from an existing file system and modify it • Mount the file system $ sudo mount mountpoint

  6. Hard disks

  7. Solid State Disks Source: http://www.ibmsystemsmag.com/power/infrastructure/storage/SSD_benefits/Internal-Structure-of-an-SSD/

  8. Solid State Array Architecture Source: http://www.anandtech.com/show/2738/5

  9. Storage Interfaces ATA (Advanced Technology Attachment, aka IDE, Integrated Drive Electronics): hardware controller inside the disk. Has been improved PATA (Parallel ATA): disks are connected to motherboard with 40/80 conductor cable SATA (Serial ATA): successor of PATA, higher transfer rate, simpler connectivity, hot swapping, optional command queuing

  10. Storage Interfaces (Cont’d) SCSI (Small Computer System Interface): Not as popular but has a long installation base, allows for multiple disks on a bus, daisy chained FC (Fibre Channel): Serial interface for enterprise environments with high speed (fiber) USB (Universal Serial Bus) and FW (FireWire): popular for external hard disk connectivity

  11. Storage Software Unix disk installation is more complex than Windows (plug-and-play) See Exhibit B on page 221 (next slide) Storage device- anything that looks like a disk Partition- fixed subsection of a disk; acts as an independent device RAID Array- combines multiple devices into one virtualized device Volume/Logical volumes- subdivision of disks

  12. Attachment After connecting the disk, the OS will acknowledge its existence if everything is OK Initial POST will detect the disk and list its characteristics See example on page 223 of USAH The new disk will have devices files in /dev Make sure you know the correct device when you format

  13. Formatting • All hard disks are preformatted at the factory • No need to perform a low-level format • Formatting writes address information and timing marks on the platter • Indicates sector limits • Also indicates bad blocks • Any bad blocks found afterwards may or may not be handled automatically

  14. Partitioning Partitioning is the lowest level of disk management Partitioning divides a disk into separate areas of known size Traditional Partitioning: writes a “label” at the beginning of the disk to define blocks included in the partition The device driver responsible reads the label and uses table to calculate location of each partition

  15. Sample Partitions

  16. RAID RAID: Redundant Arrays of Inexpensive(independent) Disks Distributes/replicates data across multiple disks Intent is to avoid data loss and minimize downtime, increasing performance Software and Hardware RAID: different issues Different RAID levels

  17. RAID Levels • The RAID levels specify the exact details of parallelism and redundancy implemented in the array • Levels refer to the configuration • The higher levels do not necessarily mean faster or better • Depend on the application

  18. Linear Mode Also known as JBOD (Just a bunch of disks) Not really RAID Concatenates the block addresses of multiple drives to create the illusion of single, larger virtual drive There is no data redundancy or performance benefit

  19. RAID Level 0 Used to increase performance Combines two or more drives of equal size with stripes alternating between them Decreases write and access time Reliability is inferior to separate disks Two disks have double the failure rate of a single drive, for example

  20. RAID Level 1 Also known as Mirroring Writes are duplicated to two or more drives at the same time Slower writing Reads are similar to RAID 0 Prevents data loss when a disk fails

  21. RAID 0+1 and 1+0 Stripes of mirrors or mirrors of stripes Logical concatenation of RAID 0 and RAID 1 Attempts to obtain performance of RAID 0 and the redundancy of RAID 1

  22. RAID 5 Stripes both data and parity information Adds redundancy Improves read performance More efficient use of disk space than RAID 1

  23. RAID 6 Similar to RAID 5 with two parity disks RAID 6 can withstand complete failure of two drives without losing data

  24. Disk Failure Recovery • JBOD and RAID 0 do not help with disk failure • Data must be recovered manually from backups • Bad disks must be replaced with new ones as soon as possible • Once the new disk is replaced, data must be written to new disk • Not a very fast operation • Can designate “hot spares” drives to allow swapping of drives when failure occurs

  25. RAID5 Drawbacks RAID 5 is very popular but has disadvantages Does not replace regular offline backups Just protects the system against disk failures Does not protect against controller failures, hackers, fires, or other hazards Does not have great write performance Prone to corruption “Write hole”: cannot guarantee that the blocks are properly updated

  26. Logical Volume Management Want to manage space in a partition at different times Groups storage devices into volume groups The blocks in the volume group are allocated to logical volumes – act as disk partitions Logical volumes are more flexible and powerful Logical volumes provide many useful operations

  27. Logical Volume Operations Move logical volumes among different physical devices Grow and shrink logical volumes on the fly Take copy-on-write “snapshots” of logical volumes Replace on-line drives without interrupting service Incorporate mirroring or striping in your logical volumes

  28. File Systems • After the partitions are set up, we need to load the file system • UFS: Unix File System • The file system was removed from the kernel • To abstract the implementation • Many file systems are available • See examples in the book (pp. 255-264)

  29. Storage Area Networking Lower-level system for abstracting storage Network storage appears as local storage Clients must provide own file system implementation to use SAN SAN can be used for swap areas that do not require a full blown file system Not typically used to share files, but to replace hard disks with centralized storage area

  30. Operating System Security • No OS is 100% safe • Best we can hope is to make our OS resistant to attack • Architecture stresses easy manipulation of data in a networked, multiuser environment • Applications on the OS are developed by many vendors • Can introduce security vulnerabilities

  31. Security Threats • Social Engineering • Operating System vulnerabilities • Application software vulnerabilities • Configuration Errors • Unpatched software • Attachments in emails • Inside threats • Disgruntled employees • Lack of security policy enforcement

  32. Security Tips Patch software Detect and remove unnecessary services Secure hosts for remote logging Frequent and proper backups Virus and worm protection Trojan Horses, Rootkits Packet filtering Vigilance Intrusion Detection Systems

  33. Pluggable Authentication Modules • PAM provides flexible modular control over authentication tasks • System authentication routines are stored in a shared library that can be used by applications • Accessible to programmers also • Can integrate advances in security into a single location

  34. Setuid programs Setuid programs are run as the user that owns the executable file Programs that run setuid create security issues Security holes have been discovered in these setuid commands Best practice: scan disks at normal intervals to find new setuid programs

  35. Effective use of chroot • Command chroot restricts a process to a specific directory • No access to other files outside this directory • Can provide a false sense of security if not understood well • Does not relieve administrators from exercising due diligence in security matters

  36. Security Tools Nmap: network port scanner