Premium Essay

Configure Basic Security Controls on a Linux Server

In:

Submitted By mozurjus
Words 745
Pages 3
Configure Basic Security Controls on a Fedora Linux Server

The students are required to submit their lab assignment answers through this website. All lab assignment questions listed are for each course's week lab activity. This may be a theory based or lab based activity. Lab assessment results and answers are due at the beginning of class the following week. Students are encouraged to perform and submit their lab assessment results immediately upon completion of the lab activity or prior to the due date. During this lab students will properly secure a Linux server system. They will perform steps to secure the bootloader, enable iptables and run SELinux to help lock down the Linux OS. The students will also apply ACLs to directories and files and then check those ACLs and permissions on the system.

To accomplish the lab assignment below, students will need to obtain a copy of the Fedora Image provided to you by the Substitute Instructor and complete a basic VMware installation of Fedora. The questions in the lab book will be based on the installation experience.

Assigned Pages: 10-26
Questions: 1 through 10.

This assignment is due by the beginning of class for Unit 3.

1. What is GRUB and why is it important to lock it down?
GRUB stands for Grand Unified Bootloader (1 of 2 boot menus' for the operating system) which is important to lock down is for security reasons. These reasons include being used to start other operating systems (eg. other versions of Linux or Microsoft Windows), & can be used to boot a system into single-user mode with full administrative privileges.
2. Discuss the purpose of granting "sudo" access. Why is it a good idea not to login as a root user?
The "sudo" (-su or -sg) command logs the user in as root administator which is dangerous & why password protected. It allows you to take the identity of others, but since

Similar Documents

Free Essay

Redhat

...LINUX-6 Curriculum chnoworld ive Development | Training | Consultancy Rh124 Red Hat System Administration I Red Hat System Administration I (RH124) is designed for IT professionals who are new to Linux and require core Red Hat Enterprise Linux skills. Focused on administration tasks that will be encountered in the workplace, this course will actively engage students in task-focused activities, labbased knowledge checks, and facilitative discussions to ensure maximum skill transfer and retention. In addition, GUI-based tools will be featured to build on the students' existing technical knowledge, while key command line concepts will be introduced to provide a foundation for students planning to become fulltime Linux system administrators. By the end of the five-day course, students will be able to perform installation, establish network connectivity, manage physical storage, and perform basic security administration. LINUX-6 Course Outline Unit 1: Get Started with the GNOME Graphical Desktop Objective: Get started with GNOME and edit text files with gedit Unit 2: Manage Files Graphically with Nautilus Objective: Manage files graphically and access remote systems with Nautilus Unit 3: Get Help in a Graphical Environment Objective: Access documentation, both locally and online Unit 4: Configure Local Services Objective: Configure the date and time and configure a printer Unit 5: Manage Physical Storage I Objective: Understand basic disk concepts and manage system...

Words: 1463 - Pages: 6

Premium Essay

Is3440 Linux Security Lab 1

...# 1 Install a Core Linux Operating System on a Server Learning Objectives and Outcomes Upon completing this lab, students should know more about the following tasks: * Install a base Linux operating system using a Fedora core Linux server for production use on the VM server farm * Create secured partitions within the core Linux server for desired security hardening, performance, and application support * Enable a network time server during installation to maintain a synchronized time setting throughout the system * Set a hostname that is descriptive of the role of the server to maintain standard and concise naming conventions during installation * Create a non-privileged user account for system administration access as a secure alternative to logging in as root user Overview In this lab the students will see how to install and partition a Fedora Core Linux Server. The installation process, applying passwords, creating partitions, and system administrator access controls will be part of the operating system configuration requirements. The demonstration will show how to use the terminal or terminal emulator for command line configurations and implementation. Lab Assessment Questions & Answers 1. During the install, the option to sync with a NTP (Network Time Protocol) server was checked. From a security perspective, why is it important for a system to keep accurate time? In a security perspective it is important...

Words: 1494 - Pages: 6

Free Essay

Securing Linux Lab Assignment

...demonstration. Part #1 Apply Hardened Security for Linux Services & Applications Learning Objectives and Outcomes Upon completing this lab, students will learn about the following tasks: * Harden Linux server services when enabling and installing them, and keep a security perspective during configuration * Create an Apache Web Server installation and perform basic security configurations to assure that the system has been hardened before hosting a web site * Configure and perform basic security for a MySQL database, understanding the ramifications of a default installation and recommending hardening steps for the database instance * Install, setup and perform basic security configuration for Sendmail to be able to leverage the built-in messaging capabilities of the Linux System * Enable and implement secure SSH for encrypted remote access over the network or across the Internet of a Linux server system Overview This lab is an extension of the previous hands-on labs, and it incorporates security hardening for Linux services and applications loaded in the physical server. This demonstration will configure security and hardened services and applications to ensure C-I-A of these services. It will take the steps to configure and secure an Apache web server and MySQL database and the components necessary to security harden the implementation of both. The students will also see how to use and configure the Sendmail application for secure local messaging...

Words: 2020 - Pages: 9

Premium Essay

Install a Core Linux Operating System on a Server

...hyperlink to launch the demonstration. Part # 1 Install a Core Linux Operating System on a Server Learning Objectives and Outcomes Upon completing this lab, students should know more about the following tasks: * Install a base Linux operating system using a Fedora core Linux server for production use on the VM server farm * Create secured partitions within the core Linux server for desired security hardening, performance, and application support * Enable a network time server during installation to maintain a synchronized time setting throughout the system * Set a hostname that is descriptive of the role of the server to maintain standard and concise naming conventions during installation * Create a non-privileged user account for system administration access as a secure alternative to logging in as root user Overview In this lab the students will see how to install and partition a Fedora Core Linux Server. The installation process, applying passwords, creating partitions, and system administrator access controls will be part of the operating system configuration requirements. The demonstration will show how to use the terminal or terminal emulator for command line configurations and implementation. Lab Assessment Questions & Answers 1. During the install, the option to sync with a NTP (Network Time Protocol) server was checked. From a security perspective, why is it important for a system to keep accurate time...

Words: 1168 - Pages: 5

Premium Essay

Information System Security

...Claudia Goodman IT302 Homework 2 Security-Enhanced Linux The NSA has long been involved with the computer security research community in investigating a wide range of computer security topics including operating system security. It recognizes the critical role of operating system security mechanisms in supporting security at higher levels. End systems must be able to enforce confidentiality and integrity requirements to provide system security. Unfortunately, existing mainstream operating systems lack the critical security feature required for enforcing separation: mandatory access control. Application security mechanisms are vulnerable to tampering and bypass, and malicious or flawed applications can easily cause failures in system security. The results of several of these projects in this area have yielded a strong, flexible mandatory access control architecture called Flask. This has been mainstreamed into Linux and ported to several other systems, including the Solaris™ operating system, the FreeBSD® operating system, and the Darwin kernel. This provides a mechanism to enforce the separation of information based on confidentiality and integrity requirements and it allows threats of tampering and bypassing of application security mechanisms to be addressed while enabling the confinement of damage that can be caused by malicious or flawed applications. This is simply an example of how mandatory access controls that can confine the actions of any process, including an...

Words: 1522 - Pages: 7

Premium Essay

Nt1330 Unit 3 Partitioning Paper

...Pfsense firewall linux servers My responsibilities are mainly involved with networking, Linux and security. When installing a new Linux server I have to partition it to fit the needs of the application that will be running on it. Partitioning is essentially managing the hard drive space. I have to anticipate the different needs for each server. For example a ftp server would require a lot more space in the home directory, as each user would be likely storing files in their respective home folder. Partitioning is also used for security as the partitions can be mounted with their own “rules”. For example, the /temp mount point can be mounted with the noexec option. This would prevent executable files being ran in this partition. The noexec option is very important for temp as when a hacker gains control of a system they tend to have a low level account. These low level accounts typically have access to the /temp partition. This is where it is likely a hacker will download a local privilege escalation exploit to gain root privileges. This can break applications, that is why planning is very important for me when setting up new servers and applications. Then there are general rules that have to be applied for all servers. For example, creating separate large partitions specifically for logging....

Words: 699 - Pages: 3

Premium Essay

Redhat

...edhat® ® Te r r y C o l l i n g s & K u r t W a l l UR ON IT OOLS IN Y T C E CD-R L TH O ED UD M Linux Solutions from the Experts at Red Hat ® ® P R E S S™ SEC Red Hat® Linux® Networking and System Administration Red Hat® Linux® Networking and System Administration Terry Collings and Kurt Wall M&T Books An imprint of Hungry Minds, Inc. Best-Selling Books G Digital Downloads G e-Books G Answer Networks e-Newsletters G Branded Web Sites G e-Learning New York, NY G Cleveland, OH G Indianapolis, IN Red Hat® Linux® Networking and System Administration Published by Hungry Minds, Inc. 909 Third Avenue New York, NY 10022 www.hungryminds.com Copyright © 2002 Hungry Minds, Inc. All rights reserved. No part of this book, including interior design, cover design, and icons, may be reproduced or transmitted in any form, by any means (electronic, photocopying, recording, or otherwise) without the prior written permission of the publisher. Library of Congress Control Number: 2001093591 ISBN: 0-7645-3632-X Printed in the United States of America 10 9 8 7 6 5 4 3 2 1 1O/RT/QT/QS/IN Distributed in the United States by Hungry Minds, Inc. Distributed by CDG Books Canada Inc. for Canada; by Transworld Publishers Limited in the United Kingdom; by IDG Norge Books for Norway; by IDG Sweden Books for Sweden; by IDG Books Australia Publishing Corporation Pty. Ltd. for Australia and New Zealand; by TransQuest Publishers Pte Ltd. for Singapore, Malaysia, Thailand...

Words: 220815 - Pages: 884

Premium Essay

Linux Technology

...Reserch Assignment 2.1 Research Assignment 2.1 Kyle McGraw ITT Technical Institute IT302 Linux Mr. Gort April 14, 2012 In this paper I will go over 3 different types of Linux security technologies those follow with SELinux, chroot jail, and iptables. These technologies aid in prevention of identity theft. I will help you understand what they are and who designed them and what good they are for you to use them. In the next paragraphs you will be able to decide which one is for you and more about the use of them. Under the GPL in late 2000 SElinux was released from the National Security Agency’s Office of Information Assurance. More recently it was developed by the open source community with the help of NSA. SElinux currently ships as a part of Fedora Core, and it’s supported by Red Hat. Also there are packages that exist for Debian, SuSe, and Gentoo although at this time these were unsupported by anyone. SElinux is based on the concept of Mandatory Access Control. Under MAC, administrators control every interaction on the software of the system. A least privilege concept is used, by default applications and users have no rights, because all rights have to be granted by an administrator because of the system’s security policy. Under DAC, the files are owned by the user also that user has full control over them. If an attacker penetrates that user’s account they can do whatever with the files owned by that user. Standard UNIX permissions are still present on the system...

Words: 940 - Pages: 4

Free Essay

Linux

...is a security enhancement to Linux which allows users and administrators more control over access control. Access can be constrained on such variables as which users and applications can access which resources. These resources may take the form of files. Standard Linux access controls, such as file modes (-rwxr-xr-x) are modifiable by the user and the applications which the user runs. Conversely, SELinux access controls are determined by a policy loaded on the system which may not be changed by careless users or misbehaving applications. The United States National Security Agency, the original primary developer of SELinux, released the first version to the open source development community under the GNU GPL on December 22, 2000. The software merged into the mainline Linux kernel 2.6.0-test3, released on 8 August 2003. Other significant contributors include Network Associates, Secure Computing Corporation, Trusted Computer Solutions, and Tresys Technology. Experimental ports of the FLASK/TE implementation have been made available via the TrustedBSD Project for the FreeBSD and Darwin operating systems. SELinux also adds finer granularity to access controls. Instead of only being able to specify who can read, write or execute a file, for example, SELinux lets you specify who can unlink, append only, move a file and so on. SELinux allows you to specify access to many resources other than files as well, such as network resources and interprocess communication. A Linux kernel...

Words: 1252 - Pages: 6

Premium Essay

Reserch Assignment 2.1

...Research Assignment 2.1 Kyle McGraw ITT Technical Institute IT302 Linux Mr. Gort April 14, 2012 In this paper I will go over 3 different types of Linux security technologies those follow with SELinux, chroot jail, and iptables. These technologies aid in prevention of identity theft. I will help you understand what they are and who designed them and what good they are for you to use them. In the next paragraphs you will be able to decide which one is for you and more about the use of them. Under the GPL in late 2000 SElinux was released from the National Security Agency’s Office of Information Assurance. More recently it was developed by the open source community with the help of NSA. SElinux currently ships as a part of Fedora Core, and it’s supported by Red Hat. Also there are packages that exist for Debian, SuSe, and Gentoo although at this time these were unsupported by anyone. SElinux is based on the concept of Mandatory Access Control. Under MAC, administrators control every interaction on the software of the system. A least privilege concept is used, by default applications and users have no rights, because all rights have to be granted by an administrator because of the system’s security policy. Under DAC, the files are owned by the user also that user has full control over them. If an attacker penetrates that user’s account they can do whatever with the files owned by that user. Standard UNIX permissions are still present on the system, and will be consulted before...

Words: 938 - Pages: 4

Premium Essay

Linux

...Linux handles security through three basic concepts, SELinux, chroot jail and iptables. Each concept is designed to target a specific need in the security spectrum. SELinux works at the kernel level and enforces mandatory access control, chroot jail works within the file system and iptables handles routing of data. In the following paragraphs I will discuss some details of each discipline. SELinux can be traced back to the National Security Agency (NSA) when they got involved in trying to create a secure architecture. They released there research to the open source community which picked it up and continues to make improvements to its basic architecture. SELinux is designed to work at the kernel level of an operating system to enforce mandatory access control policies that confine users and servers to the minimum amount of privilege they require to do their job. The concept was to lock everything down by default and selectively allow access to applications as needed. This prevented security loop holes from remaining open because the average user wouldn’t know what to have running and what to have shut down. This way as users attempt to use an application SELinux will deny the attempt unless you can authorize its use. This gave administrators better security on their workstations from inadvertent malicious use or outright attack. One unique feature that makes SELinux different from standard anti-virus and spyware is its ability to be proactive rather than reactive. Anti-virus...

Words: 522 - Pages: 3

Free Essay

Domain Name Server

...Linux Networking Finals Essay The Domain Name Server Definition: The DNS translates Internet domain and host names to IP addresses. DNS automatically converts the names we type in our Web browser address bar to the IP addresses of Web servers hosting those sites. Because domain names are alphabetic, they're easier to remember. The Internet however, is really based on IP addresses. Every time you use a domain name, therefore, a DNS service must translate the name into the corresponding IP address. For example, the domain name www.example.com might translate to 198.105.232.4. The DNS system is, in fact, its own network. If one DNS server doesn't know how to translate a particular domain name, it asks another one, and so on, until the correct IP address is returned. The DNS was designed to resolve or simply match up the IP address associated with the device to the friendly URL name on the other end. The domain name sever’s function in life is to resolve (translate) the user-friendly Web address to the hard to remember IP addresses from somewhere else. Therefore network providers are responsible for having their own DNS databases updated and in sync, with their outside counterparts, when their trying to talk to one another, because only companies IP addresses will match up with one another on the same network. DNS Server Configuration Types: DNS servers can be configured as one of the following types: Caching-only server A caching-only name server maintains a cache...

Words: 1664 - Pages: 7

Premium Essay

Computer Science

...Instruction Plan for CSE240 Lab on Data Structure and N/Ws Term: 4th Course No: CSE240 Course Title: Lab on Data Structures and Networks L: 0 T: 0 P: 4 Textbook: 1. Data Structures – Seymour Lipschutz :India Adapted Edition 2006 2. Data communication and networks- Forouzan-4TH Edition Reference Books: 3.Data Structures & Algorithms Using C- R.S Salaria-2nd Edition 4.Data Structures,Algorithms and applications in C++ --Sartaj Sahni—2nd Edition 5.PC Hardware in a Nutshell-Robert Bruce Thomsan and Barbara Fritchman Thomsan—July2003 :Second Edition Other readings: |Sr.No. |Journal articles as compulsory readings (Complete reference) | |6. |Cisco system advanced exam guide-CISCO press | |7. |Cisco system CCNA Exam dump guide –CISCO press | Relevant websites: |S.No. |Web address |Salient Features | |8. |http://www.java2s.com/Tutorial/C/0260__Data-Structure |A web page on Data Structure| | | ...

Words: 1499 - Pages: 6

Free Essay

Step-by-Step Install Guide Liferay Portal Enterprise on Linux V1.0

...Labs Step-by-Step Install Guide Enterprise Liferay Portal v1.0 Global Open Versity IT Systems Integration Hands-on Labs Training Manual Step by Step Install Guide Liferay Portal Enterprise on Linux Kefa Rabah Global Open Versity, Vancouver Canada krabah@globalopenversity.org www.globalopenversity.org Table of Contents Page No. STEP-BY-STEP INSTALL GUIDE LIFERAY PORTAL ENTERPRISE ON LINUX Part 1: Install JDK6 Part 2: Quick Liferay Portal Installation with Default HSQL Database Part 3: Install MySQL Database for Liferay Enterprise Step 1: Install and configure MySQL Database Server Part 4: Install Liferay for an Enterprise Step 1: Remove Default Bundled Sample Data Step 2: Create Portal.Ext.Properties File Part 5: Need More Training 2 3 4 6 6 7 8 8 11 © A GOV Open Knowledge Access Technical Academic Publications License Enhancing education & empowering people worldwide through eLearning in the 21st Century © April 2007, Kefa Rabah, Global Open Versity, Vancouver Canada 1 www.globalopenversity.org ICT202 - Linux Enterprise Infrastructure Engineering Diploma Global Open Versity Labs Step-by-Step Install Guide Enterprise Liferay Portal v1.0 Global Open Versity IT Systems Integration Hands-on Labs Training Manual Step-by-Step Install Guide Liferay Portal Enterprise on Linux By Kefa Rabah, krabah@globalopenversity.org Feb 09, 2010 SerengetiSys Labs Project: your company – an enterprise business concern recently is deploying a new network infrastructure and they would...

Words: 3512 - Pages: 15

Free Essay

It302 Reserch 1

...several security measures with Linux programming, which the majority of the software is free. Some of those security technologies are SELinux, TCP Wrappers, IPtables and Chroot Jail to name a few. In basic Linux security, Discretionary Access Control is based practically by users and groups. The process is run by a user and then has access to anything other users has access to, making it not so secure. The U.S. National Security Agency (NSA) developed the SELinux (Security Enhanced Linux) to combat the lack of strong security. The SELinux implements Mandatory Access Control (MAC) in the Linux kernel which enforces policies that limits the user or a program of what they can do. It is designed to prevent process from reading and/or tampering of data and programs. MAC is an important tool for containing security threats made by user errors, hackers or software errors. It’s pretty hard to bypass the security measure since the kernel is checking the MAC rules right after checking the DAC rules on a constant basis. There are three states you can place SELinux to run in; Enforcing, Permissive and Disabled. Enforcing is the default setting where no program or user can do anything not permitted by the security policy. Permissive is a diagnostic state where it sends warning but does not enforce the policy but you can use to build a new security policy. Disabled is where it does not enforce any security policies at all. Another Linux based security program...

Words: 827 - Pages: 4