DOCSLIB.ORG

GL275 Enterprise Linux Network Services

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
GL275 Enterprise Linux Network Services EVALUATION COPY Unauthorized Reproduction or Distribution Enterprise Linux Network Prohibited Services Student Workbook EVALUATION COPY Unauthorized Reproduction GL275 ENTERPRISE LINUX NETWORK SERVICES RHEL7 SLES12 or Distribution The contents of this course and all its modules and related materials, including handouts to audience members, are copyright ©2017 Guru Labs L.C. No part of this publication may be stored in a retrieval system, transmitted or reproduced in any way, including, but not limited to, photocopy, photograph, magnetic, electronic or other record, without the prior written permission of Guru Labs. This curriculum contains proprietary information which is for the exclusive use of customers of Guru Labs L.C., and is not to be shared with personnel other than those in attendance at this course. This instructional program, including all material provided herein, is supplied without any guarantees from Guru Labs L.C. Guru Labs L.C. assumes no liability for damages or legal action arising from Prohibited the use or misuse of contents or details contained herein. Photocopying any part of this manual without prior written consent of Guru Labs L.C. is a violation of federal law. This manual should not appear to be a photocopy. If you believe that Guru Labs training materials are being photocopied without permission, please email [email protected] or call 1-801-298-5227. Guru Labs L.C. accepts no liability for any claims, demands, losses, damages, costs or expenses suffered or incurred howsoever arising from or in connection with the use of this courseware. All trademarks are the property of their respective owners. Version: GL275S-R7S12-L04 EVALUATION COPY Unauthorized Reproduction or Distribution Prohibited Table of Contents Chapter 1 EVALUATIONChapter 3 COPY SECURING SERVICES 1 DNS CONCEPTS 1 Xinetd 2 Naming Services 2 Xinetd Connection Limiting and Access Control 4 DNS – A Better Way 3 Xinetd: Resource limits,Unauthorized redirection, logging 5 The Domain Name Space 4 TCP Wrappers 6 Delegation and Zones 6 The /etc/hosts.allow & /etc/hosts.deny Files 7 Server Roles 7 /etc/hosts.{allow,deny} Shortcuts 8 Resolving Names 8 Advanced TCP Wrappers 9 Resolving IP Addresses 10 SUSE Basic Firewall Configuration 11 Basic BIND Administration 12 FirewallD 12 Configuring the Resolver 13 Netfilter: Stateful Packet Filter Firewall 13 Testing Resolution 15 Netfilter Concepts 14 Lab Tasks 17 Using the iptables Command Reproduction 15 1. Configuring a Slave Name Server 18 Netfilter Rule Syntax 17 Targets 18 Chapter 4 Common match_specs 20 CONFIGURING BIND 1 Extended Packet Matching Modules 21 BIND Configuration Files 2 Connection Tracking 23 named.conf Syntax 3 Lab Tasks 24 named.conf Options Block 4 1. Securing xinetd Services 25 Creating a Site-Wide Cache 6 2. Enforcing Security Policy with xinetd 29 rndc Key Configuration 7 3. Securing Services with TCP Wrappers 32or Zones In named.conf 9 4. Securing Services with SuSEfirewall2 [S12] 36 DistributionZone Database File Syntax 11 5. Securing Services with Netfilter 40 SOA – Start of Authority 12 6. FirewallD [R7] 46 A, AAAA, & PTR – Address & Pointer Records 14 7. Troubleshooting Practice 53 NS – Name Server 16 TXT, CNAME, & MX – Text, Alias, & Mail Host 17 Chapter 2 SRV – SRV Service Records 19 SELINUX AND LSM 1 Abbreviations and Gotchas 21 AppArmor 2 $GENERATE, $ORIGIN, and $INCLUDE 23 SELinux Security Framework 3 Lab Tasks Prohibited 25 Choosing an SELinux Policy 5 1. Use rndc to Control named 26 SELinux Commands 7 2. Configuring BIND Zone Files 28 SELinux Booleans 8 SELinux Policy Tools 9 Chapter 5 Lab Tasks 11 CREATING DNS HIERARCHIES 1 1. Exploring AppArmor Modes [S12] 12 Subdomains and Delegation 2 2. SELinux File Contexts [R7] 16 Subdomains 3 Delegating Zones 4 in-addr.arpa. Delegation 5 ii Issues with in-addr.arpa. 6 3. Configuring Virtual Hosts 29 RFC2317 & in-addr.arpa. 7 Lab Tasks EVALUATION8 Chapter 8 COPY 1. Create a Subdomain in an Existing Domain 9 APACHE SECURITY 1 2. Subdomain Delegation 14 Virtual Hosting Security Implications 2 Unauthorized Delegating Administration 3 Chapter 6 Directory Protection 4 ADVANCED BIND DNS FEATURES 1 Directory Protection with AllowOverride 6 Address Match Lists & ACLs 2 Common Uses for .htaccess 7 Split Namespace with Views 3 Symmetric Encryption Algorithms 8 Restricting Queries 4 Asymmetric Encryption Algorithms 9 Restricting Zone Transfers 5 Digital Certificates 10 Running BIND in a chroot 6 TLS Using mod_ssl.so 11 Dynamic DNS Concepts 7 Lab Tasks 13 Allowing Dynamic DNS Updates Reproduction 8 1. Using .htaccess Files 14 DDNS Administration with nsupdate 9 2. Using TLS Certificates with Apache 19 Common Problems 10 3. Use SNI and TLS with Virtual Hosts 25 Common Problems 11 Securing DNS With TSIG 12 Chapter 9 Lab Tasks 14 APACHE SERVER-SIDE SCRIPTING ADMINISTRATION 1 1. Configuring Dynamic DNS 15 Dynamic HTTP Content 2 2. Securing BIND DNS 18 PHP: Hypertext Preprocessor 3 Developer Tools for PHP 4 Chapter 7 or Installing PHP 5 USING APACHE 1 Configuring PHP 7 HTTP Operation 2DistributionSecuring PHP 8 Apache Architecture 3 Security Related php.ini Configuration 9 Dynamic Shared Objects 5 Java Servlets and JSP 10 Adding Modules to Apache 6 Apache's Tomcat 11 Apache Configuration Files 8 Installing Java SDK 12 httpd.conf – Server Settings 10 Installing Tomcat Manually 14 httpd.conf – Main Configuration 12 Using Tomcat with Apache 15 HTTP Virtual Servers 13 Lab Tasks 16 Virtual Hosting DNS Implications 14 1. CGI ScriptsProhibited in Apache 17 httpd.conf – VirtualHost Configuration 15 2. Apache's Tomcat 24 Port and IP based Virtual Hosts 16 3. Using Tomcat with Apache 26 Name-based Virtual Host 17 4. Installing Applications with Apache and Tomcat 30 Apache Logging 18 Log Analysis 19 Chapter 10 The Webalizer 20 IMPLEMENTING AN FTP SERVER 1 Lab Tasks 21 The FTP Protocol 2 1. Apache Architecture 22 Active Mode FTP 3 2. Apache Content 27 Passive Mode FTP 4 iii ProFTPD 6 Chapter 13 Pure-FTPd 8 LDAP CONCEPTS AND CLIENTS 1 vsftpdEVALUATION 9 LDAP: History COPY and Uses 2 Configuring vsftpd 10 LDAP: Data Model Basics 3 Anonymous FTP with vsftpd 12 LDAP: Protocol Basics 5 Lab Tasks Unauthorized 13 LDAP: Applications 6 1. Configuring vsftpd 14 LDAP: Search Filters 7 LDIF: LDAP Data Interchange Format 8 Chapter 11 OpenLDAP Client Tools 10 THE SQUID PROXY SERVER 1 Alternative LDAP Tools 12 Squid Overview 2 Lab Tasks 13 Squid File Layout 3 1. Querying LDAP 14 Squid Access Control Lists 4 Applying Squid ACLs 5 Chapter 14 Tuning Squid & Configuring Cache HierarchiesReproduction 7 OPENLDAP SERVERS 1 Bandwidth Metering 8 Popular LDAP Server Implementations 2 Monitoring Squid 9 OpenLDAP: Server Architecture 3 Proxy Client Configuration 10 OpenLDAP: Backends 4 Lab Tasks 12 OpenLDAP: Replication 5 1. Installing and Configuring Squid 13 Managing slapd 6 2. Squid Cache Manager CGI 17 OpenLDAP: Configuration Options 7 3. Proxy Auto Configuration 19 OpenLDAP: Configuration Sections 8 4. Configure a Squid Proxy Cluster 21 OpenLDAP: Global Parameters 9 or OpenLDAP: Database Parameters 11 Chapter 12 OpenLDAP Server Tools 13 SQL FUNDAMENTALS AND MARIADB 1 DistributionNative LDAP Authentication and Migration 14 Popular SQL Databases 2 Enabling LDAP-based Login 15 SELECT Statements 3 System Security Services Daemon (SSSD) 17 INSERT Statements 4 Lab Tasks 19 UPDATE Statements 5 1. Building An OpenLDAP Server 20 DELETE Statements 6 2. Enabling TLS For An OpenLDAP Server 25 JOIN Clauses 7 3. Enabling LDAP-based Logins 28 MariaDB 9 MariaDB Installation and Security 10 Chapter 15 Prohibited MariaDB User Account Management 12 SAMBA CONCEPTS AND CONFIGURATION 1 MariaDB Replication 13 Introducing Samba 2 Lab Tasks 14 NetBIOS and NetBEUI 3 1. SQL with Sqlite3 15 Samba Daemons 4 2. Installing and Securing MariaDB 23 Accessing Windows/Samba Shares from Linux 5 3. Creating a Database in MariaDB 27 Samba Utilities 6 4. Create a Database Backed Application 36 Samba Configuration Files 8 The smb.conf File 10 Mapping Permissions and ACLs 12 iv Mapping Linux Concepts 13 Logfile Analysis 18 Mapping Users 15 Postfix, Relaying and SMTP AUTH 19 Sharing Home DirectoriesEVALUATION16 SMTP AUTHCOPYServer and Relay Control 22 Sharing Printers 17 SMTP AUTH Clients 23 Share Authentication 18 Postfix / TLS 24 Share-Level AccessUnauthorized 19 TLS Server Configuration 25 User-Level Access 20 Postfix Client Configuration for TLS 27 Samba Account Database 21 Other TLS Clients 28 User Share Restrictions 23 Ensuring TLS Security 29 Lab Tasks 24 Lab Tasks 30 1. Samba Share-Level Access 25 1. Configuring Postfix 31 2. Samba User-Level Access 32 2. Postfix Virtual Host Configuration 38 3. Samba Group Shares 37 3. Postfix Network Configuration 42 4. Handling Symbolic Links with Samba 44 4. Postfix SMTP AUTH Configuration 47 5. Samba Home Directory Shares Reproduction 49 5. Postfix STARTTLS Configuration 52 6. SUSE Postfix Configuration Cleanup [S12] 57 Chapter 16 SMTP THEORY 1 Chapter 18 SMTP 2 MAIL SERVICES AND RETRIEVAL 1 SMTP Terminology 3 Filtering Email 2 SMTP Architecture 4 Procmail 4 SMTP Commands 5 SpamAssassin 6 SMTP Extensions 6 Bogofilter 8 SMTP AUTH or 7 amavisd-new Mail Filtering 10 SMTP STARTTLS 8 Accessing Email 12 SMTP Session 9DistributionThe IMAP4 Protocol 13 Dovecot POP3/IMAP Server 14 Chapter 17 Cyrus IMAP/POP3 Server 16 POSTFIX 1 Cyrus IMAP MTA Integration 18 Postfix Features 2 Cyrus Mailbox Administration 20 Postfix Architecture 3 Fetchmail 22 Postfix Components 4 Roundcube Webmail 23 Postfix Configuration 5 Mailing Lists 24 master.cf 7 GNU MailmanProhibited 25 main.cf 8 Mailman Configuration 26 Postfix Map Types 9 Lab Tasks 28 Postfix Pattern Matching 10 1. Configuring Procmail & SpamAssassin 29 Advanced Postfix Options 11 2. Configuring Cyrus IMAP 36 Virtual Domains 12 3. Dovecot TLS Configuration 45 Postfix Mail Filtering 13 4. Configuring Roundcube 51 Configuration Commands 14 5. Base Mailman Configuration 57 Management Commands 16 6.
Load more

Recommended publications
  • SNMP Trap - Firewall Rules
    SNMP Trap - Firewall Rules Article Number: 87 | Rating: 1/5 from 1 votes | Last Updated: Wed, Jan 13, 2021 at 4:42 PM Fir e wall Rule s These steps explain how to check if the Operating System (OS) of the Nagios server has firewall rules enabled to allow inbound SNMP Trap UDP port 162 traffic. The different supported OS's have different firewall commands which are explained as follows. You will need to establish an SSH session to the Nagios server that is receiving SNMP Traps. RHEL 7/8 | C e nt O S 7/8 | O r ac le Linux 7/8 First check the status of the firewall: systemctl status firewalld.service IF the firewall is running , it should product output like: ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2018-11-20 10:05:15 AEDT; 1 weeks 0 days ago Docs: man:firewalld(1) Main PID: 647 (firewalld) CGroup: /system.slice/firewalld.service └─647 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid IF the firewall is NO T running, it will produce this output: ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: inactive (dead) since Tue 2018-11-27 14:11:34 AEDT; 965ms ago Docs: man:firewalld(1) Main PID: 647 (code=exited, status=0/SUCCESS) If the firewall is NOT running, this means that inbound traffic is allowed. To ENABLE the firewall on b o o t and to s ta rt it, execute the following commands: systemctl
    [Show full text]
  • Firewalld ↔ Iptables (Continued)
    firewalld ↔ iptables (continued) Or, better said as, Understanding Linux Firewall Changes and Tools A firewall evolution and system management process Presented to SLUUG By David Forrest August 9, 2017 Bio I am David Forrest, a businessman in the housing and construction materials industry. Always keen to use the open and supportable solution even if it means getting my hands dirty. I was there, I did that, I have the t-shirt. And, I'm retired so now I can work on the “bleeding edge” - so on to the testing kernel! Why tonight? Why should we switch to firewalld? I felt a continuation was in order to address the problems that are caused by the virtual world and the interaction of processes within today's machines. Our various distributions seem to be jumping to the systemd init setup as it appears to offer better administration control to Linux Kernel machines. Firewalld just one of many efforts to see the future. In recent years, operating system virtualization has taken the industry by storm. But I'm still on CentOS7 and it uses firewalld as its default firewall along with systemd https://wiki.debian.org/Debate/initsystem/systemd firewalld It's a daemon and a command line interface to all the backends! One can start it as a service with a default setup and change it dynamically with a command line or with the daemon using D-Bus or NetworkManager. And with the new nftables release, we'll be able to combine several rules in one rich rule. The firewalld Architecture Firewalld and nft Systems have also moved toward Software Defined Networking (SDN) and system density has increased.
    [Show full text]
  • Red Hat Enterprise Linux 7 Firewalld Howto
    Red Hat Enterprise Linux 7 Firewalld HowTo Patrick Ladd Technical Account Manager, Red Hat [email protected] What Is firewalld? • Dynamic, modern control of system firewall functions • Still iptables underneath • Major features; – Real time rule changes without interruption – Zones to simplify and segregate configuration – Separate network traffic & rules by interface and zone – GUI that works – System configs in /usr/lib/firewalld/* – Custom configs in /etc/firewalld/* – Daemon runs in user space – Protocol independent: IPv4 & IPv6 Zones ● Manages groups of rules ● Dictate what traffic should be allowed – Based on level of trust in connected network(s) – Based on origin of packet ● Network interfaces are assigned a zone Default Pre-Defined Zones ● drop Drop all incoming traffic unless related to outgoing traffic (do not even respond with ICMP errors). ● block Reject all incoming traffic unless related to outgoing traffic. ● dmz Reject incoming traffic unless related to outgoing traffic or matching the ssh pre-defined service. ● external Reject incoming traffic unless related to outgoing traffic or matching the ssh pre-defined service. Outgoing IPv4 traffic forwarded through this zone is masqueraded to look like it originated from the IPv4 address of the outgoing network interface. Default Pre-Defined Zones ● public Reject incoming traffic unless related to outgoing traffic or matching the ssh, or dhcpv6-client pre-defined services. The default zone for newly-added network interfaces. ● work Reject incoming traffic unless related to outgoing traffic or matching the ssh, ipp-client, ordhcpv6-client pre- defined services. Default Pre-Defined Zones ● internal Reject incoming traffic unless related to outgoing traffic or matching the ssh, mdns, ipp-client, samba-client, or dhcpv6-client pre-defined services.
    [Show full text]
  • The Next Generation Firewall for Red Hat Enterprise Linux 7 RC Thomas Graf Red Hat Agenda
    The Next Generation Firewall for Red Hat Enterprise Linux 7 RC Thomas Graf Red Hat Agenda ● FirewallD – Firewall Management as a Service ● Kernel – New Filtering Capabilities ● Nftables – A Look Ahead FirewallD Firewall Management as a Service Existing Packet Filtering Architecture User iptables ip6tables ebtables Land Kernel Netfilter IPv4 IPv6 Bridge Protocol dependent packet filter and utilities Firewall Management as a Service Application Reports User Interface Direct Graphical Access CLI FirewallD IPv4 IPv6 Bridge FirewallD – Features • Unified firewall management as a service • No service disruptions during rule updates • Firewall zones • D-Bus interface • Runtime & permanent configuration • Graphical & console user interface • Direct access FirewallD – Policy Abstraction Policy Zone FirewallD – Zone Policy • Default policy • Enabled services • Rich rules • Masquerading • Port forwarding • ICMP filter FirewallD – Graphical User Interface FirewallD – Command Line Interface • Add interface “eth0” to zone “public” permanently: # firewall-cmd --permanent --zone=internal --add-interface=eth0 • List enabled services: # firewall-cmd --zone=public --list-services RHEL7 Netfilter Kernel Changes Scaling of Legacy Applications (xt_cpu) 80 8080 CPU 1 App #1 on 8080 REDIRECT 80 8081 RSS CPU 2 App #2 on 8081 REDIRECT 80 808n CPU n App #n on 808n REDIRECT # iptables -t nat -A PREROUTING -p tcp --dport 80 \ -m cpu --cpu 0 -j REDIRECT --to-port 8080 # iptables -t nat -A PREROUTING -p tcp --dport 80 \ -m cpu --cpu 1 -j REDIRECT --to-port 8081 Connection
    [Show full text]
  • Dirección De Posgrado Y Formación Continua
    ESCUELA SUPERIOR POLITÉCNICA AGROPECUARIA DE MANABÍ MANUEL FÉLIX LÓPEZ DIRECCIÓN DE POSGRADO Y FORMACIÓN CONTINUA INFORME DE TRABAJO DE TITULACIÓN PREVIA LA OBTENCIÓN DEL TÍTULO DE MAGÍSTER EN TECNOLOGÍAS DE LA INFORMACIÓN MENCIÓN EN REDES Y SISTEMAS DISTRIBUIDOS MODALIDAD: PROYECTO DE INVESTIGACIÓN Y DESARROLLO TEMA: ACCESO A REDES INALÁMBRICAS DE LA ESPAM MFL MEDIANTE UN SERVIDOR RADIUS AUTOR: JOSÉ RUBÉN LOOR ANCHUNDIA PORTADA TUTOR: ING. JOFFRE RAMÓN MOREIRA PICO, M.Sc, COTUTOR: ING. JAVIER HERNÁN LÓPEZ ZAMBRANO, M.Sc, CALCETA, SEPTIEMBRE 2019 ii DERECHOS DE AUTORÍA JOSÉ RUBÉN LOOR ANCHUNDIA, declaro bajo juramento que el trabajo aquí descrito es de mi autoría, que no ha sido previamente presentado para ningún grado o calificación profesional, y que he consultado las referencias bibliográficas que se incluyen en este documento. A través de la presente declaración cedo los derechos de propiedad intelectual a la Escuela Superior Politécnica Agropecuaria de Manabí Manuel Félix López, según lo establecido por la Ley de Propiedad Intelectual y su Reglamento. ______________________________ JOSÉ RUBÉN LOOR ANCHUNDIA iii CERTIFICACIÓN DE TUTOR ING. JOFFRE RAMÓN MOREIRA PICO, M.Sc, certifica haber tutelado el trabajo de titulación, que ha sido desarrollada por JOSÉ RUBÉN LOOR ANCHUNDIA, previa la obtención del título de Magister en Tecnologías de la Información con mención en Redes y Sistemas Distribuidos de acuerdo al REGLAMENTO DE LA UNIDAD DE TITULACIÓN DE PROGRAMAS DE POSGRADO de la Escuela Superior Politécnica Agropecuaria de Manabí Manuel
    [Show full text]
  • List of Versions Added in ARL #2588
    List of versions added in ARL #2588 Publisher Product Version 1E Nomad Branch 7.0 45RPM software MailRaider 3.60 45RPM software MailRaider 3.22 Acesoft Tracks Eraser Pro 8.7 Acqualia Software Soulver 3.4 activePDF activePDF Toolkit 7.1 Acuant Software Developers Kit 10.08 Adlice Software RogueKiller 12.1 Adlice Software RogueKiller 13.1 Adobe Creative Cloud Desktop Application 5.4 Adobe Flash Player PPAPI 34.0 Adobe UXP Developer Tool Unspecified Adobe Experience Manager forms 10.0 Aide CAD Systems Aide PDF to DXF Converter 10.0 ALK Technologies PC*MILER|Rail 23.0 ALK Technologies PC*MILER|Rail 24.0 ALK Technologies PC*MILER|Rail 25.0 ALK Technologies PC*MILER|Rail 26.0 Alsoft DiskWarrior 5.2 Altium Designer SOLIDWORKS 2.1 Altus Group ARGUS Developer Unspecified Amazon system-release 2 Amazon man-pages 3.5 Amazon ed 3.1 Amazon pcre2 8.3 Andreas Hegenberg BetterTouchTool 3.400 Andritz IDEAS 6.5 Antibody Software WizTree 3.3 aONe Keka 1.2 Apache Software Foundation Hive Metastore Unspecified Apple CFNetwork 902.1 Apple CFNetwork 902.3 Apple Scripting Bridge 1.3 Apple System Image Utility 10.13 Apple CalendarUI 14.6 Apple Ruby for Mac 10.5 Apple Xcode 12.0 Apple AirPort Utility 17.0 Apple Xcode 11.7 Apple Xcode 12.3 Apple Directory Utility for Mac 5.0 Apple Pages Mobile 10 Apple iMovie 10.2 Apple Compressor 4.5 Apple PhotosUI 1.0 Apple WebKit 136 Apple WebKit 146 Applied Computer Services Timer Pro NET 19.0 ARES PRISM PRISM G2 45.1 Aspect Software Prophecy platform 20.0 Aspect Software Workforce Management Advanced Modules 18.2 Aspect Software
    [Show full text]
  • Lenovo Big Data Validated Design for Cloudera Enterprise on Thinksystem SR655 and SR635 Servers
    Lenovo Big Data Validated Design for Cloudera Enterprise on ThinkSystem SR655 and SR635 Servers Last update: 28 June 2021 Version 1.3 Reference architecture for Solution based on the Cloudera Enterprise with Apache ThinkSystem SR635/SR655 server Hadoop and Apache Spark with AMD CPU inside Deployment considerations for Solution based on ThinkSystem scalable racks including detailed SR655 compute node with storage validated bills of material pool Xiaotong Jiang (Lenovo) Xifa Chen (Lenovo) Ajay Dholakia (Lenovo) Weixu Yang (Lenovo) Dan Kangas (Lenovo) Lenovo Big Data Validated Design for Cloudera Enterprise on ThinkSystem SR655 and 1 SR635 Servers Table of Contents 1 Introduction ............................................................................................... 4 2 Business problem and business value ................................................... 5 3 Requirements ............................................................................................ 7 Functional Requirements ......................................................................................... 7 Non-functional Requirements................................................................................... 7 4 Architectural Overview ............................................................................. 8 Cloudera Enterprise ................................................................................................. 8 Bare-metal Cluster ................................................................................................... 8
    [Show full text]
  • Red Hat Enterprise Linux 8 Securing Networks
    Red Hat Enterprise Linux 8 Securing networks Configuring secured networks and network communication Last Updated: 2021-09-16 Red Hat Enterprise Linux 8 Securing networks Configuring secured networks and network communication Legal Notice Copyright © 2021 Red Hat, Inc. The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/ . In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version. Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries. Linux ® is the registered trademark of Linus Torvalds in the United States and other countries. Java ® is a registered trademark of Oracle and/or its affiliates. XFS ® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries. MySQL ® is a registered trademark of MySQL AB in the United States, the European Union and other countries. Node.js ® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
    [Show full text]
  • Installing Firewalld
    CHAPTER 40. FIREWALLS 1 Lab 40.1: Installing firewalld While most recent Linux distributions have the firewalld package (which includes the firewall-cmd multi-purpose utility) available, it might not be installed on your system. First you should check to see if it is already installed, with $ which firewalld firewall-cmd /usr/sbin/firewalld /usr/bin/firewall-cmd If you fail to find the program, then you need to install with one of the following, depending on your distribution in the usual way: $ sudo yum install firewalld $ sudo zypper install firewalld $ sudo apt-get install firewalld If this fails, the firewalld package is not available for your distribution. For example, this will be the case for the older RHEL6/CentOS6 distributions. In this case you will have to install from source. To do this, go to https://fedorahosted.org/firewalld/ and you can get the git source repository, but it is much easier to download the most recent tarball (firewalld-0.3.13.tar.bz2 as of this writing.) Then you have to follow the common procedure for installing from source: $ tar xvf firewalld-0.3.13.tar.bz2 $ cd firewalld-0.3.13 $ ./configure $ make $ sudo make install Note this source also has an uninstall target: $ sudo make uninstall in case you have regrets. You will have to deal with any inadequacies that come up in the ./configure step, such as missing libraries etc. When you install from a packaging system, the distribution takes care of this for you, but from source it can be problematic. If you have run the Linux Foundation's ready-for.sh script on your system, you are unlikely to have problems.
    [Show full text]
  • JA SÄHKÖTEKNIIKAN TIEDEKUNTA Arttu Vuosku
    TIETO- JA SÄHKÖTEKNIIKAN TIEDEKUNTA Arttu Vuosku Kotipalomuurien tietoturva Kandidaatintyö Tietotekniikan tutkinto-ohjelma 2021 Vuosku. (2021) Kotipalomuurien tietoturva. Oulun yliopisto, tietotekniikan tutkinto-ohjelma. Kandidaatintyö, 33 s. TIIVISTELMÄ Kotiverkko on herkkä kohde rikollisuudelle ja vakoilulle. Palomuuri on yksi keino suojata verkkoja virustorjuntaohjelmien ohella. Se on järjestelmä, joka sijaitsee kahden verkon rajalla ja kaiken liikenteen tulee kulkea sen läpi. Käyttäjä voi konfiguroida palomuuriin itse sopivia sääntöjä. Kotiverkon uhkia ovat madot, murtautumiset, haittaohjelmat ja palvelunestohyökkäykset. Työssä tutustuttiin erilaisiin palomuurityyppeihin ja tietoturva-aukkojen eli haavoittuvuuksien löytämiskeinoihin. Työssä testattiin pfSense-palomuuria kotikäytössä ja arvioitiin sen käytettävyyttä konfiguroimalla siihen erilaisia sääntöjä. Lisäksi etsittiin avoimia portteja oman asiakasohjelmiston avulla ja tutkittiin kotiverkon haavoittuvuuksia Nessus Essentials Vulnerability Scanner -ohjelmiston avulla. Tuloksissa huomattiin, että pfSense ei ole välttämättä helppokäyttöisin vaihtoehto kotikäyttäjälle, koska se vaatii käyttäjältä perehtymistä. Kotiverkosta ei löydetty kriittisiä haavoittuvuuksia. Työn kokeellisessa osassa selvitettiin, kuinka kotiverkkojen tietoturvaa voisi kehittää tehokkaasti ja ehkäistä mahdollisia uhkia parhaiten. Avainsanat: palomuuri, kotiverkko, haavoittuvuus, uhka Vuosku A. (2021) The security of home firewalls. University of Oulu, Degree Programme in Computer Science and Engineering. Bachelor’s
    [Show full text]
  • Oracle® Linux 8 Configuring the Firewall
    Oracle® Linux 8 Configuring the Firewall F20786-06 July 2021 Oracle Legal Notices Copyright © 2019, 2021 Oracle and/or its affiliates. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs) and Oracle computer documentation or other Oracle data delivered to or accessed by U.S. Government end users are "commercial computer software" or "commercial computer software documentation" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, reproduction, duplication, release, display, disclosure, modification, preparation of derivative works, and/or adaptation of i) Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs), ii) Oracle computer documentation and/or iii) other Oracle data, is subject to the rights and limitations specified in the license contained in the applicable contract.
    [Show full text]
  • Zadání Bakalářské Práce
    ČESKÉ VYSOKÉ UČENÍ TECHNICKÉ V PRAZE FAKULTA INFORMAČNÍCH TECHNOLOGIÍ ZADÁNÍ BAKALÁŘSKÉ PRÁCE Název: Porovnání systémů pro pokročilou správu připojení k síti Student: Ondřej Lauer Vedoucí: Ing. Viktor Černý Studijní program: Informatika Studijní obor: Informační technologie Katedra: Katedra počítačových systémů Platnost zadání: Do konce letního semestru 2017/18 Pokyny pro vypracování Prozkoumejte oblast NAC (Network Access Control) softwaru. Zaměřte se na NAC software, který lze použít pro kabelovou i bezdrátovou komunikaci. Porovnejte dostupná open source řešení s komerčními. Diskutujte možnosti nasazení ve fakultní síti se správcem fakultní sítě a zvolte nejvhodnější alternativu nasazení Zvolenou alternativu NAC softwaru nasaďte v kontrolované části fakultní sítě a analyzujte přínosy a nedostatky zvoleného řešení. Seznam odborné literatury Dodá vedoucí práce. prof. Ing. Róbert Lórencz, CSc. prof. Ing. Pavel Tvrdík, CSc. vedoucí katedry děkan V Praze dne 1. prosince 2016 České vysoké učení technické v Praze Fakulta informačních technologií Katedra počítačových systémů Bakalářská práce Porovnání systémů pro pokročilou správu připojení k síti Ondřej Lauer Vedoucí práce: Ing. Viktor Černý 2. května 2017 Poděkování Rád bych poděkoval vedoucímu své bakalářské práce Ing. Viktorovi Černému za odborné vedení, za pomoc a rady při zpracování této práce. Dále bych rád poděkoval svému oponentovi, Ing. Martinovi Bílému, za ochotu a pomoc při vytváření testovacího prostředí a při implementaci výsledného řešení. Prohlášení Prohlašuji, že jsem předloženou práci vypracoval(a) samostatně a že jsem uvedl(a) veškeré použité informační zdroje v souladu s Metodickým pokynem o etické přípravě vysokoškolských závěrečných prací. Beru na vědomí, že se na moji práci vztahují práva a povinnosti vyplývající ze zákona č. 121/2000 Sb., autorského zákona, ve znění pozdějších předpisů.
    [Show full text]