JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
LABORATORY MANUAL TO ACCOMPANY
Security Strategies
in Linux Platforms
and Applications
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
INSTRUCTOR EDITION
© Jones & Bartlett Learning, LLC
VERSION 2.0
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
World Headquarters
Jones & Bartlett Learning
© Jones & Bartlett
Learning, LLC
5 Wall Street
Burlington,
MA 01803
NOT FOR SALE
OR DISTRIBUTION
978-443-5000
info@jblearning.com
www.jblearning.com
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Jones & Bartlett Learning
books&and
productsLearning,
are available through
booksellers.
© Jones
Bartlett
LLC most bookstores and online
© Jones
& Bartlett Learning, LL
To contact Jones &NOT
BartlettFOR
Learning
directly,
call
800-832-0034,
fax
978-443-8000,
or
visit
our
website,
NOT FOR SALE OR DISTRIBUT
SALE OR DISTRIBUTION
www.jblearning.com.
Substantial discounts on bulk quantities of Jones & Bartlett Learning publications are available to corporations,
professional associations, and other qualified organizations. For details and specific discount information, contact
the special sales department at Jones & Bartlett Learning via the above contact information or send an email to
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
specialsales@jblearning.com.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Copyright © 2016 by Jones & Bartlett Learning, LLC, an Ascend Learning Company
All rights reserved. No part of the material protected by this copyright may be reproduced or utilized in any form,
electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system,
without written
permission
from the copyright owner. © Jones & Bartlett Learning, LLC
Bartlett
Learning,
LLC
© Jones &
NOT FOR SALE
OR DISTRIBUTION
NOT
FOR
SALE of
OR
The content,
statements, views, and opinions herein are
the sole
expression
theDISTRIBUTION
respective authors and not that
of Jones & Bartlett Learning, LLC. Reference herein to any specific commercial product, process, or service by trade
name, trademark, manufacturer, or otherwise does not constitute or imply its endorsement or recommendation
by Jones & Bartlett Learning, LLC and such reference shall not be used for advertising or product endorsement
purposes. All trademarks displayed are the trademarks of the parties noted herein. Security Strategies in Linux
© Jones
Bartlett
LLC
©authorized,
Jones &sponsored,
Bartlett Learning, LL
Platforms and Applications
Lab&
Manual
2.0 is Learning,
an independent
publication and has not been
NOT
FOR
SALE
OR DISTRIBUT
NOT
FOR
SALE
OR
DISTRIBUTION
or otherwise approved by the owners of the trademarks or service marks referenced in this product.
There may be images in this book that feature models; these models do not necessarily endorse, represent, or
participate in the activities represented in the images. Any screenshots in this product are for educational and
instructive purposes only. Any individuals and scenarios featured in the case studies throughout this product may
be
or fictitious,
but areLearning,
used for instructional
© real
Jones
& Bartlett
LLC purposes only.
© Jones & Bartlett Learning, LLC
NOT
FOR SALE
ORtoDISTRIBUTION
NOT inFOR
SALE
OR DISTRIBUTION
This
publication
is designed
provide accurate and authoritative information
regard
to the Subject
Matter
covered. It is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other
professional service. If legal advice or other expert assistance is required, the service of a competent professional
person should be sought.
Production
Credits
© Jones & Bartlett
Learning,
LLC
NOT FOR SALE
OR DISTRIBUTION
Chief Executive
Officer: Ty Field
© Jones & Bartlett Learning, LLC
NOT Director
FOR SALE
OR DISTRIBUTION
of Marketing:
Alisha Weisman
President: James Homer
Senior Marketing Manager: Andrea DeFronzo
Chief Product Officer: Eduardo Moura
VP, Manufacturing and Inventory Control: Therese Connell
SVP, Curriculum Solutions: Christopher Will
Manufacturing and Inventory Control Supervisor:
Amy Bacus
Author: vLab Solutions, LLC, David Kim, President
© Jones
& Bartlett
Learning, LLC
Composition: vLab Solutions,©
LLCJones & Bartlett Learning, LL
Editorial Management:
High Stakes
Writing, LLC,
NOTEditor
FORand
SALE
OR DISTRIBUTION
Lawrence J. Goodrich,
Publisher
Cover Design: Scott Moden NOT FOR SALE OR DISTRIBUT
Product Manager, Custom and Curriculum Solutions:
Manager of Photo Research, Rights & Permissions:
Rainna Erikson
Lauren Miller
Product Management Assistant: Ned Hinman
Cover Image: © ErickN/ShutterStock, Inc.
Associate Production Editor: Kristen Rogers
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
ISBN: 978-1-284-07490-1
6048
© Jones & Bartlett
LLCof America
Printed inLearning,
the United States
NOT FOR SALE
OR
DISTRIBUTION
18 17 16 15 14 10 9 8 7 6 5 4 3 2 1
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
iii
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
Contents
NOT
FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
Lab #1 Installing a Core Linux Operating System on a Server ............................................... 1 ©Introduction Jones & Bartlett
Learning, LLC
© Jones & Bartlett Learning, LLC
..................................................................................................................................... 1 NOT
FOR
SALE
OR
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Learning Objectives ......................................................................................................................... 1 Tools and Software .......................................................................................................................... 2 Deliverables ..................................................................................................................................... 3 Hands-­‐On Steps ............................................................................................................................... 4 Evaluation Criteria LLC
and Rubrics ...................................................................................................... 22 © Jones & Bartlett
Learning,
© Jones & Bartlett Learning, LLC
Lab # 1 DISTRIBUTION
– Assessment Worksheet ................................................................................................... 23 NOT FOR SALE
OR
NOT FOR SALE OR DISTRIBUTION
Lab #2 Configuring Basic Security Controls on a CentOS Linux Server ................................ 25 Introduction ................................................................................................................................... 25 Learning Objectives ....................................................................................................................... 26 © Jones
& Bartlett Learning, LLC
© Jones & Bartlett
Tools and Software ........................................................................................................................ 26 Learning, LL
NOT FOR SALE OR
NOT FOR SALE OR DISTRIBUTION
Deliverables ................................................................................................................................... 27 DISTRIBUT
Hands-­‐On Steps ............................................................................................................................. 28 Evaluation Criteria and Rubrics ...................................................................................................... 42 Lab #2 – Assessment Worksheet .................................................................................................... 43 © Jones
& BartlettSecurity Learning,
© Jones
& Bartlett
Learning,
Lab #3 Hardening with LLC
User Account Management and Security Controls ........... LLC
45 NOT
FOR
SALE
OR
DISTRIBUTION
NOT
FOR
SALE
OR
DISTRIBUTION
Introduction ................................................................................................................................... 45 Learning Objectives ....................................................................................................................... 46 Tools and Software ........................................................................................................................ 46 Deliverables ................................................................................................................................... 47 Hands-­‐On Steps ............................................................................................................................. 48 © Jones & Bartlett
Learning,
LLC
© Jones & Bartlett Learning, LLC
Evaluation Criteria and Rubrics ...................................................................................................... 62 NOT FOR SALE
OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Lab #3 – Assessment Worksheet .................................................................................................... 63 Lab #4 Applying Hardened Linux Filesystem Security Controls .............................................. 65 Introduction ................................................................................................................................... 65 © Jones
& Bartlett Learning, LLC
© Jones & Bartlett
Learning Objectives ....................................................................................................................... 66 Learning, LL
Tools and Software .
....................................................................................................................... 66 DISTRIBUT
NOT FOR SALE OR
NOT FOR SALE OR DISTRIBUTION
Deliverables ................................................................................................................................... 67 Hands-­‐On Steps ............................................................................................................................. 68 Evaluation Criteria and Rubrics ...................................................................................................... 80 #4 – A
orksheet .................................................................................................... 81 © Lab Jones
&ssessment Bartlett W
Learning,
LLC
© Jones & Bartlett Learning, LLC
NOT
SALESOR
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Lab #5 FOR
Hardening ecurity for Linux Services and Applications .............................................. 83 Introduction ................................................................................................................................... 83 Learning Objectives ....................................................................................................................... 83 Tools and Software ........................................................................................................................ 84 © Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
CopyrightOR
© 2014
by Jones & Bartlett Learning, LLC, an Ascend Learning Company.
rights reserved.
NOT FOR SALE
DISTRIBUTION
NOT All
FOR
SALE OR DISTRIBUTION
Instructor Lab Manual
www.jblearning.com
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
iv
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Deliverables ................................................................................................................................... 85 NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Hands-­‐On Steps ............................................................................................................................. 86 Evaluation Criteria and Rubrics ...................................................................................................... 99 Lab #5 – Assessment Worksheet .................................................................................................. 100 Lab #6 Hardening Security y Controlling Access ................................................................. 102 Learning, LL
© Jones
&bBartlett
Learning,
LLC
© Jones & Bartlett
Introduction ................................................................................................................................. 02 DISTRIBUT
NOT FOR SALE1OR
NOT FOR SALE OR DISTRIBUTION
Learning Objectives ..................................................................................................................... 103 Tools and Software ...................................................................................................................... 103 Deliverables ................................................................................................................................. 104 Hands-­‐On Steps ........................................................................................................................... 105 © Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Evaluation Criteria and Rubrics .................................................................................................... 117 NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Lab #6 – Assessment Worksheet .................................................................................................. 118 Lab #7 Hardening Security for the Linux Kernel ................................................................... 120 Introduction ................................................................................................................................. 120 Learning Objectives ..................................................................................................................... 121 © Jones & Bartlett
Learning,
LLC
© Jones & Bartlett Learning, LLC
Tools a
nd S
oftware .
..................................................................................................................... 121 NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Deliverables ................................................................................................................................. 122 Hands-­‐On Steps ........................................................................................................................... 123 Evaluation Criteria and Rubrics .................................................................................................... 131 Lab #7 – Assessment Worksheet .................................................................................................. 132 © Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
Lab #8 Applying Best FOR
Practices for OR
Secure Software Management ....................................... NOT FOR SALE134 OR DISTRIBUT
NOT
SALE
DISTRIBUTION
Introduction ................................................................................................................................. 134 Learning Objectives ..................................................................................................................... 135 Tools and Software ...................................................................................................................... 135 ................................................................................................................................. 136 ©Deliverables Jones & Bartlett
Learning, LLC
© Jones & Bartlett Learning, LLC
Hands-­‐On Steps ........................................................................................................................... 137 NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Evaluation Criteria and Rubrics .................................................................................................... 148 Lab #8 – Assessment Worksheet .................................................................................................. 149 Lab #9 Applying Best Practices for Security Logging and Monitoring ................................... 151 Introduction ................................................................................................................................. 151 © Jones & Bartlett
Learning, LLC
© Jones & Bartlett Learning, LLC
Learning Objectives ..................................................................................................................... 152 NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Tools and Software ...................................................................................................................... 152 Deliverables ................................................................................................................................. 153 Hands-­‐On Steps ........................................................................................................................... 154 Evaluation Criteria and Rubrics .................................................................................................... 170 © Jones
& Bartlett
Learning, LLC
© Jones & Bartlett
Lab #9 – Assessment Worksheet .................................................................................................. 171 Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
Lab #10 Defining Linux OS and Application Backup and Recovery Procedures ................ 173 Introduction ................................................................................................................................. 173 Learning Objectives ..................................................................................................................... 174 Tools and Software ...................................................................................................................... 174 © Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Deliverables ................................................................................................................................. 175 NOT
FOR
SALE
OR
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Hands-­‐On Steps ........................................................................................................................... 176 Evaluation Criteria and Rubrics .................................................................................................... 188 Lab #10 – Assessment Worksheet ................................................................................................ 189 © Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
v
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
Acceptable
Policy & Usage
NOT
FOR SALE Use
OR DISTRIBUTION
© Jones & Bartlett Learning, LL
Restrictions
NOT FOR SALE OR DISTRIBUT
The hardware, software, tools, and applications described and discussed in this lab manual and as
© Jonesby&the
Bartlett
LLCLabs/OnDemand Workbench
© Jones(VSCL)
& Bartlett
Learning,
provided
VirtualLearning,
Security Cloud
are intended
to beLLC
NOT
FOR
SALE
OR
DISTRIBUTION
NOT
FOR
SALE
OR
DISTRIBUTION
used to perform the labs and learning activities described in this lab manual. No other use of
these resources is authorized or permitted.
uWarning:
© Jones & Bartlett
Learning,
© Jones
& Bartlett
Learning,
LLCIf you wish to
Downloading
softwareLLC
or software distribution packages
from the
VCSL is strictly
prohibited.
obtainOR
a personal
copy of an open source softwareNOT
tool orFOR
demoSALE
versionOR
of anDISTRIBUTION
application, you must obtain
NOT FOR SALE
DISTRIBUTION
it directly from the vendor (developer) or from an authorized Internet downloads Web site.
Your subscription to and use of the VSCL is restricted to instructional and/or educational
purposes as part©ofJones
an academic
program
of study LLC
at an educational institution.
No other
use is Learning, LL
& Bartlett
Learning,
© Jones
& Bartlett
authorized. Violations
of
this
restriction
will
result
in
termination
of
your
lab
access
without
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
refund.
You are responsible for compliance with all laws governing your access and use of this resource.
All applicable federal, state, and local laws govern your access to the VSCL. All information
© Joneson&the
Bartlett
& Bartlett
Learning,
available
VSCL Learning,
is subject toLLC
U.S. export control laws©
toJones
the extent
applicable
and may LLC
NOT
FOR
SALE
OR
DISTRIBUTION
NOT
FOR
SALE
OR
DISTRIBUTION
also be subject to the laws of the country in which you reside.
Your use of the hardware, software, tools, and applications provided in the VSCL is subject to
your academic institution’s Code of Student Conduct and Acceptable Use Policies for
information
technology
violations
of Bartlett
the usageLearning,
restrictionsLLC
for the VSCL
© Jones & Bartlett
Learning,
LLCresources. Suspected ©
Jones &
will be
reported
to your institution’s Dean of Students
or equivalent
officer for
NOT FOR SALE
OR
DISTRIBUTION
NOT FOR
SALE ORacademic
DISTRIBUTION
investigation and action.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
CopyrightOR
© 2014
by Jones & Bartlett Learning, LLC, an Ascend Learning Company.
rights reserved.
Instructor Lab Manual
NOT FOR SALE
DISTRIBUTION
NOT All
FOR
SALE OR DISTRIBUTION
www.jblearning.com
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
vi
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
Ethics
Personal Responsibilities
NOT FOR SALE OR DISTRIBUT
NOT
FOR and
SALEYour
OR DISTRIBUTION
The material presented in this course is designed to give you a real-life look at the use of various
© Jones
& Bartlett
Learning,
LLC
Jones & Bartlett
Learning, LLC
tools
and systems
that are
at the heart
of every cybersecurity ©
practitioner’s
daily responsibilities.
NOT
FOR
SALE
OR
DISTRIBUTION
NOT
FOR
SALE
OR
DISTRIBUTION
During this course, you will have access to software and techniques used by professionals
to
investigate and test the security of critical infrastructures and information technology systems
and devices. With this access come certain ethical responsibilities:
1. Do
not exceed
your authorized level of©access.
includesLearning,
remaining within
© Jones & Bartlett
Learning,
LLC
JonesThis
& Bartlett
LLC your
authorized
level of access when using NOT
lab provided
software
to scan or attack
NOT FOR SALE OR
DISTRIBUTION
FOR SALE
ORtools
DISTRIBUTION
computers and software applications as directed within the lab procedures.
2. Do not attempt to use your authorized access for unauthorized purposes either inside or
outside of the VSCL environment.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT
FOR SALE
OR DISTRIBUT
NOT
FOR
SALE
OR
DISTRIBUTION
3. Do not attempt to attack or otherwise compromise the confidentiality,
integrity,
or
availability of any IT systems, services, or infrastructures outside of the VSCL.
4. Comply with your academic institution’s Code of Student Conduct and all other
applicable
policies
and regulations.
© Jones
& Bartlett
Learning,
LLC
© Jones & Bartlett Learning, LLC
NOT
FOR
SALE
OR
DISTRIBUTION
FORthe
SALE
ORmisuse
DISTRIBUTION
5. Comply with applicable federal, state, and local lawsNOT
regarding
use and
of
information technology systems and services.
6. Comply with applicable laws regarding intellectual property rights including patents and
copyrights.
© Jones & Bartletttrademarks
Learning,and
LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
vii
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
Preface
NOT
FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
Welcome! This lab manual is your step-by-step guide to completing the laboratory exercises for
© Jones
Bartlett
Learning,
LLC to gain valuable hands-on
© Jones
& Bartlett
Learning, LLC
this
course.&You
will have
an opportunity
experience
with
NOT
FOR
SALE
OR
DISTRIBUTION
NOT
FOR
SALE
OR
DISTRIBUTION
professional-grade tools and techniques as you work through the lab activities and answer
the lab
questions found at the end of each lab.
Virtual Security
© Jones & Bartlett
Learning,Cloud
LLC Lab
© Jones & Bartlett Learning, LLC
NOT FOR SALE
OR
DISTRIBUTION
NOT FOR
SALE
DISTRIBUTION
You will use the Virtual Security Cloud Lab (VSCL)
resource
to OR
complete
the learning activities
in this lab manual.
uNote:
© Jones
& requires
BartlettJava,
Learning,
LLCand a compatible Web browser.
© Jones
& list
Bartlett
Learning, LL
The Virtual Security
Cloud Lab
Adobe Flash,
The
of
NOT
FOR
SALE
OR
DISTRIBUT
NOT
FOR
SALE
OR
DISTRIBUTION
compatible browsers and required version numbers for Java and Flash is available on the VSCL Web site
(http://campus.toolwire.com/b4ubegin/start.asp). The Technical Support Help Desk will not be able to assist
you in the use of unsupported Web browsers. If you use an unsupported browser, you may not be able to
complete the labs as directed in the lab procedures.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
You
willFOR
need SALE
to download
and install the Citrix® ICA Web client before
access
the VSCL
for the first
NOT
OR DISTRIBUTION
NOTyou
FOR
SALE
OR DISTRIBUTION
time. This download package is also vailable from the VSCL Web site.
The heart of the VSCL is a virtual Workstation desktop (the vWorkstation) configured to give
you access to the tools and resources you need for each lab. The VSCL is a collection of virtual
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
resources that includes Windows and Linux servers, Cisco routers, and well-known applications
NOT FOR SALE
OR DISTRIBUTION
NOT FOR SALE
OR Scanner®.
DISTRIBUTION
like Wireshark®,
FileZilla®, Nessus®, and Zenmap/Nmap
Security
The use of virtualization enables you to perform all of the tasks in this lab manual as if you were
performing them in a live production environment without putting your institution’s assets at
risk. This environment
is isolated
within
self-contained
© Jones
& Bartlett
Learning,
LLC private network that,©except
Jonesfor&the
Bartlett Learning, LL
browser sessionNOT
you use
to
connect
to
it,
is
not
connected
to
the
Internet.
Some
of
the
lab
NOT FOR SALE OR DISTRIBUT
FOR SALE OR DISTRIBUTION
exercises require the use of the Internet. To successfully complete these steps, you will need to
use a workstation with Internet access, such as your local computer.
Capabilities are provided within the VSCL which enable transfer of files between systems within
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
this private network. There is also a capability for downloading lab results files from the
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
vWorkstation to student computers.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
CopyrightOR
© 2014
by Jones & Bartlett Learning, LLC, an Ascend Learning Company.
rights reserved.
NOT FOR SALE
DISTRIBUTION
NOT All
FOR
SALE OR DISTRIBUTION
Instructor Lab Manual
www.jblearning.com
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
viii
© Jones & Bartlett Learning, LLC
How OR
to Use
This Lab Manual
NOT FOR SALE
DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
This lab manual features step-by-step instructions for completing the following hands-on lab
exercises:
Lab #
1
2
3
© Jones & Bartlett Learning, LLC
Lab Title
NOTa FOR
OR DISTRIBUTION
Installing
Core SALE
Linux Operating
System on a Server
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
Configuring Basic Security Controls on a CentOS Linux Server
Hardening Security with User Account Management and Security
Controls
4
Hardened
LinuxLLC
Filesystem Security Controls
© JonesApplying
& Bartlett
Learning,
© Jones & Bartlett Learning, LLC
5
Hardening
Security
for
Linux
Services and Applications
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
6
Hardening Security by Controlling Access
7
Hardening Security for the Linux Kernel
8
Applying Best Practices for Secure Software Management
9
Applying Best Practices for Security Logging and Monitoring
© Jones & Bartlett
LLC OS and Application ©
Jonesand
& Bartlett
10 Learning,
Defining Linux
Backup
RecoveryLearning,
ProceduresLLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Step-by-Step Instructions
For each lab, you are provided with detailed, step-by-step instructions and screen captures
© Jones
Bartlett
© Jones
Bartlett Learning, LL
showing the results
of key&steps
withinLearning,
the lab. AllLLC
actions that you are required
to take&are
NOT FOR
NOTThe
FOR
SALE
OR DISTRIBUTION
shown in bold font.
screen
captures
will also help you identify menus, dialog
boxes,SALE
and OR DISTRIBUT
input locations.
In each lab, you will perform identical steps, such as opening the virtual lab, logging in to another
server, taking screen captures, and transferring files to your local computer. To avoid repeating steps
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
in the lab itself, those common steps have been collected in a separate file, Common Lab Steps.pdf.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
The file is located on the student landing, the vWorkstation desktop. You may use the instructions
within the file to download it and refer to it throughout the lab.
Web References
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE
NOT
FOR are
SALE
ORtoDISTRIBUTION
URLsOR
forDISTRIBUTION
Web resources listed in this laboratory
manual
subject
change without prior
notice. These links were last verified on July 20, 2014. Many times, you can find the required
resource by using an Internet search engine and a partial URL or keywords. You may also search
the Internet Archives (also referred to as the “Wayback Machine”) for a given URL that is no
& Bartlett
Learning,
LLC
© Jones & Bartlett Learning, LL
longer available©atJones
the original
Web site
(http://www.archive.org).
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
ix
© Jones & Bartlett Learning, LLC
Technical
Support
NOT FOR SALE
OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
If you need help completing a lab in this manual, contact the Jones Bartlett Learning Help Desk
using the information below. Remember to include the name of your institution and reference the
course name and number in your ticket details
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT
SALE OR DISTRIBUT
NOT
FOR
SALE
OR
DISTRIBUTION
Phone: 1-866-601-4525
Monday-Thursday:
8AM FOR
– 10PM
Friday:
8AM – 8PM
Online: http://www.jblcourses.com/techsupport
Saturday:
8AM – 5PM
Sunday:
10AM – 11PM
(All hours ©
areJones
EST) & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
If you need help outside of these hours, submit an online ticket or leave a message on our tollfree phone line, and someone from the help desk will get back to you as soon as possible.
© Jones & Bartlett
© Jones & Bartlett Learning, LLC
CreditsLearning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Adobe© Reader© is a registered trademark of Adobe Systems Incorporated in the United States
and/or other countries. Active Directory©, Excel©, Microsoft©, Windows©, and Windows
Server© are registered trademarks of Microsoft Corporation in the United States and/or other
countries. Linux©
is a registered
trademark
of Linus
Torvalds. Citrix© is a trademark
Citrix Learning, LL
© Jones
& Bartlett
Learning,
LLC
© Jones of
& Bartlett
Systems, Inc. and/or
one
or
more
of
its
subsidiaries,
and
may
be
registered
in
the
United
States OR DISTRIBUT
NOT FOR SALE
NOT FOR SALE OR DISTRIBUTION
Patent and Trademark Office and in other countries. FileZilla© is a registered trademark of Tim
Kosse. Firefox© is a registered trademark of the Mozilla Foundation. Nessus© is a registered
trademark of Tenable Network Security. Nmap Security Scanner© and Zenmap© are either
registered trademarks or trademarks of Insecure.com LLC. Wireshark© is a registered trademark
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
of the Wireshark Foundation. pfSense© is a federally registered trademark of Electric Sheep
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Fencing LLC. Debian© is a registered trademark of Software in the Public Interest, Inc.
OpenswanTM is an unregistered trademark of Xelerance. Sam Spade© is a copyright of Steve
Atkins. PowerBrokerTM is a trademark in the United States and certain other countries of
BeyondTrust Software. ClamWin™ is a trademark of ClamWin Pty Ltd. GnuPG© is a copyright
© Jones & Bartlett
Learning,
LLC
Jones &Trademark
Bartlett Learning,
LLC
of Free Software
Foundation,
Inc. Snort® is a©Registered
owned by Sourcefire,
Inc.
TM
NOT FOR SALE
OR DISTRIBUTION
NOT
SALE ORisDISTRIBUTION
WinHex©
is a copyright of Stefan Fleischmann.
P2FOR
Commander
a trademark of Paraben©
Corporation. Oracle® is a registered trademark of Oracle Corporation. UNIX® is a registered
trademark licensed through X/Open Company, Ltd. 1010. Python© is a copyright of Python
Software Foundation. Tripwire is a copyright of Tripwire, Inc.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
All other product
names
are
the
property
of
their
respective
owners.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
CopyrightOR
© 2014
by Jones & Bartlett Learning, LLC, an Ascend Learning Company.
rights reserved.
Instructor Lab Manual
NOT FOR SALE
DISTRIBUTION
NOT All
FOR
SALE OR DISTRIBUTION
www.jblearning.com
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Lab #1 Installing a Core Linux Operating System
on a Server
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Introduction
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
Network security best practice mandates that Windows systems and Linux systems be installed
on a secure network subnet and updated (patched) using trusted sources. Only the minimum
© Jones
& Bartlett
LLC
Jones
& Bartlett
Learning,
LLC
services
required
shouldLearning,
be installed,
and unneeded services ©
should
be disabled.
While
this
NOT
FOR
SALE
OR
DISTRIBUTION
NOT
FOR
SALE
OR
DISTRIBUTION
axiom remains true, it can be very difficult to find the right balance between a functional system
and a secure system.
On UNIX and Linux systems, program dependencies can make it very hard for new
administrators
to find
this balance. Many administrators
install
GUI-driven
servers with
© Jones & Bartlett
Learning,
LLC
© Jones &simply
Bartlett
Learning,
LLC
standard
services
(SMTP,
HTTP,
DNS,
X-Window,
etc.)
and
put
their
faith
in
the
firewall
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION to
keep attackers out.
The foundation of host-based security starts with the installation of the operating system (OS).
Contrary to popular opinion, there is no such thing as a secure operating system, but in this lab,
© Jones
& Bartlett
LLC system in a secure©manner.
JonesYou
& Bartlett
Learning, LL
you will learn how
to install
the LinuxLearning,
CentOS operating
will
NOT
FOR
SALE
OR
DISTRIBUT
NOT
FOR
SALE
OR
DISTRIBUTION
create a new virtual machine, partition the hard drive, and install the Linux operating system.
You also will create a non-root user account and verify that key services are (or are not) running.
This lab has four parts, which should be completed in the order specified.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
1. In the first part of the lab, you will create a virtual machine and attach installation media.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
2. In the second part of this lab, you will begin the Linux operating system installation and
partition a virtual hard drive.
3. In
the third part
the&Linux
OS installation,
and then
© Jones & Bartlett
Learning,
LLCof this lab, you will complete
© Jones
Bartlett
Learning, LLC
complete
a
number
of
post
installation
steps
on
a
system
that
is
already
installed.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
4. Finally, if assigned by your instructor, you will answer a set of challenge questions that
allow you to use the skills you learned in the lab to conduct independent, unguided work,
similar to what you will encounter in a real-world situation.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
Learning Objectives
Upon completing this lab, you will be able to:
• Create
a virtualLearning,
machine and
mount an installation ISO
file
© Jones
& Bartlett
LLC
© Jones
& Bartlett Learning, LLC
• FOR
Partition
a Linux
hard disk for security hardening, performance,
application
support
NOT
SALE
OR DISTRIBUTION
NOT FOR and
SALE
OR DISTRIBUTION
• Install Linux in the most secure manner
Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved.
© Jones & Bartlett
Learning, LLC
© Jones & Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual 1
NOT FOR SALE
OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
2 | Lab #1 Installing a Core Linux Operating System on a Server
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
•
Create
a
non-privileged
user
account
for
system
access as a secure
NOT
FORadministration
SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
alternative to logging in as a root user
Tools and Software
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
The following software
and/or
utilities
required to complete this lab. Students
are encouraged
NOT FOR
SALE OR DISTRIBUT
NOT FOR
SALE
OR are
DISTRIBUTION
to explore the Internet to learn more about the products and tools used in this lab.
• Oracle VM Virtual Box
• CentOS Linux
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
3
© Jones & Bartlett Learning, LLC
Deliverables
NOT FOR SALE
OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Upon completion of this lab, you are required to provide the following deliverables to your
instructor:
© Jones
& Bartlett
Learning,
LLC
& Bartlett
1. Lab Report
file including
screen
captures of
the following steps: Part©1,Jones
Steps 13
and 26; Learning, LL
NOT
FOR
SALE
OR DISTRIBUT
NOT
FOR
SALE
OR
DISTRIBUTION
Part 2, Steps 14 and 42; Part 3, Step 26;
2. Lab Assessments file;
3. Optional: Challenge Questions file, if assigned by your instructor.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
CopyrightOR
© 2014
by Jones & Bartlett Learning, LLC, an Ascend Learning Company.
rights reserved.
NOT FOR SALE
DISTRIBUTION
NOT All
FOR
SALE OR DISTRIBUTION
Instructor Lab Manual
www.jblearning.com
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
4 | Lab #1 Installing a Core Linux Operating System on a Server
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
Hands-On
Steps
NOT FOR SALE
OR DISTRIBUTION
uNote:
This lab contains detailed lab procedures, which you should follow as written. Frequently performed tasks
are explained in the
Common&Lab
Tasks document
on the
vWorkstation desktop. You
should review
these Learning, LL
© Jones
Bartlett
Learning,
LLC
© Jones
& Bartlett
tasks before starting the lab.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
1. From the vWorkstation desktop, open the Common Lab Tasks file.
If you desire, use the File Transfer button to transfer the file to your local computer and
© Jones
LLC
© Jones & Bartlett Learning, LLC
print&aBartlett
copy for Learning,
your reference.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 1 “Student Landing” vWorkstation
© Jones & Bartlett
Learning,
Jones &files.
Bartlett Learning, LLC
2. On
your localLLC
computer, create the lab©deliverable
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
3. Review the Lab Assessment Worksheet at the end of this lab. You will find answers to
these questions as you proceed through the lab steps.
Jones Machine
& Bartlett Learning, LLC
Part 1: Create ©
a Virtual
uNote:
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
In the next steps, you will use the Oracle VM VirtualBox Manager console to create a new virtual machine.
1. Double-click
theLearning,
RDP FolderLLC
on the vWorkstation desktop.
© Jones
& Bartlett
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
2. Double-click the TargetWindows01 file to connect to the remote server.
The remote desktop opens with the IP address of the remote machine (172.30.0.23) in the
title bar at the top of the window.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
5
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
3.
On
the
TargetWindows01
desktop,
double-click
OracleOR
VMDISTRIBUTION
VirtualBox icon to open the
NOT FORtheSALE
NOT FOR SALE OR DISTRIBUTION
Oracle VM VirtualBox hypervisor.
The left pane of the new window indicates that there is already a completed installation.
You will use that image in another part of this lab.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
Figure 2 Oracle VM VirtualBox
4. From the Oracle VM VirtualBox Manager toolbar, click the New icon to begin the process
© Jones
& Bartlett
Learning,
LLC
© Jones & Bartlett Learning, LLC
of creating
a new
virtual machine.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
5. In the Create Virtual Machine Wizard, in the Name and operating system window, type
yourname, replacing yourname with your own name, in the Name text box.
6. From the Type drop-down list, select Linux.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE7.OR
DISTRIBUTION
NOT
FOR
SALE
ORand
DISTRIBUTION
From
the Version drop-down list, select
Other
Linux
(32 bit)
click Next to continue.
8. On the Memory size page, slide the memory handle to 1024 MB and click Next.
9. In the Hard drive page, accept the default (Create a virtual hard drive now) and click
Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
Create to©continue.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
10. On the Hard drive file type page, accept the default VDI (VirtualBox Disk Image) and
click Next to continue.
11. On &
theBartlett
Storage Learning,
on physical LLC
hard drive page, accept the
allocated) LLC
© Jones
© default
Jones (Dynamically
& Bartlett Learning,
and
click
Next
to
continue.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
12. On the File location and size page, type 20GB in the hard drive size box and click Create
to specify a size.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
CopyrightOR
© 2014
by Jones & Bartlett Learning, LLC, an Ascend Learning Company.
rights reserved.
NOT FOR SALE
DISTRIBUTION
NOT All
FOR
SALE OR DISTRIBUTION
Instructor Lab Manual
www.jblearning.com
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
6 | Lab #1 Installing a Core Linux Operating System on a Server
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
The
new
virtual
machine
appears
in
the
left pane
the Oracle
VM VirtualBox Manager
NOT
FORof
SALE
OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
console in a powered-off state.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure
3 New virtual
© Jones & Bartlett
Learning,
LLCmachine
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
13. Make a screen capture showing the new virtual machine and paste it into the Lab Report
file.
14. In the Oracle VM VirtualBox Manager console, click the Settings icon to configure the
© Jones
Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
new&machine.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
15. In the yourname Settings window, click Storage in the left pane.
16. In the Storage Tree pane, click the Empty CD icon (in the Controller: IDE tree).
© Jones & Bartlett
Learning,
LLCpane, click the CD icon
© to
Jones
& the
Bartlett
Learning,
LLC
17. In
the Attributes
expand
drop-down
list, and
select Choose
NOT FOR SALE OR
DISTRIBUTION
SALE
a virtual
CD/DVD disk file to add an ISONOT
to theFOR
virtual
CD. OR DISTRIBUTION
An ISO file, also called an ISO image, is a single file that contains all of the files or
folders necessary for installation.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
7
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Figure 4 Choose a virtual CD
18. In the Please choose a virtual optical disk file dialog box, click the Desktop icon, click the
CentOS-6.5-i366-bin-DVD1.iso file, and click Open to identify the location of the ISO file.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 5 Add an ISO to the virtual CD
19. In the Settings
window,
click System
in theLLC
left pane.
© Jones
& Bartlett
Learning,
NOT FOR SALE OR DISTRIBUTION
20. Click the Processor tab to continue.
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
21. Click the Enable PAE/NX checkbox to enable the physical address extension (PAE).
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
CopyrightOR
© 2014
by Jones & Bartlett Learning, LLC, an Ascend Learning Company.
rights reserved.
NOT FOR SALE
DISTRIBUTION
NOT All
FOR
SALE OR DISTRIBUTION
Instructor Lab Manual
www.jblearning.com
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
8 | Lab #1 Installing a Core Linux Operating System on a Server
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 6©Enable
© Jones & Bartlett Learning, LLC
JonesPAE
& Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
22. In the Settings window, click Network in the left pane.
23. In the Attached to drop-down list, select Bridged Adapter to allow the new virtual
machine full access to the network.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
FigureLearning,
7 Network adapter
© Jones & Bartlett
LLC settings
NOT FOR SALE OR DISTRIBUTION
24. Click OK to close the Settings window.
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
25. From the Oracle VM VirtualBox Manager toolbar, click the Start icon to turn on the new
virtual machine.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
The new
machine
will open in a new window and theNOT
statusFOR
in the
left pane
the Oracle
NOT FOR
SALE
OR DISTRIBUTION
SALE
OR of
DISTRIBUTION
VM VirtualBox Manager console will change to Running.
26. Make a screen capture showing the status of the new virtual machine and paste it into the
Lab Report file.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
9
© Jones & Bartlett Learning, LLC
Part OR
2: Partition
the Virtual Drive
NOT FOR SALE
DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
uNote:
In the next steps, you will begin the installation process of the CentOS operating system on the virtual
server you created
in Part 1&ofBartlett
this lab. You
also will partition
© Jones
Learning,
LLC the virtual hard drive.© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
1. When prompted, click the blue x icon to acknowledge that the auto capture is running.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Figure 8 Starting the Linux Install
2. When prompted, click the blue x icon to acknowledge mouse integration.
3. When
prompted,
for &
i386
screen,Learning,
press the Tab
key to move
© Jones & Bartlett
Learning,
LLCon the Welcome to CentOS
© Jones
Bartlett
LLC
theDISTRIBUTION
highlight to the Skip button and press
spacebar
toOR
skipDISTRIBUTION
the media test.
NOT FOR SALE OR
NOTtheFOR
SALE
From this point forward the Anaconda graphical installer will take over.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR
DISTRIBUTION
Figure
9 Welcome screen
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
4. In the resulting window’s menu, click View and select Switch to Scaled Mode.
5. In the
VirtualBox
- Information
© Jones
& Bartlett
Learning,
LLC dialog box, click Switch.
© Jones & Bartlett Learning, LLC
NOT
FOR
SALE
OR
DISTRIBUTION
NOT
FOR SALE
OR DISTRIBUTION
6. On the CentOS splash screen, click Next to continue the
installation
process.
7. On the language selection screen, accept the default selection English (English) and click
Next.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
CopyrightOR
© 2014
by Jones & Bartlett Learning, LLC, an Ascend Learning Company.
rights reserved.
NOT FOR SALE
DISTRIBUTION
NOT All
FOR
SALE OR DISTRIBUTION
Instructor Lab Manual
www.jblearning.com
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
10 | Lab #1 Installing a Core Linux Operating System on a Server
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
8.
On
the
keyboard
layout
screen,
accept
the default
U.S. English and click
NOT
FOR keyboard
SALE ORlayout
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Next.
9. On the storage devices screen, accept the default selection Basic Storage Devices and
click Next.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
Click theNOT
Yes, discard
any data
to dismiss the Storage Device NOT
Warning
pop-up.
FOR
SALE OR DISTRIBUT
FOR SALE
ORbutton
DISTRIBUTION
10. In the hostname screen, type yourname, replacing yourname with your own name (all in
lowercase and with no spaces) in the Hostname text box, and click Next.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 10 Set the Hostname
11. In
the time zone
Angeles
the drop-down
click the
© Jones & Bartlett
Learning,
LLCpage, select America/Los
© Jones
& from
Bartlett
Learning,list,
LLC
System
Clock
uses
UTC
checkbox
to
deselect
it,
and
click
Next.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
12. In the password page, type qw1290op1 in the Root Password box, type qw1290op1 in the
Confirm box, and click Next.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
FORonSALE
FOR SALE
ORThis
DISTRIBUTION
The root user is NOT
the system’s
super user.
user account has access to any andNOT
everything
the OR DISTRIBUT
uNote:
system. Therefore, extreme care should be taken when using this account.
13. On the installation type page, click the Create Custom Layout radio button.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
You SALE
will customize
this installation.
NOT FOR
OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
14. Make a screen capture showing the installation types and paste it into your Lab Report
file.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
11
© Jones & Bartlett Learning, LLC
Click
Next to continue.
NOT FOR SALE15.
OR
DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
16. In the Please Select A Device page, click the Create button to create a partition.
17. In the Create Storage dialog box, accept the default Standard Partition, and click Create.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
18. In the Add
Partition
dialog box,
type /boot in the Mount Point box. NOT FOR SALE OR DISTRIBUT
NOT
FOR SALE
OR DISTRIBUTION
19. In the Size (MB) box, type 500 to change the size of the /boot partition and click OK to
continue.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Figure 11 Create a boot partition
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
20. In the Please Select A Device window, click the Create button to create a second partition.
21. In the Create Storage dialog box, accept the default Standard Partition, and click Create.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
22.
In
the
Add
Partition
window,
select
swap
from
theSALE
Filesystem
Type drop-down list.
NOT FOR SALE OR DISTRIBUTION
NOT
FOR
OR DISTRIBUTION
23. In the Size (MB) box, type 4000 to change the size of the swap partition and click OK to
continue.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
CopyrightOR
© 2014
by Jones & Bartlett Learning, LLC, an Ascend Learning Company.
rights reserved.
NOT FOR SALE
DISTRIBUTION
NOT All
FOR
SALE OR DISTRIBUTION
Instructor Lab Manual
www.jblearning.com
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
12 | Lab #1 Installing a Core Linux Operating System on a Server
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 12 Create a swap partition
uNote:
Linux has two forms of swap space: the swap partition and the swap file. The swap partition is an
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
independent section of the hard disk used solely for swapping; no other files can reside there. The swap
SALE OR DISTRIBUT
NOT
FOR
SALE
OR
DISTRIBUTION
file is a special file in the filesystem that resides among your system and data files.NOT
As anFOR
independent
partition, swap space can be dedicated and improves performance when swapping data from one disk or
partition to another.
©
Jones is&necessary
Bartlett for
Learning,
LLCreasons. First, when the©
Jones
& Bartlett
Learning,
Swapping
two important
system
requires
more memory
than isLLC
NOT
FOR
SALE
OR
DISTRIBUTION
NOT
FOR
SALE
OR
DISTRIBUTION
physically available, the kernel swaps out less frequently used pages and gives memory to the current
application (or process) that needs the memory immediately. Second, a significant number of the pages
used by an application during its startup phase may only be used for initialization and then never used
again. The system can swap out those pages to free up the memory for other applications or even for
the diskLearning,
cache.
© Jones & Bartlett
LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
The swap partition in Linux should be partitioned separately from the root (/) partition for performance
reasons.
24. In the Please
Select&ABartlett
Device window,
click
the Create button to create
a new partition.
© Jones
Learning,
LLC
© Jones
& Bartlett Learning, LL
NOT FOR
SALE OR DISTRIBUT
NOTStorage
FOR SALE
ORclick
DISTRIBUTION
25. In the Create
window,
the LVM Physical Volume radio button
and click
Create.
26. In the Size (MB) box, type 15000 to change the size of the partition and click OK to
continue.
© Jones
& Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
27. Your new Linux system should have the same partitions (ignore any leftover free space)
as in the following figure.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
13
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Figure 13 Verify existing partitions
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
28. In the Please Select A Device window, click the Create button to create a new partition.
29. In the Create Storage window, click the LVM Volume Group radio button and click Create.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
uNote:
NOT FOR SALE
OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
LVM creates a logical physical volume and then a logical volume as a group on top of the physical
volume. From LVM, several partitions can be created, such as those for /tmp, /home, and /var. If disk
space becomes an issue, LVM can allocate more disk space to volumes from other partitions within the
LVM without risking
disk loss.
drives can
be added and can immediately
become
part of Learning, LL
© Jones
& Additional
Bartlett hard
Learning,
LLC
© Jones
& Bartlett
the LVM as well.NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUT
30. In the Make LVM Volume Group window, type vg_yourname, replacing yourname with
your own name (all in lowercase and with no spaces) in the Volume Group Name box,
and click Add.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 14 Add logical volumes to a Volume Group
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOTLogical
FOR SALE
OR
DISTRIBUTION
31. In the Make
Volume
dialog
box, type /var in the Mount PointNOT
box.FOR SALE OR DISTRIBUT
32. In the Size (MB) box, type 2000 to change the size of the volume and click OK.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
CopyrightOR
© 2014
by Jones & Bartlett Learning, LLC, an Ascend Learning Company.
rights reserved.
NOT FOR SALE
DISTRIBUTION
NOT All
FOR
SALE OR DISTRIBUTION
Instructor Lab Manual
www.jblearning.com
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
14 | Lab #1 Installing a Core Linux Operating System on a Server
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 15 Add /var to volume group
33. In the Make LVM Volume Group box, click the Add button to add a new volume.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
InDISTRIBUTION
the Make a Logical Volume dialog NOT
box, type
/tmp
in theOR
Mount
Point box.
NOT FOR SALE34.
OR
FOR
SALE
DISTRIBUTION
35. In the Size (MB) box, type 2000 to change the size of the volume and click OK.
36. In the Make LVM Volume Group box, click the Add button to add a new volume.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
37. In the Make
Logical
Volume
box, type /home in the Mount NOT
Point FOR
box. SALE OR DISTRIBUT
NOTa FOR
SALE
OR dialog
DISTRIBUTION
38. In the Size (MB) box, type 2000 to change the size of the volume and click OK.
39. In the Make LVM Volume Group box, click the Add button to add a new volume.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
40.FOR
In theSALE
Make OR
a Logical
Volume dialog box, type / in the
Mount
Point
boxOR
to add
a root
NOT
DISTRIBUTION
NOT
FOR
SALE
DISTRIBUTION
drive.
41. In the Size (MB) box, type 8000 to change the size of the volume and click OK to view the
completed volumes.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
Figure
© Jones & Bartlett Learning,
LLC16 Completed volume group
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
42. In the Make LVM Volume Group windows, click OK to return to the Please Select A
Device page.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
15
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
43.
Make
a
screen
capture
showing
the
completed
partition
in the
Select A Device page
NOT FOR
SALE
ORPlease
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
and paste it into the Lab Report file.
44. In the Please Select A Device page, click Next to continue.
45. In the Format
Warnings
window,
click the LLC
Format button to dismiss the
pop-up.& Bartlett Learning, LL
© Jones
& Bartlett
Learning,
© Jones
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
46. In the Writing storage configuration to disk window, click the Write changes to disk
button to continue.
The virtual hard drive will be formatted and partitioned based on your selection in the
© Jones
& Bartlett
Learning,
LLCcan take several (2–5)©minutes.
Jones & Bartlett Learning, LLC
previous
lab parts;
this process
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Part 3: Complete the Installation and Configure Linux
uNote:
© Jones & Bartlett
Learning,
© Jonesprocess.
& Bartlett Learning, LLC
In the next
steps, youLLC
will complete the CentOS installation
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
1. On the boot loader page, click the Use a boot loader password checkbox to select it.
2. When prompted, type qw1290op1 to set the boot loader password, type qw1290op1 to
confirm ©
theJones
boot loader
password,
and clickLLC
OK.
& Bartlett
Learning,
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
3. On the boot loader page, click Next to continue.
4. In the default installation screen, click the Minimal radio button, click the Customize now
radio button (at the bottom of the screen), and click Next.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
In theSALE
next window,
you will see software categories NOT
(on the
left)SALE
and software
packages
NOT FOR
OR DISTRIBUTION
FOR
OR DISTRIBUTION
(on the right). Because this is a Minimal installation, all optional packages are unchecked
by default. Select each category on the left (one at a time) and make note of which
software packages on the right are affected. In a production installation, you would
uncheck any packages that are not required for your environment.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE
OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
uNote:
The Minimal installation option will not include an X-Window system for GUI-driven administration. In
other labs, you will be able to connect to the Linux server using an XRDP GUI to make the learning
experience more clear; but in a production environment, it is recommended that you not run the X© Jones
& Bartlett
Learning,
LLC adds both overhead©and
Jones
& Bartlett Learning, LL
Window environment
because
it is not needed,
and X-Window
an increased
FOR
SALE OR DISTRIBUT
FOR environment,
SALE OR DISTRIBUTION
security risk. In aNOT
production
a desktop environment may be helpful inNOT
certain
situations;
however, best practice recommends setting the default runlevel to 3 in this case. Runlevel 3 is a multiuser mode without running X-Window or any GUI services.
© Jones
& Bartlett
Learning,
LLC
Jones
Bartlett
Learning,
LLC
5. When
you are done
reviewing
the software packages,©verify
that&no
checkboxes
are
NOT FOR
SALE
OR
DISTRIBUTION
NOT
FOR
SALE
OR
DISTRIBUTION
selected and click Next to start the installation.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
CopyrightOR
© 2014
by Jones & Bartlett Learning, LLC, an Ascend Learning Company.
rights reserved.
NOT FOR SALE
DISTRIBUTION
NOT All
FOR
SALE OR DISTRIBUTION
Instructor Lab Manual
www.jblearning.com
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
16 | Lab #1 Installing a Core Linux Operating System on a Server
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 17 Deselect all software packages
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
6. Close the installation window, without waiting for the installation process to complete.
© Jones
& Bartlett
Learning,
LLCthe same starting point,
© Jones
Bartlett
Learning,
To ensure
that all
students have
you will&use
the existing
InstallLLC
NOT FOR
SALE
OR
DISTRIBUTION
NOT
FOR
SALE
OR
DISTRIBUTION
Complete virtual machine to complete the rest of this lab, so it is not necessary to
complete the installation on this machine.
7. When prompted, click the Power off the machine radio button and click OK to stop the
process.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Figure 18 Power off the machine
8. In the Oracle VM VirtualBox Manager console, click the Install Complete virtual machine
to select it and click the Start icon to open that machine in a new window.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
17
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 19 Start the Install Complete machine
9. When prompted, click Switch to switch to Scale mode.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
When
prompted, click the blue x icon to
acknowledge
thatOR
the DISTRIBUTION
auto capture is running.
NOT FOR SALE10.
OR
DISTRIBUTION
NOT
FOR SALE
11. When prompted, click the blue x icon to acknowledge mouse integration, and wait while
the Linux server boots up (approximately 2-5 minutes).
© server
Jonesis&ready,
Bartlett
Learning,
LLC a prompt that states©installcomplete
Jones & Bartlett Learning, LL
When the
the system
will display
NOT FOR SALE OR DISTRIBUT
login:. NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 20 Boot up the CentOS Linux machine
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
12. When prompted, type root and press Enter to log in as the root user.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
CopyrightOR
© 2014
by Jones & Bartlett Learning, LLC, an Ascend Learning Company.
rights reserved.
NOT FOR SALE
DISTRIBUTION
NOT All
FOR
SALE OR DISTRIBUTION
Instructor Lab Manual
www.jblearning.com
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
18 | Lab #1 Installing a Core Linux Operating System on a Server
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
13.
At
the
password
prompt,
type
qw1290op1
(the
same
password
you used for the new server
NOT
FOR
SALE
OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
you created earlier in this lab) and press Enter.
The login prompt will change to [root@installcomplete ~]#. At this time, the only user
created on the machine is the root user. You will need to add a non-root user and set a
©for
Jones
& Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
password
that account.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
14. At the prompt, type adduser student and press Enter to add the student account.
15. At the prompt, type passwd student and press Enter to access the password information
for the student account.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT
FOR
SALE
OR
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
uNote:
In Linux operating systems, the /etc/passwd file is a text-based database of information about users who
may log into the system or other operating system identities that own running processes. The /etc/passwd
file is a text file with one record per line, each describing a user account. Each record consists of seven
© Jones & Bartlett
Learning,
LLCAn example record may©be:
Jones & Bartlett Learning, LLC
fields separated
by colons.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
jsmith:x:1001:1000:Joe Smith,Room 1007,(234)555-8910,(234)555-0044,email:/home/jsmith:/bin/sh
The ordering of the records within the file is generally unimportant, but in this example, the second field
Jones
& Bartlett
LLC than using the actual ©
Jonesin&a Bartlett
stores information©used
to validate
a user’sLearning,
password. Rather
password
location Learning, LL
that is so widely known,
best practice
sets this field to “x” (or some other indicator)
as shown
in this
NOT FOR
SALE
OR DISTRIBUT
NOT FOR
SALEusually
OR DISTRIBUTION
example. The actual password information is stored in a separate shadow password file. A common
practice for deactivating an account to prevent it being used is to set the field to an asterisk (*).
16. When
promptedLearning,
for the newLLC
password, type pass=7890
press
to change
the LLC
© Jones
& Bartlett
© and
Jones
& Enter
Bartlett
Learning,
password
for
the
student
account
to
pass=7890.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
17. When prompted to confirm the password, type pass=7890 and press Enter.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
Figure 21 Change the student account password
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
18. At the prompt, type exit and press enter to log off the root account.
19. At the login prompt, type student and press Enter to log in as the student account.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
20.FOR
At the
password
prompt, type pass=7890 and press Enter.
NOT
SALE
OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
You will be logged in as the student user. The login prompt will change to
[student@installcomplete ~]$.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
19
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
21.
At
the
prompt,
type
sudo
vi
/etc/sysconfig/network-scripts/ifcfg-eth0
and press Enter to
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
configure networking in the vi Editor with the elevated privileges of the sudo command.
You will be prompted with a “lecture” reminding you that elevated privilege come with
elevated responsibility. Each user is given this lecture the first time they try to use the
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
sudo command.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
22. At the password prompt, type pass=7890 (the password for the student account) and press
Enter.
The student account has not been added to the sudoers configuration file, so the student
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
user cannot elevate their privilege. You will configure the sudoers file in another lab.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
Figure 22 Attempt to use sudo user
23. At the
prompt, type
su and press
user.& Bartlett Learning, LLC
© Jones
& Bartlett
Learning,
LLC Enter to log in as the©root
Jones
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
24. When prompted, type qw1290op1 and press Enter.
25. At the prompt, type whoami and press Enter to confirm the root account is logged in.
26. Make
as screen
capture showing the result
of the &
whoami
command
and paste
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett
Learning,
LLC it into the
Lab Report file.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
27. At the prompt, type sestatus and press Enter to verify that SELinux (Security Enhanced
Linux) is enabled and the current mode is enforcing.
uNote:
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOTsystem
FOR SALE
OR DISTRIBUT
NOT
SALE OR
DISTRIBUTION
Security Enhanced
LinuxFOR
is a mandatory
access
control system designed to help a Linux
adhere to
the principle of least privilege. You will configure and test SELinux in other labs.
28. At the prompt, type iptables –L and press Enter to see if the iptables firewall is running.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
WhileSALE
the output
of the L (list) command can be daunting,
in thisSALE
instance
it is
simply
NOT FOR
OR DISTRIBUTION
NOT FOR
OR
DISTRIBUTION
indicating that all inbound and outbound traffic is allowed (ACCEPT). You will
configure iptables in another lab.
29. At the prompt, type ntpd –q and press Enter to set the Network Time Protocol (NTP).
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
CopyrightOR
© 2014
by Jones & Bartlett Learning, LLC, an Ascend Learning Company.
rights reserved.
NOT FOR SALE
DISTRIBUTION
NOT All
FOR
SALE OR DISTRIBUTION
Instructor Lab Manual
www.jblearning.com
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
20 | Lab #1 Installing a Core Linux Operating System on a Server
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
The
system
should
display
an
error
because
it cannot
findOR
the DISTRIBUTION
ntpd command. NTP is an
NOT FOR
SALE
NOT FOR SALE OR DISTRIBUTION
important service that ensures the clock on the Linux systems stays current. If this was a
production server, the ntpd service would need to be installed.
uNote:
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
System time must be synchronized with other network servers and/or an atomic-time server on the Internet
FOR SALE
NOT
FOR
SALE
OR
DISTRIBUTION
for consistent operations and valid chronology of events. Synchronized timestamps NOT
aid in searching
logs OR
for DISTRIBUT
errors and potential security breaches. Certain network services also rely on synchronized system clocks to
verify security and other network tokens across the network. If the clocks are out of sync, many services
may malfunction.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT
FOR
SALE
OR
DISTRIBUTION
FOR SALE
OR for
DISTRIBUTION
30. Close the virtual lab, or proceed with Part 4 to answerNOT
the challenge
question
this lab.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
21
© Jones & Bartlett Learning, LLC
Part OR
4: Challenge
Questions
NOT FOR SALE
DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
uNote:
The following challenge questions are provided to allow independent, unguided work, similar to what you
will encounter in a©real
situation.
You should
aim to improve
answer
in as Learning, LL
Jones
& Bartlett
Learning,
LLCyour skills by getting the©correct
Jones
& Bartlett
few steps as possible. Use screen captures in your lab document where possible to illustrate your answers.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
1. In Part 3, Step 21, you tried to configure networking on the virtual machine by typing
sudo vi /etc/sysconfig/network-scripts/ifcfg-eth0 and pressing Enter. However, student
was not configured in the /etc/sudoers file at that time. For this challenge, you will
© Jones
& Bartlett
Learning,
LLC
Jones
Bartlett
configure
and test
networking.
While logged in as the©root
user,&repeat
Part Learning,
3, Step 21 LLC
NOT FOR
SALE
OR
DISTRIBUTION
NOT
FOR
SALE
OR
DISTRIBUTION
and modify the ifcfg-eth0 file (as shown in the following figure) to give the Linux
VM an
IP address (172.30.0.21).
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© JonesFigure
& Bartlett
Learning,
23 Modify
the existingLLC
file to match this version © Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
a. If not root already, type su and press Enter.
b. At the password prompt, type qw1290op1 and press Enter.
c. At the prompt, type vi /etc/sysconfig/network-scripts/ifcfg-eth0 and press Enter to open
theBartlett
file in the Learning,
vi Editor. LLC
© Jones &
© Jones & Bartlett Learning, LLC
d. Press
I toOR
enterDISTRIBUTION
the Insert mode and modify the file to match
Figure SALE
20.
NOT FOR
SALE
NOT FOR
OR DISTRIBUTION
e. Press ESC to exit the Insert mode and type :wq! and press Enter to save the file.
f. At the prompt, type /etc/init.d/network restart and press Enter to restart networking.
2. Confirm your configuration by pinging the vWorkstation (172.30.0.2). Make a screen
© Jones & Bartlettcapture
Learning,
LLCthe Ping results and paste
© Jones
Bartlett
Learning,
LLCfile.
showing
it into&your
Challenge
Questions
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
At the prompt, type ping 172.30.0.2 and press Enter to test the network configuration. Press
CTRL+C to stop the Ping.
uNote:
© Jones & Bartlett Learning, LLC
This completes the
lab. Close
the virtual
if you have not already done so.
NOT
FOR SALE
ORlab,
DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
CopyrightOR
© 2014
by Jones & Bartlett Learning, LLC, an Ascend Learning Company.
rights reserved.
NOT FOR SALE
DISTRIBUTION
NOT All
FOR
SALE OR DISTRIBUTION
Instructor Lab Manual
www.jblearning.com
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
22 | Lab #1 Installing a Core Linux Operating System on a Server
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Evaluation
Criteria
and
Rubrics
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
The following are the evaluation criteria for this lab that students must perform:
1. Create a virtual machine and mount an installation ISO file – [25%]
& Bartlett
LLC performance, and©application
Jones & support
Bartlett– Learning, LL
2. Partition©a Jones
Linux hard
disk for Learning,
security hardening,
NOT FOR SALE OR DISTRIBUT
[25%] NOT FOR SALE OR DISTRIBUTION
3. Install Linux in the most secure manner – [25%]
4. Create a non-privileged user account for system administration access as a secure
alternative to logging in as a root user – [25%]
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
23
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Lab
#
1
–
Assessment
Worksheet
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Installing a Core Linux Operating System on a Server
Course Name and Number: _____________________________________________________
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT
FOR
SALE
OR
DISTRIBUTION
Student Name: ________________________________________________________________
Instructor Name: ______________________________________________________________
© Jones
& Bartlett
Learning, LLC
© Jones & Bartlett Learning, LLC
Lab
Due Date:
________________________________________________________________
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Overview
The foundation of host-based security starts with the installation of the operating system (OS).
ContraryLearning,
to popular LLC
opinion, there is no such thing
as a secure
operating
system,LLC
but in this lab,
© Jones & Bartlett
© Jones
& Bartlett
Learning,
you learned
how to install the Linux CentOS operating
system
a secure
manner. You created a
NOT FOR SALE
OR DISTRIBUTION
NOT FOR
SALEinOR
DISTRIBUTION
new virtual machine, partitioned the hard drive, and installed the Linux operating system. You
also created a non-root user account and verified that key services were (or were not) running.
© Jones
& Bartlett
Learning, LLC
© Jones & Bartlett Learning, LL
Lab Assessment
Questions
& Answers
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
1. During the Minimal install, NTP (Network Time Protocol) server was not installed.
From a security perspective, why is it important for a system to keep accurate time?
Note following Part 3, Step 29. System time must be synchronized with other network servers
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
and/or an atomic-time server on the Internet for consistent operations and valid chronology of
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
events. Synchronized timestamps aid in searching logs for errors and potential security
breaches. Certain network services also rely on synchronized system clocks to verify security
and other network tokens across the network. If the clocks are out of sync, many services may
malfunction.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
2.
During
the
install,
you
set
a
password
for theFOR
root SALE
user. What
the root user, and when
NOT FOR SALE OR DISTRIBUTION
NOT
OR is
DISTRIBUTION
is it appropriate to use this account?
Note following Part 2, Step 12. The root user is the system’s super user. This user account has
access to©anything
everythingLearning,
on the system.
Therefore, extreme care should
be taken
Jonesand
& Bartlett
LLC
© Jones
& Bartlett Learning, LL
when using
this
account.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
CopyrightOR
© 2014
by Jones & Bartlett Learning, LLC, an Ascend Learning Company.
rights reserved.
NOT FOR SALE
DISTRIBUTION
NOT All
FOR
SALE OR DISTRIBUTION
Instructor Lab Manual
www.jblearning.com
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
24 | Lab #1 Installing a Core Linux Operating System on a Server
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
3.
The
Minimal
installation
process
that
was
in SALE
the lab OR
did not
include an X-Window
NOTused
FOR
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
interface. Why is it best practice not to run X-Window in a production environment?
Note following Part 3 Step 4. In a production environment, it is recommended that you not run
the X-Window environment because it is not needed and X-Window adds both overhead and an
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
increased security risk. In a production environment, a desktop environment may be helpful in
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
certain situations; however, best practice recommends setting the default runlevel to 3 in this
case. Runlevel 3 is a multi-user mode without running X-Window or any GUI services.
4. What partitioning options are available when installing CentOS?
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Part 2,SALE
Step 14.
Use
All Space, Replace Existing Linux System(s),
ShrinkSALE
Current
System,
Use
NOT FOR
OR
DISTRIBUTION
NOT FOR
OR
DISTRIBUTION
Free Space, and Create Custom Layout.
5. Why is it important to put the swap file on a separate partition from the root (/)
partition?
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Note following Figure 12. The swap partition in Linux should be partitioned separate from the
root (/) partition for performance reasons.
6. What is the significance of the swap partition in a Linux system?
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
SALE OR DISTRIBUT
NOTFigure
FOR 12.
SALE
OR DISTRIBUTION
Note following
Swapping
is necessary for two important reasons.NOT
First, FOR
when the
system requires more memory than is physically available, the kernel swaps out less frequently
used pages and gives memory to the current application (or process) that needs the memory
immediately. Second, a significant number of the pages used by an application during its startup
phase
may only be
used for initialization
and then never used
again. The
system can
swap out LLC
© Jones
& Bartlett
Learning,
LLC
© Jones
& Bartlett
Learning,
those
pages
to
free
up
the
memory
for
other
applications
or
even
for
the
disk
cache.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
7. How is the passwd file used, and what fields make up its content? Explain.
Note following Part 3, Step 15. In Linux operating systems, the /etc/passwd file is a text-based
© Jones & Bartlettdatabase
Learning,
LLC
© Jones
LLC
of information
about users who may
log into&theBartlett
system orLearning,
other operating-system
NOT FOR SALE OR
DISTRIBUTION
FOR SALE
ORfile
DISTRIBUTION
identities
that own running processes. TheNOT
/etc/passwd
file is a text
with one record per line,
each describing a user account. Each record consists of seven fields separated by colons.
8. Why create a Logical Volume Manager (LVM) partition?
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
Note following
Part
2,
Step
28.
LVM
creates
a
logical
physical
volume
and
then
a logical
volume OR DISTRIBUT
NOT
FOR SALE
NOT FOR SALE OR DISTRIBUTION
as a group on top of the physical volume. From LVM, several partitions can be created, such as
those for /tmp, /home, and /var. If disk space becomes an issue, LVM can allocate more disk
space to volumes from other partitions within the LVM without risking disk loss. Additional hard
drives can be added and can immediately become part of the LVM as well.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Lab #2 Configuring Basic Security Controls on a
CentOS Linux Server
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Introduction
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
To some extent, information security on Linux systems is no different from information security
on Microsoft or Apple systems. As an administrator, you’ll take many of the same steps as you
© Jones
& other
Bartlett
Learning,
LLC firewalls, set up bastions,
© Jones
& Bartlett
Learning, LLC
would
in any
system.
You’ll create
manage
users, encrypt
NOT
FOR
SALE
OR
DISTRIBUTION
NOT
FOR
SALE
OR
DISTRIBUTION
filesystems, configure servers, customize applications, and work with intrusion prevention
and
detection systems. The Linux paradigm is different in some ways, however. With Linux, you can
customize the kernel and set up mandatory access with Application Armor (AppArmor) or
Security Enhanced Linux (SELinux), a set of security enhancements built into the Linux kernel.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
In this
lab,DISTRIBUTION
you will secure a Linux server system.
will
secure
theDISTRIBUTION
bootloader, enable iptables
NOT FOR SALE
OR
NOTYou
FOR
SALE
OR
firewall, and run SELinux to help lock down the Linux OS. By securing the bootloader you can
prevent access to single user mode and the GRUB (Grand Unified Bootloader) Console during
the boot of the system. Enabling iptables and applying firewall rules can ensure that only the
applications you©want
have&the
ability Learning,
to reach or reach
You &
also
will Learning, LL
Jones
Bartlett
LLC out from your computer.
© Jones
Bartlett
apply access control lists (ACLs) to directories and files within the lab to secure the file and data
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
access and then verify those permissions on the system.
This lab has seven parts, which should be completed in the order specified.
1. In the
first part Learning,
of the lab, you
will harden the GRUB©bootloader,
canLearning,
load a
© Jones
& Bartlett
LLC
Jones & which
Bartlett
LLC
variety
of
free
and
proprietary
operating
systems.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
2. In the second part of the lab, you will confirm SELinux is enabled.
3. In the third part of the lab, you will enable iptables to help lock down services on a Linux
to only
those who require network
access&and
deny external
connections
© Jones & Bartlettsystem
Learning,
LLC
© Jones
Bartlett
Learning,
LLC to any
other
unnecessary
port
or
service.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
4. In the fourth part of the lab, you will create a new group, web, and enable sudo user
access for the existing wheel group.
© Jones
& Bartlett
LLCwith the immutable permission
© Jones &
Bartlett Learning, LL
5. In the fifth
part of the
lab, you Learning,
will experiment
extended
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
file attribute.
6. In the sixth part of the lab, you will set access control list permissions on a file.
7. Finally, if assigned by your instructor, you will explore the virtual environment on your
© Jones
LLC questions that allow©you
Jones
Bartlett
Learning,
LLC
own&toBartlett
answer aLearning,
set of challenge
to use&the
skills you
learned in
NOT FOR
SALE
OR
DISTRIBUTION
NOT
FOR
SALE
OR
DISTRIBUTION
the lab to conduct independent, unguided work, similar to what you will encounter in a
real-world situation.
Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved.
© Jones & Bartlett
Learning, LLC
© Jones & Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual 25
NOT FOR SALE
OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
26 | Lab #2 Configuring Basic Security Controls on a CentOS Linux Server
© Jones & Bartlett Learning, LLC
Learning
Objectives
NOT FOR SALE
OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Upon completing this lab, you will be able to perform the following:
Configure the bootloader with the timeout set to 0 and password credential to mitigate
© Jones
Bartlett
Learning,
LLCsequence of the server© Jones & Bartlett Learning, LL
tampering
with the&GRUB
loader
and the boot
NOT FOR SALE OR DISTRIBUT
NOT
FOR
SALE
OR
DISTRIBUTION
• Enable SELinux on a CentOS Linux Server and set it to enforcing mode
• Create a student user account and add it to a user group for managing permissions and
applying access controls across the system
• Configure user groups with limited sudo access (with password credentials) to log and
© Jones
& Bartlett
Learning,
LLCthe system
© Jones & Bartlett Learning, LLC
properly
monitor
access across
NOT
FOR
SALE
OR
DISTRIBUTION
NOTanFOR
SALE
OR DISTRIBUTION
• Create iptables set to “on” for runlevels 2 and 5 to enable
internal,
host-based
IP
stateful firewall
• Set restrictions and permissions for user access to files and system log files
•
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Tools and Software
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
The following software and/or utilities are required to complete this lab. Students are encouraged
to explore the Internet to learn more about the products and tools used in this lab.
•
None
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
27
© Jones & Bartlett Learning, LLC
Deliverables
NOT FOR SALE
OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Upon completion of this lab, you are required to provide the following deliverables to your
instructor:
© Jones
& Bartlett
Learning,
LLC
& Bartlett
1. Lab Report
file including
screen
captures of
the following steps: Part©1,Jones
Steps 15
and 22; Learning, LL
NOT
FOR
SALE
NOT
FOR
SALE
OR
DISTRIBUTION
Part 2, Step 3; Part 3, Step 5; Part 4, Step 5; Part 5, Steps 4 and 11; and Part 6, Step 4; OR DISTRIBUT
2. Lab Assessments file;
3. Optional: Challenge Questions file, if assigned by your instructor.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
28 | Lab #2 Configuring Basic Security Controls on a CentOS Linux Server
© Jones & Bartlett Learning, LLC
Hands-On
Steps
NOT FOR SALE
OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
uNote:
This lab contains detailed lab procedures, which you should follow as written. Frequently performed tasks
are explained in the
Common&Lab
Tasks document
on the
vWorkstation desktop. You
should review
these Learning, LL
© Jones
Bartlett
Learning,
LLC
© Jones
& Bartlett
tasks before starting the lab.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
1. From the vWorkstation desktop, open the Common Lab Tasks file.
If you desire, use the File Transfer button to transfer the file to your local computer and
© Jones
LLC
© Jones & Bartlett Learning, LLC
print&aBartlett
copy for Learning,
your reference.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
FigureLLC
1 “Student Landing” vWorkstation
© Jones & Bartlett Learning,
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
2. On your local computer, create the lab deliverable files.
3. Review the Lab Assessment Worksheet at the end of this lab. You will find answers to
these questions as you proceed through the lab steps.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE
DISTRIBUTION
Part OR
1: Harden
the GRUB Boot Loader NOT FOR SALE OR DISTRIBUTION
uNote:
In the next steps, you will apply harden security measures on this server by modifying GRUB, the Grand
© so
Jones
Learning,
LLC system without displaying
© Jones
& Bartlett
Unified Bootloader,
that it &
willBartlett
boot into the
default operating
the boot
loader Learning, LL
NOT
FOR SALE
NOT
SALE
OR DISTRIBUTION
menu. A boot loader
is aFOR
program
that allows
the user or administrator to choose which
operating
system OR
or DISTRIBUT
kernel to load when the computer starts. GRUB can load a variety of free operating systems, as well as
proprietary operating systems with chain-loading. It is important to lock down GRUB with a short delay and
a password to avoid tampering with the operating system’s boot sequence. Securing the bootloader also
provides
a layer
of security
from those LLC
who may have physical access
to the machine.
© Jones
& Bartlett
Learning,
© Jones
& Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
1. Double-click the RDP folder on the vWorkstation desktop to open the folder.
2. Double-click the TargetCentOS01.rdp file to start a remote desktop connection to that
machine.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
29
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
3.
If
prompted,
type
the
following
credentials
click
OK toOR
open
the remote connection.
NOTand
FOR
SALE
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
•
•
User name: root and press Enter
Password: toor and press Enter
© Jones
& Bartlett
LLC
Jones
Bartlett Learning, LL
The remote
GNOME
desktop, Learning,
the graphical
user interface (GUI) for©the
virtual&Linux
NOT
FOR
SALE
NOT
FOR
SALE
OR
DISTRIBUTION
server, opens with the IP address of the remote machine (172.30.0.21) in the title bar at OR DISTRIBUT
the top of the window.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
Figure 2 The GNOME desktop
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT
FOR
SALE
OR
DISTRIBUTION
NOT
FORthe
SALE
OR emulator
DISTRIBUTION
4. Double-click the Terminal icon on the GNOME desktop
to open
terminal
and
access the Linux server command line.
5. At the command prompt, type su – and press Enter to become the root user.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
6.
When
prompted
for
the
password,
type
P@ssw0rd!
and press
NOT FOR SALE OR DISTRIBUTION
NOT
FOR SALE
OR Enter.
DISTRIBUTION
The command prompt will change to [root@centos ~]#.
7. At the command prompt, type vi /boot/grub/grub.conf and press Enter to load the grub
configuration
file into
the VI Editor.
© Jones
& Bartlett
Learning, LLC
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
The grub.conf file appears in the VI Editor window.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
30 | Lab #2 Configuring Basic Security Controls on a CentOS Linux Server
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 3 grub.conf within the VI Editor
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT
FOR
NOT
FOR
SALE
OR
DISTRIBUTION
8. Hold the Shift key and press the R key to enter the Replace mode used
to edit
theSALE
file. OR DISTRIBUT
9. Use the arrow keys to locate the timeout=5 line in the editor and change the 5 to a 0.
This will change the length of the timeout from 5 seconds to zero, which forces grub to
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
skip the edit menu when it loads.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
10. Press the Esc key to exit the Replace mode and hold the Shift key and press the : key to
return to the command line mode.
colon withLLC
a solid cursor at the bottom
of the window
indicates
that you
are in the
© Jones & BartlettALearning,
© Jones
& Bartlett
Learning,
LLC
command line mode.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
11. Type wq (write quit) and press Enter to save your changes and exit the VI Editor.
12. At the command prompt, type /sbin/grub and press Enter to open the Grub Console for
editing. © Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
In the Grub Console, the command prompt appears as grub>.
13. At the command prompt, type md5crypt and press Enter to attach a hash string-encrypted
password to the grub menu so that it can only be edited by an authorized user.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
14.FOR
WhenSALE
prompted
for a password, type linuxlab and press
Enter
to create
password.
NOT
OR DISTRIBUTION
NOT
FOR
SALEaOR
DISTRIBUTION
The hash string that appears is the encryption for the password you just created.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
31
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
15.
Make
a
screen
capture
showing
the
newly
generated
hash string
and paste it into the Lab
NOT
FOR SALE
OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Report file.
16. Highlight the hash string and right-click, and select Copy from the context menu to copy
the hash string for use in a later step.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
17. At the command
prompt,
and press Enter to exit the grub console
and return
NOT FOR
SALEtoOR DISTRIBUT
NOT FOR
SALEtype
ORquit
DISTRIBUTION
the root prompt.
18. At the command prompt, type vi /boot/grub/grub.conf and press Enter to load the grub
configuration file into the VI Editor.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR
SALE
OR
DISTRIBUTION
The grub.conf file appears in the VI Editor window. NOT FOR SALE OR DISTRIBUTION
19. Press the i key to enter the Insert mode.
20. Use the arrow keys to locate the timeout=0 line in the editor and press Enter at the
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
beginning of the next line to start a new line below the timeout=0 line.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
21. Use the up arrow to move to the empty line and type password --md5, press the spacebar,
and then right-click and select Paste from the context menu to paste the hash string you
copied in step 16 above.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
Figure 4 Add an encrypted password to the GRUB
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT
FOR
SALE
OR
DISTRIBUTION
FOR
SALEand
OR
DISTRIBUTION
22. Make a screen capture showing the hash string in the NOT
VI Editor
window
paste
it into the
Lab Report file.
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
32 | Lab #2 Configuring Basic Security Controls on a CentOS Linux Server
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
23.
Press
the
Esc
key
to
exit
the
Insert
mode
andFOR
hold SALE
the ShiftOR
keyDISTRIBUTION
and press the : key to
NOT
NOT FOR SALE OR DISTRIBUTION
return to the command line mode.
A colon with a solid cursor at the bottom of the window indicates that you are in the
command line mode.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
24. Type wqNOT
(writeFOR
quit)SALE
and press
to save your changes and exit the
VI FOR
Editor.SALE OR DISTRIBUT
NOT
OREnter
DISTRIBUTION
Part 2: Confirm Security-Enhanced Linux is Enabled
© Jones & Bartlett Learning, LLC
uNote:
© Jones & Bartlett Learning, LLC
NOT
FOR
SALE
OR
DISTRIBUTION
NOTby
FOR
SALE
In the next steps, you will apply harden security measures on this server
verifying
thatOR
this DISTRIBUTION
CentOS
SELinux (Security-Enhanced Linux) server is set to enforcing mode. SELinux is a set of security
enhancements built in to the Linux kernel and should be set to enforcing mode by default.
1. At
the terminal
command prompt, type©cat
/etc/selinux/config
and press Enter
© Jones & Bartlett
Learning,
LLC
Jones
& Bartlett Learning,
LLC to check the
SELinux
configuration.
NOT FOR SALE OR
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE
OR
DISTRIBUTION
Figure
5 SELinux
configuration settings
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
2. At the command prompt, type /usr/sbin/sestatus and press Enter to see which mode that
SELinux is running.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
3. FOR
MakeSALE
a screen
capture
showing the current mode line NOT
of theFOR
SELinux
configuration
and
NOT
OR
DISTRIBUTION
SALE
OR DISTRIBUTION
paste it into the Lab Report file.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
33
© Jones & Bartlett Learning, LLC
Part OR
3: Enable
iptables Firewall
NOT FOR SALE
DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
uNote:
In the next steps, you will apply hardened security measures on this server by enabling the internal hostbased IP stateful ©
firewall.
You&will
set the firewall
to startLLC
when it enters runlevels 2 through
5; iptables
is Learning, LL
Jones
Bartlett
Learning,
© Jones
& Bartlett
the current host-based, Linux IP stateful firewall and routing service that can be enabled in your CentOS
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
Linux Server. It controls incoming and outgoing network connections and either allows, disallows, or
forwards requests based on a set of defined rule sets you configure within the firewall application itself.
1. At the command line prompt, type /sbin/chkconfig --level 2345 iptables on and press Enter.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR
SALE OR
DISTRIBUTION
NOTwill
FOR
ORfeedback
DISTRIBUTION
The command
prompts
changes behind the scenes. There
be SALE
no visible
apart from the reappearance of the command line prompt.
2. At the command line prompt, type /sbin/service iptables start and press Enter to start the
© Jones & Bartlettfirewall.
Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR
DISTRIBUTION
FOR SALE
The
command prompts changes behindNOT
the scenes.
There OR
will DISTRIBUTION
be no visible feedback
apart from the reappearance of the command line prompt.
3. At the command line prompt, type /sbin/chkconfig iptables --list and press Enter to verify
that your©changes
been made
on the server.
Jones have
& Bartlett
Learning,
LLC
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
This command lists the current settings for the iptables firewall and should show that
runlevels 2-5 are on, and runlevels 0, 1, and 6 are off.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 6 iptables runlevels settings
4. At
the command
status
and pressLLC
Enter to view
© Jones & Bartlett
Learning,
LLCline prompt, type /sbin/service
© Jonesiptables
& Bartlett
Learning,
the
current
iptables
configuration.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
34 | Lab #2 Configuring Basic Security Controls on a CentOS Linux Server
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 7 Firewall configuration
5. Make a screen
capture
showingLearning,
the iptablesLLC
status and paste it into the
Lab Report
file.
© Jones
& Bartlett
© Jones
& Bartlett
Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
Part 4: Enable sudo User
uNote:
In©the
next steps,
you will Learning,
apply hardened
security measures on this©server
by &
allowing
the sudo
user. LLC
Jones
& Bartlett
LLC
Jones
Bartlett
Learning,
Administrators
may choose
to grant authorized users limited root-level
access
a specific
Sudo
NOT FOR SALE
OR DISTRIBUTION
NOT
FORforSALE
ORpurpose.
DISTRIBUTION
access also can be used to allow the administrator to audit the actions that authorized users take on the
server. Any actions not specifically granted to the sudo user will require the actual root password. Sudo
access allows a user to perform actions beyond his or her normal privileges. It is a way to provide these
privilegesLearning,
to a user without
A compromised
user account
© Jones & Bartlett
LLCrequiring him to log in as
© root.
Jones
& Bartlettroot
Learning,
LLCwill allow an
attacker to compromise an entire Linux server and system. If you do not log in as root user, your IP packets
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
cannot be compromised, and it’s not possible for a hacker to conduct a man-in-the-middle attack.
1. At the command line prompt, type /usr/sbin/visudo and press Enter to edit the sudoers
file, the configuration file for the sudo users.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
35
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 8 The sudoers file
© Jones & Bartlett Learning, LLC
SALE
OR DISTRIBUTION
2. Press theNOT
i keyFOR
to enter
the Insert
mode.
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
3. Use the arrow keys to locate the %wheel ALL = NETWORKING, SOFTWARE, SERVICES,
STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS line in the editor and press
Enter
the beginning
of theLLC
next line to start a new line.
© Jones
& at
Bartlett
Learning,
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
The TargetCentOS01 machine is pre-configured to allow anyone in the wheel group to
have sudo access for each of the commands listed in this step.
4. Use the up arrow to move to the empty line and type %web ALL = NETWORKING,
SERVICES, STORAGE, DELEGATING,
LOCATE,LLC
DRIVERS.
© Jones & BartlettSOFTWARE,
Learning, LLC
© Jones &PROCESSES,
Bartlett Learning,
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
This step creates a new group called web that will have sudo access for each of the
commands listed here.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
36 | Lab #2 Configuring Basic Security Controls on a CentOS Linux Server
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 9 Add the web group
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT
SALE
NOT
FOR
SALE
OR
DISTRIBUTION
5. Make a screen capture showing the new web group and paste it into the
LabFOR
Report
file. OR DISTRIBUT
6. Press the Esc key to exit the Insert mode and hold the Shift key and press the : key to
return to the command line mode.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
A colon
withOR
a solid
cursor at the bottom of the window
indicates
that you
in the
NOT FOR
SALE
DISTRIBUTION
NOT
FOR SALE
ORare
DISTRIBUTION
command line mode.
7. Type wq (write quit) and press Enter to save your changes and exit the VI Editor.
uNote:Learning, LLC
© Jones & Bartlett
© Jones & Bartlett Learning, LLC
In
the
next
steps,
you
will
add
the
user
student01
and
place
the SALE
user in the
group. Traditionally, this
NOT FOR SALE OR DISTRIBUTION
NOT
FOR
ORwheel
DISTRIBUTION
group contains the system administrators.
8. At the command line prompt, type useradd -G wheel student01 and press Enter.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
This creates the student user and places him or her in the wheel group.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
9. At the command line prompt, type passwd student01 and press Enter.
10. When prompted for the new password, type pass=7890 and press Enter.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
11. Repeat step 10 when prompted.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
37
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Part
5:
Extended
File
Attributes:
Set
Immutable
Permission
NOT FOR
SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
uNote:
In this next steps, you will apply hardened security measures on this server by setting the immutable
permission on a temporary
immutable
designation
means the file cannot be ©
manipulated.
file Learning, LL
© Jonesfile.
& An
Bartlett
Learning,
LLC
Jones & The
Bartlett
becomes a read-only file that cannot be deleted, moved, or edited, even by someone with root-level
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
access. The immutable permission is an extended file attribute, beyond the usual read/write sort of access.
Other extended file attributes include: append only (a), secure deletion (s).
1. At the command line prompt, type touch /tmp/mytest and press Enter to create a temp file.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT
OR DISTRIBUTION
NOT
OR
DISTRIBUTION
2. FOR
At theSALE
command
line prompt, type chattr +i /tmp/mytest
andFOR
pressSALE
Enter to
change
the file
attributes and add the immutable flag (i) to the file permissions.
3. At the command line prompt, type lsattr /tmp/mytest and press Enter to list the file
andLLC
verify that the immutable
has &
been
added Learning,
to the file permissions.
© Jones & Bartlettattributes
Learning,
© flag
Jones
Bartlett
LLC
NOT FOR SALE OR
DISTRIBUTION
SALE
OR indicating
DISTRIBUTION
The
results should include a lowercaseNOT
i (forFOR
example,
---i---)
that the file
attributes have been changed and the immutable permission has been set.
4. Make a screen capture showing the new file attributes and paste it into the Lab Report file.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
5. At the command
lineSALE
prompt,
rm /tmp/mytest and press Enter. NOT FOR SALE OR DISTRIBUT
NOT FOR
ORtype
DISTRIBUTION
This command attempts to remove the file.
6. When prompted, type yes and press Enter.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
You should see that the operation is not permitted.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
7. At the command line prompt, type mv /tmp/mytest /tmp/file1 and press Enter.
This command attempts to move the file; this operation is not permitted either.
© Jones & Bartlett
Learning,
LLCline prompt, type cp /tmp/mytest
© Jones &/tmp/file2
Bartlettand
Learning,
LLC
8. At
the command
press Enter.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
This command attempts to copy the file. This operation is allowed.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
38 | Lab #2 Configuring Basic Security Controls on a CentOS Linux Server
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 10 Confirm immutable permissions
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
FOR
SALE
NOT
FOR
SALE
OR
DISTRIBUTION
9. At the command prompt, type vi /tmp/mytest and press Enter to openNOT
the file
in the
VI OR DISTRIBUT
Editor.
10. Press the i key to enter the Insert mode.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
A warning at the bottom of the screen confirms that the edit operation is not allowed.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
11. Make a screen capture showing the warning message and paste it into the Lab Report file.
12. Press the Esc key to exit the Insert mode and hold the Shift key and press the : key to
to the LLC
command line mode.
© Jones & Bartlettreturn
Learning,
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR
NOT
SALEindicates
OR DISTRIBUTION
A DISTRIBUTION
colon with a solid cursor at the bottom
of FOR
the window
that you are in the
command line mode.
13. Type q! (quit without saving) and press Enter to exit the VI Editor.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
39
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Part
6:
Access
Control
List
Permissions
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
uNote:
In the next steps, you will apply harden security measures on this server by granting special permissions to
allow a user access
to the server’s
log file.Learning,
You will assign
access control list permissions
(ACL)&toBartlett
the
© Jones
& Bartlett
LLC
© Jones
Learning, LL
wheel group. This will be done using the set file access control lists (setfacl) command and the get file
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
access control lists (getfacl) commands. The setfacl command provides an extra layer of security defense
by setting permissions for specific users or groups of users regarding access to files on the system. Setfacl
helps system administrators define stringent access controls to specific files for ensuring confidentiality.
The get file access control lists (getfacl) command displays existing ACLs.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT
FOR
SALE
OR
DISTRIBUTION
NOT
OR
DISTRIBUTION
1. At the command prompt, type getfacl /var/log/messages
andFOR
pressSALE
Enter to
view
the
current ACL permissions for the log file.
2. At the command prompt, type setfacl –m g:wheel:r /var/log/messages and press Enter to
© Jones & Bartlettadd
Learning,
LLC
© group
Jonesfor&the
Bartlett
read ACL
permissions to the wheel
log file.Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
There will be no visible feedback apart from the reappearance of the command line
prompt.
3. At the command prompt, type getfacl /var/log/messages and press Enter to get the current
© Jones for
& Bartlett
Learning,
© Jones
& Bartlett Learning, LL
ACL permissions
the log file
and verifyLLC
that they were set properly
in the previous
NOT
FOR
SALE OR DISTRIBUT
NOT
FOR
SALE
OR
DISTRIBUTION
step.
The wheel group now has read access to the log file.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
40 | Lab #2 Configuring Basic Security Controls on a CentOS Linux Server
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 11 Set ACL permissions on the log file
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOTit FOR
SALE
NOT
FOR
SALE
OR
DISTRIBUTION
4. Make a screen capture showing the permissions for the log file and paste
into the
Lab OR DISTRIBUT
Report file.
5. Close the terminal window.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
6. Close the remote Linux connection.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
7. Close the virtual lab, or proceed with Part 7 to answer the challenge question for this lab.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
41
© Jones & Bartlett Learning, LLC
Part OR
7: Challenge
Question
NOT FOR SALE
DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
uNote:
The following challenge question is provided to allow independent, unguided work, similar to what you will
encounter in a real
You
should aim
to improveLLC
your skills by getting the correct
answer&inBartlett
as few Learning, LL
© situation.
Jones &
Bartlett
Learning,
© Jones
steps as possible. Use screen captures in your lab document where possible to illustrate your answers.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
1. Research Linux permissions on the Internet and describe how you would go about
deleting the immutable file /tmp/mytest you created in Part 6 of the lab.
© Jones
Bartlett
LLC
© Jones
& Bartlett
Learning,
LLC
First,&remove
the Learning,
immutable permission
chattr -i /tmp/mytest,
then delete
the file rm
/tmp/mytest.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
uNote:
This completes the lab. Close the virtual lab, if you have not already done so.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
42 | Lab #2 Configuring Basic Security Controls on a CentOS Linux Server
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Evaluation
Criteria
and
Rubrics
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
The following are the evaluation criteria for this lab that students must perform:
1. Configure the bootloader with the timeout set to 0 and password credential to mitigate
© Jones
Bartlett
Learning,
LLCsequence of the server©–Jones
tampering
with the&GRUB
loader
and the boot
[10%] & Bartlett Learning, LL
NOT–FOR
SALE OR DISTRIBUT
NOT FOR
ORLinux
DISTRIBUTION
2. Enable SELinux
on SALE
a CentOS
Server and set it to enforcing mode
[10%]
3. Create a student user account and add it to a user group for managing permissions and
applying access controls across the system – [20%]
4. Configure user groups with limited sudo access (with password credentials) to log and
properly
monitor
access across
© Jones
& Bartlett
Learning,
LLCthe system – [20%] © Jones & Bartlett Learning, LLC
5. FOR
Create
iptables
to “on” for runlevels 2 and 5 to enable
internal,
host-based
IP
NOT
SALE
ORset
DISTRIBUTION
NOTanFOR
SALE
OR DISTRIBUTION
stateful firewall – [20%]
6. Set restrictions and permissions for user access to files and system log files – [20%]
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
43
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Lab
#2
–
Assessment
Worksheet
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Configuring Basic Security Controls on a CentOS Linux Server
Course Name and Number: _____________________________________________________
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT
FOR
SALE
OR
DISTRIBUTION
Student Name: ________________________________________________________________
Instructor Name: ______________________________________________________________
© Jones
& Bartlett
Learning, LLC
© Jones & Bartlett Learning, LLC
Lab
Due Date:
________________________________________________________________
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Overview
In this lab, you secured a Linux server system. You secured the bootloader, enabled iptables
firewall,Learning,
and ran SELinux
Linux OS.
By securing
the bootloader,
© Jones & Bartlett
LLC to help lock down the
© Jones
& Bartlett
Learning,
LLC you
prevented
access to single-user mode and the NOT
GRUBFOR
Console
during
boot of the system.
NOT FOR SALE
OR DISTRIBUTION
SALE
OR the
DISTRIBUTION
Enabling iptables and applying firewall rules ensured that only the applications you wanted can
reach or reach out from your computer. You also applied access control lists (ACLs) to
directories and files within the lab to secure the file and data access and then verified those
permissions on the
system.& Bartlett Learning, LLC
© Jones
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
Lab Assessment Questions & Answers
1. What is GRUB and why is it important to lock it down?
© Jones
Bartlett Part
Learning,
© Jones
& Bartlett
Learning,
LLC
Note&introducing
1. GRUB,LLC
the Grand Unified Bootloader,
is a program
that allows
the
NOT FOR
SALE
OR
DISTRIBUTION
NOT
FOR
SALE
OR
DISTRIBUTION
user or administrator to choose which operating system or kernel to load when the
computer starts. GRUB can load a variety of free operating systems, as well as proprietary
operating systems with chain-loading. It is important to lock down GRUB with a short delay
and a password to avoid tampering with the operating system’s boot sequence. Securing
© Jones & Bartlettthe
Learning,
© Jones
& Bartlett
LLC
bootloaderLLC
also provides a layer of security
from those
who mayLearning,
have physical
access
NOT FOR SALE OR
NOT FOR SALE OR DISTRIBUTION
to DISTRIBUTION
the machine.
2. Discuss the purpose of granting sudo access. Why is it a good idea not to log in as
a root user?
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
Note introducing Part 4. Sudo access can also let the administrator audit the actions
NOT
FOR
SALE
OR DISTRIBUTION
authorizedNOT
usersFOR
take on
the server.
Any actions not specifically granted to the
sudo
userSALE OR DISTRIBUT
will require the actual root password. Sudo access lets a user perform actions beyond his
or her normal privileges. It is a way to provide these privileges to a user without requiring
him or her to log in as root. A compromised root user account will allow an attacker to
© Jones
& Bartlett
Learning,
LLCand system. If you do not
© Jones
Bartlett
Learning,
LLC
compromise
an entire
Linux server
log in as &
root
user, your
IP
NOT FOR
SALE
OR
DISTRIBUTION
NOT
FOR
SALE
OR
DISTRIBUTION
packets cannot be compromised, and a hacker cannot conduct a man-in-the-middle attack.
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
44 | Lab #2 Configuring Basic Security Controls on a CentOS Linux Server
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
3.
If
a
file
is
set
with
the
immutable
flag,
what FOR
security
controls
this provide for
NOT
SALE
OR does
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
the file?
Note introducing Part 5. An immutable designation means the file cannot be manipulated.
The file becomes a read-only file that cannot be deleted, moved, or edited; even by
Jones
& Bartlett
Learning,
someone©with
root level
access. The
immutableLLC
permission is an extended ©
fileJones
attribute,& Bartlett Learning, LL
NOT
FOR SALE OR DISTRIBUT
NOT
FOR
SALE
OR
DISTRIBUTION
beyond the usual read/write sort of access.
4. Besides immutable, what are some of the other extended file attributes?
Note&introducing
5. Other LLC
extended file attributes include:
append &
only
(a); secure
© Jones
Bartlett Part
Learning,
© Jones
Bartlett
Learning, LLC
deletion
(s).
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
5. What is the difference between access control list permissions and sudo?
Note introducing Part 4. Sudo access allows a user to perform actions beyond his or her
© Jones & Bartlettnormal
Learning,
LLC
privileges
assigned by the ACLs. © Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
6. What is iptables and how does this help harden the CentOS Linux Server?
Note introducing Part 3. Iptables is the current host-based, Linux IP stateful firewall and
routing service that can be enabled in your CentOS Linux Server. It controls incoming and
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
outgoing network connections and either allows, disallows, or forwards requests based on
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
a set of defined rule sets you configure within the firewall application itself.
7. Why is it important to configure and enable iptables on your CentOS Linux
Server?
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Introduction.
is the built-in firewall available within NOT
the CentOS
system.
It will
NOT FOR
SALE Iptables
OR DISTRIBUTION
FOR Linux
SALE
OR DISTRIBUTION
help lock down services on a Linux system to only those who require network access and
deny external connections to any other unnecessary port or service.
8. What is the difference between setfacl and getfacl? How can setfacl help achieve
© Jones & Bartlettsecurity
Learning,
LLC
© Jones & Bartlett Learning, LLC
hardening?
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Note introducing Part 6. The setfacl command provides an extra layer of security defense
by setting permissions for specific users or groups of users regarding access to files on the
system. Setfacl helps system administrators define stringent access controls for specific
files to ensure
confidentiality.
The Learning,
get file access
control lists (getfacl) command
displays
© Jones
& Bartlett
LLC
© Jones
& Bartlett Learning, LL
existing ACLs.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Lab #3 Hardening Security with User Account
Management and Security Controls
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Introduction
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
This lab is an extension of the previous labs. Computer security is a series of disparate systems
that will each play a key role in the protection of resources and information. However, just about
© Jones
& Bartlett
Learning,
LLC
& Bartlett
Learning,
every
security
policy begins
with and
is centrally focused on©
theJones
company’s
password
policy. LLC
NOT
FOR
SALE
OR
DISTRIBUTION
NOT
FOR
SALE
OR
DISTRIBUTION
Every auditor walking in to gauge the worth of the company’s accounting systems will ask to see
the password policy and the logs for change control. In most cases, the passwords to the system
are the keys to the vault.
Any effective
password
elements.
The passwords
will expire
© Jones & Bartlett
Learning,
LLCpolicy will have several
© Jones
& Bartlett
Learning,
LLC regularly;
they
will
have
a
certain
complexity
requirement
for
length
and
special
characters,
and will also
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
have a minimum age requirement. In addition, every organization has “guest users,” be they
auditors, contractors, temps, or other types of transient users on the system. Having a password
system that can deal with these varieties of conditions requires intelligent design and well-trained
and capable system
administrators.
© Jones
& Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT FOR
SALE OR DISTRIBUT
NOTharden
FOR user
SALE
OR DISTRIBUTION
In this lab, you will
accounts
on a Linux system with a secure password
policy
definition. This definition will include the use of user groups to better manage large numbers of
users. You also will create temporary user accounts and apply automatic account and password
deletion after 90 days.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
This
has SALE
six parts,
which
should be completed in the order
specified.
NOTlab
FOR
OR
DISTRIBUTION
NOT
FOR SALE OR DISTRIBUTION
1. In the first part of the lab, you will set password controls on a Linux system.
2. In the second part of the lab, you will create several user accounts on the system and
the password
properties for one©of
those accounts.
© Jones & Bartlettchange
Learning,
LLC
Jones
& Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
3. In the third part of the lab, you will create two new security groups on the system and add
the new user accounts to their corresponding groups.
4. In the fourth part of the lab, you will create temporary user accounts that will expire in a
© of
Jones
© Jones & Bartlett Learning, LL
set period
time. & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
5. In the fifth part of the lab, you will edit the .pam file to restrict the use of the su
command.
6. Finally, if assigned by your instructor, you will explore the virtual environment on your
© Jones
LLC
© to
Jones
Bartlett
LLC
own&toBartlett
answer aLearning,
of challenge
question that allows you
use the&skills
you Learning,
learned in the
NOT FOR
SALE
OR
DISTRIBUTION
NOT
FOR
SALE
OR
DISTRIBUTION
lab to conduct independent, unguided work, similar to what you will encounter in a realworld situation.
Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved.
© Jones & Bartlett
Learning, LLC
© Jones & Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual 45
NOT FOR SALE
OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
46 | Lab #3 Hardening Security with User Account Management and Security Controls
© Jones & Bartlett Learning, LLC
Learning
Objectives
NOT FOR SALE
OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Upon completing this lab, you will be able to perform the following:
Configure a password policy by editing the /etc/login.defs file and implementing
Jones &security
Bartlett
Learning,
stringent©password
measures
on a LLC
CentOS Linux Server © Jones & Bartlett Learning, LL
NOT
FOR
SALE OR DISTRIBUT
NOT
FOR
SALE
OR
DISTRIBUTION
• Enforce a password change every 60 days showing a warning 14 days
prior
to the
password’s expiration across the system for all users
• Configure a minimum password length of eight characters with stringent complexity
requirements
© Jones
& Bartlett
LLC
© Jones
& Bartlett
Learning,
• Create
users andLearning,
groups with
the proper permissions and
restrictions
to enforce
role- LLC
NOT FOR
SALE
OR
DISTRIBUTION
NOT
FOR
SALE
OR
DISTRIBUTION
based access controls
• Create a temporary user account that expires in 90 days to enforce the proper principle of
least privilege with contractors and temporary workers/consultants
•
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Tools and Software
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
The following software and/or utilities are required to complete this lab. Students are encouraged
to explore the Internet to learn more about the products and tools used in this lab.
•
vi Editor© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
47
© Jones & Bartlett Learning, LLC
Deliverables
NOT FOR SALE
OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Upon completion of this lab, you are required to provide the following deliverables to your
instructor:
© Jones
& Bartlett
Learning,
LLC
Bartlett
Learning, LL
1. Lab Report
file including
screen
captures of
the following steps: Part©1,Jones
Step 9;&Part
3,
NOT
FOR
SALE
OR
DISTRIBUT
NOT
FOR
SALE
OR
DISTRIBUTION
Step 11; Part 4, Step 13; Part 5, Step 6;
2. Lab Assessments file;
3. Optional: Challenge Questions file, if assigned by your instructor.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
48 | Lab #3 Hardening Security with User Account Management and Security Controls
© Jones & Bartlett Learning, LLC
Hands-On
Steps
NOT FOR SALE
OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
uNote:
This lab contains detailed lab procedures, which you should follow as written. Frequently performed
tasks are explained in the Common Lab Tasks document on the vWorkstation desktop. You should
© Jones
& Bartlett
Learning, LLC
© Jones & Bartlett Learning, LL
review these tasks
before starting
the lab.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
1. From the vWorkstation desktop, open the Common Lab Tasks file.
If you desire, use the File Transfer button to transfer the file to your local computer and
print&aBartlett
copy for Learning,
your reference.
© Jones
LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
Figure 1 “Student Landing” vWorkstation
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT
FOR
SALE
OR
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
2. On your local computer, create the lab deliverable files.
3. Review the Lab Assessment Worksheet at the end of this lab. You will find answers to
these questions as you proceed through the lab steps.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Part OR
1: Establish
System Password Controls
uNote:
In the next steps, you will apply harden security measures on this server by configuring stringent
passwords according
to a policy
definition.Learning,
You will edit LLC
the login definitions (login.defs)
file in the
Editor. Learning, LL
© Jones
& Bartlett
© Jones
& viBartlett
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
1. Double-click the RDP folder on the vWorkstation desktop to open the folder.
2. Double-click the TargetCentOS.rdp file to open a remote connection to the Linux server.
© Jones
Bartlett
Learning,
LLC
© Jones
& for
Bartlett
Learning,
The&remote
GNOME
desktop,
the graphical user interface
(GUI)
the virtual
Linux LLC
NOT FOR
SALE
OR
DISTRIBUTION
NOT
FOR
SALE
OR
DISTRIBUTION
server, opens with the IP address of the remote machine (172.30.0.21) in the title bar at
the top of the window.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
49
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 2 The GNOME desktop
3. Double-click the Terminal icon on the GNOME desktop to open the terminal emulator and
access the Linux server command line.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
FOR
NOT
FOR
SALE
OR
DISTRIBUTION
4. At the command prompt, type su -c 'vi /etc/login.defs' and press EnterNOT
to load
theSALE
grub OR DISTRIBUT
configuration file into the vi Editor.
5. When prompted, type P@ssw0rd!, the root password, and press Enter to open the
configuration
© Jones
& Bartlettfile.
Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR
SALE ORfile
DISTRIBUTION
NOT
FOR SALE
DISTRIBUTION
The login.defs
appears in the vi Editor window. The
login.defs
file isOR
used
to define
the configuration associated with logins into the local Linux system.
uNote:
You are required
to enter
a mixed-case password.©
If you
are not
using the Citrix
ReceiverLLC
to access this
© Jones & Bartlett
Learning,
LLC
Jones
& Bartlett
Learning,
lab,
please
use
the
CAPS
LOCK
button
or
the
On-Screen
Keyboard
to
input
the
password.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
6. Press the i key to enter the Insert mode.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
50 | Lab #3 Hardening Security with User Account Management and Security Controls
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
Figure 3 login.defs within the vi Editor
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
7. FOR
Use the
arrow
keys
to locate the Password aging controls
of the file.
NOT
SALE
OR
DISTRIBUTION
NOTsection
FOR SALE
OR DISTRIBUTION
uNote:
Changes to the Password aging controls section of the login.defs file affect the requirements for user
account passwords, including the length of the password and the number of days before a password
© Jones & Bartlett
Learning,
LLC
Jones &basis
Bartlett
LLC guessing
expires. Requiring
users
to change passwords on ©
a scheduled
will, atLearning,
least, keep hackers
NOT FOR SALE
OR them
DISTRIBUTION
ORthey
DISTRIBUTION
and force
to work harder to crack passwordsNOT
all overFOR
againSALE
each time
are changed. This is timeconsuming and off-putting. If your passwords are difficult to guess and change regularly, you are already
well ahead of the skills of many rudimentary hackers.
© Jones
& of
Bartlett
Learning,
LLC to any of these settings
© Jones
& Bartlett Learning, LL
The section includes
a number
password
settings. Changes
will not affect
NOT FOR SALE OR DISTRIBUT
existing accounts.NOT FOR SALE OR DISTRIBUTION
• PASS_MAX_DAYS is the maximum number of days a password can be used before a change of
password is forced.
• PASS_MIN_DAYS is the minimum number of days a password must be set on an account before
© Jones
& be
Bartlett
© to
Jones
& Bartlett
Learning,
LLC
it can
changedLearning,
again. This LLC
is to prevent users from trying
revert back
to the original
password
NOT FOR
SALE
OR
DISTRIBUTION
NOT
FOR
SALE
OR
DISTRIBUTION
soon after being forced to change.
• PASS_MIN_LEN is the minimum number of characters the password must contain.
• PASS_WARN_AGE is the number of days a warning is sent to an account before the password
expires.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
51
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
8. Edit the password aging controls section to match the following definition:
•
•
•
•
PASS_MAX_DAYS 60
PASS_MIN_DAYS 0
© Jones & Bartlett Learning, LLC
PASS_MIN_LEN 8
NOT FOR SALE OR DISTRIBUTION
PASS_WARN_AGE 14
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
9. Make a screen capture showing your changes in the vi Editor window and paste it into the
Lab Report File.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
10.FOR
PressSALE
the EscOR
keyDISTRIBUTION
to exit the Insert mode.
NOT
NOT FOR SALE OR DISTRIBUTION
11. Type :wq! and press Enter to save your changes and exit the vi Editor.
Part 2: Create
UserLLC
Accounts
© Jones & Bartlett
Learning,
NOT FOR SALE OR DISTRIBUTION
uNote:
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
In the next steps, you will harden security measures on this server by creating several new users accounts
using the useradd command and set an initial password for one of the accounts, then require that
password to be changed
at the
first login attempt.
© Jones
& Bartlett
Learning, LLC
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
1. At the command prompt, type su -c '/usr/sbin/useradd dbadmin1' and press Enter to create
a new database administrator user account (dbadmin1).
2. When prompted, type P@ssw0rd!, the root password, and press Enter to create the new
© Jones
& Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
account.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
uNote:
You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this
lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
3.
Repeat
steps
1-2
to
add
the
following
additional
NOT FOR SALE OR DISTRIBUTION
NOT FORusers:
SALE OR DISTRIBUTION
•
•
•
dbadmin2
webadmin1
webadmin2
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
52 | Lab #3 Hardening Security with User Account Management and Security Controls
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 4 Create new user accounts
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT
FOR
SALE OR DISTRIBUT
NOT
FOR
SALE
OR
DISTRIBUTION
4. At the command prompt, type su -c 'passwd dbadmin1' and press Enter
to set
a password
for the dbadmin1 user account you just created.
5. When prompted, type P@ssw0rd!, the root password, and press Enter to set the password
for the
new account.
© Jones
& Bartlett
Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
uNote:
You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this
lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password.
© Jones & Bartlett
Learning,
LLCfor the new password©forJones
& Bartlett
Learning,
LLC Enter.
6. When
prompted
this account,
type harden
and press
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
The system will display a warning indicating that the password is too simple, and that it
is based on a dictionary word. However, users with root access (as you have assumed
with the su command) will be able to set the password after seeing the warnings.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
7. When prompted
to
retype
the
password
for
this
account,
type
harden
and press
NOT
FOREnter.
SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
53
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 5 Set a user account password
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
FOR
SALE
NOT
FOR
SALE
OR
DISTRIBUTION
8. At the command prompt, type su -c 'chage -d 0 dbadmin1' and press NOT
Enter to
force
the OR DISTRIBUT
password you just set to change at the next login attempt.
The command chage stands for change aging, and is not a misspelling of the word
change.
© Jones
& Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
9. When prompted, type P@ssw0rd!, the root password, and press Enter to change the aging
of the password.
uNote:
© Jones & Bartlett
Learning,
LLC
Jones
& Bartlett
Learning,
You are required
to enter
a mixed-case password.©
If you
are not
using the Citrix
ReceiverLLC
to access this
NOT FOR SALE
OR DISTRIBUTION
NOT FOR
SALE
OR DISTRIBUTION
lab, please
use the CAPS LOCK button or the On-Screen
Keyboard
to input
the password.
Part 3: Manage Security Groups
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
uNote:
In the next steps, you will harden security measures on this server by creating two new security groups.
You will add the new users to those groups and verify user group membership. The intelligent design and
deployment of security groups greatly eases security management, change control, and access tightening.
© Jones
Bartlett
LLC the group to a resource©isJones
Bartlett
Learning,
LLC
Putting
users&into
groupsLearning,
and then applying
the best&way
to manage
that
NOT FOR
SALEtoOR
DISTRIBUTION
NOT
FORinstead
SALEofOR
DISTRIBUTION
resource.
Changes
the control
only need to be made to the group
property,
possibly
dozens if
not hundreds of individual users.
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
54 | Lab #3 Hardening Security with User Account Management and Security Controls
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
1. At the command prompt, type su -c '/usr/sbin/groupadd dba' and press Enter to add a new
group called dba (database administrators).
2. When prompted, type P@ssw0rd!, the root password, and press Enter to add the new
© Jones & Bartlett Learning, LL
group. © Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
uNote:
You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this
lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
3. FOR
Repeat
stepsOR
1-2 to
add a new group called web.
NOT
SALE
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
FOR accounts
SALE OR DISTRIBUTION
Figure 6 CreateNOT
new group
4. At the command prompt, type su -c '/usr/sbin/usermod -g dba dbadmin1' and press Enter
to add the dbadmin1 user account to the new dba group.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
5. When prompted,
type
P@ssw0rd!,
the
root
password,
and
press
Enter
to add
the SALE
user to OR DISTRIBUT
NOT
FOR
NOT FOR SALE OR DISTRIBUTION
the group.
uNote:
You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this
© Jones
& Bartlett
©toJones
& password.
Bartlett Learning, LLC
lab,
please use
the CAPSLearning,
LOCK buttonLLC
or the On-Screen Keyboard
input the
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
6. Repeat steps 4-5 to add the dbadmin2 user account to the dba group.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
55
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
7.
At
the
command
prompt,
type
su
-c
'/usr/sbin/usermod
-g web
and press Enter
NOT FOR SALE
OR webadmin1'
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
to add the webadmin1 user account to the new web group.
8. When prompted, type P@ssw0rd!, the root password, and press Enter to add the user to
the web group.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT
FOR
SALE
OR
DISTRIBUTION
uNote:
You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this
lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password.
9. Repeat
steps 7-8Learning,
to add the webadmin2
user account to©the
web group.
© Jones
& Bartlett
LLC
Jones
& Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC Figure 7 Add user accounts
© Jones
& Bartlett
Learning, LLC
to group
accounts
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
10. At the command prompt, type groups dbadmin1 and press Enter to display all of the
groups to which the dbadmin1 user is a member.
So far in©this
lab, you
have added
the dbadmin1
group.
However,
this Learning, LL
Jones
& Bartlett
Learning,
LLC user only to the dba ©
Jones
& Bartlett
command
illustrates
how
either
the
user
or
the
administrator
can
easily
and
quickly
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
determine the groups to which a user is assigned.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
56 | Lab #3 Hardening Security with User Account Management and Security Controls
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 8 Output from the groups command
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
FORitSALE
OR DISTRIBUT
NOT
FOR
SALE
OR
DISTRIBUTION
11. Make a screen capture showing the output from the groups commandNOT
and paste
into the
Lab Report file.
Part
4: Manage Temporary User Accounts
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
uNote:
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
In the next steps, you will apply harden security measures on this server by creating temporary user
accounts that will automatically expire in 90 days. This type of action is common in a business that
frequently hires contractors or others that will need temporary access to their network.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE1.OR
SALE OR DISTRIBUTION
AtDISTRIBUTION
the terminal command prompt, typeNOT
su -cFOR
'/usr/sbin/useradd
jtemp' and press Enter to
create a new database administrator user account (jtemp).
2. When prompted, type P@ssw0rd!, the root password, and press Enter to create a new
account.© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
uNote:
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUT
You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this
lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password.
© Jones
& Bartlett
Learning,
LLC
© press
JonesEnter
& Bartlett
Learning,
3. At the
command
prompt, type
su -c 'passwd jtemp' and
to set a password
forLLC
NOT FOR
SALE
OR
DISTRIBUTION
NOT
FOR
SALE
OR
DISTRIBUTION
the jtemp user account you just created.
4. When prompted, type P@ssw0rd!, the root password, and press Enter to set a password.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
57
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
uNote:
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this
lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password.
5. When prompted
new password,
typeLLC
tempuser! and press Enter.
© Jonesfor&the
Bartlett
Learning,
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
The system will display a warning indicating that the password is a dictionary, but users
with root access, as you have in this lab, will be able to set the password anyway.
6. When prompted, type tempuser! and press Enter to confirm the new password.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
7. FOR
At theSALE
command
prompt, type su -c 'chage -d 0 jtemp' NOT
and press
to force
the jtemp
NOT
OR DISTRIBUTION
FOREnter
SALE
OR DISTRIBUTION
user to change the password you just set at the next login attempt.
8. When prompted, type P@ssw0rd!, the root password, and press Enter to force a password
change.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE
OR
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
uNote:
You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this
lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password.
© Jonesprompt,
& Bartlett
Learning,
© Jones
& Bartlett
Learning, LL
9. At the command
type su
-c 'chage LLC
-E date jtemp' and press Enter
to force
the
jtemp user
to change
the password
you just set on the required date. NOT FOR SALE OR DISTRIBUT
NOT
FOR SALE
OR DISTRIBUTION
For this command, the date should be entered in the format of YYYY-MM-DD. For this
lab, replace the date in the command line, with an actual date 90 days from the date you
perform this hands-on activity.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT
FOR
SALE
OR
DISTRIBUTION
FOREnter
SALE
10. When prompted, type P@ssw0rd!, the root password,NOT
and press
to OR
forceDISTRIBUTION
a password
change for the jtemp user.
uNote:
You are required
to enter
a mixed-case password.©
If you
are not
using the Citrix
ReceiverLLC
to access this
© Jones & Bartlett
Learning,
LLC
Jones
& Bartlett
Learning,
lab, please
use the CAPS LOCK button or the On-Screen
Keyboard
to input
the password.
NOT FOR SALE
OR DISTRIBUTION
NOT FOR
SALE
OR DISTRIBUTION
11. At the command prompt, type su -c 'chage --list jtemp' and press Enter to review the
password settings for the jtemp user account.
© Jonestype
& Bartlett
Learning,
Bartlett Learning, LL
12. When prompted,
P@ssw0rd!,
the root LLC
password, and press Enter©toJones
review&the
NOT FOR SALE OR DISTRIBUT
FOR SALE OR DISTRIBUTION
passwordNOT
settings.
uNote:
You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this
© Jones
& Bartlett
©toJones
& password.
Bartlett Learning, LLC
lab,
please use
the CAPSLearning,
LOCK buttonLLC
or the On-Screen Keyboard
input the
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
58 | Lab #3 Hardening Security with User Account Management and Security Controls
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 9 Output from the jtemp user account configuration
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT itFOR
NOT
FOR
SALE
OR
DISTRIBUTION
13. Make a screen capture showing the output of the –list command and paste
into SALE
the LabOR DISTRIBUT
Report file.
Part
5: Restrict Access
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
uNote:
In the next steps, you will harden security measures on this server by restricting the use of the su
command which grants the user root level access. You will edit the pam.d file to restrict the wheel group
from using the su command.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE1.OR
NOT
FOR SALE and
OR press
DISTRIBUTION
AtDISTRIBUTION
the command line prompt, type su -c
'vi /etc/pam.d/su'
Enter to edit the
access for the su command in the pluggable authentication module file.
2. When prompted, type P@ssw0rd!, the root password, and press Enter to open the pam.d
file opens
the vi &
Editor.
© in
Jones
Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
uNote:
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUT
You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this
lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
59
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 10 The pam.d file
© Jones & Bartlett Learning, LLC
SALE
OR DISTRIBUTION
3. Press theNOT
i keyFOR
to enter
the Insert
mode.
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
4. Use the arrow keys to locate the #auth required pam_wheel.so use_uid line in the editor.
5. Replace the hash tag (#) at the beginning of the line with an x so that the entire line now
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
reads xauth required pam_wheel.so use_uid.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
This action cancels the statements and removes the wheel group from those authorized to
use the su command.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
60 | Lab #3 Hardening Security with User Account Management and Security Controls
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 11 Edit the su command
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
FOR
SALE
OR DISTRIBUT
NOT
FOR
SALE
OR
DISTRIBUTION
6. Make a screen capture showing the edits from step 5 and paste it intoNOT
the Lab
Report
file.
7. Press the Esc key to exit the Insert mode and type :wq! and press Enter to save your
changes and exit the pluggable authentication module file.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
8. At the prompt, type exit and press Enter to close the terminal window.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
9. Close the remote Linux connection.
10. Close the virtual lab, or proceed with Part 6 to answer the challenge question for this lab.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
61
© Jones & Bartlett Learning, LLC
Part OR
6: Challenge
Question
NOT FOR SALE
DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
uNote:
The following challenge question is provided to allow independent, unguided work, similar to what you will
encounter in a real
You
should aim
to improveLLC
your skills by getting the correct
answer&inBartlett
as few Learning, LL
© situation.
Jones &
Bartlett
Learning,
© Jones
steps as possible. Use screen captures in your lab document where possible to illustrate your answers.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
1. You are the SysAdmin for a local company. You have been instructed to create access to
the network for an outside auditing agency who will be coming on-site to perform a
financial audit. The audit will last for eight weeks, and the lead auditor is to be given user
© Jones
& Bartlett
Learning,
LLC
© Jones
& Bartlett
Learning,
LLC
creation
rights to
track the use
of temps that he is bringing
on-site
to perform
some of the
NOT FOR
SALE
OR
DISTRIBUTION
NOT
FOR
SALE
OR
DISTRIBUTION
auditing tasks. Your boss is understandably concerned about someone outside the IT
group having user admin rights. Given the set of hardening rules you worked with in this
lab, describe the policy you would recommend to best meet the needs of the auditors and
ease your boss’ concerns. For additional consideration, investigate and explain any
© Jones & Bartlettfurther
Learning,
LLC steps you would consider
© Jones
& Bartlett
Learning,
LLC this request.
reasonable
to safeguard
data
and administer
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
(Answers will be unique to each student, but should include some form of the following.)
The lead auditor is given two accounts, one would be his work account, and the second would be
an account relegated to user admin only. The lead auditor would have to su to the user account to
administer©any
of the&new
accounts
he desires,LLC
and then log out to his main©account
other Learning, LL
Jones
Bartlett
Learning,
Jonesdo&any
Bartlett
work. NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUT
The auditor’s accounts and the other temp accounts would be set to expire in eight weeks, and
new users would have to immediately change their passwords upon first login. No minimum
password days would be needed, as these users would not be on-site long enough to go through a
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
password change cycle. Maximum password days is set at eight weeks, and the warning is set to 0
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
days to turn it off. Passwords must be a minimum of 8 characters in length.
Further steps to consider not covered by this lab: Depending on the environment and the need for
the temporary auditors’ access, create a DMZ and allow the temporary auditors access to the
© Jones & BartlettDMZ,
Learning,
LLC
© Jones
& Bartlett
LLC
but not the
internal network. Very often,
all that many
people Learning,
need is communication
NOT FOR SALE OR
DISTRIBUTION
FOR SALE
capability
in the form of Internet access. ANOT
DMZ provides
that. InOR
the DISTRIBUTION
absence of a DMZ, set time
controls on the temp accounts to be valid only during work hours. Do not allow their accounts to be
used when the lead auditor is not present or is not sanctioning work. In all of these instances, I
would set up logging on all of the accounts and set ACLs to prevent access to any areas that the
temps in particular
not be allowed.
Auditors
unrestricted
© Jonesshould
& Bartlett
Learning,
LLCoften request, and are granted,
© Jones
& Bartlett Learning, LL
access, but
you
must
clear
that
with
your
supervisor
before
providing
it.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
uNote:
This completes the lab. Close the virtual lab, if you have not already done so.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
62 | Lab #3 Hardening Security with User Account Management and Security Controls
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Evaluation
Criteria
and
Rubrics
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
The following are the evaluation criteria and rubrics that the students must perform:
1. Configure a password policy by editing the /etc/login.defs file and implementing
Jones &security
Bartlett
Learning,
© Jones & Bartlett Learning, LL
stringent©password
measures
on a LLC
CentOS Linux Server – [20%]
NOT
FOR
SALE OR DISTRIBUT
FOR SALE
DISTRIBUTION
2. Enforce NOT
a password
changeOR
every
60 days showing a warning 14 days
prior
to the
password’s expiration across the system for all users – [20%]
3. Configure a minimum password length of eight characters with stringent complexity
requirements – [20%]
4.
Create
users andLearning,
groups with
the proper permissions and
restrictions
to enforce
role- LLC
© Jones
& Bartlett
LLC
© Jones
& Bartlett
Learning,
basedSALE
accessOR
controls
– [20%]
NOT FOR
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
5. Create a temporary user account that expires in 90 days to enforce the proper principle of
least privilege with contractors and temporary workers/consultants – [20%]
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
63
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Lab
#3
–
Assessment
Worksheet
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Hardening Security with User Account Management and Security
Controls
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
Course Name and Number: _____________________________________________________
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
Student Name: ________________________________________________________________
Instructor Name: ______________________________________________________________
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT
FOR
SALE
OR
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Lab Due Date: ________________________________________________________________
Overview
© Jones & Bartlett
Learning,
LLC user accounts on a Linux
© Jones
& Bartlett
Learning,
LLC
In this lab,
you hardened
system
with a secure
password
policy
NOT FOR SALE
OR
DISTRIBUTION
NOT
FOR
SALE
OR
DISTRIBUTION
definition. This definition included the use of user groups to better manage large numbers of
users. You also created temporary user accounts and applied automatic account and password
deletion after 90 days.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
1. What is the significance of creating groups and adding users to groups? Explain.
Lab Assessment
Questions & Answers
NOT FOR SALE OR DISTRIBUTION
Note introducing Part 3. The intelligent design and deployment of security groups greatly eases
© Jones
& Bartlett
Learning,
© Jones
& Bartlett
Learning,
security
management,
changeLLC
control, and access tightening.
Putting users
into groups
and thenLLC
NOT FOR
SALE
OR DISTRIBUTION
FOR SALE
OR toDISTRIBUTION
applying
the group
to a resource is the best way to manageNOT
that resource.
Changes
the control
need to be made only to the group property, instead of possibly dozens, if not hundreds, of
individual users.
2. Given a scenario where there are five database administrators who may periodically need
© Jones & Bartlettaccess
Learning,
LLCsystem, discuss a concept
© Jones
& Bartlett
LLC
to a given
to better
manage Learning,
these administrators’
access
NOT FOR SALE OR
DISTRIBUTION
NOT
FOR
SALE
OR
DISTRIBUTION
permissions.
Part 3, Step1. Create a group and add the DBAs to the group. Then give the necessary
permissions to the group.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
3. The newNOT
Web FOR
administrator’s
account
(webadmin1)
has
been
set
up
and a FOR
password
NOT
SALE OR DISTRIBUT
SALE OR DISTRIBUTION
provided to the user. What is the command to force the user to change the password upon
first login?
Part&2,Bartlett
Step 8. Use
the command
su -c 'chage –d 0 webadmin1'
© Jones
Learning,
LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
64 | Lab #3 Hardening Security with User Account Management and Security Controls
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
4.
How
can
the
use
of
the
su
command
be
restricted?
NOT
FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Note introducing Part 5. Edit the pam.d file to restrict users or groups from using the su command.
5. What is the purpose of the login.defs file? Explain the contents and configuration options.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT
NOT
FOR
SALE
OR
DISTRIBUTION
Part 1 Step 5. The login.defs file is used to define the configuration associated
withFOR
loginsSALE
into theOR DISTRIBUT
local Linux system.
6. What is the PASS_MIN_DAYS setting? Why would it be a good idea to specify a
PASS_MIN_DAYS
setting?LLC
© Jones
& Bartlett Learning,
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Note following Part 1, Step 7. It shows the minimum number of days a password must be set on an
account before it can be changed again. This is to prevent users from trying to revert back to the
original password soon after being forced to change.
© Jones & Bartlett
Learning,
© Jones
& Bartlett Learning,
LLC
7. Will
changesLLC
to the PASS_MAX_DAYS,
PASS_MIN_DAYS,
and PASS_WARN_AGE
NOT FOR SALE OR
DISTRIBUTION
NOT
FOR
SALE
OR
DISTRIBUTION
commands in /etc/login.defs settings affect existing accounts?
Note following Part 1, Step 7. Changes to any of these settings will not affect existing accounts.
8. Describe©the
password
and account
settingsLLC
you would configure if you
were told
that a Learning, LL
Jones
& Bartlett
Learning,
© Jones
& Bartlett
few contractors
needed
accounts
on
the
Linux
system
for
the
next
14
days.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
Part 4. Create temporary accounts that expire in 14 days. Possibly, edit the pam.d file to restrict the
su command.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Lab #4 Applying Hardened Linux Filesystem
Security Controls
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
Introduction
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Server
hardening
is the
of securing a system by reducing
surface
of vulnerability.
It is
NOT FOR
SALE
ORprocess
DISTRIBUTION
NOTitsFOR
SALE
OR DISTRIBUTION
an important task, especially if you realize that the default configuration of most operating
systems is not designed with security as the primary focus. Instead, default setups focus more on
usability, communications, and functionality. Protection is provided in various layers and often
referred to as defense in depth. The idea behind the defense in depth approach is to defend a
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
system against any particular attack using several independent methods. Defense in depth
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
measures should not only prevent security breaches, but also buy an organization time to detect
and respond to an attack, thereby reducing and mitigating the consequences of a breach.
This lab, an extension of the previous labs, incorporates security hardening for filesystems and
© Jones
& BartlettInLearning,
Jones
& Bartlett
Learning, LL
user access to mounted
filesystems.
this lab, youLLC
will mount a filesystem ©
that
does not
have
execute permissions
the CentOS
Linux
Server. You also will mount a remote
andOR DISTRIBUT
NOTfilesystem
FOR SALE
NOTon
FOR
SALE OR
DISTRIBUTION
set quotas for users of mounted filesystems.
This lab has three parts, which should be completed in the order specified. There is no challenge
question for this lab.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT
FOR
SALE
OR
DISTRIBUTION
NOT
FOR
SALE ORtest
DISTRIBUTION
1. In the first part of the lab, you will mount a filesystem,
apply
permissions,
it, and
report your findings.
2. In the second part of the lab, you will set user account quotas on filesystem partitions and
your findings.
© Jones & Bartlettreport
Learning,
LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE3.OR
NOT
FOR
SALE ORand
DISTRIBUTION
InDISTRIBUTION
this part of the lab, you will test your
quota
configuration
report your findings.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved.
Instructor Lab Manual
www.jblearning.com
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
65
66 | Lab #4 Applying Hardened Linux Filesystem Security Controls
© Jones & Bartlett Learning, LLC
Learning
Objectives
NOT FOR SALE
OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Upon completing this lab, you will be able to:
Mount a filesystem without execute permissions, so you can safely read the data
© in
Jones
& Bartlett
Learning,
contained
the disk
without executing
anyLLC
unexpected programs © Jones & Bartlett Learning, LL
FOR
SALE OR
DISTRIBUTION
• Mount aNOT
remote
filesystem
and configure
the system to be mounted NOT
at bootFOR
timeSALE
for an OR DISTRIBUT
automatic network share on a Linux system
• Set user quotas on disk to protect the availability and security on the Linux system and to
prevent users from taking up all the disk drive space on the system
•
Edit&and
modifyLearning,
the /etc/fstab
file to manage local and©remote
file shares
as well
© Jones
Bartlett
LLC
Jonesnetwork
& Bartlett
Learning,
LLC
as theSALE
necessary
mounting configurations required
NOT FOR
OR disk
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
• Configure and use the repquota command to verify usage of disk space by users and
manage quotas
•
© Jones & Bartlett
LLC
© Jones & Bartlett Learning, LLC
Tools Learning,
and Software
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
The following software is required to complete this lab. Students are encouraged to explore the
Internet to learn more about the products and tools used in this lab.
•
vi Editor
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
67
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Deliverables
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Upon completion of this lab, you are required to provide the following deliverables to your
instructor:
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
FOR12,
SALE
OR DISTRIBUT
NOT
FOR
SALE
OR
DISTRIBUTION
1. Lab Report file including screen captures of the following steps: PartNOT
1, Steps
20, and
24; Part 2, Step 9; Part 3, Steps 5 and 9;
2. Lab Assessments file.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved.
www.jblearning.com
© Jones & Bartlett
Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Instructor Lab Manual
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
68 | Lab #4 Applying Hardened Linux Filesystem Security Controls
© Jones & Bartlett Learning, LLC
Hands-On
Steps
NOT FOR SALE
OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
1. From the vWorkstation desktop, open the Common Lab Tasks file.
© Jones
& Bartlett
Learning,
LLC
Jones
& Bartlett
If you desire,
use the
File Transfer
button to
transfer the file to your ©
local
computer
and Learning, LL
NOT FOR SALE OR DISTRIBUT
NOTfor
FOR
OR DISTRIBUTION
print a copy
yourSALE
reference.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
FigureOR
1 “Student
Landing” vWorkstation
NOT FOR SALE
DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
2. On your local computer, create the lab deliverable files.
3. Review the Lab Assessment Worksheet at the end of this lab. You will find answers to
© Jones
& questions
Bartlett Learning,
LLCthrough the lab steps. © Jones & Bartlett Learning, LLC
these
as you proceed
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
69
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
Part OR
1: Filesystem
Permissions
NOT FOR SALE
DISTRIBUTION
uNote:
In the next steps, you will apply hardened security measures on this server by mounting a filesystem with
read-only permissions.
You will
modify theLearning,
/etc/fstab fileLLC
and perform several tests to
sure&that
your Learning, LL
© Jones
& Bartlett
© make
Jones
Bartlett
changes were effective.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
The /etc/fstab file (or filesystems table) is a system configuration file commonly found on UNIX systems.
This file usually lists all available disks and disk partitions, and indicates how they are to be initialized or
otherwise integrated into the overall system's filesystem.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 2 Typical fstab file
In a typical
fstab file, the
columns are separated by©spaces
and defined
in the following
© Jones & Bartlett
Learning,
LLC
Jonesor&tabs
Bartlett
Learning,
LLC manner.
name: The device name or other means
of locating
theOR
partition
or data source.
NOT FOR SALE•ORdevice
DISTRIBUTION
NOT FOR
SALE
DISTRIBUTION
• mount point: The mount point, where the data is to be attached to the filesystem. For swap files
& devices, this should be set to none.
• fs-type: The filesystem type, or the algorithm used to interpret the filesystem.
• options:©This
column
or notLLC
the filesystem should be mounted
at boot
or
Jones
& indicates
Bartlettwhether
Learning,
© Jones
& Bartlett
Learning, LL
whether NOT
it can be
written
to, with
(read-write) or not, with ro (read-only). NOT FOR SALE OR DISTRIBUT
FOR
SALE
ORrwDISTRIBUTION
• dump-freq: This indicator adjusts the archiving schedule for the partition (used by dump).
• pass-num: This indicator controls the order in which fsck checks the device/partition for errors at
boot time. The root device should be 1. Other partitions should be either 2 (to check after root) or
0 (to&disable
checking
for that LLC
partition altogether).
© Jones
Bartlett
Learning,
© Jones & Bartlett Learning, LLC
• FOR
A value
of 0 inOR
either
of the last two columns disables the corresponding
feature.OR DISTRIBUTION
NOT
SALE
DISTRIBUTION
NOT FOR SALE
The /etc/fstab file is most commonly used by the mount command. The mount command instructs the
operating system that a filesystem is ready to use, and it becomes associated with a particular point in the
filesystem’s hierarchy.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
1. Double-click the RDP folder icon on the desktop.
2. Double-click the TargetCentOS01.rdp file to open the Linux server.
The remote
GNOME
desktop, Learning,
the graphicalLLC
user interface (GUI) for©theJones
virtual&Linux
© Jones
& Bartlett
Bartlett Learning, LL
server, opens
with
the
IP
address
of
the
remote
machine
(172.30.0.21)
in
the
title
bar at OR DISTRIBUT
NOT FOR SALE
NOT FOR SALE OR DISTRIBUTION
the top of the window.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
70 | Lab #4 Applying Hardened Linux Filesystem Security Controls
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 3 GNOME desktop
© Jones & Bartlett
Learning, LLC
© Jonesdesktop
& Bartlett
Learning,
LLCemulator and
3. Double-click
the Terminal icon on the GNOME
to open
the terminal
NOT FOR SALE OR
DISTRIBUTION
NOT
FOR
SALE
OR
DISTRIBUTION
access the Linux server command line.
4. At the command prompt, type su -c ꞌvi /etc/fstabꞌ and press Enter to open the fstab file in
the vi Editor.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
5. When prompted,
type
P@ssw0rd!,
the root password, and press Enter.
NOT FOR SALE OR DISTRIBUT
NOT FOR
SALE
OR DISTRIBUTION
uNote:
You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this
lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 4 fstab file in the vi Editor
6. Press the i key to enter the Insert mode.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
71
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
7.
Use
the
arrow
keys
to
locate
the
following
in the
file:OR DISTRIBUTION
NOTline
FOR
SALE
NOT FOR SALE OR DISTRIBUTION
•
/virtimages/disk/rimage.img /archives ext3 loop,defaults 0 0
8. Move the cursor immediately behind the word defaults and type ,ro to apply read-only
© Jones
Bartlett
Learning, LLC
© Jones & Bartlett Learning, LL
permissions
to the &
archives
directory.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
Figure 5 Modify the fstab file
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
9. Press the Esc key to exit the Insert mode.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
10. Type :wq! and press Enter to save your changes and exit the vi Editor.
11. At the command prompt, type cat /etc/fstab and press Enter to display the contents of the
© Jones & Bartlettfile.
Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE12.
OR
DISTRIBUTION
FOR
SALE
DISTRIBUTION
Make
a screen capture showing edited NOT
content
of the
fstab OR
file and
paste it into the Lab
Report file.
13. At the command prompt, type su -c ꞌmount -o remount /archivesꞌ and press Enter to
remount©theJones
archives
partition after
havingLLC
made the changes to the fstab
file. & Bartlett Learning, LL
& Bartlett
Learning,
© Jones
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
14. When prompted, type P@ssw0rd!, the root password, and press Enter.
uNote:
You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this
© Jones
& Bartlett
©toJones
& password.
Bartlett Learning, LLC
lab,
please use
the CAPSLearning,
LOCK buttonLLC
or the On-Screen Keyboard
input the
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
72 | Lab #4 Applying Hardened Linux Filesystem Security Controls
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
15.
At
the
command
prompt,
type
cd
/archives/2011
pressOR
Enter
to change the directory.
NOT FORand
SALE
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Notice that the command prompt indicates that the directory has changed.
16. At the command prompt, type ls -ls and press Enter to list the files in this directory and
review the
permissions
that areLearning,
currently applied
© Jones
& Bartlett
LLC to each file.
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
According to the list command, the revenue.doc file currently has read-write permissions.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
Figure 6 List the archives/2011 directory
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT
FOR
SALE
OR
DISTRIBUTION
NOT
FOR
SALE
OR the
DISTRIBUTION
17. At the command prompt, type su -c ꞌvi revenue.docꞌ and
press
Enter
to open
revenue.doc file in the vi Editor.
18. When prompted, type P@ssw0rd!, the root password, and press Enter.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
uNote:
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this
lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password.
19. Press the i key to enter the Insert mode.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT FOR
NOT
DISTRIBUTION
The status
lineFOR
at theSALE
bottomOR
of the
editor indicates that the file is read-only.
So, SALE
even OR DISTRIBUT
though the list command indicated this file was read-write, by changing the permissions
on the archives directory, you also changed the permissions for this file.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
73
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 7 Edit a read-only file
20. Make a screen capture showing the read-only indicator and paste it into the Lab Report
file.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
FOR
DISTRIBUTION
21. Press theNOT
Esc key
toSALE
exit theOR
Insert
mode.
NOT FOR SALE OR DISTRIBUT
22. Type :q and press Enter to exit the vi Editor without saving any edits.
23. At the
commandLearning,
prompt, type
su -c ꞌtouch yourname_test.txtꞌ,
yourname
withLLC
© Jones
& Bartlett
LLC
© Jonesreplacing
& Bartlett
Learning,
your SALE
own name,
press Enter to create a new file in
this FOR
directory.
NOT FOR
OR and
DISTRIBUTION
NOT
SALE OR DISTRIBUTION
You should see a “cannot touch ‘yourname_test.txt’” error message indicating that the
file cannot be created in a read-only filesystem.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
74 | Lab #4 Applying Hardened Linux Filesystem Security Controls
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Figure 8 Create a new file in a read-only directory
24. Make a screen capture showing the error message and paste it into the Lab Report file.
© Jones & Bartlett Learning, LLC
Part 2: SettingNOT
Quotas
FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
uNote:
In the next steps, you will apply hardened security measures on this server by setting user account quotas
on filesystem partitions. Quotas can be used as a disk management tool to restrict the amount of disk
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
space to which specific users can write.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
The following steps are required to establish a quota.
1. Add usrquota to the mounting options and mount or remount.
2. Initialize the quota database.
3. Turn quotas on.
© Jones & Bartlett Learning,
LLC
© Jones
& Bartlett Learning, LLC
4. Edit the
user’s quota table to specify
a hard limit.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
1. At the command prompt, type su -c ꞌvi /etc/fstabꞌ and press Enter to reopen the fstab file.
2. When prompted, type P@ssw0rd!, the root password, and press Enter.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
uNote:
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this
lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password.
3. Press the i key to enter the Insert mode.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT
FOR
SALE
OR
DISTRIBUTION
4. Use the arrow keys to locate the following line in theNOT
file: FOR SALE OR DISTRIBUTION
•
/virtimages/disk/qimage.img /common ext3 loop,defaults 0 0
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
75
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
5.
Move
the
cursor
immediately
behind
the
word
defaults
type
,usrquota to apply the
NOT
FOR
SALEand
OR
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
user quotas.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 9 Modify the fstab file
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
6. Press the Esc key to exit the Insert mode.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
7. FOR
Type SALE
:wq! and
press
Enter to save your changes and exit
theFOR
vi Editor.
NOT
OR
DISTRIBUTION
NOT
SALE OR DISTRIBUTION
8. At the command prompt, type cat /etc/fstab and press Enter to display the contents of the
file.
9. Make
a screen
capture showing the edited
contents
of the fstab
file and paste
© Jones & Bartlett
Learning,
LLC
© Jones
& Bartlett
Learning,
LLCit into the
Lab
Report file.
NOT FOR SALE OR
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
10. At the command prompt, type su -c ꞌmount -o remount /commonꞌ and press Enter to
remount the common partition after having made the changes to the fstab file.
© Jonestype
& Bartlett
Learning,
© Jones & Bartlett Learning, LL
11. When prompted,
P@ssw0rd!,
the root LLC
password, and press Enter.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
uNote:
You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this
lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
12.FOR
At the
command
prompt, type su -c ꞌ /sbin/quotacheckNOT
-cugFOR
/commonꞌ
and
press
Enter to
NOT
SALE
OR DISTRIBUTION
SALE
OR
DISTRIBUTION
initialize the quota database on this folder filesystem.
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
76 | Lab #4 Applying Hardened Linux Filesystem Security Controls
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
uNote:
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Editing the /etc/fstab file and remounting the filesystem only alerted Linux to the fact that the filesystem has
quota capabilities. You initialize the quota table with the quotacheck command.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
13. When prompted, type P@ssw0rd!, the root password, and press Enter.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
uNote:
You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this
lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT
FOR
SALE
OR
DISTRIBUTION
NOT FOR
OR DISTRIBUTION
14. At the command prompt, type su -c ꞌ/sbin/quotaon /commonꞌ
and SALE
press Enter
to turn
quotas on.
15. When prompted, type P@ssw0rd!, the root password, and press Enter.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
uNote:
NOT FOR SALE
OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this
lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password.
16. At the command prompt, type su -c ꞌ/usr/sbin/edquota -f /common studentꞌ and press
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
Enter to open the user quota settings.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
17. When prompted, type P@ssw0rd!, the root password, and press Enter.
uNote:
You
are required
to enterLearning,
a mixed-caseLLC
password. If you are not using
the Citrix
access this LLC
© Jones
& Bartlett
© Jones
& Receiver
BartletttoLearning,
lab,
please
the CAPS
button or the On-Screen KeyboardNOT
to input
the SALE
password.
NOT
FORuse
SALE
OR LOCK
DISTRIBUTION
FOR
OR DISTRIBUTION
18. Press the i key to enter the Insert mode.
19. Use the arrow keys to locate the /dev/loop1 line in the Disk quotas for user student (uid
© Jones & Bartlett500)
Learning,
© Jones & Bartlett Learning, LLC
section LLC
of the file.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
20. Type the new limits indicated below to change the existing limits.
•
•
First soft column: 30
First©hard
column:
100
Jones
& Bartlett
Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
77
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 10 Set the quotas for the student user account
© Jones & Bartlett
Learning,
© Jones & Bartlett Learning, LLC
21. Press
the EscLLC
key to exit the Insert mode.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
22. Type :wq! and press Enter to save your changes and exit the vi Editor.
Part 3: Quota Testing and Verification
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
uNote:
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
In the next steps, you will follow several test scenarios to make sure that your filesystem changes in the
previous lab parts were effective.
1. At the
commandLearning,
prompt, type
su –c ꞌmkdir /common/student
&&&chown
student.student
© Jones
& Bartlett
LLC
© Jones
Bartlett
Learning, LLC
/common/studentꞌ
and
press
Enter
to
create
a
new
directory
called
student
andDISTRIBUTION
change
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR
ownership of that directory to the student user account.
2. When prompted, type P@ssw0rd!, the root password, and press Enter.
© Jones & Bartlett
© Jones & Bartlett Learning, LLC
uNote:Learning, LLC
NOT FOR SALE
ORrequired
DISTRIBUTION
ORCitrix
DISTRIBUTION
You are
to enter a mixed-case password.NOT
If you FOR
are notSALE
using the
Receiver to access this
lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password.
3. At the command prompt, type cd /common/student and press Enter to change the
directory.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
Notice that the command prompt indicates that the directory has changed.
4. At the command prompt, type dd if=/dev/urandom of=yourname.file bs=9548576 count=1,
replacing yourname with your own name, and press Enter to create a file with
© Jones
& Bartlett 100MB
Learning,
LLC data.
© Jones & Bartlett Learning, LLC
approximately
of random
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
78 | Lab #4 Applying Hardened Linux Filesystem Security Controls
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
Figure 11 Attempt to create a file that exceeds user quotas
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
5. FOR
Make SALE
a screen
capture
showing the output from your test
andFOR
pasteSALE
it intoOR
the DISTRIBUTION
Lab Report
NOT
OR
DISTRIBUTION
NOT
file.
6. At the command line prompt, type su –c ꞌ/usr/sbin/repquota /commonꞌ and press Enter to
run a report of the amount of the quota limit already used.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR
DISTRIBUTION
NOT
FOR
SALE
The
repquota report displays a summary
of the
disk
usageOR
andDISTRIBUTION
quotas for the specified
filesystems. The current number of files and amount of space (in kilobytes) is printed for
each user, along with any quotas created with edquota.
7. When prompted,
P@ssw0rd!,
the root LLC
password, and press Enter.
© Jonestype
& Bartlett
Learning,
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
uNote:
You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this
lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
Figure
12 Repquota report
NOT FOR SALE OR
DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
8. At the command line prompt, type quota and press Enter to run a quota report of the
student directory.
© Jones
& aBartlett
Learning,
LLCthe quota report and paste
© Jones
Bartlett
Learning,
9. Make
screen capture
showing
it into&the
Lab Report
file. LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
10. In the Lab Report file, compare the output of the repquota and quota commands.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
79
© Jones & Bartlett Learning, LLC
Close
the remote Linux connection.
NOT FOR SALE11.
OR
DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
uNote:
This completes the lab. Close the virtual lab, if you have not already done so.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
80 | Lab #4 Applying Hardened Linux Filesystem Security Controls
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Evaluation
Criteria
and
Rubrics
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
The following are the evaluation criteria and rubrics that the students must perform:
1. Mount a filesystem without execute permissions, so you can safely read the data
© in
Jones
& Bartlett
Learning,
Jones & Bartlett Learning, LL
contained
the disk
without executing
anyLLC
unexpected programs – ©
[20%]
FOR
SALE OR
DISTRIBUTION
2. Mount aNOT
remote
filesystem
and configure
the system to be mounted NOT
at bootFOR
timeSALE
for an OR DISTRIBUT
automatic network share on a Linux system – [20%]
3. Set user quotas on disk to protect the availability and security on the Linux system and to
prevent users from taking up all the disk drive space on the system – [20%]
4.
Edit
modifyLearning,
the /etc/fstab
file to manage local and©remote
file shares
as well
© Jones &and
Bartlett
LLC
Jonesnetwork
& Bartlett
Learning,
LLC
as theSALE
necessary
mounting configurations required
[20%]
NOT FOR
OR disk
DISTRIBUTION
NOT
FOR SALE OR DISTRIBUTION
5. Configure and use the repquota command to verify usage of disk space by users and
manage quotas – [20%]
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
81
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Lab
#4
–
Assessment
Worksheet
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Applying Hardened Linux Filesystem Security Controls
Course Name and Number: _____________________________________________________
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT
FOR
SALE
OR
DISTRIBUTION
Student Name: ________________________________________________________________
Instructor Name: ______________________________________________________________
© Jones
& Bartlett
Learning, LLC
© Jones & Bartlett Learning, LLC
Lab
Due Date:
________________________________________________________________
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Overview
This lab, an extension of the previous labs, incorporated security hardening for filesystems and
© Jones & Bartlett
Learning,
LLCfilesystems. In this lab,
©you
Jones
& Bartlett
Learning,
LLC
user access
to mounted
mounted
a filesystem
that does
not have
NOT FOR SALE
OR
DISTRIBUTION
NOT
FOR
SALE
OR
DISTRIBUTION
execute permissions on the CentOS Linux Server. You also mounted a remote filesystem and set
quotas for users of mounted filesystems.
Lab Assessment Questions & Answers
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT
FOR
NOToption
FOR would
SALEallow
OR DISTRIBUTION
1. Which fstab
customers to view PDF files without
being
ableSALE OR DISTRIBUT
to modify the files?
Note introducing Part 1. Read-Only or ro
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
2. FOR
Describe
theOR
process
to create a quota hard limit of 2G
for aFOR
user.SALE OR DISTRIBUTION
NOT
SALE
DISTRIBUTION
NOT
Note introducing Part 2. The following steps are required to establish a quota.
• Add usrquota to the mounting options and mount or remount.
• Initialize the quota database.
© Jones & Bartlett•Learning,
LLC
© Jones & Bartlett Learning, LLC
Turn quotas
on.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
• Edit the user’s quota table to specify a hard limit.
3. What command enables you to initialize quotas on a filesystem?
© Jones
LLC
© Jones & Bartlett Learning, LL
Part 2, Step
12. Use &
theBartlett
commandLearning,
su -c ꞌ /sbin/quotacheck
-cug /<filesystem>ꞌ
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
4. What command enables you to change disk quotas on the /common filesystem for
the student user account?
Part&2,Bartlett
Step 16. Use
the command
-f /common
studentꞌLearning, LLC
© Jones
Learning,
LLCsu -c ꞌ/usr/sbin/edquota
© Jones
& Bartlett
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
82 | Lab #4 Applying Hardened Linux Filesystem Security Controls
© Jones & Bartlett Learning, LLC
What
is the /etc/fstab file for?
NOT FOR SALE5.OR
DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Note introducing Part 1. The /etc/fstab file (or filesystems table) is a system configuration
file commonly found on UNIX systems. This file usually lists all available disks and disk
partitions, and indicates how they are to be initialized or otherwise integrated into the
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
overall system's filesystem.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
6. What is the mount command? Explain.
Note introducing Part 1. The mount command instructs the operating system that a
© Jones
& Bartlett
Jones &
Bartlett
filesystem
is readyLearning,
to use, andLLC
it becomes associated with ©
a particular
point
in the Learning, LLC
filesystem’s
NOT FOR
SALEhierarchy.
OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
7. What is the repquota command in Linux used for? Explain. How is this different
from the quota command?
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Note following Part 3, Step 6. The repquota report displays a summary of the disk usage
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
and quotas for the specified filesystems. The current number of files and amount of space
(in kilobytes) is printed for each user, along with any quotas created with edquota.
(Answers to the second question will be unique to each student.)
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Lab #5 Hardening Security for Linux Services and
Applications
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Introduction
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
This lab is an extension of previous labs, and it incorporates security hardening for Linux
services and applications loaded in the physical server. Every service and application in a Linux
© Jones
Bartlettconfiguration
Learning, LLC
Jones
& Bartlett
Learning,
LLC
system
has &
a separate
file. These configuration©files
consist
of a collection
of
NOT
FOR
SALE
OR
DISTRIBUTION
NOT
FOR
SALE
OR
DISTRIBUTION
execution commands that control various aspects of the program, such as passwords, disk quotas,
access, user accounts, and even system messages. In most cases, the configuration files are found
in the Linux /etc directory.
In this lab,
you will LLC
configure security and hardened
services
and applications
ensure the
© Jones & Bartlett
Learning,
© Jones
& Bartlett
Learning,toLLC
confidentiality,
integrity,
and
availability
of
those
services.
You
will
configure
and
secure an
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Apache Web server and MySQL database and the components necessary to harden the security
implementation of both. You also will configure the Sendmail application for secure local
messaging and will enable secure, encrypted remote access using Secure Shell (SSH).
Jones
& Bartlett
Learning,
© Jones
& Bartlett Learning, LL
This lab has four©parts,
which
should be
completedLLC
in the order specified. There
is no challenge
NOT
FOR
SALE OR DISTRIBUT
NOT
FOR
SALE
OR
DISTRIBUTION
question for this lab.
1. In the first part of the lab, you will apply harden security measures for a MySQL database
application.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
2. In the second part of the lab, you will apply harden security measures on this server by
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
modifying the Apache Web services configuration file (httpd.conf).
3. In the third part of the lab, you will apply harden security measures on this server by
modifying the Sendmail configuration file (sendmail.mc).
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
4.
In
the
fourth
part
of
the
lab,
you
will
edit
theFOR
SSH SALE
configuration
file (sshd_config) to
NOT FOR SALE OR DISTRIBUTION
NOT
OR DISTRIBUTION
disallow direct root login, require all connecting systems be whitelisted (added to a
internal registry of recognized systems), and display a warning message to everyone who
attempts to log in remotely.
© Jones & Bartlett Learning, LLC
Learning Objectives
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
Upon completing this lab, you will be able to do the following:
• Harden Linux server services when enabling and installing them, and keep a security
© Jones
& Bartlett
Learning,
LLC
© Jones & Bartlett Learning, LLC
perspective
during
configuration
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved.
© Jones & Bartlett
Learning, LLC
www.jblearning.com
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Instructor Lab Manual 83
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
84 | Lab #5 Hardening Security for Linux Services and Applications
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT
FOR
SALE
OR DISTRIBUTION
•
Perform
basic
security
configurations
to ensure
that
the system
has been hardened before
NOT FOR SALE OR DISTRIBUTION
hosting a Web site
• Configure and perform basic security for a MySQL database, understanding the
ramifications of a default installation and recommending hardening steps for the database
instance© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
• Set up and
perform
configuration for Sendmail to be able
leverage
the OR DISTRIBUT
NOTtoFOR
SALE
NOT
FOR basic
SALEsecurity
OR DISTRIBUTION
built-in messaging capabilities of the Linux system
• Enable and implement secure SSH for encrypted remote access over the network or
across the Internet of a Linux server system
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT
FOR
SALE
OR
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Tools and Software
The following software and/or utilities are required to complete this lab. Students are encouraged
to explore the Internet to learn more about the products and tools used in this lab.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
• Apache Web Server
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
• MySQL
• Sendmail
• vi Editor
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
85
© Jones & Bartlett Learning, LLC
Deliverables
NOT FOR SALE
OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Upon completion of this lab, you are required to provide the following deliverables to your
instructor:
© Jones
& Bartlett
Learning,
LLC
& Bartlett
1. Lab Report
file including
screen
captures of
the following steps: Part©1,Jones
Step 14;
Part 2, Learning, LL
NOT
FOR
SALE
OR DISTRIBUT
NOT
FOR
SALE
OR
DISTRIBUTION
Steps 11 and 15; Part 3, Step 10; Part 4, Steps 22 and 26;
2. Lab Assessments file.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
CopyrightOR
© 2014
by Jones & Bartlett Learning, LLC, an Ascend Learning Company.
rights reserved.
NOT FOR SALE
DISTRIBUTION
NOT All
FOR
SALE OR DISTRIBUTION
Instructor Lab Manual
www.jblearning.com
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
86 | Lab #5 Hardening Security for Linux Services and Applications
© Jones & Bartlett Learning, LLC
NOT FOR SALE
OR DISTRIBUTION
Hands-On
Steps
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
uNote:
This lab contains detailed lab procedures, which you should follow as written. Frequently performed tasks
are explained in the
Common&Lab
Tasks document
on the
vWorkstation desktop. You
should review
these Learning, LL
© Jones
Bartlett
Learning,
LLC
© Jones
& Bartlett
tasks before starting
theFOR
lab. SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUT
NOT
1. From the vWorkstation desktop, open the Common Lab Tasks file.
If you desire, use the File Transfer button to transfer the file to your local computer and
© Jones
LLC
© Jones & Bartlett Learning, LLC
print&aBartlett
copy for Learning,
your reference.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning,
© Jones & Bartlett Learning, LLC
FigureLLC
1 “Student Landing” vWorkstation
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
2. On your local computer, create the lab deliverable files.
3. Review the Lab Assessment Worksheet at the end of this lab. You will find answers to
these questions as you proceed through the lab steps.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Part 1: Secure MySQL database
uNote:
In the next steps, you will harden a MySQL database application by modifying the my.cnf configuration file.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
You will add skip-networking to prevent remote access to the database and disallow the ability to load a
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
local data file. You also will configure the database to start automatically on runlevel 3, and set the MySQL
root password.
Runlevels define the state of the Linux server upon boot-up. Defining runlevels helps define access control
© Jones &
Learning,
LLC to access the service
© orJones
& Bartlett
parameters
forBartlett
users or system
administrators
application
uniquely.Learning,
Runlevel LLC
NOT
FOR
SALE
OR
DISTRIBUTION
NOT
FOR
SALE
OR
DISTRIBUTION
three, Multi-user Mode with Networking, is the most common mode. It enables multiple user accounts,
networking, command line configurations, and remote access to the server.
1. Double-click the RDP folder icon on the desktop.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
87
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
2.
Double-click
the
TargetCentOS01.rdp
file
to open
LinuxOR
server.
NOT
FORthe
SALE
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
The remote GNOME desktop, the graphical user interface (GUI) for the virtual Linux
server, opens with the IP address of the remote machine (172.30.0.21) in the title bar at
the top of the window.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 2 GNOME desktop
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
3. Double-click
Terminal
the GNOME desktop to open the terminal
emulator
NOT FOR
SALEand
OR DISTRIBUT
NOTthe
FOR
SALEicon
ORonDISTRIBUTION
access the Linux server command line.
4. At the command prompt, type sudo /sbin/service mysqld status and press Enter to check
the status of the MySQL service.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
5. FOR
WhenSALE
prompted
a password, type pass=7890 and press
NOT
OR for
DISTRIBUTION
NOT Enter.
FOR SALE OR DISTRIBUTION
The system returns a status indicating that the MySQL daemon service is not running.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett
LLC of a service
© Jones & Bartlett Learning, LL
Figure 3Learning,
Check the status
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
6. At the command prompt, type su -c ꞌvi /etc/my.cnfꞌ and press Enter to open the MySQL
configuration file in the vi Editor.
7. When prompted, type P@ssw0rd!, the root password, and press Enter.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
CopyrightOR
© 2014
by Jones & Bartlett Learning, LLC, an Ascend Learning Company.
rights reserved.
NOT FOR SALE
DISTRIBUTION
NOT All
FOR
SALE OR DISTRIBUTION
Instructor Lab Manual
www.jblearning.com
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
88 | Lab #5 Hardening Security for Linux Services and Applications
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE
OR DISTRIBUTION
uNote:
You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this
lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password.
& Bartlett
Learning,
© Jones & Bartlett Learning, LL
8. Press the©i Jones
key to enter
the Insert
mode. LLC
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
9. Use the arrow keys to locate the #symbolic-links=0 line and delete the # symbol from the
beginning of the line to enable this command.
10. Use the arrow keys to locate the #skip-networking line and delete the # symbol from the
© Jones
& Bartlett
LLC
© Jones & Bartlett Learning, LLC
beginning
of theLearning,
line to enable
this command.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
uNote:
symbolic-links: Symbolic links are a special type of file that contains a reference to another file or
directory in the form of an absolute or relative path and that affects pathname resolution. Because some
© Jones & Bartlett
Learning,
LLC
© Jones
& Bartlett
Learning,
LLCthe original file
MySQL statements
work
by creating a temporary file
in the database
directory
and replacing
with the
file when the statement operation
is complete;
this could
several security risks.
NOT FOR SALE
ORtemporary
DISTRIBUTION
NOT
FOR SALE
OR create
DISTRIBUTION
skip-networking: This prevents remote connections (including attacks) to the MySQL DB but will still allow
localhost connections via the mysql.sock socket.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
Figure 4 Modify
my.cnf
file OR DISTRIBUTION
NOTtheFOR
SALE
11. Press the Esc key to exit the Insert mode.
12. Type :wq! and press Enter to save your changes and exit the vi Editor.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
13. At the command
prompt,
type
cat
/etc/my.cnf
and
press
Enter
to
display
theFOR
contents
of OR DISTRIBUT
NOT
SALE
NOT FOR SALE OR DISTRIBUTION
the edited file.
14. Make a screen capture showing the contents of the edited file and paste it into the Lab
Report file.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT
FOR
SALE
OR
DISTRIBUTION
NOT3FOR
SALE
ORpress
DISTRIBUTION
15. At the command prompt, type sudo /sbin/chkconfig --level
mysqld
on and
Enter to
start the database server automatically only in runlevel 3.
16. At the command prompt, type sudo /sbin/chkconfig mysqld --list and press Enter to view
MySQL runlevel
settings and verify
the service
is turned
on in runlevel
© Jones & Bartlettthe
Learning,
LLC
© that
Jones
& Bartlett
Learning,
LLC 3.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
89
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Though
the
sudo
command
usually
requires
a password,
sudo commands in the
NOT FOR
SALE repeated
OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
same session (as in this instance) do not required repeated re-entry of the password.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
Figure 5 MySQL runlevel settings
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT
OR DISTRIBUTION
NOT
FOR
OR DISTRIBUTION
17.FOR
At theSALE
command
prompt, type sudo /sbin/service mysqld
start
andSALE
press Enter
to start the
database server.
The system returns an OK flag indicating that the MySQL daemon service is starting.
that the
service started without ©
a database
© Jones & BartlettNotice
Learning,
LLC
Jones &password.
Bartlett Learning, LLC
NOT FOR SALE18.
OR
OR DISTRIBUTION
AtDISTRIBUTION
the command prompt, type mysql -uNOT
root FOR
-p andSALE
press Enter
to enter the MySQL
environment.
19. At the password prompt, press Enter without entering a password.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
Notice that
theFOR
command
has changed to mysql>. By default,NOT
no password
is OR DISTRIBUT
FOR SALE
NOT
SALEprompt
OR DISTRIBUTION
required for the database root user, which can be a significant security risk. You can
harden the security by setting a root password for the MySQL server.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
CopyrightOR
© 2014
by Jones & Bartlett Learning, LLC, an Ascend Learning Company.
rights reserved.
NOT FOR SALE
DISTRIBUTION
NOT All
FOR
SALE OR DISTRIBUTION
Instructor Lab Manual
www.jblearning.com
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
90 | Lab #5 Hardening Security for Linux Services and Applications
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
6 MySQL
console
© Jones & BartlettFigure
Learning,
LLC
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
20. At the command prompt, type SET PASSWORD FOR root@localhost =
PASSWORD('pass=7890'); and press Enter to set the MySQL root password.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
Figure 7 Set the MySQL root password
21. At the command prompt, type quit and press Enter to exit the MySQL environment and
© Jones
& Bartlett
Learning, LLC
© Jones & Bartlett Learning, LLC
return
to the TargetCentOS01
command prompt.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
22. Now, repeat step 18 to attempt to log into mysql without entering a password: At the
command prompt, type mysql -u root -p and press Enter to enter the MySQL environment.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
91
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
23.
At
the
password
prompt,
press
Enter
without
entering
a password.
NOT FOR
SALE
OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
This time, the access is denied because a password is required.
Part 2: Harden©the
Apache
Web server
Jones
& Bartlett
Learning, LLC
uNote:
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
The Apache Web server is an open source HTTP server that can run on *nix-based and Windows
operating systems. In the next steps, you will harden security measures on this server by modifying the
Apache Web services configuration file (httpd.conf). You will first set the service to start automatically in
© Jones
& Bartlett
Learning,
LLCconnection method, and©then
Jones
Bartlett
Learning, LLC
runlevel
3, disable
the default
HTTP Trace
verify &
your
changes.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
1. At the command prompt, type sudo /sbin/chkconfig --level 3 httpd on and press Enter to
set the Web service to start automatically on runlevel 3.
2. IfLearning,
prompted for
a password, type pass=7890
and press
Enter.Learning, LLC
© Jones & Bartlett
LLC
© Jones
& Bartlett
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
3. At the command prompt, type sudo /sbin/service httpd start and press Enter to start the
httpd service.
The system returns an OK flag indicating that the httpd service is starting.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 8 httpd runlevel settings
4. At the command prompt, type su -c ꞌ vi +86 /etc/httpd/conf/httpd.conf ꞌ and press Enter to
© Jones & Bartlettopen
Learning,
LLC file in the vi Editor©and
Jones
Bartlett
LLC
the httpd.conf
move&directly
to Learning,
line 86.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
5. When prompted, type P@ssw0rd!, the root password, and press Enter.
uNote:
You are required ©
to enter
a mixed-case
password.
If youLLC
are not using the Citrix Receiver
to access
this
Jones
& Bartlett
Learning,
© Jones
& Bartlett
Learning, LL
lab, please use the
CAPS
LOCK
button
or
the
On-Screen
Keyboard
to
input
the
password.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
6. Press the i key to enter the INSERT mode.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
CopyrightOR
© 2014
by Jones & Bartlett Learning, LLC, an Ascend Learning Company.
rights reserved.
NOT FOR SALE
DISTRIBUTION
NOT All
FOR
SALE OR DISTRIBUTION
Instructor Lab Manual
www.jblearning.com
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
92 | Lab #5 Hardening Security for Linux Services and Applications
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
7.
Use
the
arrow
keys
to
locate
the
#TraceEnable
off line
andOR
delete
the # symbol at the
NOT FOR
SALE
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
beginning of the line to disable the Trace connection method.
This method has the potential to leak more information about the server than necessary
and poses a security risk.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
Figure
© Jones & Bartlett Learning,
LLC9 Disable the Trace method
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
8. Press the Esc key to exit the Insert mode.
9. Type :wq! and press Enter to save your changes and exit the vi Editor.
10. At
the command
httpd
configtest
and press
Enter to test
© Jones & Bartlett
Learning,
LLCprompt, type sudo /sbin/service
© Jones &
Bartlett
Learning,
LLC
for
any
syntax
errors
in
the
configuration
file
caused
by
your
edits.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
The system will return a Syntax OK message indicating that the file is error-free.
11. Make a screen capture showing the syntax message and paste it into the Lab Report file.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
12. At the command
prompt,
type
sudo
/sbin/service
httpd
reload
and
press
Enter
to SALE
reload OR DISTRIBUT
NOT
FOR
NOT FOR SALE OR DISTRIBUTION
the configuration file and put your changes into effect.
The system returns no error indicating that the Web service is reloading.
© Jones
& Bartlett
Learning,
LLC
Jones
& to
Bartlett
Learning, to
LLC
13. At the
command
prompt, type
telnet localhost 80 and ©
press
Enter
open a connection
NOT FOR
SALE
OR
DISTRIBUTION
NOT
FOR
SALE
OR
DISTRIBUTION
port 80 to test your configuration changes.
Once connected to the localhost, the solid cursor becomes the command prompt.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
93
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 10 Telnet prompt
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
SALE
NOT
FOR
SALE
OR
DISTRIBUTION
14. At the solid cursor command prompt, type TRACE and press Enter toNOT
openFOR
the raw
codeOR DISTRIBUT
of an HTML file.
In this case, the system generates an HTML file that indicates the method is not allowed,
which
verifies that
your changes
© Jones
& Bartlett
Learning,
LLC were successful. © Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
Jones
Bartlett Learning, LLC
Figure 11 Output©from
Telnet&connection
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
15. Make a screen capture showing the output of the TRACE command and paste it into the
Lab Report file.
Jones & Bartlett Learning, LLC
Part 3: Secure©Sendmail
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
uNote:
In the next steps, you will harden security measures on this server by modifying the Sendmail configuration
file (sendmail.mc). Sendmail is the default Linux mail server and can be the source of many security threats
Jones
& Bartlett
Learning,
LLC
© Jones
& Bartlett
LLC
if©not
hardened
properly. You
will first set
the service to start automatically
in runlevel
3, andLearning,
then configure
the
sendmail.mc
configuration
file to restrict relaying mail. An openNOT
SMTPFOR
relay allows
on the
NOT
FOR SALE
OR DISTRIBUTION
SALEanyone
OR DISTRIBUTION
Internet to relay e-mail through it.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
CopyrightOR
© 2014
by Jones & Bartlett Learning, LLC, an Ascend Learning Company.
rights reserved.
NOT FOR SALE
DISTRIBUTION
NOT All
FOR
SALE OR DISTRIBUTION
Instructor Lab Manual
www.jblearning.com
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
94 | Lab #5 Hardening Security for Linux Services and Applications
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
1.
At
the
command
prompt,
type
sudo
/sbin/chkconfig
--levelOR
3 sendmail
on and press Enter
NOT FOR SALE
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
to set the Sendmail service to start automatically on runlevel 3.
2. If prompted for a password, type pass=7890 and press Enter.
© Jonesprompt,
& Bartlett
Learning,
© Jones
& Bartlett
Learning, LL
3. At the command
type su
-c ꞌvi +116LLC
/etc/mail/sendmail.mcꞌ and
press Enter
to
NOT
FOR
SALE
OR
DISTRIBUT
NOT
FOR
SALE
OR
DISTRIBUTION
open the mail configuration file in the vi Editor at line 116.
4. When prompted, type P@ssw0rd!, the root password, and press Enter.
uNote:
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
You
areFOR
required
to enter
mixed-case password. If you are not using
theFOR
Citrix SALE
ReceiverOR
to access
this
NOT
SALE
ORaDISTRIBUTION
NOT
DISTRIBUTION
lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password.
5. Press the i key to enter the INSERT mode.
© Jones & Bartlett
Learning,
LLC
© Jones & Bartlett Learning,
LLC
6. Use
the arrow
keys to locate the DAEMON_OPTIONS(ꞌPort=smtp,
Name=MTAꞌ)dnl
line in
NOT FOR SALE OR
DISTRIBUTION
NOT
FOR
SALE
OR
DISTRIBUTION
the file, move the cursor directly after the word smtp, and type Addr=127.0.0.1, so that the
entire line reads: DAEMON_OPTIONS(`Port=smtp, Addr=127.0.0.1, Name=MTA')dnl.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
Figure 12 Modify the sendmail.mc file
7. Press the Esc key to exit the Insert mode.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
8. FOR
Type SALE
:wq! and
press
Enter to save your changes and exit
theFOR
vi Editor.
NOT
OR
DISTRIBUTION
NOT
SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
95
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
9.
At
the
command
prompt,
type
sudo
/sbin/service
startDISTRIBUTION
and press Enter to start
NOT FORsendmail
SALE OR
NOT FOR SALE OR DISTRIBUTION
the Sendmail server.
The system returns OK flags to indicate that both the Sendmail server and client service
are running.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
10. Make a screen
capture
showing
OK flags and paste it into the LabNOT
Report
file.SALE OR DISTRIBUT
FOR
NOT FOR
SALE
OR the
DISTRIBUTION
Part 4: Secure SSH
© Jones & Bartlett Learning, LLC
uNote:
© Jones & Bartlett Learning, LLC
NOT
FOR
SALE
OR
DISTRIBUTION
NOT
FOR
SALE ORinDISTRIBUTION
Secure Shell (SSH) is an encrypted remote command-line login, and
ensures
confidentiality
remote
access and login by system administrators. Telnet was the predecessor to SSH. It sends remote access
and login unencrypted in cleartext and therefore can be compromised easily by a hacker if the IP packets
are sniffed and captured. In the next steps, you will first set the service to start automatically in runlevel 3
and then Learning,
configure theLLC
secure shell (SSH service) ©
so Jones
that it disallows
login by
the root account,
© Jones & Bartlett
& Bartlett
Learning,
LLC accepts
only recognized
hosts, requires all hosts be addedNOT
to the FOR
hosts file,
and OR
displays
a message to every user
NOT FOR SALE
OR DISTRIBUTION
SALE
DISTRIBUTION
who attempts to log into the server.
1. At the command prompt, type su -c ꞌvi /etc/ssh/sshd_configꞌ and press Enter to open the
SSH configuration
in the viLearning,
Editor. LLC
© Jones &file
Bartlett
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT
FOR
SALE
OR
DISTRIBUTION
2. When prompted, type P@ssw0rd!, the root password, and press Enter.
uNote:
You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this
© Jones
& Bartlett
& password.
Bartlett Learning, LLC
lab,
please use
the CAPSLearning,
LOCK buttonLLC
or the On-Screen Keyboard©toJones
input the
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
3. Press the i key to enter the INSERT mode.
4. Use the arrow keys to locate the #PermitRootLogin yes line in the file and delete the #
fromLLC
the beginning of the line ©
to Jones
enable the
command.
© Jones & Bartlettsymbol
Learning,
& Bartlett
Learning, LLC
NOT FOR SALE5.OR
NOT
FORtheSALE
OR
DISTRIBUTION
InDISTRIBUTION
the PermitRootLogin line, type no to
replace
yes and
remove
the root account’s
ability to login.
6. Use the arrow keys to locate the PasswordAuthentication yes line in the file and type no to
replace the
yes and&disable
logins
with passwords.
© Jones
Bartlett
Learning,
LLC
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
Notice that there are 2 PasswordAuthentication lines. The first has a # symbol in front
disabling it by default. The second does not have a # symbol, so that is the command the
system is currently reading and that is the command line you will need to edit.
© Jones
Bartlett
Learning,
© Jones
Bartlett
LLC
7. Use&the
arrow keys
to locateLLC
the #UsePAM no line in the
file and&delete
the #Learning,
symbol from
NOT FOR
SALE
OR
DISTRIBUTION
NOT
FOR
SALE
OR
DISTRIBUTION
the beginning of the line to enable the command.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
CopyrightOR
© 2014
by Jones & Bartlett Learning, LLC, an Ascend Learning Company.
rights reserved.
NOT FOR SALE
DISTRIBUTION
NOT All
FOR
SALE OR DISTRIBUTION
Instructor Lab Manual
www.jblearning.com
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
96 | Lab #5 Hardening Security for Linux Services and Applications
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
8.
Use
the
arrow
keys
to
locate
the
UsePAM
yesFOR
line in
the file
and
type the # symbol at the
NOT
SALE
OR
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
beginning of the line to disable the command.
9. Use the arrow keys to locate the #Banner none line in the file and delete the # symbol
from the beginning of the line to enable the command.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
OR DISTRIBUT
NOT
FOR
SALE
OR
DISTRIBUTION
10. In the Banner line, type /etc/motd to replace the none and specify theNOT
nameFOR
of theSALE
file that
will display an error message to every user who attempts to log in.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 13 Modify the sshd_config file
11. Press the Esc key to exit the Insert mode.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
12.
Type
:wq!
and
press
Enter
to
save
your
changes
and
exit the
Editor.
NOT FOR SALE OR DISTRIBUTION
NOT
FOR
SALE
ORviDISTRIBUTION
13. At the command prompt, type su -c ꞌvi /etc/motdꞌ and press Enter to open the MOTD
(message of the day) banner file in the vi Editor.
© Jonestype
& Bartlett
Learning,
© Jones & Bartlett Learning, LL
14. When prompted,
P@ssw0rd!,
the root LLC
password, and press Enter.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
uNote:
You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this
lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
15.FOR
PressSALE
the i key
enter the INSERT mode.
NOT
ORtoDISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
16. At the beginning of the first blank line, type PROPERTY OF FIRST WORLD BANK
SAVINGS AND LOAN. AUTHORIZED USERS ONLY!
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
97
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
Figure 14 Modify the motd file
17. Press the Esc key to exit the Insert mode.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
18.FOR
Type SALE
:wq! andOR
press
Enter to save your changes and exit
theFOR
vi Editor.
NOT
DISTRIBUTION
NOT
SALE OR DISTRIBUTION
19. At the command prompt, type sudo /sbin/service sshd status and press Enter to check the
status of the open SSH server.
© Jones & Bartlett
Learning,
LLCfor a password, type pass=7890
© Jones &
Learning, LLC
20. When
prompted
andBartlett
press Enter.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
The system will return an indicator that the openssh-daemon is running.
21. Make a screen capture showing the status of the openssh-daemon and paste it into the
Lab Report file.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
22. At the command
prompt,
/sbin/service sshd reload and press
Enter
to reload
NOT
FOR
SALEthe
OR DISTRIBUT
NOT FOR
SALEtype
ORsudo
DISTRIBUTION
open SSH configuration file and put your changes into effect.
The system returns an OK flag indicating that the SSH service is reloading.
© Jones
& Bartlett
LLC
Jones
& Bartlett
23. At the
commandLearning,
prompt, type
ssh localhost and press©Enter
to open
an SSHLearning,
connectionLLC
NOT FOR
SALE
OR
DISTRIBUTION
NOT
FOR
SALE
OR
DISTRIBUTION
to the localhost.
The system returns an error indicating that localhost is not a recognized host. Unless the
host is specifically added to the hosts file, which was not done in this lab, this error will
The system
continue
the attempted
connection.
© Jones & Bartlettoccur.
Learning,
LLC will also prompt you
© to
Jones
& Bartlett
Learning,
LLC
NOT FOR SALE24.
OR
DISTRIBUTION
NOT
SALE
OREnter.
DISTRIBUTION
When
prompted to continue connecting,
typeFOR
yes and
press
Because the sshd_config file was configured to deny SSH access to the root user and
anyone trying to use a password, the SSH server will prevent the remote access and
display the
message&of
the day.Learning, LLC
© Jones
Bartlett
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
CopyrightOR
© 2014
by Jones & Bartlett Learning, LLC, an Ascend Learning Company.
rights reserved.
NOT FOR SALE
DISTRIBUTION
NOT All
FOR
SALE OR DISTRIBUTION
Instructor Lab Manual
www.jblearning.com
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
98 | Lab #5 Hardening Security for Linux Services and Applications
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure
15 VerifyLearning,
MOTD banner
message for SSH login © Jones & Bartlett Learning, LL
© Jones
& Bartlett
LLC
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
25. Make a screen capture showing the message of the day banner and paste it into the Lab
Report file.
26. Close the remote Linux connection window.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
uNote:
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
This completes the lab. Close the virtual lab, if you have not already done so.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
99
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Evaluation
Criteria
and
Rubrics
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
The following are the evaluation criteria for this lab that students must perform:
1. Harden Linux server services when enabling and installing them, and keep a security
© Jones
Bartlett Learning,
© Jones & Bartlett Learning, LL
perspective
during&
configuration
– [20%] LLC
NOThardened
FOR SALE
OR DISTRIBUT
SALE
OR DISTRIBUTION
2. PerformNOT
basic FOR
security
configurations
to ensure that the system has been
before
hosting a Web site – [20%]
3. Configure and perform basic security for a MySQL database, understanding the
ramifications of a default installation and recommending hardening steps for the database
instance
– [20%]
© Jones
& Bartlett
Learning, LLC
© Jones & Bartlett Learning, LLC
4. FOR
Set upSALE
and perform
basic security configuration for Sendmail
to be
able to
leverage
the
NOT
OR DISTRIBUTION
NOT FOR
SALE
OR
DISTRIBUTION
built-in messaging capabilities of the Linux system – [20%]
5. Enable and implement secure SSH for encrypted remote access over the network or
across the Internet of a Linux server system – [20%]
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
CopyrightOR
© 2014
by Jones & Bartlett Learning, LLC, an Ascend Learning Company.
rights reserved.
NOT FOR SALE
DISTRIBUTION
NOT All
FOR
SALE OR DISTRIBUTION
Instructor Lab Manual
www.jblearning.com
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
100 | Lab #5 Hardening Security for Linux Services and Applications
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE
Lab OR
#5 DISTRIBUTION
– Assessment Worksheet NOT FOR SALE OR DISTRIBUTION
Hardening Security for Linux Services and Applications
Course Name and
© Number:
Jones &_____________________________________________________
Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
Student Name: ________________________________________________________________
Instructor Name: ______________________________________________________________
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Lab Due Date: ________________________________________________________________
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Overview
This lab was an extension of previous labs. It incorporated security hardening for Linux services
© Jones & Bartlett
Learning,
LLCin the physical server.©InJones
& you
Bartlett
Learning,
LLC
and applications
loaded
this lab,
configured
security
and hardened
NOT FOR SALE
OR
DISTRIBUTION
NOT
FOR
SALE
OR
DISTRIBUTION
services and applications to ensure the confidentiality, integrity, and availability of those
services. You configured and secured an Apache Web server and MySQL database and the
components necessary to harden the security implementation of both. You also configured the
Sendmail application for secure local messaging and enabled secure, encrypted remote access
© Jones
© Jones & Bartlett Learning, LL
using Secure Shell
(SSH).& Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
Lab Assessment Questions & Answers
1. When configuring services, what Linux directory typically contains server
configuration
© Jones
& Bartlettfiles?
Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Introduction. The /etc directory
2. What is a Linux runlevel for a specific service or application? Which command
allows you to define the runlevel uniquely for a service or application?
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Note
introducing
Part
1.
Runlevels
define
the
state
of the
Linux OR
server
upon bootup.
NOT FOR SALE OR DISTRIBUTION
NOT
FOR
SALE
DISTRIBUTION
Defining runlevels helps define access control parameters for users or system
administrators to access the service or application uniquely.
“chkconfig”
© Jones & Bartlett Learning, LLC
Part 1, Step
15. FOR
chkconfig
--level
NOT
SALE
OR3 mysqld
DISTRIBUTION
Part 2, Step 1. chkconfig --level 3 httpd
Part 3, Step 1. chkconfig --level 3 sendmail
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
101
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
3.
What
is
the
Apache
Web
server?
Review
theFOR
/etc/httpd/conf/httpd.conf
NOT
SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
configuration file, and point out a setting that could enhance security.
Note introducing Part 2. The Apache Web server is an open source HTTP server that can
run on *nix based and Windows operating systems.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT
FOR
NOT
FOR
SALE
OR
DISTRIBUTION
(Answers to the second question will be unique to each student; however, one
option
is SALE OR DISTRIBUT
decreasing timeout settings to help prevent against denial of service.)
4. OpenSSH is the de facto method used to remotely access Linux systems. Explain
why&the
use of telnet
is discouraged.
© Jones
Bartlett
Learning,
LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Note introducing Part 4. Secure Shell (SSH) is an encrypted remote command-line login,
and ensures confidentiality in remote access and login by system administrators. Telnet
was the predecessor to SSH. It sends remote access and login unencrypted in cleartext
therefore LLC
can be compromised easily ©
by Jones
a hacker&if the
IP packets
are sniffed
and
© Jones & Bartlettand
Learning,
Bartlett
Learning,
LLC
captured.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
5. What are symbolic links?
Note following Part 1, Step 10. Symbolic links are a special type of file that contains a
reference©toJones
another &
fileBartlett
or directory
in the formLLC
of an absolute or relative path
and that & Bartlett Learning, LL
Learning,
© Jones
affects pathname
resolution.
NOT FOR SALE OR DISTRIBUT
NOT FOR
SALE OR DISTRIBUTION
6. Why is it recommended to disable symbolic links in MySQL?
Note following Part 1, Step 10. Because some MySQL statements work by creating a
© Jones
& Bartlett
Learning,
© Jones
& Bartlett
Learning, LLC
temporary
file in the
database LLC
directory and replacing the original
file with
the temporary
NOT FOR
SALE
OR
DISTRIBUTION
NOT
FOR
SALE
OR
file when the statement operation is complete, this could create several security risks.DISTRIBUTION
7. Why would you add the skip-networking command in MySQL?
Note following Part 1, Step 10. This prevents remote connections (including attacks) to the
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
MySQL DB but will still allow localhost connections via the mysql.sock socket.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
CopyrightOR
© 2014
by Jones & Bartlett Learning, LLC, an Ascend Learning Company.
rights reserved.
NOT FOR SALE
DISTRIBUTION
NOT All
FOR
SALE OR DISTRIBUTION
Instructor Lab Manual
www.jblearning.com
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Lab #6 Hardening Security by Controlling Access
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Introduction
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
This lab is an extension of the previous labs, and it incorporates access control for the CentOS
Linux Server. CentOS has a powerful built-in firewall commonly referred to as IPtables or
© JonesThe
& Bartlett
Learning,
© Jones
& Bartlett
Learning,
Netfilter.
most common
way toLLC
configure IPtables is through
the command
line.
There are LLC
NOT
FOR
SALE
OR
DISTRIBUTION
NOT
FOR
SALE
OR
DISTRIBUTION
some GUI front-ends for IPtables, though they often lack flexibility. You will use the command
line configuration in this lab.
IPtables can be thought of as predefined chains or rules that are read from top to bottom which
allow access
or denyLLC
access to specific protocols
(TCP, UDP,
ICMP)Learning,
and ports. LLC
The first match
© Jones & Bartlett
Learning,
© Jones
& Bartlett
foundOR
in the
chain will be processed, so it is important
where
youOR
place
rules. Best practice
NOT FOR SALE
DISTRIBUTION
NOT FOR
SALE
DISTRIBUTION
recommends a default policy to first refuse (DROP) all packets and add specific rules to allow
(ACCEPT) acceptable packets.
An additional layer of security can be implemented on a Linux server in the form of TCP
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
Wrappers. Installed by default on CentOS servers, TCP Wrappers provides controlled access
NOT
FOR services
SALE OR DISTRIBUT
NOT
FOR
SALE
OR
DISTRIBUTION
using the hosts.allow and hosts.deny files that allow connection to “wrapped”
network
after the packet has passed the IPtables firewall. TCP Wrappers reads the hosts.allow (/etc/hosts)
file before reading the hosts.deny file. Therefore, if a match is found in the hosts.allow before it
reads the hosts.deny rule, the allow rule will be processed.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
For
example,
when aOR
connection
attempt is made to a TCP wrapped
service,
such
as DISTRIBUTION
SSH, the
NOT
FOR SALE
DISTRIBUTION
NOT FOR
SALE
OR
hosts.allow file is accessed to determine whether the client has an allowed rule. Should the rule
not exist in either file or the file is not present, the request is automatically permitted. Rules
permitting or denying are read in chronological order beginning with the hosts.allow file
thereforeLearning,
placement LLC
of rules are of extreme importance.
© Jones & Bartlett
© Jones & Bartlett Learning, LLC
NOT FOR SALE
OR
NOT IP
FOR
SALE
OR DISTRIBUTION
In this
lab,DISTRIBUTION
you will first review current host-based
firewall
services,
flush the current firewall
configuration, and then reconfigure it with stringent permit/deny rule sets. You also will
configure TCP Wrappers for unauthorized access controls and logging. Finally, you will
configure SELinux for an additional layer of security. This lab has four parts, which should be
Jones
& Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
completed in the©order
specified.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
1. In the first part of the lab, you will enable iptables to help lock down services on a Linux
system to permit HTTP, ICMP Ping, and SSH access and deny all other unnecessary
access.
© Jones
& Bartlett
Learning,
© Jones
Bartlett
LLC
2. In the
second part
of the lab,LLC
you will add an additional
layer of&security
of Learning,
the system by
NOT FOR
SALE
OR
DISTRIBUTION
NOT
FOR
SALE
OR
DISTRIBUTION
configuring TCP Wrappers to deny and log unauthorized attempts to access services on
the system.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
102
103
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
3.
In
the
third
part
of
the
lab,
you
will
confirm
SELinux
is enabled
and modify some of the
NOT FOR
SALE
OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
default settings.
4. Finally, if assigned by your instructor, you will explore the virtual environment on your
own to answer a set of challenge questions that allow you to use the skills you learned in
Jones independent,
& Bartlett Learning,
LLC similar to what you ©
Jones
& Bartlett
the lab to©conduct
unguided work,
will
encounter
in a Learning, LL
NOT
FOR
SALE
OR DISTRIBUT
NOT
FOR
SALE
OR
DISTRIBUTION
real-world situation.
Learning Objectives
© Jones
& Bartlett
Learning,
© Jones & Bartlett Learning, LLC
Upon
completing
this lab,
you will LLC
be able to perform the following:
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
• Review current internal host-based firewall parameters and configuration settings to
verify allowed and denied IP communications
• Configure an internal host-based firewall using iptables and create stringent allow/deny
for services
to the system
over Learning,
the networkLLC
© Jones & Bartlettrules
Learning,
LLC that may require access
© Jones
& Bartlett
Harden
the system by enabling TCP Wrappers
to deny
andOR
logDISTRIBUTION
unauthorized attempts
NOT FOR SALE• OR
DISTRIBUTION
NOT FOR
SALE
against services and ports running on the system
• Secure processes running on the system by using and configuring SELinux to help
perform more in-depth layered security
• Verify configurations
of the settings
applied
by connecting to the Linux
server &
using
SSH Learning, LL
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett
and connect
to
other
services
running
on
a
Linux
server
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
Tools and Software
The
following
softwareLearning,
and/or utilities
this lab.&Students
encouraged
© Jones
& Bartlett
LLCare required to complete
© Jones
Bartlettare
Learning,
LLC
to
explore
the
Internet
to
learn
more
about
the
products
and
tools
used
in
this
lab.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
•
None
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
104 | Lab #6 Hardening Security by Controlling Access
© Jones & Bartlett Learning, LLC
Deliverables
NOT FOR SALE
OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Upon completion of this lab, you are required to provide the following deliverables to your
instructor:
© Jones
& Bartlett
Learning,
LLC
& Bartlett
1. Lab Report
file including
screen
captures of
the following steps: Part©1,Jones
Steps 14
and 16; Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT18;
FOR
DISTRIBUTION
Part 2, Step
PartSALE
3, StepsOR
3, 5,
and 16;
2. Lab Assessments file;
3. Optional: Challenge Questions file, if assigned by your instructor.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
105
© Jones & Bartlett Learning, LLC
Hands-On
Steps
NOT FOR SALE
OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
uNote:
This lab contains detailed lab procedures, which you should follow as written. Frequently performed tasks
are explained in the
Common&Lab
Tasks document
on the
vWorkstation desktop. You
should review
these Learning, LL
© Jones
Bartlett
Learning,
LLC
© Jones
& Bartlett
tasks before starting the lab.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
1. From the vWorkstation desktop, open the Common Lab Tasks file.
If you desire, use the File Transfer button to transfer the file to your local computer and
© Jones
LLC
© Jones & Bartlett Learning, LLC
print&aBartlett
copy for Learning,
your reference.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
FigureLLC
1 “Student Landing” vWorkstation
© Jones & Bartlett Learning,
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
2. On your local computer, create the lab deliverable files.
3. Review the Lab Assessment Worksheet at the end of this lab. You will find answers to
these questions as you proceed through the lab steps.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Part OR
1: Harden
the Linux-based IP Firewall
uNote:
In the next steps, you will harden security measures for the Linux host-based IP firewall by configuring
© Jones
Bartlett
Learning,
© Jones
& Bartlett
Learning, LL
stringent permit and
deny rule&sets.
You will
append theLLC
INPUT, OUTPUT, and FORWARD
chains
to
FOR SALE
OR DISTRIBUT
NOT
FOR
SALE
OR and
DISTRIBUTION
permit HTTP, ICMP
Ping,
and SSH
access
deny all other access. You can viewNOT
the network
port
information of your IPtables by using the –v (verbose) switch. For example, iptables –L –v will list the rules
and port information.
1. Double-click
theLearning,
RDP folder LLC
on the vWorkstation desktop
to open
folder.Learning, LLC
© Jones
& Bartlett
© Jones
& the
Bartlett
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
106 | Lab #6 Hardening Security by Controlling Access
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
2.
Double-click
the
TargetCentOS01.rdp
file
to start
a remote
connection to that
NOT
FOR
SALE desktop
OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
machine.
The remote GNOME desktop, the graphical user interface (GUI) for the virtual Linux
server, opens with the IP address of the remote machine (172.30.0.21) in the title bar at
© the
Jones
& Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
the top of
window.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
3. Double-click the Terminal icon on the GNOME desktop to open the terminal emulator and
access the Linux server command line.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Figure 2 GNOME desktop
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
4. At the command prompt, type sudo /sbin/iptables -L and press Enter to list the current
host-based firewall rules.
5. When
prompted
andBartlett
press Enter.
© Jones & Bartlett
Learning,
LLCfor a password, type pass=7890
© Jones &
Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
The system returns a list of the existing INPUT, OUTPUT, and FORWARD chains
indicating that there are no firewall rules set for any of them.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
107
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 3 Existing INPUT, OUTPUT and FORWARD chains
6. At the command prompt, type sudo /sbin/iptables -I (capital i) INPUT -m state --state
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
ESTABLISHED,RELATED -j ACCEPT and press Enter to add a new firewall rule that allows
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
INPUT chains to the firewall rules and allow established connections.
7. At the command prompt, type sudo /sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT and
press Enter to add a new firewall rule that allows INPUT chains to the firewall rules and
© Jones
& Bartlett
Learning,
© Jones & Bartlett Learning, LLC
allow
http (Web)
access. LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
8. At the command prompt, type sudo /sbin/iptables -A INPUT -p tcp --dport 443 -j ACCEPT
and press Enter to add a new firewall rule that allows INPUT chains to the firewall rules
and allow https (SSL) access.
© Jones & Bartlett
Learning,
LLCprompt, type sudo /sbin/iptables
© Jones &-ABartlett
9. At
the command
INPUT -pLearning,
tcp --dport LLC
22 -j ACCEPT and
NOT FOR SALE OR
DISTRIBUTION
FOR INPUT
SALE OR
DISTRIBUTION
press
Enter to add a new firewall rule NOT
that allows
chains
to the firewall rules and
allow secure shell (SSH) connections.
10. At the command prompt, type sudo /sbin/iptables -A INPUT -p icmp -j ACCEPT and press
Enter to ©
addJones
a new &
firewall
ruleLearning,
that allowsLLC
INPUT chains to the firewall
rules &
andBartlett
allow Learning, LL
Bartlett
© Jones
ICMP pings.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
11. At the command prompt, type sudo /sbin/iptables -A INPUT -p all -j DROP and press Enter
to add a new firewall rule that denies all other traffic from the INPUT chains.
12. At the
command
prompt, type
sudo /sbin/service iptables
save and
press Enter
to save the
© Jones
& Bartlett
Learning,
LLC
© Jones
& Bartlett
Learning,
LLC
rule set
you OR
just created.
NOT FOR
SALE
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
The system returns OK flag indicating that the rules have been saved.
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
108 | Lab #6 Hardening Security by Controlling Access
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
13.
Make
a
screen
capture
of
the
terminal
window
showing
results
of the iptables save
NOT FOR
SALEthe
OR
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
command and paste it into a new text document.
14. At the command prompt, type sudo /sbin/iptables -L and press Enter to list the newly
saved firewall rules. The system returns a list of the existing INPUT, OUTPUT, and
© Jones
Bartlett the
Learning,
LLCrules you created in this
© Jones
FORWARD
chains&including
new firewall
lab. & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 4 New firewall rules for the INPUT chain
15. Make a screen capture showing the output of the iptables -L command and paste it into the
© Jones & BartlettLab
Learning,
LLC
© Jones & Bartlett Learning, LLC
Report file.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Part 2: Configure TCP Wrappers
uNote:
Jones
& Bartlett
© Jones
& Bartlett
In the next steps,©you
will harden
securityLearning,
measures onLLC
this server by configuring the
TCP Wrappers
to Learning, LL
FORthe
SALE OR DISTRIBUT
FORattempts
SALE OR
deny and log allNOT
connection
from DISTRIBUTION
a particular domain (.hackers.com). YouNOT
will modify
hosts.deny configuration file to deny access to the .hackers.com domain and then you will modify the
hosts file to enable to the TargetCent0S server to appear to other servers as if it is coming from the
.hackers.com domain. Finally, you will attempt to establish an SSH connection to verify your changes to
©the
Jones
& Bartlett
Learning, LLC
© Jones & Bartlett Learning, LLC
hosts.deny
file.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
1. At the command prompt, type su -c ꞌvi /etc/hosts.denyꞌ and press Enter to open the
hosts.deny configuration file in the vi Editor.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
109
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
2.
When
prompted,
type
P@ssw0rd!,
the
root password,
and OR
press
Enter to create the new
NOT
FOR SALE
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
account.
uNote:
You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
3. Press the i key to enter the Insert mode.
4. Use the arrow keys to locate the last # line in the file, delete the # symbol from the
beginning
of theLearning,
line and type
ALL : .hackers.com:severity
emerg&toBartlett
create a Learning,
new line. LLC
© Jones
& Bartlett
LLC
© Jones
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
© the
Jones
& Bartlett
Figure 5 Modify
hosts.deny
file Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
5. Press the Esc key to exit the Insert mode.
6. Type :wq! and press Enter to save your changes and exit the vi Editor.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
uNote:
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
The /etc/hosts file keeps a map of IP addresses and aliases of any computers with which it communicates.
In the next steps, you will first identify the IP address for the TargetCentOS machine and then you will
modify the /etc/hosts file to map that IP address with the .hackers.com domain that you denied in the
previous steps.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
7. At the command prompt, type /sbin/ifconfig eth0 and press Enter to find the IP address
(inet addr) for the eth0 server.
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
110 | Lab #6 Hardening Security by Controlling Access
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
8.
In
the
Lab
Report
file,
document
the
IP
address
(inet
addr)
you
find in the eth0 section.
NOT
FOR
SALE
OR
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
You will need it in a later step.
9. At the command prompt, type su -c ꞌvi /etc/hostsꞌ and press Enter to open the hosts file in
the vi Editor.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
10. When prompted,
type
P@ssw0rd!,
the root password, and press Enter.
NOT FOR SALE OR DISTRIBUT
NOT FOR
SALE
OR DISTRIBUTION
uNote:
You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this
lab,
please use
the CAPSLearning,
LOCK buttonLLC
or the On-Screen Keyboard©toJones
input the&password.
© Jones
& Bartlett
Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
11. Press the i key to enter the Insert mode.
NOT FOR SALE OR DISTRIBUTION
12. Use the arrow keys to locate the IP address you documented in step 8, move the cursor
immediately after that IP address, and type yourname.hackers.com, replacing yourname
© Jones & Bartlettwith
Learning,
LLC
© hostname
Jones & for
Bartlett
your own
name, to specify the first
this IPLearning,
address. LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
This change will allow the TargetCentOS01 machine to emulate a computer (with your
own name) from the restricted hackers.com domain.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 6 Modify the hosts file
13. Press
the EscLLC
key to exit the Insert mode.
© Jones & Bartlett
Learning,
© Jones & Bartlett Learning, LLC
NOT FOR SALE14.
OR
DISTRIBUTION
FOR
SALE
ORviDISTRIBUTION
Type
:wq! and press Enter to save yourNOT
changes
and
exit the
Editor.
15. At the command prompt, type sudo /sbin/service sshd status and press Enter to verify
that the SSH service is running.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
16. When prompted
for
a
password,
type
pass=7890
and
press
Enter.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
The system will return a message indicating that the service is running.
• If the service is running, skip to the next step.
© Jones
Learning,
LLC flag indicating that ©
Learning,
• &
If Bartlett
the system
returns a Failed
theJones
service&isBartlett
not running,
repeat LLC
15 OR
and DISTRIBUTION
16 until you receive an OK flag indicating
that the
service
running.
NOT FORsteps
SALE
NOT FOR
SALE
ORisDISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
111
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
17.
At
the
command
prompt,
type
ssh
centos
and
press
EnterOR
to attempt
an SSH connection
NOT
FOR
SALE
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
from the host address that you just entered in the hosts file.
The system will return a refused connect message indicating that yourname.hackers.com
is being denied access.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT FOR
SALE
OR
DISTRIBUTION
Figure 7 Attempt to connect as yourname.hackers.com NOT FOR SALE OR DISTRIBUT
18. Make a screen capture showing the hosts.deny file’s output in response to your attempt to
connect and paste it into the Lab Report file.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT
FOR
SALE
OR
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Part 3: Modifiy the SELinux Configuration File
uNote:
In the next steps, you will harden security measures on this server by verifying that the SELinux
© Jones & Bartlett
Learning,
LLC
Jones
Bartlett
Learning,
LLC security
configuration
file (selinux/config)
is set to enforcing©mode
upon&boot
or reboot
to ensure layered
solutions.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
When first installed, SELinux has three possible modes.
• Permissive mode will log system access or alert, but not enforce any policies.
• Disable mode
indicates
that SELinux
isn’t running
© Jones
& Bartlett
Learning,
LLCor logging.
© Jones & Bartlett Learning, LL
• EnforcingNOT
mode
will
block
access
as
defined
in
the
policy.
NOT FOR SALE OR DISTRIBUT
FOR SALE OR DISTRIBUTION
You also will modify the Boolean settings for the Web server to allow the http server to send email and
make use of an NFS share.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
1. FOR
At the
command
prompt, type cat /etc/selinux/config and
press
to display
the
NOT
SALE
OR DISTRIBUTION
NOT
FOREnter
SALE
OR DISTRIBUTION
SELinux configuration file.
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
112 | Lab #6 Hardening Security by Controlling Access
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
2.
Use
the
arrow
keys
to
locate
the
SELINUX=
to verify
that it is set to enforcing
NOTcommand
FOR SALE
OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
mode.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 8 Review the selinux/config file
3. Make a screen capture showing the SELinux mode from the config file and paste it into the
Lab Report
file. & Bartlett Learning, LLC
© Jones
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
4. At the command prompt, type /usr/sbin/sestatus and press Enter to check the current
mode for the SELinux status.
In the output results, the current mode and mode from the config file both should be set to
© Jones
& Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
enforcing.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
9 SELinux status
NOT FOR SALE ORFigure
DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
5. Make a screen capture showing the SELinux status output and paste it into the Lab Report
file.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
6. At the command prompt, type sudo /sbin/service httpd status and press Enter to check the
NOT FOR
SALE
OR
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
status of httpd service.
7. When prompted for a password, type pass=7890 and press Enter.
system returns
that the&httpd
service
is stopped.LLC
© Jones & BartlettThe
Learning,
LLC a message indicating
© Jones
Bartlett
Learning,
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
113
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
8.
At
the
command
prompt,
type
sudo
/sbin/service
start
and
press Enter to start the
NOT FORhttpd
SALE
OR
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
httpd (Web) service.
The system will return an OK flag indicating that the service is running.
9. At the command
type ps
-ZC httpdLLC
and press Enter to view the
SELinux
to Learning, LL
© Jonesprompt,
& Bartlett
Learning,
© Jones
& setting
Bartlett
see which
WebFOR
processes
currently
protected.
NOT FOR SALE OR DISTRIBUT
NOT
SALEare
OR
DISTRIBUTION
The system returns a list of processes under the label unconfined_u:system_r:httpd_t.
10. At the command prompt, type /usr/sbin/getsebool -a | grep http and press Enter to view
© Jones
& Bartlett
Learning,
© Jones & Bartlett Learning, LLC
the Boolean
settings
for the LLC
Web server type.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
The system returns a list of settings for this type, including the following settings that you
will modify during the next steps of this lab.
• httpd_can_sendmail - -> off (prohibits the Web server from sending email)
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
• httpd_use_nfs - -> off (prohibits the Web server from connecting to a remote NFS
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
share)
11. At the command prompt, type su -c ꞌ/usr/sbin/setsebool -P httpd_can_sendmail 1ꞌ and
press Enter to change the settings to allow the Web server to send mail.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
12. When prompted,
type
P@ssw0rd!,
the root password, and press Enter.
NOT FOR SALE OR DISTRIBUT
NOT FOR
SALE
OR DISTRIBUTION
This command may take a few moments to re-label. Do not press any keys until the
command prompt returns.
©
Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
uNote:
NOT
FOR
SALE
OR
DISTRIBUTION
NOTthe
FOR
ORtoDISTRIBUTION
You are required to enter a mixed-case password. If you are not using
CitrixSALE
Receiver
access this
lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password.
13. At the command prompt, type su -c ꞌ/usr/sbin/setsebool -P httpd_use_nfs 1ꞌ and press
© Jones & BartlettEnter
Learning,
LLC
© Web
Jones
& Bartlett
Learning,
LLC
to change
the settings to allow the
server
to connect
to a remote
NFS share.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
14. When prompted, type P@ssw0rd!, the root password, and press Enter.
This command may take a few moments to relabel. Do not press any keys until the
command prompt returns.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
uNote:
You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this
lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
114 | Lab #6 Hardening Security by Controlling Access
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 10 Modify the Web server settings
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
15. At the command prompt, type /usr/sbin/getsebool -a | grep http and press Enter to view
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
the Boolean settings for the Web server type after having made the edits in the previous
steps.
The system returns a list of settings for this type, including the following settings that you
© Jones
Bartlett
Learning,
LLC
© Jones & Bartlett Learning, LLC
have&already
modified
during
this lab.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
• httpd_can_sendmail - -> on (allows the Web server from sending email)
• httpd_use_nfs - -> on (allows the Web server from connecting to a remote NFS share)
If your results do not match this list, repeat steps 11-15 until they do.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
115
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 11 Modified Web server settings
16. Make a screen
capture
showingLearning,
your changes
to the Boolean settings©forJones
the Web
© Jones
& Bartlett
LLC
& server
Bartlett Learning, LL
type andNOT
pasteFOR
it intoSALE
the Lab
Report
file.
NOT FOR SALE OR DISTRIBUT
OR DISTRIBUTION
17. Close the remote Linux connection.
18. Close the virtual lab, or proceed with Part 4 to answer the challenge question for this lab.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
116 | Lab #6 Hardening Security by Controlling Access
© Jones & Bartlett Learning, LLC
Part OR
4: Challenge
Question
NOT FOR SALE
DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
uNote:
The following challenge question is provided to allow independent, unguided work, similar to what you will
encounter in a real
You
should aim
to improveLLC
your skills by getting the correct
answer&inBartlett
as few Learning, LL
©situation.
Jones &
Bartlett
Learning,
© Jones
steps as possible. Use screen captures in your lab document where possible to illustrate your answers.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
1. From your local computer with Internet access, research SELinux Access control to find
the three forms of access control and their definitions. Record your findings in the
Challenge Questions file. Don’t forget to cite your references.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR
SALE
ORunique
DISTRIBUTION
FOR SALE
OR DISTRIBUTION
(Answers
will be
to each student, but should includeNOT
the following
three forms
of SELinux
access control.)
• Type Enforcement (TE): Type Enforcement is the primary mechanism of access control
used in the targeted policy
© Jones & Bartlett Learning,
LLC Access Control (RBAC):
© Jones
Bartlett
Learning,
LLC
• Role-Based
Based&around
SELinux
users (not
necessarily the
same as the Linux user), but not used
the default
targeted
policy
NOT FOR SALE OR DISTRIBUTION
NOTin FOR
SALE
OR DISTRIBUTION
• Multi-Level Security (MLS): Not commonly used and often hidden in the
default targeted policy.
uNote:
© Jones & Bartlett Learning, LLC
This completes the
lab. FOR
Close SALE
the virtual
if you have not already done so.
NOT
ORlab,
DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
117
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Evaluation
Criteria
and
Rubrics
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
The following are the evaluation criteria for this lab that students must perform:
1. Review current internal host-based firewall parameters and configuration settings to
© Jones
Bartlett
Learning, LLC– [20%]
verify allowed
and&denied
IP communications
© Jones & Bartlett Learning, LL
NOT FOR
SALE OR DISTRIBUT
NOT
FOR SALE
OR DISTRIBUTION
2. Configure
an internal
host-based
firewall using IPtables and create stringent
allow/deny
rules for services that may require access to the system over the network – [20%]
3. Harden the system by enabling TCP Wrappers to deny and log unauthorized attempts
against services and ports running on the system – [20%]
4. Secure
processes
running onLLC
the system by using and©configuring
to help
© Jones
& Bartlett
Learning,
Jones & SELinux
Bartlett Learning,
LLC
perform
moreOR
in-depth
layered security – [20%]
NOT FOR
SALE
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
5. Verify configurations of the settings applied by connecting to the Linux server using SSH
and connect to other services running on a Linux server – [20%]
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
118 | Lab #6 Hardening Security by Controlling Access
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Lab
#6
–
Assessment
Worksheet
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Hardening Security by Controlling Access
Course Name and Number: _____________________________________________________
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT
FOR
SALE
OR
DISTRIBUTION
Student Name: ________________________________________________________________
Instructor Name: ______________________________________________________________
© Jones
& Bartlett
Learning, LLC
© Jones & Bartlett Learning, LLC
Lab
Due Date:
________________________________________________________________
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Overview
In this lab, you first reviewed current host-based IP firewall services, flushed the current firewall
configuration,
and then
permit/deny
sets. YouLLC
also configured
© Jones & Bartlett
Learning,
LLCreconfigured it with stringent
© Jones
& Bartlettrule
Learning,
TCP OR
Wrappers
for unauthorized access controls
andFOR
logging.
Finally,
you configured SELinux
NOT FOR SALE
DISTRIBUTION
NOT
SALE
OR DISTRIBUTION
for an additional layer of security.
Lab Assessment Questions & Answers
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
1. SupposeNOT
the domain
hackers.com
is denied for all services in the hosts.deny,
butSALE OR DISTRIBUT
NOT FOR
FOR SALE
OR DISTRIBUTION
the hosts.allow file has the rule ALL:ALL. Will TCP Wrappers allow
hackers.com access?
Introduction. Yes. TCP Wrappers reads the hosts.allow (/etc/hosts) file before reading the
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
hosts.deny file. Therefore, if a match is found in the hosts.allow before it reads the
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
hosts.deny rule, the allow rule will be processed.
2. What is the command to check the SELinux status? How can you be sure that
SELinux is in enforcing mode?
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Part
3,
Step
4.
/usr/sbin/sestatus.
In
the
output
results,SALE
the current
and mode from
NOT FOR SALE OR DISTRIBUTION
NOT FOR
OR mode
DISTRIBUTION
the config file both should be set to enforcing.
3. What are three modes of SELinux? Explain their basic functionality.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
Note introducing Part 3.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
• Permissive mode will log system access or alert, but not enforce any policies.
• Disable mode indicates that SELinux isn’t running or logging.
• Enforcing mode will block access as defined in the policy.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
119
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
4.
Based
on
your
understanding
of
the
IPtables
rules SALE
you established
in Part 1 of this
NOT FOR
OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
lab, what command would you type to drop any Telnet (port 23) connection
attempts?
Part 1. sudo /sbin/iptables – A INPUT – dport 23 –j DROP
Jones
& Bartlettof
Learning,
LLC
Jones
& Bartlett Learning, LL
5. Based on©your
understanding
the IPtables
rules you established in©Part
1 of this
NOT
FOR
SALE OR DISTRIBUT
NOT
FOR
SALE
OR
DISTRIBUTION
lab, what command would you type to allow traffic on the lookback (lo)?
Part 1. sudo /sbin/iptables –I INPUT 1 –I lo –j ACCEPT
6. What
would
you useLLC
to view the network port ©
configuration
for the Learning, LLC
© Jones
& switch
Bartlett
Learning,
Jones & Bartlett
IPtables?
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Note introducing Part 1. You can view the network port information of your IPtables by
using the –v (verbose) switch. For example, iptables –L –v will list the rules and port
information.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE7.OR
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
What is the purpose of the /etc/hosts file?
Note following Part 2, Step 6. The /etc/hosts file keeps a map of IP addresses and aliases
of any computers with which it communicates.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
8. Is the order
of FOR
the rules
in the
important?
NOT FOR SALE OR DISTRIBUT
NOT
SALE
ORIPtables
DISTRIBUTION
Introduction. Yes. The first match found in the chain will be processed, so it is important
where you place rules. Best practice recommends a default policy to first refuse (DROP)
all packets
and add
specific rules
to allow (ACCEPT) acceptable
packets.
© Jones
& Bartlett
Learning,
LLC
© Jones
& Bartlett Learning, LLC
NOT
SALE
OR DISTRIBUTION
NOT
FOR
OR DISTRIBUTION
9. FOR
If either
the hosts.deny
or the hosts.allow file does not
exist,
whatSALE
happens?
Introduction. Should the rule not exist in either file or the file is not present, the request is
automatically permitted.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Lab #7 Hardening Security for the Linux Kernel
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
Introduction
This lab is an extension of the previous labs and it incorporates security hardening for the Linux
kernel
with&security
parameters.
The
kernel is the core, or base
component,
of the operating
© Jones
Bartlett
Learning,
LLC
© Jones
& Bartlett
Learning, LLC
system
(OS)
and
consists
of
program
code
that
runs
and
manages
all
other
code
and resources.
It
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR
DISTRIBUTION
is important to protect the system kernel from vulnerabilities and potential attacks by applying
hardened security measures at a kernel level.
The sysctl.conf file is a simple, human-readable file that contains values used by the system upon
© Jones & Bartlett
LLC
© Jones
Bartlett the
Learning,
LLC in this file
bootup. Learning,
A security administrator
should understand
that &
modifying
values defined
NOT FOR SALE
OR
DISTRIBUTION
NOT
FOR
SALE
OR
DISTRIBUTION
can help tune the kernel against many forms of attacks. Further, system hardening can also be
performed by going through the system and removing any system modules that are unnecessary
for the performance expected of the server.
Often, changes at
kernel
require
a systemLLC
reboot to take effect, which
means &
that
© the
Jones
& level
Bartlett
Learning,
© Jones
Bartlett Learning, LL
security demands
may
conflict
with
a
service
level
agreement.
In
these
cases,
it
is
necessary
to OR DISTRIBUT
NOT FOR SALE
NOT FOR SALE OR DISTRIBUTION
tune the kernel while it is already up and running. The sysctl command enables a security
administrator to configure a setting or parameter dynamically on the system.
In this lab, you will view and tune all kernel parameters and discover information regarding the
© Jones
& Bartlett
Learning,
LLC and about the kernel
© Jones
& Bartlett
Learning,
current
Loadable
Kernel
Modules (LKMs)
itself. You
will explore
the LLC
NOT
FOR
SALE
OR
DISTRIBUTION
NOT
FOR
SALE
OR
DISTRIBUTION
sysctl.conf file and make modifications to system settings. Finally, you also will enable and
interpret the results of the lsmod command.
This lab has four parts, which should be completed in the order specified. There is no challenge
questionLearning,
for this lab.LLC
© Jones & Bartlett
© Jones & Bartlett Learning, LLC
NOT FOR SALE1.OR
NOT
FOR
SALE
ORsetting
DISTRIBUTION
InDISTRIBUTION
the first part of the lab, you will look
at the
current
kernel
and persistent setting
for syncookies. You will also modify and then restore the current running setting.
2. In the second part of the lab, you will use to the sysctl command to set the maximum
simultaneous
files a&user
can open.
© Jones
Bartlett
Learning, LLC
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
3. In the third part of the lab, you will explore various system kernel settings related to the
processes, filesystems, and modules.
4. In the fourth part of the lab, you will add and then remove a kernel module.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
120
121
© Jones & Bartlett Learning, LLC
Learning
Objectives
NOT FOR SALE
OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Upon completing this lab, you will be able to:
Review and tune the kernel parameters on a CentOS Linux Server for security and
© Jones
& Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
monitoring
purposes
NOT
FORthe
SALE
OR DISTRIBUT
NOT
FOR
SALE
OR
DISTRIBUTION
• Produce kernel versions and loaded options for a better understanding
of how
system
is configured and to identify potential security vulnerabilities in the CentOS Linux Server
• Examine the /etc/sysctl.conf file and adjust tcp_sysncookies settings to configure secure
options for users on a CentOS Linux Server
© Jones
& Bartlett
Learning,
LLC
© Jones
& Bartlett
• Review
and assess
the Loaded
Kernel Modules (LKMs)
of the target
Linux Learning,
system and LLC
NOT FOR
SALE
OR
DISTRIBUTION
NOT
FOR
SALE
OR
provide recommendations on the output and current running configuration DISTRIBUTION
• Use and interpret the lsmod command output and perform security hardening
configurations on the CentOS Linux Server
•
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Tools and Software
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
The following software and/or utilities are required to complete this lab. Students are encouraged
to explore the Internet to learn more about the products and tools used in this lab.
•
None
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
122 | Lab #7 Hardening Security for the Linux Kernel
© Jones & Bartlett Learning, LLC
Deliverables
NOT FOR SALE
OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Upon completion of this lab, you are required to provide the following deliverables to your
instructor:
© Jones
& Bartlett
Learning,
LLC
Bartlett
1. Lab Report
file including
screen
captures of
the following steps: Part©1,Jones
Steps 9&and
15; Learning, LL
NOT3;FOR
Part 2, Step
Part 3,SALE
Steps OR
2, 4,DISTRIBUTION
6, 8, and 10; Part 4, Steps 2 and 6; NOT FOR SALE OR DISTRIBUT
2. Lab Assessments file.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
123
© Jones & Bartlett Learning, LLC
Hands-On
Steps
NOT FOR SALE
OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
uNote:
This lab contains detailed lab procedures, which you should follow as written. Frequently performed tasks
are explained in the
Common&Lab
Tasks document
on the
vWorkstation desktop. You
should review
these Learning, LL
© Jones
Bartlett
Learning,
LLC
© Jones
& Bartlett
tasks before starting the lab.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
1. From the vWorkstation desktop, open the Common Lab Tasks file.
If you desire, use the File Transfer button to transfer the file to your local computer and
© Jones
LLC
© Jones & Bartlett Learning, LLC
print&aBartlett
copy for Learning,
your reference.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
FigureLLC
1 “Student Landing” vWorkstation
© Jones & Bartlett Learning,
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
2. On your local computer, create the lab deliverable files.
3. Review the Lab Assessment Worksheet at the end of this lab. You will find answers to
these questions as you proceed through the lab steps.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Part OR
1: Enable
SYN Cookies
uNote:
To establish a connection, TCP uses a three-way handshake to communicate: SYN (the client requests
© Jones
& server
Bartlett
Learning,
Jones & Bartlett
Learning, LL
a connection), SYN-ACK
(the
acknowledges
theLLC
client), and ACK (the client©acknowledges
the
NOT
FOR
SALE
OR DISTRIBUTION
server). In a SYNNOT
floodFOR
attack,SALE
the attacker
sends multiple SYN requests, but spoofs
the IP
address
in OR DISTRIBUT
the SYN packet so that the server cannot send a SYN-ACK reply and the connections cannot be closed.
Handling these fake requests can tie up server resources and deny service to legitimate users. SYN
cookies are the key element of a technique used to guard against SYN flood denial-of-service attacks.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
In the FOR
next steps,
youOR
will DISTRIBUTION
confirm that the net.ipv4.tcp_syncookiesNOT
are enabled
by viewing
system
NOT
SALE
FOR SALE
ORthe
DISTRIBUTION
control configuration (sysctl.conf) file. You will also change current running kernel parameters on the
system.
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
124 | Lab #7 Hardening Security for the Linux Kernel
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
1. Double-click the RDP icon on the desktop. This folder contains links to the virtual servers
in this lab environment.
2. Double-click the TargetCentOS01.rdp file to open the Linux server.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
The remote
GNOME
desktop,
graphical user interface (GUI) forNOT
the virtual
FOR Linux
SALE OR DISTRIBUT
NOT
FOR SALE
ORthe
DISTRIBUTION
server, opens with the IP address of the remote machine (172.30.0.21) in the title bar at
the top of the window.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Figure 2 GNOME desktop
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
3. Double-click the Terminal icon on the GNOME desktop to open the terminal emulator and
access the Linux server command line.
4. At
the command
and press
Enter toLLC
view the
© Jones & Bartlett
Learning,
LLCprompt, type cat /etc/sysctl.conf
© Jones &| less
Bartlett
Learning,
current
settings for the running kernel.NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR
DISTRIBUTION
The system returns a list of the preset configuration. Use the arrow keys to review these
settings.
© Jones
Learning,
LLC
© Jones
& Bartlett Learning, LL
5. Use the arrow
keys&toBartlett
locate the
net.ipv4.tcp_syncookies
= 1 line in the
file.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
A value of 1 indicates that syncookies is enabled. If it was set to 0, disabled, the server
would be vulnerable to SYN flood attacks. An edit to this file will not cause the setting to
take effect until the next time the server is rebooted.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
125
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 3 Verify tcp_syncookies is enabled
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
FOR SALE
OR DISTRIBUT
NOT
FOR
SALE
OR
DISTRIBUTION
6. Make a screen capture showing the current syncookies setting in the NOT
sysctrl.conf
and paste
it into the Lab Report file.
7. Type q to exit the current view and return to the command prompt.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
8. At the command prompt, type cat /proc/sys/net/ipv4/tcp_syncookies and press Enter to
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
view the current running kernel parameters.
Again, the system returns a value of 1, indicating that syncookies is enabled.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
126 | Lab #7 Hardening Security for the Linux Kernel
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
uNote:
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 4 Verify syncookies is enabled
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
In the next steps, you will verify that tcp_syncookies is enabled. You will practice making a dynamic
change to the kernel without waiting for a system reboot by first disabling, and then re-enabling, this option.
Because you are not rebooting the server at this time, the change will be temporary. The file will revert to
© original
Jonessetting
& Bartlett
Learning,
LLCreboot. If you wanted to©make
Jones
& Bartlett
Learning,
LLC
its
(enabled)
upon a system
a permanent
setting
change, you
NOT
FOR
SALE
OR
DISTRIBUTION
NOT
FOR
SALE
OR
DISTRIBUTION
would open the /etc/sysctl.conf file with a file editor such as vi Editor, edit the setting, and then reboot the
server.
9. At the command prompt, type su -c ' echo "0" > /proc/sys/net/ipv4/tcp_syncookies ' and
Enter toLLC
change the kernel settings
for syncookies
without
waiting LLC
for a reboot.
© Jones & Bartlettpress
Learning,
© Jones
& Bartlett
Learning,
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
The setting will revert to what is in the sysctl.conf file if the system were rebooted.
10. When prompted, type P@ssw0rd!, the root password, and press Enter.
uNote:
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT to
FOR
SALE
SALE OR
DISTRIBUTION
You are required NOT
to enterFOR
a mixed-case
password.
If you are not using the Citrix Receiver
access
this OR DISTRIBUT
lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password.
11. At the command prompt, type cat /proc/sys/net/ipv4/tcp_syncookies and press Enter to
verify
the current
kernel parameters
are disabled. © Jones & Bartlett Learning, LLC
© Jones
& Bartlett
Learning,
LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
12. Make a screen capture showing the current running kernel syncookies setting and paste it
into the Lab Report file.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
127
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
13.
At
the
command
prompt,
type
su
-c
'
echo
> /proc/sys/net/ipv4/tcp_syncookies
NOT"1"
FOR
SALE OR DISTRIBUTION ' and
NOT FOR SALE OR DISTRIBUTION
press Enter to change the kernel settings for syncookies without waiting for a reboot.
The above command turns syncookies on. The setting will revert to what is in the
sysctl.conf file if the system were rebooted.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
14. When prompted,
type
P@ssw0rd!,
the root password, and press Enter.
NOT FOR SALE OR DISTRIBUT
NOT FOR
SALE
OR DISTRIBUTION
uNote:
You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this
lab,
please use
the CAPSLearning,
LOCK buttonLLC
or the On-Screen Keyboard©toJones
input the&password.
© Jones
& Bartlett
Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Part 2: Change System Parameters
uNote:Learning, LLC
© Jones & Bartlett
© Jones & Bartlett Learning, LLC
Another
type of attack is when a hacker gains
level
accessOR
to aDISTRIBUTION
system and forces that
NOT FOR SALE
ORcommon
DISTRIBUTION
NOTuser
FOR
SALE
user account to endlessly create or open files until the server runs out of resources. In the next steps,
you will use the sysctl command to change the maximum number of files users can open simultaneously.
This security measure can limit the amount of the server’s resources a user account can consume.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
FOR SALE OR DISTRIBUT
NOT
FOR
SALE
OR
DISTRIBUTION
1. At the command prompt, type /sbin/sysctl -a | less and press Enter toNOT
all available
parameters for the running kernel.
The system returns a list of the available kernel parameters. Piping the output into the less
program
allowsLearning,
you to viewLLC
the output using the arrow
keys to move
forward
and
© Jones
& Bartlett
© Jones
& Bartlett
Learning,
LLC
backward
with
file.
NOT FOR
SALE
ORthe
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
2. Use the arrow keys to locate the fs.file-max line in the resulting list.
3. Make a screen capture showing the current fs.file-max setting and paste it into the Lab
© Jones & BartlettReport
Learning,
© Jones & Bartlett Learning, LLC
file. LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
4. Type q to exit this view and return to the command prompt.
5. At the command prompt, type su -c ' /sbin/sysctl -w fs.file-max=100000 ' and press Enter to
change the maximum number of files the user can open at one time to 100,000.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
6. When prompted,
type
P@ssw0rd!,
the
root
password,
and
press
Enter.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
uNote:
You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this
lab,
please use
the CAPSLearning,
LOCK buttonLLC
or the On-Screen Keyboard©toJones
input the
© Jones
& Bartlett
& password.
Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
128 | Lab #7 Hardening Security for the Linux Kernel
© Jones & Bartlett Learning, LLC
Part OR
3: Explore
Kernel Settings
NOT FOR SALE
DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
uNote:
In the next steps, you will use the cat command to discover information about the processes,
filesystems, modules,
and other
details about
the current
running kernel to identify©
security-hardening
© Jones
& Bartlett
Learning,
LLC
Jones & Bartlett Learning, LL
measures.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
1. At the command prompt, type cat /proc/filesystems and press Enter to find what types of
filesystems are supported by the kernel.
© Jones
Bartlett
Learning,
LLC the filesystem is not ©
Jones &with
Bartlett
Learning,
The&nodev
(no device)
indicates
associated
a physical
device. LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
2. Make a screen capture showing the output of this command and paste it into the Lab
Report file. You may have to take multiple screen captures or expand the terminal
window to display the entire output.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 5 Output from the cat /proc/filesystems command
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
3. At the command
prompt,
type
cat
/proc/modules
and
press
Enter
to
find
what
modules
NOT
FOR
SALEthe
OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
kernel is loading.
4. Make a screen capture of this output and paste it into the Lab Report file. You may have
to take multiple screen captures to display the entire output.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT
SALE
OR DISTRIBUTION
NOTEnter
FORtoSALE
OR version
DISTRIBUTION
5. FOR
At the
command
prompt, type cat /proc/version and press
find what
of
the kernel is currently running.
6. Make a screen capture showing the output of this command and paste it into the Lab
Report file.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
129
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
7.
At
the
command
prompt,
type
cat
/proc/cpuinfo
andSALE
pressOR
Enter
to find information about
NOT FOR
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
the CPU.
8. Make a screen capture of this output and paste it into the Lab Report file. You may have
to take multiple screen captures to display the entire output.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
9. At the command
prompt,
/proc/meminfo and press Enter to find
whatSALE OR DISTRIBUT
NOTout
FOR
NOT FOR
SALEtype
ORcat
DISTRIBUTION
processes are running in memory.
10. Make a screen capture showing the output of this command and paste it into the Lab
Report file. You may have to take multiple screen captures to display the entire output.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Part 4: Secure Kernel Modules
uNote:
In the next
steps, youLLC
will harden security measures
on this server
by removing
unusedLLC
modules. First,
© Jones & Bartlett
Learning,
© Jones
& Bartlett
Learning,
you OR
will use
the lsmod command to list the modules
currently
the kernel.
You will then add a
NOT FOR SALE
DISTRIBUTION
NOT
FORloaded
SALEinOR
DISTRIBUTION
module and then remove it.
1. At the command prompt, type /sbin/lsmod and press Enter to list the loaded modules.
© Jones
© Jones
Learning, LL
The system
returns&a Bartlett
list of all Learning,
the modulesLLC
currently loaded in the kernel.
A0&
in Bartlett
the
NOT
FOR
SALE
OR
DISTRIBUT
NOT
FOR
SALE
OR
DISTRIBUTION
Used by column indicates that the loaded module is not in use.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
Figure 6 Output from the lsmod command
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
2. FOR
MakeSALE
a screen
capture
showing the output of this command
and paste
it into
Lab
NOT
OR
DISTRIBUTION
NOT FOR
SALE
OR the
DISTRIBUTION
Report file. You may have to take multiple screen captures to display the entire output.
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
130 | Lab #7 Hardening Security for the Linux Kernel
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
3.
At
the
command
prompt,
type
su
-c
'
/sbin/modprobe
rfcomm
and press Enter to load the
NOT FOR SALE
OR' DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
rfcomm module.
The rfcomm module supports Bluetooth devices and is not needed on this server.
4. When prompted,
P@ssw0rd!,
the root LLC
password, and press Enter.
© Jonestype
& Bartlett
Learning,
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
uNote:
You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this
lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
5. FOR
At theSALE
command
prompt, type /sbin/lsmod | grep rfcomm
and
press
Enter OR
to list
the loaded
NOT
OR DISTRIBUTION
NOT
FOR
SALE
DISTRIBUTION
modules that include the word rfcomm.
Notice that the rfcomm module and associated modules are loaded in the running kernel.
6. Make
a screen
capture showing the output
of this &
command
paste it into
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlettand
Learning,
LLCthe Lab
Report
file.
NOT FOR SALE OR
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
7. At the command prompt, type su -c ' /sbin/modprobe -r rfcomm ' and press Enter to
remove the rfcomm module.
© Jonestype
& Bartlett
Learning,
© Jones & Bartlett Learning, LL
8. When prompted,
P@ssw0rd!,
the root LLC
password, and press Enter.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
uNote:
You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this
lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
9. FOR
At theSALE
command
prompt, type /sbin/lsmod | grep rfcomm
and
press
EnterOR
to list
the loaded
NOT
OR DISTRIBUTION
NOT
FOR
SALE
DISTRIBUTION
modules that include the word “rfcomm”.
Notice that the rfcomm module and associated modules are no longer in this list.
© Jones & Bartlett
Learning,
LLCLinux connection.
10. Close
the remote
NOT FOR SALE OR DISTRIBUTION
uNote:
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
This completes the lab. Close the virtual lab, if you have not already done so.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
131
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Evaluation
Criteria
and
Rubrics
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
The following are the evaluation criteria for this lab that students must perform:
1. Review and tune the kernel parameters on a CentOS Linux Server for security and
© Jones
& Bartlett
© Jones & Bartlett Learning, LL
monitoring
purposes
– [20%] Learning, LLC
NOT
FORthe
SALE
OR DISTRIBUT
SALE
DISTRIBUTION
2. ProduceNOT
kernelFOR
versions
andOR
loaded
options for a better understanding
of how
system
is configured and to identify potential security vulnerabilities in the CentOS Linux Server
– [20%]
3. Examine the /etc/sysctl.conf file and adjust tcp_sysncookies settings to configure secure
options
for usersLearning,
on a CentOS
Linux Server – [20%] © Jones & Bartlett Learning, LLC
© Jones
& Bartlett
LLC
4. FOR
Review
and assess
the Loaded Kernel Modules (LKMs)
of FOR
the target
Linux
and
NOT
SALE
OR DISTRIBUTION
NOT
SALE
ORsystem
DISTRIBUTION
provide recommendations on the output and current running configuration – [20%]
5. Use and interpret the lsmod command output and perform security hardening
configurations on the CentOS Linux Server – [20%]
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
132 | Lab #7 Hardening Security for the Linux Kernel
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Lab
#7
–
Assessment
Worksheet
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Hardening Security for the Linux Kernel
Course Name and Number: _____________________________________________________
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT
FOR
SALE
OR
DISTRIBUTION
Student Name: ________________________________________________________________
Instructor Name: ______________________________________________________________
© Jones
& Bartlett
Learning, LLC
© Jones & Bartlett Learning, LLC
Lab
Due Date:
________________________________________________________________
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Overview
In this lab, you viewed and tuned all kernel parameters and discovered information regarding the
current Loadable
Kernel
the&kernel
itself.
You explored
© Jones & Bartlett
Learning,
LLC Modules (LKMs) and
©about
Jones
Bartlett
Learning,
LLCthe
sysctl.conf
file and made modifications to system
Finally,
you
enabled and interpreted
NOT FOR SALE
OR DISTRIBUTION
NOTsettings.
FOR SALE
OR
DISTRIBUTION
the results of the lsmod command.
Lab Assessment Questions & Answers
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
1. What is NOT
the command
to view
current Linux kernel parameters? NOT FOR SALE OR DISTRIBUT
FOR SALE
ORthe
DISTRIBUTION
Part 1, Step 4. cat /etc/sysctl.conf | less
2. Which command can you run to list all the kernel’s available parameters one screen at
© Jones
& Bartlett
LLCforward and backward©on
Jones
& Bartlett Learning, LLC
a time
with the Learning,
ability to move
the output?
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Part 2, Step 1. /sbin/sysctl -a | less
Less is a program that allows both backward and forward movement of a given file or command.
Piping the output of the sysctl -a command will allow the user to view all the parameters
to that
command.
© Jones & Bartlettavailable
Learning,
LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
3. What is the purpose of enabling SYN cookies in the Linux kernel?
Note introducing Part 1. SYN cookies are the key element of a technique used to guard against
SYN flood denial-of-service attacks.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT FORonSALE
NOT FOR
SALE
OR DISTRIBUTION
4. If you wanted
to limit
the number
of files that a user can open simultaneously
the OR DISTRIBUT
CentOS Linux Server to a maximum of one, what is the command syntax you need to
enable in the Linux kernel?
Part&2,Bartlett
Step 5. suLearning,
-c ' /sbin/sysctl
© Jones
LLC-w fs.file-max=1 '
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
133
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
5.
What
is
the
best
way
to
make
a
systemwide
permanent
change
to the kernel to enable
NOT FOR
SALE
OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
SYN cookies?
Note following Figure 4. If you wanted to a permanent setting change, you would open the
/etc/sysctl.conf file with a file editor such as vi Editor, edit the setting, and then reboot the server.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
FORlocked
SALE OR DISTRIBUT
NOT
FOR
SALE
OR
DISTRIBUTION
6. Your boss wants you to make sure a freshly installed system is up toNOT
date and
down at the kernel level. Which command would you use to load a new module?
Which command would you use to remove an unwanted module?
© Jones
LLC <modulename> ' © Jones & Bartlett Learning, LLC
Part&4, Bartlett
Step 3. suLearning,
-c ' /sbin/modprobe
Part 3,SALE
Step 7.OR
su -c
' /sbin/modprobe -r <modulename>NOT
'
NOT FOR
DISTRIBUTION
FOR SALE OR DISTRIBUTION
7. What is the relation between sysctl.conf and the sysctl command?
Introduction. The sysctl.conf file is a simple, human-readable file that contains values used by
the system upon bootup. The sysctl command enables a security administrator to configure a
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
setting or parameter dynamically on the system.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
8. What command allows you to dynamically modify a kernel parameter without opening
the sysctl.conf file in the vi Editor?
Part 2, Step 5. su -c ' /sbin/sysctl -w <kernelparameter>' would change any parameter in the
© Jones & Bartlett Learning, LL
conf file. © Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Lab #8 Applying Best Practices for Secure
Software Management
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Introduction
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
Linux applications are usually delivered as a single archived (.tar) and zipped (.gz) file called a
tarball or a package. These packages make installations and upgrades easy because all of the
© Jones
& Bartlett
Learning,
LLC
& place.
Bartlett
Learning, LLC
required
files,
documentation,
and configuration
information©is Jones
all in one
Unfortunately,
NOT
FOR
SALE
OR
DISTRIBUTION
NOT
FOR
SALE
OR
DISTRIBUTION
hackers can easily tamper with packages by inserting malicious files or programs into
the tarball.
These malicious file can be damaging on a standalone system, but disastrous for a network
environment. For this reason, best practice for security administrators is to validate the software
packages prior to installing them on the network.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Organizations
rely on security administrators NOT
to useFOR
package
management
tools, such as RPM
NOT FOR SALE
OR DISTRIBUTION
SALE
OR DISTRIBUTION
Package Manager (RPM) and Yellowdog Updater Modified for RPM (YUM), to verify and
install packages within the Linux environment. Additional security can be assured by verifying
the integrity of tarballs by comparing the hash codes of the original file with the downloaded file.
Another tool available
to the
security administrator
is GnuPG (GPG) which©
can
used to
© Jones
& Bartlett
Learning, LLC
Jones
& verify
Bartlett Learning, LL
encryption keys used to encrypt the original package.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
This lab is an extension of the previous labs and incorporates best practices for secure software
management. In this lab, you will work with a CentOS machine and use RPM to query and
verify package files, verify a source tarball used for application integrity verification when
© Jones & Bartlett
Learning,
LLC
Bartlett to
Learning,
downloading
and installing
new applications,
and learn how ©
to Jones
create a&repository
properly LLC
NOT FOR
SALE
OR DISTRIBUTION
FOR
ORverification
DISTRIBUTION
secure
the RPN
databases.
You will also use the md5sum forNOT
hashing
andSALE
integrity
against downloaded program files. Finally, you will learn to use GPG (GnuPG) tool to view a
GPG license key to ensure downloaded software is valid.
This lab has four parts, which should be completed in the order specified.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE1.OR
NOTthe
FOR
SALE
OR Manager
DISTRIBUTION
InDISTRIBUTION
the first part of the lab, you will explore
RPM
Package
tool to query and
verify packages within a Centos virtual lab environment.
2. In the second part of the lab, you will use md5sum to check the integrity of a tarball file.
© Jones
© Jones
& Bartlett
3. In the third
part of &
theBartlett
lab, youLearning,
will use theLLC
GPG (GnuPG) tool to verify
a license
key and Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT
FOR of
SALE
OR DISTRIBUTION
ensure the
integrity
the downloaded
program.
4. Finally, if assigned by your instructor, you will explore the virtual environment on your
own to answer a challenge question that allows you to use the skills you learned in the lab
to conduct
independent,
unguided
you will
in a real- LLC
© Jones
& Bartlett
Learning,
LLC work, similar to what
© Jones
& encounter
Bartlett Learning,
worldSALE
situation.
NOT FOR
OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
134
135
© Jones & Bartlett Learning, LLC
Learning
Objectives
NOT FOR SALE
OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Upon completing this lab, you will be able to:
Query and verify all installed packages in the kernel to help evaluate what security
Jones
& Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
measures©are
necessary
NOT
FOR
SALEare
OR DISTRIBUT
NOT
FOR
SALE
OR
DISTRIBUTION
• Verify a source tarball to determine whether the integrity and contents
of the
package
what you expect before executing or installing it
• Use and leverage md5sum to verify the integrity of a downloaded software tarball
• Use GPG to view the signature of a downloaded public key
© Jones
& Bartlett
Learning,
© Jones
& Bartlett Learning,
• Configure
the rpm
databaseLLC
to add repositories securely
for the distribution
of software LLC
to
NOT FOR
SALE
OR
DISTRIBUTION
NOT
FOR
SALE
OR
DISTRIBUTION
persons who do not need access to the system directly, only to download any updates or
rpms
•
Tools and Software
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE
OR
DISTRIBUTION
NOT FOR
SALEthis
ORlab.
DISTRIBUTION
The following software and/or utilities are required
to complete
Students are encouraged
to explore the Internet to learn more about the products and tools used in this lab.
•
•
•
md5sum
Python © Jones & Bartlett Learning, LLC
RPM Package
Manager
(RPM)
NOT FOR
SALE
OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
136 | Lab #8 Applying Best Practices for Secure Software Management
© Jones & Bartlett Learning, LLC
Deliverables
NOT FOR SALE
OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Upon completion of this lab, you are required to provide the following deliverables to your
instructor:
© Jones
& Bartlett
Learning,
LLC
& 8,
Bartlett
1. Lab Report
file including
screen
captures of
the following steps: Part©1,Jones
Steps 5,
and Learning, LL
NOT
FOR
SALE
OR DISTRIBUT
NOT
FOR
SALE
OR
DISTRIBUTION
11; Part 2, Steps 5 and 7; Part 3, Steps 2 and 13;
2. Lab Assessments file;
3. Optional: Challenge Questions file, if assigned by your instructor.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
137
© Jones & Bartlett Learning, LLC
Hands-On
Steps
NOT FOR SALE
OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
uNote:
This lab contains detailed lab procedures, which you should follow as written. Frequently performed tasks
are explained in the
Common&Lab
Tasks document
on the
vWorkstation desktop. You
should review
these Learning, LL
© Jones
Bartlett
Learning,
LLC
© Jones
& Bartlett
tasks before starting the lab.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
1. From the vWorkstation desktop, open the Common Lab Tasks file.
If you desire, use the File Transfer button to transfer the file to your local computer and
© Jones
LLC
© Jones & Bartlett Learning, LLC
print&aBartlett
copy for Learning,
your reference.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
FigureLLC
1 “Student Landing” vWorkstation
© Jones & Bartlett Learning,
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
2. On your local computer, create the lab deliverable files.
3. Review the Lab Assessment Worksheet at the end of this lab. You will find answers to
these questions as you proceed through the lab steps.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE
DISTRIBUTION
NOTManager
FOR SALE OR DISTRIBUTION
Part OR
1: Explore
a Tarball with RPM Package
uNote:
In the next steps, you will explore the built-in RPM Package Manager tool found in the virtual Centos
© Jones
&operation
Bartlettmodes:
Learning,
LLC
© Jones
Bartlett Learning, LL
server. This tool has
five basic
installing,
uninstalling, upgrading, querying
and&verifying.
NOT
SALE OR DISTRIBUT
NOT
DISTRIBUTION
It is also a database
thatFOR
holds SALE
all RPMOR
package
information stored in the Linux system
andFOR
manages
package installations, re-installations, and updates. From the RPM database, users issue command line
statements to query and verify installed packages and files to help identify issues, changes, or missing files.
As a result, RPM upgrades individual components rather than the entire package, and keeps customized
settings
already
in place on
the Linux machine.
to build
their software
can
© Jones
& Bartlett
Learning,
LLC Developers who use
© RPM
Jones
& Bartlett
Learning,
LLC
ensure
the original
integrity
of the source along with the patches used,
including
the buildOR
instructions.
This,
NOT FOR
SALE
OR DISTRIBUTION
NOT
FOR SALE
DISTRIBUTION
in turn, makes for better software for end users. RPM is not foolproof, however. RPM does not
automatically install all program dependencies before installing a software package.
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
138 | Lab #8 Applying Best Practices for Secure Software Management
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
1.
Double-click
the
RDP
folder
on
the
vWorkstation
ThisDISTRIBUTION
folder contains RDP
NOT FORdesktop.
SALE OR
NOT FOR SALE OR DISTRIBUTION
connection link to CentOS virtual server in this lab environment.
2. Double-click the TargetCentOS01.rdp to connect to the remote Linux server.
The remote
GNOME
desktop, Learning,
the graphical
user interface (GUI) for©the
virtual&Linux
© Jones
& Bartlett
LLC
Jones
Bartlett Learning, LL
server, opens
IP address
of the remote machine (172.30.0.21)
in the
titleSALE
bar at OR DISTRIBUT
NOT
FOR
NOT with
FORthe
SALE
OR DISTRIBUTION
the top of the window.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
Figure 2 GNOME desktop
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT
FOR
SALE
OR
DISTRIBUTION
NOT
FORthe
SALE
OR emulator
DISTRIBUTION
3. Double-click the Terminal icon on the GNOME desktop
to open
terminal
and
access the Linux server command line.
4. At the command prompt, type rpm -ql sendmail | less and press Enter to view all files
the sendmail package.© Jones & Bartlett Learning, LLC
© Jones & Bartlettassociated
Learning,with
LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
The -ql option queries the sendmail package and displays the included files in a list. The
less command enables you to use the up and down arrows to scroll through the results.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
139
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
Figure 3 Output of the rpm -ql command
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT
OR
DISTRIBUTION
NOT
DISTRIBUTION
5. FOR
MakeSALE
a screen
capture
showing the list of sendmail files
andFOR
pasteSALE
it into OR
the Lab
Report
file. You may have to take multiple screen captures to display the entire output.
6. Type q to return to the command prompt.
© Jones & Bartlett
Learning,
LLCprompt, type rpm -qf ©
Jones
Bartlett
7. At
the command
/bin/ls
and &
press
Enter Learning,
to discover LLC
which package
NOT FOR SALE OR
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
installed
the /bin/ls executable.
The -qf switch option queries the specified path for the name of the package file.
8. Make a screen capture showing the package name and paste it into your Lab Report file.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
uNote:
In the next steps, you will identify any changes to the contents of the file that have taken place. The output
of the rpm -V appears in three columns as shown in the following figure.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
140 | Lab #8 Applying Best Practices for Secure Software Management
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 4 Output from rpm -V command
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
The first
is formatted as a string of nine characters
eachSALE
of whichOR
denotes
the result of a
NOT FOR SALE
ORcolumn
DISTRIBUTION
NOT FOR
DISTRIBUTION
comparison of one attribute of the file to the value of that attribute recorded in the RPM database. The
following table describes each flag. If a package or file can’t be found, the output will show “missing”
because the file or package was either deleted or moved, or is unreadable.
© Jones & Bartlett Learning, LLC
RPM
Flag Description
NOT FOR SALE OR
DISTRIBUTION
Flags
Description
.
Passed the test (matches the original)
?
Test could not be performed
© Jones & Bartlett Learning, LLC
S
File size changed
NOT FOR SALE OR DISTRIBUTION
M
Mode / Permissions/ File type changed
5
MD5 checksum changed
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
D
Device changed
L
Symbolic
© Jones & Bartlett Learning,
LLC link changed
© Jones & Bartlett Learning, LLC
U
User
ownership
changed
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
G
Group ownership changed
T
P
File modification time changed
Capabilities changed
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
SALE OR DISTRIBUT
NOT
The second column
will FOR
containSALE
one of OR
theseDISTRIBUTION
attribute markers identifying the type ofNOT
file in FOR
the package:
• c – configuration file
• d – documentation file
• g – ghost file, where, for example, the file contents are not included in the package payload
© Jones
& Bartlett
© Jones & Bartlett Learning, LLC
• l – license
file Learning, LLC
NOT
FOR
SALE
OR
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
• r – readme file
The third column contains the file name and path for the files included in the package.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
141
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
9.
At
the
command
prompt,
type
sudo
rpm
-V httpd
pressOR
Enter
to verify the integrity of
NOT
FORand
SALE
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
files in the installed httpd package.
10. This command requires a password, so type pass=7890 and press Enter at the command
prompt.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
This command
returns
any instances
where the content of the referenced
in SALE
this case
NOTfile,
FOR
OR DISTRIBUT
NOT FOR
SALE
OR DISTRIBUTION
the httpd file, has changed. If no changes have occurred in the file specified, there will be
no output. If the file has been changed, the output will indicate what type of change has
been made.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
11. Make a screen capture showing the results of the rpm –V command and paste it into the
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Lab Report file.
12. Use the RPM Flag Description table from the previous note to determine which type of
change has been made to the httpd.conf file and describe your findings in the Lab Report
© Jones & Bartlettfile.
Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
13. At the command prompt, type rpm -qa | less and press Enter to view a list of all currently
installed packages on the Linux computer. Use the up and down arrow keys to view the
entire list.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning,
© Jones & Bartlett Learning, LLC
FigureLLC
5 Output of the rpm -qa command
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
14. In the Lab Report file, describe the list. Did the number of file meet your expections?
15. Type q to return to the command prompt.
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
142 | Lab #8 Applying Best Practices for Secure Software Management
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Part
2:
Use
md5sum
Hashing
to
Verify
an
Installation
FileOR DISTRIBUTION
NOT
FOR SALE
NOT FOR SALE OR DISTRIBUTION
uNote:
The md5sum is an algorithm that is used to verify data integrity and authenticity using the MD5
(Message-Digest©algorithm
5) Bartlett
128-bit cryptographic
Jones &
Learning,hash.
LLCA hash is a unique, constant-length
© Jones &checksum
Bartlett Learning, LL
or signature for the data or program. The md5sum runs a comparison check to detect file changes and
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
provides a checksum that users use to see whether it matches the MD5 value signed by the trusted
organization or developer of the file/program.
This hash technique is different than encryption because it is a one-way method that doesn’t require
©
Jones
Learning,
LLC
Jonesand
& its
Bartlett
known
keys&toBartlett
encrypt and
decrypt information.
Any changes to a ©
program
files will Learning,
produce a LLC
NOT
FOR
SALE
ORIfDISTRIBUTION
NOT
SALE
DISTRIBUTION
different
md5sum
value.
there are no changes, then the Md5Sum
valueFOR
will match
theOR
md5sum
value
provided by the trusted source of the program files. Encryption, on the other hand, is a two-way function
that requires a known key or keys to encrypt and decrypt the original data. Basically, a hash verifies a file
and its integrity, and encryption contains the file and secures it with a key control that both parties must
know. Learning, LLC
© Jones & Bartlett
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
In the next steps, you will use md5sum hashing to verify the integrity of the source code for the
downloaded Python software on the Centos machine. Downloaded software is a significant security
threat that should be checked and verified to make sure that it hasn’t been tampered with before it is
installed. This portion of the lab requires access to a workstation with Internet access.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT
NOT
FOR
SALE
OR
DISTRIBUTION
1. At the command prompt, type ls /opt/software and press Enter to view
a listFOR
of allSALE
of theOR DISTRIBUT
downloaded software on this computer.
The system returns a list of downloaded software. In this case, the Python-2.7.8.tgz
software.
© Jones
& Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
2. From a workstation with Internet access, open a Web browser, such as Mozilla Firefox or
Microsoft Internet Explorer.
3. In the browser’s address box, type http://www.python.org/download/releases/2.7.8/, the
© Jones & BartlettURL
Learning,
LLC
© Jones
Bartlett
Learning,
LLC
(uniform
resource location) for the
Python &
software,
and
press Enter
to open the
Web
site.
NOT FOR SALE OR
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
4. On the Python Web site, locate the MD5 checksum for the Python 2.7.8.tgz release. You
may need to scroll down the page to find the section labeled MD5 checksums and sizes of
the released files.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
143
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 6 MD5 checksum from the Python Web site
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOTand
FOR
SALE
OR DISTRIBUT
NOT FOR
SALE
OR the
DISTRIBUTION
5. Make a screen
capture
showing
MD5 checksum for the Python release
paste
it into
the Lab Report file.
6. In the TargetCentOS01 window, type md5sum /opt/software/Python-2.7.8.tgz and press
Enter
the command
prompt
to view the MD5 checksum
for the
installed
© Jones
& at
Bartlett
Learning,
LLC
© Jones
& Python
Bartlettrelease
Learning,
LLC
on this
computer.
NOT FOR
SALE
OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
7. Make a screen capture showing the MD5 checksum for the Python tarball and paste it into
the Lab Report file.
8. In
the Lab Report
checksums
to verify
that theLLC
version of
© Jones & Bartlett
Learning,
LLC file, compare the two©MD5
Jones
& Bartlett
Learning,
Python
installed on this computer matches
version
released
on Python’s Web site.
NOT FOR SALE OR
DISTRIBUTION
NOTthe
FOR
SALE
OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
144 | Lab #8 Applying Best Practices for Secure Software Management
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Part
3:
Use
GPG
and
Create
a
New
Repository
File SALE OR DISTRIBUTION
NOT FOR
NOT FOR SALE OR DISTRIBUTION
uNote:
Software download packages usually include a GPG key, which acts as a digital signature to prove the
validity of the source.
GPG &
is an
Open Source
encryption
ensure data
© Jones
Bartlett
Learning,
LLCand signing tool that helps
© Jones
& Bartlett Learning, LL
integrity and confidentiality. Software management tools like RPM and YUM utilities store the public keys
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
for approved package sources to help with software installations.
In the next steps, you will use the gpg command to view and verify GPG license key signature. When
managing downloaded software on a Linux platform, you will often need to download GPG keys from the
©
Jones
Bartlett
Learning,
LLC that the downloaded ©
Jones
& Bartlett
Learning,
internet
and&verify
their signatures
to ensure
program
is valid
and trusted.
You will LLC
NOT
FORthat
SALE
FOR SALE
ORthe
DISTRIBUTION
then import
GPGOR
key DISTRIBUTION
to the RPM database before creating a NOT
new repository
file under
YUM
repository directory to hold any software published by Google.
1. At the command prompt, type gpg /opt/software/linux_signing_key.pub and press Enter to
the signature
key. & Bartlett Learning, LLC
© Jones & Bartlettview
Learning,
LLC of a downloaded GPG
© Jones
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
7 Verify the signature of a downloaded
NOT FOR SALE ORFigure
DISTRIBUTION
NOTGPG
FORkey
SALE OR DISTRIBUTION
2. Make a screen capture showing the GPG signature and paste it into the Lab Report file.
3. At the command prompt, type sudo rpm --import /opt/software/linux_signing_key.pub and
Enter toLLC
import the key into the RPM
database.
© Jones & Bartlettpress
Learning,
© Jones
& Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
4. When prompted for a password, type pass=7890.
5. At the command prompt, type cd /etc/yum.repos.d/ and press Enter to change the to the
yum.repos.d directory.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
6. At the command
prompt,
type
su
-c
'
vi
google.repo
'
and
press
Enter
to open
a new
file OR DISTRIBUT
NOT
FOR
SALE
NOT FOR SALE OR DISTRIBUTION
called google.repo in the vi Editor.
7. When prompted, type P@ssw0rd!, the root password, and press Enter to create the new
account.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT
FOR
SALE
OR
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
uNote:
You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this
lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
145
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
8.
Press
the
i
key
to
enter
the
Insert
mode.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
9. Use the arrow keys to locate the first blank line in the file and type the following new
lines noted below.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
• [Google]
NOT FOR SALE OR DISTRIBUT
NOT FOR Lab
SALE OR DISTRIBUTION
• name=Google
• baseurl=http://dl.google.com/linux/rpm/stable/i386
• enabled=1
• gpgcheck=1
© Jones•&gpgkey=https://dl-ssl.google.com/linux/linux_signing_key.pub
Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 8 Create a new google.repo file
10. Press the Esc key to exit the Insert mode.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
11.
Type
:wq!
and
press
Enter
to
save
your
changes
and
exit the
Editor.
NOT FOR SALE OR DISTRIBUTION
NOT
FOR
SALE
ORviDISTRIBUTION
The new google.repo file will be saved in the yum.repos.d directory. The YUM installer
will now check any newly installed software published by Google against the information
in this file.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
uNote:
Unlike RPM Package Manager, the YUM installer automatically tracks and installs all dependent
applications first before installing the software package you may actually want. YUM looks in the
/etc/yum.repos.d/ directory for configured repositories. CentOS has several repositories by default, but
repositories
be added LLC
to gain access to other software.
©third-party
Jones &
Bartlettcan
Learning,
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
146 | Lab #8 Applying Best Practices for Secure Software Management
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
12.
At
the
command
prompt,
type
ls
and
press
list theOR
files
in the yum.repos.d
NOTEnter
FORtoSALE
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
directory.
The resulting list of files should include the google.repo file you just created.
13. Make a screen
capture
showingLearning,
the results LLC
of the ls command and paste
it into the
Lab
© Jones
& Bartlett
© Jones
& Bartlett
Learning, LL
Report file.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
14. Close the remote Linux connection.
15. Close the virtual lab, or proceed with Part 4 to answer the challenge question for this lab.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
147
© Jones & Bartlett Learning, LLC
Part OR
4: Challenge
Question
NOT FOR SALE
DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
uNote:
The following challenge question is provided to allow independent, unguided work, similar to what you will
encounter in a real
You
should aim
to improveLLC
your skills by getting the correct
answer&inBartlett
as few Learning, LL
© situation.
Jones &
Bartlett
Learning,
© Jones
steps as possible. Use screen captures in your lab document where possible to illustrate your answers.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
1. Explain the differences between RPM and YUM. What is the preferred software
installation utility? Why? Use the Internet to research your answer and cite your
references.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR
SALE
ORunique
DISTRIBUTION
NOT FOR SALE
ORYUM
DISTRIBUTION
(Answers
will be
to each student.) Both are command-line-based
tools. The
utility is a
more intelligent tool that automatically finds required dependencies and installs them prior to
installing any software package. The RPM Package Manager tool, on the other hand, doesn’t know
how to find, and isn’t aware of, dependencies during a software package installation. As a result,
installed software
A user must
detail theLearning,
exact location
of each
© Jones & Bartlettthe
Learning,
LLC may not work correctly.
© Jones
& Bartlett
LLC
dependency
when using the rpm commandNOT
and install
prior
to installing
the specific software
NOT FOR SALE OR
DISTRIBUTION
FOR them
SALE
OR
DISTRIBUTION
application needed. YUM only requires the program name to find all the dependencies and install
them prior to installing the respective software needed.
As a result,
YUM is the
preferred method
for software
very
comfortable
with Learning, LL
© Jones
& Bartlett
Learning,
LLC installations if user is ©
Jones
& Bartlett
using command
line
syntax.
Otherwise,
many
Linux
operating
systems
offer
a
GUI
(graphic
user
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
interface) for easy software installations.
uNote:
This completes the lab. Close the virtual lab, if you have not already done so.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
148 | Lab #8 Applying Best Practices for Secure Software Management
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Evaluation
Criteria
and
Rubrics
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
The following are the evaluation criteria for this lab that students must perform:
1. Query and verify all installed packages in the kernel to help evaluate what security
Jones
& Bartlett
Learning, LLC
© Jones & Bartlett Learning, LL
measures©are
necessary
– [20%]
NOT
FOR
SALEare
OR DISTRIBUT
FOR
SALE
OR DISTRIBUTION
2. Verify aNOT
source
tarball
to determine
whether the integrity and contents
of the
package
what you expect before executing or installing it – [20%]
3. Use and leverage md5sum to verify the integrity of a downloaded software tarball –
[20%]
4.
Use&GPG
to view
the signature
key – [20%]
© Jones
Bartlett
Learning,
LLCof a downloaded public
© Jones
& Bartlett Learning, LLC
5. FOR
Configure
rpm
database to add repositories securely
forFOR
the distribution
software to
NOT
SALEtheOR
DISTRIBUTION
NOT
SALE ORofDISTRIBUTION
persons who do not need access to the system directly, only to download any updates or
rpms – [20%]
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
149
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Lab
#8
–
Assessment
Worksheet
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Applying Best Practices for Secure Software Management
Course Name and Number: _____________________________________________________
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT
FOR
SALE
OR
DISTRIBUTION
Student Name: ________________________________________________________________
Instructor Name: ______________________________________________________________
© Jones
& Bartlett
Learning, LLC
© Jones & Bartlett Learning, LLC
Lab
Due Date:
________________________________________________________________
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Overview
This lab was an extension of the previous labs. It incorporated best practices for secure software
management.
In thisLLC
lab, you worked with a CentOS
machine
and used
RPM to LLC
query and verify
© Jones & Bartlett
Learning,
© Jones
& Bartlett
Learning,
package
verified a source tarball used forNOT
application
integrity
when
NOT FOR SALE
ORfiles,
DISTRIBUTION
FOR SALE
ORverification
DISTRIBUTION
downloading and installing new applications, and learned how to create a repository to properly
secure the RPN databases. You also used the md5sum for hashing and integrity verification
against downloaded program files. Finally, you learned to use GPG (GnuPG) tool to view a GPG
license key to ensure
downloaded
software
is valid.
© Jones
& Bartlett
Learning,
LLC
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
Lab Assessment Questions & Answers
1. Explain the purpose of the rpm -qf /bin/ls command.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Part 1, Step 7. This command will return the name of the package file in the specified location. In
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
this case, it is coreutils-8.4-19.el6.x86_64.
2. Discuss the purpose of a software repository as it relates to YUM.
followingLLC
Part 3, Step 11. Unlike RPM©Package
the Learning,
YUM installerLLC
automatically
© Jones & BartlettNote
Learning,
Jones Manager,
& Bartlett
tracks
and
installs
all
dependent
applications
first
before
installing
the
software
package
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION you
may actually want. YUM looks in the /etc/yum.repos.d/ directory for configured repositories.
CentOS has several repositories by default, but third-party repositories can be added to gain
access to other software.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
3. How can you ensure that a downloaded software package (tarball) is legitimate and
NOT FOR SALE OR DISTRIBUT
NOT
FOR SALE
hasn’t been
tampered
with? OR DISTRIBUTION
Part 2. Download a tarball from a trusted source, and obtain that source’s MD5 checksum. Once
the tarball is downloaded, run md5sum on the tar download. Then, compare MD5 checksum
© Jones
& against
Bartlett
LLCchecksum.
© Jones & Bartlett Learning, LLC
result
theLearning,
trusted source’s
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
150 | Lab #8 Applying Best Practices for Secure Software Management
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
4.
Explain
all
of
the
switches
associated
with
rpmSALE
command
that were used in this lab.
NOTthe
FOR
OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
•
•
•
•
Part 1 Step 4. -ql (lists all files in the package)
Part 1 Step 7. -qf (queries a specified path for the name of the package file)
Part
1 Step 9.
(verifies Learning,
the integrity of
the files in the package) © Jones & Bartlett Learning, LL
© Jones
& -V
Bartlett
LLC
Part
1
Step
13.
–qa
(lists
all
currently
installed
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTIONpackages)
5. Explain what hashing is and how it differs from encryption.
Note introducing Part 2. A hash is a unique constant-length checksum or signature for the data
© Jones
& Bartlett
Learning,
LLC
Jones it&isBartlett
or program.
This hash
technique
is different from encryption©because
a one-wayLearning,
method thatLLC
NOT FOR
SALE
OR
DISTRIBUTION
NOT
FOR
SALE
OR
DISTRIBUTION
doesn’t require known keys to encrypt and decrypt information. Any changes to a program
and
its files will produce a different md5sum value. If there are no changes, then the Md5Sum value
will match the md5sum value provided by the trusted source of the program files. Encryption, on
the other hand, is a two-way function that requires a known key or keys to encrypt and decrypt
© Jones & Bartlettthe
Learning,
LLC
Jones
Bartlettand
Learning,
original data.
Basically, a hash verifies©a file
and its&integrity,
encryption LLC
contains the file
NOT FOR SALE OR
DISTRIBUTION
SALE OR DISTRIBUTION
and
secures it with a key control that both NOT
partiesFOR
must know.
6. If you wanted to know which package a certain program belonged to, what command
would you run?
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
Part 1, Step 7. rpm -qf <installed program directory>.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
7. During this lab, you reviewed the httpd file for changes. What changes did you record
in your WordPad document?
© Jones
© Jones & Bartlett Learning, LLC
Part&1,Bartlett
Step 12. Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
• 5 – MD5 checksum has changed
• T – The time of the file has change
• S – The size of the repository has changed
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Lab #9 Applying Best Practices for Security
Logging and Monitoring
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Introduction
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
Security administration is not simply a matter of locking down a system and then not having to
worry about it again. New exploits in existing software and network protocols are constantly
© Jones
& Bartlett
LLC
© Jonesattack
& Bartlett
Learning,
LLC
being
discovered,
not toLearning,
mention the
possibility of social engineering
attempts.
To identify
NOT
FOR
SALE
OR
DISTRIBUTION
NOT
FOR
SALE
OR
DISTRIBUTION
anything amiss on a server, it is best practice for security administrators to regularly to check in
on the machine.
Checking in on a machine would be meaningless if nothing is being recorded for you to check.
By default,
Linux servers
system logLLC
would reside on
© Jones & Bartlett
Learning,
LLC run a system logging
© feature.
Jones Typically,
& BartletttheLearning,
the
same
server
it
is
logging,
but
best
practice
is
to
locate
the
system
log
on
a
remote
server
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
instead, particularly if the logged server is open the Internet. Locating the system logs for all
servers on a single server provides a more secure location for all logging. Suppose an intruder
breaks into a Linux system and deletes all of the local log files. Unless the intruder also
compromises the
server,
the log files
will still be available to©access
© remote
Joneslogging
& Bartlett
Learning,
LLC
Jonesand
& analyze.
Bartlett Learning, LL
System logs open the Internet are also vulnerable to denial service attacks which may fill up the
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
system log to the point where it cannot log any other messages.
Another method of logging events on a server is available by using the Tripwire application.
Tripwire is a file integrity tool that keeps a database hash of all files specified in its policy file.
© Jonesa &
Learning,
LLCdetect the changes. © Jones & Bartlett Learning, LLC
Anytime
fileBartlett
is altered,
Tripwire will
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Rootkit Hunter (rkhunter) is another file integrity checker available to the security administrator.
Rkhunter is a script that checks for various rootkits, a type of malicious software that enables
unauthorized users access to the server without being detected. It also performs checks on
common commands and startup files to determine if they have been modified, among other
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
things.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
In this lab, you will configure remote logging in the CentOS Linux Server and send syslogs to a
remote host for secure secondary logging. You will use Tripwire, a third-party file integrity tool,
to identify modifications to important system files. You will configure Rootkit Hunter,
(rkhunter), to search
for rootkits
and other
anomalies
on a set schedule. You©also
will search
the Learning, LL
© Jones
& Bartlett
Learning,
LLC
Jones
& Bartlett
log files for specific
criteria.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
This lab has four parts, which should be completed in the order specified.
1. In the first part of this lab, you will configure remote logging for an external logging and
© Jones
& Bartlett
Learning,
LLC
© Jones
& Bartlett file;
Learning,
monitoring
server
by creating
a new rsyslog.conf remote
log configuration
you willLLC
NOT FOR
SALE
OR
DISTRIBUTION
NOT
FOR
SALE
OR
DISTRIBUTION
then search through the log files to search for evidence of an intrusion.
Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved.
www.jblearning.com
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Instructor Lab Manual
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
151
152 | Lab #9 Applying Best Practices for Security Logging and Monitoring
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
2.
In
the
second
part
of
this
lab,
you
will
configure
defaultOR
policy
file for Tripwire and
NOT
FORa SALE
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
create a site and local passphrase; you will then initialize the Tripwire database and index
all of the files on the system.
3. In the third part of this lab, you will edit the rkhunter configuration file, schedule the
Jones
& Bartlett
Learning,
LLC
© Jonesreport.
& Bartlett Learning, LL
rkhunter©report
to run
at a specific
time, and
run the rkhunter check summary
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
4. Finally, if assigned by your instructor, you will explore the virtual environment or a
related topic on your own to answer a set of challenge questions that allow you to use the
skills you learned in the lab to conduct independent, unguided work, similar to what you
will&encounter
a real-world
situation.
© Jones
Bartlettin
Learning,
LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Learning Objectives
Upon completing this lab, you will be able to perform the following:
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
• Configure remote logging on the CentOS Linux Server and send syslogs and other events
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
to a remote host for secure secondary logging
• Search through different log files on the CentOS Linux Server to identify where certain
types of logs are stored and how often they get recycled
• Configure the Tripwire file integrity tool so that modifications to important system files
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
are quickly identified and properly logged both locally and remotely
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
• Configure and schedule rkhunter to run at said interval using the cron subsystem so that a
rootkit can be properly and quickly identified if possible
• Configure both automatic searches on log files as well as automatic running of important
security applications to properly monitor a CentOS Linux Server for malicious activity
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Tools and Software
The following software and/or utilities are required to complete this lab. Students are encouraged
to explore the Internet to learn more about the products and tools used in this lab.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
•
Rootkit
Hunter
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
• Tripwire
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
153
© Jones & Bartlett Learning, LLC
Deliverables
NOT FOR SALE
OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Upon completion of this lab, you are required to provide the following deliverables to your
instructor:
© Jones
& Bartlett
Learning,
LLC
& Bartlett
1. Lab Report
file including
screen
captures of
the following steps: Part©1,Jones
Steps 13,
26, and Learning, LL
NOT
FOR
SALE
OR DISTRIBUT
NOT
FOR
SALE
OR
DISTRIBUTION
29; Part 2, Step 23; Part 3, Steps 6, 18, and 23;
2. Lab Assessments file;
3. Optional: Challenge Questions file, if assigned by your instructor.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
154 | Lab #9 Applying Best Practices for Security Logging and Monitoring
© Jones & Bartlett Learning, LLC
Hands-On
Steps
NOT FOR SALE
OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
uNote:
This lab contains detailed lab procedures, which you should follow as written. Frequently performed tasks
are explained in the
Common&Lab
Tasks document
on the
vWorkstation desktop. You
should review
these Learning, LL
© Jones
Bartlett
Learning,
LLC
© Jones
& Bartlett
tasks before starting the lab.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
1. From the vWorkstation desktop, open the Common Lab Tasks file.
If you desire, use the File Transfer button to transfer the file to your local computer and
© Jones
LLC
© Jones & Bartlett Learning, LLC
print&aBartlett
copy for Learning,
your reference.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
FigureLLC
1 “Student Landing” vWorkstation
© Jones & Bartlett Learning,
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
2. On your local computer, create the lab deliverable files.
3. Review the Lab Assessment Worksheet at the end of this lab. You will find answers to
these questions as you proceed through the lab steps.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Part 1: Configuring and Investigating the Linux Log File
uNote:
In the next steps, you will explore the robust nature of Linux’s log files. First, you will configure remote
© Jones
& Bartlett
Learning,
LLC
Jones & Bartlett
logging for an external
logging
and monitoring
server by
creating a new remote log©configuration
file, the Learning, LL
NOT FOR SALE OR DISTRIBUT
FOR
DISTRIBUTION
rsyslog.conf file.NOT
Next, you
willSALE
searchOR
through
the log files for evidence of an intrusion.
1. Double-click the RDP folder on the vWorkstation desktop to open the folder.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
155
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
2.
Double-click
the
TargetCentOS01.rdp
file
in the
RDP
folder
to DISTRIBUTION
open a remote connection
NOT
FOR
SALE
OR
NOT FOR SALE OR DISTRIBUTION
to the Linux machine.
The remote GNOME desktop, the graphical user interface (GUI) for the virtual Linux
server, opens with the IP address of the remote machine (172.30.0.21) in the title bar at
© the
Jones
& Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
the top of
window.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & BartlettFigure
Learning,
LLC
© Jones & Bartlett Learning, LL
2 GNOME
desktop
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
3. Double-click the Terminal icon on the GNOME desktop to open the terminal emulator and
access the Linux server command line.
4. At the
commandLearning,
prompt, type
su -c ' vi /etc/rsyslog.conf
' and press
Enter toLearning,
create a new
© Jones
& Bartlett
LLC
© Jones
& Bartlett
LLC
remote system log configuration file in the vi Editor.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
5. When prompted, type P@ssw0rd!, the root password, and press Enter.
uNote:
You are required
to enter
a mixed-case password.©
If you
are not
using the Citrix
ReceiverLLC
to access this
© Jones & Bartlett
Learning,
LLC
Jones
& Bartlett
Learning,
lab,
please
use
the
CAPS
LOCK
button
or
the
On-Screen
Keyboard
to
input
the
password.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
6. Press the i key to enter the Insert mode.
7. Use the arrows keys to move to the last line in the file and press Enter to create a new line
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
above the last line in the file.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
8. Press the up-arrow key so that the cursor is now at the beginning of the new line you just
created.
9. Type
@@logs.firstworldbank-example.com
to direct
TargetCentOS01
server to send
© Jones
& *.*
Bartlett
Learning, LLC
© the
Jones
& Bartlett Learning,
LLC
all
(*.*)
logging
information
to
a
remote
server
named
logs.firstworldbank-example.com.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
156 | Lab #9 Applying Best Practices for Security Logging and Monitoring
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 3 Edit the rsyslog.conf file
10. Press the Esc key to exit the Insert mode.
© and
Jones
Bartlett
Learning,
LLC and exit the vi Editor.
© Jones & Bartlett Learning, LL
11. Type :wq!
press&Enter
to save
your changes
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
12. At the command prompt, type cat /etc/rsyslog.conf to display the contents of the file.
13. Make a screen capture showing the edited file and paste it into the Lab Report file.
© Jones
& Bartlett
LLC
© Jones
Bartlett
Learning,
LLC
14. At the
commandLearning,
prompt, type
sudo /sbin/service rsyslog
restart &
and
press Enter
to restart
NOT FOR
SALE
OR
DISTRIBUTION
NOT
FOR
SALE
OR
DISTRIBUTION
the syslog logging mechanism with your changes without rebooting the server.
15. When prompted, type pass=7890, the student password, and press Enter to create the new
account.
© Jones & BartlettThe
Learning,
LLCreturn OK flags indicating
© Jones
& Bartlett
Learning,
system will
that the
process has
restarted.LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
16. At the command prompt, type sudo /sbin/service sshd status and press Enter to check the
running status of the openSSH server.
17. If prompted,
type pass=7890,
student password,
and press Enter. © Jones & Bartlett Learning, LL
© Jones
& Bartlettthe
Learning,
LLC
FOR
SALEthat
ORthe
DISTRIBUTION
If theNOT
system
indicates
service is running, skip to step 18.NOT FOR SALE OR DISTRIBUT
If the service is not running, type sudo /sbin/service sshd start and press Enter at the
command prompt to start the SSH service. Repeat until you receive the indicator that
the service is running.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT
FOR
SALE
OR
DISTRIBUTION
NOT
OR
DISTRIBUTION
18. At the command prompt, type ssh nonexist@localhost
andFOR
pressSALE
Enter to
attempt
to
establish an SSH connection to an account that does not exist on this server.
•
•
19. If prompted to answer the question: Are you sure you want to continue connecting
type
yes and press Enter. © Jones & Bartlett Learning, LLC
© Jones & Bartlett(yes/no)?,
Learning,
LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
157
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
20.
When
prompted
for
a
password
for
the
nonexist@localhost
account,
type test and press
NOT
FOR SALE OR
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Enter to attempt to login to the server.
Because this user account does not exist on the server, the login attempt will fail and the
failed attempt will be logged into the system’s log file.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
21. Repeat step
each SALE
time theOR
system
prompts you for a password forNOT
this account.
FOR SALE OR DISTRIBUT
NOT20FOR
DISTRIBUTION
After three failed attempts, the system will display a Permission denied message
indicating that the login attempt has been aborted and will return to the command prompt.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 4 Generate failed login data
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
22.
At
the
command
prompt,
type
su
-c
'
cat
/var/log/secure
' and press Enter to
NOT FOR SALE OR DISTRIBUTION
NOT
FOR SALE| grep
OR nonexist
DISTRIBUTION
search the log file for all of the login attempts for the user account named nonexist.
uNote:
The /var directory is where all the system logs go by default on the local system. It is best practice to
© Jones
Bartlett
Learning, LLC
Jones
& not
Bartlett Learning, LL
create a /var partition
so that&attacks
or over-subscription
of the disk due to logging©activity
does
NOT FOR SALE OR DISTRIBUT
FOR SALE
OR DISTRIBUTION
hamper the rest NOT
of the system
from performing
its business function.
23. When prompted, type P@ssw0rd!, the root password, and press Enter.
©uNote:
Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT
FOR
SALE
OR
DISTRIBUTION
NOTthe
FOR
ORtoDISTRIBUTION
You are required to enter a mixed-case password. If you are not using
CitrixSALE
Receiver
access this
lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password.
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
158 | Lab #9 Applying Best Practices for Security Logging and Monitoring
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© JonesFigure
& Bartlett
LLC
5 FailedLearning,
login attempts
by nonexist@localhost © Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
24. At the command prompt, type su -c ' lastb ' and press Enter to read only the failed login
attempts on the TargetCentOS server.
25. When
prompted,
type P@ssw0rd!,
press &
Enter.
© Jones
& Bartlett
Learning,
LLC the root password,©and
Jones
Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
uNote:
You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this
lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlettand
Learning,
LLCthe Lab
26. Make
a screen
capture showing the results
of this&command
paste it into
NOT FOR SALE OR
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Report
file.
27. At the command prompt, type su -c ' tail /var/log/messages ' and press Enter to read the
messages from the last 10 lines recorded in the log file.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
28. When prompted,
type
P@ssw0rd!,
the
root
password,
and
press
Enter.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
uNote:
You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this
lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT
FOR
SALE
OR
DISTRIBUTION
NOT FOR
SALE
OR the
DISTRIBUTION
29. Make a screen capture showing the results of this command
and paste
it into
Lab
Report file.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
159
© Jones & Bartlett Learning, LLC
Part OR
2: Configuring
Tripwire
NOT FOR SALE
DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
uNote:
In the next steps, you will use Tripwire, a third-party tool loaded as a module on this server, to perform
an integrity check.©First,
you will
configure Learning,
a default policy
file for Tripwire and create©aJones
site and&
local
Jones
& Bartlett
LLC
Bartlett Learning, LL
passphrase. With the passphrase in place, you will initialize the Tripwire database and index all of the
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
files on the system.
The site passphrase encrypts the Tripwire configuration and policy files, so that it wouldn’t be possible to
view or change either file without the passphrase. The local passphrase would be used to protect the
© Jones
& Bartlett
© Jones
Bartlett
Learning, LLC
Tripwire
database
files. It Learning,
is important toLLC
point out that the passphrases
used in&this
lab (thelocalpass
NOT
FOR SALE
OR DISTRIBUTION
FOR
SALE
ORpassphrase:
DISTRIBUTION
and
thesitepass)
as oversimplified.
In a real-life situation you wouldNOT
choose
a more
complex
at least 8 characters in length with a mix of letter cases and numbers.
1. At the command prompt, type su -c ' /usr/sbin/tripwire-setup-keyfiles ' and press Enter to
the configuration
files, the first step
in creating
a defaultLearning,
encrypted policy
© Jones & Bartlettload
Learning,
LLC
© Jones
& Bartlett
LLC for
Tripwire.
NOT FOR SALE OR
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
2. When prompted, type P@ssw0rd!, the root password, and press Enter.
uNote:
Bartlettpassword.
Learning,
LLC
© Jones
& Bartlett
You are required©toJones
enter a &
mixed-case
If you
are not using the Citrix Receiver
to access
this Learning, LL
NOT
FOR
SALE
OR DISTRIBUT
NOT
FOR
SALE
OR
DISTRIBUTION
lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password.
3. When prompted by the Tripwire process to enter a site keyfile passphrase, type
thesitepass and press Enter.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
4. FOR
Type SALE
thesitepass
again to verify the site keyfile passphrase.
NOT
OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
5. When prompted to create a local keyfile passphrase, type thelocalpass and press Enter.
6. Type thelocalpass again to verify the local keyfile passphrase.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
160 | Lab #9 Applying Best Practices for Security Logging and Monitoring
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 6 Configure the default policy file for Tripwire
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
FOR
SALE OR DISTRIBUT
NOT
FOR
SALE
OR
DISTRIBUTION
7. When prompted for the site passphrase to sign the configuration fileNOT
(tw.cfg),
type
thesitepass and press Enter.
uNote:
©A Jones
Bartlett
LLC
© created
Jonesat&this
Bartlett
cleartext&version
of theLearning,
configuration
file, /etc/tripwire/twcfg.txt, is
time. In Learning,
a real-life LLC
situation,
youSALE
would OR
moveDISTRIBUTION
this cleartext file to a more secure location
onceDISTRIBUTION
you’ve
NOT
FOR
NOTand/or
FORencrypt
SALEit OR
examined the contents.
8. When prompted for the site passphrase to sign the policy file (tw.pol), type thesitepass
press Enter.
© Jones & Bartlettand
Learning,
LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
uNote:
A cleartext version of the policy file, /etc/tripwire/twpol.txt, is created during this step. Again, in a real-life
situation, you would move this file to a secure location and/or encrypt it after you’ve examined it.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
9. To confirm that the Tripwire configuration file is now encrypted, type su -c ' cat
NOT FOR SALE OR DISTRIBUT
NOT FOR' and
SALE
OR
DISTRIBUTION
/etc/tripwire/tw.cfg
press
Enter.
10. When prompted, type P@ssw0rd!, the root password, and press Enter.
©uNote:
Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
You are
required
to enter
a mixed-case password. If you are not using
CitrixSALE
Receiver
access this
NOT
FOR
SALE
OR DISTRIBUTION
NOTthe
FOR
ORtoDISTRIBUTION
lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
161
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 7 Encrypted configuration file
© Jones & Bartlett Learning, LLC
NOTclick
FORClose
SALE
OR DISTRIBUTION
11. If prompted,
to dismiss
the pop-up window.
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
12. To confirm that the Tripwire policy file is also encrypted, type su -c ' cat
/etc/tripwire/tw.pol ' and press Enter.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
uNote:
NOT
FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
After the policy file is created, Tripwire will provide instructions to run the init command to initialize the
database. This process reads the policy file and generates a database from its contents.
13. When prompted, type P@ssw0rd!, the root password, and press Enter.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE
OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
uNote:
You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this
lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password.
© Jones
& Bartlett
Learning,
LLCwindow.
© Jones & Bartlett Learning, LL
14. If prompted,
click Close
to dismiss
the pop-up
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
15. At the command prompt, type su -c ' /usr/sbin/tripwire --init ' and press Enter to begin the
initialization process.
16. When prompted, type P@ssw0rd!, the root password, and press Enter.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
162 | Lab #9 Applying Best Practices for Security Logging and Monitoring
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
uNote:
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this
lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password.
17. When prompted
local passphrase,
type
thelocalpass.
© Jonesfor&aBartlett
Learning,
LLC
NOT FOR SALE OR DISTRIBUTION
uNote:
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
Tripwire will index all of the files on the computer as specified in the policy file. The local passphrase was
requested because indexing results in writing to the Tripwire database. This may take several minutes,
so do not touch any keys until the terminal prompt appears. You will see several No such file or directory
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
messages because the policy file used in this lab references several file locations that are not found on
NOT
FOR
SALE
OR
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
this server.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 8 Initialize the Tripwire database
18. At the command prompt, type su -c ' touch /bin/ls ' and press Enter to force a timestamp
change on
bin/ls
© the
Jones
&file.
Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR
SALE
OR DISTRIBUTION
19. When prompted,
type
P@ssw0rd!,
the root password, and press Enter.
uNote:
You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this
©lab,
Jones
Bartlett
Learning,
LLC
© Jones
& Bartlett
please&use
the CAPS
LOCK button
or the On-Screen Keyboard
to input the
password.Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
20. At the command prompt, type su -c ' /usr/sbin/tripwire --check ' and press Enter to run a
file integrity check with Tripwire.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
163
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
21.
When
prompted,
type
P@ssw0rd!,
the
root password,
and OR
press
Enter.
NOT
FOR SALE
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
uNote:
You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this
lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
Tripwire will check the indexed files as specified in the policy file. This may take several
minutes, so do not touch any keys until the terminal prompt appears. You will see several
No such file or directory messages because the policy file used in this lab references
several file locations that are not found on this server.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
22.FOR
Use the
scrollbar
to move to the top of the report and review
the reported
violations
in the
NOT
SALE
OR DISTRIBUTION
NOT FOR
SALE OR
DISTRIBUTION
integrity check.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 9 Tripwire Integrity Check Report
23. Make a screen capture showing the report and paste it into the Lab Report file. You may
have to take
multiple
screen captures
to display
© Jones
& Bartlett
Learning,
LLC the entire output. © Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
164 | Lab #9 Applying Best Practices for Security Logging and Monitoring
© Jones & Bartlett Learning, LLC
Part OR
3: Configuring
Rootkit Hunter
NOT FOR SALE
DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
uNote:
In the next steps, you will use rkhunter (Rootkit Hunter), a tool that scans the server for rootkits,
backdoors, and ©
other
anomalies.
You willLearning,
edit the rkhunter
the rkhunter
report Learning, LL
Jones
& Bartlett
LLCconfiguration file, schedule
© Jones
& Bartlett
to run at a specific time, and run the rkhunter check summary report.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
1. At the command prompt, type su -c ' vi /etc/rkhunter.conf ' and press Enter to open the
system log configuration file in the vi Editor.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
2. FOR
WhenSALE
prompted,
type P@ssw0rd!, the root password, NOT
and press
NOT
OR DISTRIBUTION
FOREnter.
SALE OR DISTRIBUTION
uNote:
You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this
lab, please
use the CAPS
Keyboard
to input
the password.
© Jones & Bartlett
Learning,
LLC LOCK button or the On-Screen
© Jones
& Bartlett
Learning,
LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
3. Press the i key to enter the Insert mode.
4. Use the arrow keys to locate the #MAIL-ON-WARNING=me@mydomain root@mydomain
line and move to the end of the line and press Enter to create a new line.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
5. Type MAIL-ON-WARNING=student
to add the student account to the rkhunter
tool.SALE OR DISTRIBUT
NOT FOR
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT
Figure 10 Modify the rkhunter.conf
file FOR SALE OR DISTRIBUTION
6. Make a screen capture showing the edited file and paste it into the Lab Report file.
7. Press the Esc key to exit the Insert mode.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
165
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
8.
Type
:wq!
and
press
Enter
to
save
your
changes
and
exit the
Editor.
NOT
FOR
SALE
ORviDISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
9. At the command prompt, type vi rkhunter.txt and press Enter to create a new text file in
the vi Editor.
10. Press the©i Jones
key to enter
the Insert
mode. LLC
& Bartlett
Learning,
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
11. Type the following new line of text to use the cron scheduler to run an rkhunter report
every morning at 2:30a.m.
• 30 2 * * * /usr/bin/rkhunter -c -q >/dev/null 2>&1
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 11 Create
the rkhunter.txt
file Learning, LLC
© Jones & Bartlett Learning, LLC
© Jones
& Bartlett
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
12. Press the Esc key to exit the Insert mode.
13. Type :wq! and press Enter to save your changes and exit the vi Editor.
14. At the command
type su
-c ' crontab
rkhunter.txt ' and press ©
Enter
to schedule
the Learning, LL
© Jonesprompt,
& Bartlett
Learning,
LLC
Jones
& Bartlett
cron job NOT
for theFOR
root SALE
user. OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUT
15. When prompted, type P@ssw0rd!, the root password, and press Enter.
uNote:
©You
Jones
& Bartlett
LLC
© Jones
& Bartlett
Learning,
are required
to enterLearning,
a mixed-case
password. If you are not using
the Citrix
Receiver to
access thisLLC
NOT
FOR
SALE
OR
DISTRIBUTION
NOT
FOR
SALE
OR
DISTRIBUTION
lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password.
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
166 | Lab #9 Applying Best Practices for Security Logging and Monitoring
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
16.
At
the
command
prompt,
type
su
-c
'
crontab
-l ' and
pressOR
Enter
to list the scheduled cron
NOT FOR
SALE
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
jobs.
17. When prompted, type P@ssw0rd!, the root password, and press Enter.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT FOR
SALE
NOT
FOR
SALE
OR
DISTRIBUTION
You are required to enter a mixed-case password. If you are not using the Citrix Receiver
to access
thisOR DISTRIBUT
lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password.
uNote:
18. Make a screen capture showing the output of this command and paste it into the Lab
Report
file.
© Jones
& Bartlett
Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
uNote:
If the output of the crontab –l command is empty, you will need to check that the crond daemon is
running in the background. At the command prompt, type service crond status and press Enter. If the
crond daemon
is running,
theJones
crond daemon
is stopped,
type service
© Jones & Bartlett
Learning,
LLCrepeat steps 16-18. If ©
& Bartlett
Learning,
LLC crond
start,
press
Enter,
and
repeat
steps
16-18.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
19. At the command prompt, type su -c ' /usr/bin/rkhunter -c ' and press Enter to run the
rkhunter check summary report.
© Jonestype
& Bartlett
Learning,
© Jones & Bartlett Learning, LL
20. When prompted,
P@ssw0rd!,
the root LLC
password, and press Enter.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
uNote:
You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this
lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Rkhunter
will
check
the system for any anomalies that
could
indicate
a breach.
This
NOT FOR
SALE
OR
DISTRIBUTION
NOT
FOR
SALE
OR DISTRIBUTION
check may take several minutes. Throughout this process, rkhunter will prompt you to
[Press <ENTER> to continue].
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
167
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 12 Run the rkhunter report
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
FOR SALE
NOT
FOR
SALE
OR
DISTRIBUTION
21. Follow the onscreen instructions and press Enter as required until theNOT
command
promptOR DISTRIBUT
returns.
22. Use the scrollbar to review the reported warnings in the summary.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
168 | Lab #9 Applying Best Practices for Security Logging and Monitoring
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 13 rkhunter check summary report
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOTitFOR
SALE
NOT
FOR
SALE
OR
DISTRIBUTION
23. Make a screen capture showing the summary and any warnings and paste
into the
LabOR DISTRIBUT
Report file. You may have to take multiple screen captures to display the entire summary.
24. Close the remote Linux connection.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
25. Close the virtual lab, or proceed with Part 4 to answer the challenge question for this lab.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
169
© Jones & Bartlett Learning, LLC
Part OR
4: Challenge
Questions
NOT FOR SALE
DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
uNote:
The following challenge questions are provided to allow independent, unguided work, similar to what you
will encounter in a©real
situation.
You should
aim to improve
answer
in as Learning, LL
Jones
& Bartlett
Learning,
LLCyour skills by getting the©correct
Jones
& Bartlett
few steps as possible. Use screen captures in your lab document where possible to illustrate your answers.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
1. How would you edit the rsyslog.conf file to send all cron jobs to a remote server
identified as 172.130.1.254 using the UDP protocol? How would you make sure that the
changes take place immediately?
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR
ORstuff
DISTRIBUTION
NOT
FOR
SALE
OR DISTRIBUTION
In the SALE
# Log cron
section of the file, comment out line that
says
cron.*
/var/log/cron
and add a
new line to the same section: cron.* @172.130.1.254. Save the changes to the file and restart the
rsyslog service.
2. What
edits would
error conditions
or Learning,
higher to that
remote server
© Jones & Bartlett
Learning,
LLC you make to send only
© Jones
& Bartlett
LLC
using
the UDP protocol?
NOT FOR SALE OR
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
In this case, the new line would read: cron.err @172.130.1.254.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
uNote:
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 14 Edited rsyslog.conf file
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
This completes the lab. Close the virtual lab, if you have not already done so.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
170 | Lab #9 Applying Best Practices for Security Logging and Monitoring
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Evaluation
Criteria
and
Rubrics
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
The following are the evaluation criteria and rubrics that students must perform:
1. Configure remote logging on the CentOS Linux Server and send syslogs and other events
© Jones
Bartlett
Learning,
LLC– [20%]
© Jones & Bartlett Learning, LL
to a remote
host for&secure
secondary
logging
NOT
FOR
SALE
OR DISTRIBUT
NOT FOR
SALE
DISTRIBUTION
2. Search through
different
logOR
files
on CentOS Linux Server to identify
where
certain
types
of logs are stored and how often they get recycled – [20%]
3. Configure the Tripwire file integrity tool so that modifications to important system files
are quickly identified and properly logged both locally and remotely – [20%]
4.
Configure
and schedule
rkhunter
the&cron
subsystem
so thatLLC
a
© Jones
& Bartlett
Learning,
LLC to run at said interval
© using
Jones
Bartlett
Learning,
rootkit
can beOR
properly
and quickly identified if possible
– [20%]
NOT FOR
SALE
DISTRIBUTION
NOT
FOR SALE OR DISTRIBUTION
5. Configure both automatic searches on log files as well as automatic running of important
security applications to properly monitor a CentOS Linux Server for malicious activity –
[20%]
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
171
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Lab
#9
–
Assessment
Worksheet
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Applying Best Practices for Security Logging and Monitoring
Course Name and Number: _____________________________________________________
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT
FOR
SALE
OR
DISTRIBUTION
Student Name: ________________________________________________________________
Instructor Name: ______________________________________________________________
© Jones
& Bartlett
Learning, LLC
© Jones & Bartlett Learning, LLC
Lab
Due Date:
________________________________________________________________
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Overview
In this lab, you configured remote logging on the CentOS Linux Server and sent syslogs to a
remote host
for secure
secondary logging. You©used
Tripwire,
a third-party
file integrity
© Jones & Bartlett
Learning,
LLC
Jones
& Bartlett
Learning,
LLC tool, to
identify
to important system files.
YouFOR
configured
Hunter, (rkhunter), to
NOT FOR SALE
ORmodifications
DISTRIBUTION
NOT
SALE Rootkit
OR DISTRIBUTION
search for rootkits and other anomalies on a set schedule. You also searched the log files for
specific criteria.
© Jones
& Bartlett
Learning, LLC
© Jones & Bartlett Learning, LL
Lab Assessment
Questions
& Answers
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
1. What is the primary place to store log files on a local Linux system, and what are
recommended procedures for that location?
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Note following Part 1, Step 22. The /var directory is where all the system logs go by default on
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
the local system. It is best practice to create a /var partition so that attacks or over-subscription
of the disk due to logging activity does not hamper the rest of the system from performing its
business function.
2. Why
is remote
logging to a central server
considered
a best practice?
© Jones & Bartlett
Learning,
LLC
© Jones
& Bartlett
Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Introduction Locating the system logs for all servers on a single server provides a more secure
location for all logging. Suppose an intruder breaks into a Linux system and deletes all of the
local log files. Unless the intruder also compromises the remote logging server, the log files will
still be available
to access
and analyze.
© Jones
& Bartlett
Learning, LLC
© Jones & Bartlett Learning, LL
NOT
FOR SALE
OR DISTRIBUTION
3. Why is the
Tripwire
application
considered a file integrity checker? NOT FOR SALE OR DISTRIBUT
Introduction. Tripwire keeps a database hash of all files specified in its policy file. Any time a file
is altered, Tripwire will detect the changes.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
172 | Lab #9 Applying Best Practices for Security Logging and Monitoring
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
4.
Could
rkhunter
be
considered
a
file
integrity
checker?
Why
why not?
NOT FOR
SALE
ORorDISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Introduction. Yes. Rkhunter is a script that checks for various rootkits, a type of malicious
software that enables unauthorized users access to the server without being detected. It also
performs checks on common commands and startup files to determine if they have been
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
modified, among other things.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
5. How would you check to see that a recurring cron job was scheduled to run?
Note following Part 3, Step 16. Use crontab -l to list.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
6. FOR
WhatSALE
is the difference
between the site and local passphrases
usedSALE
by Tripwire?
NOT
OR DISTRIBUTION
NOT FOR
OR DISTRIBUTION
Note introducing Part 2. The site passphrase encrypts the Tripwire configuration and policy files,
so that it wouldn’t be possible to view or change either file without the passphrase. The local
passphrase would be used to protect the Tripwire database files.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE7.OR
DISTRIBUTION
NOT
SALE
ORonDISTRIBUTION
What is a security implication of locating
theFOR
syslog
service
a system with Internet
access?
Introduction. System logs open the Internet are also vulnerable to denial of service attacks,
© fill
Jones
Bartlett
LLCit cannot log any other messages.
© Jones & Bartlett Learning, LL
which may
up the &
system
log toLearning,
the point where
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Lab #10 Defining Linux OS and Application
Backup and Recovery Procedures
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Introduction
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
A well-documented and tested disaster recovery process should be a part of any organization’s
defense-in-depth security strategy. As part of the disaster recovery process, the security team
© Jones
& regular
Bartlett
Learning,
© Jones
& Bartlett
LLC
should
make
backups
of theLLC
systems. One such method,
in the Linux
serverLearning,
environment,
NOT
FOR
SALE
OR
DISTRIBUTION
NOT
FOR
SALE
OR
DISTRIBUTION
is to use the tar command to create an archive which contains the files and folder structure of the
targeted directory. This archive can then be compressed so as to take up less space. Compression
is the process of encoding data to use fewer bits, thus making it smaller. Compressed data by
itself, however, is not considered secure.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Encrypting
backups should be as expected as NOT
encrypting
on the network.
NOT FOR SALE
OR DISTRIBUTION
FOR communications
SALE OR DISTRIBUTION
Encryption helps to secure data so unauthorized entities can’t read or access it. Encryption
converts the data into ciphertext, making it unreadable without a key or passphrase.
Compromised backups are one of the primary ways of stealing corporate data. Backups may
Jones & Bartlett
Learning,
LLC and company confidential
© Jonesdata
& Bartlett
contain all of the©information,
including
private customer
in an Learning, LL
NOT
FOR
SALE
NOT
FOR
SALE
OR
DISTRIBUTION
organization. Emails, like backups, if not encrypted could contain huge amounts of potentially OR DISTRIBUT
sensitive information and thus should be secured both in transit and at rest on the server. If
emails aren’t encrypted, it becomes much easier for intruders to sniff traffic for emails and
reconstruct all of the captured plaintext information.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Sometimes
file may
have
been inadvertently deleted while NOT
a program
in the OR
middle
of
NOT FORaSALE
OR
DISTRIBUTION
FORisSALE
DISTRIBUTION
accessing it. In such cases, instead of locating an appropriate archive from which to restore a
copy of the file, it may be possible to recover the file without resorting to a backup as the file
may still reside under the /proc directory.
© Jones & Bartlett
Learning,
Jones
& Bartlett
LLC for data
In this lab,
you will LLC
maximize availability and©define
a recovery
timeLearning,
objective (RTO)
NOT FOR SALE
OR DISTRIBUTION
NOT Linux
FOR SALE
file backups
and recovery on a production CentOS
server. OR
You DISTRIBUTION
will secure a data file
backup using OpenSSL encryption and restore the data file from the encrypted backup. You also
will recover a deleted file using the /proc recovery function.
This lab has four©parts,
which
should be
completedLLC
in the order specified. © Jones & Bartlett Learning, LL
Jones
& Bartlett
Learning,
NOT
SALE
OR DISTRIBUT
NOT
ORwill
DISTRIBUTION
1. In the first
partFOR
of theSALE
lab, you
back up a file on the Linux OS and
thenFOR
secure
it with
encryption.
2. In the second part of the lab, you will delete a file and then use decryption to restore the
file&onBartlett
the Linux
OS. You also
for this &
process.
© Jones
Learning,
LLCwill document the RTO
© Jones
Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
3. In the third part of the lab, you will identify the process ID (PID) from a deleted file and
restore the file using the built-in Linux OS virtual filesystem called /proc.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE
OR
DISTRIBUTION
NOT All
FOR
SALE OR DISTRIBUTION
Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company.
rights reserved.
www.jblearning.com
Instructor Lab Manual
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
173
174 | Lab #10 Defining Linux OS and Application Backup and Recovery Procedures
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
4.
Finally,
if
assigned
by
your
instructor,
you will
explore
virtual
environment on your
NOT
FOR
SALEthe
OR
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
own to answer a set of challenge questions that allow you to use the skills you learned in
the lab to conduct independent, unguided work, similar to what you will encounter in a
real-world situation.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
Learning Objectives
NOT FOR SALE OR DISTRIBUTION
Upon completing this lab, you will be able to perform the following:
• Ensure Linux OS, application, and data availability with documented backup and
© Jones
& Bartlett
Learning, LLC
© Jones & Bartlett Learning, LLC
recovery
procedures
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
• Configure and perform backups within the Linux operating system as an automated and
stable way of enhancing backup and recovery procedures and maximizing system
availability
• Encrypt
backups
are being
performed
© Jones & Bartlett
Learning,
LLCin the Linux operating
© system
Jonesas
& they
Bartlett
Learning,
LLCand for
NOT FOR SALE OR
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
securing
data backups and storage
• Restore encrypted backups for full recovery of the Linux OS as per defined recovery time
objectives (RTO)
• Backup and restore deleted files using /proc in Linux so that an entire system does not
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
have to be
restored
the instance
of a deleted or corrupted file
NOT FOR SALE OR DISTRIBUT
NOT
FOR in
SALE
OR DISTRIBUTION
Tools and Software
The
following
softwareLearning,
and/or utilities
this lab.&Students
encouraged
© Jones
& Bartlett
LLCare required to complete
© Jones
Bartlettare
Learning,
LLC
to
explore
the
Internet
to
learn
more
about
the
products
and
tools
used
in
this
lab.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
•
None
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
175
© Jones & Bartlett Learning, LLC
Deliverables
NOT FOR SALE
OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Upon completion of this lab, you are required to provide the following deliverables to your
instructor:
© Jones
& Bartlett
Learning,
LLC
& Bartlett
1. Lab Report
file including
screen
captures of
the following steps: Part©1,Jones
Step 13;
Part 2, Learning, LL
NOT
FOR
SALE
OR DISTRIBUT
NOT
FOR
SALE
OR
DISTRIBUTION
Step 10; Part 3, Steps 7, 11, and 17;
2. Lab Assessments file;
3. Optional: Challenge Questions file, if assigned by your instructor.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
176 | Lab #10 Defining Linux OS and Application Backup and Recovery Procedures
© Jones & Bartlett Learning, LLC
Hands-On
Steps
NOT FOR SALE
OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
uNote:
This lab contains detailed lab procedures, which you should follow as written. Frequently performed tasks
are explained in the
Common&Lab
Tasks document
on the
vWorkstation desktop. You
should review
these Learning, LL
© Jones
Bartlett
Learning,
LLC
© Jones
& Bartlett
tasks before starting the lab.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
1. From the vWorkstation desktop, open the Common Lab Tasks file.
If you
desire, use
the File Transfer
file to your
local computer
andLLC
© Jones
& Bartlett
Learning,
LLC button to transfer the
© Jones
& Bartlett
Learning,
print SALE
a copy for
reference.
NOT FOR
ORyour
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Figure 1 “Student Landing” vWorkstation
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
2. On your local computer, create the lab deliverable files.
3. Review the Lab Assessment Worksheet at the end of this lab. You will find answers to
questions
as you proceed through©the
lab steps.
© Jones & Bartlettthese
Learning,
LLC
Jones
& Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Part 1: Back Up a Data File on the Linux OS
uNote:
& up
Bartlett
Learning,
LLC
© Jones
& Bartlett
Learning, LL
In the next steps, ©
youJones
will back
a data file
on the Linux
OS. You will secure the backup
file, encrypt
it
using the opensslNOT
command,
and
then
remove
the
unencrypted
data
file.
NOT FOR SALE OR DISTRIBUT
FOR SALE OR DISTRIBUTION
1. Double-click the RDP folder on the vWorkstation desktop.
2. Double-click
theLearning,
TargetCentOS01.rdp
file to open the Linux
server.
© Jones
& Bartlett
LLC
© Jones
& Bartlett Learning, LLC
NOT FOR
SALE
OR
DISTRIBUTION
NOT
FOR
DISTRIBUTION
The remote GNOME desktop, the graphical user interface (GUI)SALE
for the OR
virtual
Linux
server, opens with the IP address of the remote machine (172.30.0.21) in the title bar at
the top of the window.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
177
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
FOR
SALE OR DISTRIBUTION
Figure 2 TheNOT
GNOME
desktop
3. Double-click the Terminal icon on the GNOME desktop to open the terminal emulator and
access the Linux server command line.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
4. At the command prompt, type pwd and press Enter to verify that you are in the home
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
directory.
The system will return the current directory as /home/student.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
178 | Lab #10 Defining Linux OS and Application Backup and Recovery Procedures
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 3 Verify the working directory
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
FOR SALE OR DISTRIBUT
NOT
FOR
SALE
OR
DISTRIBUTION
5. At the command prompt, type su -c ' tar zcvf yourname.tar.gz /etc /varNOT
', replacing
yourname with your own name, and press Enter to archive and compress the /etc and /var
directories for backup.
uNote:
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
The
tar FOR
command
is used
combine multiple files into a single file,NOT
while FOR
still preserving
the complete
NOT
SALE
ORtoDISTRIBUTION
SALE OR
DISTRIBUTION
pathname information. It can be used with several switch options, such as the zcvf switch used in this
example.
• -z: unzip a compressed tar ball
• -c:
create an archive
© Jones & Bartlett
Learning,
LLC
© Jones & Bartlett Learning, LLC
•
-v:
provide
verbose
output
(display
progress)
for FOR
executed
command
NOT FOR SALE OR DISTRIBUTION
NOT
SALE
OR DISTRIBUTION
• -f: force the command even if there are errors
• -C: provide directory as root directory when extracting
Another switch that
be used
with the tar
command isLLC
the –x switch, which extracts
the contents
of the Learning, LL
© can
Jones
& Bartlett
Learning,
© Jones
& Bartlett
tar ball. You will use
this
switch
later
in
the
lab.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
6. When prompted, type P@ssw0rd!, the root password, and press Enter.
uNote:
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password.
The system will return all directories and files as they are backed up. This may take
several minutes. Once the backup process is complete, the system will create a new
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
179
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
compressed
file
named
yourname.tar.gz
containing
the contents
of the /etc and the /var
NOT
FOR SALE
OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
directories.
7. At the command prompt, type su -c ' openssl des3 -salt -in yourname.tar.gz -out
yourname.tar.gz.des3 ' and press Enter to encrypt the file.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR
SALE
OR DISTRIBUTION
8. When prompted,
type
P@ssw0rd!,
the root password, and press Enter.
uNote:
You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this
lab,
please use
the CAPSLearning,
LOCK buttonLLC
or the On-Screen Keyboard©toJones
input the&password.
© Jones
& Bartlett
Bartlett Learning, LLC
To
finalize
the
encryption
process,
the
system
will
prompt
you
for
an
encryption
thatDISTRIBUTION
will be
NOT FOR SALE OR DISTRIBUTION
NOT FOR password
SALE OR
required to decrypt the file later. In the virtual lab, you use simple, easy to remember, passwords, but in a
real-world situation you would want to choose a more complex password to encrypt your backup files.
9. When
prompted
password,
type mypassword
© Jones & Bartlett
Learning,
LLCto enter a des-ede3-cbc
© encryption
Jones & Bartlett
Learning,
LLC and
press
Enter.
NOT FOR SALE OR
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
10. When prompted to verify the des-ede3-cbc encryption password, type mypassword and
press Enter.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
Figure 4 Create a password for the des3 encrypted file
© Jones
& Bartlett
Learning,
LLC
Jones
Bartlett
Learning,
11. At the
command
prompt, type
ls yourname.tar.gz.des3©and
press&Enter
to verify
that theLLC
NOT FOR
SALE
OR
DISTRIBUTION
NOT
FOR
SALE
OR
DISTRIBUTION
new encrypted file has been created.
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
180 | Lab #10 Defining Linux OS and Application Backup and Recovery Procedures
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
uNote:
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
The system will return the yourname.tar.gz.des3 filename. If the system returns a No such file or directory
message, confirm your spelling in step 11, or repeat steps 7-11 to ensure that the file is created correctly.
12. At the prompt,
type&rm
-f yourname.tar.gz
press Enter to delete (remove)
© Jones
Bartlett
Learning,and
LLC
© Jonesthe
& original
Bartlett Learning, LL
unencrypted
compressed
backup
file.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
13. Make a screen capture of the terminal window showing the string of commands for the
encryption process and paste it into the Lab Report file.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Part
Restore
a Deleted
File using an Encrypted Backup
NOT2:FOR
SALE
OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
uNote:
In the next steps, you will simulate a scenario in which a required file is deleted. First, you will “delete”
the file, then you will decrypt the backup copy of that file using the provided password and use that copy
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
to restore the “deleted” file. Throughout this process, you will be track the time it takes to restore the file.
NOT FOR SALE
OR
DISTRIBUTION
SALEtime
ORobjective
DISTRIBUTION
In other words, you will be recording the recoveryNOT
time. FOR
The recovery
(RTO), the
timeframe within which an essential business process or file must be restored after a disaster, is an
important measurement for IT support professionals.
© Jonesprompt,
& Bartlett
Learning,
LLC
Jones
Bartlett
Learning, LL
1. At the command
type su
-c ' mv /etc/mail/sendmail.mc
/tmp ' ©
and
press &
Enter
to
NOT
FOR
SALE
OR
DISTRIBUT
NOT
FOR
SALE
OR
DISTRIBUTION
move the sendmail.mc file into the /tmp directory simulating a deleted sendmail
configuration file.
2. When prompted, type P@ssw0rd!, the root password, and press Enter.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
uNote:
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this
lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password.
3. In the Lab Report file, record the time you started this set of steps.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR
DISTRIBUTION
NOT system
FOR SALE
DISTRIBUTION
Record
the time using the Linux machine’s
clock OR
which
is displayed in the upperright corner of the remote Linux desktop.
4. At the command prompt, type su -c ' openssl des3 -d -salt -in yourname.tar.gz.des3 -out
yourname.tar.gz
', replacing
yourname
withLLC
your own name in both instances,
press Learning, LL
© Jones
& Bartlett
Learning,
© Jonesand
& Bartlett
Enter to NOT
decrypt
the
backup
file.
NOT FOR SALE OR DISTRIBUT
FOR SALE OR DISTRIBUTION
5. When prompted, type P@ssw0rd!, the root password, and press Enter.
uNote:
© Jones
& Bartlett
© Jones
& Receiver
BartletttoLearning,
You
are required
to enterLearning,
a mixed-caseLLC
password. If you are not using
the Citrix
access this LLC
NOT
FOR
SALE
OR
DISTRIBUTION
NOT
FOR
SALE
OR
lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password. DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
181
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
6.
When
prompted
for
the
des-ede3-cbc
decryption
type
mypassword, the
NOT FORpassword,
SALE OR
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
encryption password for this file, and press Enter.
The decryption process will take several minutes. Do not touch any keys until the
command prompt returns.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
7. At the command
prompt,
-c ' tar zxvf yourname.tar.gz -C / etc/mail/sendmail.mc
NOT FOR SALE' OR DISTRIBUT
NOT FOR
SALEtype
ORsuDISTRIBUTION
and press Enter to restore the sendmail configuration file from the backup file to its
appropriate location.
8. When prompted, type P@ssw0rd!, the root password, and press Enter.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT
FOR
SALE
OR
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
uNote:
You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this
lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password.
© Jones & Bartlett
Learning,
LLCprompt, type ls /etc/mail/sendmail.mc
© Jones & Bartlett
Learning,
9. At
the command
and press
Enter toLLC
verify that the
NOT FOR SALE OR
DISTRIBUTION
NOT
FOR
SALE
OR
DISTRIBUTION
sendmail.mc file has been restored.
uNote:
The system will return the sendmail.mc filename. If the system returns a No such file or directory message,
confirm your spelling
in step 9&orBartlett
repeat steps
4-9 to ensure
© Jones
Learning,
LLCthat the file is created. © Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Figure 5 Restore the sendmail.mc data file
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
182 | Lab #10 Defining Linux OS and Application Backup and Recovery Procedures
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
10.
Make
a
screen
capture
of
the
terminal
window
showing
results
of the ls
NOT FOR
SALEthe
OR
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
/etc/mail/sendmail.mc command and paste it into the Lab Report file.
11. In the Lab Report file, record the time you completed this set of steps.
Record the
time using
the Linux
machine’sLLC
system clock which is displayed
upper- Learning, LL
© Jones
& Bartlett
Learning,
© Jonesin&the
Bartlett
right corner
the remote
desktop.
NOT FOR SALE OR DISTRIBUT
NOTofFOR
SALELinux
OR DISTRIBUTION
12. In the Lab Report file, record the RTO (RTO=stop time minus start time) for the recovery
of the sendmail.mc file.
© Jones & Bartlett Learning, LLC
uNote:
© Jones & Bartlett Learning, LLC
NOT
FOR
SALE
OR
DISTRIBUTION
NOT
SALE
DISTRIBUTION
The recovery time objective (RTO) for an organization can be adjusted
forFOR
mission
criticalOR
applications
by
giving priority to stored backups of systems, applications, and data files in order to meet company-specific
goals for the RTO. The automation of recovery steps from backup data files can also help achieve a
desired RTO.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Part 3: Restore a Deleted File using the Process ID (PID)
uNote:
©you
Jones
& Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LL
In the next steps,
will restore
a deleted
file that was
not captured in a backup data
file. The&system
NOT
FOR
SALE
NOT
FOR
SALE
OR
DISTRIBUTION
will hold deleted files in memory for a period of time with a process ID number (PID). As long as the file OR DISTRIBUT
is still being referenced by the less command, you can restore it.
First, you will create a new file (hacked.sh) that is not a part of the yourname.tar.gz backup and then
©you
Jones
& Bartlett
LLC
Jones
& Bartlett Learning, LLC
will delete
it. Finally,Learning,
you will restore
the deleted file using the©/proc
command.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
1. At the command prompt, type vi hacked.sh and press Enter to open a new file called
hacked.sh in the VI Editor.
2. Press
the i key
to enter the Insert mode.
© Jones & Bartlett
Learning,
LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE3.OR
DISTRIBUTION
NOTline
FOR
SALE
OR type
DISTRIBUTION
Use
the arrow keys to locate the first blank
in the
file and
You have been hacked!.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
183
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 6 Create a new hacked.sh file
© Jones & Bartlett Learning, LLC
FOR
DISTRIBUTION
4. Press theNOT
Esc key
toSALE
exit theOR
Insert
mode.
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
5. Type :wq! and press Enter to save your changes and exit the vi Editor.
6. At the command prompt, type less hacked.sh and press Enter to view the contents of the
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
hacked.sh file you just created.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
7. Make a screen capture showing your contents of the hacked.sh file and paste it into the
Lab Report File.
8. Press
the CTRL+Z
screen.
© Jones & Bartlett
Learning,
LLC keys to exit the less ©
Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
uNote:
The CTRL+Z key pair puts the less hacked.sh session in a suspended state, which means that the process
still exists, as opposed to existing the session outright.
© Jonesprompt,
& Bartlett
Learning,
LLC
© Jones
& Bartlett
9. At the command
type rm
-f hacked.sh
and press Enter to delete
the hacked.sh
file. Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
10. At the command prompt, type /usr/sbin/lsof | grep hacked and press Enter to verify that
the file is still being referenced by the less command, and obtain the process ID (PID).
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
184 | Lab #10 Defining Linux OS and Application Backup and Recovery Procedures
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
uNote:
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
The lsof command is used to list (ls) open files (of) on the system, along with the processes that are
opening the files. The result of this step shows that the hacked.sh file is still opened by the less process
despite the file having been deleted from the filesystem. Until the less process releases its hold on the
hacked.sh file, the©file
still exists,
even though
it is no longer
PID is &
a numeric
Jones
& Bartlett
Learning,
LLC on the filesystem itself.©The
Jones
Bartlett Learning, LL
reference numberNOT
for theFOR
file. InSALE
this figure,
the
PID
is
2642.
Your
number
may
be
different.
NOT FOR SALE OR DISTRIBUT
OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
NOTfile
FOR SALE OR DISTRIBUTION
Figure 7 Find the PID for the hacked.sh
11. Make a screen capture showing the process ID and paste it into the Lab Report File.
12. At
the command
PIDLearning,
with the process
© Jones & Bartlett
Learning,
LLCprompt, type cd /proc/PID/fd/,
© Jonesreplacing
& Bartlett
LLC ID you
documented
in
step
11,
and
press
Enter
to
find
the
file
in
the
system
memory.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
uNote:
A virtual filesystem, /proc doesn’t contain actual files, but instead contains runtime system information such
as system memory, devices mounted, and hardware configuration. Thus, this pseudo-filesystem can be
© Jones
& Bartlett
Learning,
LLC
© Jones
& has
Bartlett
regarded as a control
and information
center
for the Linux
kernel. Therefore, even though
the file
been Learning, LL
NOTa FOR
SALE
NOT FOR
SALE
OR DISTRIBUTION
deleted the file remains
in the /proc
directory
as long as the file is still being used. When
file in Linux
is OR DISTRIBUT
deleted, it is “unlinked.” The inode contains the files data, and the inode is still there as long as the file is
still being used.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
185
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
13.
At
the
command
prompt,
type
ls
-ls
and
press
Enter
to locate
file descriptor associated
NOT
FOR
SALE
ORthe
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
with the deleted file.
Though several file descriptors may be returned, the correct descriptor will reference the
previous location of the deleted file (/home/student/hacked.sh). In the following figure,
© Jones for
& Bartlett
Learning,
© Jones & Bartlett Learning, LL
the file descriptor
the deleted
file is 4. LLC
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Figure 8 Find the file descriptor for the hacked.sh
fileSALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
NOT FOR
14. In the Lab Report file, record the file descriptor for the hacked.sh file.
15. At the command prompt, type cp descriptor /home/student/hacked.recovered, replacing
the file descriptor you ©
recorded
14, and
press Enter
to recover the
© Jones & Bartlettdescriptor
Learning,with
LLC
Jones in
& step
Bartlett
Learning,
LLC
file
by
copying
the
file
descriptor
to
the
hard
drive.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
16. At the command prompt, type cat /home/student/hacked.recovered and press Enter to
view the contents of the recovered file.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
186 | Lab #10 Defining Linux OS and Application Backup and Recovery Procedures
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Figure 9 Recover the hacked.sh file
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT
FORthe
SALE
NOT
FOR
SALE
OR
DISTRIBUTION
17. Make a screen capture showing the results of the file recovery and paste
it into
Lab OR DISTRIBUT
Report file.
18. Close the remote Linux connection.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
19. Close the virtual lab, or proceed with Part 4 to answer the challenge question for this lab.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
187
© Jones & Bartlett Learning, LLC
Part OR
4: Challenge
Question
NOT FOR SALE
DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
uNote:
The following challenge question is provided to allow independent, unguided work, similar to what you will
encounter in a real
You
should aim
to improveLLC
your skills by getting the correct
answer&inBartlett
as few Learning, LL
©situation.
Jones &
Bartlett
Learning,
© Jones
steps as possible. Use screen captures in your lab document where possible to illustrate your answers.
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
1. In Part 2, Step 4 of this lab you used the openssl command with the -salt option while
encrypting the backup file. Why is the -salt option used?
© Jones
Bartlett
Learning,
& Bartlett
The &
-salt
option should
alwaysLLC
be used if the encryption key©isJones
being derived
from aLearning,
password. LLC
NOT FOR
SALE
ORoption,
DISTRIBUTION
NOT FOR
SALE
DISTRIBUTION
Without
the -salt
it is possible to perform efficient dictionary
attacks
on theOR
password
and to
attack stream cipher encrypted data. Without the -salt option, the same password always
generates the same encryption key; with the option, a random key is generated when encrypting
the file.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
If the
same password generates the sameNOT
encryption
then OR
it is possible
for an attacker to use
NOT FOR SALE OR
DISTRIBUTION
FORkey,
SALE
DISTRIBUTION
a rainbow table. A rainbow table is a pre-compiled list of hashes derived from a set of dictionarybased inputs. By comparing the encryption key against the rainbow table, the attacker may be
more likely to determine what the original password is.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
uNote:
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
This completes the lab. Close the virtual lab, if you have not already done so.
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
188 | Lab #10 Defining Linux OS and Application Backup and Recovery Procedures
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Evaluation
Criteria
and
Rubrics
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
The following are the evaluation criteria for this lab that students must perform:
1. Ensure Linux OS, application, and data availability with documented backup and
Jones & –Bartlett
© Jones & Bartlett Learning, LL
recovery©procedures
[20%] Learning, LLC
NOT
FOR SALE
NOT
FOR
SALE
OR
DISTRIBUTION
2. Configure and perform backups within the Linux operating system as
an automated
andOR DISTRIBUT
stable way of enhancing backup and recovery procedures and maximizing system
availability – [20 %]
3. Encrypt
backupsLearning,
in the Linux
operating system as they
being&performed
and for
© Jones
& Bartlett
LLC
© are
Jones
Bartlett Learning,
LLC
securing
dataOR
backups
and storage – [20%]
NOT FOR
SALE
DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
4. Restore encrypted backups for full recovery of the Linux OS as per defined recovery time
objectives (RTO) – [20%]
5. Backup and restore deleted files using /proc in Linux so that an entire system does not
© Jones & Bartletthave
Learning,
LLC in the instance of a©deleted
Jonesor&corrupted
Bartlettfile
Learning,
to be restored
– [20%] LLC
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
189
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
Lab
#10
–
Assessment
Worksheet
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Defining Linux OS and Application Backup and Recovery Procedures
Course Name and Number: _____________________________________________________
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT
FOR
SALE
OR
DISTRIBUTION
Student Name: ________________________________________________________________
Instructor Name: ______________________________________________________________
© Jones
& Bartlett
Learning, LLC
© Jones & Bartlett Learning, LLC
Lab
Due Date:
________________________________________________________________
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Overview
In this lab, you maximized availability and defined a recovery time objective (RTO) for data file
backupsLearning,
and recovery
on a production CentOS©Linux
server.
You secured
a data LLC
file backup
© Jones & Bartlett
LLC
Jones
& Bartlett
Learning,
usingOR
OpenSSL
encryption and restored the data
fileFOR
fromSALE
the encrypted
backup. You also
NOT FOR SALE
DISTRIBUTION
NOT
OR DISTRIBUTION
recovered a deleted file using the /proc recovery function.
Lab Assessment Questions & Answers
© Jones & Bartlett Learning, LLC
1. Why is encrypting
already
file necessary?
NOT FORan
SALE
ORcompressed
DISTRIBUTION
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
Introduction. Encryption and compression are two different things. Compression is the process of
encoding data to use fewer bits, thus making it smaller. Compressed data by itself, however, is not
considered secure. Encryption converts the data into ciphertext, making it unreadable without a key
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
or passphrase.
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
2. Why is it best practice to encrypt backups?
Introduction. Compromised backups are one of the primary ways of stealing corporate data.
may LLC
contain all of the information,©including
customer
and company
© Jones & BartlettBackups
Learning,
Jones private
& Bartlett
Learning,
LLCconfidential
data
in
an
organization.
Regular
backups
should
be
part
of
the
disaster
recovery
process and a
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
defense-in-depth strategy. Encrypting backups should be as expected as encrypting
communications on the network. Encryption helps to secure data so unauthorized entities can’t
read or access it.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Copyright © 2014
by Jones & Bartlett
Learning, LLC, an Ascend Learning Company.
All rights&
reserved.
© Jones & Bartlett
Learning,
LLC
© Jones
Bartlett Learning, LLC
www.jblearning.com
Instructor Lab Manual
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.
190 | Lab #10 Defining Linux OS and Application Backup and Recovery Procedures
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
3.
Why
is
performing
messaging,
such
as
e-mails,
in SALE
an encrypted
fashion recommended as
NOT
FOR
OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
part of a secure communications strategy? Explain.
Introduction. E-mails, like backups, if not encrypted, could contain huge amounts of potentially
sensitive information and thus should be secured both in transit and at rest on the server. If e-mails
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
aren’t encrypted, it becomes much easier for intruders to sniff traffic for e-mails and reconstruct all
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
of the captured plaintext information.
4. Explain
each ofLearning,
the switchesLLC
used in the following command:
fwbsl.tar.gz
© Jones
& Bartlett
© Jonestar&zxvf
Bartlett
Learning, LLC
etc/mail/sendmail.mc
-C
/
etc/mail
NOT FOR SALE OR DISTRIBUTION
NOT FOR SALE OR DISTRIBUTION
Note following Part 1, Step 5.
• -z: Unzips a compressed tarball
• -x:LLC
Extracts the contents of a tarball
© Jones & Bartlett Learning,
© Jones & Bartlett Learning, LLC
• -v: Provides verbose output toNOT
a tarball
command
being executed
NOT FOR SALE OR DISTRIBUTION
FOR
SALEthat
ORisDISTRIBUTION
• -f: Force the command even if there are errors
• -C: Use provided directory as root directory when extracting
5. How is it possible to recover a deleted file from the pseudo filesystem /proc?
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
NOT
FOR
NOT
FOR
SALE
OR
DISTRIBUTION
Note following Part 3, Step 12. A virtual filesystem, /proc doesn’t contain actual
files,
but SALE
instead OR DISTRIBUT
contains runtime system information such as system memory, devices mounted, and hardware
configuration. Thus, this pseudo-filesystem can be regarded as a control and information center for
the Linux kernel. Therefore, even though the file has been deleted the file remains in the /proc
© Jones
& Bartlett
LLC
Jones
& Bartlett
Learning,
directory
as long Learning,
as the file is still
being used. When a file in©Linux
is deleted,
it is “unlinked.”
TheLLC
inodeSALE
containsOR
the DISTRIBUTION
files data, and the inode is still there as NOT
long asFOR
the file
is still OR
beingDISTRIBUTION
used.
NOT FOR
SALE
6. If the recovery time objective (RTO) was unacceptable to your organization’s business
continuity plan, what could you do to ensure that you achieve the desired RTO for data
files, applications, or systems?
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR
DISTRIBUTION
NOT
SALE
ORforDISTRIBUTION
Note
following Part 2, Step 12. The recovery
timeFOR
objective
(RTO)
an organization can be
adjusted for mission-critical applications by giving priority to stored backups of systems,
applications, and data files in order to meet company-specific goals for the RTO. The automation of
recovery steps from backup data files can also help achieve a desired RTO.
© Jones & Bartlett Learning, LLC
© Jones & Bartlett Learning, LL
7. What descriptor
did
you
record
in
Part
3,
Step
14
of
this
lab?
NOT FOR SALE OR DISTRIBUT
NOT FOR SALE OR DISTRIBUTION
Part 3, Step 14 (Number actually used in step 15). (Answers will be unique to each student.)
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.