Lesson 12: Securing Linux Systems

Question 1

What is the CIA triad?

Answer 1

Every implanted security practice should be improving on of these: Confidentiality, Integrity, Availability

Question 2

What command creates a boundary around a application to prevent cyberattacks?

Answer 2

Change root - commands chroot, create what is called a jail/boundary around a application

The syntax of the chroot command is chroot [options] {new root directory} [command]

Question 3

How would you protect your logs?

Answer 3

Setup file auditing. Once audit is step you can configure in /etc/audit to protect syslog stored in /var/log and send to another location.

Question 4

How can you protect your data if your physical computer is stolen?

Answer 4

Use encryption which creates a key the converts your data to cipher text

Question 5

What is hashing?

Answer 5

Hashing deals with data integrity, to make sure data has not been tampered with

note.

Hashing takes the data, runs it through a mathematical formula that uses a key / algorithm to create a digest (like summary data) which would be compared to pull digest

Question 6

How would encrypt the whole disk

Answer 6

LUKS - Linux Unified Key Setup allows you to encrypt the full disk by generating a managed key store

to encryt disk using luks use the cryptsetup command

cryptsetup –verbose –verify-passphrase luksFormat {disk_path}

verbose allow you to see whats happing as it happens

before data is copied to a encrypted disk you have to make sure it is mounted to unlock it

to mount and formate cryptsetup luksOpen {disk_path} {mount_name}

Then set file system mkfs.xfs /dev/mapper/{disk_mount_name}

then mount using mount command -> mount /dev/mapper/{disk_mount_name} /mnt/{folder_name}

Question 7

What does the shred command do?

Answer 7

Shred command, will go through and write ones and zeroes to the disk to override any magnetic signature or crusty data on a disk. shred -v –iterations=3 {disk_path}

Question 8

What is obfuscation?

Answer 8

The act of not securing something but hiding it - security theater

Question 9

Where can you find ssh configurations?

Answer 9

The root folder is /etc/ssh :

/ssh_config file is for client configuration
/sshd_config file is for sever configurations

Question 10

What are some ways to secure sshd?

Answer 10

• Change listening address
• use latest version (ssh version 2 use stronger encryption a larger key)
• in the ssh_config file require public keys to be in /ssh/known_host - enable “strict host key checking”
• add line in config file “protocol 2” to force the use of version 2 (systemctl restart sshd to make sure changes are applied)
• generate new keys: r

m * key* to remove existing keys
systemctl stop sshd
inside the ssh folder run ssh-keygen -t(type of key) rsa -f(where to place key) /etc/ssh/{use same file name}

note.

keys are based on /dev/random or urandom which may have som predictable sequences or pre generated keys that are installed on the insallintion media

Question 11

Why would you store a fingerprint onto a client?

Answer 11

To know you’re connecting to a trusted server.

You can add in the .ssh folder in the home dir.
should be added to a text file /known host - contains public key of each host you trust

ssh-keyscan {server_location}&raquo_space; ~/.ssh/known_hosts
takes output / public key from servers and places key in host file

Question 12

How do you make sure all newly created users have the public keys?

Answer 12

place /known_hosts (public keys) file into the /etc/skel/.ssh folder

for exsisting users you will have to add manuel to the known_hosts file (be sure to append)

Question 13

How do you view the ssh public key?

Answer 13

use ssh-keygen -lf {public key location} -E{algorithm (md5, sha, etc)}

Question 14

What is SE Linux?

Answer 14

SELinux - Security Enhance Linux created by the NSA. Which has three modes detect inappropriate access - disable , permissive (keeps logs of access), enforcing (keeps log and prevents access), disable

Question 15

How do you see if you are running SELinux?

Answer 15

Use comman sestatus - shows status, mount location, modes

Question 16

How do you change SELinux role?

Answer 16

setenforce {enforce_level}

Question 17

How do you chang SELinux boot mode?

Answer 17

Edit config file at /etc/selinux/config

Question 18

How do you view selinux logs?

Answer 18

It is located in the var/log/audit/audit.log file

better to us tail or something else because file can get large

Question 19

How do you view the SELinux labels on files, folder, etc.?

Answer 19

ls -lZ (cap Z) will show those lables or ps auxZ (cap Z)

Question 20

What does the restorecon command do?

Answer 20

Allows you to put file or folder context back to what it is supposed to be by default

Question 21

How do you view the status of App Armor?

Answer 21

apparmor_status

Question 22

What three packages are necessary to install apparmor?

Answer 22

AppArmor packege, Profile and apparmor utility

Question 23

How do you configure apparmor?

Answer 23

You can configure the files in the apparmor.d folder. & edit these three AppArmor packege, Profile and apparmor utility to configure further

Question 24

What are the two mode of app armor?

Answer 24

complain & enforce

Question 25

How would you change the behaviour of apparmor ?

Answer 25

Can be changed in the /etc/apparmor.d/tunables folder

Question 26

What does aa-unconfined do?

Answer 26

Will list apps that are listing on a network port

Question 27

How do you check for a apparmor profile?

Answer 27

Profiles are listed in the apparmor.d folder

Question 28

How do you create a apparmor profile?

Answer 28

use the apparmor-util packege to use the aa-genprof.

aa-genprof {app_name} -> creates a profile

note.

Run and use app in question

• which {app_name} - allows you to view app path
• s to scan
• s to save
• f to finish

Question 29

How do enforce a apparmor policy?

Answer 29

aa-{apparmor_mode} {profile_path}

• restart app systemctl restart {app_name}
• check in aa-unconfined which should show status

Question 30

m

Question 30

How do check if system is running firewalld ?

Answer 30

check firewalld services

run > systemctl status firewalld

Question 31

How do you interact with firewalld?

Answer 31

use firewall command > firewall -cmd {option}

example. firewall -cmd –status

Question 32

How do you view the list of firewall zones?

Answer 32

firewall -cmd –get-zones

Question 33

How do you check the default firewalld zone?

Answer 33

firewall -cmd –get-default-zone

Question 34

How do you list active firewalld zones?

Answer 34

firewall -cmd –get-active-zones

Question 35

How do you create a firewalld zone?

Answer 35

firewall -cmd –permanent –new-zones={zonne_name}

firewall-cmd –reload

Question 36

How do you attach a int to a zone?

Answer 36

navigate to file settings > /etc/sysconfig/network-scripts/{int_name} file and edit the ZONE settings, then restart int > systemctl restart network or systemctl restart firewalld

• confirm by running the following command: firewall-cmd –get-avtive-zones

Question 37

How do you view the firewalld supported services ?

Answer 37

firewall-cmd –get-services

shows supported services and approved name - define at /usr/lib/firewall/services folder which will list xml files

Question 38

How do you add a services to a zone?

Answer 38

firewall-cmd –zone={zone_name} –permanent –add-service=http

Question 39

How do you view current allowed firewalld services?

Answer 39

firewall-cmd –list-services

Question 40

How do you add a port to firewalld?

Answer 40

firewall-cmd –zone={zone_name} –permanent –add-port={port_name}/{tcp, udp, or blank for both}

to confirm run: firewall-cmd –permanent –list-ports

Question 41

How do you check if the iptables is running?

Answer 41

systemctl status iptables

Question 42

How do you configure iptables firewall?

Answer 42

to view use - iptables –list or

Question 43

How do you create a iptable rules?

Answer 43

You can edit the config settings in /etc/sysconfig/iptables or use commands such as:

iptables -A INPUT -p {port} –dport {port name/number} -s {source} -j {action such as accept}

to save to disk use: iptable-save > /etc/sysconfig/iptables

Question 44

How do you view the iptables statistics?

Answer 44

iptables -vnL –line which shows statistics for your configuration line

Question 45

What are the different types of backup?

Answer 45

Differential backups - backups what changed doing last full backup. To restore you have to include last full backup and last differential backup

Incremental backup - backups what changed doing last full backup. then backups what change since last incremental backup. To restore you have to include last full backup then then each Incremental backup since last full backup

Question 46

What is the TAR utility ?

Answer 46

Stands for Tape Archive, that allows you to do a backup:

tar {option/s} {filename-save/restore_location} {path to backup/restore}

Options:
c -comprise 
x -extract 
v -sees output
z -runs through gzip
f -file name

Question 47

What is DAR?

Answer 47

Disk Archive utility is a upgrade to TAR which allow all full, differential, and incremental backups.

to install: apt install dar

Question 48

How do you run a full backup using DAR?

Answer 48

dar -R (recursive) {backup_target} -c {store_location/filename}

Question 49

How do you run a differential backup using DAR?

Answer 49

dar -R (recursive) {backup_target} -c {store_location/filename} -A {fullbackup_path}

Question 50

How do you run a incremental backup using DAR?

Answer 50

dar -R (recursive) {backup_target} -c {store_location/filename} -A {lastback_path}

Question 51

How do you restore a backup using DAR?

Answer 51

dar -x {saved_backup_path} -w {saved_differential backup or incremental}

Question 52

What is the DD utility ?

Answer 52

Is the Copy and Covert used to copy entire disk:

dd if={disk_path} of={output_file}

to restore reverse command: dd if={output_file} of={disk_path}

Question 53

What is Kerberos?

Answer 53

An authentication service based on time-sensitive ticket-granting system. Used as a single sign-on method

Kerberos commands to note:

• kinit —Authenticates with Kerberos, granting the user a ticket granting ticket(TGT) if successful.
• kpassword —Changes the user’s Kerberos password.
• klist —Lists the user’s ticket cache.
• kdestroy —Clears the user’s ticket cache

Question 54

List the steps to enable SSL/TLS in apache

Answer 54

1. Generate self-signed certificate (OpenSSL, or obtain a certificate from an external authority)
2. Download and install the mod_ssl package
3. Open the /etc/httpd/conf.d/ssl.conf file for editing.
4. Uncomment the Document Root and ServerName lines, then replace values as necessary.
5. Ensure SSL Engine is set to on.
6. Point SSL Certificate File to the path where certificate file is located.
7. Point SSLCertificateKeyFile to the path where your private key file islocated.
8. Restart Apache.
9. Open a browser and verify that the site is presenting a certificate

Question 55

How would you disable the use of Ctrl+Alt+Del and why ?

Answer 55

to prevent users from rebooting a system anddisrupting service availability. On systemd systems, you can mask ctrl-alt-del.target to disable Ctrl+Alt+Del functionality: systemctl maskctrl-alt-del.target

Question 56

How would you enable the auditd service to ensure that records used in auditing are beingwritten to storage.

Answer 56

Use the aureport and ausearch commands to see auditing data.

Enter systemctl enable auditd to enable auditd at boot.

Question 57

What is PAM

Answer 57

Pluggable Authentication Modules (PAM) define the underlying framework and centralized authentication method leveraged by authentication services like Kerberos and LDAP.

PAM configuration files are located in the /etc/pam.d/ directory,

The following is an example of a password policy directive: password required pam_cracklib.so retry=5

Question 58

What are some things you can do using openssl?

Answer 58

• Generate public and private keys.
• Generate self-signed digital certificates in various formats.
• Generate digital certificates for other entities based on CSRs.
• Calculate hash values using various functions.
• Encrypt and decrypt data using various algorithms.
• Manage keys and certificates in a CA.
• And more.

The syntax of the openssl command is openssl [subcommand] [options]

The openssl command can be used interactively through one of several subcommands, or you can provide these subcommands and any options non-interactively.