Manage security Flashcards Preview

RHCSAv8.2 > Manage security > Flashcards

Flashcards in Manage security Deck (28)
Loading flashcards...
1

how to set firewall zone

firewall-cmd --set-default-zone=dmz

2

how to allow specific IP/range through firewall

firewall-cmd --permanent --zone=internal --add-source=192.168.0.0/24

3

how to allow specific service through firewall

firewall-cmd --permanent --zone=internal --add-service=mysql

4

how to allow specific port through firewall

firewall-cmd --permanent --zone=internal --add-port=1001/tcp

5

how to save current firewall rules

firewall-cmd --reload

6

how to list firewall rules by zone

firewall-cmd --permanent --zone=internal --list-all

7

how to set ACL on a file for a specific user

setfacl -m u:name:rwX file

8

how to delete all ACL rules on a file

setfacl -x file

9

how to set ACL on a directory and all files under it

setfacl -R -m d:u:name:rwX directory

10

how to check ACL's on a file

getfacl file-A

11

how to copy ACL's that one file has to another easily

getfacl file-A | setfacl --set-file=- file-B

12

how to live change SELinux to enforcing

setenforce 1

13

how to live change SELinux to permissive

setenforce 0

14

how to check current status of SELinux

getenforce

15

where is the file to permanently change SELinux mode

vim /etc/selinux/config

16

how to check SELinux context of a file

ls -Z /file/or/folder

17

how to change SELinux context of a file

chcon -t httpd_sys_content_t /virtual
Or (this sets it for that folder and anything under it)
semanage fcontext -a -t httpd_sys_content_t '/virtual(/.*)?'

18

how to restore default file context

restorecon -v /virtual
or recursively for that folder and everything under it
restorecon -RFvv /virtual

19

how to view the documents with the descriptions of the purpose of each available SELinux booleans

(first make sure they are installed "selinux-policy-doc")
man -k '_selinux'

20

how to list all SELinux booleans and their state

getsebool -a

21

how to list a specific SELinux boolean and its state

getsebool httpd_enable_homedirs

22

how to temporarily change the state of a SELinux boolean

setsebool httpd_enable_homedirs on

23

how to permanently change the state of a SELinux boolean

setsebool -P httpd_enable_homedirs on

24

how to list SELinux booleans in which the current state differs from the default state

semanage boolean -l -C

25

what log file would you check for SELinux policy violations

tail /var/log/messages

26

what command would you run to get extra information on a SELinux violation

sealert -l 613ca624-248d-48a2-a7d9-d28f5bbe2763

27

what command would you use to easily see recent audit messages

ausearch -m AVC -ts recent

To search the /var/log/audit.log file use the ausearch command. The -m searches on the message type. The -ts option searches based on time.

28

how to block an IP address/range through the firewall

firewall-cmd --permanent --zone=block --add-source=192.168.0.1/32