Transcript from the "User Setup" Lesson
[00:00:00]
>> Jem Young: So unfortunately now, if I switch to that user, I don't have root access, I don't have super user access. And that's referred to as the sudo command. sudo stands for super user do, which is nice, cuz that actually makes sense. So whenever you say sudo, you're like, super user do this.
[00:00:17] So essentially, I'm running that command with escalated privileges. But first, I need to give that user I just created those privileges. For instance, if we switch over now, I won't be able to do that much. I'll be limited my home directory cuz I have no root access. So we're gonna use the user mod command for it.
[00:00:32] It's gonna modify the user. We're gonna say user mod -aG sudo, and then the username we just created.
>> Jem Young: So I'm gonna say, usermod -aG sudo, and then oops, sudo, and then jem,
>> Jem Young: Cool, so I just added jem to this super user's group.
>> Jem Young: Cool, so I keep hitting clear.
[00:01:07] Now I wanna test that user out just to make sure that what I did actually worked. So we are gonna switch user. For that, it's su, and, jem.
>> Jem Young: So su your username. And then I wanna verify that I have superuser access. There's lots of ways to do this, but I like to take a look at the auth log, cuz it's a good time to look at logs.
[00:01:28] So if I say, cat /var/, let's see, log,
>> Jem Young: /auth.log, it's not gonna let me do it. Because looking at these logs requires super user access. For now, I'm gonna say same thing except I'm gonna say sudo. It's gonna ask me the password, and there, I just catted that log file.
[00:02:00]
>> Jem Young: Everybody catch what I did, anybody behind? Cool, Sam, yes?
>> Sam: I'm getting no such file directory. What are you pointing to?
>> Jem Young: I'm pointing to /var, actually, just go up, /var/log/auth.log. Every Ubuntu distribution should have an authlog. [LAUGH] If it doesn't, we're way of course then.
>> Student: I'm getting that my user is not in the sudor's file.
[00:02:26]
>> Jem Young: Okay, so let's step back. Did you run the user mod command?
>> Student: I did.
>> Jem Young: And it's the same user?
>> Student: I'll just run it again.
>> Jem Young: If all else fails, make another user. [LAUGH] And if that doesn't work, create another server. That's what I do.
>> class: [LAUGH]
[00:02:48]
>> Jem Young: Pretend the first one didn't happen. It's fine. We all are at the same level where we can catch back up pretty quickly at this point.
>> Jem Young: As a shorthand, so if I try to run, actually, I'll do something a little different, I'll run less, cuz cat just dumps the entire file output, less will give me a page.
[00:03:09] And once again, I didn't run that command with sudo. So a shortcut to do that is sudo Which I love because it's essentially saying, sudo, the last command that I ran but with sudo access. And it's a shorthand in case you ever try to run something that requires sudo permission.
[00:03:24] Just sudo !!, I'll rerun the last command with sudo. And now we're running with less, so I can traverse the file with just the arrow keys. And it's a little bit more friendly than running cat, which just dumps everything to a terminal.
>> student2: How do you escape cat?
[00:03:44]
>> Jem Young: Good question, q. To escape less, just hit q, and you'll be back out. Good question, thank you. And please, ask me those types of questions, cuz I forget that I'm used to doing these things and not everybody is the same way. But now we're in authlog. Now's a great time talk about security.
[00:04:03] I said we're gonna talk about security, probably more of it tomorrow. But your authlog is just a log of people that are attempting to do something on your server, or log into your server. And since our server's been up for maybe an hour or so, depending on where you came in at, you can see right now that there are people trying to actively get in my server right now.
[00:04:23] And you're thinking, I'm just some person. [LAUGH] Why would these hackers try to get into my server? It's because there are computers running constantly and they're scanning the entire Internet, every single possible combination of IP address. And they're testing for vulnerabilities, they're testing for weak passwords, which is why we don't use passwords.
[00:04:42] It doesn't matter how clever you are, someone's probably gonna test it eventually. They're testing, do you have ports open that are vulnerable applications? So like that V Bolton exploit the other day, they're testing if you have that running. They're saying, I know to get into there. And if you're wondering, this looks like a bunch of gibberish, check out, let's see, where's a good one for mine?
[00:05:07] Here we go. There's one, invalid user appserver. So someone was trying to log into my server using the username appserver on the port 33710. I don't know what port that is, but I'm sure it's some well-known application that runs on that port. And you're probably thinking, wow, what did I do to offend these people?
[00:05:26] Nothing, [LAUGH] everybody all the time are you gonna try to break into your server constantly. You just accept that's a given. You wouldn't leave your front door open. That's why we use SSH keys. SSH keys are, as far as we know, unbreakable. Unless you give it away or there's some other vulnerability.
[00:05:41] If we want to see a real time of what's happening with our server, I'm gonna use the tail command. Actually I'll start,
>> Jem Young: head, head will give me the top x lines of a file. So I will say, sudo,
>> Jem Young: head,
>> Jem Young: And it's just gonna give me the first, I wanna say ten lines of any given file.
[00:06:08] So the, not inverse, but the corollary to that would be tail. And you're wondering, why are there so many different ways to look at a file in Linux? Because they're all useful, especially when you're talking about megabytes of log files, you wanna be able to quickly jump from portion to portion.
[00:06:24] head will give me what the file started with, tail will give me what it finished with. So if I use tail,
>> Jem Young: -f, for follow, this will keep tail open. And it will follow along with every time something new happens to to that log file. It will just keep outputting.
[00:06:40] And for instance, this just happened. Someone just tried to connect to my computer on port 3621 with an invalid SSH key. And if you wanna feel paranoid about the world and that people are out to get you, you can just tail your log file watch people try to break in.
[00:06:57] Again, it's not personal. tail -f is probably one of the most powerful things you're gonna learn when it comes to debugging. Because everything on a server, you wanna log it somewhere. Because when things go wrong, you'll have no idea why. So you wanna log all your file somewhere, and eventually they get cleaned up.
[00:07:13] But tailing a log file and then connecting to a server at a different terminal or shell and understanding what's happening is one of the most powerful debugging tools we have. It's equivalent to in JavaScript console logging everything. So tail -f is a command to remember, and to get out of here, just Ctrl+C.
[00:07:30] And that will stop following that log file.
>> Jem Young: All right, so we know that our server's secure, cuz people haven't gotten in yet. Cuz I'm still here. If I wanna go to my home directory, same as on our Mac machines, cd, and pwd. And I'm in my home directory.
[00:07:51] This is kind of my play directory, it doesn't matter to much what happens here. In a second, we'll create our ssh directory and all sorts of other things so we can ssh in. But for now, feel free, you can play around with this directory and do kind of whatever you want.
[00:08:04] It's not gonna affect the greater system, cuz it's your home directory.