Scribd
Upload
17 views

UNIX System Administration Procedure (Final!)

Uploaded by

Rach
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
17 views

UNIX System Administration Procedure (Final!)

Uploaded by

Rach
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

UNIX System Administration Procedure

HIGH-Cyber-Tech LLC

Ruth Solomon DRB2102 (DM7757)


Rahel Aruse DRB2103 (Bc3813)
Hilcoe School of Computer Science and Technology

CS362: Unix Administration

Instructor. Ashenafi Kassahun

September 29, 2024


Table of contents
Introduction 3
What to administrate in the company 3
1. User Accounts 3
2. Servers and Infractures 3
3. Applications 3
4. Networking 3
5. Data Management 3
6. Security Measures 3
Unix System Administration Procedures 4
1. Planning 4
2. Policies 5
3. Strategies 5
Introduction
HIGH-CYBER-TECH is a new cybersecurity and secure software development firm located in
Addis Ababa, Bole, Ethiopia focused on tackling advanced threats and security vulnerabilities by
applying critical thinking, logic, and advanced technologies. Its primary business targets both
private and governmental organizations that deliberately seek security for their mission-critical
projects and infrastructure. As a new and emerging company, we have observed the need for
strong Unix administration for their virtual servers, which they use for experimentation and
hosting web services. Therefore, we have developed a comprehensive plan, policies, and
strategies that implement state-of-the-art practices to enhance security and operational
efficiency.

What to administrate in the company


We believe we have identified some areas in the company that need administration especially in
the servers that are used for experimentation and hosting web services.

1. User Accounts
a. Employee accounts for security analysts, penetration testers, developers, project
managers.
2. Servers and Infrastructures
a. Linux-based servers for development, testing and production environments.
b. Virtualization, containerization, and efficient architecture for their web based
projects.
3. Applications
a. Web applications
b. databases and internal tools
4. Networking
a. Local area network setup
b. IDS/IPS
c. firewalls and routers.
5. Data Management
a. Policies for data storage, backup
6. Security Measures
a. User authentication, access control and monitoring
Unix System Administration Procedures
Planning
a. Assessment of Needs
i. User-Base: 15 Employees, including security analysts, penetration
testers, developers and project managers.
ii. Infrastructure: Primary Linux-based servers for development, testing and
production environments
iii. Applications: Web applications, database and internal tools
b. Resource allocation
i. Hardware: Purchase new servers to support development and production
needs
ii. Software: Licensing for monitoring and backup solutions
iii. Personnel: hire or train system administrator familiar with Unix/Linux
systems.
c. Timeline
i. Phase 1 (Month 1-2): Infrastructure assessment and hardware setup.
ii. Phase 2 (Month 3): User training and documentation development.
iii. Phase 3 (Month 4): Full implementation of policies and procedures.

d. Backup
i. Backup frequency
1. Full Backups: Perform a full backup of all critical data and
configurations weekly
2. Incremental Backups: Conduct incremental backups daily to
capture changes made since the last backup.
ii. Backup methods
1. Use tools like rsync for file-level backups and tar for archiving.
2. For databases, employ mysqldump for MySQL or pg_dump for
PostgreSQL to ensure consistent data backups.
iii. Backup storage
1. Store backups on-site in a secure location (a dedicated backup
server).
2. use cloud storage (AWS S3 or Google Cloud Storage) for off-site
backups to protect against physical disasters.
e. Incident Response Plan

i. Incident Detection

1.Use tools like Snort for real-time network intrusion detection.

2. Ensure comprehensive logging of system events with real-time alerts


using Nagios or Splunk.

ii. Incident Categorization

Establish an incident severity scale (low, medium, high, critical) to


prioritize responses.

iii. Incident Handling

1. Low Severity: Investigate and resolve minor issues (e.g., unsuccessful


login attempts).

2. Medium Severity: Isolate affected systems and perform in-depth


analysis (e.g., malware detection).

3. High Severity: Execute immediate containment strategies, such as


temporarily taking systems offline (e.g., DDoS attacks).

4.Critical Severity: Mobilize the Incident Response Team (IRT) for critical
threats, such as ransomware. Lock down systems, disconnect them from
the network, and begin recovery procedures.

iv. Post-Incident Review

After every incident, perform a Post-Mortem Analysis to evaluate what


happened, what was done, and how the response can be improved.
Update incident response strategies accordingly.
Policies
a. User Access management
i. Account Management Policy: Create a standardized process for
onboarding and offboarding employees. All accounts should have a
defined expiration date for temporary hires.
ii. Role-Based Access Control: Access levels based on roles
(developers, admins, etc.), ensuring least privilege access.

b. Security Policies
i. Password Policy: Require passwords to be at least 12 characters with
complexity requirements (upper/lowercase, numbers, special characters)
and mandate changes every 90 days.
ii. Update Policy: Schedule monthly updates for all systems to ensure
security patches are applied promptly.
c. Data management
i. Data Retention Policy: Retain project-related data for 5 years, after
which it will be securely deleted.
ii. Encryption Policy: Mandate encryption for sensitive data both in
transit and at rest.

d. Monitoring
i. Logging Policy: Enable comprehensive logging for all critical systems,
with logs retained for at least 6 months for auditing purposes.
ii. Regular Audits: Conduct quarterly audits of user accounts and
permissions to ensure compliance.

e. Auditing

i. Quarterly Audits: Conduct internal audits every three months focusing


on:

● User accounts: Verify that all active accounts are valid and match
current employees.
● Permission levels: Ensure least privilege access is enforced
across all services and user roles.
● System updates: Check that all systems are up-to-date.

ii. Audit Trail: Maintain audit logs for at least one year to allow
retrospective analysis. Ensure audit logs are tamper-proof by storing them
in secure, write-only locations.
Strategies
a. Implementation of Automation tools

i. Configuration Management: Use Ansible to automate the provisioning


and configuration of servers, ensuring consistency across environments.
ii. Monitoring Solutions: Deploy Nagios to monitor system health,
performance metrics, and alert on failures.

b. Training and Documentation


i. Training Program: Conduct regular training sessions for system
administrators covering best practices and new tools.
ii. Documentation: Create a centralized documentation repository (e.g.,
Confluence) for system architecture, policies, and procedures, updated
regularly.

c. Regular review and improvement


i. Policy Review Schedule: Review policies bi-annually to incorporate
new regulations or technology changes.
ii. Feedback Loop: Establish a process for gathering feedback from
administrators to continually refine procedures.

d. Risk Management Strategy

i. Risk Identification: Regularly identify potential risks that could impact


the company’s infrastructure, including hardware failures, cyber-attacks,
data corruption, and employee errors.

ii. Risk Assessment: Assign risk levels (low, medium, high) based on the
likelihood and impact of each risk.

iii. Risk Mitigation Plan:

● For hardware failures: Ensure redundancy for critical systems by


using RAID arrays for storage, multiple power supplies, and
network load balancing.
● For cyber-attacks: Implement Intrusion Detection Systems (IDS)
and Intrusion Prevention Systems (IPS) to detect and mitigate
malicious activity.
● For data corruption: Implement file integrity monitoring tools such
as AIDE (Advanced Intrusion Detection Environment) to detect
unauthorized changes.
● For employee errors: Enforce strong user training programs with
regular evaluations.

iv. Regular Testing: Conduct Disaster Recovery Drills and Penetration


testing twice a year to assess the readiness of the system for potential
threats.

Implementation Timeline

Implementation Timeline

Phase Description Duratin


Phase 1 Infrastructure Assessment and Hardware Setup: 2 months
- Assess the current state of the network, servers, and storage.
- Purchase new hardware for redundancy and performance.
Phase 2 User Training and Documentation Development: 1 month
- Train employees on the new systems, including user access policies.
- Create a centralized documentation repository for processes.
Phase 3 Full Implementation of Policies and Procedures: 1 month
- Apply security policies (e.g., password policies, encryption policies).
- Enable monitoring and logging for auditing purposes.
Phase 4 Incident Response Plan Testing and Final Review: 1 month
- Perform disaster recovery and incident response drills.
- Conduct a final review of all systems and make any necessary changes.

You might also like