JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION LABORATORY MANUAL TO ACCOMPANY Security Strategies in Linux Platforms and Applications © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION INSTRUCTOR EDITION © Jones & Bartlett Learning, LLC VERSION 2.0 NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. World Headquarters Jones & Bartlett Learning © Jones & Bartlett Learning, LLC 5 Wall Street Burlington, MA 01803 NOT FOR SALE OR DISTRIBUTION 978-443-5000 info@jblearning.com www.jblearning.com © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Jones & Bartlett Learning books&and productsLearning, are available through booksellers. © Jones Bartlett LLC most bookstores and online © Jones & Bartlett Learning, LL To contact Jones &NOT BartlettFOR Learning directly, call 800-832-0034, fax 978-443-8000, or visit our website, NOT FOR SALE OR DISTRIBUT SALE OR DISTRIBUTION www.jblearning.com. Substantial discounts on bulk quantities of Jones & Bartlett Learning publications are available to corporations, professional associations, and other qualified organizations. For details and specific discount information, contact the special sales department at Jones & Bartlett Learning via the above contact information or send an email to © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC specialsales@jblearning.com. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Copyright © 2016 by Jones & Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. No part of the material protected by this copyright may be reproduced or utilized in any form, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the copyright owner. © Jones & Bartlett Learning, LLC Bartlett Learning, LLC © Jones & NOT FOR SALE OR DISTRIBUTION NOT FOR SALE of OR The content, statements, views, and opinions herein are the sole expression theDISTRIBUTION respective authors and not that of Jones & Bartlett Learning, LLC. Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not constitute or imply its endorsement or recommendation by Jones & Bartlett Learning, LLC and such reference shall not be used for advertising or product endorsement purposes. All trademarks displayed are the trademarks of the parties noted herein. Security Strategies in Linux © Jones Bartlett LLC ©authorized, Jones &sponsored, Bartlett Learning, LL Platforms and Applications Lab& Manual 2.0 is Learning, an independent publication and has not been NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION or otherwise approved by the owners of the trademarks or service marks referenced in this product. There may be images in this book that feature models; these models do not necessarily endorse, represent, or participate in the activities represented in the images. Any screenshots in this product are for educational and instructive purposes only. Any individuals and scenarios featured in the case studies throughout this product may be or fictitious, but areLearning, used for instructional © real Jones & Bartlett LLC purposes only. © Jones & Bartlett Learning, LLC NOT FOR SALE ORtoDISTRIBUTION NOT inFOR SALE OR DISTRIBUTION This publication is designed provide accurate and authoritative information regard to the Subject Matter covered. It is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional service. If legal advice or other expert assistance is required, the service of a competent professional person should be sought. Production Credits © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Chief Executive Officer: Ty Field © Jones & Bartlett Learning, LLC NOT Director FOR SALE OR DISTRIBUTION of Marketing: Alisha Weisman President: James Homer Senior Marketing Manager: Andrea DeFronzo Chief Product Officer: Eduardo Moura VP, Manufacturing and Inventory Control: Therese Connell SVP, Curriculum Solutions: Christopher Will Manufacturing and Inventory Control Supervisor: Amy Bacus Author: vLab Solutions, LLC, David Kim, President © Jones & Bartlett Learning, LLC Composition: vLab Solutions,© LLCJones & Bartlett Learning, LL Editorial Management: High Stakes Writing, LLC, NOTEditor FORand SALE OR DISTRIBUTION Lawrence J. Goodrich, Publisher Cover Design: Scott Moden NOT FOR SALE OR DISTRIBUT Product Manager, Custom and Curriculum Solutions: Manager of Photo Research, Rights & Permissions: Rainna Erikson Lauren Miller Product Management Assistant: Ned Hinman Cover Image: © ErickN/ShutterStock, Inc. Associate Production Editor: Kristen Rogers © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION ISBN: 978-1-284-07490-1 6048 © Jones & Bartlett LLCof America Printed inLearning, the United States NOT FOR SALE OR DISTRIBUTION 18 17 16 15 14 10 9 8 7 6 5 4 3 2 1 © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. iii © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC Contents NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT Lab #1 Installing a Core Linux Operating System on a Server ............................................... 1 ©Introduction Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC ..................................................................................................................................... 1 NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Learning Objectives ......................................................................................................................... 1 Tools and Software .......................................................................................................................... 2 Deliverables ..................................................................................................................................... 3 Hands-­‐On Steps ............................................................................................................................... 4 Evaluation Criteria LLC and Rubrics ...................................................................................................... 22 © Jones & Bartlett Learning, © Jones & Bartlett Learning, LLC Lab # 1 DISTRIBUTION – Assessment Worksheet ................................................................................................... 23 NOT FOR SALE OR NOT FOR SALE OR DISTRIBUTION Lab #2 Configuring Basic Security Controls on a CentOS Linux Server ................................ 25 Introduction ................................................................................................................................... 25 Learning Objectives ....................................................................................................................... 26 © Jones & Bartlett Learning, LLC © Jones & Bartlett Tools and Software ........................................................................................................................ 26 Learning, LL NOT FOR SALE OR NOT FOR SALE OR DISTRIBUTION Deliverables ................................................................................................................................... 27 DISTRIBUT Hands-­‐On Steps ............................................................................................................................. 28 Evaluation Criteria and Rubrics ...................................................................................................... 42 Lab #2 – Assessment Worksheet .................................................................................................... 43 © Jones & BartlettSecurity Learning, © Jones & Bartlett Learning, Lab #3 Hardening with LLC User Account Management and Security Controls ........... LLC 45 NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Introduction ................................................................................................................................... 45 Learning Objectives ....................................................................................................................... 46 Tools and Software ........................................................................................................................ 46 Deliverables ................................................................................................................................... 47 Hands-­‐On Steps ............................................................................................................................. 48 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Evaluation Criteria and Rubrics ...................................................................................................... 62 NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Lab #3 – Assessment Worksheet .................................................................................................... 63 Lab #4 Applying Hardened Linux Filesystem Security Controls .............................................. 65 Introduction ................................................................................................................................... 65 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning Objectives ....................................................................................................................... 66 Learning, LL Tools and Software . ....................................................................................................................... 66 DISTRIBUT NOT FOR SALE OR NOT FOR SALE OR DISTRIBUTION Deliverables ................................................................................................................................... 67 Hands-­‐On Steps ............................................................................................................................. 68 Evaluation Criteria and Rubrics ...................................................................................................... 80 #4 – A orksheet .................................................................................................... 81 © Lab Jones &ssessment Bartlett W Learning, LLC © Jones & Bartlett Learning, LLC NOT SALESOR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Lab #5 FOR Hardening ecurity for Linux Services and Applications .............................................. 83 Introduction ................................................................................................................................... 83 Learning Objectives ....................................................................................................................... 83 Tools and Software ........................................................................................................................ 84 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC CopyrightOR © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. rights reserved. NOT FOR SALE DISTRIBUTION NOT All FOR SALE OR DISTRIBUTION Instructor Lab Manual www.jblearning.com © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. iv © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Deliverables ................................................................................................................................... 85 NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Hands-­‐On Steps ............................................................................................................................. 86 Evaluation Criteria and Rubrics ...................................................................................................... 99 Lab #5 – Assessment Worksheet .................................................................................................. 100 Lab #6 Hardening Security y Controlling Access ................................................................. 102 Learning, LL © Jones &bBartlett Learning, LLC © Jones & Bartlett Introduction ................................................................................................................................. 02 DISTRIBUT NOT FOR SALE1OR NOT FOR SALE OR DISTRIBUTION Learning Objectives ..................................................................................................................... 103 Tools and Software ...................................................................................................................... 103 Deliverables ................................................................................................................................. 104 Hands-­‐On Steps ........................................................................................................................... 105 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Evaluation Criteria and Rubrics .................................................................................................... 117 NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Lab #6 – Assessment Worksheet .................................................................................................. 118 Lab #7 Hardening Security for the Linux Kernel ................................................................... 120 Introduction ................................................................................................................................. 120 Learning Objectives ..................................................................................................................... 121 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Tools a nd S oftware . ..................................................................................................................... 121 NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Deliverables ................................................................................................................................. 122 Hands-­‐On Steps ........................................................................................................................... 123 Evaluation Criteria and Rubrics .................................................................................................... 131 Lab #7 – Assessment Worksheet .................................................................................................. 132 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL Lab #8 Applying Best FOR Practices for OR Secure Software Management ....................................... NOT FOR SALE134 OR DISTRIBUT NOT SALE DISTRIBUTION Introduction ................................................................................................................................. 134 Learning Objectives ..................................................................................................................... 135 Tools and Software ...................................................................................................................... 135 ................................................................................................................................. 136 ©Deliverables Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Hands-­‐On Steps ........................................................................................................................... 137 NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Evaluation Criteria and Rubrics .................................................................................................... 148 Lab #8 – Assessment Worksheet .................................................................................................. 149 Lab #9 Applying Best Practices for Security Logging and Monitoring ................................... 151 Introduction ................................................................................................................................. 151 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Learning Objectives ..................................................................................................................... 152 NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Tools and Software ...................................................................................................................... 152 Deliverables ................................................................................................................................. 153 Hands-­‐On Steps ........................................................................................................................... 154 Evaluation Criteria and Rubrics .................................................................................................... 170 © Jones & Bartlett Learning, LLC © Jones & Bartlett Lab #9 – Assessment Worksheet .................................................................................................. 171 Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION Lab #10 Defining Linux OS and Application Backup and Recovery Procedures ................ 173 Introduction ................................................................................................................................. 173 Learning Objectives ..................................................................................................................... 174 Tools and Software ...................................................................................................................... 174 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Deliverables ................................................................................................................................. 175 NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Hands-­‐On Steps ........................................................................................................................... 176 Evaluation Criteria and Rubrics .................................................................................................... 188 Lab #10 – Assessment Worksheet ................................................................................................ 189 © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. v © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC Acceptable Policy & Usage NOT FOR SALE Use OR DISTRIBUTION © Jones & Bartlett Learning, LL Restrictions NOT FOR SALE OR DISTRIBUT The hardware, software, tools, and applications described and discussed in this lab manual and as © Jonesby&the Bartlett LLCLabs/OnDemand Workbench © Jones(VSCL) & Bartlett Learning, provided VirtualLearning, Security Cloud are intended to beLLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION used to perform the labs and learning activities described in this lab manual. No other use of these resources is authorized or permitted. uWarning: © Jones & Bartlett Learning, © Jones & Bartlett Learning, LLCIf you wish to Downloading softwareLLC or software distribution packages from the VCSL is strictly prohibited. obtainOR a personal copy of an open source softwareNOT tool orFOR demoSALE versionOR of anDISTRIBUTION application, you must obtain NOT FOR SALE DISTRIBUTION it directly from the vendor (developer) or from an authorized Internet downloads Web site. Your subscription to and use of the VSCL is restricted to instructional and/or educational purposes as part©ofJones an academic program of study LLC at an educational institution. No other use is Learning, LL & Bartlett Learning, © Jones & Bartlett authorized. Violations of this restriction will result in termination of your lab access without NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION refund. You are responsible for compliance with all laws governing your access and use of this resource. All applicable federal, state, and local laws govern your access to the VSCL. All information © Joneson&the Bartlett & Bartlett Learning, available VSCL Learning, is subject toLLC U.S. export control laws© toJones the extent applicable and may LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION also be subject to the laws of the country in which you reside. Your use of the hardware, software, tools, and applications provided in the VSCL is subject to your academic institution’s Code of Student Conduct and Acceptable Use Policies for information technology violations of Bartlett the usageLearning, restrictionsLLC for the VSCL © Jones & Bartlett Learning, LLCresources. Suspected © Jones & will be reported to your institution’s Dean of Students or equivalent officer for NOT FOR SALE OR DISTRIBUTION NOT FOR SALE ORacademic DISTRIBUTION investigation and action. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC CopyrightOR © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. rights reserved. Instructor Lab Manual NOT FOR SALE DISTRIBUTION NOT All FOR SALE OR DISTRIBUTION www.jblearning.com © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. vi © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL Ethics Personal Responsibilities NOT FOR SALE OR DISTRIBUT NOT FOR and SALEYour OR DISTRIBUTION The material presented in this course is designed to give you a real-life look at the use of various © Jones & Bartlett Learning, LLC Jones & Bartlett Learning, LLC tools and systems that are at the heart of every cybersecurity © practitioner’s daily responsibilities. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION During this course, you will have access to software and techniques used by professionals to investigate and test the security of critical infrastructures and information technology systems and devices. With this access come certain ethical responsibilities: 1. Do not exceed your authorized level of©access. includesLearning, remaining within © Jones & Bartlett Learning, LLC JonesThis & Bartlett LLC your authorized level of access when using NOT lab provided software to scan or attack NOT FOR SALE OR DISTRIBUTION FOR SALE ORtools DISTRIBUTION computers and software applications as directed within the lab procedures. 2. Do not attempt to use your authorized access for unauthorized purposes either inside or outside of the VSCL environment. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 3. Do not attempt to attack or otherwise compromise the confidentiality, integrity, or availability of any IT systems, services, or infrastructures outside of the VSCL. 4. Comply with your academic institution’s Code of Student Conduct and all other applicable policies and regulations. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION FORthe SALE ORmisuse DISTRIBUTION 5. Comply with applicable federal, state, and local lawsNOT regarding use and of information technology systems and services. 6. Comply with applicable laws regarding intellectual property rights including patents and copyrights. © Jones & Bartletttrademarks Learning,and LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. vii © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC Preface NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT Welcome! This lab manual is your step-by-step guide to completing the laboratory exercises for © Jones Bartlett Learning, LLC to gain valuable hands-on © Jones & Bartlett Learning, LLC this course.&You will have an opportunity experience with NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION professional-grade tools and techniques as you work through the lab activities and answer the lab questions found at the end of each lab. Virtual Security © Jones & Bartlett Learning,Cloud LLC Lab © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE DISTRIBUTION You will use the Virtual Security Cloud Lab (VSCL) resource to OR complete the learning activities in this lab manual. uNote: © Jones & requires BartlettJava, Learning, LLCand a compatible Web browser. © Jones & list Bartlett Learning, LL The Virtual Security Cloud Lab Adobe Flash, The of NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION compatible browsers and required version numbers for Java and Flash is available on the VSCL Web site (http://campus.toolwire.com/b4ubegin/start.asp). The Technical Support Help Desk will not be able to assist you in the use of unsupported Web browsers. If you use an unsupported browser, you may not be able to complete the labs as directed in the lab procedures. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC You willFOR need SALE to download and install the Citrix® ICA Web client before access the VSCL for the first NOT OR DISTRIBUTION NOTyou FOR SALE OR DISTRIBUTION time. This download package is also vailable from the VSCL Web site. The heart of the VSCL is a virtual Workstation desktop (the vWorkstation) configured to give you access to the tools and resources you need for each lab. The VSCL is a collection of virtual © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC resources that includes Windows and Linux servers, Cisco routers, and well-known applications NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR Scanner®. DISTRIBUTION like Wireshark®, FileZilla®, Nessus®, and Zenmap/Nmap Security The use of virtualization enables you to perform all of the tasks in this lab manual as if you were performing them in a live production environment without putting your institution’s assets at risk. This environment is isolated within self-contained © Jones & Bartlett Learning, LLC private network that,©except Jonesfor&the Bartlett Learning, LL browser sessionNOT you use to connect to it, is not connected to the Internet. Some of the lab NOT FOR SALE OR DISTRIBUT FOR SALE OR DISTRIBUTION exercises require the use of the Internet. To successfully complete these steps, you will need to use a workstation with Internet access, such as your local computer. Capabilities are provided within the VSCL which enable transfer of files between systems within © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC this private network. There is also a capability for downloading lab results files from the NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION vWorkstation to student computers. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC CopyrightOR © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. rights reserved. NOT FOR SALE DISTRIBUTION NOT All FOR SALE OR DISTRIBUTION Instructor Lab Manual www.jblearning.com © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. viii © Jones & Bartlett Learning, LLC How OR to Use This Lab Manual NOT FOR SALE DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION This lab manual features step-by-step instructions for completing the following hands-on lab exercises: Lab # 1 2 3 © Jones & Bartlett Learning, LLC Lab Title NOTa FOR OR DISTRIBUTION Installing Core SALE Linux Operating System on a Server © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT Configuring Basic Security Controls on a CentOS Linux Server Hardening Security with User Account Management and Security Controls 4 Hardened LinuxLLC Filesystem Security Controls © JonesApplying & Bartlett Learning, © Jones & Bartlett Learning, LLC 5 Hardening Security for Linux Services and Applications NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 6 Hardening Security by Controlling Access 7 Hardening Security for the Linux Kernel 8 Applying Best Practices for Secure Software Management 9 Applying Best Practices for Security Logging and Monitoring © Jones & Bartlett LLC OS and Application © Jonesand & Bartlett 10 Learning, Defining Linux Backup RecoveryLearning, ProceduresLLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Step-by-Step Instructions For each lab, you are provided with detailed, step-by-step instructions and screen captures © Jones Bartlett © Jones Bartlett Learning, LL showing the results of key&steps withinLearning, the lab. AllLLC actions that you are required to take&are NOT FOR NOTThe FOR SALE OR DISTRIBUTION shown in bold font. screen captures will also help you identify menus, dialog boxes,SALE and OR DISTRIBUT input locations. In each lab, you will perform identical steps, such as opening the virtual lab, logging in to another server, taking screen captures, and transferring files to your local computer. To avoid repeating steps © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC in the lab itself, those common steps have been collected in a separate file, Common Lab Steps.pdf. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION The file is located on the student landing, the vWorkstation desktop. You may use the instructions within the file to download it and refer to it throughout the lab. Web References © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE NOT FOR are SALE ORtoDISTRIBUTION URLsOR forDISTRIBUTION Web resources listed in this laboratory manual subject change without prior notice. These links were last verified on July 20, 2014. Many times, you can find the required resource by using an Internet search engine and a partial URL or keywords. You may also search the Internet Archives (also referred to as the “Wayback Machine”) for a given URL that is no & Bartlett Learning, LLC © Jones & Bartlett Learning, LL longer available©atJones the original Web site (http://www.archive.org). NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. ix © Jones & Bartlett Learning, LLC Technical Support NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION If you need help completing a lab in this manual, contact the Jones Bartlett Learning Help Desk using the information below. Remember to include the name of your institution and reference the course name and number in your ticket details © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION Phone: 1-866-601-4525 Monday-Thursday: 8AM FOR – 10PM Friday: 8AM – 8PM Online: http://www.jblcourses.com/techsupport Saturday: 8AM – 5PM Sunday: 10AM – 11PM (All hours © areJones EST) & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION If you need help outside of these hours, submit an online ticket or leave a message on our tollfree phone line, and someone from the help desk will get back to you as soon as possible. © Jones & Bartlett © Jones & Bartlett Learning, LLC CreditsLearning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Adobe© Reader© is a registered trademark of Adobe Systems Incorporated in the United States and/or other countries. Active Directory©, Excel©, Microsoft©, Windows©, and Windows Server© are registered trademarks of Microsoft Corporation in the United States and/or other countries. Linux© is a registered trademark of Linus Torvalds. Citrix© is a trademark Citrix Learning, LL © Jones & Bartlett Learning, LLC © Jones of & Bartlett Systems, Inc. and/or one or more of its subsidiaries, and may be registered in the United States OR DISTRIBUT NOT FOR SALE NOT FOR SALE OR DISTRIBUTION Patent and Trademark Office and in other countries. FileZilla© is a registered trademark of Tim Kosse. Firefox© is a registered trademark of the Mozilla Foundation. Nessus© is a registered trademark of Tenable Network Security. Nmap Security Scanner© and Zenmap© are either registered trademarks or trademarks of Insecure.com LLC. Wireshark© is a registered trademark © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC of the Wireshark Foundation. pfSense© is a federally registered trademark of Electric Sheep NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Fencing LLC. Debian© is a registered trademark of Software in the Public Interest, Inc. OpenswanTM is an unregistered trademark of Xelerance. Sam Spade© is a copyright of Steve Atkins. PowerBrokerTM is a trademark in the United States and certain other countries of BeyondTrust Software. ClamWin™ is a trademark of ClamWin Pty Ltd. GnuPG© is a copyright © Jones & Bartlett Learning, LLC Jones &Trademark Bartlett Learning, LLC of Free Software Foundation, Inc. Snort® is a©Registered owned by Sourcefire, Inc. TM NOT FOR SALE OR DISTRIBUTION NOT SALE ORisDISTRIBUTION WinHex© is a copyright of Stefan Fleischmann. P2FOR Commander a trademark of Paraben© Corporation. Oracle® is a registered trademark of Oracle Corporation. UNIX® is a registered trademark licensed through X/Open Company, Ltd. 1010. Python© is a copyright of Python Software Foundation. Tripwire is a copyright of Tripwire, Inc. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL All other product names are the property of their respective owners. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC CopyrightOR © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. rights reserved. Instructor Lab Manual NOT FOR SALE DISTRIBUTION NOT All FOR SALE OR DISTRIBUTION www.jblearning.com © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Lab #1 Installing a Core Linux Operating System on a Server © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Introduction © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT Network security best practice mandates that Windows systems and Linux systems be installed on a secure network subnet and updated (patched) using trusted sources. Only the minimum © Jones & Bartlett LLC Jones & Bartlett Learning, LLC services required shouldLearning, be installed, and unneeded services © should be disabled. While this NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION axiom remains true, it can be very difficult to find the right balance between a functional system and a secure system. On UNIX and Linux systems, program dependencies can make it very hard for new administrators to find this balance. Many administrators install GUI-driven servers with © Jones & Bartlett Learning, LLC © Jones &simply Bartlett Learning, LLC standard services (SMTP, HTTP, DNS, X-Window, etc.) and put their faith in the firewall NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION to keep attackers out. The foundation of host-based security starts with the installation of the operating system (OS). Contrary to popular opinion, there is no such thing as a secure operating system, but in this lab, © Jones & Bartlett LLC system in a secure©manner. JonesYou & Bartlett Learning, LL you will learn how to install the LinuxLearning, CentOS operating will NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION create a new virtual machine, partition the hard drive, and install the Linux operating system. You also will create a non-root user account and verify that key services are (or are not) running. This lab has four parts, which should be completed in the order specified. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 1. In the first part of the lab, you will create a virtual machine and attach installation media. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 2. In the second part of this lab, you will begin the Linux operating system installation and partition a virtual hard drive. 3. In the third part the&Linux OS installation, and then © Jones & Bartlett Learning, LLCof this lab, you will complete © Jones Bartlett Learning, LLC complete a number of post installation steps on a system that is already installed. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 4. Finally, if assigned by your instructor, you will answer a set of challenge questions that allow you to use the skills you learned in the lab to conduct independent, unguided work, similar to what you will encounter in a real-world situation. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION Learning Objectives Upon completing this lab, you will be able to: • Create a virtualLearning, machine and mount an installation ISO file © Jones & Bartlett LLC © Jones & Bartlett Learning, LLC • FOR Partition a Linux hard disk for security hardening, performance, application support NOT SALE OR DISTRIBUTION NOT FOR and SALE OR DISTRIBUTION • Install Linux in the most secure manner Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual 1 NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 2 | Lab #1 Installing a Core Linux Operating System on a Server © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC • Create a non-privileged user account for system access as a secure NOT FORadministration SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION alternative to logging in as a root user Tools and Software © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL The following software and/or utilities required to complete this lab. Students are encouraged NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR are DISTRIBUTION to explore the Internet to learn more about the products and tools used in this lab. • Oracle VM Virtual Box • CentOS Linux © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 3 © Jones & Bartlett Learning, LLC Deliverables NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Upon completion of this lab, you are required to provide the following deliverables to your instructor: © Jones & Bartlett Learning, LLC & Bartlett 1. Lab Report file including screen captures of the following steps: Part©1,Jones Steps 13 and 26; Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION Part 2, Steps 14 and 42; Part 3, Step 26; 2. Lab Assessments file; 3. Optional: Challenge Questions file, if assigned by your instructor. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC CopyrightOR © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. rights reserved. NOT FOR SALE DISTRIBUTION NOT All FOR SALE OR DISTRIBUTION Instructor Lab Manual www.jblearning.com © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 4 | Lab #1 Installing a Core Linux Operating System on a Server © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC Hands-On Steps NOT FOR SALE OR DISTRIBUTION uNote: This lab contains detailed lab procedures, which you should follow as written. Frequently performed tasks are explained in the Common&Lab Tasks document on the vWorkstation desktop. You should review these Learning, LL © Jones Bartlett Learning, LLC © Jones & Bartlett tasks before starting the lab. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 1. From the vWorkstation desktop, open the Common Lab Tasks file. If you desire, use the File Transfer button to transfer the file to your local computer and © Jones LLC © Jones & Bartlett Learning, LLC print&aBartlett copy for Learning, your reference. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 1 “Student Landing” vWorkstation © Jones & Bartlett Learning, Jones &files. Bartlett Learning, LLC 2. On your localLLC computer, create the lab©deliverable NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 3. Review the Lab Assessment Worksheet at the end of this lab. You will find answers to these questions as you proceed through the lab steps. Jones Machine & Bartlett Learning, LLC Part 1: Create © a Virtual uNote: NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT In the next steps, you will use the Oracle VM VirtualBox Manager console to create a new virtual machine. 1. Double-click theLearning, RDP FolderLLC on the vWorkstation desktop. © Jones & Bartlett © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 2. Double-click the TargetWindows01 file to connect to the remote server. The remote desktop opens with the IP address of the remote machine (172.30.0.23) in the title bar at the top of the window. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 5 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 3. On the TargetWindows01 desktop, double-click OracleOR VMDISTRIBUTION VirtualBox icon to open the NOT FORtheSALE NOT FOR SALE OR DISTRIBUTION Oracle VM VirtualBox hypervisor. The left pane of the new window indicates that there is already a completed installation. You will use that image in another part of this lab. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT Figure 2 Oracle VM VirtualBox 4. From the Oracle VM VirtualBox Manager toolbar, click the New icon to begin the process © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC of creating a new virtual machine. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 5. In the Create Virtual Machine Wizard, in the Name and operating system window, type yourname, replacing yourname with your own name, in the Name text box. 6. From the Type drop-down list, select Linux. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE7.OR DISTRIBUTION NOT FOR SALE ORand DISTRIBUTION From the Version drop-down list, select Other Linux (32 bit) click Next to continue. 8. On the Memory size page, slide the memory handle to 1024 MB and click Next. 9. In the Hard drive page, accept the default (Create a virtual hard drive now) and click Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL Create to©continue. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 10. On the Hard drive file type page, accept the default VDI (VirtualBox Disk Image) and click Next to continue. 11. On & theBartlett Storage Learning, on physical LLC hard drive page, accept the allocated) LLC © Jones © default Jones (Dynamically & Bartlett Learning, and click Next to continue. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 12. On the File location and size page, type 20GB in the hard drive size box and click Create to specify a size. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC CopyrightOR © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. rights reserved. NOT FOR SALE DISTRIBUTION NOT All FOR SALE OR DISTRIBUTION Instructor Lab Manual www.jblearning.com © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 6 | Lab #1 Installing a Core Linux Operating System on a Server © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC The new virtual machine appears in the left pane the Oracle VM VirtualBox Manager NOT FORof SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION console in a powered-off state. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 3 New virtual © Jones & Bartlett Learning, LLCmachine © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 13. Make a screen capture showing the new virtual machine and paste it into the Lab Report file. 14. In the Oracle VM VirtualBox Manager console, click the Settings icon to configure the © Jones Bartlett Learning, LLC © Jones & Bartlett Learning, LLC new&machine. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 15. In the yourname Settings window, click Storage in the left pane. 16. In the Storage Tree pane, click the Empty CD icon (in the Controller: IDE tree). © Jones & Bartlett Learning, LLCpane, click the CD icon © to Jones & the Bartlett Learning, LLC 17. In the Attributes expand drop-down list, and select Choose NOT FOR SALE OR DISTRIBUTION SALE a virtual CD/DVD disk file to add an ISONOT to theFOR virtual CD. OR DISTRIBUTION An ISO file, also called an ISO image, is a single file that contains all of the files or folders necessary for installation. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 7 © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Figure 4 Choose a virtual CD 18. In the Please choose a virtual optical disk file dialog box, click the Desktop icon, click the CentOS-6.5-i366-bin-DVD1.iso file, and click Open to identify the location of the ISO file. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 5 Add an ISO to the virtual CD 19. In the Settings window, click System in theLLC left pane. © Jones & Bartlett Learning, NOT FOR SALE OR DISTRIBUTION 20. Click the Processor tab to continue. © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT 21. Click the Enable PAE/NX checkbox to enable the physical address extension (PAE). © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC CopyrightOR © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. rights reserved. NOT FOR SALE DISTRIBUTION NOT All FOR SALE OR DISTRIBUTION Instructor Lab Manual www.jblearning.com © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 8 | Lab #1 Installing a Core Linux Operating System on a Server © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 6©Enable © Jones & Bartlett Learning, LLC JonesPAE & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 22. In the Settings window, click Network in the left pane. 23. In the Attached to drop-down list, select Bridged Adapter to allow the new virtual machine full access to the network. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION FigureLearning, 7 Network adapter © Jones & Bartlett LLC settings NOT FOR SALE OR DISTRIBUTION 24. Click OK to close the Settings window. © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT 25. From the Oracle VM VirtualBox Manager toolbar, click the Start icon to turn on the new virtual machine. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC The new machine will open in a new window and theNOT statusFOR in the left pane the Oracle NOT FOR SALE OR DISTRIBUTION SALE OR of DISTRIBUTION VM VirtualBox Manager console will change to Running. 26. Make a screen capture showing the status of the new virtual machine and paste it into the Lab Report file. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 9 © Jones & Bartlett Learning, LLC Part OR 2: Partition the Virtual Drive NOT FOR SALE DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION uNote: In the next steps, you will begin the installation process of the CentOS operating system on the virtual server you created in Part 1&ofBartlett this lab. You also will partition © Jones Learning, LLC the virtual hard drive.© Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 1. When prompted, click the blue x icon to acknowledge that the auto capture is running. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Figure 8 Starting the Linux Install 2. When prompted, click the blue x icon to acknowledge mouse integration. 3. When prompted, for & i386 screen,Learning, press the Tab key to move © Jones & Bartlett Learning, LLCon the Welcome to CentOS © Jones Bartlett LLC theDISTRIBUTION highlight to the Skip button and press spacebar toOR skipDISTRIBUTION the media test. NOT FOR SALE OR NOTtheFOR SALE From this point forward the Anaconda graphical installer will take over. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 9 Welcome screen © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT 4. In the resulting window’s menu, click View and select Switch to Scaled Mode. 5. In the VirtualBox - Information © Jones & Bartlett Learning, LLC dialog box, click Switch. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 6. On the CentOS splash screen, click Next to continue the installation process. 7. On the language selection screen, accept the default selection English (English) and click Next. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC CopyrightOR © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. rights reserved. NOT FOR SALE DISTRIBUTION NOT All FOR SALE OR DISTRIBUTION Instructor Lab Manual www.jblearning.com © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 10 | Lab #1 Installing a Core Linux Operating System on a Server © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 8. On the keyboard layout screen, accept the default U.S. English and click NOT FOR keyboard SALE ORlayout DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Next. 9. On the storage devices screen, accept the default selection Basic Storage Devices and click Next. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL Click theNOT Yes, discard any data to dismiss the Storage Device NOT Warning pop-up. FOR SALE OR DISTRIBUT FOR SALE ORbutton DISTRIBUTION 10. In the hostname screen, type yourname, replacing yourname with your own name (all in lowercase and with no spaces) in the Hostname text box, and click Next. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 10 Set the Hostname 11. In the time zone Angeles the drop-down click the © Jones & Bartlett Learning, LLCpage, select America/Los © Jones & from Bartlett Learning,list, LLC System Clock uses UTC checkbox to deselect it, and click Next. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 12. In the password page, type qw1290op1 in the Root Password box, type qw1290op1 in the Confirm box, and click Next. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL FORonSALE FOR SALE ORThis DISTRIBUTION The root user is NOT the system’s super user. user account has access to any andNOT everything the OR DISTRIBUT uNote: system. Therefore, extreme care should be taken when using this account. 13. On the installation type page, click the Create Custom Layout radio button. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC You SALE will customize this installation. NOT FOR OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 14. Make a screen capture showing the installation types and paste it into your Lab Report file. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 11 © Jones & Bartlett Learning, LLC Click Next to continue. NOT FOR SALE15. OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION 16. In the Please Select A Device page, click the Create button to create a partition. 17. In the Create Storage dialog box, accept the default Standard Partition, and click Create. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL 18. In the Add Partition dialog box, type /boot in the Mount Point box. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 19. In the Size (MB) box, type 500 to change the size of the /boot partition and click OK to continue. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Figure 11 Create a boot partition NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 20. In the Please Select A Device window, click the Create button to create a second partition. 21. In the Create Storage dialog box, accept the default Standard Partition, and click Create. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 22. In the Add Partition window, select swap from theSALE Filesystem Type drop-down list. NOT FOR SALE OR DISTRIBUTION NOT FOR OR DISTRIBUTION 23. In the Size (MB) box, type 4000 to change the size of the swap partition and click OK to continue. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC CopyrightOR © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. rights reserved. NOT FOR SALE DISTRIBUTION NOT All FOR SALE OR DISTRIBUTION Instructor Lab Manual www.jblearning.com © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 12 | Lab #1 Installing a Core Linux Operating System on a Server © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 12 Create a swap partition uNote: Linux has two forms of swap space: the swap partition and the swap file. The swap partition is an © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL independent section of the hard disk used solely for swapping; no other files can reside there. The swap SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION file is a special file in the filesystem that resides among your system and data files.NOT As anFOR independent partition, swap space can be dedicated and improves performance when swapping data from one disk or partition to another. © Jones is&necessary Bartlett for Learning, LLCreasons. First, when the© Jones & Bartlett Learning, Swapping two important system requires more memory than isLLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION physically available, the kernel swaps out less frequently used pages and gives memory to the current application (or process) that needs the memory immediately. Second, a significant number of the pages used by an application during its startup phase may only be used for initialization and then never used again. The system can swap out those pages to free up the memory for other applications or even for the diskLearning, cache. © Jones & Bartlett LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION The swap partition in Linux should be partitioned separately from the root (/) partition for performance reasons. 24. In the Please Select&ABartlett Device window, click the Create button to create a new partition. © Jones Learning, LLC © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOTStorage FOR SALE ORclick DISTRIBUTION 25. In the Create window, the LVM Physical Volume radio button and click Create. 26. In the Size (MB) box, type 15000 to change the size of the partition and click OK to continue. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 27. Your new Linux system should have the same partitions (ignore any leftover free space) as in the following figure. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 13 © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Figure 13 Verify existing partitions NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 28. In the Please Select A Device window, click the Create button to create a new partition. 29. In the Create Storage window, click the LVM Volume Group radio button and click Create. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC uNote: NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION LVM creates a logical physical volume and then a logical volume as a group on top of the physical volume. From LVM, several partitions can be created, such as those for /tmp, /home, and /var. If disk space becomes an issue, LVM can allocate more disk space to volumes from other partitions within the LVM without risking disk loss. drives can be added and can immediately become part of Learning, LL © Jones & Additional Bartlett hard Learning, LLC © Jones & Bartlett the LVM as well.NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUT 30. In the Make LVM Volume Group window, type vg_yourname, replacing yourname with your own name (all in lowercase and with no spaces) in the Volume Group Name box, and click Add. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 14 Add logical volumes to a Volume Group © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOTLogical FOR SALE OR DISTRIBUTION 31. In the Make Volume dialog box, type /var in the Mount PointNOT box.FOR SALE OR DISTRIBUT 32. In the Size (MB) box, type 2000 to change the size of the volume and click OK. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC CopyrightOR © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. rights reserved. NOT FOR SALE DISTRIBUTION NOT All FOR SALE OR DISTRIBUTION Instructor Lab Manual www.jblearning.com © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 14 | Lab #1 Installing a Core Linux Operating System on a Server © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 15 Add /var to volume group 33. In the Make LVM Volume Group box, click the Add button to add a new volume. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC InDISTRIBUTION the Make a Logical Volume dialog NOT box, type /tmp in theOR Mount Point box. NOT FOR SALE34. OR FOR SALE DISTRIBUTION 35. In the Size (MB) box, type 2000 to change the size of the volume and click OK. 36. In the Make LVM Volume Group box, click the Add button to add a new volume. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL 37. In the Make Logical Volume box, type /home in the Mount NOT Point FOR box. SALE OR DISTRIBUT NOTa FOR SALE OR dialog DISTRIBUTION 38. In the Size (MB) box, type 2000 to change the size of the volume and click OK. 39. In the Make LVM Volume Group box, click the Add button to add a new volume. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 40.FOR In theSALE Make OR a Logical Volume dialog box, type / in the Mount Point boxOR to add a root NOT DISTRIBUTION NOT FOR SALE DISTRIBUTION drive. 41. In the Size (MB) box, type 8000 to change the size of the volume and click OK to view the completed volumes. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT Figure © Jones & Bartlett Learning, LLC16 Completed volume group © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 42. In the Make LVM Volume Group windows, click OK to return to the Please Select A Device page. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 15 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 43. Make a screen capture showing the completed partition in the Select A Device page NOT FOR SALE ORPlease DISTRIBUTION NOT FOR SALE OR DISTRIBUTION and paste it into the Lab Report file. 44. In the Please Select A Device page, click Next to continue. 45. In the Format Warnings window, click the LLC Format button to dismiss the pop-up.& Bartlett Learning, LL © Jones & Bartlett Learning, © Jones NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 46. In the Writing storage configuration to disk window, click the Write changes to disk button to continue. The virtual hard drive will be formatted and partitioned based on your selection in the © Jones & Bartlett Learning, LLCcan take several (2–5)©minutes. Jones & Bartlett Learning, LLC previous lab parts; this process NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Part 3: Complete the Installation and Configure Linux uNote: © Jones & Bartlett Learning, © Jonesprocess. & Bartlett Learning, LLC In the next steps, youLLC will complete the CentOS installation NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 1. On the boot loader page, click the Use a boot loader password checkbox to select it. 2. When prompted, type qw1290op1 to set the boot loader password, type qw1290op1 to confirm © theJones boot loader password, and clickLLC OK. & Bartlett Learning, © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 3. On the boot loader page, click Next to continue. 4. In the default installation screen, click the Minimal radio button, click the Customize now radio button (at the bottom of the screen), and click Next. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC In theSALE next window, you will see software categories NOT (on the left)SALE and software packages NOT FOR OR DISTRIBUTION FOR OR DISTRIBUTION (on the right). Because this is a Minimal installation, all optional packages are unchecked by default. Select each category on the left (one at a time) and make note of which software packages on the right are affected. In a production installation, you would uncheck any packages that are not required for your environment. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION uNote: The Minimal installation option will not include an X-Window system for GUI-driven administration. In other labs, you will be able to connect to the Linux server using an XRDP GUI to make the learning experience more clear; but in a production environment, it is recommended that you not run the X© Jones & Bartlett Learning, LLC adds both overhead©and Jones & Bartlett Learning, LL Window environment because it is not needed, and X-Window an increased FOR SALE OR DISTRIBUT FOR environment, SALE OR DISTRIBUTION security risk. In aNOT production a desktop environment may be helpful inNOT certain situations; however, best practice recommends setting the default runlevel to 3 in this case. Runlevel 3 is a multiuser mode without running X-Window or any GUI services. © Jones & Bartlett Learning, LLC Jones Bartlett Learning, LLC 5. When you are done reviewing the software packages,©verify that&no checkboxes are NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION selected and click Next to start the installation. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC CopyrightOR © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. rights reserved. NOT FOR SALE DISTRIBUTION NOT All FOR SALE OR DISTRIBUTION Instructor Lab Manual www.jblearning.com © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 16 | Lab #1 Installing a Core Linux Operating System on a Server © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 17 Deselect all software packages © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT 6. Close the installation window, without waiting for the installation process to complete. © Jones & Bartlett Learning, LLCthe same starting point, © Jones Bartlett Learning, To ensure that all students have you will&use the existing InstallLLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Complete virtual machine to complete the rest of this lab, so it is not necessary to complete the installation on this machine. 7. When prompted, click the Power off the machine radio button and click OK to stop the process. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Figure 18 Power off the machine 8. In the Oracle VM VirtualBox Manager console, click the Install Complete virtual machine to select it and click the Start icon to open that machine in a new window. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 17 © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 19 Start the Install Complete machine 9. When prompted, click Switch to switch to Scale mode. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC When prompted, click the blue x icon to acknowledge thatOR the DISTRIBUTION auto capture is running. NOT FOR SALE10. OR DISTRIBUTION NOT FOR SALE 11. When prompted, click the blue x icon to acknowledge mouse integration, and wait while the Linux server boots up (approximately 2-5 minutes). © server Jonesis&ready, Bartlett Learning, LLC a prompt that states©installcomplete Jones & Bartlett Learning, LL When the the system will display NOT FOR SALE OR DISTRIBUT login:. NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 20 Boot up the CentOS Linux machine © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT 12. When prompted, type root and press Enter to log in as the root user. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC CopyrightOR © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. rights reserved. NOT FOR SALE DISTRIBUTION NOT All FOR SALE OR DISTRIBUTION Instructor Lab Manual www.jblearning.com © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 18 | Lab #1 Installing a Core Linux Operating System on a Server © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 13. At the password prompt, type qw1290op1 (the same password you used for the new server NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION you created earlier in this lab) and press Enter. The login prompt will change to [root@installcomplete ~]#. At this time, the only user created on the machine is the root user. You will need to add a non-root user and set a ©for Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL password that account. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 14. At the prompt, type adduser student and press Enter to add the student account. 15. At the prompt, type passwd student and press Enter to access the password information for the student account. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION uNote: In Linux operating systems, the /etc/passwd file is a text-based database of information about users who may log into the system or other operating system identities that own running processes. The /etc/passwd file is a text file with one record per line, each describing a user account. Each record consists of seven © Jones & Bartlett Learning, LLCAn example record may©be: Jones & Bartlett Learning, LLC fields separated by colons. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION jsmith:x:1001:1000:Joe Smith,Room 1007,(234)555-8910,(234)555-0044,email:/home/jsmith:/bin/sh The ordering of the records within the file is generally unimportant, but in this example, the second field Jones & Bartlett LLC than using the actual © Jonesin&a Bartlett stores information©used to validate a user’sLearning, password. Rather password location Learning, LL that is so widely known, best practice sets this field to “x” (or some other indicator) as shown in this NOT FOR SALE OR DISTRIBUT NOT FOR SALEusually OR DISTRIBUTION example. The actual password information is stored in a separate shadow password file. A common practice for deactivating an account to prevent it being used is to set the field to an asterisk (*). 16. When promptedLearning, for the newLLC password, type pass=7890 press to change the LLC © Jones & Bartlett © and Jones & Enter Bartlett Learning, password for the student account to pass=7890. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 17. When prompted to confirm the password, type pass=7890 and press Enter. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC Figure 21 Change the student account password NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT 18. At the prompt, type exit and press enter to log off the root account. 19. At the login prompt, type student and press Enter to log in as the student account. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 20.FOR At the password prompt, type pass=7890 and press Enter. NOT SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION You will be logged in as the student user. The login prompt will change to [student@installcomplete ~]$. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 19 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 21. At the prompt, type sudo vi /etc/sysconfig/network-scripts/ifcfg-eth0 and press Enter to NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION configure networking in the vi Editor with the elevated privileges of the sudo command. You will be prompted with a “lecture” reminding you that elevated privilege come with elevated responsibility. Each user is given this lecture the first time they try to use the © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL sudo command. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 22. At the password prompt, type pass=7890 (the password for the student account) and press Enter. The student account has not been added to the sudoers configuration file, so the student © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC user cannot elevate their privilege. You will configure the sudoers file in another lab. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT Figure 22 Attempt to use sudo user 23. At the prompt, type su and press user.& Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Enter to log in as the©root Jones NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 24. When prompted, type qw1290op1 and press Enter. 25. At the prompt, type whoami and press Enter to confirm the root account is logged in. 26. Make as screen capture showing the result of the & whoami command and paste © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC it into the Lab Report file. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 27. At the prompt, type sestatus and press Enter to verify that SELinux (Security Enhanced Linux) is enabled and the current mode is enforcing. uNote: © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOTsystem FOR SALE OR DISTRIBUT NOT SALE OR DISTRIBUTION Security Enhanced LinuxFOR is a mandatory access control system designed to help a Linux adhere to the principle of least privilege. You will configure and test SELinux in other labs. 28. At the prompt, type iptables –L and press Enter to see if the iptables firewall is running. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC WhileSALE the output of the L (list) command can be daunting, in thisSALE instance it is simply NOT FOR OR DISTRIBUTION NOT FOR OR DISTRIBUTION indicating that all inbound and outbound traffic is allowed (ACCEPT). You will configure iptables in another lab. 29. At the prompt, type ntpd –q and press Enter to set the Network Time Protocol (NTP). © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC CopyrightOR © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. rights reserved. NOT FOR SALE DISTRIBUTION NOT All FOR SALE OR DISTRIBUTION Instructor Lab Manual www.jblearning.com © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 20 | Lab #1 Installing a Core Linux Operating System on a Server © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC The system should display an error because it cannot findOR the DISTRIBUTION ntpd command. NTP is an NOT FOR SALE NOT FOR SALE OR DISTRIBUTION important service that ensures the clock on the Linux systems stays current. If this was a production server, the ntpd service would need to be installed. uNote: © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL System time must be synchronized with other network servers and/or an atomic-time server on the Internet FOR SALE NOT FOR SALE OR DISTRIBUTION for consistent operations and valid chronology of events. Synchronized timestamps NOT aid in searching logs OR for DISTRIBUT errors and potential security breaches. Certain network services also rely on synchronized system clocks to verify security and other network tokens across the network. If the clocks are out of sync, many services may malfunction. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION FOR SALE OR for DISTRIBUTION 30. Close the virtual lab, or proceed with Part 4 to answerNOT the challenge question this lab. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 21 © Jones & Bartlett Learning, LLC Part OR 4: Challenge Questions NOT FOR SALE DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION uNote: The following challenge questions are provided to allow independent, unguided work, similar to what you will encounter in a©real situation. You should aim to improve answer in as Learning, LL Jones & Bartlett Learning, LLCyour skills by getting the©correct Jones & Bartlett few steps as possible. Use screen captures in your lab document where possible to illustrate your answers. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 1. In Part 3, Step 21, you tried to configure networking on the virtual machine by typing sudo vi /etc/sysconfig/network-scripts/ifcfg-eth0 and pressing Enter. However, student was not configured in the /etc/sudoers file at that time. For this challenge, you will © Jones & Bartlett Learning, LLC Jones Bartlett configure and test networking. While logged in as the©root user,&repeat Part Learning, 3, Step 21 LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION and modify the ifcfg-eth0 file (as shown in the following figure) to give the Linux VM an IP address (172.30.0.21). © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © JonesFigure & Bartlett Learning, 23 Modify the existingLLC file to match this version © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION a. If not root already, type su and press Enter. b. At the password prompt, type qw1290op1 and press Enter. c. At the prompt, type vi /etc/sysconfig/network-scripts/ifcfg-eth0 and press Enter to open theBartlett file in the Learning, vi Editor. LLC © Jones & © Jones & Bartlett Learning, LLC d. Press I toOR enterDISTRIBUTION the Insert mode and modify the file to match Figure SALE 20. NOT FOR SALE NOT FOR OR DISTRIBUTION e. Press ESC to exit the Insert mode and type :wq! and press Enter to save the file. f. At the prompt, type /etc/init.d/network restart and press Enter to restart networking. 2. Confirm your configuration by pinging the vWorkstation (172.30.0.2). Make a screen © Jones & Bartlettcapture Learning, LLCthe Ping results and paste © Jones Bartlett Learning, LLCfile. showing it into&your Challenge Questions NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION At the prompt, type ping 172.30.0.2 and press Enter to test the network configuration. Press CTRL+C to stop the Ping. uNote: © Jones & Bartlett Learning, LLC This completes the lab. Close the virtual if you have not already done so. NOT FOR SALE ORlab, DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC CopyrightOR © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. rights reserved. NOT FOR SALE DISTRIBUTION NOT All FOR SALE OR DISTRIBUTION Instructor Lab Manual www.jblearning.com © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 22 | Lab #1 Installing a Core Linux Operating System on a Server © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Evaluation Criteria and Rubrics NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION The following are the evaluation criteria for this lab that students must perform: 1. Create a virtual machine and mount an installation ISO file – [25%] & Bartlett LLC performance, and©application Jones & support Bartlett– Learning, LL 2. Partition©a Jones Linux hard disk for Learning, security hardening, NOT FOR SALE OR DISTRIBUT [25%] NOT FOR SALE OR DISTRIBUTION 3. Install Linux in the most secure manner – [25%] 4. Create a non-privileged user account for system administration access as a secure alternative to logging in as a root user – [25%] © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 23 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Lab # 1 – Assessment Worksheet NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Installing a Core Linux Operating System on a Server Course Name and Number: _____________________________________________________ © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Lab Due Date: ________________________________________________________________ NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Overview The foundation of host-based security starts with the installation of the operating system (OS). ContraryLearning, to popular LLC opinion, there is no such thing as a secure operating system,LLC but in this lab, © Jones & Bartlett © Jones & Bartlett Learning, you learned how to install the Linux CentOS operating system a secure manner. You created a NOT FOR SALE OR DISTRIBUTION NOT FOR SALEinOR DISTRIBUTION new virtual machine, partitioned the hard drive, and installed the Linux operating system. You also created a non-root user account and verified that key services were (or were not) running. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL Lab Assessment Questions & Answers NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 1. During the Minimal install, NTP (Network Time Protocol) server was not installed. From a security perspective, why is it important for a system to keep accurate time? Note following Part 3, Step 29. System time must be synchronized with other network servers © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC and/or an atomic-time server on the Internet for consistent operations and valid chronology of NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION events. Synchronized timestamps aid in searching logs for errors and potential security breaches. Certain network services also rely on synchronized system clocks to verify security and other network tokens across the network. If the clocks are out of sync, many services may malfunction. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 2. During the install, you set a password for theFOR root SALE user. What the root user, and when NOT FOR SALE OR DISTRIBUTION NOT OR is DISTRIBUTION is it appropriate to use this account? Note following Part 2, Step 12. The root user is the system’s super user. This user account has access to©anything everythingLearning, on the system. Therefore, extreme care should be taken Jonesand & Bartlett LLC © Jones & Bartlett Learning, LL when using this account. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC CopyrightOR © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. rights reserved. NOT FOR SALE DISTRIBUTION NOT All FOR SALE OR DISTRIBUTION Instructor Lab Manual www.jblearning.com © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 24 | Lab #1 Installing a Core Linux Operating System on a Server © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 3. The Minimal installation process that was in SALE the lab OR did not include an X-Window NOTused FOR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION interface. Why is it best practice not to run X-Window in a production environment? Note following Part 3 Step 4. In a production environment, it is recommended that you not run the X-Window environment because it is not needed and X-Window adds both overhead and an © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL increased security risk. In a production environment, a desktop environment may be helpful in NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION certain situations; however, best practice recommends setting the default runlevel to 3 in this case. Runlevel 3 is a multi-user mode without running X-Window or any GUI services. 4. What partitioning options are available when installing CentOS? © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Part 2,SALE Step 14. Use All Space, Replace Existing Linux System(s), ShrinkSALE Current System, Use NOT FOR OR DISTRIBUTION NOT FOR OR DISTRIBUTION Free Space, and Create Custom Layout. 5. Why is it important to put the swap file on a separate partition from the root (/) partition? © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Note following Figure 12. The swap partition in Linux should be partitioned separate from the root (/) partition for performance reasons. 6. What is the significance of the swap partition in a Linux system? © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL SALE OR DISTRIBUT NOTFigure FOR 12. SALE OR DISTRIBUTION Note following Swapping is necessary for two important reasons.NOT First, FOR when the system requires more memory than is physically available, the kernel swaps out less frequently used pages and gives memory to the current application (or process) that needs the memory immediately. Second, a significant number of the pages used by an application during its startup phase may only be used for initialization and then never used again. The system can swap out LLC © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, those pages to free up the memory for other applications or even for the disk cache. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 7. How is the passwd file used, and what fields make up its content? Explain. Note following Part 3, Step 15. In Linux operating systems, the /etc/passwd file is a text-based © Jones & Bartlettdatabase Learning, LLC © Jones LLC of information about users who may log into&theBartlett system orLearning, other operating-system NOT FOR SALE OR DISTRIBUTION FOR SALE ORfile DISTRIBUTION identities that own running processes. TheNOT /etc/passwd file is a text with one record per line, each describing a user account. Each record consists of seven fields separated by colons. 8. Why create a Logical Volume Manager (LVM) partition? © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL Note following Part 2, Step 28. LVM creates a logical physical volume and then a logical volume OR DISTRIBUT NOT FOR SALE NOT FOR SALE OR DISTRIBUTION as a group on top of the physical volume. From LVM, several partitions can be created, such as those for /tmp, /home, and /var. If disk space becomes an issue, LVM can allocate more disk space to volumes from other partitions within the LVM without risking disk loss. Additional hard drives can be added and can immediately become part of the LVM as well. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Lab #2 Configuring Basic Security Controls on a CentOS Linux Server © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Introduction © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT To some extent, information security on Linux systems is no different from information security on Microsoft or Apple systems. As an administrator, you’ll take many of the same steps as you © Jones & other Bartlett Learning, LLC firewalls, set up bastions, © Jones & Bartlett Learning, LLC would in any system. You’ll create manage users, encrypt NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION filesystems, configure servers, customize applications, and work with intrusion prevention and detection systems. The Linux paradigm is different in some ways, however. With Linux, you can customize the kernel and set up mandatory access with Application Armor (AppArmor) or Security Enhanced Linux (SELinux), a set of security enhancements built into the Linux kernel. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC In this lab,DISTRIBUTION you will secure a Linux server system. will secure theDISTRIBUTION bootloader, enable iptables NOT FOR SALE OR NOTYou FOR SALE OR firewall, and run SELinux to help lock down the Linux OS. By securing the bootloader you can prevent access to single user mode and the GRUB (Grand Unified Bootloader) Console during the boot of the system. Enabling iptables and applying firewall rules can ensure that only the applications you©want have&the ability Learning, to reach or reach You & also will Learning, LL Jones Bartlett LLC out from your computer. © Jones Bartlett apply access control lists (ACLs) to directories and files within the lab to secure the file and data NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION access and then verify those permissions on the system. This lab has seven parts, which should be completed in the order specified. 1. In the first part Learning, of the lab, you will harden the GRUB©bootloader, canLearning, load a © Jones & Bartlett LLC Jones & which Bartlett LLC variety of free and proprietary operating systems. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 2. In the second part of the lab, you will confirm SELinux is enabled. 3. In the third part of the lab, you will enable iptables to help lock down services on a Linux to only those who require network access&and deny external connections © Jones & Bartlettsystem Learning, LLC © Jones Bartlett Learning, LLC to any other unnecessary port or service. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 4. In the fourth part of the lab, you will create a new group, web, and enable sudo user access for the existing wheel group. © Jones & Bartlett LLCwith the immutable permission © Jones & Bartlett Learning, LL 5. In the fifth part of the lab, you Learning, will experiment extended NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION file attribute. 6. In the sixth part of the lab, you will set access control list permissions on a file. 7. Finally, if assigned by your instructor, you will explore the virtual environment on your © Jones LLC questions that allow©you Jones Bartlett Learning, LLC own&toBartlett answer aLearning, set of challenge to use&the skills you learned in NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION the lab to conduct independent, unguided work, similar to what you will encounter in a real-world situation. Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual 25 NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 26 | Lab #2 Configuring Basic Security Controls on a CentOS Linux Server © Jones & Bartlett Learning, LLC Learning Objectives NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Upon completing this lab, you will be able to perform the following: Configure the bootloader with the timeout set to 0 and password credential to mitigate © Jones Bartlett Learning, LLCsequence of the server© Jones & Bartlett Learning, LL tampering with the&GRUB loader and the boot NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION • Enable SELinux on a CentOS Linux Server and set it to enforcing mode • Create a student user account and add it to a user group for managing permissions and applying access controls across the system • Configure user groups with limited sudo access (with password credentials) to log and © Jones & Bartlett Learning, LLCthe system © Jones & Bartlett Learning, LLC properly monitor access across NOT FOR SALE OR DISTRIBUTION NOTanFOR SALE OR DISTRIBUTION • Create iptables set to “on” for runlevels 2 and 5 to enable internal, host-based IP stateful firewall • Set restrictions and permissions for user access to files and system log files • © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Tools and Software NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION The following software and/or utilities are required to complete this lab. Students are encouraged to explore the Internet to learn more about the products and tools used in this lab. • None © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 27 © Jones & Bartlett Learning, LLC Deliverables NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Upon completion of this lab, you are required to provide the following deliverables to your instructor: © Jones & Bartlett Learning, LLC & Bartlett 1. Lab Report file including screen captures of the following steps: Part©1,Jones Steps 15 and 22; Learning, LL NOT FOR SALE NOT FOR SALE OR DISTRIBUTION Part 2, Step 3; Part 3, Step 5; Part 4, Step 5; Part 5, Steps 4 and 11; and Part 6, Step 4; OR DISTRIBUT 2. Lab Assessments file; 3. Optional: Challenge Questions file, if assigned by your instructor. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 28 | Lab #2 Configuring Basic Security Controls on a CentOS Linux Server © Jones & Bartlett Learning, LLC Hands-On Steps NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION uNote: This lab contains detailed lab procedures, which you should follow as written. Frequently performed tasks are explained in the Common&Lab Tasks document on the vWorkstation desktop. You should review these Learning, LL © Jones Bartlett Learning, LLC © Jones & Bartlett tasks before starting the lab. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 1. From the vWorkstation desktop, open the Common Lab Tasks file. If you desire, use the File Transfer button to transfer the file to your local computer and © Jones LLC © Jones & Bartlett Learning, LLC print&aBartlett copy for Learning, your reference. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT FigureLLC 1 “Student Landing” vWorkstation © Jones & Bartlett Learning, © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 2. On your local computer, create the lab deliverable files. 3. Review the Lab Assessment Worksheet at the end of this lab. You will find answers to these questions as you proceed through the lab steps. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE DISTRIBUTION Part OR 1: Harden the GRUB Boot Loader NOT FOR SALE OR DISTRIBUTION uNote: In the next steps, you will apply harden security measures on this server by modifying GRUB, the Grand © so Jones Learning, LLC system without displaying © Jones & Bartlett Unified Bootloader, that it & willBartlett boot into the default operating the boot loader Learning, LL NOT FOR SALE NOT SALE OR DISTRIBUTION menu. A boot loader is aFOR program that allows the user or administrator to choose which operating system OR or DISTRIBUT kernel to load when the computer starts. GRUB can load a variety of free operating systems, as well as proprietary operating systems with chain-loading. It is important to lock down GRUB with a short delay and a password to avoid tampering with the operating system’s boot sequence. Securing the bootloader also provides a layer of security from those LLC who may have physical access to the machine. © Jones & Bartlett Learning, © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 1. Double-click the RDP folder on the vWorkstation desktop to open the folder. 2. Double-click the TargetCentOS01.rdp file to start a remote desktop connection to that machine. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 29 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 3. If prompted, type the following credentials click OK toOR open the remote connection. NOTand FOR SALE DISTRIBUTION NOT FOR SALE OR DISTRIBUTION • • User name: root and press Enter Password: toor and press Enter © Jones & Bartlett LLC Jones Bartlett Learning, LL The remote GNOME desktop, Learning, the graphical user interface (GUI) for©the virtual&Linux NOT FOR SALE NOT FOR SALE OR DISTRIBUTION server, opens with the IP address of the remote machine (172.30.0.21) in the title bar at OR DISTRIBUT the top of the window. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT Figure 2 The GNOME desktop © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FORthe SALE OR emulator DISTRIBUTION 4. Double-click the Terminal icon on the GNOME desktop to open terminal and access the Linux server command line. 5. At the command prompt, type su – and press Enter to become the root user. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 6. When prompted for the password, type P@ssw0rd! and press NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR Enter. DISTRIBUTION The command prompt will change to [root@centos ~]#. 7. At the command prompt, type vi /boot/grub/grub.conf and press Enter to load the grub configuration file into the VI Editor. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION The grub.conf file appears in the VI Editor window. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 30 | Lab #2 Configuring Basic Security Controls on a CentOS Linux Server © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 3 grub.conf within the VI Editor © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR NOT FOR SALE OR DISTRIBUTION 8. Hold the Shift key and press the R key to enter the Replace mode used to edit theSALE file. OR DISTRIBUT 9. Use the arrow keys to locate the timeout=5 line in the editor and change the 5 to a 0. This will change the length of the timeout from 5 seconds to zero, which forces grub to © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC skip the edit menu when it loads. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 10. Press the Esc key to exit the Replace mode and hold the Shift key and press the : key to return to the command line mode. colon withLLC a solid cursor at the bottom of the window indicates that you are in the © Jones & BartlettALearning, © Jones & Bartlett Learning, LLC command line mode. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 11. Type wq (write quit) and press Enter to save your changes and exit the VI Editor. 12. At the command prompt, type /sbin/grub and press Enter to open the Grub Console for editing. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION In the Grub Console, the command prompt appears as grub>. 13. At the command prompt, type md5crypt and press Enter to attach a hash string-encrypted password to the grub menu so that it can only be edited by an authorized user. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 14.FOR WhenSALE prompted for a password, type linuxlab and press Enter to create password. NOT OR DISTRIBUTION NOT FOR SALEaOR DISTRIBUTION The hash string that appears is the encryption for the password you just created. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 31 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 15. Make a screen capture showing the newly generated hash string and paste it into the Lab NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Report file. 16. Highlight the hash string and right-click, and select Copy from the context menu to copy the hash string for use in a later step. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL 17. At the command prompt, and press Enter to exit the grub console and return NOT FOR SALEtoOR DISTRIBUT NOT FOR SALEtype ORquit DISTRIBUTION the root prompt. 18. At the command prompt, type vi /boot/grub/grub.conf and press Enter to load the grub configuration file into the VI Editor. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION The grub.conf file appears in the VI Editor window. NOT FOR SALE OR DISTRIBUTION 19. Press the i key to enter the Insert mode. 20. Use the arrow keys to locate the timeout=0 line in the editor and press Enter at the © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC beginning of the next line to start a new line below the timeout=0 line. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 21. Use the up arrow to move to the empty line and type password --md5, press the spacebar, and then right-click and select Paste from the context menu to paste the hash string you copied in step 16 above. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT Figure 4 Add an encrypted password to the GRUB © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION FOR SALEand OR DISTRIBUTION 22. Make a screen capture showing the hash string in the NOT VI Editor window paste it into the Lab Report file. Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 32 | Lab #2 Configuring Basic Security Controls on a CentOS Linux Server © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 23. Press the Esc key to exit the Insert mode andFOR hold SALE the ShiftOR keyDISTRIBUTION and press the : key to NOT NOT FOR SALE OR DISTRIBUTION return to the command line mode. A colon with a solid cursor at the bottom of the window indicates that you are in the command line mode. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL 24. Type wqNOT (writeFOR quit)SALE and press to save your changes and exit the VI FOR Editor.SALE OR DISTRIBUT NOT OREnter DISTRIBUTION Part 2: Confirm Security-Enhanced Linux is Enabled © Jones & Bartlett Learning, LLC uNote: © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOTby FOR SALE In the next steps, you will apply harden security measures on this server verifying thatOR this DISTRIBUTION CentOS SELinux (Security-Enhanced Linux) server is set to enforcing mode. SELinux is a set of security enhancements built in to the Linux kernel and should be set to enforcing mode by default. 1. At the terminal command prompt, type©cat /etc/selinux/config and press Enter © Jones & Bartlett Learning, LLC Jones & Bartlett Learning, LLC to check the SELinux configuration. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 5 SELinux configuration settings © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT 2. At the command prompt, type /usr/sbin/sestatus and press Enter to see which mode that SELinux is running. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 3. FOR MakeSALE a screen capture showing the current mode line NOT of theFOR SELinux configuration and NOT OR DISTRIBUTION SALE OR DISTRIBUTION paste it into the Lab Report file. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 33 © Jones & Bartlett Learning, LLC Part OR 3: Enable iptables Firewall NOT FOR SALE DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION uNote: In the next steps, you will apply hardened security measures on this server by enabling the internal hostbased IP stateful © firewall. You&will set the firewall to startLLC when it enters runlevels 2 through 5; iptables is Learning, LL Jones Bartlett Learning, © Jones & Bartlett the current host-based, Linux IP stateful firewall and routing service that can be enabled in your CentOS NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION Linux Server. It controls incoming and outgoing network connections and either allows, disallows, or forwards requests based on a set of defined rule sets you configure within the firewall application itself. 1. At the command line prompt, type /sbin/chkconfig --level 2345 iptables on and press Enter. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOTwill FOR ORfeedback DISTRIBUTION The command prompts changes behind the scenes. There be SALE no visible apart from the reappearance of the command line prompt. 2. At the command line prompt, type /sbin/service iptables start and press Enter to start the © Jones & Bartlettfirewall. Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION FOR SALE The command prompts changes behindNOT the scenes. There OR will DISTRIBUTION be no visible feedback apart from the reappearance of the command line prompt. 3. At the command line prompt, type /sbin/chkconfig iptables --list and press Enter to verify that your©changes been made on the server. Jones have & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION This command lists the current settings for the iptables firewall and should show that runlevels 2-5 are on, and runlevels 0, 1, and 6 are off. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 6 iptables runlevels settings 4. At the command status and pressLLC Enter to view © Jones & Bartlett Learning, LLCline prompt, type /sbin/service © Jonesiptables & Bartlett Learning, the current iptables configuration. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 34 | Lab #2 Configuring Basic Security Controls on a CentOS Linux Server © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 7 Firewall configuration 5. Make a screen capture showingLearning, the iptablesLLC status and paste it into the Lab Report file. © Jones & Bartlett © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION Part 4: Enable sudo User uNote: In©the next steps, you will Learning, apply hardened security measures on this©server by & allowing the sudo user. LLC Jones & Bartlett LLC Jones Bartlett Learning, Administrators may choose to grant authorized users limited root-level access a specific Sudo NOT FOR SALE OR DISTRIBUTION NOT FORforSALE ORpurpose. DISTRIBUTION access also can be used to allow the administrator to audit the actions that authorized users take on the server. Any actions not specifically granted to the sudo user will require the actual root password. Sudo access allows a user to perform actions beyond his or her normal privileges. It is a way to provide these privilegesLearning, to a user without A compromised user account © Jones & Bartlett LLCrequiring him to log in as © root. Jones & Bartlettroot Learning, LLCwill allow an attacker to compromise an entire Linux server and system. If you do not log in as root user, your IP packets NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION cannot be compromised, and it’s not possible for a hacker to conduct a man-in-the-middle attack. 1. At the command line prompt, type /usr/sbin/visudo and press Enter to edit the sudoers file, the configuration file for the sudo users. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 35 © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 8 The sudoers file © Jones & Bartlett Learning, LLC SALE OR DISTRIBUTION 2. Press theNOT i keyFOR to enter the Insert mode. © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT 3. Use the arrow keys to locate the %wheel ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS line in the editor and press Enter the beginning of theLLC next line to start a new line. © Jones & at Bartlett Learning, © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION The TargetCentOS01 machine is pre-configured to allow anyone in the wheel group to have sudo access for each of the commands listed in this step. 4. Use the up arrow to move to the empty line and type %web ALL = NETWORKING, SERVICES, STORAGE, DELEGATING, LOCATE,LLC DRIVERS. © Jones & BartlettSOFTWARE, Learning, LLC © Jones &PROCESSES, Bartlett Learning, NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION This step creates a new group called web that will have sudo access for each of the commands listed here. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 36 | Lab #2 Configuring Basic Security Controls on a CentOS Linux Server © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 9 Add the web group © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT SALE NOT FOR SALE OR DISTRIBUTION 5. Make a screen capture showing the new web group and paste it into the LabFOR Report file. OR DISTRIBUT 6. Press the Esc key to exit the Insert mode and hold the Shift key and press the : key to return to the command line mode. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC A colon withOR a solid cursor at the bottom of the window indicates that you in the NOT FOR SALE DISTRIBUTION NOT FOR SALE ORare DISTRIBUTION command line mode. 7. Type wq (write quit) and press Enter to save your changes and exit the VI Editor. uNote:Learning, LLC © Jones & Bartlett © Jones & Bartlett Learning, LLC In the next steps, you will add the user student01 and place the SALE user in the group. Traditionally, this NOT FOR SALE OR DISTRIBUTION NOT FOR ORwheel DISTRIBUTION group contains the system administrators. 8. At the command line prompt, type useradd -G wheel student01 and press Enter. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL This creates the student user and places him or her in the wheel group. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 9. At the command line prompt, type passwd student01 and press Enter. 10. When prompted for the new password, type pass=7890 and press Enter. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 11. Repeat step 10 when prompted. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 37 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Part 5: Extended File Attributes: Set Immutable Permission NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION uNote: In this next steps, you will apply hardened security measures on this server by setting the immutable permission on a temporary immutable designation means the file cannot be © manipulated. file Learning, LL © Jonesfile. & An Bartlett Learning, LLC Jones & The Bartlett becomes a read-only file that cannot be deleted, moved, or edited, even by someone with root-level NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION access. The immutable permission is an extended file attribute, beyond the usual read/write sort of access. Other extended file attributes include: append only (a), secure deletion (s). 1. At the command line prompt, type touch /tmp/mytest and press Enter to create a temp file. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT OR DISTRIBUTION NOT OR DISTRIBUTION 2. FOR At theSALE command line prompt, type chattr +i /tmp/mytest andFOR pressSALE Enter to change the file attributes and add the immutable flag (i) to the file permissions. 3. At the command line prompt, type lsattr /tmp/mytest and press Enter to list the file andLLC verify that the immutable has & been added Learning, to the file permissions. © Jones & Bartlettattributes Learning, © flag Jones Bartlett LLC NOT FOR SALE OR DISTRIBUTION SALE OR indicating DISTRIBUTION The results should include a lowercaseNOT i (forFOR example, ---i---) that the file attributes have been changed and the immutable permission has been set. 4. Make a screen capture showing the new file attributes and paste it into the Lab Report file. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL 5. At the command lineSALE prompt, rm /tmp/mytest and press Enter. NOT FOR SALE OR DISTRIBUT NOT FOR ORtype DISTRIBUTION This command attempts to remove the file. 6. When prompted, type yes and press Enter. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC You should see that the operation is not permitted. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 7. At the command line prompt, type mv /tmp/mytest /tmp/file1 and press Enter. This command attempts to move the file; this operation is not permitted either. © Jones & Bartlett Learning, LLCline prompt, type cp /tmp/mytest © Jones &/tmp/file2 Bartlettand Learning, LLC 8. At the command press Enter. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION This command attempts to copy the file. This operation is allowed. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 38 | Lab #2 Configuring Basic Security Controls on a CentOS Linux Server © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 10 Confirm immutable permissions © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL FOR SALE NOT FOR SALE OR DISTRIBUTION 9. At the command prompt, type vi /tmp/mytest and press Enter to openNOT the file in the VI OR DISTRIBUT Editor. 10. Press the i key to enter the Insert mode. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC A warning at the bottom of the screen confirms that the edit operation is not allowed. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 11. Make a screen capture showing the warning message and paste it into the Lab Report file. 12. Press the Esc key to exit the Insert mode and hold the Shift key and press the : key to to the LLC command line mode. © Jones & Bartlettreturn Learning, © Jones & Bartlett Learning, LLC NOT FOR SALE OR NOT SALEindicates OR DISTRIBUTION A DISTRIBUTION colon with a solid cursor at the bottom of FOR the window that you are in the command line mode. 13. Type q! (quit without saving) and press Enter to exit the VI Editor. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 39 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Part 6: Access Control List Permissions NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION uNote: In the next steps, you will apply harden security measures on this server by granting special permissions to allow a user access to the server’s log file.Learning, You will assign access control list permissions (ACL)&toBartlett the © Jones & Bartlett LLC © Jones Learning, LL wheel group. This will be done using the set file access control lists (setfacl) command and the get file NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION access control lists (getfacl) commands. The setfacl command provides an extra layer of security defense by setting permissions for specific users or groups of users regarding access to files on the system. Setfacl helps system administrators define stringent access controls to specific files for ensuring confidentiality. The get file access control lists (getfacl) command displays existing ACLs. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT OR DISTRIBUTION 1. At the command prompt, type getfacl /var/log/messages andFOR pressSALE Enter to view the current ACL permissions for the log file. 2. At the command prompt, type setfacl –m g:wheel:r /var/log/messages and press Enter to © Jones & Bartlettadd Learning, LLC © group Jonesfor&the Bartlett read ACL permissions to the wheel log file.Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION There will be no visible feedback apart from the reappearance of the command line prompt. 3. At the command prompt, type getfacl /var/log/messages and press Enter to get the current © Jones for & Bartlett Learning, © Jones & Bartlett Learning, LL ACL permissions the log file and verifyLLC that they were set properly in the previous NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION step. The wheel group now has read access to the log file. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 40 | Lab #2 Configuring Basic Security Controls on a CentOS Linux Server © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 11 Set ACL permissions on the log file © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOTit FOR SALE NOT FOR SALE OR DISTRIBUTION 4. Make a screen capture showing the permissions for the log file and paste into the Lab OR DISTRIBUT Report file. 5. Close the terminal window. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 6. Close the remote Linux connection. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 7. Close the virtual lab, or proceed with Part 7 to answer the challenge question for this lab. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 41 © Jones & Bartlett Learning, LLC Part OR 7: Challenge Question NOT FOR SALE DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION uNote: The following challenge question is provided to allow independent, unguided work, similar to what you will encounter in a real You should aim to improveLLC your skills by getting the correct answer&inBartlett as few Learning, LL © situation. Jones & Bartlett Learning, © Jones steps as possible. Use screen captures in your lab document where possible to illustrate your answers. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 1. Research Linux permissions on the Internet and describe how you would go about deleting the immutable file /tmp/mytest you created in Part 6 of the lab. © Jones Bartlett LLC © Jones & Bartlett Learning, LLC First,&remove the Learning, immutable permission chattr -i /tmp/mytest, then delete the file rm /tmp/mytest. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION uNote: This completes the lab. Close the virtual lab, if you have not already done so. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 42 | Lab #2 Configuring Basic Security Controls on a CentOS Linux Server © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Evaluation Criteria and Rubrics NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION The following are the evaluation criteria for this lab that students must perform: 1. Configure the bootloader with the timeout set to 0 and password credential to mitigate © Jones Bartlett Learning, LLCsequence of the server©–Jones tampering with the&GRUB loader and the boot [10%] & Bartlett Learning, LL NOT–FOR SALE OR DISTRIBUT NOT FOR ORLinux DISTRIBUTION 2. Enable SELinux on SALE a CentOS Server and set it to enforcing mode [10%] 3. Create a student user account and add it to a user group for managing permissions and applying access controls across the system – [20%] 4. Configure user groups with limited sudo access (with password credentials) to log and properly monitor access across © Jones & Bartlett Learning, LLCthe system – [20%] © Jones & Bartlett Learning, LLC 5. FOR Create iptables to “on” for runlevels 2 and 5 to enable internal, host-based IP NOT SALE ORset DISTRIBUTION NOTanFOR SALE OR DISTRIBUTION stateful firewall – [20%] 6. Set restrictions and permissions for user access to files and system log files – [20%] © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 43 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Lab #2 – Assessment Worksheet NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Configuring Basic Security Controls on a CentOS Linux Server Course Name and Number: _____________________________________________________ © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Lab Due Date: ________________________________________________________________ NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Overview In this lab, you secured a Linux server system. You secured the bootloader, enabled iptables firewall,Learning, and ran SELinux Linux OS. By securing the bootloader, © Jones & Bartlett LLC to help lock down the © Jones & Bartlett Learning, LLC you prevented access to single-user mode and the NOT GRUBFOR Console during boot of the system. NOT FOR SALE OR DISTRIBUTION SALE OR the DISTRIBUTION Enabling iptables and applying firewall rules ensured that only the applications you wanted can reach or reach out from your computer. You also applied access control lists (ACLs) to directories and files within the lab to secure the file and data access and then verified those permissions on the system.& Bartlett Learning, LLC © Jones © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION Lab Assessment Questions & Answers 1. What is GRUB and why is it important to lock it down? © Jones Bartlett Part Learning, © Jones & Bartlett Learning, LLC Note&introducing 1. GRUB,LLC the Grand Unified Bootloader, is a program that allows the NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION user or administrator to choose which operating system or kernel to load when the computer starts. GRUB can load a variety of free operating systems, as well as proprietary operating systems with chain-loading. It is important to lock down GRUB with a short delay and a password to avoid tampering with the operating system’s boot sequence. Securing © Jones & Bartlettthe Learning, © Jones & Bartlett LLC bootloaderLLC also provides a layer of security from those who mayLearning, have physical access NOT FOR SALE OR NOT FOR SALE OR DISTRIBUTION to DISTRIBUTION the machine. 2. Discuss the purpose of granting sudo access. Why is it a good idea not to log in as a root user? © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL Note introducing Part 4. Sudo access can also let the administrator audit the actions NOT FOR SALE OR DISTRIBUTION authorizedNOT usersFOR take on the server. Any actions not specifically granted to the sudo userSALE OR DISTRIBUT will require the actual root password. Sudo access lets a user perform actions beyond his or her normal privileges. It is a way to provide these privileges to a user without requiring him or her to log in as root. A compromised root user account will allow an attacker to © Jones & Bartlett Learning, LLCand system. If you do not © Jones Bartlett Learning, LLC compromise an entire Linux server log in as & root user, your IP NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION packets cannot be compromised, and a hacker cannot conduct a man-in-the-middle attack. Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 44 | Lab #2 Configuring Basic Security Controls on a CentOS Linux Server © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 3. If a file is set with the immutable flag, what FOR security controls this provide for NOT SALE OR does DISTRIBUTION NOT FOR SALE OR DISTRIBUTION the file? Note introducing Part 5. An immutable designation means the file cannot be manipulated. The file becomes a read-only file that cannot be deleted, moved, or edited; even by Jones & Bartlett Learning, someone©with root level access. The immutableLLC permission is an extended © fileJones attribute,& Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION beyond the usual read/write sort of access. 4. Besides immutable, what are some of the other extended file attributes? Note&introducing 5. Other LLC extended file attributes include: append & only (a); secure © Jones Bartlett Part Learning, © Jones Bartlett Learning, LLC deletion (s). NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 5. What is the difference between access control list permissions and sudo? Note introducing Part 4. Sudo access allows a user to perform actions beyond his or her © Jones & Bartlettnormal Learning, LLC privileges assigned by the ACLs. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 6. What is iptables and how does this help harden the CentOS Linux Server? Note introducing Part 3. Iptables is the current host-based, Linux IP stateful firewall and routing service that can be enabled in your CentOS Linux Server. It controls incoming and © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL outgoing network connections and either allows, disallows, or forwards requests based on NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION a set of defined rule sets you configure within the firewall application itself. 7. Why is it important to configure and enable iptables on your CentOS Linux Server? © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Introduction. is the built-in firewall available within NOT the CentOS system. It will NOT FOR SALE Iptables OR DISTRIBUTION FOR Linux SALE OR DISTRIBUTION help lock down services on a Linux system to only those who require network access and deny external connections to any other unnecessary port or service. 8. What is the difference between setfacl and getfacl? How can setfacl help achieve © Jones & Bartlettsecurity Learning, LLC © Jones & Bartlett Learning, LLC hardening? NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Note introducing Part 6. The setfacl command provides an extra layer of security defense by setting permissions for specific users or groups of users regarding access to files on the system. Setfacl helps system administrators define stringent access controls for specific files to ensure confidentiality. The Learning, get file access control lists (getfacl) command displays © Jones & Bartlett LLC © Jones & Bartlett Learning, LL existing ACLs. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Lab #3 Hardening Security with User Account Management and Security Controls © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Introduction © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT This lab is an extension of the previous labs. Computer security is a series of disparate systems that will each play a key role in the protection of resources and information. However, just about © Jones & Bartlett Learning, LLC & Bartlett Learning, every security policy begins with and is centrally focused on© theJones company’s password policy. LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Every auditor walking in to gauge the worth of the company’s accounting systems will ask to see the password policy and the logs for change control. In most cases, the passwords to the system are the keys to the vault. Any effective password elements. The passwords will expire © Jones & Bartlett Learning, LLCpolicy will have several © Jones & Bartlett Learning, LLC regularly; they will have a certain complexity requirement for length and special characters, and will also NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION have a minimum age requirement. In addition, every organization has “guest users,” be they auditors, contractors, temps, or other types of transient users on the system. Having a password system that can deal with these varieties of conditions requires intelligent design and well-trained and capable system administrators. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOTharden FOR user SALE OR DISTRIBUTION In this lab, you will accounts on a Linux system with a secure password policy definition. This definition will include the use of user groups to better manage large numbers of users. You also will create temporary user accounts and apply automatic account and password deletion after 90 days. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC This has SALE six parts, which should be completed in the order specified. NOTlab FOR OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 1. In the first part of the lab, you will set password controls on a Linux system. 2. In the second part of the lab, you will create several user accounts on the system and the password properties for one©of those accounts. © Jones & Bartlettchange Learning, LLC Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 3. In the third part of the lab, you will create two new security groups on the system and add the new user accounts to their corresponding groups. 4. In the fourth part of the lab, you will create temporary user accounts that will expire in a © of Jones © Jones & Bartlett Learning, LL set period time. & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 5. In the fifth part of the lab, you will edit the .pam file to restrict the use of the su command. 6. Finally, if assigned by your instructor, you will explore the virtual environment on your © Jones LLC © to Jones Bartlett LLC own&toBartlett answer aLearning, of challenge question that allows you use the&skills you Learning, learned in the NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION lab to conduct independent, unguided work, similar to what you will encounter in a realworld situation. Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual 45 NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 46 | Lab #3 Hardening Security with User Account Management and Security Controls © Jones & Bartlett Learning, LLC Learning Objectives NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Upon completing this lab, you will be able to perform the following: Configure a password policy by editing the /etc/login.defs file and implementing Jones &security Bartlett Learning, stringent©password measures on a LLC CentOS Linux Server © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION • Enforce a password change every 60 days showing a warning 14 days prior to the password’s expiration across the system for all users • Configure a minimum password length of eight characters with stringent complexity requirements © Jones & Bartlett LLC © Jones & Bartlett Learning, • Create users andLearning, groups with the proper permissions and restrictions to enforce role- LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION based access controls • Create a temporary user account that expires in 90 days to enforce the proper principle of least privilege with contractors and temporary workers/consultants • © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Tools and Software NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION The following software and/or utilities are required to complete this lab. Students are encouraged to explore the Internet to learn more about the products and tools used in this lab. • vi Editor© Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 47 © Jones & Bartlett Learning, LLC Deliverables NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Upon completion of this lab, you are required to provide the following deliverables to your instructor: © Jones & Bartlett Learning, LLC Bartlett Learning, LL 1. Lab Report file including screen captures of the following steps: Part©1,Jones Step 9;&Part 3, NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION Step 11; Part 4, Step 13; Part 5, Step 6; 2. Lab Assessments file; 3. Optional: Challenge Questions file, if assigned by your instructor. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 48 | Lab #3 Hardening Security with User Account Management and Security Controls © Jones & Bartlett Learning, LLC Hands-On Steps NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION uNote: This lab contains detailed lab procedures, which you should follow as written. Frequently performed tasks are explained in the Common Lab Tasks document on the vWorkstation desktop. You should © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL review these tasks before starting the lab. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 1. From the vWorkstation desktop, open the Common Lab Tasks file. If you desire, use the File Transfer button to transfer the file to your local computer and print&aBartlett copy for Learning, your reference. © Jones LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT Figure 1 “Student Landing” vWorkstation © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 2. On your local computer, create the lab deliverable files. 3. Review the Lab Assessment Worksheet at the end of this lab. You will find answers to these questions as you proceed through the lab steps. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Part OR 1: Establish System Password Controls uNote: In the next steps, you will apply harden security measures on this server by configuring stringent passwords according to a policy definition.Learning, You will edit LLC the login definitions (login.defs) file in the Editor. Learning, LL © Jones & Bartlett © Jones & viBartlett NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 1. Double-click the RDP folder on the vWorkstation desktop to open the folder. 2. Double-click the TargetCentOS.rdp file to open a remote connection to the Linux server. © Jones Bartlett Learning, LLC © Jones & for Bartlett Learning, The&remote GNOME desktop, the graphical user interface (GUI) the virtual Linux LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION server, opens with the IP address of the remote machine (172.30.0.21) in the title bar at the top of the window. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 49 © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 2 The GNOME desktop 3. Double-click the Terminal icon on the GNOME desktop to open the terminal emulator and access the Linux server command line. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL FOR NOT FOR SALE OR DISTRIBUTION 4. At the command prompt, type su -c 'vi /etc/login.defs' and press EnterNOT to load theSALE grub OR DISTRIBUT configuration file into the vi Editor. 5. When prompted, type P@ssw0rd!, the root password, and press Enter to open the configuration © Jones & Bartlettfile. Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE ORfile DISTRIBUTION NOT FOR SALE DISTRIBUTION The login.defs appears in the vi Editor window. The login.defs file isOR used to define the configuration associated with logins into the local Linux system. uNote: You are required to enter a mixed-case password.© If you are not using the Citrix ReceiverLLC to access this © Jones & Bartlett Learning, LLC Jones & Bartlett Learning, lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 6. Press the i key to enter the Insert mode. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 50 | Lab #3 Hardening Security with User Account Management and Security Controls © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT Figure 3 login.defs within the vi Editor © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 7. FOR Use the arrow keys to locate the Password aging controls of the file. NOT SALE OR DISTRIBUTION NOTsection FOR SALE OR DISTRIBUTION uNote: Changes to the Password aging controls section of the login.defs file affect the requirements for user account passwords, including the length of the password and the number of days before a password © Jones & Bartlett Learning, LLC Jones &basis Bartlett LLC guessing expires. Requiring users to change passwords on © a scheduled will, atLearning, least, keep hackers NOT FOR SALE OR them DISTRIBUTION ORthey DISTRIBUTION and force to work harder to crack passwordsNOT all overFOR againSALE each time are changed. This is timeconsuming and off-putting. If your passwords are difficult to guess and change regularly, you are already well ahead of the skills of many rudimentary hackers. © Jones & of Bartlett Learning, LLC to any of these settings © Jones & Bartlett Learning, LL The section includes a number password settings. Changes will not affect NOT FOR SALE OR DISTRIBUT existing accounts.NOT FOR SALE OR DISTRIBUTION • PASS_MAX_DAYS is the maximum number of days a password can be used before a change of password is forced. • PASS_MIN_DAYS is the minimum number of days a password must be set on an account before © Jones & be Bartlett © to Jones & Bartlett Learning, LLC it can changedLearning, again. This LLC is to prevent users from trying revert back to the original password NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION soon after being forced to change. • PASS_MIN_LEN is the minimum number of characters the password must contain. • PASS_WARN_AGE is the number of days a warning is sent to an account before the password expires. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 51 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 8. Edit the password aging controls section to match the following definition: • • • • PASS_MAX_DAYS 60 PASS_MIN_DAYS 0 © Jones & Bartlett Learning, LLC PASS_MIN_LEN 8 NOT FOR SALE OR DISTRIBUTION PASS_WARN_AGE 14 © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT 9. Make a screen capture showing your changes in the vi Editor window and paste it into the Lab Report File. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 10.FOR PressSALE the EscOR keyDISTRIBUTION to exit the Insert mode. NOT NOT FOR SALE OR DISTRIBUTION 11. Type :wq! and press Enter to save your changes and exit the vi Editor. Part 2: Create UserLLC Accounts © Jones & Bartlett Learning, NOT FOR SALE OR DISTRIBUTION uNote: © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION In the next steps, you will harden security measures on this server by creating several new users accounts using the useradd command and set an initial password for one of the accounts, then require that password to be changed at the first login attempt. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 1. At the command prompt, type su -c '/usr/sbin/useradd dbadmin1' and press Enter to create a new database administrator user account (dbadmin1). 2. When prompted, type P@ssw0rd!, the root password, and press Enter to create the new © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC account. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION uNote: You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 3. Repeat steps 1-2 to add the following additional NOT FOR SALE OR DISTRIBUTION NOT FORusers: SALE OR DISTRIBUTION • • • dbadmin2 webadmin1 webadmin2 © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 52 | Lab #3 Hardening Security with User Account Management and Security Controls © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 4 Create new user accounts © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 4. At the command prompt, type su -c 'passwd dbadmin1' and press Enter to set a password for the dbadmin1 user account you just created. 5. When prompted, type P@ssw0rd!, the root password, and press Enter to set the password for the new account. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION uNote: You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password. © Jones & Bartlett Learning, LLCfor the new password©forJones & Bartlett Learning, LLC Enter. 6. When prompted this account, type harden and press NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION The system will display a warning indicating that the password is too simple, and that it is based on a dictionary word. However, users with root access (as you have assumed with the su command) will be able to set the password after seeing the warnings. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL 7. When prompted to retype the password for this account, type harden and press NOT FOREnter. SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 53 © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 5 Set a user account password © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL FOR SALE NOT FOR SALE OR DISTRIBUTION 8. At the command prompt, type su -c 'chage -d 0 dbadmin1' and press NOT Enter to force the OR DISTRIBUT password you just set to change at the next login attempt. The command chage stands for change aging, and is not a misspelling of the word change. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 9. When prompted, type P@ssw0rd!, the root password, and press Enter to change the aging of the password. uNote: © Jones & Bartlett Learning, LLC Jones & Bartlett Learning, You are required to enter a mixed-case password.© If you are not using the Citrix ReceiverLLC to access this NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password. Part 3: Manage Security Groups © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION uNote: In the next steps, you will harden security measures on this server by creating two new security groups. You will add the new users to those groups and verify user group membership. The intelligent design and deployment of security groups greatly eases security management, change control, and access tightening. © Jones Bartlett LLC the group to a resource©isJones Bartlett Learning, LLC Putting users&into groupsLearning, and then applying the best&way to manage that NOT FOR SALEtoOR DISTRIBUTION NOT FORinstead SALEofOR DISTRIBUTION resource. Changes the control only need to be made to the group property, possibly dozens if not hundreds of individual users. Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 54 | Lab #3 Hardening Security with User Account Management and Security Controls © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 1. At the command prompt, type su -c '/usr/sbin/groupadd dba' and press Enter to add a new group called dba (database administrators). 2. When prompted, type P@ssw0rd!, the root password, and press Enter to add the new © Jones & Bartlett Learning, LL group. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION uNote: You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 3. FOR Repeat stepsOR 1-2 to add a new group called web. NOT SALE DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC FOR accounts SALE OR DISTRIBUTION Figure 6 CreateNOT new group 4. At the command prompt, type su -c '/usr/sbin/usermod -g dba dbadmin1' and press Enter to add the dbadmin1 user account to the new dba group. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL 5. When prompted, type P@ssw0rd!, the root password, and press Enter to add the SALE user to OR DISTRIBUT NOT FOR NOT FOR SALE OR DISTRIBUTION the group. uNote: You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this © Jones & Bartlett ©toJones & password. Bartlett Learning, LLC lab, please use the CAPSLearning, LOCK buttonLLC or the On-Screen Keyboard input the NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 6. Repeat steps 4-5 to add the dbadmin2 user account to the dba group. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 55 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 7. At the command prompt, type su -c '/usr/sbin/usermod -g web and press Enter NOT FOR SALE OR webadmin1' DISTRIBUTION NOT FOR SALE OR DISTRIBUTION to add the webadmin1 user account to the new web group. 8. When prompted, type P@ssw0rd!, the root password, and press Enter to add the user to the web group. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION uNote: You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password. 9. Repeat steps 7-8Learning, to add the webadmin2 user account to©the web group. © Jones & Bartlett LLC Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC Figure 7 Add user accounts © Jones & Bartlett Learning, LLC to group accounts NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 10. At the command prompt, type groups dbadmin1 and press Enter to display all of the groups to which the dbadmin1 user is a member. So far in©this lab, you have added the dbadmin1 group. However, this Learning, LL Jones & Bartlett Learning, LLC user only to the dba © Jones & Bartlett command illustrates how either the user or the administrator can easily and quickly NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION determine the groups to which a user is assigned. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 56 | Lab #3 Hardening Security with User Account Management and Security Controls © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 8 Output from the groups command © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL FORitSALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 11. Make a screen capture showing the output from the groups commandNOT and paste into the Lab Report file. Part 4: Manage Temporary User Accounts © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION uNote: © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION In the next steps, you will apply harden security measures on this server by creating temporary user accounts that will automatically expire in 90 days. This type of action is common in a business that frequently hires contractors or others that will need temporary access to their network. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE1.OR SALE OR DISTRIBUTION AtDISTRIBUTION the terminal command prompt, typeNOT su -cFOR '/usr/sbin/useradd jtemp' and press Enter to create a new database administrator user account (jtemp). 2. When prompted, type P@ssw0rd!, the root password, and press Enter to create a new account.© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL uNote: NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUT You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password. © Jones & Bartlett Learning, LLC © press JonesEnter & Bartlett Learning, 3. At the command prompt, type su -c 'passwd jtemp' and to set a password forLLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION the jtemp user account you just created. 4. When prompted, type P@ssw0rd!, the root password, and press Enter to set a password. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 57 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC uNote: NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password. 5. When prompted new password, typeLLC tempuser! and press Enter. © Jonesfor&the Bartlett Learning, © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION The system will display a warning indicating that the password is a dictionary, but users with root access, as you have in this lab, will be able to set the password anyway. 6. When prompted, type tempuser! and press Enter to confirm the new password. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 7. FOR At theSALE command prompt, type su -c 'chage -d 0 jtemp' NOT and press to force the jtemp NOT OR DISTRIBUTION FOREnter SALE OR DISTRIBUTION user to change the password you just set at the next login attempt. 8. When prompted, type P@ssw0rd!, the root password, and press Enter to force a password change. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION uNote: You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password. © Jonesprompt, & Bartlett Learning, © Jones & Bartlett Learning, LL 9. At the command type su -c 'chage LLC -E date jtemp' and press Enter to force the jtemp user to change the password you just set on the required date. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION For this command, the date should be entered in the format of YYYY-MM-DD. For this lab, replace the date in the command line, with an actual date 90 days from the date you perform this hands-on activity. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION FOREnter SALE 10. When prompted, type P@ssw0rd!, the root password,NOT and press to OR forceDISTRIBUTION a password change for the jtemp user. uNote: You are required to enter a mixed-case password.© If you are not using the Citrix ReceiverLLC to access this © Jones & Bartlett Learning, LLC Jones & Bartlett Learning, lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 11. At the command prompt, type su -c 'chage --list jtemp' and press Enter to review the password settings for the jtemp user account. © Jonestype & Bartlett Learning, Bartlett Learning, LL 12. When prompted, P@ssw0rd!, the root LLC password, and press Enter©toJones review&the NOT FOR SALE OR DISTRIBUT FOR SALE OR DISTRIBUTION passwordNOT settings. uNote: You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this © Jones & Bartlett ©toJones & password. Bartlett Learning, LLC lab, please use the CAPSLearning, LOCK buttonLLC or the On-Screen Keyboard input the NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 58 | Lab #3 Hardening Security with User Account Management and Security Controls © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 9 Output from the jtemp user account configuration © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT itFOR NOT FOR SALE OR DISTRIBUTION 13. Make a screen capture showing the output of the –list command and paste into SALE the LabOR DISTRIBUT Report file. Part 5: Restrict Access © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION uNote: In the next steps, you will harden security measures on this server by restricting the use of the su command which grants the user root level access. You will edit the pam.d file to restrict the wheel group from using the su command. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE1.OR NOT FOR SALE and OR press DISTRIBUTION AtDISTRIBUTION the command line prompt, type su -c 'vi /etc/pam.d/su' Enter to edit the access for the su command in the pluggable authentication module file. 2. When prompted, type P@ssw0rd!, the root password, and press Enter to open the pam.d file opens the vi & Editor. © in Jones Bartlett Learning, LLC © Jones & Bartlett Learning, LL uNote: NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUT You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 59 © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 10 The pam.d file © Jones & Bartlett Learning, LLC SALE OR DISTRIBUTION 3. Press theNOT i keyFOR to enter the Insert mode. © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT 4. Use the arrow keys to locate the #auth required pam_wheel.so use_uid line in the editor. 5. Replace the hash tag (#) at the beginning of the line with an x so that the entire line now © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC reads xauth required pam_wheel.so use_uid. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION This action cancels the statements and removes the wheel group from those authorized to use the su command. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 60 | Lab #3 Hardening Security with User Account Management and Security Controls © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 11 Edit the su command © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 6. Make a screen capture showing the edits from step 5 and paste it intoNOT the Lab Report file. 7. Press the Esc key to exit the Insert mode and type :wq! and press Enter to save your changes and exit the pluggable authentication module file. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 8. At the prompt, type exit and press Enter to close the terminal window. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 9. Close the remote Linux connection. 10. Close the virtual lab, or proceed with Part 6 to answer the challenge question for this lab. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 61 © Jones & Bartlett Learning, LLC Part OR 6: Challenge Question NOT FOR SALE DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION uNote: The following challenge question is provided to allow independent, unguided work, similar to what you will encounter in a real You should aim to improveLLC your skills by getting the correct answer&inBartlett as few Learning, LL © situation. Jones & Bartlett Learning, © Jones steps as possible. Use screen captures in your lab document where possible to illustrate your answers. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 1. You are the SysAdmin for a local company. You have been instructed to create access to the network for an outside auditing agency who will be coming on-site to perform a financial audit. The audit will last for eight weeks, and the lead auditor is to be given user © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC creation rights to track the use of temps that he is bringing on-site to perform some of the NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION auditing tasks. Your boss is understandably concerned about someone outside the IT group having user admin rights. Given the set of hardening rules you worked with in this lab, describe the policy you would recommend to best meet the needs of the auditors and ease your boss’ concerns. For additional consideration, investigate and explain any © Jones & Bartlettfurther Learning, LLC steps you would consider © Jones & Bartlett Learning, LLC this request. reasonable to safeguard data and administer NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION (Answers will be unique to each student, but should include some form of the following.) The lead auditor is given two accounts, one would be his work account, and the second would be an account relegated to user admin only. The lead auditor would have to su to the user account to administer©any of the&new accounts he desires,LLC and then log out to his main©account other Learning, LL Jones Bartlett Learning, Jonesdo&any Bartlett work. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUT The auditor’s accounts and the other temp accounts would be set to expire in eight weeks, and new users would have to immediately change their passwords upon first login. No minimum password days would be needed, as these users would not be on-site long enough to go through a © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC password change cycle. Maximum password days is set at eight weeks, and the warning is set to 0 NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION days to turn it off. Passwords must be a minimum of 8 characters in length. Further steps to consider not covered by this lab: Depending on the environment and the need for the temporary auditors’ access, create a DMZ and allow the temporary auditors access to the © Jones & BartlettDMZ, Learning, LLC © Jones & Bartlett LLC but not the internal network. Very often, all that many people Learning, need is communication NOT FOR SALE OR DISTRIBUTION FOR SALE capability in the form of Internet access. ANOT DMZ provides that. InOR the DISTRIBUTION absence of a DMZ, set time controls on the temp accounts to be valid only during work hours. Do not allow their accounts to be used when the lead auditor is not present or is not sanctioning work. In all of these instances, I would set up logging on all of the accounts and set ACLs to prevent access to any areas that the temps in particular not be allowed. Auditors unrestricted © Jonesshould & Bartlett Learning, LLCoften request, and are granted, © Jones & Bartlett Learning, LL access, but you must clear that with your supervisor before providing it. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION uNote: This completes the lab. Close the virtual lab, if you have not already done so. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 62 | Lab #3 Hardening Security with User Account Management and Security Controls © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Evaluation Criteria and Rubrics NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION The following are the evaluation criteria and rubrics that the students must perform: 1. Configure a password policy by editing the /etc/login.defs file and implementing Jones &security Bartlett Learning, © Jones & Bartlett Learning, LL stringent©password measures on a LLC CentOS Linux Server – [20%] NOT FOR SALE OR DISTRIBUT FOR SALE DISTRIBUTION 2. Enforce NOT a password changeOR every 60 days showing a warning 14 days prior to the password’s expiration across the system for all users – [20%] 3. Configure a minimum password length of eight characters with stringent complexity requirements – [20%] 4. Create users andLearning, groups with the proper permissions and restrictions to enforce role- LLC © Jones & Bartlett LLC © Jones & Bartlett Learning, basedSALE accessOR controls – [20%] NOT FOR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 5. Create a temporary user account that expires in 90 days to enforce the proper principle of least privilege with contractors and temporary workers/consultants – [20%] © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 63 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Lab #3 – Assessment Worksheet NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Hardening Security with User Account Management and Security Controls © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL Course Name and Number: _____________________________________________________ NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Lab Due Date: ________________________________________________________________ Overview © Jones & Bartlett Learning, LLC user accounts on a Linux © Jones & Bartlett Learning, LLC In this lab, you hardened system with a secure password policy NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION definition. This definition included the use of user groups to better manage large numbers of users. You also created temporary user accounts and applied automatic account and password deletion after 90 days. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT 1. What is the significance of creating groups and adding users to groups? Explain. Lab Assessment Questions & Answers NOT FOR SALE OR DISTRIBUTION Note introducing Part 3. The intelligent design and deployment of security groups greatly eases © Jones & Bartlett Learning, © Jones & Bartlett Learning, security management, changeLLC control, and access tightening. Putting users into groups and thenLLC NOT FOR SALE OR DISTRIBUTION FOR SALE OR toDISTRIBUTION applying the group to a resource is the best way to manageNOT that resource. Changes the control need to be made only to the group property, instead of possibly dozens, if not hundreds, of individual users. 2. Given a scenario where there are five database administrators who may periodically need © Jones & Bartlettaccess Learning, LLCsystem, discuss a concept © Jones & Bartlett LLC to a given to better manage Learning, these administrators’ access NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION permissions. Part 3, Step1. Create a group and add the DBAs to the group. Then give the necessary permissions to the group. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL 3. The newNOT Web FOR administrator’s account (webadmin1) has been set up and a FOR password NOT SALE OR DISTRIBUT SALE OR DISTRIBUTION provided to the user. What is the command to force the user to change the password upon first login? Part&2,Bartlett Step 8. Use the command su -c 'chage –d 0 webadmin1' © Jones Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 64 | Lab #3 Hardening Security with User Account Management and Security Controls © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 4. How can the use of the su command be restricted? NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Note introducing Part 5. Edit the pam.d file to restrict users or groups from using the su command. 5. What is the purpose of the login.defs file? Explain the contents and configuration options. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT NOT FOR SALE OR DISTRIBUTION Part 1 Step 5. The login.defs file is used to define the configuration associated withFOR loginsSALE into theOR DISTRIBUT local Linux system. 6. What is the PASS_MIN_DAYS setting? Why would it be a good idea to specify a PASS_MIN_DAYS setting?LLC © Jones & Bartlett Learning, © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Note following Part 1, Step 7. It shows the minimum number of days a password must be set on an account before it can be changed again. This is to prevent users from trying to revert back to the original password soon after being forced to change. © Jones & Bartlett Learning, © Jones & Bartlett Learning, LLC 7. Will changesLLC to the PASS_MAX_DAYS, PASS_MIN_DAYS, and PASS_WARN_AGE NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION commands in /etc/login.defs settings affect existing accounts? Note following Part 1, Step 7. Changes to any of these settings will not affect existing accounts. 8. Describe©the password and account settingsLLC you would configure if you were told that a Learning, LL Jones & Bartlett Learning, © Jones & Bartlett few contractors needed accounts on the Linux system for the next 14 days. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION Part 4. Create temporary accounts that expire in 14 days. Possibly, edit the pam.d file to restrict the su command. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Lab #4 Applying Hardened Linux Filesystem Security Controls © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT Introduction © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Server hardening is the of securing a system by reducing surface of vulnerability. It is NOT FOR SALE ORprocess DISTRIBUTION NOTitsFOR SALE OR DISTRIBUTION an important task, especially if you realize that the default configuration of most operating systems is not designed with security as the primary focus. Instead, default setups focus more on usability, communications, and functionality. Protection is provided in various layers and often referred to as defense in depth. The idea behind the defense in depth approach is to defend a © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC system against any particular attack using several independent methods. Defense in depth NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION measures should not only prevent security breaches, but also buy an organization time to detect and respond to an attack, thereby reducing and mitigating the consequences of a breach. This lab, an extension of the previous labs, incorporates security hardening for filesystems and © Jones & BartlettInLearning, Jones & Bartlett Learning, LL user access to mounted filesystems. this lab, youLLC will mount a filesystem © that does not have execute permissions the CentOS Linux Server. You also will mount a remote andOR DISTRIBUT NOTfilesystem FOR SALE NOTon FOR SALE OR DISTRIBUTION set quotas for users of mounted filesystems. This lab has three parts, which should be completed in the order specified. There is no challenge question for this lab. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE ORtest DISTRIBUTION 1. In the first part of the lab, you will mount a filesystem, apply permissions, it, and report your findings. 2. In the second part of the lab, you will set user account quotas on filesystem partitions and your findings. © Jones & Bartlettreport Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE3.OR NOT FOR SALE ORand DISTRIBUTION InDISTRIBUTION this part of the lab, you will test your quota configuration report your findings. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. Instructor Lab Manual www.jblearning.com © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 65 66 | Lab #4 Applying Hardened Linux Filesystem Security Controls © Jones & Bartlett Learning, LLC Learning Objectives NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Upon completing this lab, you will be able to: Mount a filesystem without execute permissions, so you can safely read the data © in Jones & Bartlett Learning, contained the disk without executing anyLLC unexpected programs © Jones & Bartlett Learning, LL FOR SALE OR DISTRIBUTION • Mount aNOT remote filesystem and configure the system to be mounted NOT at bootFOR timeSALE for an OR DISTRIBUT automatic network share on a Linux system • Set user quotas on disk to protect the availability and security on the Linux system and to prevent users from taking up all the disk drive space on the system • Edit&and modifyLearning, the /etc/fstab file to manage local and©remote file shares as well © Jones Bartlett LLC Jonesnetwork & Bartlett Learning, LLC as theSALE necessary mounting configurations required NOT FOR OR disk DISTRIBUTION NOT FOR SALE OR DISTRIBUTION • Configure and use the repquota command to verify usage of disk space by users and manage quotas • © Jones & Bartlett LLC © Jones & Bartlett Learning, LLC Tools Learning, and Software NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION The following software is required to complete this lab. Students are encouraged to explore the Internet to learn more about the products and tools used in this lab. • vi Editor © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 67 © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Deliverables © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Upon completion of this lab, you are required to provide the following deliverables to your instructor: © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL FOR12, SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 1. Lab Report file including screen captures of the following steps: PartNOT 1, Steps 20, and 24; Part 2, Step 9; Part 3, Steps 5 and 9; 2. Lab Assessments file. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Instructor Lab Manual © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 68 | Lab #4 Applying Hardened Linux Filesystem Security Controls © Jones & Bartlett Learning, LLC Hands-On Steps NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION 1. From the vWorkstation desktop, open the Common Lab Tasks file. © Jones & Bartlett Learning, LLC Jones & Bartlett If you desire, use the File Transfer button to transfer the file to your © local computer and Learning, LL NOT FOR SALE OR DISTRIBUT NOTfor FOR OR DISTRIBUTION print a copy yourSALE reference. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC FigureOR 1 “Student Landing” vWorkstation NOT FOR SALE DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT 2. On your local computer, create the lab deliverable files. 3. Review the Lab Assessment Worksheet at the end of this lab. You will find answers to © Jones & questions Bartlett Learning, LLCthrough the lab steps. © Jones & Bartlett Learning, LLC these as you proceed NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 69 © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC Part OR 1: Filesystem Permissions NOT FOR SALE DISTRIBUTION uNote: In the next steps, you will apply hardened security measures on this server by mounting a filesystem with read-only permissions. You will modify theLearning, /etc/fstab fileLLC and perform several tests to sure&that your Learning, LL © Jones & Bartlett © make Jones Bartlett changes were effective. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION The /etc/fstab file (or filesystems table) is a system configuration file commonly found on UNIX systems. This file usually lists all available disks and disk partitions, and indicates how they are to be initialized or otherwise integrated into the overall system's filesystem. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 2 Typical fstab file In a typical fstab file, the columns are separated by©spaces and defined in the following © Jones & Bartlett Learning, LLC Jonesor&tabs Bartlett Learning, LLC manner. name: The device name or other means of locating theOR partition or data source. NOT FOR SALE•ORdevice DISTRIBUTION NOT FOR SALE DISTRIBUTION • mount point: The mount point, where the data is to be attached to the filesystem. For swap files & devices, this should be set to none. • fs-type: The filesystem type, or the algorithm used to interpret the filesystem. • options:©This column or notLLC the filesystem should be mounted at boot or Jones & indicates Bartlettwhether Learning, © Jones & Bartlett Learning, LL whether NOT it can be written to, with (read-write) or not, with ro (read-only). NOT FOR SALE OR DISTRIBUT FOR SALE ORrwDISTRIBUTION • dump-freq: This indicator adjusts the archiving schedule for the partition (used by dump). • pass-num: This indicator controls the order in which fsck checks the device/partition for errors at boot time. The root device should be 1. Other partitions should be either 2 (to check after root) or 0 (to&disable checking for that LLC partition altogether). © Jones Bartlett Learning, © Jones & Bartlett Learning, LLC • FOR A value of 0 inOR either of the last two columns disables the corresponding feature.OR DISTRIBUTION NOT SALE DISTRIBUTION NOT FOR SALE The /etc/fstab file is most commonly used by the mount command. The mount command instructs the operating system that a filesystem is ready to use, and it becomes associated with a particular point in the filesystem’s hierarchy. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 1. Double-click the RDP folder icon on the desktop. 2. Double-click the TargetCentOS01.rdp file to open the Linux server. The remote GNOME desktop, Learning, the graphicalLLC user interface (GUI) for©theJones virtual&Linux © Jones & Bartlett Bartlett Learning, LL server, opens with the IP address of the remote machine (172.30.0.21) in the title bar at OR DISTRIBUT NOT FOR SALE NOT FOR SALE OR DISTRIBUTION the top of the window. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 70 | Lab #4 Applying Hardened Linux Filesystem Security Controls © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 3 GNOME desktop © Jones & Bartlett Learning, LLC © Jonesdesktop & Bartlett Learning, LLCemulator and 3. Double-click the Terminal icon on the GNOME to open the terminal NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION access the Linux server command line. 4. At the command prompt, type su -c ꞌvi /etc/fstabꞌ and press Enter to open the fstab file in the vi Editor. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL 5. When prompted, type P@ssw0rd!, the root password, and press Enter. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION uNote: You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 4 fstab file in the vi Editor 6. Press the i key to enter the Insert mode. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 71 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 7. Use the arrow keys to locate the following in the file:OR DISTRIBUTION NOTline FOR SALE NOT FOR SALE OR DISTRIBUTION • /virtimages/disk/rimage.img /archives ext3 loop,defaults 0 0 8. Move the cursor immediately behind the word defaults and type ,ro to apply read-only © Jones Bartlett Learning, LLC © Jones & Bartlett Learning, LL permissions to the & archives directory. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT Figure 5 Modify the fstab file © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 9. Press the Esc key to exit the Insert mode. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 10. Type :wq! and press Enter to save your changes and exit the vi Editor. 11. At the command prompt, type cat /etc/fstab and press Enter to display the contents of the © Jones & Bartlettfile. Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE12. OR DISTRIBUTION FOR SALE DISTRIBUTION Make a screen capture showing edited NOT content of the fstab OR file and paste it into the Lab Report file. 13. At the command prompt, type su -c ꞌmount -o remount /archivesꞌ and press Enter to remount©theJones archives partition after havingLLC made the changes to the fstab file. & Bartlett Learning, LL & Bartlett Learning, © Jones NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 14. When prompted, type P@ssw0rd!, the root password, and press Enter. uNote: You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this © Jones & Bartlett ©toJones & password. Bartlett Learning, LLC lab, please use the CAPSLearning, LOCK buttonLLC or the On-Screen Keyboard input the NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 72 | Lab #4 Applying Hardened Linux Filesystem Security Controls © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 15. At the command prompt, type cd /archives/2011 pressOR Enter to change the directory. NOT FORand SALE DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Notice that the command prompt indicates that the directory has changed. 16. At the command prompt, type ls -ls and press Enter to list the files in this directory and review the permissions that areLearning, currently applied © Jones & Bartlett LLC to each file. © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION According to the list command, the revenue.doc file currently has read-write permissions. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT Figure 6 List the archives/2011 directory © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR the DISTRIBUTION 17. At the command prompt, type su -c ꞌvi revenue.docꞌ and press Enter to open revenue.doc file in the vi Editor. 18. When prompted, type P@ssw0rd!, the root password, and press Enter. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC uNote: NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password. 19. Press the i key to enter the Insert mode. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR NOT DISTRIBUTION The status lineFOR at theSALE bottomOR of the editor indicates that the file is read-only. So, SALE even OR DISTRIBUT though the list command indicated this file was read-write, by changing the permissions on the archives directory, you also changed the permissions for this file. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 73 © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 7 Edit a read-only file 20. Make a screen capture showing the read-only indicator and paste it into the Lab Report file. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL FOR DISTRIBUTION 21. Press theNOT Esc key toSALE exit theOR Insert mode. NOT FOR SALE OR DISTRIBUT 22. Type :q and press Enter to exit the vi Editor without saving any edits. 23. At the commandLearning, prompt, type su -c ꞌtouch yourname_test.txtꞌ, yourname withLLC © Jones & Bartlett LLC © Jonesreplacing & Bartlett Learning, your SALE own name, press Enter to create a new file in this FOR directory. NOT FOR OR and DISTRIBUTION NOT SALE OR DISTRIBUTION You should see a “cannot touch ‘yourname_test.txt’” error message indicating that the file cannot be created in a read-only filesystem. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 74 | Lab #4 Applying Hardened Linux Filesystem Security Controls © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Figure 8 Create a new file in a read-only directory 24. Make a screen capture showing the error message and paste it into the Lab Report file. © Jones & Bartlett Learning, LLC Part 2: SettingNOT Quotas FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT uNote: In the next steps, you will apply hardened security measures on this server by setting user account quotas on filesystem partitions. Quotas can be used as a disk management tool to restrict the amount of disk © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC space to which specific users can write. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION The following steps are required to establish a quota. 1. Add usrquota to the mounting options and mount or remount. 2. Initialize the quota database. 3. Turn quotas on. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 4. Edit the user’s quota table to specify a hard limit. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 1. At the command prompt, type su -c ꞌvi /etc/fstabꞌ and press Enter to reopen the fstab file. 2. When prompted, type P@ssw0rd!, the root password, and press Enter. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL uNote: NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password. 3. Press the i key to enter the Insert mode. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION 4. Use the arrow keys to locate the following line in theNOT file: FOR SALE OR DISTRIBUTION • /virtimages/disk/qimage.img /common ext3 loop,defaults 0 0 © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 75 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 5. Move the cursor immediately behind the word defaults type ,usrquota to apply the NOT FOR SALEand OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION user quotas. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 9 Modify the fstab file © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT 6. Press the Esc key to exit the Insert mode. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 7. FOR Type SALE :wq! and press Enter to save your changes and exit theFOR vi Editor. NOT OR DISTRIBUTION NOT SALE OR DISTRIBUTION 8. At the command prompt, type cat /etc/fstab and press Enter to display the contents of the file. 9. Make a screen capture showing the edited contents of the fstab file and paste © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLCit into the Lab Report file. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 10. At the command prompt, type su -c ꞌmount -o remount /commonꞌ and press Enter to remount the common partition after having made the changes to the fstab file. © Jonestype & Bartlett Learning, © Jones & Bartlett Learning, LL 11. When prompted, P@ssw0rd!, the root LLC password, and press Enter. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION uNote: You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 12.FOR At the command prompt, type su -c ꞌ /sbin/quotacheckNOT -cugFOR /commonꞌ and press Enter to NOT SALE OR DISTRIBUTION SALE OR DISTRIBUTION initialize the quota database on this folder filesystem. Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 76 | Lab #4 Applying Hardened Linux Filesystem Security Controls © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC uNote: NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Editing the /etc/fstab file and remounting the filesystem only alerted Linux to the fact that the filesystem has quota capabilities. You initialize the quota table with the quotacheck command. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL 13. When prompted, type P@ssw0rd!, the root password, and press Enter. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION uNote: You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR OR DISTRIBUTION 14. At the command prompt, type su -c ꞌ/sbin/quotaon /commonꞌ and SALE press Enter to turn quotas on. 15. When prompted, type P@ssw0rd!, the root password, and press Enter. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC uNote: NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password. 16. At the command prompt, type su -c ꞌ/usr/sbin/edquota -f /common studentꞌ and press © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL Enter to open the user quota settings. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 17. When prompted, type P@ssw0rd!, the root password, and press Enter. uNote: You are required to enterLearning, a mixed-caseLLC password. If you are not using the Citrix access this LLC © Jones & Bartlett © Jones & Receiver BartletttoLearning, lab, please the CAPS button or the On-Screen KeyboardNOT to input the SALE password. NOT FORuse SALE OR LOCK DISTRIBUTION FOR OR DISTRIBUTION 18. Press the i key to enter the Insert mode. 19. Use the arrow keys to locate the /dev/loop1 line in the Disk quotas for user student (uid © Jones & Bartlett500) Learning, © Jones & Bartlett Learning, LLC section LLC of the file. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 20. Type the new limits indicated below to change the existing limits. • • First soft column: 30 First©hard column: 100 Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 77 © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 10 Set the quotas for the student user account © Jones & Bartlett Learning, © Jones & Bartlett Learning, LLC 21. Press the EscLLC key to exit the Insert mode. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 22. Type :wq! and press Enter to save your changes and exit the vi Editor. Part 3: Quota Testing and Verification © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL uNote: NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION In the next steps, you will follow several test scenarios to make sure that your filesystem changes in the previous lab parts were effective. 1. At the commandLearning, prompt, type su –c ꞌmkdir /common/student &&&chown student.student © Jones & Bartlett LLC © Jones Bartlett Learning, LLC /common/studentꞌ and press Enter to create a new directory called student andDISTRIBUTION change NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR ownership of that directory to the student user account. 2. When prompted, type P@ssw0rd!, the root password, and press Enter. © Jones & Bartlett © Jones & Bartlett Learning, LLC uNote:Learning, LLC NOT FOR SALE ORrequired DISTRIBUTION ORCitrix DISTRIBUTION You are to enter a mixed-case password.NOT If you FOR are notSALE using the Receiver to access this lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password. 3. At the command prompt, type cd /common/student and press Enter to change the directory. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION Notice that the command prompt indicates that the directory has changed. 4. At the command prompt, type dd if=/dev/urandom of=yourname.file bs=9548576 count=1, replacing yourname with your own name, and press Enter to create a file with © Jones & Bartlett 100MB Learning, LLC data. © Jones & Bartlett Learning, LLC approximately of random NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 78 | Lab #4 Applying Hardened Linux Filesystem Security Controls © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT Figure 11 Attempt to create a file that exceeds user quotas © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 5. FOR Make SALE a screen capture showing the output from your test andFOR pasteSALE it intoOR the DISTRIBUTION Lab Report NOT OR DISTRIBUTION NOT file. 6. At the command line prompt, type su –c ꞌ/usr/sbin/repquota /commonꞌ and press Enter to run a report of the amount of the quota limit already used. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE The repquota report displays a summary of the disk usageOR andDISTRIBUTION quotas for the specified filesystems. The current number of files and amount of space (in kilobytes) is printed for each user, along with any quotas created with edquota. 7. When prompted, P@ssw0rd!, the root LLC password, and press Enter. © Jonestype & Bartlett Learning, © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION uNote: You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC Figure 12 Repquota report NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT 8. At the command line prompt, type quota and press Enter to run a quota report of the student directory. © Jones & aBartlett Learning, LLCthe quota report and paste © Jones Bartlett Learning, 9. Make screen capture showing it into&the Lab Report file. LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 10. In the Lab Report file, compare the output of the repquota and quota commands. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 79 © Jones & Bartlett Learning, LLC Close the remote Linux connection. NOT FOR SALE11. OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION uNote: This completes the lab. Close the virtual lab, if you have not already done so. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 80 | Lab #4 Applying Hardened Linux Filesystem Security Controls © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Evaluation Criteria and Rubrics NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION The following are the evaluation criteria and rubrics that the students must perform: 1. Mount a filesystem without execute permissions, so you can safely read the data © in Jones & Bartlett Learning, Jones & Bartlett Learning, LL contained the disk without executing anyLLC unexpected programs – © [20%] FOR SALE OR DISTRIBUTION 2. Mount aNOT remote filesystem and configure the system to be mounted NOT at bootFOR timeSALE for an OR DISTRIBUT automatic network share on a Linux system – [20%] 3. Set user quotas on disk to protect the availability and security on the Linux system and to prevent users from taking up all the disk drive space on the system – [20%] 4. Edit modifyLearning, the /etc/fstab file to manage local and©remote file shares as well © Jones &and Bartlett LLC Jonesnetwork & Bartlett Learning, LLC as theSALE necessary mounting configurations required [20%] NOT FOR OR disk DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 5. Configure and use the repquota command to verify usage of disk space by users and manage quotas – [20%] © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 81 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Lab #4 – Assessment Worksheet NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Applying Hardened Linux Filesystem Security Controls Course Name and Number: _____________________________________________________ © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Lab Due Date: ________________________________________________________________ NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Overview This lab, an extension of the previous labs, incorporated security hardening for filesystems and © Jones & Bartlett Learning, LLCfilesystems. In this lab, ©you Jones & Bartlett Learning, LLC user access to mounted mounted a filesystem that does not have NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION execute permissions on the CentOS Linux Server. You also mounted a remote filesystem and set quotas for users of mounted filesystems. Lab Assessment Questions & Answers © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR NOToption FOR would SALEallow OR DISTRIBUTION 1. Which fstab customers to view PDF files without being ableSALE OR DISTRIBUT to modify the files? Note introducing Part 1. Read-Only or ro © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 2. FOR Describe theOR process to create a quota hard limit of 2G for aFOR user.SALE OR DISTRIBUTION NOT SALE DISTRIBUTION NOT Note introducing Part 2. The following steps are required to establish a quota. • Add usrquota to the mounting options and mount or remount. • Initialize the quota database. © Jones & Bartlett•Learning, LLC © Jones & Bartlett Learning, LLC Turn quotas on. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION • Edit the user’s quota table to specify a hard limit. 3. What command enables you to initialize quotas on a filesystem? © Jones LLC © Jones & Bartlett Learning, LL Part 2, Step 12. Use & theBartlett commandLearning, su -c ꞌ /sbin/quotacheck -cug /<filesystem>ꞌ NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 4. What command enables you to change disk quotas on the /common filesystem for the student user account? Part&2,Bartlett Step 16. Use the command -f /common studentꞌLearning, LLC © Jones Learning, LLCsu -c ꞌ/usr/sbin/edquota © Jones & Bartlett NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 82 | Lab #4 Applying Hardened Linux Filesystem Security Controls © Jones & Bartlett Learning, LLC What is the /etc/fstab file for? NOT FOR SALE5.OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Note introducing Part 1. The /etc/fstab file (or filesystems table) is a system configuration file commonly found on UNIX systems. This file usually lists all available disks and disk partitions, and indicates how they are to be initialized or otherwise integrated into the © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL overall system's filesystem. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 6. What is the mount command? Explain. Note introducing Part 1. The mount command instructs the operating system that a © Jones & Bartlett Jones & Bartlett filesystem is readyLearning, to use, andLLC it becomes associated with © a particular point in the Learning, LLC filesystem’s NOT FOR SALEhierarchy. OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 7. What is the repquota command in Linux used for? Explain. How is this different from the quota command? © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Note following Part 3, Step 6. The repquota report displays a summary of the disk usage NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION and quotas for the specified filesystems. The current number of files and amount of space (in kilobytes) is printed for each user, along with any quotas created with edquota. (Answers to the second question will be unique to each student.) © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Lab #5 Hardening Security for Linux Services and Applications © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Introduction © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT This lab is an extension of previous labs, and it incorporates security hardening for Linux services and applications loaded in the physical server. Every service and application in a Linux © Jones Bartlettconfiguration Learning, LLC Jones & Bartlett Learning, LLC system has & a separate file. These configuration©files consist of a collection of NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION execution commands that control various aspects of the program, such as passwords, disk quotas, access, user accounts, and even system messages. In most cases, the configuration files are found in the Linux /etc directory. In this lab, you will LLC configure security and hardened services and applications ensure the © Jones & Bartlett Learning, © Jones & Bartlett Learning,toLLC confidentiality, integrity, and availability of those services. You will configure and secure an NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Apache Web server and MySQL database and the components necessary to harden the security implementation of both. You also will configure the Sendmail application for secure local messaging and will enable secure, encrypted remote access using Secure Shell (SSH). Jones & Bartlett Learning, © Jones & Bartlett Learning, LL This lab has four©parts, which should be completedLLC in the order specified. There is no challenge NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION question for this lab. 1. In the first part of the lab, you will apply harden security measures for a MySQL database application. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 2. In the second part of the lab, you will apply harden security measures on this server by NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION modifying the Apache Web services configuration file (httpd.conf). 3. In the third part of the lab, you will apply harden security measures on this server by modifying the Sendmail configuration file (sendmail.mc). © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 4. In the fourth part of the lab, you will edit theFOR SSH SALE configuration file (sshd_config) to NOT FOR SALE OR DISTRIBUTION NOT OR DISTRIBUTION disallow direct root login, require all connecting systems be whitelisted (added to a internal registry of recognized systems), and display a warning message to everyone who attempts to log in remotely. © Jones & Bartlett Learning, LLC Learning Objectives NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT Upon completing this lab, you will be able to do the following: • Harden Linux server services when enabling and installing them, and keep a security © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC perspective during configuration NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. © Jones & Bartlett Learning, LLC www.jblearning.com NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Instructor Lab Manual 83 © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 84 | Lab #5 Hardening Security for Linux Services and Applications © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION • Perform basic security configurations to ensure that the system has been hardened before NOT FOR SALE OR DISTRIBUTION hosting a Web site • Configure and perform basic security for a MySQL database, understanding the ramifications of a default installation and recommending hardening steps for the database instance© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL • Set up and perform configuration for Sendmail to be able leverage the OR DISTRIBUT NOTtoFOR SALE NOT FOR basic SALEsecurity OR DISTRIBUTION built-in messaging capabilities of the Linux system • Enable and implement secure SSH for encrypted remote access over the network or across the Internet of a Linux server system © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Tools and Software The following software and/or utilities are required to complete this lab. Students are encouraged to explore the Internet to learn more about the products and tools used in this lab. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC • Apache Web Server NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION • MySQL • Sendmail • vi Editor © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 85 © Jones & Bartlett Learning, LLC Deliverables NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Upon completion of this lab, you are required to provide the following deliverables to your instructor: © Jones & Bartlett Learning, LLC & Bartlett 1. Lab Report file including screen captures of the following steps: Part©1,Jones Step 14; Part 2, Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION Steps 11 and 15; Part 3, Step 10; Part 4, Steps 22 and 26; 2. Lab Assessments file. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC CopyrightOR © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. rights reserved. NOT FOR SALE DISTRIBUTION NOT All FOR SALE OR DISTRIBUTION Instructor Lab Manual www.jblearning.com © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 86 | Lab #5 Hardening Security for Linux Services and Applications © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Hands-On Steps © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION uNote: This lab contains detailed lab procedures, which you should follow as written. Frequently performed tasks are explained in the Common&Lab Tasks document on the vWorkstation desktop. You should review these Learning, LL © Jones Bartlett Learning, LLC © Jones & Bartlett tasks before starting theFOR lab. SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUT NOT 1. From the vWorkstation desktop, open the Common Lab Tasks file. If you desire, use the File Transfer button to transfer the file to your local computer and © Jones LLC © Jones & Bartlett Learning, LLC print&aBartlett copy for Learning, your reference. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, © Jones & Bartlett Learning, LLC FigureLLC 1 “Student Landing” vWorkstation NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 2. On your local computer, create the lab deliverable files. 3. Review the Lab Assessment Worksheet at the end of this lab. You will find answers to these questions as you proceed through the lab steps. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Part 1: Secure MySQL database uNote: In the next steps, you will harden a MySQL database application by modifying the my.cnf configuration file. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL You will add skip-networking to prevent remote access to the database and disallow the ability to load a NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION local data file. You also will configure the database to start automatically on runlevel 3, and set the MySQL root password. Runlevels define the state of the Linux server upon boot-up. Defining runlevels helps define access control © Jones & Learning, LLC to access the service © orJones & Bartlett parameters forBartlett users or system administrators application uniquely.Learning, Runlevel LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION three, Multi-user Mode with Networking, is the most common mode. It enables multiple user accounts, networking, command line configurations, and remote access to the server. 1. Double-click the RDP folder icon on the desktop. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 87 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 2. Double-click the TargetCentOS01.rdp file to open LinuxOR server. NOT FORthe SALE DISTRIBUTION NOT FOR SALE OR DISTRIBUTION The remote GNOME desktop, the graphical user interface (GUI) for the virtual Linux server, opens with the IP address of the remote machine (172.30.0.21) in the title bar at the top of the window. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 2 GNOME desktop © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL 3. Double-click Terminal the GNOME desktop to open the terminal emulator NOT FOR SALEand OR DISTRIBUT NOTthe FOR SALEicon ORonDISTRIBUTION access the Linux server command line. 4. At the command prompt, type sudo /sbin/service mysqld status and press Enter to check the status of the MySQL service. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 5. FOR WhenSALE prompted a password, type pass=7890 and press NOT OR for DISTRIBUTION NOT Enter. FOR SALE OR DISTRIBUTION The system returns a status indicating that the MySQL daemon service is not running. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett LLC of a service © Jones & Bartlett Learning, LL Figure 3Learning, Check the status NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 6. At the command prompt, type su -c ꞌvi /etc/my.cnfꞌ and press Enter to open the MySQL configuration file in the vi Editor. 7. When prompted, type P@ssw0rd!, the root password, and press Enter. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC CopyrightOR © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. rights reserved. NOT FOR SALE DISTRIBUTION NOT All FOR SALE OR DISTRIBUTION Instructor Lab Manual www.jblearning.com © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 88 | Lab #5 Hardening Security for Linux Services and Applications © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION uNote: You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password. & Bartlett Learning, © Jones & Bartlett Learning, LL 8. Press the©i Jones key to enter the Insert mode. LLC NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 9. Use the arrow keys to locate the #symbolic-links=0 line and delete the # symbol from the beginning of the line to enable this command. 10. Use the arrow keys to locate the #skip-networking line and delete the # symbol from the © Jones & Bartlett LLC © Jones & Bartlett Learning, LLC beginning of theLearning, line to enable this command. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION uNote: symbolic-links: Symbolic links are a special type of file that contains a reference to another file or directory in the form of an absolute or relative path and that affects pathname resolution. Because some © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLCthe original file MySQL statements work by creating a temporary file in the database directory and replacing with the file when the statement operation is complete; this could several security risks. NOT FOR SALE ORtemporary DISTRIBUTION NOT FOR SALE OR create DISTRIBUTION skip-networking: This prevents remote connections (including attacks) to the MySQL DB but will still allow localhost connections via the mysql.sock socket. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC Figure 4 Modify my.cnf file OR DISTRIBUTION NOTtheFOR SALE 11. Press the Esc key to exit the Insert mode. 12. Type :wq! and press Enter to save your changes and exit the vi Editor. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL 13. At the command prompt, type cat /etc/my.cnf and press Enter to display theFOR contents of OR DISTRIBUT NOT SALE NOT FOR SALE OR DISTRIBUTION the edited file. 14. Make a screen capture showing the contents of the edited file and paste it into the Lab Report file. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT3FOR SALE ORpress DISTRIBUTION 15. At the command prompt, type sudo /sbin/chkconfig --level mysqld on and Enter to start the database server automatically only in runlevel 3. 16. At the command prompt, type sudo /sbin/chkconfig mysqld --list and press Enter to view MySQL runlevel settings and verify the service is turned on in runlevel © Jones & Bartlettthe Learning, LLC © that Jones & Bartlett Learning, LLC 3. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 89 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Though the sudo command usually requires a password, sudo commands in the NOT FOR SALE repeated OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION same session (as in this instance) do not required repeated re-entry of the password. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT Figure 5 MySQL runlevel settings © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT OR DISTRIBUTION NOT FOR OR DISTRIBUTION 17.FOR At theSALE command prompt, type sudo /sbin/service mysqld start andSALE press Enter to start the database server. The system returns an OK flag indicating that the MySQL daemon service is starting. that the service started without © a database © Jones & BartlettNotice Learning, LLC Jones &password. Bartlett Learning, LLC NOT FOR SALE18. OR OR DISTRIBUTION AtDISTRIBUTION the command prompt, type mysql -uNOT root FOR -p andSALE press Enter to enter the MySQL environment. 19. At the password prompt, press Enter without entering a password. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL Notice that theFOR command has changed to mysql>. By default,NOT no password is OR DISTRIBUT FOR SALE NOT SALEprompt OR DISTRIBUTION required for the database root user, which can be a significant security risk. You can harden the security by setting a root password for the MySQL server. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC CopyrightOR © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. rights reserved. NOT FOR SALE DISTRIBUTION NOT All FOR SALE OR DISTRIBUTION Instructor Lab Manual www.jblearning.com © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 90 | Lab #5 Hardening Security for Linux Services and Applications © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION 6 MySQL console © Jones & BartlettFigure Learning, LLC © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 20. At the command prompt, type SET PASSWORD FOR root@localhost = PASSWORD('pass=7890'); and press Enter to set the MySQL root password. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT Figure 7 Set the MySQL root password 21. At the command prompt, type quit and press Enter to exit the MySQL environment and © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC return to the TargetCentOS01 command prompt. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 22. Now, repeat step 18 to attempt to log into mysql without entering a password: At the command prompt, type mysql -u root -p and press Enter to enter the MySQL environment. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 91 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 23. At the password prompt, press Enter without entering a password. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION This time, the access is denied because a password is required. Part 2: Harden©the Apache Web server Jones & Bartlett Learning, LLC uNote: © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION The Apache Web server is an open source HTTP server that can run on *nix-based and Windows operating systems. In the next steps, you will harden security measures on this server by modifying the Apache Web services configuration file (httpd.conf). You will first set the service to start automatically in © Jones & Bartlett Learning, LLCconnection method, and©then Jones Bartlett Learning, LLC runlevel 3, disable the default HTTP Trace verify & your changes. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 1. At the command prompt, type sudo /sbin/chkconfig --level 3 httpd on and press Enter to set the Web service to start automatically on runlevel 3. 2. IfLearning, prompted for a password, type pass=7890 and press Enter.Learning, LLC © Jones & Bartlett LLC © Jones & Bartlett NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 3. At the command prompt, type sudo /sbin/service httpd start and press Enter to start the httpd service. The system returns an OK flag indicating that the httpd service is starting. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 8 httpd runlevel settings 4. At the command prompt, type su -c ꞌ vi +86 /etc/httpd/conf/httpd.conf ꞌ and press Enter to © Jones & Bartlettopen Learning, LLC file in the vi Editor©and Jones Bartlett LLC the httpd.conf move&directly to Learning, line 86. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 5. When prompted, type P@ssw0rd!, the root password, and press Enter. uNote: You are required © to enter a mixed-case password. If youLLC are not using the Citrix Receiver to access this Jones & Bartlett Learning, © Jones & Bartlett Learning, LL lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 6. Press the i key to enter the INSERT mode. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC CopyrightOR © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. rights reserved. NOT FOR SALE DISTRIBUTION NOT All FOR SALE OR DISTRIBUTION Instructor Lab Manual www.jblearning.com © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 92 | Lab #5 Hardening Security for Linux Services and Applications © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 7. Use the arrow keys to locate the #TraceEnable off line andOR delete the # symbol at the NOT FOR SALE DISTRIBUTION NOT FOR SALE OR DISTRIBUTION beginning of the line to disable the Trace connection method. This method has the potential to leak more information about the server than necessary and poses a security risk. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT Figure © Jones & Bartlett Learning, LLC9 Disable the Trace method © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 8. Press the Esc key to exit the Insert mode. 9. Type :wq! and press Enter to save your changes and exit the vi Editor. 10. At the command httpd configtest and press Enter to test © Jones & Bartlett Learning, LLCprompt, type sudo /sbin/service © Jones & Bartlett Learning, LLC for any syntax errors in the configuration file caused by your edits. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION The system will return a Syntax OK message indicating that the file is error-free. 11. Make a screen capture showing the syntax message and paste it into the Lab Report file. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL 12. At the command prompt, type sudo /sbin/service httpd reload and press Enter to SALE reload OR DISTRIBUT NOT FOR NOT FOR SALE OR DISTRIBUTION the configuration file and put your changes into effect. The system returns no error indicating that the Web service is reloading. © Jones & Bartlett Learning, LLC Jones & to Bartlett Learning, to LLC 13. At the command prompt, type telnet localhost 80 and © press Enter open a connection NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION port 80 to test your configuration changes. Once connected to the localhost, the solid cursor becomes the command prompt. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 93 © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 10 Telnet prompt © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL SALE NOT FOR SALE OR DISTRIBUTION 14. At the solid cursor command prompt, type TRACE and press Enter toNOT openFOR the raw codeOR DISTRIBUT of an HTML file. In this case, the system generates an HTML file that indicates the method is not allowed, which verifies that your changes © Jones & Bartlett Learning, LLC were successful. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC Jones Bartlett Learning, LLC Figure 11 Output©from Telnet&connection NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 15. Make a screen capture showing the output of the TRACE command and paste it into the Lab Report file. Jones & Bartlett Learning, LLC Part 3: Secure©Sendmail NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT uNote: In the next steps, you will harden security measures on this server by modifying the Sendmail configuration file (sendmail.mc). Sendmail is the default Linux mail server and can be the source of many security threats Jones & Bartlett Learning, LLC © Jones & Bartlett LLC if©not hardened properly. You will first set the service to start automatically in runlevel 3, andLearning, then configure the sendmail.mc configuration file to restrict relaying mail. An openNOT SMTPFOR relay allows on the NOT FOR SALE OR DISTRIBUTION SALEanyone OR DISTRIBUTION Internet to relay e-mail through it. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC CopyrightOR © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. rights reserved. NOT FOR SALE DISTRIBUTION NOT All FOR SALE OR DISTRIBUTION Instructor Lab Manual www.jblearning.com © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 94 | Lab #5 Hardening Security for Linux Services and Applications © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 1. At the command prompt, type sudo /sbin/chkconfig --levelOR 3 sendmail on and press Enter NOT FOR SALE DISTRIBUTION NOT FOR SALE OR DISTRIBUTION to set the Sendmail service to start automatically on runlevel 3. 2. If prompted for a password, type pass=7890 and press Enter. © Jonesprompt, & Bartlett Learning, © Jones & Bartlett Learning, LL 3. At the command type su -c ꞌvi +116LLC /etc/mail/sendmail.mcꞌ and press Enter to NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION open the mail configuration file in the vi Editor at line 116. 4. When prompted, type P@ssw0rd!, the root password, and press Enter. uNote: © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC You areFOR required to enter mixed-case password. If you are not using theFOR Citrix SALE ReceiverOR to access this NOT SALE ORaDISTRIBUTION NOT DISTRIBUTION lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password. 5. Press the i key to enter the INSERT mode. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 6. Use the arrow keys to locate the DAEMON_OPTIONS(ꞌPort=smtp, Name=MTAꞌ)dnl line in NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION the file, move the cursor directly after the word smtp, and type Addr=127.0.0.1, so that the entire line reads: DAEMON_OPTIONS(`Port=smtp, Addr=127.0.0.1, Name=MTA')dnl. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT Figure 12 Modify the sendmail.mc file 7. Press the Esc key to exit the Insert mode. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 8. FOR Type SALE :wq! and press Enter to save your changes and exit theFOR vi Editor. NOT OR DISTRIBUTION NOT SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 95 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 9. At the command prompt, type sudo /sbin/service startDISTRIBUTION and press Enter to start NOT FORsendmail SALE OR NOT FOR SALE OR DISTRIBUTION the Sendmail server. The system returns OK flags to indicate that both the Sendmail server and client service are running. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL 10. Make a screen capture showing OK flags and paste it into the LabNOT Report file.SALE OR DISTRIBUT FOR NOT FOR SALE OR the DISTRIBUTION Part 4: Secure SSH © Jones & Bartlett Learning, LLC uNote: © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE ORinDISTRIBUTION Secure Shell (SSH) is an encrypted remote command-line login, and ensures confidentiality remote access and login by system administrators. Telnet was the predecessor to SSH. It sends remote access and login unencrypted in cleartext and therefore can be compromised easily by a hacker if the IP packets are sniffed and captured. In the next steps, you will first set the service to start automatically in runlevel 3 and then Learning, configure theLLC secure shell (SSH service) © so Jones that it disallows login by the root account, © Jones & Bartlett & Bartlett Learning, LLC accepts only recognized hosts, requires all hosts be addedNOT to the FOR hosts file, and OR displays a message to every user NOT FOR SALE OR DISTRIBUTION SALE DISTRIBUTION who attempts to log into the server. 1. At the command prompt, type su -c ꞌvi /etc/ssh/sshd_configꞌ and press Enter to open the SSH configuration in the viLearning, Editor. LLC © Jones &file Bartlett © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 2. When prompted, type P@ssw0rd!, the root password, and press Enter. uNote: You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this © Jones & Bartlett & password. Bartlett Learning, LLC lab, please use the CAPSLearning, LOCK buttonLLC or the On-Screen Keyboard©toJones input the NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 3. Press the i key to enter the INSERT mode. 4. Use the arrow keys to locate the #PermitRootLogin yes line in the file and delete the # fromLLC the beginning of the line © to Jones enable the command. © Jones & Bartlettsymbol Learning, & Bartlett Learning, LLC NOT FOR SALE5.OR NOT FORtheSALE OR DISTRIBUTION InDISTRIBUTION the PermitRootLogin line, type no to replace yes and remove the root account’s ability to login. 6. Use the arrow keys to locate the PasswordAuthentication yes line in the file and type no to replace the yes and&disable logins with passwords. © Jones Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION Notice that there are 2 PasswordAuthentication lines. The first has a # symbol in front disabling it by default. The second does not have a # symbol, so that is the command the system is currently reading and that is the command line you will need to edit. © Jones Bartlett Learning, © Jones Bartlett LLC 7. Use&the arrow keys to locateLLC the #UsePAM no line in the file and&delete the #Learning, symbol from NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION the beginning of the line to enable the command. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC CopyrightOR © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. rights reserved. NOT FOR SALE DISTRIBUTION NOT All FOR SALE OR DISTRIBUTION Instructor Lab Manual www.jblearning.com © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 96 | Lab #5 Hardening Security for Linux Services and Applications © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 8. Use the arrow keys to locate the UsePAM yesFOR line in the file and type the # symbol at the NOT SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION beginning of the line to disable the command. 9. Use the arrow keys to locate the #Banner none line in the file and delete the # symbol from the beginning of the line to enable the command. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 10. In the Banner line, type /etc/motd to replace the none and specify theNOT nameFOR of theSALE file that will display an error message to every user who attempts to log in. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 13 Modify the sshd_config file 11. Press the Esc key to exit the Insert mode. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 12. Type :wq! and press Enter to save your changes and exit the Editor. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE ORviDISTRIBUTION 13. At the command prompt, type su -c ꞌvi /etc/motdꞌ and press Enter to open the MOTD (message of the day) banner file in the vi Editor. © Jonestype & Bartlett Learning, © Jones & Bartlett Learning, LL 14. When prompted, P@ssw0rd!, the root LLC password, and press Enter. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION uNote: You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 15.FOR PressSALE the i key enter the INSERT mode. NOT ORtoDISTRIBUTION NOT FOR SALE OR DISTRIBUTION 16. At the beginning of the first blank line, type PROPERTY OF FIRST WORLD BANK SAVINGS AND LOAN. AUTHORIZED USERS ONLY! © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 97 © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT Figure 14 Modify the motd file 17. Press the Esc key to exit the Insert mode. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 18.FOR Type SALE :wq! andOR press Enter to save your changes and exit theFOR vi Editor. NOT DISTRIBUTION NOT SALE OR DISTRIBUTION 19. At the command prompt, type sudo /sbin/service sshd status and press Enter to check the status of the open SSH server. © Jones & Bartlett Learning, LLCfor a password, type pass=7890 © Jones & Learning, LLC 20. When prompted andBartlett press Enter. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION The system will return an indicator that the openssh-daemon is running. 21. Make a screen capture showing the status of the openssh-daemon and paste it into the Lab Report file. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL 22. At the command prompt, /sbin/service sshd reload and press Enter to reload NOT FOR SALEthe OR DISTRIBUT NOT FOR SALEtype ORsudo DISTRIBUTION open SSH configuration file and put your changes into effect. The system returns an OK flag indicating that the SSH service is reloading. © Jones & Bartlett LLC Jones & Bartlett 23. At the commandLearning, prompt, type ssh localhost and press©Enter to open an SSHLearning, connectionLLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION to the localhost. The system returns an error indicating that localhost is not a recognized host. Unless the host is specifically added to the hosts file, which was not done in this lab, this error will The system continue the attempted connection. © Jones & Bartlettoccur. Learning, LLC will also prompt you © to Jones & Bartlett Learning, LLC NOT FOR SALE24. OR DISTRIBUTION NOT SALE OREnter. DISTRIBUTION When prompted to continue connecting, typeFOR yes and press Because the sshd_config file was configured to deny SSH access to the root user and anyone trying to use a password, the SSH server will prevent the remote access and display the message&of the day.Learning, LLC © Jones Bartlett © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC CopyrightOR © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. rights reserved. NOT FOR SALE DISTRIBUTION NOT All FOR SALE OR DISTRIBUTION Instructor Lab Manual www.jblearning.com © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 98 | Lab #5 Hardening Security for Linux Services and Applications © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 15 VerifyLearning, MOTD banner message for SSH login © Jones & Bartlett Learning, LL © Jones & Bartlett LLC NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 25. Make a screen capture showing the message of the day banner and paste it into the Lab Report file. 26. Close the remote Linux connection window. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC uNote: NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION This completes the lab. Close the virtual lab, if you have not already done so. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 99 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Evaluation Criteria and Rubrics NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION The following are the evaluation criteria for this lab that students must perform: 1. Harden Linux server services when enabling and installing them, and keep a security © Jones Bartlett Learning, © Jones & Bartlett Learning, LL perspective during& configuration – [20%] LLC NOThardened FOR SALE OR DISTRIBUT SALE OR DISTRIBUTION 2. PerformNOT basic FOR security configurations to ensure that the system has been before hosting a Web site – [20%] 3. Configure and perform basic security for a MySQL database, understanding the ramifications of a default installation and recommending hardening steps for the database instance – [20%] © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 4. FOR Set upSALE and perform basic security configuration for Sendmail to be able to leverage the NOT OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION built-in messaging capabilities of the Linux system – [20%] 5. Enable and implement secure SSH for encrypted remote access over the network or across the Internet of a Linux server system – [20%] © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC CopyrightOR © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. rights reserved. NOT FOR SALE DISTRIBUTION NOT All FOR SALE OR DISTRIBUTION Instructor Lab Manual www.jblearning.com © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 100 | Lab #5 Hardening Security for Linux Services and Applications © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE Lab OR #5 DISTRIBUTION – Assessment Worksheet NOT FOR SALE OR DISTRIBUTION Hardening Security for Linux Services and Applications Course Name and © Number: Jones &_____________________________________________________ Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Lab Due Date: ________________________________________________________________ NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Overview This lab was an extension of previous labs. It incorporated security hardening for Linux services © Jones & Bartlett Learning, LLCin the physical server.©InJones & you Bartlett Learning, LLC and applications loaded this lab, configured security and hardened NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION services and applications to ensure the confidentiality, integrity, and availability of those services. You configured and secured an Apache Web server and MySQL database and the components necessary to harden the security implementation of both. You also configured the Sendmail application for secure local messaging and enabled secure, encrypted remote access © Jones © Jones & Bartlett Learning, LL using Secure Shell (SSH).& Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION Lab Assessment Questions & Answers 1. When configuring services, what Linux directory typically contains server configuration © Jones & Bartlettfiles? Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Introduction. The /etc directory 2. What is a Linux runlevel for a specific service or application? Which command allows you to define the runlevel uniquely for a service or application? © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Note introducing Part 1. Runlevels define the state of the Linux OR server upon bootup. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE DISTRIBUTION Defining runlevels helps define access control parameters for users or system administrators to access the service or application uniquely. “chkconfig” © Jones & Bartlett Learning, LLC Part 1, Step 15. FOR chkconfig --level NOT SALE OR3 mysqld DISTRIBUTION Part 2, Step 1. chkconfig --level 3 httpd Part 3, Step 1. chkconfig --level 3 sendmail © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 101 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 3. What is the Apache Web server? Review theFOR /etc/httpd/conf/httpd.conf NOT SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION configuration file, and point out a setting that could enhance security. Note introducing Part 2. The Apache Web server is an open source HTTP server that can run on *nix based and Windows operating systems. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR NOT FOR SALE OR DISTRIBUTION (Answers to the second question will be unique to each student; however, one option is SALE OR DISTRIBUT decreasing timeout settings to help prevent against denial of service.) 4. OpenSSH is the de facto method used to remotely access Linux systems. Explain why&the use of telnet is discouraged. © Jones Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Note introducing Part 4. Secure Shell (SSH) is an encrypted remote command-line login, and ensures confidentiality in remote access and login by system administrators. Telnet was the predecessor to SSH. It sends remote access and login unencrypted in cleartext therefore LLC can be compromised easily © by Jones a hacker&if the IP packets are sniffed and © Jones & Bartlettand Learning, Bartlett Learning, LLC captured. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 5. What are symbolic links? Note following Part 1, Step 10. Symbolic links are a special type of file that contains a reference©toJones another & fileBartlett or directory in the formLLC of an absolute or relative path and that & Bartlett Learning, LL Learning, © Jones affects pathname resolution. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 6. Why is it recommended to disable symbolic links in MySQL? Note following Part 1, Step 10. Because some MySQL statements work by creating a © Jones & Bartlett Learning, © Jones & Bartlett Learning, LLC temporary file in the database LLC directory and replacing the original file with the temporary NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR file when the statement operation is complete, this could create several security risks.DISTRIBUTION 7. Why would you add the skip-networking command in MySQL? Note following Part 1, Step 10. This prevents remote connections (including attacks) to the © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC MySQL DB but will still allow localhost connections via the mysql.sock socket. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC CopyrightOR © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. rights reserved. NOT FOR SALE DISTRIBUTION NOT All FOR SALE OR DISTRIBUTION Instructor Lab Manual www.jblearning.com © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Lab #6 Hardening Security by Controlling Access © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Introduction © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT This lab is an extension of the previous labs, and it incorporates access control for the CentOS Linux Server. CentOS has a powerful built-in firewall commonly referred to as IPtables or © JonesThe & Bartlett Learning, © Jones & Bartlett Learning, Netfilter. most common way toLLC configure IPtables is through the command line. There are LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION some GUI front-ends for IPtables, though they often lack flexibility. You will use the command line configuration in this lab. IPtables can be thought of as predefined chains or rules that are read from top to bottom which allow access or denyLLC access to specific protocols (TCP, UDP, ICMP)Learning, and ports. LLC The first match © Jones & Bartlett Learning, © Jones & Bartlett foundOR in the chain will be processed, so it is important where youOR place rules. Best practice NOT FOR SALE DISTRIBUTION NOT FOR SALE DISTRIBUTION recommends a default policy to first refuse (DROP) all packets and add specific rules to allow (ACCEPT) acceptable packets. An additional layer of security can be implemented on a Linux server in the form of TCP © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL Wrappers. Installed by default on CentOS servers, TCP Wrappers provides controlled access NOT FOR services SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION using the hosts.allow and hosts.deny files that allow connection to “wrapped” network after the packet has passed the IPtables firewall. TCP Wrappers reads the hosts.allow (/etc/hosts) file before reading the hosts.deny file. Therefore, if a match is found in the hosts.allow before it reads the hosts.deny rule, the allow rule will be processed. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC For example, when aOR connection attempt is made to a TCP wrapped service, such as DISTRIBUTION SSH, the NOT FOR SALE DISTRIBUTION NOT FOR SALE OR hosts.allow file is accessed to determine whether the client has an allowed rule. Should the rule not exist in either file or the file is not present, the request is automatically permitted. Rules permitting or denying are read in chronological order beginning with the hosts.allow file thereforeLearning, placement LLC of rules are of extreme importance. © Jones & Bartlett © Jones & Bartlett Learning, LLC NOT FOR SALE OR NOT IP FOR SALE OR DISTRIBUTION In this lab,DISTRIBUTION you will first review current host-based firewall services, flush the current firewall configuration, and then reconfigure it with stringent permit/deny rule sets. You also will configure TCP Wrappers for unauthorized access controls and logging. Finally, you will configure SELinux for an additional layer of security. This lab has four parts, which should be Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL completed in the©order specified. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 1. In the first part of the lab, you will enable iptables to help lock down services on a Linux system to permit HTTP, ICMP Ping, and SSH access and deny all other unnecessary access. © Jones & Bartlett Learning, © Jones Bartlett LLC 2. In the second part of the lab,LLC you will add an additional layer of&security of Learning, the system by NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION configuring TCP Wrappers to deny and log unauthorized attempts to access services on the system. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 102 103 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 3. In the third part of the lab, you will confirm SELinux is enabled and modify some of the NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION default settings. 4. Finally, if assigned by your instructor, you will explore the virtual environment on your own to answer a set of challenge questions that allow you to use the skills you learned in Jones independent, & Bartlett Learning, LLC similar to what you © Jones & Bartlett the lab to©conduct unguided work, will encounter in a Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION real-world situation. Learning Objectives © Jones & Bartlett Learning, © Jones & Bartlett Learning, LLC Upon completing this lab, you will LLC be able to perform the following: NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION • Review current internal host-based firewall parameters and configuration settings to verify allowed and denied IP communications • Configure an internal host-based firewall using iptables and create stringent allow/deny for services to the system over Learning, the networkLLC © Jones & Bartlettrules Learning, LLC that may require access © Jones & Bartlett Harden the system by enabling TCP Wrappers to deny andOR logDISTRIBUTION unauthorized attempts NOT FOR SALE• OR DISTRIBUTION NOT FOR SALE against services and ports running on the system • Secure processes running on the system by using and configuring SELinux to help perform more in-depth layered security • Verify configurations of the settings applied by connecting to the Linux server & using SSH Learning, LL © Jones & Bartlett Learning, LLC © Jones Bartlett and connect to other services running on a Linux server NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION Tools and Software The following softwareLearning, and/or utilities this lab.&Students encouraged © Jones & Bartlett LLCare required to complete © Jones Bartlettare Learning, LLC to explore the Internet to learn more about the products and tools used in this lab. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION • None © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 104 | Lab #6 Hardening Security by Controlling Access © Jones & Bartlett Learning, LLC Deliverables NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Upon completion of this lab, you are required to provide the following deliverables to your instructor: © Jones & Bartlett Learning, LLC & Bartlett 1. Lab Report file including screen captures of the following steps: Part©1,Jones Steps 14 and 16; Learning, LL NOT FOR SALE OR DISTRIBUT NOT18; FOR DISTRIBUTION Part 2, Step PartSALE 3, StepsOR 3, 5, and 16; 2. Lab Assessments file; 3. Optional: Challenge Questions file, if assigned by your instructor. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 105 © Jones & Bartlett Learning, LLC Hands-On Steps NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION uNote: This lab contains detailed lab procedures, which you should follow as written. Frequently performed tasks are explained in the Common&Lab Tasks document on the vWorkstation desktop. You should review these Learning, LL © Jones Bartlett Learning, LLC © Jones & Bartlett tasks before starting the lab. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 1. From the vWorkstation desktop, open the Common Lab Tasks file. If you desire, use the File Transfer button to transfer the file to your local computer and © Jones LLC © Jones & Bartlett Learning, LLC print&aBartlett copy for Learning, your reference. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT FigureLLC 1 “Student Landing” vWorkstation © Jones & Bartlett Learning, © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 2. On your local computer, create the lab deliverable files. 3. Review the Lab Assessment Worksheet at the end of this lab. You will find answers to these questions as you proceed through the lab steps. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Part OR 1: Harden the Linux-based IP Firewall uNote: In the next steps, you will harden security measures for the Linux host-based IP firewall by configuring © Jones Bartlett Learning, © Jones & Bartlett Learning, LL stringent permit and deny rule&sets. You will append theLLC INPUT, OUTPUT, and FORWARD chains to FOR SALE OR DISTRIBUT NOT FOR SALE OR and DISTRIBUTION permit HTTP, ICMP Ping, and SSH access deny all other access. You can viewNOT the network port information of your IPtables by using the –v (verbose) switch. For example, iptables –L –v will list the rules and port information. 1. Double-click theLearning, RDP folder LLC on the vWorkstation desktop to open folder.Learning, LLC © Jones & Bartlett © Jones & the Bartlett NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 106 | Lab #6 Hardening Security by Controlling Access © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 2. Double-click the TargetCentOS01.rdp file to start a remote connection to that NOT FOR SALE desktop OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION machine. The remote GNOME desktop, the graphical user interface (GUI) for the virtual Linux server, opens with the IP address of the remote machine (172.30.0.21) in the title bar at © the Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL the top of window. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 3. Double-click the Terminal icon on the GNOME desktop to open the terminal emulator and access the Linux server command line. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Figure 2 GNOME desktop NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 4. At the command prompt, type sudo /sbin/iptables -L and press Enter to list the current host-based firewall rules. 5. When prompted andBartlett press Enter. © Jones & Bartlett Learning, LLCfor a password, type pass=7890 © Jones & Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION The system returns a list of the existing INPUT, OUTPUT, and FORWARD chains indicating that there are no firewall rules set for any of them. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 107 © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 3 Existing INPUT, OUTPUT and FORWARD chains 6. At the command prompt, type sudo /sbin/iptables -I (capital i) INPUT -m state --state © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL ESTABLISHED,RELATED -j ACCEPT and press Enter to add a new firewall rule that allows NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION INPUT chains to the firewall rules and allow established connections. 7. At the command prompt, type sudo /sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT and press Enter to add a new firewall rule that allows INPUT chains to the firewall rules and © Jones & Bartlett Learning, © Jones & Bartlett Learning, LLC allow http (Web) access. LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 8. At the command prompt, type sudo /sbin/iptables -A INPUT -p tcp --dport 443 -j ACCEPT and press Enter to add a new firewall rule that allows INPUT chains to the firewall rules and allow https (SSL) access. © Jones & Bartlett Learning, LLCprompt, type sudo /sbin/iptables © Jones &-ABartlett 9. At the command INPUT -pLearning, tcp --dport LLC 22 -j ACCEPT and NOT FOR SALE OR DISTRIBUTION FOR INPUT SALE OR DISTRIBUTION press Enter to add a new firewall rule NOT that allows chains to the firewall rules and allow secure shell (SSH) connections. 10. At the command prompt, type sudo /sbin/iptables -A INPUT -p icmp -j ACCEPT and press Enter to © addJones a new & firewall ruleLearning, that allowsLLC INPUT chains to the firewall rules & andBartlett allow Learning, LL Bartlett © Jones ICMP pings. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 11. At the command prompt, type sudo /sbin/iptables -A INPUT -p all -j DROP and press Enter to add a new firewall rule that denies all other traffic from the INPUT chains. 12. At the command prompt, type sudo /sbin/service iptables save and press Enter to save the © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC rule set you OR just created. NOT FOR SALE DISTRIBUTION NOT FOR SALE OR DISTRIBUTION The system returns OK flag indicating that the rules have been saved. Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 108 | Lab #6 Hardening Security by Controlling Access © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 13. Make a screen capture of the terminal window showing results of the iptables save NOT FOR SALEthe OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION command and paste it into a new text document. 14. At the command prompt, type sudo /sbin/iptables -L and press Enter to list the newly saved firewall rules. The system returns a list of the existing INPUT, OUTPUT, and © Jones Bartlett the Learning, LLCrules you created in this © Jones FORWARD chains&including new firewall lab. & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 4 New firewall rules for the INPUT chain 15. Make a screen capture showing the output of the iptables -L command and paste it into the © Jones & BartlettLab Learning, LLC © Jones & Bartlett Learning, LLC Report file. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Part 2: Configure TCP Wrappers uNote: Jones & Bartlett © Jones & Bartlett In the next steps,©you will harden securityLearning, measures onLLC this server by configuring the TCP Wrappers to Learning, LL FORthe SALE OR DISTRIBUT FORattempts SALE OR deny and log allNOT connection from DISTRIBUTION a particular domain (.hackers.com). YouNOT will modify hosts.deny configuration file to deny access to the .hackers.com domain and then you will modify the hosts file to enable to the TargetCent0S server to appear to other servers as if it is coming from the .hackers.com domain. Finally, you will attempt to establish an SSH connection to verify your changes to ©the Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC hosts.deny file. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 1. At the command prompt, type su -c ꞌvi /etc/hosts.denyꞌ and press Enter to open the hosts.deny configuration file in the vi Editor. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 109 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 2. When prompted, type P@ssw0rd!, the root password, and OR press Enter to create the new NOT FOR SALE DISTRIBUTION NOT FOR SALE OR DISTRIBUTION account. uNote: You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 3. Press the i key to enter the Insert mode. 4. Use the arrow keys to locate the last # line in the file, delete the # symbol from the beginning of theLearning, line and type ALL : .hackers.com:severity emerg&toBartlett create a Learning, new line. LLC © Jones & Bartlett LLC © Jones NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC © the Jones & Bartlett Figure 5 Modify hosts.deny file Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 5. Press the Esc key to exit the Insert mode. 6. Type :wq! and press Enter to save your changes and exit the vi Editor. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL uNote: NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION The /etc/hosts file keeps a map of IP addresses and aliases of any computers with which it communicates. In the next steps, you will first identify the IP address for the TargetCentOS machine and then you will modify the /etc/hosts file to map that IP address with the .hackers.com domain that you denied in the previous steps. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 7. At the command prompt, type /sbin/ifconfig eth0 and press Enter to find the IP address (inet addr) for the eth0 server. Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 110 | Lab #6 Hardening Security by Controlling Access © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 8. In the Lab Report file, document the IP address (inet addr) you find in the eth0 section. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION You will need it in a later step. 9. At the command prompt, type su -c ꞌvi /etc/hostsꞌ and press Enter to open the hosts file in the vi Editor. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL 10. When prompted, type P@ssw0rd!, the root password, and press Enter. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION uNote: You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this lab, please use the CAPSLearning, LOCK buttonLLC or the On-Screen Keyboard©toJones input the&password. © Jones & Bartlett Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION 11. Press the i key to enter the Insert mode. NOT FOR SALE OR DISTRIBUTION 12. Use the arrow keys to locate the IP address you documented in step 8, move the cursor immediately after that IP address, and type yourname.hackers.com, replacing yourname © Jones & Bartlettwith Learning, LLC © hostname Jones & for Bartlett your own name, to specify the first this IPLearning, address. LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION This change will allow the TargetCentOS01 machine to emulate a computer (with your own name) from the restricted hackers.com domain. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 6 Modify the hosts file 13. Press the EscLLC key to exit the Insert mode. © Jones & Bartlett Learning, © Jones & Bartlett Learning, LLC NOT FOR SALE14. OR DISTRIBUTION FOR SALE ORviDISTRIBUTION Type :wq! and press Enter to save yourNOT changes and exit the Editor. 15. At the command prompt, type sudo /sbin/service sshd status and press Enter to verify that the SSH service is running. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL 16. When prompted for a password, type pass=7890 and press Enter. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION The system will return a message indicating that the service is running. • If the service is running, skip to the next step. © Jones Learning, LLC flag indicating that © Learning, • & If Bartlett the system returns a Failed theJones service&isBartlett not running, repeat LLC 15 OR and DISTRIBUTION 16 until you receive an OK flag indicating that the service running. NOT FORsteps SALE NOT FOR SALE ORisDISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 111 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 17. At the command prompt, type ssh centos and press EnterOR to attempt an SSH connection NOT FOR SALE DISTRIBUTION NOT FOR SALE OR DISTRIBUTION from the host address that you just entered in the hosts file. The system will return a refused connect message indicating that yourname.hackers.com is being denied access. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUTION Figure 7 Attempt to connect as yourname.hackers.com NOT FOR SALE OR DISTRIBUT 18. Make a screen capture showing the hosts.deny file’s output in response to your attempt to connect and paste it into the Lab Report file. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Part 3: Modifiy the SELinux Configuration File uNote: In the next steps, you will harden security measures on this server by verifying that the SELinux © Jones & Bartlett Learning, LLC Jones Bartlett Learning, LLC security configuration file (selinux/config) is set to enforcing©mode upon&boot or reboot to ensure layered solutions. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION When first installed, SELinux has three possible modes. • Permissive mode will log system access or alert, but not enforce any policies. • Disable mode indicates that SELinux isn’t running © Jones & Bartlett Learning, LLCor logging. © Jones & Bartlett Learning, LL • EnforcingNOT mode will block access as defined in the policy. NOT FOR SALE OR DISTRIBUT FOR SALE OR DISTRIBUTION You also will modify the Boolean settings for the Web server to allow the http server to send email and make use of an NFS share. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 1. FOR At the command prompt, type cat /etc/selinux/config and press to display the NOT SALE OR DISTRIBUTION NOT FOREnter SALE OR DISTRIBUTION SELinux configuration file. Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 112 | Lab #6 Hardening Security by Controlling Access © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 2. Use the arrow keys to locate the SELINUX= to verify that it is set to enforcing NOTcommand FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION mode. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 8 Review the selinux/config file 3. Make a screen capture showing the SELinux mode from the config file and paste it into the Lab Report file. & Bartlett Learning, LLC © Jones © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 4. At the command prompt, type /usr/sbin/sestatus and press Enter to check the current mode for the SELinux status. In the output results, the current mode and mode from the config file both should be set to © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC enforcing. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC 9 SELinux status NOT FOR SALE ORFigure DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT 5. Make a screen capture showing the SELinux status output and paste it into the Lab Report file. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 6. At the command prompt, type sudo /sbin/service httpd status and press Enter to check the NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION status of httpd service. 7. When prompted for a password, type pass=7890 and press Enter. system returns that the&httpd service is stopped.LLC © Jones & BartlettThe Learning, LLC a message indicating © Jones Bartlett Learning, NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 113 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 8. At the command prompt, type sudo /sbin/service start and press Enter to start the NOT FORhttpd SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION httpd (Web) service. The system will return an OK flag indicating that the service is running. 9. At the command type ps -ZC httpdLLC and press Enter to view the SELinux to Learning, LL © Jonesprompt, & Bartlett Learning, © Jones & setting Bartlett see which WebFOR processes currently protected. NOT FOR SALE OR DISTRIBUT NOT SALEare OR DISTRIBUTION The system returns a list of processes under the label unconfined_u:system_r:httpd_t. 10. At the command prompt, type /usr/sbin/getsebool -a | grep http and press Enter to view © Jones & Bartlett Learning, © Jones & Bartlett Learning, LLC the Boolean settings for the LLC Web server type. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION The system returns a list of settings for this type, including the following settings that you will modify during the next steps of this lab. • httpd_can_sendmail - -> off (prohibits the Web server from sending email) © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC • httpd_use_nfs - -> off (prohibits the Web server from connecting to a remote NFS NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION share) 11. At the command prompt, type su -c ꞌ/usr/sbin/setsebool -P httpd_can_sendmail 1ꞌ and press Enter to change the settings to allow the Web server to send mail. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL 12. When prompted, type P@ssw0rd!, the root password, and press Enter. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION This command may take a few moments to re-label. Do not press any keys until the command prompt returns. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC uNote: NOT FOR SALE OR DISTRIBUTION NOTthe FOR ORtoDISTRIBUTION You are required to enter a mixed-case password. If you are not using CitrixSALE Receiver access this lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password. 13. At the command prompt, type su -c ꞌ/usr/sbin/setsebool -P httpd_use_nfs 1ꞌ and press © Jones & BartlettEnter Learning, LLC © Web Jones & Bartlett Learning, LLC to change the settings to allow the server to connect to a remote NFS share. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 14. When prompted, type P@ssw0rd!, the root password, and press Enter. This command may take a few moments to relabel. Do not press any keys until the command prompt returns. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION uNote: You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 114 | Lab #6 Hardening Security by Controlling Access © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 10 Modify the Web server settings © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL 15. At the command prompt, type /usr/sbin/getsebool -a | grep http and press Enter to view NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION the Boolean settings for the Web server type after having made the edits in the previous steps. The system returns a list of settings for this type, including the following settings that you © Jones Bartlett Learning, LLC © Jones & Bartlett Learning, LLC have&already modified during this lab. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION • httpd_can_sendmail - -> on (allows the Web server from sending email) • httpd_use_nfs - -> on (allows the Web server from connecting to a remote NFS share) If your results do not match this list, repeat steps 11-15 until they do. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 115 © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 11 Modified Web server settings 16. Make a screen capture showingLearning, your changes to the Boolean settings©forJones the Web © Jones & Bartlett LLC & server Bartlett Learning, LL type andNOT pasteFOR it intoSALE the Lab Report file. NOT FOR SALE OR DISTRIBUT OR DISTRIBUTION 17. Close the remote Linux connection. 18. Close the virtual lab, or proceed with Part 4 to answer the challenge question for this lab. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 116 | Lab #6 Hardening Security by Controlling Access © Jones & Bartlett Learning, LLC Part OR 4: Challenge Question NOT FOR SALE DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION uNote: The following challenge question is provided to allow independent, unguided work, similar to what you will encounter in a real You should aim to improveLLC your skills by getting the correct answer&inBartlett as few Learning, LL ©situation. Jones & Bartlett Learning, © Jones steps as possible. Use screen captures in your lab document where possible to illustrate your answers. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 1. From your local computer with Internet access, research SELinux Access control to find the three forms of access control and their definitions. Record your findings in the Challenge Questions file. Don’t forget to cite your references. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE ORunique DISTRIBUTION FOR SALE OR DISTRIBUTION (Answers will be to each student, but should includeNOT the following three forms of SELinux access control.) • Type Enforcement (TE): Type Enforcement is the primary mechanism of access control used in the targeted policy © Jones & Bartlett Learning, LLC Access Control (RBAC): © Jones Bartlett Learning, LLC • Role-Based Based&around SELinux users (not necessarily the same as the Linux user), but not used the default targeted policy NOT FOR SALE OR DISTRIBUTION NOTin FOR SALE OR DISTRIBUTION • Multi-Level Security (MLS): Not commonly used and often hidden in the default targeted policy. uNote: © Jones & Bartlett Learning, LLC This completes the lab. FOR Close SALE the virtual if you have not already done so. NOT ORlab, DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 117 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Evaluation Criteria and Rubrics NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION The following are the evaluation criteria for this lab that students must perform: 1. Review current internal host-based firewall parameters and configuration settings to © Jones Bartlett Learning, LLC– [20%] verify allowed and&denied IP communications © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 2. Configure an internal host-based firewall using IPtables and create stringent allow/deny rules for services that may require access to the system over the network – [20%] 3. Harden the system by enabling TCP Wrappers to deny and log unauthorized attempts against services and ports running on the system – [20%] 4. Secure processes running onLLC the system by using and©configuring to help © Jones & Bartlett Learning, Jones & SELinux Bartlett Learning, LLC perform moreOR in-depth layered security – [20%] NOT FOR SALE DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 5. Verify configurations of the settings applied by connecting to the Linux server using SSH and connect to other services running on a Linux server – [20%] © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 118 | Lab #6 Hardening Security by Controlling Access © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Lab #6 – Assessment Worksheet NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Hardening Security by Controlling Access Course Name and Number: _____________________________________________________ © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Lab Due Date: ________________________________________________________________ NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Overview In this lab, you first reviewed current host-based IP firewall services, flushed the current firewall configuration, and then permit/deny sets. YouLLC also configured © Jones & Bartlett Learning, LLCreconfigured it with stringent © Jones & Bartlettrule Learning, TCP OR Wrappers for unauthorized access controls andFOR logging. Finally, you configured SELinux NOT FOR SALE DISTRIBUTION NOT SALE OR DISTRIBUTION for an additional layer of security. Lab Assessment Questions & Answers © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL 1. SupposeNOT the domain hackers.com is denied for all services in the hosts.deny, butSALE OR DISTRIBUT NOT FOR FOR SALE OR DISTRIBUTION the hosts.allow file has the rule ALL:ALL. Will TCP Wrappers allow hackers.com access? Introduction. Yes. TCP Wrappers reads the hosts.allow (/etc/hosts) file before reading the © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC hosts.deny file. Therefore, if a match is found in the hosts.allow before it reads the NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION hosts.deny rule, the allow rule will be processed. 2. What is the command to check the SELinux status? How can you be sure that SELinux is in enforcing mode? © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Part 3, Step 4. /usr/sbin/sestatus. In the output results,SALE the current and mode from NOT FOR SALE OR DISTRIBUTION NOT FOR OR mode DISTRIBUTION the config file both should be set to enforcing. 3. What are three modes of SELinux? Explain their basic functionality. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL Note introducing Part 3. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION • Permissive mode will log system access or alert, but not enforce any policies. • Disable mode indicates that SELinux isn’t running or logging. • Enforcing mode will block access as defined in the policy. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 119 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 4. Based on your understanding of the IPtables rules SALE you established in Part 1 of this NOT FOR OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION lab, what command would you type to drop any Telnet (port 23) connection attempts? Part 1. sudo /sbin/iptables – A INPUT – dport 23 –j DROP Jones & Bartlettof Learning, LLC Jones & Bartlett Learning, LL 5. Based on©your understanding the IPtables rules you established in©Part 1 of this NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION lab, what command would you type to allow traffic on the lookback (lo)? Part 1. sudo /sbin/iptables –I INPUT 1 –I lo –j ACCEPT 6. What would you useLLC to view the network port © configuration for the Learning, LLC © Jones & switch Bartlett Learning, Jones & Bartlett IPtables? NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Note introducing Part 1. You can view the network port information of your IPtables by using the –v (verbose) switch. For example, iptables –L –v will list the rules and port information. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE7.OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION What is the purpose of the /etc/hosts file? Note following Part 2, Step 6. The /etc/hosts file keeps a map of IP addresses and aliases of any computers with which it communicates. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL 8. Is the order of FOR the rules in the important? NOT FOR SALE OR DISTRIBUT NOT SALE ORIPtables DISTRIBUTION Introduction. Yes. The first match found in the chain will be processed, so it is important where you place rules. Best practice recommends a default policy to first refuse (DROP) all packets and add specific rules to allow (ACCEPT) acceptable packets. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT SALE OR DISTRIBUTION NOT FOR OR DISTRIBUTION 9. FOR If either the hosts.deny or the hosts.allow file does not exist, whatSALE happens? Introduction. Should the rule not exist in either file or the file is not present, the request is automatically permitted. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Lab #7 Hardening Security for the Linux Kernel © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT Introduction This lab is an extension of the previous labs and it incorporates security hardening for the Linux kernel with&security parameters. The kernel is the core, or base component, of the operating © Jones Bartlett Learning, LLC © Jones & Bartlett Learning, LLC system (OS) and consists of program code that runs and manages all other code and resources. It NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION is important to protect the system kernel from vulnerabilities and potential attacks by applying hardened security measures at a kernel level. The sysctl.conf file is a simple, human-readable file that contains values used by the system upon © Jones & Bartlett LLC © Jones Bartlett the Learning, LLC in this file bootup. Learning, A security administrator should understand that & modifying values defined NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION can help tune the kernel against many forms of attacks. Further, system hardening can also be performed by going through the system and removing any system modules that are unnecessary for the performance expected of the server. Often, changes at kernel require a systemLLC reboot to take effect, which means & that © the Jones & level Bartlett Learning, © Jones Bartlett Learning, LL security demands may conflict with a service level agreement. In these cases, it is necessary to OR DISTRIBUT NOT FOR SALE NOT FOR SALE OR DISTRIBUTION tune the kernel while it is already up and running. The sysctl command enables a security administrator to configure a setting or parameter dynamically on the system. In this lab, you will view and tune all kernel parameters and discover information regarding the © Jones & Bartlett Learning, LLC and about the kernel © Jones & Bartlett Learning, current Loadable Kernel Modules (LKMs) itself. You will explore the LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION sysctl.conf file and make modifications to system settings. Finally, you also will enable and interpret the results of the lsmod command. This lab has four parts, which should be completed in the order specified. There is no challenge questionLearning, for this lab.LLC © Jones & Bartlett © Jones & Bartlett Learning, LLC NOT FOR SALE1.OR NOT FOR SALE ORsetting DISTRIBUTION InDISTRIBUTION the first part of the lab, you will look at the current kernel and persistent setting for syncookies. You will also modify and then restore the current running setting. 2. In the second part of the lab, you will use to the sysctl command to set the maximum simultaneous files a&user can open. © Jones Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 3. In the third part of the lab, you will explore various system kernel settings related to the processes, filesystems, and modules. 4. In the fourth part of the lab, you will add and then remove a kernel module. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 120 121 © Jones & Bartlett Learning, LLC Learning Objectives NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Upon completing this lab, you will be able to: Review and tune the kernel parameters on a CentOS Linux Server for security and © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL monitoring purposes NOT FORthe SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION • Produce kernel versions and loaded options for a better understanding of how system is configured and to identify potential security vulnerabilities in the CentOS Linux Server • Examine the /etc/sysctl.conf file and adjust tcp_sysncookies settings to configure secure options for users on a CentOS Linux Server © Jones & Bartlett Learning, LLC © Jones & Bartlett • Review and assess the Loaded Kernel Modules (LKMs) of the target Linux Learning, system and LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR provide recommendations on the output and current running configuration DISTRIBUTION • Use and interpret the lsmod command output and perform security hardening configurations on the CentOS Linux Server • © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Tools and Software NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION The following software and/or utilities are required to complete this lab. Students are encouraged to explore the Internet to learn more about the products and tools used in this lab. • None © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 122 | Lab #7 Hardening Security for the Linux Kernel © Jones & Bartlett Learning, LLC Deliverables NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Upon completion of this lab, you are required to provide the following deliverables to your instructor: © Jones & Bartlett Learning, LLC Bartlett 1. Lab Report file including screen captures of the following steps: Part©1,Jones Steps 9&and 15; Learning, LL NOT3;FOR Part 2, Step Part 3,SALE Steps OR 2, 4,DISTRIBUTION 6, 8, and 10; Part 4, Steps 2 and 6; NOT FOR SALE OR DISTRIBUT 2. Lab Assessments file. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 123 © Jones & Bartlett Learning, LLC Hands-On Steps NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION uNote: This lab contains detailed lab procedures, which you should follow as written. Frequently performed tasks are explained in the Common&Lab Tasks document on the vWorkstation desktop. You should review these Learning, LL © Jones Bartlett Learning, LLC © Jones & Bartlett tasks before starting the lab. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 1. From the vWorkstation desktop, open the Common Lab Tasks file. If you desire, use the File Transfer button to transfer the file to your local computer and © Jones LLC © Jones & Bartlett Learning, LLC print&aBartlett copy for Learning, your reference. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT FigureLLC 1 “Student Landing” vWorkstation © Jones & Bartlett Learning, © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 2. On your local computer, create the lab deliverable files. 3. Review the Lab Assessment Worksheet at the end of this lab. You will find answers to these questions as you proceed through the lab steps. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Part OR 1: Enable SYN Cookies uNote: To establish a connection, TCP uses a three-way handshake to communicate: SYN (the client requests © Jones & server Bartlett Learning, Jones & Bartlett Learning, LL a connection), SYN-ACK (the acknowledges theLLC client), and ACK (the client©acknowledges the NOT FOR SALE OR DISTRIBUTION server). In a SYNNOT floodFOR attack,SALE the attacker sends multiple SYN requests, but spoofs the IP address in OR DISTRIBUT the SYN packet so that the server cannot send a SYN-ACK reply and the connections cannot be closed. Handling these fake requests can tie up server resources and deny service to legitimate users. SYN cookies are the key element of a technique used to guard against SYN flood denial-of-service attacks. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC In the FOR next steps, youOR will DISTRIBUTION confirm that the net.ipv4.tcp_syncookiesNOT are enabled by viewing system NOT SALE FOR SALE ORthe DISTRIBUTION control configuration (sysctl.conf) file. You will also change current running kernel parameters on the system. Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 124 | Lab #7 Hardening Security for the Linux Kernel © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 1. Double-click the RDP icon on the desktop. This folder contains links to the virtual servers in this lab environment. 2. Double-click the TargetCentOS01.rdp file to open the Linux server. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL The remote GNOME desktop, graphical user interface (GUI) forNOT the virtual FOR Linux SALE OR DISTRIBUT NOT FOR SALE ORthe DISTRIBUTION server, opens with the IP address of the remote machine (172.30.0.21) in the title bar at the top of the window. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Figure 2 GNOME desktop NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 3. Double-click the Terminal icon on the GNOME desktop to open the terminal emulator and access the Linux server command line. 4. At the command and press Enter toLLC view the © Jones & Bartlett Learning, LLCprompt, type cat /etc/sysctl.conf © Jones &| less Bartlett Learning, current settings for the running kernel.NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION The system returns a list of the preset configuration. Use the arrow keys to review these settings. © Jones Learning, LLC © Jones & Bartlett Learning, LL 5. Use the arrow keys&toBartlett locate the net.ipv4.tcp_syncookies = 1 line in the file. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION A value of 1 indicates that syncookies is enabled. If it was set to 0, disabled, the server would be vulnerable to SYN flood attacks. An edit to this file will not cause the setting to take effect until the next time the server is rebooted. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 125 © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 3 Verify tcp_syncookies is enabled © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 6. Make a screen capture showing the current syncookies setting in the NOT sysctrl.conf and paste it into the Lab Report file. 7. Type q to exit the current view and return to the command prompt. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 8. At the command prompt, type cat /proc/sys/net/ipv4/tcp_syncookies and press Enter to NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION view the current running kernel parameters. Again, the system returns a value of 1, indicating that syncookies is enabled. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 126 | Lab #7 Hardening Security for the Linux Kernel © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION uNote: © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 4 Verify syncookies is enabled © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT In the next steps, you will verify that tcp_syncookies is enabled. You will practice making a dynamic change to the kernel without waiting for a system reboot by first disabling, and then re-enabling, this option. Because you are not rebooting the server at this time, the change will be temporary. The file will revert to © original Jonessetting & Bartlett Learning, LLCreboot. If you wanted to©make Jones & Bartlett Learning, LLC its (enabled) upon a system a permanent setting change, you NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION would open the /etc/sysctl.conf file with a file editor such as vi Editor, edit the setting, and then reboot the server. 9. At the command prompt, type su -c ' echo "0" > /proc/sys/net/ipv4/tcp_syncookies ' and Enter toLLC change the kernel settings for syncookies without waiting LLC for a reboot. © Jones & Bartlettpress Learning, © Jones & Bartlett Learning, NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION The setting will revert to what is in the sysctl.conf file if the system were rebooted. 10. When prompted, type P@ssw0rd!, the root password, and press Enter. uNote: © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT to FOR SALE SALE OR DISTRIBUTION You are required NOT to enterFOR a mixed-case password. If you are not using the Citrix Receiver access this OR DISTRIBUT lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password. 11. At the command prompt, type cat /proc/sys/net/ipv4/tcp_syncookies and press Enter to verify the current kernel parameters are disabled. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 12. Make a screen capture showing the current running kernel syncookies setting and paste it into the Lab Report file. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 127 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 13. At the command prompt, type su -c ' echo > /proc/sys/net/ipv4/tcp_syncookies NOT"1" FOR SALE OR DISTRIBUTION ' and NOT FOR SALE OR DISTRIBUTION press Enter to change the kernel settings for syncookies without waiting for a reboot. The above command turns syncookies on. The setting will revert to what is in the sysctl.conf file if the system were rebooted. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL 14. When prompted, type P@ssw0rd!, the root password, and press Enter. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION uNote: You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this lab, please use the CAPSLearning, LOCK buttonLLC or the On-Screen Keyboard©toJones input the&password. © Jones & Bartlett Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Part 2: Change System Parameters uNote:Learning, LLC © Jones & Bartlett © Jones & Bartlett Learning, LLC Another type of attack is when a hacker gains level accessOR to aDISTRIBUTION system and forces that NOT FOR SALE ORcommon DISTRIBUTION NOTuser FOR SALE user account to endlessly create or open files until the server runs out of resources. In the next steps, you will use the sysctl command to change the maximum number of files users can open simultaneously. This security measure can limit the amount of the server’s resources a user account can consume. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 1. At the command prompt, type /sbin/sysctl -a | less and press Enter toNOT all available parameters for the running kernel. The system returns a list of the available kernel parameters. Piping the output into the less program allowsLearning, you to viewLLC the output using the arrow keys to move forward and © Jones & Bartlett © Jones & Bartlett Learning, LLC backward with file. NOT FOR SALE ORthe DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 2. Use the arrow keys to locate the fs.file-max line in the resulting list. 3. Make a screen capture showing the current fs.file-max setting and paste it into the Lab © Jones & BartlettReport Learning, © Jones & Bartlett Learning, LLC file. LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 4. Type q to exit this view and return to the command prompt. 5. At the command prompt, type su -c ' /sbin/sysctl -w fs.file-max=100000 ' and press Enter to change the maximum number of files the user can open at one time to 100,000. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL 6. When prompted, type P@ssw0rd!, the root password, and press Enter. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION uNote: You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this lab, please use the CAPSLearning, LOCK buttonLLC or the On-Screen Keyboard©toJones input the © Jones & Bartlett & password. Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 128 | Lab #7 Hardening Security for the Linux Kernel © Jones & Bartlett Learning, LLC Part OR 3: Explore Kernel Settings NOT FOR SALE DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION uNote: In the next steps, you will use the cat command to discover information about the processes, filesystems, modules, and other details about the current running kernel to identify© security-hardening © Jones & Bartlett Learning, LLC Jones & Bartlett Learning, LL measures. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 1. At the command prompt, type cat /proc/filesystems and press Enter to find what types of filesystems are supported by the kernel. © Jones Bartlett Learning, LLC the filesystem is not © Jones &with Bartlett Learning, The&nodev (no device) indicates associated a physical device. LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 2. Make a screen capture showing the output of this command and paste it into the Lab Report file. You may have to take multiple screen captures or expand the terminal window to display the entire output. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 5 Output from the cat /proc/filesystems command © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL 3. At the command prompt, type cat /proc/modules and press Enter to find what modules NOT FOR SALEthe OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION kernel is loading. 4. Make a screen capture of this output and paste it into the Lab Report file. You may have to take multiple screen captures to display the entire output. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT SALE OR DISTRIBUTION NOTEnter FORtoSALE OR version DISTRIBUTION 5. FOR At the command prompt, type cat /proc/version and press find what of the kernel is currently running. 6. Make a screen capture showing the output of this command and paste it into the Lab Report file. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 129 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 7. At the command prompt, type cat /proc/cpuinfo andSALE pressOR Enter to find information about NOT FOR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION the CPU. 8. Make a screen capture of this output and paste it into the Lab Report file. You may have to take multiple screen captures to display the entire output. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL 9. At the command prompt, /proc/meminfo and press Enter to find whatSALE OR DISTRIBUT NOTout FOR NOT FOR SALEtype ORcat DISTRIBUTION processes are running in memory. 10. Make a screen capture showing the output of this command and paste it into the Lab Report file. You may have to take multiple screen captures to display the entire output. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Part 4: Secure Kernel Modules uNote: In the next steps, youLLC will harden security measures on this server by removing unusedLLC modules. First, © Jones & Bartlett Learning, © Jones & Bartlett Learning, you OR will use the lsmod command to list the modules currently the kernel. You will then add a NOT FOR SALE DISTRIBUTION NOT FORloaded SALEinOR DISTRIBUTION module and then remove it. 1. At the command prompt, type /sbin/lsmod and press Enter to list the loaded modules. © Jones © Jones Learning, LL The system returns&a Bartlett list of all Learning, the modulesLLC currently loaded in the kernel. A0& in Bartlett the NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION Used by column indicates that the loaded module is not in use. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT Figure 6 Output from the lsmod command © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 2. FOR MakeSALE a screen capture showing the output of this command and paste it into Lab NOT OR DISTRIBUTION NOT FOR SALE OR the DISTRIBUTION Report file. You may have to take multiple screen captures to display the entire output. Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 130 | Lab #7 Hardening Security for the Linux Kernel © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 3. At the command prompt, type su -c ' /sbin/modprobe rfcomm and press Enter to load the NOT FOR SALE OR' DISTRIBUTION NOT FOR SALE OR DISTRIBUTION rfcomm module. The rfcomm module supports Bluetooth devices and is not needed on this server. 4. When prompted, P@ssw0rd!, the root LLC password, and press Enter. © Jonestype & Bartlett Learning, © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION uNote: You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 5. FOR At theSALE command prompt, type /sbin/lsmod | grep rfcomm and press Enter OR to list the loaded NOT OR DISTRIBUTION NOT FOR SALE DISTRIBUTION modules that include the word rfcomm. Notice that the rfcomm module and associated modules are loaded in the running kernel. 6. Make a screen capture showing the output of this & command paste it into © Jones & Bartlett Learning, LLC © Jones Bartlettand Learning, LLCthe Lab Report file. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 7. At the command prompt, type su -c ' /sbin/modprobe -r rfcomm ' and press Enter to remove the rfcomm module. © Jonestype & Bartlett Learning, © Jones & Bartlett Learning, LL 8. When prompted, P@ssw0rd!, the root LLC password, and press Enter. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION uNote: You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 9. FOR At theSALE command prompt, type /sbin/lsmod | grep rfcomm and press EnterOR to list the loaded NOT OR DISTRIBUTION NOT FOR SALE DISTRIBUTION modules that include the word “rfcomm”. Notice that the rfcomm module and associated modules are no longer in this list. © Jones & Bartlett Learning, LLCLinux connection. 10. Close the remote NOT FOR SALE OR DISTRIBUTION uNote: © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION This completes the lab. Close the virtual lab, if you have not already done so. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 131 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Evaluation Criteria and Rubrics NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION The following are the evaluation criteria for this lab that students must perform: 1. Review and tune the kernel parameters on a CentOS Linux Server for security and © Jones & Bartlett © Jones & Bartlett Learning, LL monitoring purposes – [20%] Learning, LLC NOT FORthe SALE OR DISTRIBUT SALE DISTRIBUTION 2. ProduceNOT kernelFOR versions andOR loaded options for a better understanding of how system is configured and to identify potential security vulnerabilities in the CentOS Linux Server – [20%] 3. Examine the /etc/sysctl.conf file and adjust tcp_sysncookies settings to configure secure options for usersLearning, on a CentOS Linux Server – [20%] © Jones & Bartlett Learning, LLC © Jones & Bartlett LLC 4. FOR Review and assess the Loaded Kernel Modules (LKMs) of FOR the target Linux and NOT SALE OR DISTRIBUTION NOT SALE ORsystem DISTRIBUTION provide recommendations on the output and current running configuration – [20%] 5. Use and interpret the lsmod command output and perform security hardening configurations on the CentOS Linux Server – [20%] © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 132 | Lab #7 Hardening Security for the Linux Kernel © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Lab #7 – Assessment Worksheet NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Hardening Security for the Linux Kernel Course Name and Number: _____________________________________________________ © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Lab Due Date: ________________________________________________________________ NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Overview In this lab, you viewed and tuned all kernel parameters and discovered information regarding the current Loadable Kernel the&kernel itself. You explored © Jones & Bartlett Learning, LLC Modules (LKMs) and ©about Jones Bartlett Learning, LLCthe sysctl.conf file and made modifications to system Finally, you enabled and interpreted NOT FOR SALE OR DISTRIBUTION NOTsettings. FOR SALE OR DISTRIBUTION the results of the lsmod command. Lab Assessment Questions & Answers © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL 1. What is NOT the command to view current Linux kernel parameters? NOT FOR SALE OR DISTRIBUT FOR SALE ORthe DISTRIBUTION Part 1, Step 4. cat /etc/sysctl.conf | less 2. Which command can you run to list all the kernel’s available parameters one screen at © Jones & Bartlett LLCforward and backward©on Jones & Bartlett Learning, LLC a time with the Learning, ability to move the output? NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Part 2, Step 1. /sbin/sysctl -a | less Less is a program that allows both backward and forward movement of a given file or command. Piping the output of the sysctl -a command will allow the user to view all the parameters to that command. © Jones & Bartlettavailable Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 3. What is the purpose of enabling SYN cookies in the Linux kernel? Note introducing Part 1. SYN cookies are the key element of a technique used to guard against SYN flood denial-of-service attacks. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FORonSALE NOT FOR SALE OR DISTRIBUTION 4. If you wanted to limit the number of files that a user can open simultaneously the OR DISTRIBUT CentOS Linux Server to a maximum of one, what is the command syntax you need to enable in the Linux kernel? Part&2,Bartlett Step 5. suLearning, -c ' /sbin/sysctl © Jones LLC-w fs.file-max=1 ' NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 133 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 5. What is the best way to make a systemwide permanent change to the kernel to enable NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION SYN cookies? Note following Figure 4. If you wanted to a permanent setting change, you would open the /etc/sysctl.conf file with a file editor such as vi Editor, edit the setting, and then reboot the server. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL FORlocked SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 6. Your boss wants you to make sure a freshly installed system is up toNOT date and down at the kernel level. Which command would you use to load a new module? Which command would you use to remove an unwanted module? © Jones LLC <modulename> ' © Jones & Bartlett Learning, LLC Part&4, Bartlett Step 3. suLearning, -c ' /sbin/modprobe Part 3,SALE Step 7.OR su -c ' /sbin/modprobe -r <modulename>NOT ' NOT FOR DISTRIBUTION FOR SALE OR DISTRIBUTION 7. What is the relation between sysctl.conf and the sysctl command? Introduction. The sysctl.conf file is a simple, human-readable file that contains values used by the system upon bootup. The sysctl command enables a security administrator to configure a © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC setting or parameter dynamically on the system. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 8. What command allows you to dynamically modify a kernel parameter without opening the sysctl.conf file in the vi Editor? Part 2, Step 5. su -c ' /sbin/sysctl -w <kernelparameter>' would change any parameter in the © Jones & Bartlett Learning, LL conf file. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Lab #8 Applying Best Practices for Secure Software Management © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Introduction © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT Linux applications are usually delivered as a single archived (.tar) and zipped (.gz) file called a tarball or a package. These packages make installations and upgrades easy because all of the © Jones & Bartlett Learning, LLC & place. Bartlett Learning, LLC required files, documentation, and configuration information©is Jones all in one Unfortunately, NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION hackers can easily tamper with packages by inserting malicious files or programs into the tarball. These malicious file can be damaging on a standalone system, but disastrous for a network environment. For this reason, best practice for security administrators is to validate the software packages prior to installing them on the network. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Organizations rely on security administrators NOT to useFOR package management tools, such as RPM NOT FOR SALE OR DISTRIBUTION SALE OR DISTRIBUTION Package Manager (RPM) and Yellowdog Updater Modified for RPM (YUM), to verify and install packages within the Linux environment. Additional security can be assured by verifying the integrity of tarballs by comparing the hash codes of the original file with the downloaded file. Another tool available to the security administrator is GnuPG (GPG) which© can used to © Jones & Bartlett Learning, LLC Jones & verify Bartlett Learning, LL encryption keys used to encrypt the original package. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION This lab is an extension of the previous labs and incorporates best practices for secure software management. In this lab, you will work with a CentOS machine and use RPM to query and verify package files, verify a source tarball used for application integrity verification when © Jones & Bartlett Learning, LLC Bartlett to Learning, downloading and installing new applications, and learn how © to Jones create a&repository properly LLC NOT FOR SALE OR DISTRIBUTION FOR ORverification DISTRIBUTION secure the RPN databases. You will also use the md5sum forNOT hashing andSALE integrity against downloaded program files. Finally, you will learn to use GPG (GnuPG) tool to view a GPG license key to ensure downloaded software is valid. This lab has four parts, which should be completed in the order specified. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE1.OR NOTthe FOR SALE OR Manager DISTRIBUTION InDISTRIBUTION the first part of the lab, you will explore RPM Package tool to query and verify packages within a Centos virtual lab environment. 2. In the second part of the lab, you will use md5sum to check the integrity of a tarball file. © Jones © Jones & Bartlett 3. In the third part of & theBartlett lab, youLearning, will use theLLC GPG (GnuPG) tool to verify a license key and Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR of SALE OR DISTRIBUTION ensure the integrity the downloaded program. 4. Finally, if assigned by your instructor, you will explore the virtual environment on your own to answer a challenge question that allows you to use the skills you learned in the lab to conduct independent, unguided you will in a real- LLC © Jones & Bartlett Learning, LLC work, similar to what © Jones & encounter Bartlett Learning, worldSALE situation. NOT FOR OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 134 135 © Jones & Bartlett Learning, LLC Learning Objectives NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Upon completing this lab, you will be able to: Query and verify all installed packages in the kernel to help evaluate what security Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL measures©are necessary NOT FOR SALEare OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION • Verify a source tarball to determine whether the integrity and contents of the package what you expect before executing or installing it • Use and leverage md5sum to verify the integrity of a downloaded software tarball • Use GPG to view the signature of a downloaded public key © Jones & Bartlett Learning, © Jones & Bartlett Learning, • Configure the rpm databaseLLC to add repositories securely for the distribution of software LLC to NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION persons who do not need access to the system directly, only to download any updates or rpms • Tools and Software © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALEthis ORlab. DISTRIBUTION The following software and/or utilities are required to complete Students are encouraged to explore the Internet to learn more about the products and tools used in this lab. • • • md5sum Python © Jones & Bartlett Learning, LLC RPM Package Manager (RPM) NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 136 | Lab #8 Applying Best Practices for Secure Software Management © Jones & Bartlett Learning, LLC Deliverables NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Upon completion of this lab, you are required to provide the following deliverables to your instructor: © Jones & Bartlett Learning, LLC & 8, Bartlett 1. Lab Report file including screen captures of the following steps: Part©1,Jones Steps 5, and Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 11; Part 2, Steps 5 and 7; Part 3, Steps 2 and 13; 2. Lab Assessments file; 3. Optional: Challenge Questions file, if assigned by your instructor. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 137 © Jones & Bartlett Learning, LLC Hands-On Steps NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION uNote: This lab contains detailed lab procedures, which you should follow as written. Frequently performed tasks are explained in the Common&Lab Tasks document on the vWorkstation desktop. You should review these Learning, LL © Jones Bartlett Learning, LLC © Jones & Bartlett tasks before starting the lab. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 1. From the vWorkstation desktop, open the Common Lab Tasks file. If you desire, use the File Transfer button to transfer the file to your local computer and © Jones LLC © Jones & Bartlett Learning, LLC print&aBartlett copy for Learning, your reference. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT FigureLLC 1 “Student Landing” vWorkstation © Jones & Bartlett Learning, © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 2. On your local computer, create the lab deliverable files. 3. Review the Lab Assessment Worksheet at the end of this lab. You will find answers to these questions as you proceed through the lab steps. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE DISTRIBUTION NOTManager FOR SALE OR DISTRIBUTION Part OR 1: Explore a Tarball with RPM Package uNote: In the next steps, you will explore the built-in RPM Package Manager tool found in the virtual Centos © Jones &operation Bartlettmodes: Learning, LLC © Jones Bartlett Learning, LL server. This tool has five basic installing, uninstalling, upgrading, querying and&verifying. NOT SALE OR DISTRIBUT NOT DISTRIBUTION It is also a database thatFOR holds SALE all RPMOR package information stored in the Linux system andFOR manages package installations, re-installations, and updates. From the RPM database, users issue command line statements to query and verify installed packages and files to help identify issues, changes, or missing files. As a result, RPM upgrades individual components rather than the entire package, and keeps customized settings already in place on the Linux machine. to build their software can © Jones & Bartlett Learning, LLC Developers who use © RPM Jones & Bartlett Learning, LLC ensure the original integrity of the source along with the patches used, including the buildOR instructions. This, NOT FOR SALE OR DISTRIBUTION NOT FOR SALE DISTRIBUTION in turn, makes for better software for end users. RPM is not foolproof, however. RPM does not automatically install all program dependencies before installing a software package. Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 138 | Lab #8 Applying Best Practices for Secure Software Management © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 1. Double-click the RDP folder on the vWorkstation ThisDISTRIBUTION folder contains RDP NOT FORdesktop. SALE OR NOT FOR SALE OR DISTRIBUTION connection link to CentOS virtual server in this lab environment. 2. Double-click the TargetCentOS01.rdp to connect to the remote Linux server. The remote GNOME desktop, Learning, the graphical user interface (GUI) for©the virtual&Linux © Jones & Bartlett LLC Jones Bartlett Learning, LL server, opens IP address of the remote machine (172.30.0.21) in the titleSALE bar at OR DISTRIBUT NOT FOR NOT with FORthe SALE OR DISTRIBUTION the top of the window. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT Figure 2 GNOME desktop © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FORthe SALE OR emulator DISTRIBUTION 3. Double-click the Terminal icon on the GNOME desktop to open terminal and access the Linux server command line. 4. At the command prompt, type rpm -ql sendmail | less and press Enter to view all files the sendmail package.© Jones & Bartlett Learning, LLC © Jones & Bartlettassociated Learning,with LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION The -ql option queries the sendmail package and displays the included files in a list. The less command enables you to use the up and down arrows to scroll through the results. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 139 © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT Figure 3 Output of the rpm -ql command © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT OR DISTRIBUTION NOT DISTRIBUTION 5. FOR MakeSALE a screen capture showing the list of sendmail files andFOR pasteSALE it into OR the Lab Report file. You may have to take multiple screen captures to display the entire output. 6. Type q to return to the command prompt. © Jones & Bartlett Learning, LLCprompt, type rpm -qf © Jones Bartlett 7. At the command /bin/ls and & press Enter Learning, to discover LLC which package NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION installed the /bin/ls executable. The -qf switch option queries the specified path for the name of the package file. 8. Make a screen capture showing the package name and paste it into your Lab Report file. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION uNote: In the next steps, you will identify any changes to the contents of the file that have taken place. The output of the rpm -V appears in three columns as shown in the following figure. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 140 | Lab #8 Applying Best Practices for Secure Software Management © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 4 Output from rpm -V command © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC The first is formatted as a string of nine characters eachSALE of whichOR denotes the result of a NOT FOR SALE ORcolumn DISTRIBUTION NOT FOR DISTRIBUTION comparison of one attribute of the file to the value of that attribute recorded in the RPM database. The following table describes each flag. If a package or file can’t be found, the output will show “missing” because the file or package was either deleted or moved, or is unreadable. © Jones & Bartlett Learning, LLC RPM Flag Description NOT FOR SALE OR DISTRIBUTION Flags Description . Passed the test (matches the original) ? Test could not be performed © Jones & Bartlett Learning, LLC S File size changed NOT FOR SALE OR DISTRIBUTION M Mode / Permissions/ File type changed 5 MD5 checksum changed © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION D Device changed L Symbolic © Jones & Bartlett Learning, LLC link changed © Jones & Bartlett Learning, LLC U User ownership changed NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION G Group ownership changed T P File modification time changed Capabilities changed © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL SALE OR DISTRIBUT NOT The second column will FOR containSALE one of OR theseDISTRIBUTION attribute markers identifying the type ofNOT file in FOR the package: • c – configuration file • d – documentation file • g – ghost file, where, for example, the file contents are not included in the package payload © Jones & Bartlett © Jones & Bartlett Learning, LLC • l – license file Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION • r – readme file The third column contains the file name and path for the files included in the package. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 141 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 9. At the command prompt, type sudo rpm -V httpd pressOR Enter to verify the integrity of NOT FORand SALE DISTRIBUTION NOT FOR SALE OR DISTRIBUTION files in the installed httpd package. 10. This command requires a password, so type pass=7890 and press Enter at the command prompt. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL This command returns any instances where the content of the referenced in SALE this case NOTfile, FOR OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION the httpd file, has changed. If no changes have occurred in the file specified, there will be no output. If the file has been changed, the output will indicate what type of change has been made. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 11. Make a screen capture showing the results of the rpm –V command and paste it into the NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Lab Report file. 12. Use the RPM Flag Description table from the previous note to determine which type of change has been made to the httpd.conf file and describe your findings in the Lab Report © Jones & Bartlettfile. Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 13. At the command prompt, type rpm -qa | less and press Enter to view a list of all currently installed packages on the Linux computer. Use the up and down arrow keys to view the entire list. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, © Jones & Bartlett Learning, LLC FigureLLC 5 Output of the rpm -qa command NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 14. In the Lab Report file, describe the list. Did the number of file meet your expections? 15. Type q to return to the command prompt. Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 142 | Lab #8 Applying Best Practices for Secure Software Management © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Part 2: Use md5sum Hashing to Verify an Installation FileOR DISTRIBUTION NOT FOR SALE NOT FOR SALE OR DISTRIBUTION uNote: The md5sum is an algorithm that is used to verify data integrity and authenticity using the MD5 (Message-Digest©algorithm 5) Bartlett 128-bit cryptographic Jones & Learning,hash. LLCA hash is a unique, constant-length © Jones &checksum Bartlett Learning, LL or signature for the data or program. The md5sum runs a comparison check to detect file changes and NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION provides a checksum that users use to see whether it matches the MD5 value signed by the trusted organization or developer of the file/program. This hash technique is different than encryption because it is a one-way method that doesn’t require © Jones Learning, LLC Jonesand & its Bartlett known keys&toBartlett encrypt and decrypt information. Any changes to a © program files will Learning, produce a LLC NOT FOR SALE ORIfDISTRIBUTION NOT SALE DISTRIBUTION different md5sum value. there are no changes, then the Md5Sum valueFOR will match theOR md5sum value provided by the trusted source of the program files. Encryption, on the other hand, is a two-way function that requires a known key or keys to encrypt and decrypt the original data. Basically, a hash verifies a file and its integrity, and encryption contains the file and secures it with a key control that both parties must know. Learning, LLC © Jones & Bartlett © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION In the next steps, you will use md5sum hashing to verify the integrity of the source code for the downloaded Python software on the Centos machine. Downloaded software is a significant security threat that should be checked and verified to make sure that it hasn’t been tampered with before it is installed. This portion of the lab requires access to a workstation with Internet access. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT NOT FOR SALE OR DISTRIBUTION 1. At the command prompt, type ls /opt/software and press Enter to view a listFOR of allSALE of theOR DISTRIBUT downloaded software on this computer. The system returns a list of downloaded software. In this case, the Python-2.7.8.tgz software. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 2. From a workstation with Internet access, open a Web browser, such as Mozilla Firefox or Microsoft Internet Explorer. 3. In the browser’s address box, type http://www.python.org/download/releases/2.7.8/, the © Jones & BartlettURL Learning, LLC © Jones Bartlett Learning, LLC (uniform resource location) for the Python & software, and press Enter to open the Web site. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 4. On the Python Web site, locate the MD5 checksum for the Python 2.7.8.tgz release. You may need to scroll down the page to find the section labeled MD5 checksums and sizes of the released files. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 143 © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 6 MD5 checksum from the Python Web site © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOTand FOR SALE OR DISTRIBUT NOT FOR SALE OR the DISTRIBUTION 5. Make a screen capture showing MD5 checksum for the Python release paste it into the Lab Report file. 6. In the TargetCentOS01 window, type md5sum /opt/software/Python-2.7.8.tgz and press Enter the command prompt to view the MD5 checksum for the installed © Jones & at Bartlett Learning, LLC © Jones & Python Bartlettrelease Learning, LLC on this computer. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 7. Make a screen capture showing the MD5 checksum for the Python tarball and paste it into the Lab Report file. 8. In the Lab Report checksums to verify that theLLC version of © Jones & Bartlett Learning, LLC file, compare the two©MD5 Jones & Bartlett Learning, Python installed on this computer matches version released on Python’s Web site. NOT FOR SALE OR DISTRIBUTION NOTthe FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 144 | Lab #8 Applying Best Practices for Secure Software Management © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Part 3: Use GPG and Create a New Repository File SALE OR DISTRIBUTION NOT FOR NOT FOR SALE OR DISTRIBUTION uNote: Software download packages usually include a GPG key, which acts as a digital signature to prove the validity of the source. GPG & is an Open Source encryption ensure data © Jones Bartlett Learning, LLCand signing tool that helps © Jones & Bartlett Learning, LL integrity and confidentiality. Software management tools like RPM and YUM utilities store the public keys NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION for approved package sources to help with software installations. In the next steps, you will use the gpg command to view and verify GPG license key signature. When managing downloaded software on a Linux platform, you will often need to download GPG keys from the © Jones Bartlett Learning, LLC that the downloaded © Jones & Bartlett Learning, internet and&verify their signatures to ensure program is valid and trusted. You will LLC NOT FORthat SALE FOR SALE ORthe DISTRIBUTION then import GPGOR key DISTRIBUTION to the RPM database before creating a NOT new repository file under YUM repository directory to hold any software published by Google. 1. At the command prompt, type gpg /opt/software/linux_signing_key.pub and press Enter to the signature key. & Bartlett Learning, LLC © Jones & Bartlettview Learning, LLC of a downloaded GPG © Jones NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 7 Verify the signature of a downloaded NOT FOR SALE ORFigure DISTRIBUTION NOTGPG FORkey SALE OR DISTRIBUTION 2. Make a screen capture showing the GPG signature and paste it into the Lab Report file. 3. At the command prompt, type sudo rpm --import /opt/software/linux_signing_key.pub and Enter toLLC import the key into the RPM database. © Jones & Bartlettpress Learning, © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 4. When prompted for a password, type pass=7890. 5. At the command prompt, type cd /etc/yum.repos.d/ and press Enter to change the to the yum.repos.d directory. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL 6. At the command prompt, type su -c ' vi google.repo ' and press Enter to open a new file OR DISTRIBUT NOT FOR SALE NOT FOR SALE OR DISTRIBUTION called google.repo in the vi Editor. 7. When prompted, type P@ssw0rd!, the root password, and press Enter to create the new account. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION uNote: You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 145 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 8. Press the i key to enter the Insert mode. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 9. Use the arrow keys to locate the first blank line in the file and type the following new lines noted below. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL • [Google] NOT FOR SALE OR DISTRIBUT NOT FOR Lab SALE OR DISTRIBUTION • name=Google • baseurl=http://dl.google.com/linux/rpm/stable/i386 • enabled=1 • gpgcheck=1 © Jones•&gpgkey=https://dl-ssl.google.com/linux/linux_signing_key.pub Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 8 Create a new google.repo file 10. Press the Esc key to exit the Insert mode. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 11. Type :wq! and press Enter to save your changes and exit the Editor. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE ORviDISTRIBUTION The new google.repo file will be saved in the yum.repos.d directory. The YUM installer will now check any newly installed software published by Google against the information in this file. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION uNote: Unlike RPM Package Manager, the YUM installer automatically tracks and installs all dependent applications first before installing the software package you may actually want. YUM looks in the /etc/yum.repos.d/ directory for configured repositories. CentOS has several repositories by default, but repositories be added LLC to gain access to other software. ©third-party Jones & Bartlettcan Learning, © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 146 | Lab #8 Applying Best Practices for Secure Software Management © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 12. At the command prompt, type ls and press list theOR files in the yum.repos.d NOTEnter FORtoSALE DISTRIBUTION NOT FOR SALE OR DISTRIBUTION directory. The resulting list of files should include the google.repo file you just created. 13. Make a screen capture showingLearning, the results LLC of the ls command and paste it into the Lab © Jones & Bartlett © Jones & Bartlett Learning, LL Report file. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 14. Close the remote Linux connection. 15. Close the virtual lab, or proceed with Part 4 to answer the challenge question for this lab. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 147 © Jones & Bartlett Learning, LLC Part OR 4: Challenge Question NOT FOR SALE DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION uNote: The following challenge question is provided to allow independent, unguided work, similar to what you will encounter in a real You should aim to improveLLC your skills by getting the correct answer&inBartlett as few Learning, LL © situation. Jones & Bartlett Learning, © Jones steps as possible. Use screen captures in your lab document where possible to illustrate your answers. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 1. Explain the differences between RPM and YUM. What is the preferred software installation utility? Why? Use the Internet to research your answer and cite your references. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE ORunique DISTRIBUTION NOT FOR SALE ORYUM DISTRIBUTION (Answers will be to each student.) Both are command-line-based tools. The utility is a more intelligent tool that automatically finds required dependencies and installs them prior to installing any software package. The RPM Package Manager tool, on the other hand, doesn’t know how to find, and isn’t aware of, dependencies during a software package installation. As a result, installed software A user must detail theLearning, exact location of each © Jones & Bartlettthe Learning, LLC may not work correctly. © Jones & Bartlett LLC dependency when using the rpm commandNOT and install prior to installing the specific software NOT FOR SALE OR DISTRIBUTION FOR them SALE OR DISTRIBUTION application needed. YUM only requires the program name to find all the dependencies and install them prior to installing the respective software needed. As a result, YUM is the preferred method for software very comfortable with Learning, LL © Jones & Bartlett Learning, LLC installations if user is © Jones & Bartlett using command line syntax. Otherwise, many Linux operating systems offer a GUI (graphic user NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION interface) for easy software installations. uNote: This completes the lab. Close the virtual lab, if you have not already done so. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 148 | Lab #8 Applying Best Practices for Secure Software Management © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Evaluation Criteria and Rubrics NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION The following are the evaluation criteria for this lab that students must perform: 1. Query and verify all installed packages in the kernel to help evaluate what security Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL measures©are necessary – [20%] NOT FOR SALEare OR DISTRIBUT FOR SALE OR DISTRIBUTION 2. Verify aNOT source tarball to determine whether the integrity and contents of the package what you expect before executing or installing it – [20%] 3. Use and leverage md5sum to verify the integrity of a downloaded software tarball – [20%] 4. Use&GPG to view the signature key – [20%] © Jones Bartlett Learning, LLCof a downloaded public © Jones & Bartlett Learning, LLC 5. FOR Configure rpm database to add repositories securely forFOR the distribution software to NOT SALEtheOR DISTRIBUTION NOT SALE ORofDISTRIBUTION persons who do not need access to the system directly, only to download any updates or rpms – [20%] © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 149 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Lab #8 – Assessment Worksheet NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Applying Best Practices for Secure Software Management Course Name and Number: _____________________________________________________ © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Lab Due Date: ________________________________________________________________ NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Overview This lab was an extension of the previous labs. It incorporated best practices for secure software management. In thisLLC lab, you worked with a CentOS machine and used RPM to LLC query and verify © Jones & Bartlett Learning, © Jones & Bartlett Learning, package verified a source tarball used forNOT application integrity when NOT FOR SALE ORfiles, DISTRIBUTION FOR SALE ORverification DISTRIBUTION downloading and installing new applications, and learned how to create a repository to properly secure the RPN databases. You also used the md5sum for hashing and integrity verification against downloaded program files. Finally, you learned to use GPG (GnuPG) tool to view a GPG license key to ensure downloaded software is valid. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION Lab Assessment Questions & Answers 1. Explain the purpose of the rpm -qf /bin/ls command. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Part 1, Step 7. This command will return the name of the package file in the specified location. In NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION this case, it is coreutils-8.4-19.el6.x86_64. 2. Discuss the purpose of a software repository as it relates to YUM. followingLLC Part 3, Step 11. Unlike RPM©Package the Learning, YUM installerLLC automatically © Jones & BartlettNote Learning, Jones Manager, & Bartlett tracks and installs all dependent applications first before installing the software package NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION you may actually want. YUM looks in the /etc/yum.repos.d/ directory for configured repositories. CentOS has several repositories by default, but third-party repositories can be added to gain access to other software. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL 3. How can you ensure that a downloaded software package (tarball) is legitimate and NOT FOR SALE OR DISTRIBUT NOT FOR SALE hasn’t been tampered with? OR DISTRIBUTION Part 2. Download a tarball from a trusted source, and obtain that source’s MD5 checksum. Once the tarball is downloaded, run md5sum on the tar download. Then, compare MD5 checksum © Jones & against Bartlett LLCchecksum. © Jones & Bartlett Learning, LLC result theLearning, trusted source’s NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 150 | Lab #8 Applying Best Practices for Secure Software Management © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 4. Explain all of the switches associated with rpmSALE command that were used in this lab. NOTthe FOR OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION • • • • Part 1 Step 4. -ql (lists all files in the package) Part 1 Step 7. -qf (queries a specified path for the name of the package file) Part 1 Step 9. (verifies Learning, the integrity of the files in the package) © Jones & Bartlett Learning, LL © Jones & -V Bartlett LLC Part 1 Step 13. –qa (lists all currently installed NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTIONpackages) 5. Explain what hashing is and how it differs from encryption. Note introducing Part 2. A hash is a unique constant-length checksum or signature for the data © Jones & Bartlett Learning, LLC Jones it&isBartlett or program. This hash technique is different from encryption©because a one-wayLearning, method thatLLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION doesn’t require known keys to encrypt and decrypt information. Any changes to a program and its files will produce a different md5sum value. If there are no changes, then the Md5Sum value will match the md5sum value provided by the trusted source of the program files. Encryption, on the other hand, is a two-way function that requires a known key or keys to encrypt and decrypt © Jones & Bartlettthe Learning, LLC Jones Bartlettand Learning, original data. Basically, a hash verifies©a file and its&integrity, encryption LLC contains the file NOT FOR SALE OR DISTRIBUTION SALE OR DISTRIBUTION and secures it with a key control that both NOT partiesFOR must know. 6. If you wanted to know which package a certain program belonged to, what command would you run? © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL Part 1, Step 7. rpm -qf <installed program directory>. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 7. During this lab, you reviewed the httpd file for changes. What changes did you record in your WordPad document? © Jones © Jones & Bartlett Learning, LLC Part&1,Bartlett Step 12. Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION • 5 – MD5 checksum has changed • T – The time of the file has change • S – The size of the repository has changed © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Lab #9 Applying Best Practices for Security Logging and Monitoring © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Introduction © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT Security administration is not simply a matter of locking down a system and then not having to worry about it again. New exploits in existing software and network protocols are constantly © Jones & Bartlett LLC © Jonesattack & Bartlett Learning, LLC being discovered, not toLearning, mention the possibility of social engineering attempts. To identify NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION anything amiss on a server, it is best practice for security administrators to regularly to check in on the machine. Checking in on a machine would be meaningless if nothing is being recorded for you to check. By default, Linux servers system logLLC would reside on © Jones & Bartlett Learning, LLC run a system logging © feature. Jones Typically, & BartletttheLearning, the same server it is logging, but best practice is to locate the system log on a remote server NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION instead, particularly if the logged server is open the Internet. Locating the system logs for all servers on a single server provides a more secure location for all logging. Suppose an intruder breaks into a Linux system and deletes all of the local log files. Unless the intruder also compromises the server, the log files will still be available to©access © remote Joneslogging & Bartlett Learning, LLC Jonesand & analyze. Bartlett Learning, LL System logs open the Internet are also vulnerable to denial service attacks which may fill up the NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION system log to the point where it cannot log any other messages. Another method of logging events on a server is available by using the Tripwire application. Tripwire is a file integrity tool that keeps a database hash of all files specified in its policy file. © Jonesa & Learning, LLCdetect the changes. © Jones & Bartlett Learning, LLC Anytime fileBartlett is altered, Tripwire will NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Rootkit Hunter (rkhunter) is another file integrity checker available to the security administrator. Rkhunter is a script that checks for various rootkits, a type of malicious software that enables unauthorized users access to the server without being detected. It also performs checks on common commands and startup files to determine if they have been modified, among other © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC things. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION In this lab, you will configure remote logging in the CentOS Linux Server and send syslogs to a remote host for secure secondary logging. You will use Tripwire, a third-party file integrity tool, to identify modifications to important system files. You will configure Rootkit Hunter, (rkhunter), to search for rootkits and other anomalies on a set schedule. You©also will search the Learning, LL © Jones & Bartlett Learning, LLC Jones & Bartlett log files for specific criteria. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION This lab has four parts, which should be completed in the order specified. 1. In the first part of this lab, you will configure remote logging for an external logging and © Jones & Bartlett Learning, LLC © Jones & Bartlett file; Learning, monitoring server by creating a new rsyslog.conf remote log configuration you willLLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION then search through the log files to search for evidence of an intrusion. Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Instructor Lab Manual © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 151 152 | Lab #9 Applying Best Practices for Security Logging and Monitoring © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 2. In the second part of this lab, you will configure defaultOR policy file for Tripwire and NOT FORa SALE DISTRIBUTION NOT FOR SALE OR DISTRIBUTION create a site and local passphrase; you will then initialize the Tripwire database and index all of the files on the system. 3. In the third part of this lab, you will edit the rkhunter configuration file, schedule the Jones & Bartlett Learning, LLC © Jonesreport. & Bartlett Learning, LL rkhunter©report to run at a specific time, and run the rkhunter check summary NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 4. Finally, if assigned by your instructor, you will explore the virtual environment or a related topic on your own to answer a set of challenge questions that allow you to use the skills you learned in the lab to conduct independent, unguided work, similar to what you will&encounter a real-world situation. © Jones Bartlettin Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Learning Objectives Upon completing this lab, you will be able to perform the following: © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC • Configure remote logging on the CentOS Linux Server and send syslogs and other events NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION to a remote host for secure secondary logging • Search through different log files on the CentOS Linux Server to identify where certain types of logs are stored and how often they get recycled • Configure the Tripwire file integrity tool so that modifications to important system files © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL are quickly identified and properly logged both locally and remotely NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION • Configure and schedule rkhunter to run at said interval using the cron subsystem so that a rootkit can be properly and quickly identified if possible • Configure both automatic searches on log files as well as automatic running of important security applications to properly monitor a CentOS Linux Server for malicious activity © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Tools and Software The following software and/or utilities are required to complete this lab. Students are encouraged to explore the Internet to learn more about the products and tools used in this lab. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC • Rootkit Hunter NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION • Tripwire © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 153 © Jones & Bartlett Learning, LLC Deliverables NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Upon completion of this lab, you are required to provide the following deliverables to your instructor: © Jones & Bartlett Learning, LLC & Bartlett 1. Lab Report file including screen captures of the following steps: Part©1,Jones Steps 13, 26, and Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 29; Part 2, Step 23; Part 3, Steps 6, 18, and 23; 2. Lab Assessments file; 3. Optional: Challenge Questions file, if assigned by your instructor. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 154 | Lab #9 Applying Best Practices for Security Logging and Monitoring © Jones & Bartlett Learning, LLC Hands-On Steps NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION uNote: This lab contains detailed lab procedures, which you should follow as written. Frequently performed tasks are explained in the Common&Lab Tasks document on the vWorkstation desktop. You should review these Learning, LL © Jones Bartlett Learning, LLC © Jones & Bartlett tasks before starting the lab. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 1. From the vWorkstation desktop, open the Common Lab Tasks file. If you desire, use the File Transfer button to transfer the file to your local computer and © Jones LLC © Jones & Bartlett Learning, LLC print&aBartlett copy for Learning, your reference. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT FigureLLC 1 “Student Landing” vWorkstation © Jones & Bartlett Learning, © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 2. On your local computer, create the lab deliverable files. 3. Review the Lab Assessment Worksheet at the end of this lab. You will find answers to these questions as you proceed through the lab steps. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Part 1: Configuring and Investigating the Linux Log File uNote: In the next steps, you will explore the robust nature of Linux’s log files. First, you will configure remote © Jones & Bartlett Learning, LLC Jones & Bartlett logging for an external logging and monitoring server by creating a new remote log©configuration file, the Learning, LL NOT FOR SALE OR DISTRIBUT FOR DISTRIBUTION rsyslog.conf file.NOT Next, you willSALE searchOR through the log files for evidence of an intrusion. 1. Double-click the RDP folder on the vWorkstation desktop to open the folder. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 155 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 2. Double-click the TargetCentOS01.rdp file in the RDP folder to DISTRIBUTION open a remote connection NOT FOR SALE OR NOT FOR SALE OR DISTRIBUTION to the Linux machine. The remote GNOME desktop, the graphical user interface (GUI) for the virtual Linux server, opens with the IP address of the remote machine (172.30.0.21) in the title bar at © the Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL the top of window. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & BartlettFigure Learning, LLC © Jones & Bartlett Learning, LL 2 GNOME desktop NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 3. Double-click the Terminal icon on the GNOME desktop to open the terminal emulator and access the Linux server command line. 4. At the commandLearning, prompt, type su -c ' vi /etc/rsyslog.conf ' and press Enter toLearning, create a new © Jones & Bartlett LLC © Jones & Bartlett LLC remote system log configuration file in the vi Editor. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 5. When prompted, type P@ssw0rd!, the root password, and press Enter. uNote: You are required to enter a mixed-case password.© If you are not using the Citrix ReceiverLLC to access this © Jones & Bartlett Learning, LLC Jones & Bartlett Learning, lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 6. Press the i key to enter the Insert mode. 7. Use the arrows keys to move to the last line in the file and press Enter to create a new line © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL above the last line in the file. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 8. Press the up-arrow key so that the cursor is now at the beginning of the new line you just created. 9. Type @@logs.firstworldbank-example.com to direct TargetCentOS01 server to send © Jones & *.* Bartlett Learning, LLC © the Jones & Bartlett Learning, LLC all (*.*) logging information to a remote server named logs.firstworldbank-example.com. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 156 | Lab #9 Applying Best Practices for Security Logging and Monitoring © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 3 Edit the rsyslog.conf file 10. Press the Esc key to exit the Insert mode. © and Jones Bartlett Learning, LLC and exit the vi Editor. © Jones & Bartlett Learning, LL 11. Type :wq! press&Enter to save your changes NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 12. At the command prompt, type cat /etc/rsyslog.conf to display the contents of the file. 13. Make a screen capture showing the edited file and paste it into the Lab Report file. © Jones & Bartlett LLC © Jones Bartlett Learning, LLC 14. At the commandLearning, prompt, type sudo /sbin/service rsyslog restart & and press Enter to restart NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION the syslog logging mechanism with your changes without rebooting the server. 15. When prompted, type pass=7890, the student password, and press Enter to create the new account. © Jones & BartlettThe Learning, LLCreturn OK flags indicating © Jones & Bartlett Learning, system will that the process has restarted.LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 16. At the command prompt, type sudo /sbin/service sshd status and press Enter to check the running status of the openSSH server. 17. If prompted, type pass=7890, student password, and press Enter. © Jones & Bartlett Learning, LL © Jones & Bartlettthe Learning, LLC FOR SALEthat ORthe DISTRIBUTION If theNOT system indicates service is running, skip to step 18.NOT FOR SALE OR DISTRIBUT If the service is not running, type sudo /sbin/service sshd start and press Enter at the command prompt to start the SSH service. Repeat until you receive the indicator that the service is running. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT OR DISTRIBUTION 18. At the command prompt, type ssh nonexist@localhost andFOR pressSALE Enter to attempt to establish an SSH connection to an account that does not exist on this server. • • 19. If prompted to answer the question: Are you sure you want to continue connecting type yes and press Enter. © Jones & Bartlett Learning, LLC © Jones & Bartlett(yes/no)?, Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 157 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 20. When prompted for a password for the nonexist@localhost account, type test and press NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Enter to attempt to login to the server. Because this user account does not exist on the server, the login attempt will fail and the failed attempt will be logged into the system’s log file. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL 21. Repeat step each SALE time theOR system prompts you for a password forNOT this account. FOR SALE OR DISTRIBUT NOT20FOR DISTRIBUTION After three failed attempts, the system will display a Permission denied message indicating that the login attempt has been aborted and will return to the command prompt. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 4 Generate failed login data © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 22. At the command prompt, type su -c ' cat /var/log/secure ' and press Enter to NOT FOR SALE OR DISTRIBUTION NOT FOR SALE| grep OR nonexist DISTRIBUTION search the log file for all of the login attempts for the user account named nonexist. uNote: The /var directory is where all the system logs go by default on the local system. It is best practice to © Jones Bartlett Learning, LLC Jones & not Bartlett Learning, LL create a /var partition so that&attacks or over-subscription of the disk due to logging©activity does NOT FOR SALE OR DISTRIBUT FOR SALE OR DISTRIBUTION hamper the rest NOT of the system from performing its business function. 23. When prompted, type P@ssw0rd!, the root password, and press Enter. ©uNote: Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOTthe FOR ORtoDISTRIBUTION You are required to enter a mixed-case password. If you are not using CitrixSALE Receiver access this lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password. Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 158 | Lab #9 Applying Best Practices for Security Logging and Monitoring © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © JonesFigure & Bartlett LLC 5 FailedLearning, login attempts by nonexist@localhost © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 24. At the command prompt, type su -c ' lastb ' and press Enter to read only the failed login attempts on the TargetCentOS server. 25. When prompted, type P@ssw0rd!, press & Enter. © Jones & Bartlett Learning, LLC the root password,©and Jones Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION uNote: You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password. © Jones & Bartlett Learning, LLC © Jones Bartlettand Learning, LLCthe Lab 26. Make a screen capture showing the results of this&command paste it into NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Report file. 27. At the command prompt, type su -c ' tail /var/log/messages ' and press Enter to read the messages from the last 10 lines recorded in the log file. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL 28. When prompted, type P@ssw0rd!, the root password, and press Enter. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION uNote: You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR the DISTRIBUTION 29. Make a screen capture showing the results of this command and paste it into Lab Report file. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 159 © Jones & Bartlett Learning, LLC Part OR 2: Configuring Tripwire NOT FOR SALE DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION uNote: In the next steps, you will use Tripwire, a third-party tool loaded as a module on this server, to perform an integrity check.©First, you will configure Learning, a default policy file for Tripwire and create©aJones site and& local Jones & Bartlett LLC Bartlett Learning, LL passphrase. With the passphrase in place, you will initialize the Tripwire database and index all of the NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION files on the system. The site passphrase encrypts the Tripwire configuration and policy files, so that it wouldn’t be possible to view or change either file without the passphrase. The local passphrase would be used to protect the © Jones & Bartlett © Jones Bartlett Learning, LLC Tripwire database files. It Learning, is important toLLC point out that the passphrases used in&this lab (thelocalpass NOT FOR SALE OR DISTRIBUTION FOR SALE ORpassphrase: DISTRIBUTION and thesitepass) as oversimplified. In a real-life situation you wouldNOT choose a more complex at least 8 characters in length with a mix of letter cases and numbers. 1. At the command prompt, type su -c ' /usr/sbin/tripwire-setup-keyfiles ' and press Enter to the configuration files, the first step in creating a defaultLearning, encrypted policy © Jones & Bartlettload Learning, LLC © Jones & Bartlett LLC for Tripwire. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 2. When prompted, type P@ssw0rd!, the root password, and press Enter. uNote: Bartlettpassword. Learning, LLC © Jones & Bartlett You are required©toJones enter a & mixed-case If you are not using the Citrix Receiver to access this Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password. 3. When prompted by the Tripwire process to enter a site keyfile passphrase, type thesitepass and press Enter. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 4. FOR Type SALE thesitepass again to verify the site keyfile passphrase. NOT OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 5. When prompted to create a local keyfile passphrase, type thelocalpass and press Enter. 6. Type thelocalpass again to verify the local keyfile passphrase. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 160 | Lab #9 Applying Best Practices for Security Logging and Monitoring © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 6 Configure the default policy file for Tripwire © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 7. When prompted for the site passphrase to sign the configuration fileNOT (tw.cfg), type thesitepass and press Enter. uNote: ©A Jones Bartlett LLC © created Jonesat&this Bartlett cleartext&version of theLearning, configuration file, /etc/tripwire/twcfg.txt, is time. In Learning, a real-life LLC situation, youSALE would OR moveDISTRIBUTION this cleartext file to a more secure location onceDISTRIBUTION you’ve NOT FOR NOTand/or FORencrypt SALEit OR examined the contents. 8. When prompted for the site passphrase to sign the policy file (tw.pol), type thesitepass press Enter. © Jones & Bartlettand Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION uNote: A cleartext version of the policy file, /etc/tripwire/twpol.txt, is created during this step. Again, in a real-life situation, you would move this file to a secure location and/or encrypt it after you’ve examined it. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL 9. To confirm that the Tripwire configuration file is now encrypted, type su -c ' cat NOT FOR SALE OR DISTRIBUT NOT FOR' and SALE OR DISTRIBUTION /etc/tripwire/tw.cfg press Enter. 10. When prompted, type P@ssw0rd!, the root password, and press Enter. ©uNote: Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC You are required to enter a mixed-case password. If you are not using CitrixSALE Receiver access this NOT FOR SALE OR DISTRIBUTION NOTthe FOR ORtoDISTRIBUTION lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 161 © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 7 Encrypted configuration file © Jones & Bartlett Learning, LLC NOTclick FORClose SALE OR DISTRIBUTION 11. If prompted, to dismiss the pop-up window. © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT 12. To confirm that the Tripwire policy file is also encrypted, type su -c ' cat /etc/tripwire/tw.pol ' and press Enter. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC uNote: NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION After the policy file is created, Tripwire will provide instructions to run the init command to initialize the database. This process reads the policy file and generates a database from its contents. 13. When prompted, type P@ssw0rd!, the root password, and press Enter. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION uNote: You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password. © Jones & Bartlett Learning, LLCwindow. © Jones & Bartlett Learning, LL 14. If prompted, click Close to dismiss the pop-up NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 15. At the command prompt, type su -c ' /usr/sbin/tripwire --init ' and press Enter to begin the initialization process. 16. When prompted, type P@ssw0rd!, the root password, and press Enter. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 162 | Lab #9 Applying Best Practices for Security Logging and Monitoring © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC uNote: NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password. 17. When prompted local passphrase, type thelocalpass. © Jonesfor&aBartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION uNote: © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT Tripwire will index all of the files on the computer as specified in the policy file. The local passphrase was requested because indexing results in writing to the Tripwire database. This may take several minutes, so do not touch any keys until the terminal prompt appears. You will see several No such file or directory © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC messages because the policy file used in this lab references several file locations that are not found on NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION this server. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 8 Initialize the Tripwire database 18. At the command prompt, type su -c ' touch /bin/ls ' and press Enter to force a timestamp change on bin/ls © the Jones &file. Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 19. When prompted, type P@ssw0rd!, the root password, and press Enter. uNote: You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this ©lab, Jones Bartlett Learning, LLC © Jones & Bartlett please&use the CAPS LOCK button or the On-Screen Keyboard to input the password.Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 20. At the command prompt, type su -c ' /usr/sbin/tripwire --check ' and press Enter to run a file integrity check with Tripwire. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 163 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 21. When prompted, type P@ssw0rd!, the root password, and OR press Enter. NOT FOR SALE DISTRIBUTION NOT FOR SALE OR DISTRIBUTION uNote: You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION Tripwire will check the indexed files as specified in the policy file. This may take several minutes, so do not touch any keys until the terminal prompt appears. You will see several No such file or directory messages because the policy file used in this lab references several file locations that are not found on this server. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 22.FOR Use the scrollbar to move to the top of the report and review the reported violations in the NOT SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION integrity check. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 9 Tripwire Integrity Check Report 23. Make a screen capture showing the report and paste it into the Lab Report file. You may have to take multiple screen captures to display © Jones & Bartlett Learning, LLC the entire output. © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 164 | Lab #9 Applying Best Practices for Security Logging and Monitoring © Jones & Bartlett Learning, LLC Part OR 3: Configuring Rootkit Hunter NOT FOR SALE DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION uNote: In the next steps, you will use rkhunter (Rootkit Hunter), a tool that scans the server for rootkits, backdoors, and © other anomalies. You willLearning, edit the rkhunter the rkhunter report Learning, LL Jones & Bartlett LLCconfiguration file, schedule © Jones & Bartlett to run at a specific time, and run the rkhunter check summary report. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 1. At the command prompt, type su -c ' vi /etc/rkhunter.conf ' and press Enter to open the system log configuration file in the vi Editor. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 2. FOR WhenSALE prompted, type P@ssw0rd!, the root password, NOT and press NOT OR DISTRIBUTION FOREnter. SALE OR DISTRIBUTION uNote: You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this lab, please use the CAPS Keyboard to input the password. © Jones & Bartlett Learning, LLC LOCK button or the On-Screen © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 3. Press the i key to enter the Insert mode. 4. Use the arrow keys to locate the #MAIL-ON-WARNING=me@mydomain root@mydomain line and move to the end of the line and press Enter to create a new line. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL 5. Type MAIL-ON-WARNING=student to add the student account to the rkhunter tool.SALE OR DISTRIBUT NOT FOR NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT Figure 10 Modify the rkhunter.conf file FOR SALE OR DISTRIBUTION 6. Make a screen capture showing the edited file and paste it into the Lab Report file. 7. Press the Esc key to exit the Insert mode. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 165 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 8. Type :wq! and press Enter to save your changes and exit the Editor. NOT FOR SALE ORviDISTRIBUTION NOT FOR SALE OR DISTRIBUTION 9. At the command prompt, type vi rkhunter.txt and press Enter to create a new text file in the vi Editor. 10. Press the©i Jones key to enter the Insert mode. LLC & Bartlett Learning, © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 11. Type the following new line of text to use the cron scheduler to run an rkhunter report every morning at 2:30a.m. • 30 2 * * * /usr/bin/rkhunter -c -q >/dev/null 2>&1 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 11 Create the rkhunter.txt file Learning, LLC © Jones & Bartlett Learning, LLC © Jones & Bartlett NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 12. Press the Esc key to exit the Insert mode. 13. Type :wq! and press Enter to save your changes and exit the vi Editor. 14. At the command type su -c ' crontab rkhunter.txt ' and press © Enter to schedule the Learning, LL © Jonesprompt, & Bartlett Learning, LLC Jones & Bartlett cron job NOT for theFOR root SALE user. OR DISTRIBUTION NOT FOR SALE OR DISTRIBUT 15. When prompted, type P@ssw0rd!, the root password, and press Enter. uNote: ©You Jones & Bartlett LLC © Jones & Bartlett Learning, are required to enterLearning, a mixed-case password. If you are not using the Citrix Receiver to access thisLLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password. Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 166 | Lab #9 Applying Best Practices for Security Logging and Monitoring © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 16. At the command prompt, type su -c ' crontab -l ' and pressOR Enter to list the scheduled cron NOT FOR SALE DISTRIBUTION NOT FOR SALE OR DISTRIBUTION jobs. 17. When prompted, type P@ssw0rd!, the root password, and press Enter. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR SALE NOT FOR SALE OR DISTRIBUTION You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access thisOR DISTRIBUT lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password. uNote: 18. Make a screen capture showing the output of this command and paste it into the Lab Report file. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION uNote: If the output of the crontab –l command is empty, you will need to check that the crond daemon is running in the background. At the command prompt, type service crond status and press Enter. If the crond daemon is running, theJones crond daemon is stopped, type service © Jones & Bartlett Learning, LLCrepeat steps 16-18. If © & Bartlett Learning, LLC crond start, press Enter, and repeat steps 16-18. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 19. At the command prompt, type su -c ' /usr/bin/rkhunter -c ' and press Enter to run the rkhunter check summary report. © Jonestype & Bartlett Learning, © Jones & Bartlett Learning, LL 20. When prompted, P@ssw0rd!, the root LLC password, and press Enter. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION uNote: You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Rkhunter will check the system for any anomalies that could indicate a breach. This NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION check may take several minutes. Throughout this process, rkhunter will prompt you to [Press <ENTER> to continue]. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 167 © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 12 Run the rkhunter report © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL FOR SALE NOT FOR SALE OR DISTRIBUTION 21. Follow the onscreen instructions and press Enter as required until theNOT command promptOR DISTRIBUT returns. 22. Use the scrollbar to review the reported warnings in the summary. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 168 | Lab #9 Applying Best Practices for Security Logging and Monitoring © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 13 rkhunter check summary report © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOTitFOR SALE NOT FOR SALE OR DISTRIBUTION 23. Make a screen capture showing the summary and any warnings and paste into the LabOR DISTRIBUT Report file. You may have to take multiple screen captures to display the entire summary. 24. Close the remote Linux connection. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 25. Close the virtual lab, or proceed with Part 4 to answer the challenge question for this lab. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 169 © Jones & Bartlett Learning, LLC Part OR 4: Challenge Questions NOT FOR SALE DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION uNote: The following challenge questions are provided to allow independent, unguided work, similar to what you will encounter in a©real situation. You should aim to improve answer in as Learning, LL Jones & Bartlett Learning, LLCyour skills by getting the©correct Jones & Bartlett few steps as possible. Use screen captures in your lab document where possible to illustrate your answers. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 1. How would you edit the rsyslog.conf file to send all cron jobs to a remote server identified as 172.130.1.254 using the UDP protocol? How would you make sure that the changes take place immediately? © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR ORstuff DISTRIBUTION NOT FOR SALE OR DISTRIBUTION In the SALE # Log cron section of the file, comment out line that says cron.* /var/log/cron and add a new line to the same section: cron.* @172.130.1.254. Save the changes to the file and restart the rsyslog service. 2. What edits would error conditions or Learning, higher to that remote server © Jones & Bartlett Learning, LLC you make to send only © Jones & Bartlett LLC using the UDP protocol? NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION In this case, the new line would read: cron.err @172.130.1.254. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION uNote: © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 14 Edited rsyslog.conf file © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT This completes the lab. Close the virtual lab, if you have not already done so. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 170 | Lab #9 Applying Best Practices for Security Logging and Monitoring © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Evaluation Criteria and Rubrics NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION The following are the evaluation criteria and rubrics that students must perform: 1. Configure remote logging on the CentOS Linux Server and send syslogs and other events © Jones Bartlett Learning, LLC– [20%] © Jones & Bartlett Learning, LL to a remote host for&secure secondary logging NOT FOR SALE OR DISTRIBUT NOT FOR SALE DISTRIBUTION 2. Search through different logOR files on CentOS Linux Server to identify where certain types of logs are stored and how often they get recycled – [20%] 3. Configure the Tripwire file integrity tool so that modifications to important system files are quickly identified and properly logged both locally and remotely – [20%] 4. Configure and schedule rkhunter the&cron subsystem so thatLLC a © Jones & Bartlett Learning, LLC to run at said interval © using Jones Bartlett Learning, rootkit can beOR properly and quickly identified if possible – [20%] NOT FOR SALE DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 5. Configure both automatic searches on log files as well as automatic running of important security applications to properly monitor a CentOS Linux Server for malicious activity – [20%] © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 171 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Lab #9 – Assessment Worksheet NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Applying Best Practices for Security Logging and Monitoring Course Name and Number: _____________________________________________________ © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Lab Due Date: ________________________________________________________________ NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Overview In this lab, you configured remote logging on the CentOS Linux Server and sent syslogs to a remote host for secure secondary logging. You©used Tripwire, a third-party file integrity © Jones & Bartlett Learning, LLC Jones & Bartlett Learning, LLC tool, to identify to important system files. YouFOR configured Hunter, (rkhunter), to NOT FOR SALE ORmodifications DISTRIBUTION NOT SALE Rootkit OR DISTRIBUTION search for rootkits and other anomalies on a set schedule. You also searched the log files for specific criteria. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL Lab Assessment Questions & Answers NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 1. What is the primary place to store log files on a local Linux system, and what are recommended procedures for that location? © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Note following Part 1, Step 22. The /var directory is where all the system logs go by default on NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION the local system. It is best practice to create a /var partition so that attacks or over-subscription of the disk due to logging activity does not hamper the rest of the system from performing its business function. 2. Why is remote logging to a central server considered a best practice? © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Introduction Locating the system logs for all servers on a single server provides a more secure location for all logging. Suppose an intruder breaks into a Linux system and deletes all of the local log files. Unless the intruder also compromises the remote logging server, the log files will still be available to access and analyze. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUTION 3. Why is the Tripwire application considered a file integrity checker? NOT FOR SALE OR DISTRIBUT Introduction. Tripwire keeps a database hash of all files specified in its policy file. Any time a file is altered, Tripwire will detect the changes. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 172 | Lab #9 Applying Best Practices for Security Logging and Monitoring © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 4. Could rkhunter be considered a file integrity checker? Why why not? NOT FOR SALE ORorDISTRIBUTION NOT FOR SALE OR DISTRIBUTION Introduction. Yes. Rkhunter is a script that checks for various rootkits, a type of malicious software that enables unauthorized users access to the server without being detected. It also performs checks on common commands and startup files to determine if they have been © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL modified, among other things. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 5. How would you check to see that a recurring cron job was scheduled to run? Note following Part 3, Step 16. Use crontab -l to list. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 6. FOR WhatSALE is the difference between the site and local passphrases usedSALE by Tripwire? NOT OR DISTRIBUTION NOT FOR OR DISTRIBUTION Note introducing Part 2. The site passphrase encrypts the Tripwire configuration and policy files, so that it wouldn’t be possible to view or change either file without the passphrase. The local passphrase would be used to protect the Tripwire database files. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE7.OR DISTRIBUTION NOT SALE ORonDISTRIBUTION What is a security implication of locating theFOR syslog service a system with Internet access? Introduction. System logs open the Internet are also vulnerable to denial of service attacks, © fill Jones Bartlett LLCit cannot log any other messages. © Jones & Bartlett Learning, LL which may up the & system log toLearning, the point where NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Lab #10 Defining Linux OS and Application Backup and Recovery Procedures © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Introduction © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT A well-documented and tested disaster recovery process should be a part of any organization’s defense-in-depth security strategy. As part of the disaster recovery process, the security team © Jones & regular Bartlett Learning, © Jones & Bartlett LLC should make backups of theLLC systems. One such method, in the Linux serverLearning, environment, NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION is to use the tar command to create an archive which contains the files and folder structure of the targeted directory. This archive can then be compressed so as to take up less space. Compression is the process of encoding data to use fewer bits, thus making it smaller. Compressed data by itself, however, is not considered secure. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Encrypting backups should be as expected as NOT encrypting on the network. NOT FOR SALE OR DISTRIBUTION FOR communications SALE OR DISTRIBUTION Encryption helps to secure data so unauthorized entities can’t read or access it. Encryption converts the data into ciphertext, making it unreadable without a key or passphrase. Compromised backups are one of the primary ways of stealing corporate data. Backups may Jones & Bartlett Learning, LLC and company confidential © Jonesdata & Bartlett contain all of the©information, including private customer in an Learning, LL NOT FOR SALE NOT FOR SALE OR DISTRIBUTION organization. Emails, like backups, if not encrypted could contain huge amounts of potentially OR DISTRIBUT sensitive information and thus should be secured both in transit and at rest on the server. If emails aren’t encrypted, it becomes much easier for intruders to sniff traffic for emails and reconstruct all of the captured plaintext information. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Sometimes file may have been inadvertently deleted while NOT a program in the OR middle of NOT FORaSALE OR DISTRIBUTION FORisSALE DISTRIBUTION accessing it. In such cases, instead of locating an appropriate archive from which to restore a copy of the file, it may be possible to recover the file without resorting to a backup as the file may still reside under the /proc directory. © Jones & Bartlett Learning, Jones & Bartlett LLC for data In this lab, you will LLC maximize availability and©define a recovery timeLearning, objective (RTO) NOT FOR SALE OR DISTRIBUTION NOT Linux FOR SALE file backups and recovery on a production CentOS server. OR You DISTRIBUTION will secure a data file backup using OpenSSL encryption and restore the data file from the encrypted backup. You also will recover a deleted file using the /proc recovery function. This lab has four©parts, which should be completedLLC in the order specified. © Jones & Bartlett Learning, LL Jones & Bartlett Learning, NOT SALE OR DISTRIBUT NOT ORwill DISTRIBUTION 1. In the first partFOR of theSALE lab, you back up a file on the Linux OS and thenFOR secure it with encryption. 2. In the second part of the lab, you will delete a file and then use decryption to restore the file&onBartlett the Linux OS. You also for this & process. © Jones Learning, LLCwill document the RTO © Jones Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 3. In the third part of the lab, you will identify the process ID (PID) from a deleted file and restore the file using the built-in Linux OS virtual filesystem called /proc. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT All FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. rights reserved. www.jblearning.com Instructor Lab Manual © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 173 174 | Lab #10 Defining Linux OS and Application Backup and Recovery Procedures © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 4. Finally, if assigned by your instructor, you will explore virtual environment on your NOT FOR SALEthe OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION own to answer a set of challenge questions that allow you to use the skills you learned in the lab to conduct independent, unguided work, similar to what you will encounter in a real-world situation. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT Learning Objectives NOT FOR SALE OR DISTRIBUTION Upon completing this lab, you will be able to perform the following: • Ensure Linux OS, application, and data availability with documented backup and © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC recovery procedures NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION • Configure and perform backups within the Linux operating system as an automated and stable way of enhancing backup and recovery procedures and maximizing system availability • Encrypt backups are being performed © Jones & Bartlett Learning, LLCin the Linux operating © system Jonesas & they Bartlett Learning, LLCand for NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION securing data backups and storage • Restore encrypted backups for full recovery of the Linux OS as per defined recovery time objectives (RTO) • Backup and restore deleted files using /proc in Linux so that an entire system does not © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL have to be restored the instance of a deleted or corrupted file NOT FOR SALE OR DISTRIBUT NOT FOR in SALE OR DISTRIBUTION Tools and Software The following softwareLearning, and/or utilities this lab.&Students encouraged © Jones & Bartlett LLCare required to complete © Jones Bartlettare Learning, LLC to explore the Internet to learn more about the products and tools used in this lab. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION • None © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 175 © Jones & Bartlett Learning, LLC Deliverables NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Upon completion of this lab, you are required to provide the following deliverables to your instructor: © Jones & Bartlett Learning, LLC & Bartlett 1. Lab Report file including screen captures of the following steps: Part©1,Jones Step 13; Part 2, Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION Step 10; Part 3, Steps 7, 11, and 17; 2. Lab Assessments file; 3. Optional: Challenge Questions file, if assigned by your instructor. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 176 | Lab #10 Defining Linux OS and Application Backup and Recovery Procedures © Jones & Bartlett Learning, LLC Hands-On Steps NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION uNote: This lab contains detailed lab procedures, which you should follow as written. Frequently performed tasks are explained in the Common&Lab Tasks document on the vWorkstation desktop. You should review these Learning, LL © Jones Bartlett Learning, LLC © Jones & Bartlett tasks before starting the lab. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 1. From the vWorkstation desktop, open the Common Lab Tasks file. If you desire, use the File Transfer file to your local computer andLLC © Jones & Bartlett Learning, LLC button to transfer the © Jones & Bartlett Learning, print SALE a copy for reference. NOT FOR ORyour DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Figure 1 “Student Landing” vWorkstation NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 2. On your local computer, create the lab deliverable files. 3. Review the Lab Assessment Worksheet at the end of this lab. You will find answers to questions as you proceed through©the lab steps. © Jones & Bartlettthese Learning, LLC Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Part 1: Back Up a Data File on the Linux OS uNote: & up Bartlett Learning, LLC © Jones & Bartlett Learning, LL In the next steps, © youJones will back a data file on the Linux OS. You will secure the backup file, encrypt it using the opensslNOT command, and then remove the unencrypted data file. NOT FOR SALE OR DISTRIBUT FOR SALE OR DISTRIBUTION 1. Double-click the RDP folder on the vWorkstation desktop. 2. Double-click theLearning, TargetCentOS01.rdp file to open the Linux server. © Jones & Bartlett LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR DISTRIBUTION The remote GNOME desktop, the graphical user interface (GUI)SALE for the OR virtual Linux server, opens with the IP address of the remote machine (172.30.0.21) in the title bar at the top of the window. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 177 © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC FOR SALE OR DISTRIBUTION Figure 2 TheNOT GNOME desktop 3. Double-click the Terminal icon on the GNOME desktop to open the terminal emulator and access the Linux server command line. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL 4. At the command prompt, type pwd and press Enter to verify that you are in the home NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION directory. The system will return the current directory as /home/student. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 178 | Lab #10 Defining Linux OS and Application Backup and Recovery Procedures © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 3 Verify the working directory © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 5. At the command prompt, type su -c ' tar zcvf yourname.tar.gz /etc /varNOT ', replacing yourname with your own name, and press Enter to archive and compress the /etc and /var directories for backup. uNote: © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC The tar FOR command is used combine multiple files into a single file,NOT while FOR still preserving the complete NOT SALE ORtoDISTRIBUTION SALE OR DISTRIBUTION pathname information. It can be used with several switch options, such as the zcvf switch used in this example. • -z: unzip a compressed tar ball • -c: create an archive © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC • -v: provide verbose output (display progress) for FOR executed command NOT FOR SALE OR DISTRIBUTION NOT SALE OR DISTRIBUTION • -f: force the command even if there are errors • -C: provide directory as root directory when extracting Another switch that be used with the tar command isLLC the –x switch, which extracts the contents of the Learning, LL © can Jones & Bartlett Learning, © Jones & Bartlett tar ball. You will use this switch later in the lab. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 6. When prompted, type P@ssw0rd!, the root password, and press Enter. uNote: © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password. The system will return all directories and files as they are backed up. This may take several minutes. Once the backup process is complete, the system will create a new © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 179 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC compressed file named yourname.tar.gz containing the contents of the /etc and the /var NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION directories. 7. At the command prompt, type su -c ' openssl des3 -salt -in yourname.tar.gz -out yourname.tar.gz.des3 ' and press Enter to encrypt the file. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 8. When prompted, type P@ssw0rd!, the root password, and press Enter. uNote: You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this lab, please use the CAPSLearning, LOCK buttonLLC or the On-Screen Keyboard©toJones input the&password. © Jones & Bartlett Bartlett Learning, LLC To finalize the encryption process, the system will prompt you for an encryption thatDISTRIBUTION will be NOT FOR SALE OR DISTRIBUTION NOT FOR password SALE OR required to decrypt the file later. In the virtual lab, you use simple, easy to remember, passwords, but in a real-world situation you would want to choose a more complex password to encrypt your backup files. 9. When prompted password, type mypassword © Jones & Bartlett Learning, LLCto enter a des-ede3-cbc © encryption Jones & Bartlett Learning, LLC and press Enter. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 10. When prompted to verify the des-ede3-cbc encryption password, type mypassword and press Enter. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT Figure 4 Create a password for the des3 encrypted file © Jones & Bartlett Learning, LLC Jones Bartlett Learning, 11. At the command prompt, type ls yourname.tar.gz.des3©and press&Enter to verify that theLLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION new encrypted file has been created. Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 180 | Lab #10 Defining Linux OS and Application Backup and Recovery Procedures © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC uNote: NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION The system will return the yourname.tar.gz.des3 filename. If the system returns a No such file or directory message, confirm your spelling in step 11, or repeat steps 7-11 to ensure that the file is created correctly. 12. At the prompt, type&rm -f yourname.tar.gz press Enter to delete (remove) © Jones Bartlett Learning,and LLC © Jonesthe & original Bartlett Learning, LL unencrypted compressed backup file. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 13. Make a screen capture of the terminal window showing the string of commands for the encryption process and paste it into the Lab Report file. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Part Restore a Deleted File using an Encrypted Backup NOT2:FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION uNote: In the next steps, you will simulate a scenario in which a required file is deleted. First, you will “delete” the file, then you will decrypt the backup copy of that file using the provided password and use that copy © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC to restore the “deleted” file. Throughout this process, you will be track the time it takes to restore the file. NOT FOR SALE OR DISTRIBUTION SALEtime ORobjective DISTRIBUTION In other words, you will be recording the recoveryNOT time. FOR The recovery (RTO), the timeframe within which an essential business process or file must be restored after a disaster, is an important measurement for IT support professionals. © Jonesprompt, & Bartlett Learning, LLC Jones Bartlett Learning, LL 1. At the command type su -c ' mv /etc/mail/sendmail.mc /tmp ' © and press & Enter to NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION move the sendmail.mc file into the /tmp directory simulating a deleted sendmail configuration file. 2. When prompted, type P@ssw0rd!, the root password, and press Enter. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC uNote: NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password. 3. In the Lab Report file, record the time you started this set of steps. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT system FOR SALE DISTRIBUTION Record the time using the Linux machine’s clock OR which is displayed in the upperright corner of the remote Linux desktop. 4. At the command prompt, type su -c ' openssl des3 -d -salt -in yourname.tar.gz.des3 -out yourname.tar.gz ', replacing yourname withLLC your own name in both instances, press Learning, LL © Jones & Bartlett Learning, © Jonesand & Bartlett Enter to NOT decrypt the backup file. NOT FOR SALE OR DISTRIBUT FOR SALE OR DISTRIBUTION 5. When prompted, type P@ssw0rd!, the root password, and press Enter. uNote: © Jones & Bartlett © Jones & Receiver BartletttoLearning, You are required to enterLearning, a mixed-caseLLC password. If you are not using the Citrix access this LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password. DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 181 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 6. When prompted for the des-ede3-cbc decryption type mypassword, the NOT FORpassword, SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION encryption password for this file, and press Enter. The decryption process will take several minutes. Do not touch any keys until the command prompt returns. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL 7. At the command prompt, -c ' tar zxvf yourname.tar.gz -C / etc/mail/sendmail.mc NOT FOR SALE' OR DISTRIBUT NOT FOR SALEtype ORsuDISTRIBUTION and press Enter to restore the sendmail configuration file from the backup file to its appropriate location. 8. When prompted, type P@ssw0rd!, the root password, and press Enter. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION uNote: You are required to enter a mixed-case password. If you are not using the Citrix Receiver to access this lab, please use the CAPS LOCK button or the On-Screen Keyboard to input the password. © Jones & Bartlett Learning, LLCprompt, type ls /etc/mail/sendmail.mc © Jones & Bartlett Learning, 9. At the command and press Enter toLLC verify that the NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION sendmail.mc file has been restored. uNote: The system will return the sendmail.mc filename. If the system returns a No such file or directory message, confirm your spelling in step 9&orBartlett repeat steps 4-9 to ensure © Jones Learning, LLCthat the file is created. © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Figure 5 Restore the sendmail.mc data file NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 182 | Lab #10 Defining Linux OS and Application Backup and Recovery Procedures © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 10. Make a screen capture of the terminal window showing results of the ls NOT FOR SALEthe OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION /etc/mail/sendmail.mc command and paste it into the Lab Report file. 11. In the Lab Report file, record the time you completed this set of steps. Record the time using the Linux machine’sLLC system clock which is displayed upper- Learning, LL © Jones & Bartlett Learning, © Jonesin&the Bartlett right corner the remote desktop. NOT FOR SALE OR DISTRIBUT NOTofFOR SALELinux OR DISTRIBUTION 12. In the Lab Report file, record the RTO (RTO=stop time minus start time) for the recovery of the sendmail.mc file. © Jones & Bartlett Learning, LLC uNote: © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT SALE DISTRIBUTION The recovery time objective (RTO) for an organization can be adjusted forFOR mission criticalOR applications by giving priority to stored backups of systems, applications, and data files in order to meet company-specific goals for the RTO. The automation of recovery steps from backup data files can also help achieve a desired RTO. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Part 3: Restore a Deleted File using the Process ID (PID) uNote: ©you Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LL In the next steps, will restore a deleted file that was not captured in a backup data file. The&system NOT FOR SALE NOT FOR SALE OR DISTRIBUTION will hold deleted files in memory for a period of time with a process ID number (PID). As long as the file OR DISTRIBUT is still being referenced by the less command, you can restore it. First, you will create a new file (hacked.sh) that is not a part of the yourname.tar.gz backup and then ©you Jones & Bartlett LLC Jones & Bartlett Learning, LLC will delete it. Finally,Learning, you will restore the deleted file using the©/proc command. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 1. At the command prompt, type vi hacked.sh and press Enter to open a new file called hacked.sh in the VI Editor. 2. Press the i key to enter the Insert mode. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE3.OR DISTRIBUTION NOTline FOR SALE OR type DISTRIBUTION Use the arrow keys to locate the first blank in the file and You have been hacked!. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 183 © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 6 Create a new hacked.sh file © Jones & Bartlett Learning, LLC FOR DISTRIBUTION 4. Press theNOT Esc key toSALE exit theOR Insert mode. © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT 5. Type :wq! and press Enter to save your changes and exit the vi Editor. 6. At the command prompt, type less hacked.sh and press Enter to view the contents of the © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC hacked.sh file you just created. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 7. Make a screen capture showing your contents of the hacked.sh file and paste it into the Lab Report File. 8. Press the CTRL+Z screen. © Jones & Bartlett Learning, LLC keys to exit the less © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION uNote: The CTRL+Z key pair puts the less hacked.sh session in a suspended state, which means that the process still exists, as opposed to existing the session outright. © Jonesprompt, & Bartlett Learning, LLC © Jones & Bartlett 9. At the command type rm -f hacked.sh and press Enter to delete the hacked.sh file. Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 10. At the command prompt, type /usr/sbin/lsof | grep hacked and press Enter to verify that the file is still being referenced by the less command, and obtain the process ID (PID). © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 184 | Lab #10 Defining Linux OS and Application Backup and Recovery Procedures © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC uNote: NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION The lsof command is used to list (ls) open files (of) on the system, along with the processes that are opening the files. The result of this step shows that the hacked.sh file is still opened by the less process despite the file having been deleted from the filesystem. Until the less process releases its hold on the hacked.sh file, the©file still exists, even though it is no longer PID is & a numeric Jones & Bartlett Learning, LLC on the filesystem itself.©The Jones Bartlett Learning, LL reference numberNOT for theFOR file. InSALE this figure, the PID is 2642. Your number may be different. NOT FOR SALE OR DISTRIBUT OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOTfile FOR SALE OR DISTRIBUTION Figure 7 Find the PID for the hacked.sh 11. Make a screen capture showing the process ID and paste it into the Lab Report File. 12. At the command PIDLearning, with the process © Jones & Bartlett Learning, LLCprompt, type cd /proc/PID/fd/, © Jonesreplacing & Bartlett LLC ID you documented in step 11, and press Enter to find the file in the system memory. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION uNote: A virtual filesystem, /proc doesn’t contain actual files, but instead contains runtime system information such as system memory, devices mounted, and hardware configuration. Thus, this pseudo-filesystem can be © Jones & Bartlett Learning, LLC © Jones & has Bartlett regarded as a control and information center for the Linux kernel. Therefore, even though the file been Learning, LL NOTa FOR SALE NOT FOR SALE OR DISTRIBUTION deleted the file remains in the /proc directory as long as the file is still being used. When file in Linux is OR DISTRIBUT deleted, it is “unlinked.” The inode contains the files data, and the inode is still there as long as the file is still being used. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 185 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 13. At the command prompt, type ls -ls and press Enter to locate file descriptor associated NOT FOR SALE ORthe DISTRIBUTION NOT FOR SALE OR DISTRIBUTION with the deleted file. Though several file descriptors may be returned, the correct descriptor will reference the previous location of the deleted file (/home/student/hacked.sh). In the following figure, © Jones for & Bartlett Learning, © Jones & Bartlett Learning, LL the file descriptor the deleted file is 4. LLC NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Figure 8 Find the file descriptor for the hacked.sh fileSALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION NOT FOR 14. In the Lab Report file, record the file descriptor for the hacked.sh file. 15. At the command prompt, type cp descriptor /home/student/hacked.recovered, replacing the file descriptor you © recorded 14, and press Enter to recover the © Jones & Bartlettdescriptor Learning,with LLC Jones in & step Bartlett Learning, LLC file by copying the file descriptor to the hard drive. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 16. At the command prompt, type cat /home/student/hacked.recovered and press Enter to view the contents of the recovered file. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 186 | Lab #10 Defining Linux OS and Application Backup and Recovery Procedures © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Figure 9 Recover the hacked.sh file © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FORthe SALE NOT FOR SALE OR DISTRIBUTION 17. Make a screen capture showing the results of the file recovery and paste it into Lab OR DISTRIBUT Report file. 18. Close the remote Linux connection. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 19. Close the virtual lab, or proceed with Part 4 to answer the challenge question for this lab. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 187 © Jones & Bartlett Learning, LLC Part OR 4: Challenge Question NOT FOR SALE DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION uNote: The following challenge question is provided to allow independent, unguided work, similar to what you will encounter in a real You should aim to improveLLC your skills by getting the correct answer&inBartlett as few Learning, LL ©situation. Jones & Bartlett Learning, © Jones steps as possible. Use screen captures in your lab document where possible to illustrate your answers. NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION 1. In Part 2, Step 4 of this lab you used the openssl command with the -salt option while encrypting the backup file. Why is the -salt option used? © Jones Bartlett Learning, & Bartlett The & -salt option should alwaysLLC be used if the encryption key©isJones being derived from aLearning, password. LLC NOT FOR SALE ORoption, DISTRIBUTION NOT FOR SALE DISTRIBUTION Without the -salt it is possible to perform efficient dictionary attacks on theOR password and to attack stream cipher encrypted data. Without the -salt option, the same password always generates the same encryption key; with the option, a random key is generated when encrypting the file. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC If the same password generates the sameNOT encryption then OR it is possible for an attacker to use NOT FOR SALE OR DISTRIBUTION FORkey, SALE DISTRIBUTION a rainbow table. A rainbow table is a pre-compiled list of hashes derived from a set of dictionarybased inputs. By comparing the encryption key against the rainbow table, the attacker may be more likely to determine what the original password is. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL uNote: NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION This completes the lab. Close the virtual lab, if you have not already done so. © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 188 | Lab #10 Defining Linux OS and Application Backup and Recovery Procedures © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Evaluation Criteria and Rubrics NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION The following are the evaluation criteria for this lab that students must perform: 1. Ensure Linux OS, application, and data availability with documented backup and Jones & –Bartlett © Jones & Bartlett Learning, LL recovery©procedures [20%] Learning, LLC NOT FOR SALE NOT FOR SALE OR DISTRIBUTION 2. Configure and perform backups within the Linux operating system as an automated andOR DISTRIBUT stable way of enhancing backup and recovery procedures and maximizing system availability – [20 %] 3. Encrypt backupsLearning, in the Linux operating system as they being&performed and for © Jones & Bartlett LLC © are Jones Bartlett Learning, LLC securing dataOR backups and storage – [20%] NOT FOR SALE DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 4. Restore encrypted backups for full recovery of the Linux OS as per defined recovery time objectives (RTO) – [20%] 5. Backup and restore deleted files using /proc in Linux so that an entire system does not © Jones & Bartletthave Learning, LLC in the instance of a©deleted Jonesor&corrupted Bartlettfile Learning, to be restored – [20%] LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 189 © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Lab #10 – Assessment Worksheet NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Defining Linux OS and Application Backup and Recovery Procedures Course Name and Number: _____________________________________________________ © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Lab Due Date: ________________________________________________________________ NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Overview In this lab, you maximized availability and defined a recovery time objective (RTO) for data file backupsLearning, and recovery on a production CentOS©Linux server. You secured a data LLC file backup © Jones & Bartlett LLC Jones & Bartlett Learning, usingOR OpenSSL encryption and restored the data fileFOR fromSALE the encrypted backup. You also NOT FOR SALE DISTRIBUTION NOT OR DISTRIBUTION recovered a deleted file using the /proc recovery function. Lab Assessment Questions & Answers © Jones & Bartlett Learning, LLC 1. Why is encrypting already file necessary? NOT FORan SALE ORcompressed DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT Introduction. Encryption and compression are two different things. Compression is the process of encoding data to use fewer bits, thus making it smaller. Compressed data by itself, however, is not considered secure. Encryption converts the data into ciphertext, making it unreadable without a key © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC or passphrase. NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION 2. Why is it best practice to encrypt backups? Introduction. Compromised backups are one of the primary ways of stealing corporate data. may LLC contain all of the information,©including customer and company © Jones & BartlettBackups Learning, Jones private & Bartlett Learning, LLCconfidential data in an organization. Regular backups should be part of the disaster recovery process and a NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION defense-in-depth strategy. Encrypting backups should be as expected as encrypting communications on the network. Encryption helps to secure data so unauthorized entities can’t read or access it. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights& reserved. © Jones & Bartlett Learning, LLC © Jones Bartlett Learning, LLC www.jblearning.com Instructor Lab Manual NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION. 190 | Lab #10 Defining Linux OS and Application Backup and Recovery Procedures © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC 3. Why is performing messaging, such as e-mails, in SALE an encrypted fashion recommended as NOT FOR OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION part of a secure communications strategy? Explain. Introduction. E-mails, like backups, if not encrypted, could contain huge amounts of potentially sensitive information and thus should be secured both in transit and at rest on the server. If e-mails © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL aren’t encrypted, it becomes much easier for intruders to sniff traffic for e-mails and reconstruct all NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION of the captured plaintext information. 4. Explain each ofLearning, the switchesLLC used in the following command: fwbsl.tar.gz © Jones & Bartlett © Jonestar&zxvf Bartlett Learning, LLC etc/mail/sendmail.mc -C / etc/mail NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Note following Part 1, Step 5. • -z: Unzips a compressed tarball • -x:LLC Extracts the contents of a tarball © Jones & Bartlett Learning, © Jones & Bartlett Learning, LLC • -v: Provides verbose output toNOT a tarball command being executed NOT FOR SALE OR DISTRIBUTION FOR SALEthat ORisDISTRIBUTION • -f: Force the command even if there are errors • -C: Use provided directory as root directory when extracting 5. How is it possible to recover a deleted file from the pseudo filesystem /proc? © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL NOT FOR NOT FOR SALE OR DISTRIBUTION Note following Part 3, Step 12. A virtual filesystem, /proc doesn’t contain actual files, but SALE instead OR DISTRIBUT contains runtime system information such as system memory, devices mounted, and hardware configuration. Thus, this pseudo-filesystem can be regarded as a control and information center for the Linux kernel. Therefore, even though the file has been deleted the file remains in the /proc © Jones & Bartlett LLC Jones & Bartlett Learning, directory as long Learning, as the file is still being used. When a file in©Linux is deleted, it is “unlinked.” TheLLC inodeSALE containsOR the DISTRIBUTION files data, and the inode is still there as NOT long asFOR the file is still OR beingDISTRIBUTION used. NOT FOR SALE 6. If the recovery time objective (RTO) was unacceptable to your organization’s business continuity plan, what could you do to ensure that you achieve the desired RTO for data files, applications, or systems? © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT SALE ORforDISTRIBUTION Note following Part 2, Step 12. The recovery timeFOR objective (RTO) an organization can be adjusted for mission-critical applications by giving priority to stored backups of systems, applications, and data files in order to meet company-specific goals for the RTO. The automation of recovery steps from backup data files can also help achieve a desired RTO. © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LL 7. What descriptor did you record in Part 3, Step 14 of this lab? NOT FOR SALE OR DISTRIBUT NOT FOR SALE OR DISTRIBUTION Part 3, Step 14 (Number actually used in step 15). (Answers will be unique to each student.) © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION.