So, because of some work that I am doing right now, I went ahead and skipped ahead to the module “Linux Security.” As I finished the module yesterday, I have to say, I throughly enjoyed it! We started out with the basics, then went deeper from there. I had a virtual machine running CentOS 5, so I was able to practice alot of the things we talked about. Here are a couple thoughts on things that we covered:
-The Power of the CLI (Command Line Interface): wow. I have never felt more comfortable at a cli. Watch for another post on the CLI–Specifically about piping.
-Syslog: I have always wanted to get a little bit more indepth on syslog, and here was my chance. We learned about how syslog is used to consolidate all your logs from your other servers, even your Windows servers; how to use rsyslog to securely transmit your logs via an encrypted TCP connection to your syslog server.
-Security: Many ways to harden a server, espically a internet-facing webserver:
-Kernal Hardening:
-Network Resource Hardening: Changing network parameters such as ignorning all pings that come from a broadcast address (mitigating a particular Denial of Service attack)
-System Resource Hardening: Limiting a users CPU cycles , how many processes he can run at a given time, how much memory he can use, etc.. This can help mitigate fork bombing, an attack that rapidly increases the number of running processes to lock up all the system resources.
-SELinux: Developed in conjunction with the NSA, SELinux is a kernel level role and policy based control–very difficult and time-consuming to integrate
-Warning Banners: Create a legally binding warning banner that the user has to accept before they can continue to use the system
-File Integrity Checkers: Use something like TripWire to generate checksums of critical system files of a pristine (new/clean) system; Email/Log alerts when checksums change, taking into account maintenance windows (when the files might have been validly changed because of system updates)
-chroot: Isolating the running user into a virtual root directory–Used for applications like Apache, etc..
I’ve got to get going, but I will write another post on the CLI: piping sometime soon.
Josh
Heck yes! cli & piping rocks the house – even on a Windows box. Just yesterday I had a text file with a list of ~120 computers that I needed sorted alphabetically. So I went to a prompt and typed:
sort systems.txt > systems_sort.txt & notepad systems_sort.txt
Instantaneously, I was looking at a text file with sorted computer names.