Managing Security Flashcards Preview

Rhcsa > Managing Security > Flashcards

Flashcards in Managing Security Deck (20)
Loading flashcards...

access firewall through GUI

Any changes made using this utility will overwrite any manual changes made to the IPtables file



/etc/services file is a list of predefined services along with their port numbers and protocols associated with them.


Terminal interface to access firewall

Any changes made here will overwrite any manual changes made to the IPtables file



Netfilter is the standard firewall for Linux, which can be controlled by the IPtables command.


files where firewall rules are stored

The firewall rules are stored in /etc/sysconfig/iptables


IPtables rules

The iptables rules consist of three chains:
INPUT: processing packets coming into the system.
FORWARD: Packets that would be routed through the system
OUTPUT: Processes packets that originate from the system
:INPUT ACCEPT [0:0] - all accepted
A INPUT -i lo -j ACCEPT -> loopback address allow input
The IPtables rules are processed from top to bottom


IPtables command

#service iptables restart -> restarts the iptables service
# iptables -L -> check the rules that are loaded in memory
# iptables -F -> flush out rules


Modifying firewall rules

When modifying firewall rules using the iptables command, better to insert than to append. Insert will put INPUT rule before the REJECT rules.
# iptables -I INPUT -p tcp --dport 21 -j ACCEPT
This is only temporary, once the machines restart(or the service restarts, all is lost). To permanently add changes:
# service iptables save
#service iptables restart

#iptables -D INPUT -p tcp --dport 21 -j ACCEPT -> delete rule
#service iptables save


Example on how to configure key-based authentication

#useradd user01 -> create user on server 1 & server2
#passwd user01
# su - user01 -> on server01 connect as this user
Generate a private/public pair for key-based authentication
$ssh-keygen -b 2048 -t rsa -> rsa key with 2048 bits ,no passphrase
$ssh-copy-id -i .ssh/id_rad_pub user01@server2 -> copy key to server02
-on server02, edit /etc/ssh/sshd_config and add, then restart the service
password Authentication no
pubkey Authentication yes

Then from server01, ssh to server02



Security Enhanced Linux
-is a MAC(Mandatory Access Control) system
-consists of kernel modules and tools in userspace. These kernel modules are known as Linux Security modules.
- utilizes targeted policy
- thee modes for SELinux
--Enforcing - the default (all enforced)
-- Permissive - used for troubleshooting issues
-- Disabled - no policies are checked, requires a file system relabel(would taka a long time, DO NOT USE IN EXAM)
- messages are cached (messages such as allowing or denying access)
--- The cached messages are known as the Access Vector Cache (ACV)
- messages can be found in /var/log/messages or better in /var/log/audit/audit.log
-messages contain:
--scontext = source context of the process
-- tcontext = target context of the process


Packages to install to troubleshoot SELinux

#yum install policycoreutils-gui setroubleshoot
- access system-config-selinux or from the GUI
System -> Administration -> SeLinux management


get and change SELinux modes

In the GUI, under the status category, we can change the enforcing mode.
#getenforce -> see current SELinux mode
# setenforce Permissive
# sertenforce 0 -> boolean value
-> 0 - enforce
-> 1 - Permissive
You can also edit this file /etc/selinux/config (permanent)

You can also get the current SELinux status using:
#setenforce enforcing -> set enforcing mode


List and identify SELinux file and process context

To get a SELinux file context:
#ls -Z
To get a SELinux process context:
#ps -eZ
Any process label unconfined_t are not protected by SELinux


change security context on a file

- to change the security context on a file
# chcon --reference /root/anaconda-ks.cfg_backup /etc/ssh/sshd_config
---- copies context from the anaconda file to the sshd_config file
---This actually will break the sshd service. if you try to start the service, you'll get an AVC denial error


Parsing SELinux AVC messages

You can sue the sealert command to parse SELinux AVC messages
#sealert -a /var/log/audit/audit.log


restore SELinux file context

use the restorecon command to restore SELinux file context
#restorecon -R -v /etc/ssh/sshd_config


To set the security context of the file (not mandatory)

#chcon -t etc_t /etc/ssh/sshd_config -> temporary fix
# semanage fcontext -a -t etc_t "/etc/ssh/sshd_config" -> to make permanent
# restorecon -R -v /etc/ssh/sshd_config -> also needed to make permanent


list SELinux Booleans

To see a complete list of SELinux Booleans on your system at the command line, run:
#semanage boolean -l | less
you can alose use the System-config-selinux application
#getsebool -a | grep ftp -> get boolean for ftp service

To get a more detailed list of SeLinux booleans by using the semanage command, you might need to nstall first:
#yum install -y setroubleshoot-server
#semanage boolean -l

To get a list of SELinux booleans assigned with non-default value:
#more /etc/selinux/targeted/modules/active/booleans.local


set SELinux boolean for services

#setsebool ftp_home_dir on -> you can also use: off - 0 or false to turn off. on - 1 - or true to turn on
#setsebool -P ftp_home_dir on -> for permanent change


Display the SELinux policy violations

You'll need to install the setroubleshoot-server
#yum install - settroubleshoot-server
to display the SELinux policy violations:
#sealert -a /var/log/audit/audit.log