Felitaur Site
Offerings
|
   
|
Introduction to Security for Linux
Lecture Overview Index | Linux SysAdmin Homepage
Overview |
Security
The following commands/programs will be used/discussed this week:
passwd
pwck and grpck
chage
rpm -Va
ifconfig (promiscuous?)
tcpd
Tripwire ®
PortSentry
SATAN and SAINT
Nessus (openvas)
nmap and nmapfe
Secure Shell (ssh and sshd)
Snort
ssh and sftp
md5sum and gpg keys
xinetd (/etc/hosts.deny and /etc/hosts.allow)
|
Questions |
What is ifconfig used for in this case??
What is a good password? A bad password?
What is meant by "social engineering?
What do the following do?
pwck and grpck
chage
rpm -Va
What services (servers) are vulnerable to attack?
What services should not be installed unless there is a REAL need for
them?
What should you do with unwanted services in inetd.conf (or xinetd.d)?
Why is ssh better than telnet?
Why is ftp considered a security risk? How is sftp different?
What is tcpd?
What are tcp wrappers, why are they useful?
What is the purpose of the files hosts.allow and hosts.deny in /etc ?
What is the purpose of software like SATAN, SAINT and COPS? Why do you
probably NOT want to run them on anyone's network but the one you own?
What is meant by a scanner attack? Can you detect scanner attacks?
What is Nessus used for?
Where would you check to see who is/has been trying to access various
services on your machine?
What is a Denial of service attack? (DOS) What about a Distributied
Denial of Service Attack? (DDOS)
What good does it do to set the /tmp partition noexec?
|
Activities & Assignments |
Assignment 1
- Skipping this for now, check out Snort.org for the CentOS 7 and other installs, and a CentOS 6.6 Install tutorial (be sure to read the comments as well)
- Make sure to run yum install libpcap-devel so you have the libraries
- Go to the "portsentry" page below
- Download the portsentry "package" (Note: Firefox will save it in the
users Downloads directory, so /home/username/Downloads is where it will be located)
- use tar to untar and unzip the package
- cd into portsentry-2.0b1 and use vim to open portsentry.conf
- use ifconfig to find your IP address and ethernet card for your
machine, note, it should be enp0s3 or maybe eth0 or eth1 on non systemd distros and the address is after the line that says inet addr: For VMWare it will be a 192.168.x.x and for Virtual Box it may be 10.0.2.15
- Make sure that the INTERFACE="enp0s3" is correct for your machine (change it to "eth1" or whatever ifconfig shows you.
- Change the INTERFACE_ADDRESS="yourIPhere " to your IP address (use ifconfig to find)
- search for "iptables"
- Uncomment the line that mentions iptables and Kill route (remove the
# sign) and change /usr/local/bin/iptables to /sbin/iptables
and replace the # sign for the ipchains line above that
- Close portsentry.conf
- Note, several of the windows servers are nosey buggers, so we m need
to edit portsentry.ignore to keep from locking ourselves out of the
internet
so while in the source directory vim portsentry.ignore and add the following lines to
portsentry.ignore
140.198.0.0/16
192.168.0.0/16
10.0.0.0/8
- Then, as root, run the next two commands inside that directory
- Type "make linux"
- Then "make install"
- Try it out by running
/usr/local/psionic/portsentry2/portsentry
and then pgrep portsentry (should return a number)
and less /var/log/messages should should a lot of portsentry notices at the end
Assignment 3
- "yum install rkhunter"
rkhunter --propupd
rkhunter -c and see how it differs in output
Assignment 4
- Install the KeepassX password vault
- Easiest way (assuming you have added the EPEL repository)
yum install keepassx
|
Resources |
Check out the various web page resources on the Linux System Administration home page.
|
|
|