Lesson 12: Securing Linux Systems Flashcards
What is the CIA triad?
Every implanted security practice should be improving on of these: Confidentiality, Integrity, Availability
What command creates a boundary around a application to prevent cyberattacks?
Change root - commands chroot, create what is called a jail/boundary around a application
The syntax of the chroot command is chroot [options] {new root directory} [command]
How would you protect your logs?
Setup file auditing. Once audit is step you can configure in /etc/audit to protect syslog stored in /var/log and send to another location.
How can you protect your data if your physical computer is stolen?
Use encryption which creates a key the converts your data to cipher text
What is hashing?
Hashing deals with data integrity, to make sure data has not been tampered with
note.
Hashing takes the data, runs it through a mathematical formula that uses a key / algorithm to create a digest (like summary data) which would be compared to pull digest
How would encrypt the whole disk
LUKS - Linux Unified Key Setup allows you to encrypt the full disk by generating a managed key store
to encryt disk using luks use the cryptsetup command
cryptsetup –verbose –verify-passphrase luksFormat {disk_path}
verbose allow you to see whats happing as it happens
before data is copied to a encrypted disk you have to make sure it is mounted to unlock it
to mount and formate cryptsetup luksOpen {disk_path} {mount_name}
Then set file system mkfs.xfs /dev/mapper/{disk_mount_name}
then mount using mount command -> mount /dev/mapper/{disk_mount_name} /mnt/{folder_name}
What does the shred command do?
Shred command, will go through and write ones and zeroes to the disk to override any magnetic signature or crusty data on a disk. shred -v –iterations=3 {disk_path}
What is obfuscation?
The act of not securing something but hiding it - security theater
Where can you find ssh configurations?
The root folder is /etc/ssh :
/ssh_config file is for client configuration
/sshd_config file is for sever configurations
What are some ways to secure sshd?
- Change listening address
- use latest version (ssh version 2 use stronger encryption a larger key)
- in the ssh_config file require public keys to be in /ssh/known_host - enable “strict host key checking”
- add line in config file “protocol 2” to force the use of version 2 (systemctl restart sshd to make sure changes are applied)
- generate new keys: r
m * key* to remove existing keys
systemctl stop sshd
inside the ssh folder run ssh-keygen -t(type of key) rsa -f(where to place key) /etc/ssh/{use same file name}
note.
keys are based on /dev/random or urandom which may have som predictable sequences or pre generated keys that are installed on the insallintion media
Why would you store a fingerprint onto a client?
To know you’re connecting to a trusted server.
You can add in the .ssh folder in the home dir.
should be added to a text file /known host - contains public key of each host you trust
ssh-keyscan {server_location}»_space; ~/.ssh/known_hosts
takes output / public key from servers and places key in host file
How do you make sure all newly created users have the public keys?
place /known_hosts (public keys) file into the /etc/skel/.ssh folder
for exsisting users you will have to add manuel to the known_hosts file (be sure to append)
How do you view the ssh public key?
use ssh-keygen -lf {public key location} -E{algorithm (md5, sha, etc)}
What is SE Linux?
SELinux - Security Enhance Linux created by the NSA. Which has three modes detect inappropriate access - disable , permissive (keeps logs of access), enforcing (keeps log and prevents access), disable
How do you see if you are running SELinux?
Use comman sestatus - shows status, mount location, modes
How do you change SELinux role?
setenforce {enforce_level}
How do you chang SELinux boot mode?
Edit config file at /etc/selinux/config
How do you view selinux logs?
It is located in the var/log/audit/audit.log file
better to us tail or something else because file can get large
How do you view the SELinux labels on files, folder, etc.?
ls -lZ (cap Z) will show those lables or ps auxZ (cap Z)
What does the restorecon command do?
Allows you to put file or folder context back to what it is supposed to be by default
How do you view the status of App Armor?
apparmor_status
What three packages are necessary to install apparmor?
AppArmor packege, Profile and apparmor utility
How do you configure apparmor?
You can configure the files in the apparmor.d folder. & edit these three AppArmor packege, Profile and apparmor utility to configure further
What are the two mode of app armor?
complain & enforce
How would you change the behaviour of apparmor ?
Can be changed in the /etc/apparmor.d/tunables folder
What does aa-unconfined do?
Will list apps that are listing on a network port
How do you check for a apparmor profile?
Profiles are listed in the apparmor.d folder
How do you create a apparmor profile?
use the apparmor-util packege to use the aa-genprof.
aa-genprof {app_name} -> creates a profile
note.
Run and use app in question
- which {app_name} - allows you to view app path
- s to scan
- s to save
- f to finish
How do enforce a apparmor policy?
aa-{apparmor_mode} {profile_path}
- restart app systemctl restart {app_name}
- check in aa-unconfined which should show status
m
How do check if system is running firewalld ?
check firewalld services
run > systemctl status firewalld
How do you interact with firewalld?
use firewall command > firewall -cmd {option}
example. firewall -cmd –status
How do you view the list of firewall zones?
firewall -cmd –get-zones
How do you check the default firewalld zone?
firewall -cmd –get-default-zone
How do you list active firewalld zones?
firewall -cmd –get-active-zones
How do you create a firewalld zone?
firewall -cmd –permanent –new-zones={zonne_name}
firewall-cmd –reload
How do you attach a int to a zone?
navigate to file settings > /etc/sysconfig/network-scripts/{int_name} file and edit the ZONE settings, then restart int > systemctl restart network or systemctl restart firewalld
- confirm by running the following command: firewall-cmd –get-avtive-zones
How do you view the firewalld supported services ?
firewall-cmd –get-services
shows supported services and approved name - define at /usr/lib/firewall/services folder which will list xml files
How do you add a services to a zone?
firewall-cmd –zone={zone_name} –permanent –add-service=http
How do you view current allowed firewalld services?
firewall-cmd –list-services
How do you add a port to firewalld?
firewall-cmd –zone={zone_name} –permanent –add-port={port_name}/{tcp, udp, or blank for both}
to confirm run: firewall-cmd –permanent –list-ports
How do you check if the iptables is running?
systemctl status iptables
How do you configure iptables firewall?
to view use - iptables –list or
How do you create a iptable rules?
You can edit the config settings in /etc/sysconfig/iptables or use commands such as:
iptables -A INPUT -p {port} –dport {port name/number} -s {source} -j {action such as accept}
to save to disk use: iptable-save > /etc/sysconfig/iptables
How do you view the iptables statistics?
iptables -vnL –line which shows statistics for your configuration line
What are the different types of backup?
Differential backups - backups what changed doing last full backup. To restore you have to include last full backup and last differential backup
Incremental backup - backups what changed doing last full backup. then backups what change since last incremental backup. To restore you have to include last full backup then then each Incremental backup since last full backup
What is the TAR utility ?
Stands for Tape Archive, that allows you to do a backup:
tar {option/s} {filename-save/restore_location} {path to backup/restore}
Options: c -comprise x -extract v -sees output z -runs through gzip f -file name
What is DAR?
Disk Archive utility is a upgrade to TAR which allow all full, differential, and incremental backups.
to install: apt install dar
How do you run a full backup using DAR?
dar -R (recursive) {backup_target} -c {store_location/filename}
How do you run a differential backup using DAR?
dar -R (recursive) {backup_target} -c {store_location/filename} -A {fullbackup_path}
How do you run a incremental backup using DAR?
dar -R (recursive) {backup_target} -c {store_location/filename} -A {lastback_path}
How do you restore a backup using DAR?
dar -x {saved_backup_path} -w {saved_differential backup or incremental}
What is the DD utility ?
Is the Copy and Covert used to copy entire disk:
dd if={disk_path} of={output_file}
to restore reverse command: dd if={output_file} of={disk_path}
What is Kerberos?
An authentication service based on time-sensitive ticket-granting system. Used as a single sign-on method
Kerberos commands to note:
- kinit —Authenticates with Kerberos, granting the user a ticket granting ticket(TGT) if successful.
- kpassword —Changes the user’s Kerberos password.
- klist —Lists the user’s ticket cache.
- kdestroy —Clears the user’s ticket cache
List the steps to enable SSL/TLS in apache
- Generate self-signed certificate (OpenSSL, or obtain a certificate from an external authority)
- Download and install the mod_ssl package
- Open the /etc/httpd/conf.d/ssl.conf file for editing.
- Uncomment the Document Root and ServerName lines, then replace values as necessary.
- Ensure SSL Engine is set to on.
- Point SSL Certificate File to the path where certificate file is located.
- Point SSLCertificateKeyFile to the path where your private key file islocated.
- Restart Apache.
- Open a browser and verify that the site is presenting a certificate
How would you disable the use of Ctrl+Alt+Del and why ?
to prevent users from rebooting a system anddisrupting service availability. On systemd systems, you can mask ctrl-alt-del.target to disable Ctrl+Alt+Del functionality: systemctl maskctrl-alt-del.target
How would you enable the auditd service to ensure that records used in auditing are beingwritten to storage.
Use the aureport and ausearch commands to see auditing data.
Enter systemctl enable auditd to enable auditd at boot.
What is PAM
Pluggable Authentication Modules (PAM) define the underlying framework and centralized authentication method leveraged by authentication services like Kerberos and LDAP.
PAM configuration files are located in the /etc/pam.d/ directory,
The following is an example of a password policy directive: password required pam_cracklib.so retry=5
What are some things you can do using openssl?
- Generate public and private keys.
- Generate self-signed digital certificates in various formats.
- Generate digital certificates for other entities based on CSRs.
- Calculate hash values using various functions.
- Encrypt and decrypt data using various algorithms.
- Manage keys and certificates in a CA.
- And more.
The syntax of the openssl command is openssl [subcommand] [options]
The openssl command can be used interactively through one of several subcommands, or you can provide these subcommands and any options non-interactively.
