Happinux Command Line Tool
- Introduction of operation programs for Happinux -
 1. Outline 

2. Admin log in tools 

3. System booting tools 

4. Admin permision operation tools 

5. Config cleaner  

6. Network socket control tools. 

7. setuid/gid control tools 

8. switch user mode operation tools 

9. Process control tools 

10. Cracking prevention tools 

11. System update tools 

12. Admin password changing tools 

13. Configure initialize tools 

14. Log activate tool 

15. Other tools 

¡¡

1. Outline
When you log in with admin authority. You can manage many tools to control system. This manual will tell you the usage and options for each command. Use man command to know more.

e.g.) man igniz_ls

   

[Pic 1: igniz_ls command man page]  


Only security admin can use system management tools. But switch user mode program is allowed to all user ,so you have to be careful on setting

¡¡

2. Admin log in tool : igniz_admin 
You can change your authority to security admin from root by using igniz_admin command. It runs on switch user mode (this will be explained in chapter 8). When you run this program, it will ask you to input password. You can be security admin type in the password you set on admin password change tool.

   

[Pic 2: igniz_admin command execution 1]  


options :
-P or -p :appoint a program path to run when password is correct.
-I  or  -i  : divide whether it is upper system or lower system
-H or -h :print all options for Igniz_admin command (help)

when it is not upper system, you are not a security admin.

   

[Pic 3: igniz_admin command execution 2]

login command in lower system /admin directory is symbolic link of igniz_admin command. all usage and options are same.

¡¡

3. System bootiong tools : igniz_break
system boot tool is made to turn off or reboot the system in lower system. It changes your athority to upper system.

Options:
Options are defined by first number after command. each number has following property
1:Reboot 2: System turn off 3: Change to upper system

   

[º¸±â 4: igniz_break command execution]  

You should be careful to use those functions ,it can halt or reboot your system.

¡¡

4. Admin permission operation tools
Admin permission operation tool is associated with access contol skill, which is core of secure OS. There are many benefits by importing umask system on Happinux.First of all, Happinux solves inconvenience in existing secure OS.In existing systems admin need to access many file and directory to change each file and directory permission. It is very troblesome work for admin. In sight of system performance, existing secure OS has data limit so that as the data gets bigger, system performance decreased. But Happinux keeps only essential configurations in data list accept default setup configuration, so possibility of error is very low. Also there is auto configuration so that you can easily construct a secure system. It is benefit that only Happinux supports. 

(1) igniz_umask  


igniz_umask is command that sets permission of root directory of lower system. Umask concept, core of Happinux is accomplished when you set permission of the root directory.


options : 

igniz_umask [+ permission option flag ] [- permission option flag] [ root directory] 

There are 'r' (read), 'w'(write), 'x'(execute), 'd'(delete) authorities and '+', '-' flags change the property of these authorities. for example, when you set '+rwx' , it means you give read, write and execute athority on the file. on the other hand, if you set '-rwx' . it means you remove these authorities from the file. These options does not care for capital letters and you can configure many directories by using '*'(wildcard)

   

[Pic 5: igniz_umask command execution]

¡¡

(2) igniz_chmod  



igniz_chmod is command for setting lower system directory and file permission configuration. Some files and directories, which is not correctly configured on default.igniz_chmod can embody a effective access control by changing permission of these files and directories

options :

igniz_chmod [+ permission option flag][-permission option flag][file path or directory path]

Options flags are seperated as 'read', 'write', 'execute', and 'delete'.This command can set all lower files and lower single directories.

.  

[Pic 6: igniz_chmod command execution]


This command also can use '*'(wild card) charactor as a factor.

(3) igniz_ls  


igniz_ls command is nearly same as existing 'ls' command, which show the file and directory list of the system. You can every appointed file and directory permissions by using igniz_ls.

   

[Pic 7: igniz_ls command execution] 
in addition, in this picture all the file permissions are '+rwxd'. Because of this, you can see all the file permission in this directory is "RWXD". 

 


5. configuration cleaning tool : igniz_clean

Happinux supports kernel memory arrangement program. You can make your system optimized by cleaning useless configurations and empty list memroies. igniz_clean command will do this job for you.

options: 


igniz_clean[number]

1.Whole system configuration optimize. 
2.Umask configuration optimize. 
3.Directory configuration optimize.
4.File configuration optimize.
5.Process configuration optimize.
6.Setuid/gid configuration optimize.
7.Swich user mode configuration optimize.
8.Network socket configuration optimize.


You can manage your system in best condition. If you regularly execute this program.

 

6. Network socket manager program  

Network socket manager program is to set allowance/denial of network socket use for each user. This program can prevent server to be abused as a by way , download malicious program by controling socket for each user.

(1) igniz_sock

igniz_sock is a command to set network socket permission for each user.

 

[Pic 8: igniz_sock command execution] Options: igniz_sock -option [user id]

-S or , -s option -Set permission at using socket() function, which does network connect. By cutting off this function, you can block illegal use of system as a by way.

-B or , -b option -Set permission at using bind() function, which opens port and make server to wait client connection. By cutting off this function, you can prevent network backdoor and port open.

-O or , -o option -Set permission at using setsockopt() function, which set socket options. By controlling this function, you can prevent user to change socket options .

(2) igniz_conf_sock igniz_conf_sock prints configuration for each user id. As following picture, you can see whether a user can use socket functions or not. In addition, [X] means denial.

 

(3) igniz_del_sock igniz_del_sock removes allowance of using socket by a user.

[Pic 9: igniz_del_sock command execution]

This command uses same options as igniz_sock. It works only when you apply same functions. It means you need to use options that you set when you execute igniz_sock command. In picture upon, there is execution example of iniz_del_sock.

(You can confirm -s, -b, -o options are set, by using igniz_conf_sock command You will see all socket permissions are gone after excute igniz_del_sock with -bso options)

7. setuid/gid control tools setuid/gid control tool has been developed to cut off local system valunerabilies. This program makes only permitted setuid/gid programs run on the system.

 

(1) igniz_suid igniz_suid command allows a setuid file with intergrity to be executed. Admin has to be careful with this program setting.

[Pic 10: igniz_suid command execution]

igniz_suid only allows setuid/gid program with intergrity, so it can block all kind of backdoor ,and root authority exeploits.

(2) igniz_del_suid igniz_del_suid command does oposite to igniz_suid. This command will remove configured setuid/gid permission from a program. General users could not execute "bin/su" program, when setuid permission removed from "/bin/su" as picture following.

[Pic 11: igniz_del_suid command execution]

8. switch user mode operation tools We'd better know about switch user mode before use this switch user operation tool. In exsisting Unix and Linux systems ,normal user can work with super user(root) authority by using set user id concept. Thiw switch user mode concept is very close to this. When security authority is need temporary; such as "login" command. Switch user will give security admin authority to the program to run exactly. It means, switch user mode operation tool is a program to set security admin authority to a program. Switch user mode programs, which is set by admin, can be run with security admin authority safely.

As you see, when you execute switch user mode program, system will out put warnig "WARNING: It's Security System Admin mode!!!".

(1) igniz_supr igniz_supr is a program to set a switch user mode on a program. After setting a switch mode on "/bin/su" program as following picture, you can see general user "x82" gets root authority after execution "/bin/su"

[Pic 12: igniz_supr command execution]

Setting a switch user mode can cause abuse of root authority ,so you should be careful to use it.

(2) igniz_del_supr Igniz_del_supr removes switch user mode from a program. You can see "/bin/su" get back to normal "su" command because of igniz_del_supr.

[Pic 13: igniz_del_supr command execution]

9. Process control tools

Process control tool designed and introducted to manage processes safely. It protects system processes from malicious user. Because of separation of root authority, no one can kill other user's process even if he has root authority.

(1) igniz_psset igniz_psset is a program to set process access authority. Options are as follow.

Options: igniz_psset [+permission option flag] [- permission option flag] [process id]

There are 'r'(read ) and 'k'(kill) options in permission option. Permission property is changed by '+','-' flag. For example, setting '+rk' option adds 'r'(read) and 'k'(kill) permisson to the process. Option does not care capital and small, mani process id which suply as a factor can be set at once.

[Pic 14: igniz_psset command execution]

(2) igniz_ps igniz_ps is a command to print process access authorities. You can see access authorities set by igniz_psset.

3307,3308 processes which set -rk mode by igniz_psset command will be protected on system. Security admin's processes are automatically protected and main processes are all set -rk mode when system starts. Following picture shows execution of normal user ps command.

[Pic 15: Normal user ps command execution]

3307 and 3308 processes whice set -rk moed , are not found in the list.

10. Cracking prevention tools.

igniz_nonexec_sh

igniz_nonexec_sh is a program that blocks shellcoed execution on lower system. On Happinux, this fuction set off on default. But if cracking attempts are oftenly occured ,admin can set it on and prevent remote/local cracking earlier. [ To see detailed Test list ,see attack test page]

Options: Operation options are defined by first input number ,and number options are as fllowing ¼öÇà Çã¿ë ¸ðµå

1. Shellcode execution block mode

2. Shellcode execution allow mode

[Pic 16: igniz_nonexec_sh command execution]

11. System update tools igniz_update

igniz_update checks and updates automatically when system version is updated.

[Pic 17: igniz_update command execution ]

igniz_update downloads update spec code and test it on first execution, and it tells latest version of Happinux is installed on next execution.

12. Admin password changing tools.

igniz_passwd Igniz_passwd is a program that make security admin login password. Password has to be at least 8 letters with special charicter , alphabet charicter, and number. Used password can not be used anymore, so need to be careful when you choose a password.

[Pic: igniz_passwd command execution ]

Option: All options of igniz_passwd are related with password change period. Set password change period and when it is expired , you have to change the password to log in.

-y or -Y option : Set period yearly.

-m or -M option : set period monthly.

-d or -D option : set period daily.

-h or -H option : print all options of igniz_passwd (help)

In addition, default changing period is 3 month and when you set -m option '0', you can log in with new password every time. It is similar to one time password.

13. Configuration initialize tools

igniz_setup

igniz_setup is a system initialize tool suplied in Happinux.

Options : igniz_setup [first factor] [second factor]

First factor: "U" or, "u" option - Retrun system umask setting default.

"C" or, "c" option - Return system file or directory setting default.

"S" or, "s" option - Return system setuid/gid setting default.

"P" or, "p" option - Return system process setting defautl.

"R" or, "r" option - Return system switch user mode setting default.

"K" or, "k" option - Return system network socket setting defautl.

"Q" or, "q" option - Program terminate command.

Second factor: "shutup" option - This option is to ignore warn message when initialize the system.

As you see, there are no warning when shup up option is set.

As you see above , igniz_setup command also can use options after execution

14. Log activate tool.

igniz_logging System loggin is a program that sets enable kernel log storage or not.

Options: Options are defined by first input nuber , and each number has properties as fllow.

1: Start logging.

2: Quit logging.

[º¸±â 4: igniz_break command execution]

 

15. Other tools

(1) igniz_id igniz_id is a program to check admin user id.

[Pic 19: igniz_id command execution]

(2) igniz_version igniz_version is a program to check Happinux system version.

[Pic 20: igniz_version command execution]