1 / 29

Lecture 11: Sys Admin-B

Lecture 11: Sys Admin-B. Windows Registry File Integrity fsck (both Windows and Linux). Windows Registry. Used for system and program configuration Not forced, just available E.g., .NET Framework doesn’t use it Implemented as a database Allows atomic operations

kedem
Download Presentation

Lecture 11: Sys Admin-B

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lecture 11: Sys Admin-B • Windows Registry • File Integrity • fsck (both Windows and Linux)

  2. Windows Registry • Used for system and program configuration • Not forced, just available • E.g., .NET Framework doesn’t use it • Implemented as a database • Allows atomic operations • Why would we need these?

  3. Windows Registry • Used for system and program configuration • Not forced, just available • E.g., .NET Framework doesn’t use it • Implemented as a database • Allows atomic operations • Why would we need these? • Multiple processes modifying database

  4. Windows Registry • Contains key/value pairs • Some keys contain sub-keys, sub-etc • How do we access it?

  5. Windows Registry • Contains key/value pairs • Some keys contain sub-keys, sub-etc • How do we access it? • regedit.exe

  6. Windows Registry • Contains key/value pairs • Some keys contain sub-keys, sub-etc • How do we access it? • regedit.exe • It naturally gets cluttered over time • Some tools will clean it to some degree

  7. Windows Registry • So what’s in it? • System config settings • Program settings • Device driver stuff • Usernames/passwords • Encrypted via OWF • We need to be very careful editing the registry • One mistake can nuke the OS

  8. Linux Registry? • No Windows-registry equivalent • Files are: • Plain text • Scattered • Most files are within /etc folder

  9. File Integrity • I have a file on my computer • Files are quite large • There’s more than one of two of them • How do I know none of them have been modified • That’s hard, so let’s focus on a single file

  10. File Integrity • How can files become corrupted? • Initially wrong • Usually during transmission • Bad storage device • Maintenance errors • Moving/copying files • Software modifying files misbehaves

  11. File Integrity • So how do we detect this? • Crytographic hash function • For our purposes, it is… • …trivial to compute • …unlikely to have two messages give the same hash • …unlikely to change data without changing hash • …unlikely to create data that creates a particular hash

  12. File Integrity • I’ve now created a hash for a file • Let’s assume we know the file is good • At a later time, I can re-compute a new hash and compare them

  13. File Integrity • If they match, is the file okay? • If they don’t match, if the file bad?

  14. File Integrity • If they match, is the file okay? • Probably • Rare collisions do happen • If they don’t match, if the file bad?

  15. File Integrity • If they match, is the file okay? • Probably • Rare collisions do happen • If they don’t match, if the file bad? • Probably • False positives do happen. How?

  16. File Integrity • If they match, is the file okay? • Probably • Rare collisions do happen • If they don’t match, if the file bad? • Probably • False positives do happen. How? • What if original key got corrupted?

  17. File Integrity • Okay, so how do I know my pre-computed hashes are good?

  18. File Integrity • Okay, so how do I know my pre-computed hashes are good? • Let’s make a hash! • Is this a bad idea?

  19. File Integrity • Okay, so how do I know my pre-computed hashes are good? • Let’s make a hash! • Is this a bad idea? • It’s a hash of a hash • How do I know my hash of a hash is good?

  20. File Integrity • Okay, so how do I know my pre-computed hashes are good? • Let’s make a hash! • Is this a bad idea? • It’s a hash of a hash • How do I know my hash of a hash is good? • Let’s make a hash! • Wait for it….

  21. File Integrity • We can’t verify everything • We must be selective about what we are trying to verify

  22. fsck • When I use my computer, I make changes to the filesystem • Add/edit/delete • Is my file saved when I save it?

  23. fsck • When I use my computer, I make changes to the filesystem • Add/edit/delete • Is my file saved when I save it? • It’s written to an internal kernel buffer • Actual write to HDD only when the buffer is flushed (when buffer is full or at 30-second intervals)

  24. fsck • Kernel buffer and that material on the hard drive may differ • Shut down too soon • Unmounted improperly • Additionally, hard drives go bad • Blocks can become damaged • Addressing system damaged

  25. fsck • fsck will scan for some errors • It’ll fix them if it can • What types of errors does it look for?

  26. fsck • Superblock contains information about file system • Size • Number of inodes • Free-block count • Free-inode count

  27. fsck • Inodes • File format and type • Inode size • Duplicate blocks between inodes • Bad block numbers

  28. fsck • Data blocks • Files with unallocated block number • Files with inode greater than allowed number • Free-ranging directories • Directories that aren’t attached to filesystem • Bad . and .. directories

More Related