π§ Linux Fundamentals β Deep Dive: Processes, Systemd, Filesystem, Users, Shell, Package Management
Panduan komprehensif administrasi dan internal Linux untuk security engineer. Vault ini sangat Linux-heavy β ebpf-kernel-security, container-kubernetes-security-deepdive, linux-hardening-cis, infrastructure-administrator, eBPF-beyond-security β tapi semuanya menganggap lo udah paham dasar Linux. Nota ini nge-fill gap itu: processes & signals, systemd (units, services, timers, journalctl), filesystem hierarchy (FHS), permission model (ugo, ACL, chattr, capabilities), user & group management, PAM, namespaces & cgroups (fondasi container), package management (apt/dnf/pacman in depth), shell scripting essentials, dan performance troubleshooting. Tanpa ini, lo cuma bisa ikutin tutorial tanpa ngerti kenapa.
Posisi di Vault
Ini adalah fondasi OS untuk semua catatan yang berjalan di Linux. Baca ini dulu sebelum linux-hardening-cis (security hardening), infrastructure-administrator (ops), ebpf-kernel-security (kernel tracing), container-kubernetes-security-deepdive (container isolation), dan podman-networking-ufw (container networking). computer-science-foundations adalah prasyarat OS internals level kernel β ini lebih ke userspace administration.
Daftar Isi
- Filesystem Hierarchy
- Permission Model
- Users & Groups
- Processes & Signals
- Systemd
- Package Management
- Storage & Filesystems
- Networking Essentials
- Shell Scripting Essentials
- Performance Troubleshooting
- Namespaces & Cgroups
- PAM β Pluggable Authentication Modules
- Checklist
- Koneksi ke Vault
- References
Filesystem Hierarchy
FHS (Filesystem Hierarchy Standard)
/ β Root β induk semua
βββ bin/ β Essential user binaries (ls, cp, cat, bash) β /usr/bin symlink di modern
βββ sbin/ β System binaries (fdisk, mkfs, iptables) β /usr/sbin symlink
βββ etc/ β Konfigurasi sistem (hostname, resolv.conf, fstab, shadow, nginx/)
βββ usr/ β UNIX System Resources β aplikasi, libraries, docs, source
β βββ bin/ β User binaries (yang bukan essential buat boot)
β βββ lib/ β Libraries
β βββ share/ β Architecture-independent data (man pages, icons)
β βββ local/ β Software yang di-compile manual (prefix /usr/local)
βββ var/ β Variable data β berubah seiring waktu
β βββ log/ β Semua log (syslog, auth.log, nginx/, mysql/)
β βββ lib/ β Database state, package manager state
β βββ spool/ β Print queues, cron jobs, mail
β βββ cache/ β Cache data (apt cache, pip cache)
β βββ tmp/ β Temporary files β survive reboot (beda sama /tmp)
βββ tmp/ β Temporary files β dibersihkan setiap boot
βββ dev/ β Device files (/dev/sda, /dev/null, /dev/random)
βββ proc/ β Pseudofilesystem β kernel & process info (PID = directory)
βββ sys/ β Pseudofilesystem β kernel device tree & configuration
βββ run/ β Runtime variable data (PID files, sockets) β tmpfs
βββ home/ β Home direktori user
βββ root/ β Home direktori root (bukan di /home)
βββ opt/ β Optional / third-party software (Docker, Chrome, VBox)
βββ srv/ β Service data (web server files, FTP)
βββ mnt/ β Mountpoint sementara (manual mount)
/proc β Kernel & Process Information
/proc adalah pseudofilesystem β file di sini gak ada di disk, tapi dibuat oleh kernel saat lo read:
# System info
cat /proc/cpuinfo # CPU specs (cores, flags, model)
cat /proc/meminfo # Memory (total, free, cached, buffers)
cat /proc/uptime # Uptime (detik sejak boot)
cat /proc/loadavg # Load average (1, 5, 15 menit)
cat /proc/version # Linux kernel version
/proc/sys/ # Kernel tunable parameters (sysctl)
# Process-specific (PID)
ls /proc/1/ # Init/systemd process
ls /proc/$$/ # Proses current shell
cat /proc/1/cmdline # Command line process 1
ls /proc/1/fd/ # File descriptors (fd = file descriptor)
ls /proc/1/map_files/ # Memory mapping
cat /proc/1/environ # Environment variables
ls /proc/1/ns/ # Namespaces (net, mnt, pid, user, uts, ipc, cgroup)
cat /proc/1/status # Status (Name, Pid, PPid, Uid, Gid, VmSize, Threads, Cap...)
cat /proc/1/cgroup # Cgroups membership/sys β Kernel Device & Driver Info
ls /sys/class/net/ # Network interfaces
ls /sys/block/ # Block devices
ls /sys/class/drm/ # GPU
cat /sys/class/thermal/thermal_zone*/temp # TemperaturesPermission Model
Standard Unix Permissions (ugo/rwx)
# Format: drwxr-xr-x
# ββββββββββ
# βββ΄β΄βββ΄β΄βββ΄β΄β
# Type β β β β β β Other (world) execute (x)
# β β β βββ Other read (r)
# β β ββββββ User execute (x)
# r=read β β β Group read
# w=writeβ βββ Group execute (x)
# x=exec βββUser (owner) execute| Tipe | Karakter | Contoh |
|---|---|---|
| Regular file | - | -rw-r--r-- |
| Directory | d | drwxr-xr-x |
| Symlink | l | lrwxrwxrwx |
| Socket | s | srwxrwxrwx |
| Named pipe | p | prw-r--r-- |
| Block device | b | brw-r----- |
| Character device | c | crw-rw-rw- |
Numeric (Octal) Representation:
r w x r - x r - x
4 2 1 4 0 1 4 0 1
βββββ€ βββββ€ βββββ€
7 5 5 β rwxr-xr-x
Owner=7 Group=5 Other=5
Special permissions:
| Bit | Numerik | File | Directory |
|---|---|---|---|
| SUID | 4xxx (e.g., 4755) | Run sebagai owner file (biasanya root) β passwd, ping | Ignored |
| SGID | 2xxx (e.g., 2755) | Run sebagai group file | File baru di dalamnya inherit group |
| Sticky bit | 1xxx (e.g., 1777) | Ignored | Hanya owner yang bisa hapus file β /tmp |
# SUID example
chmod u+s /usr/bin/program # Set SUID
chmod 4755 /usr/bin/program # Sama
ls -la /usr/bin/passwd # -rwsr-xr-x (s di user execute)
# SGID example
chmod g+s /shared/dir # File baru inherit group
# Sticky bit example
chmod +t /tmp # Hanya owner file bisa hapus
ls -la /tmp # drwxrwxrwt (t di other execute)Access Control Lists (ACL)
Extend permission beyond ugo:
# Set ACL: user john read+write access to /data
setfacl -m u:john:rw /data
getfacl /data
# output: user:john:rw-
# Set default ACL: file baru di direktori inherit
setfacl -d -m u:john:rw /sharedExtended Attributes & chattr
# Immutable β tidak bisa diubah/dihapus bahkan oleh root
chattr +i /etc/hosts
lsattr /etc/hosts # ----i--------
# Append-only β cuma bisa append
chattr +a /var/log/syslog
# Undeletable β prevent root dari accidental rm
chattr +i critical_data.txtLinux Capabilities
Pecah privilege root jadi unit-unit kecil:
# List capabilities
capsh --print
# Set capabilities on binary β tanpa SUID
setcap cap_net_bind_service=+ep /usr/bin/myapp
# Binary bisa bind port <1024 tanpa root
# Common capabilities:
# CAP_NET_BIND_SERVICE β bind port <1024
# CAP_NET_RAW β raw socket (ping, scapy)
# CAP_SYS_ADMIN β "root" capability (hati-hati!)
# CAP_SYS_PTRACE β ptrace proses lain
# CAP_DAC_OVERRIDE β bypass file permission
# Run command with specific caps
capsh --caps="cap_net_bind_service+eip" -- -c "python -m http.server 80"Users & Groups
Files
| File | Fungsi | Format |
|---|---|---|
/etc/passwd | User accounts | username:x:UID:GID:info:home:shell |
/etc/shadow | Password hash | username:$y$hash:lastchange:min:max:warn:inactive:expire |
/etc/group | Groups | groupname:x:GID:user1,user2 |
/etc/gshadow | Group passwords | Jarang dipake |
/etc/subuid | Subordinate UIDs (containers) | user:100000:65536 |
/etc/shells | Valid shells | Daftar path shell yang valid |
Hash format di /etc/shadow:
| Prefix | Algoritma | Status |
|---|---|---|
$y$ | yescrypt | π’ Modern β default di Debian/Ubuntu modern |
$6$ | SHA-512 | π‘ OK β masih banyak dipake |
$5$ | SHA-256 | π‘ OK |
$2b$ | bcrypt | π’ Good |
$1$ | MD5 | π΄ Deprecated β jangan |
Commands
# User management
useradd -m -G wheel,sudo -s /bin/bash john # Create user + home + groups
usermod -aG docker john # Add to group (append)
userdel -r john # Delete user + home
passwd john # Change password
chage -l john # Lihat password expiry
chage -M 90 john # Password max 90 hari
# Group management
groupadd devops # Create group
gpasswd -a john devops # Add user to group
gpasswd -d john devops # Remove user from group
# Who is doing what
w # Who is logged in + what they're doing
who # Who is logged in
last # Last logins (from /var/log/wtmp)
lastb # Failed login attempts (from /var/log/btmp)
lastlog # Last login per user
id # UID, GID, groups
groups # Groups current userPassword Policy via PAM
# /etc/pam.d/common-password (Debian)
# Min length 12 chars, remember 5 last passwords
password requisite pam_pwquality.so retry=3 minlen=12
password required pam_unix.so sha512 remember=5Processes & Signals
Process States
R (Running) β sedang jalan atau di run queue
S (Sleeping) β menunggu event (interruptible)
D (Uninterruptible Sleep) β menunggu I/O (tidak bisa di-interrupt)
Z (Zombie) β sudah selesai tapi parent belum wait()
T (Stopped) β di-stop signal (SIGSTOP, SIGTSTP, SIGINT)
X (Dead) β sebentar banget, gak bakal liat di ps
Process Tree
pstree -a # Tree view
pstree -p # With PIDs
# Contoh output:
# systemdβββsshdβββsshdβββbashβββpstree
# ββnginxβββnginx,1234
# β ββnginx,1235
# ββpostgresβββpostgres,2000
# ββpostgres,2001
# ββpostgres,2002Signals
| Signal | Number | Default Action | Use Case |
|---|---|---|---|
| SIGHUP | 1 | Terminate | Reload config (nginx -s reload, kill -HUP PID) |
| SIGINT | 2 | Terminate | Ctrl+C β interrupt |
| SIGQUIT | 3 | Core dump | Ctrl+\ β quit + core dump |
| SIGKILL | 9 | Terminate (cannot catch!) | kill -9 PID β force kill |
| SIGTERM | 15 | Terminate | kill PID β graceful shutdown |
| SIGSTOP | 19 | Stop (cannot catch!) | Ctrl+Z β suspend process |
| SIGCONT | 18 | Continue | fg / bg β resume |
kill -15 PID # Graceful shutdown
kill -9 PID # Force kill (last resort!)
kill -1 PID # Reload config (jika process support)
killall -9 nginx # Kill all processes named nginx
pkill -f "python server.py" # Kill by pattern/proc/PID
ls /proc/PID/
# cmdline β Command line
# cwd/ β Symlink ke working directory
# environ β Environment variables
# exe β Symlink ke executable
# fd/ β Open file descriptors (0=stdin, 1=stdout, 2=stderr)
# maps β Memory mappings
# root/ β Symlink ke filesystem root (jika chroot/container)
# status β Status (State, Pid, PPid, Uid, Gid, VmSize, Threads, Cap)
# limits β Resource limits (soft/hard)
# ns/ β NamespacesSystemd
Systemd adalah init system dan service manager default di hampir semua distro modern (Debian 8+, Ubuntu 15+, Fedora, RHEL 7+, Arch).
Units
Systemd manage units β resource yang dikenal systemd:
| Unit Type | Extension | Fungsi | Contoh |
|---|---|---|---|
| Service | .service | Daemon | nginx.service, sshd.service |
| Socket | .socket | Socket listening | sshd.socket (socket-activated service) |
| Timer | .timer | Scheduled task (replacement cron) | certbot.timer, systemd-tmpfiles-clean.timer |
| Mount | .mount | Mount point | home.mount, var-lib.mount |
| Automount | .automount | On-demand mount | mnt-nfs.automount |
| Path | .path | Trigger on file change | backup.path (trigger backup.service kalo file berubah) |
| Target | .target | Group of units (runlevel replacement) | multi-user.target, graphical.target |
Systemctl Commands
# Service management
systemctl start nginx # Start service
systemctl stop nginx # Stop service
systemctl restart nginx # Restart
systemctl reload nginx # Reload config (SIGHUP)
systemctl status nginx # Status + recent logs
systemctl enable nginx # Auto-start on boot
systemctl disable nginx # Remove auto-start
systemctl is-enabled nginx # Check if enabled
systemctl list-units --type=service --state=running # Running services
# Journal β logs
journalctl -u nginx # Logs for nginx service
journalctl -u nginx -f # Follow (tail -f)
journalctl -u nginx --since "1 hour ago"
journalctl -u nginx -p err # Only errors
journalctl -k # Kernel messages
journalctl --disk-usage # Log size
journalctl --vacuum-size=100M # Trim logs to 100MB
# System state
systemctl list-units # All active units
systemctl list-unit-files # All installed unit files
systemd-analyze # Boot time
systemd-analyze blame # Per-service boot time
systemd-analyze critical-chain # Boot dependency chain
# Power management
systemctl reboot
systemctl poweroff
systemctl suspendExample Service Unit
# /etc/systemd/system/myapp.service
[Unit]
Description=My Custom Application
After=network.target postgresql.service
Requires=postgresql.service
Wants=redis.service # Optional dependency
[Service]
Type=simple # Forking, oneshot, notify, dbus, idle
User=myapp
WorkingDirectory=/opt/myapp
ExecStart=/usr/bin/python3 /opt/myapp/server.py
ExecReload=/bin/kill -HUP $MAINPID
Restart=on-failure # always, on-success, on-abnormal, on-abort, on-watchdog
RestartSec=5
LimitNOFILE=65536
Environment="NODE_ENV=production"
EnvironmentFile=/etc/myapp/env.conf
[Install]
WantedBy=multi-user.targetTimers (Cron Replacement)
# /etc/systemd/system/backup.timer
[Unit]
Description=Daily Backup
[Timer]
OnCalendar=daily
Persistent=true # Run immediately if missed (system was off)
RandomizedDelaySec=1800
[Install]
WantedBy=timers.target
# Dan service yang di-trigger:
# /etc/systemd/system/backup.service
[Service]
Type=oneshot
ExecStart=/usr/local/bin/backup.shsystemctl enable --now backup.timer
systemctl list-timers --allPackage Management
Distro Families
| Family | Distro | Package Format | Manager | Low-Level |
|---|---|---|---|---|
| Debian | Debian, Ubuntu, Kali, Mint, Pop!_OS | .deb | apt | dpkg |
| RHEL | RHEL, Fedora, CentOS, Rocky, AlmaLinux | .rpm | dnf (yum legacy) | rpm |
| SUSE | openSUSE, SLES | .rpm | zypper | rpm |
| Arch | Arch, Manjaro, EndeavourOS | .pkg.tar.zst | pacman | pacman |
| Nix | NixOS | .nix | nix | nix |
APT (Debian)
# Update package index
apt update
# Upgrade
apt upgrade # Safe upgrade
apt full-upgrade # With dependency changes
apt dist-upgrade # Sama
# Search & install
apt search nginx
apt show nginx
apt install nginx # Install + dependencies
apt install ./package.deb # Local .deb
# Remove
apt remove nginx # Keep config files
apt purge nginx # Remove everything including config
apt autoremove # Remove orphaned dependencies
# List
apt list --installed
apt list --upgradable
# Source
add-apt-repository ppa:nginx/stable
apt-add-repository 'deb http://repo.com/ubuntu focal main'DNF (RHEL/Fedora)
dnf update # Update package index + upgrade
dnf install nginx
dnf remove nginx
dnf search nginx
dnf info nginx
dnf list installed
dnf list available
dnf provides /usr/bin/ss # Cari package yang punya file ini
dnf groupinstall "Development Tools"
dnf copr enable user/repo # Enable COPR repoPacman (Arch)
pacman -Syu # Full system update
pacman -S nginx # Install
pacman -Rs nginx # Remove + dependencies + config
pacman -Ss nginx # Search
pacman -Qi nginx # Info
pacman -Ql nginx # List files
pacman -F /usr/bin/ss # File belongs to which packageStorage & Filesystems
Filesystem Types
| FS | Use Case | Max File Size | Max Volume | Journaling | Fitur |
|---|---|---|---|---|---|
| ext4 | General purpose (default Linux) | 16 TB | 1 EB | β | Default, mature, reliable |
| XFS | Large files, parallel I/O | 8 EB | 8 EB | β | Good for databases, large files |
| btrfs | Advanced: snapshots, compression, RAID | 16 EB | 16 EB | β | Snapshot, subvolume, compression, send/receive |
| ZFS | Enterprise: checksum, pool, dedup | 16 EB | 256 ZB | β | Copy-on-write, checksum all data, built-in RAID |
| tmpfs | RAM-based temporary | RAM size | RAM size | β | Super fast β /tmp, /dev/shm |
| squashfs | Compressed RO filesystem | 16 TB | 16 TB | β | Live CD, AppImage, Snap packages |
Mount & fstab
# Mount
mount /dev/sda1 /mnt/data
mount -t tmpfs -o size=2G tmpfs /mnt/ramdisk
# Unmount
umount /mnt/data
umount -l /mnt/data # Lazy β unmount saat tidak dipake
# fstab format
# <device> <mountpoint> <fstype> <options> <dump> <pass>
/dev/sda1 / ext4 defaults 0 1
UUID=abc123 /boot ext4 defaults 0 2
/dev/sdb1 /data xfs defaults 0 0
192.168.1.10:/export /mnt/nfs nfs4 defaults,_netdev 0 0
tmpfs /tmp tmpfs defaults,size=1G 0 0Disk & Partition Commands
lsblk # List block devices
fdisk -l # Partition table
parted /dev/sda print # GPT partition info
blkid # UUID + filesystem type
df -h # Disk usage (human-readable)
du -sh /var # Directory size
ncdu # Interactive disk usage (install first)
iostat -xz 1 # I/O stats per device (1-second intervals)
iotop # Per-process I/O (interactive)Networking Essentials
Interface Configuration
ip addr # IP addresses (replacement ifconfig)
ip link # Interface status (up/down, MAC)
ip route # Routing table (replacement route -n)
ip neigh # ARP table (replacement arp -a)
# Modern vs Legacy:
# ip addr show vs ifconfig
# ip route show vs route -n
# ip neigh show vs arp -a
# ip link set eth0 up vs ifconfig eth0 up
# Interface config (NetworkManager)
nmcli dev status # Device status
nmcli con show # Connection profiles
nmcli con up "Wired" # Activate connection
# /etc/netplan/ (Ubuntu modern) β YAML config
# /etc/sysconfig/network-scripts/ (RHEL legacy)Network Namespace
# Create isolated network stack
ip netns add blue # Create namespace
ip netns exec blue bash # Run shell in namespace
ip netns exec blue ip addr # Check interfaces (lo down by default)
# Connect two namespaces via veth pair
ip link add veth0 type veth peer name veth1
ip link set veth0 netns blue
ip netns exec blue ip addr add 10.0.0.1/24 dev veth0Socket Statistics
ss -tulpn # TCP/UDP listening + process
ss -tan # TCP established connections
ss -tan state established # Only ESTABLISHED
# vs legacy: netstat -tulpn
# Bandwidth monitoring
nload # Real-time per-interface bandwidth
iftop # Per-connection bandwidth
nethogs # Per-process bandwidth
iperf3 -c server -t 30 # Network throughput testShell Scripting Essentials
Shebang & Execution
#!/bin/bash - E # -e: exit on error
set -euxo pipefail # Safety options:
# -e: exit on error
# -u: undefined variable = error
# -x: print commands before execution
# -o pipefail: pipeline error = non-zero exit
# Make executable
chmod +x script.sh
./script.shVariable Expansion & Quoting
name="World"
echo "Hello $name" # Double quotes: expands
echo 'Hello $name' # Single quotes: literal
echo ${name:-default} # Default if unset
echo ${name:0:3} # Substring: "Wor"
echo ${name/World/All} # Replace: "Hello All"Arrays & Loops
# Array
files=(*.log)
echo ${files[0]} # First element
echo ${#files[@]} # Length
echo ${files[@]} # All elements
# For loop
for file in /var/log/*.log; do
echo "Parsing $file"
wc -l "$file"
done
# While read
while IFS= read -r line; do
echo "Line: $line"
done < /etc/passwdConditionals
# File test
[ -f /etc/passwd ] && echo "File exists"
[ -d /tmp ] && echo "Directory exists"
[ -x /usr/bin/curl ] || echo "curl not installed"
# String test
[ "$name" = "World" ] && echo "Match"
[ -z "$empty" ] && echo "Empty string"
# Numeric test
[ "$count" -gt 10 ] && echo "More than 10"
# Modern [[ ]] (safer, more features)
[[ "$name" == W* ]] && echo "Starts with W"
[[ "$name" =~ ^W.+d$ ]] && echo "Regex match"Functions
log() {
local level="$1"
local message="$2"
echo "[$(date +%H:%M:%S)] [$level] $message"
}
log "INFO" "Processing started"Performance Troubleshooting
# CPU
top/htop # Interactive process viewer
mpstat -P ALL 1 # Per-CPU utilization
pidstat 1 # Per-process CPU + memory
perf top # Real-time profiling (kernel + userspace)
# Memory
free -h # RAM + swap usage
vmstat 1 # Memory, paging, swap, I/O, system, CPU
smem # Proportional Resident Set Size
cat /proc/meminfo # Detailed memory info
# Disk I/O
iostat -xz 1 # Per-device I/O stats
iotop # Per-process I/O
fatrace # File access trace (which process is writing to disk)
# Network
ss -tulpn # Listening ports + process
ss -tan | grep ESTAB # Active connections
sar -n DEV 1 # Historical network stats
tcpdump -i eth0 port 443 # Packet capture
# System load
uptime # Load average (1/5/15 min)
cat /proc/loadavg
dmesg -w # Kernel log (watch for OOM, disk errors)
journalctl -k -p err --since "1 hour ago" # Kernel errors last hourNamespaces & Cgroups
Linux Namespaces
Namespaces mengisolasi sumber daya β ini fondasi container:
| Namespace | Constants | Apa yang Diisolasi | Container Impact |
|---|---|---|---|
| pid | CLONE_NEWPID | Process ID β proses di dalam cuma lihat prosesnya sendiri | β kill -9 PID dari host gak bisa liat proses container |
| net | CLONE_NEWNET | Network stack β interface, IP, routing, iptables | β Setiap container punya eth0 sendiri, IP sendiri |
| mnt | CLONE_NEWNS | Mount point β filesystem terisolasi | β Root container beda dari host |
| uts | CLONE_NEWUTS | Hostname + domain | β Container bisa hostname sendiri |
| ipc | CLONE_NEWIPC | IPC resources (System V, POSIX message queues) | Isolasi komunikasi inter-proses |
| user | CLONE_NEWUSER | UID/GID mapping β root di container β root di host | π Kunci keamanan container β bisa peta UID 0 di container ke UID 100000 di host |
| cgroup | CLONE_NEWCGROUP | Cgroup hierarchy | Isolasi resource accounting |
| time | CLONE_NEWTIME | Boot time + monotonic clock | Isolasi waktu |
# Check namespaces of a process
ls -la /proc/$$/ns/
# lrwxrwxrwx ... cgroup -> cgroup:[4026531835]
# lrwxrwxrwx ... net -> net:[4026531992]
# ...Cgroups (Control Groups)
Cgroups membatasi dan meng-account resource per group proses:
# Cgroup v2 β /sys/fs/cgroup/
# Set memory limit
echo "100M" > /sys/fs/cgroup/myapp/memory.max
echo $PID > /sys/fs/cgroup/myapp/cgroup.procs
# Set CPU limit (100000 = 1 core)
echo "50000" > /sys/fs/cgroup/myapp/cpu.max # 0.5 core
# Check memory usage
cat /sys/fs/cgroup/myapp/memory.current
# With systemd:
systemctl set-property myapp.service MemoryMax=512M
systemctl set-property myapp.service CPUQuota=50%PAM β Pluggable Authentication Modules
PAM adalah framework autentikasi modular. Setiap aplikasi (login, ssh, sudo, passwd) punya file konfigurasi di /etc/pam.d/.
Configuration File Format
type control module arguments
Types:
| Type | Kapan Di-exec |
|---|---|
auth | Autentikasi β verifikasi identitas (password, biometric, MFA, YubiKey) |
account | Otorisasi β cek apakah user diizinkan (expired, time-based, group) |
password | Password change β update password hash |
session | Setup/teardown lingkungan sebelum/sesudah login (open PAM session, mount home, log audit) |
Control values:
| Control | Arti |
|---|---|
required | Harus sukses, tapi jalan terus ke module berikutnya (gagal di akhir) |
requisite | Harus sukses, langsung gagal kalo tidak (gak jalan ke module berikutnya) |
sufficient | Kalo sukses + belum gagal sebelumnya β langsung berhasil (skip sisa) |
optional | Gak penting β cuma dipake kalo module lain butuh |
Chain Example
# /etc/pam.d/sshd (di Debian)
auth required pam_securetty.so # Cegah root login via tty insecure
auth requisite pam_nologin.so # Cegah login kalo /etc/nologin ada
auth sufficient pam_unix.so # Password unix (/etc/shadow)
auth required pam_deny.so # Fallback β deny kalo semua gagal
account required pam_unix.so # Cek expired, disabled
account required pam_time.so # Time-based access control
password required pam_unix.so # Password change via /etc/shadow
session required pam_unix.so # Log login
session required pam_lastlog.so # Update lastlogChecklist
β FHS: tau beda /bin vs /usr/bin, /etc vs /tmp vs /var/tmp
β Permission: paham ugo/rwx, SUID/SGID/sticky, ACL
β chattr: tau immutable (+i) dan append-only (+a)
β Capabilities: tau cara set tanpa SUID
β Process: tau beda SIGHUP/SIGTERM/SIGKILL, bisa baca /proc/PID
β Systemd: bisa bikin service unit, tau journalctl, tau timer
β Netstat β ss: udah gak pake netstat lagi
β Package: tau apt/dnf/pacman dasar
β Mount: tau fstab format, tau lsblk, df, du
β Namespace: tau container isolation = namespace + cgroup
β Shell: tau quoting, exit code, pipefail, heredoc
β Troubleshooting: tau urutan strace β iostat β top β perf
Koneksi ke Vault
- computer-science-foundations β OS internals level kernel (Ring 0, syscall, kernel module). Ini adalah lapisan di BAWAH administrasi Linux.
- linux-hardening-cis β security hardening Linux. Baca ini dulu sebelum hardening.
- infrastructure-administrator β network & server administration tingkat lanjut.
- ebpf-kernel-security β kernel tracing via eBPF β butuh paham process, syscall, dan kernel.
- container-kubernetes-security-deepdive β container isolation (namespace + cgroup).
- podman-networking-ufw β container networking.
- systemrescue-recovery β system rescue via live CD β butuh paham mount, chroot, filesystem.
- incident-response-framework β IR di Linux (forensik, log analysis).
References
- Linux Foundation. Filesystem Hierarchy Standard 3.0. https://refspecs.linuxfoundation.org/FHS_3.0/fhs/index.html
- freedesktop.org. systemd Documentation. https://www.freedesktop.org/software/systemd/man/systemd.html
- Linux man pages. man 7 capabilities, man 7 namespaces, man 7 cgroups. https://man7.org/linux/man-pages/
- Debian. APT Userβs Guide. https://www.debian.org/doc/manuals/apt-guide/
- Fedora. DNF Documentation. https://dnf.readthedocs.io/en/latest/
- Arch Linux. Pacman Documentation. https://wiki.archlinux.org/title/pacman
- Linux.com. Linux Permissions Guide. https://www.linux.com/training-tutorials/understanding-linux-file-permissions/
- Red Hat. PAM Documentation. https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_authentication_and_authorization_in_rhel/pluggable-authentication-modules_pam
- Red Hat. Linux Namespaces. https://www.redhat.com/en/topics/containers/what-is-a-linux-namespace
- Kernel.org. Cgroup v2 Documentation. https://www.kernel.org/doc/Documentation/cgroup-v2.txt
- TLDP. Bash Guide for Beginners. https://tldp.org/LDP/Bash-Beginners-Guide/html/
- Google. Shell Style Guide. https://google.github.io/styleguide/shellguide.html
- Ubuntu. Netplan Documentation. https://netplan.io/
- NetworkManager. nmcli Documentation. https://networkmanager.dev/docs/api/latest/nmcli.html
- Kernel.org. Linux Kernel /proc Documentation. https://www.kernel.org/doc/html/latest/filesystems/proc.html
Bottom Line
Linux adalah medan operasi utama buat security engineer β server, container, embedded, cloud, semuanya Linux. Tanpa paham filesystem, process, systemd, dan namespaces, lo cuma bisa execute command tanpa ngerti dampaknya. Investasi waktu belajar Linux fundamentals adalah investasi dengan ROI tertinggi di karir ini karena (1) semua tool security jalan di atas Linux, (2) semua log ada di /var/log, (3) semua container = namespace + cgroup, (4) semua remote exploit ujungnya shell di Linux. Prioritaskan: process & signals (tau cara matiin/kill process dengan benar), systemd (service management modern), permissions (kenapa SUID berbahaya, apa itu capabilities), dan troubleshooting (tau strace, ss, iostat, dmesg ketika ada yang error).