logo © 1996 Phil Waclawski
Felitaur Site
Offerings
About Me
Crafts
Services
ftp files
Help Files
What's New?
Home Page
Other Links
Anatomy &
Physiology
Arthropods
Biology
Computers
Ferrets
Fun Links
Internet
Linux
S.C.A.
Win 95/NT
Comments or
Suggestions
webmaster@ felitaur.com
   
Introduction to Security for Linux
Lecture Overview Index | Linux SysAdmin Homepage
Overview
Security

The following commands/programs will be used/discussed this week:

passwd
pwck and grpck
chage
rpm -Va
ifconfig (promiscuous?)
tcpd
Tripwire ®
PortSentry SATAN and SAINT
Nessus (openvas)
nmap and nmapfe
Secure Shell (ssh and sshd)
Snort
ssh and sftp
md5sum and gpg keys
xinetd (/etc/hosts.deny and /etc/hosts.allow)

Questions
What is ifconfig used for in this case??
What is a good password? A bad password?
What is meant by "social engineering?
What do the following do?
pwck and grpck
chage
rpm -Va

What services (servers) are vulnerable to attack?
What services should not be installed unless there is a REAL need for them?
What should you do with unwanted services in inetd.conf (or xinetd.d)?
Why is ssh better than telnet?
Why is ftp considered a security risk? How is sftp different? What is tcpd?
What are tcp wrappers, why are they useful?
What is the purpose of the files hosts.allow and hosts.deny in /etc ?
What is the purpose of software like SATAN, SAINT and COPS? Why do you probably NOT want to run them on anyone's network but the one you own?
What is meant by a scanner attack? Can you detect scanner attacks?
What is Nessus used for?
Where would you check to see who is/has been trying to access various services on your machine?
What is a Denial of service attack? (DOS) What about a Distributied Denial of Service Attack? (DDOS)
What good does it do to set the /tmp partition noexec?

Activities & Assignments

Assignment 1

     
  1. Skipping this for now, check out Snort.org for the CentOS 7 and other installs, and a CentOS 6.6 Install tutorial (be sure to read the comments as well)

Assignment 2

  1. Make sure to run yum install libpcap-devel so you have the libraries
  2. Go to the "portsentry" page below
  3. Download the portsentry "package" (Note: Firefox will save it in the users Downloads directory, so /home/username/Downloads is where it will be located)
  4. use tar to untar and unzip the package
  5. cd into portsentry-2.0b1 and use vim to open portsentry.conf
  6. use ifconfig to find your IP address and ethernet card for your machine, note, it should be enp0s3 or maybe eth0 or eth1 on non systemd distros and the address is after the line that says inet addr: For VMWare it will be a 192.168.x.x and for Virtual Box it may be 10.0.2.15
  7. Make sure that the INTERFACE="enp0s3" is correct for your machine (change it to "eth1" or whatever ifconfig shows you.
  8. Change the INTERFACE_ADDRESS="yourIPhere " to your IP address (use ifconfig to find)
  9. search for "iptables"
  10. Uncomment the line that mentions iptables and Kill route (remove the # sign) and change /usr/local/bin/iptables to /sbin/iptables and replace the # sign for the ipchains line above that
  11. Close portsentry.conf
  12. Note, several of the windows servers are nosey buggers, so we m need to edit portsentry.ignore to keep from locking ourselves out of the internet
    so while in the source directory vim portsentry.ignore and add the following lines to portsentry.ignore
    140.198.0.0/16
    192.168.0.0/16
    10.0.0.0/8
  13. Then, as root, run the next two commands inside that directory
  14. Type "make linux"
  15. Then "make install"
  16. Try it out by running /usr/local/psionic/portsentry2/portsentry
    and then pgrep portsentry (should return a number)
    and less /var/log/messages should should a lot of portsentry notices at the end

Assignment 3

  • "yum install rkhunter"
    rkhunter --propupd
    rkhunter -c and see how it differs in output

Assignment 4

  • Install the KeepassX password vault
  • Easiest way (assuming you have added the EPEL repository)
    yum install keepassx
Resources
Check out the various web page resources on the Linux System Administration home page.