Review
24
Review • Security • Hardening • IPTables • SELinux
description
Review. Security Hardening IPTables SELinux. Today. Installations and updates Rpm command and packages Apache “Issue Ownership”. Installing Items. Several Different Ways Build from source works on all systems Download source code, unzip it, run ‘make file’ Compiles it on your system - PowerPoint PPT Presentation
Transcript of Review
Review
• Security• Hardening• IPTables• SELinux
Today
• Installations and updates– Rpm command and packages
• Apache• “Issue Ownership”
Installing Items
• Several Different Ways– Build from source works on all systems– Download source code, unzip it, run ‘make file’– Compiles it on your system– Annoying, time consuming, etc…
• Different distributions have ‘package managers’– Debian/Ubuntu – Apt-Get / dpkg– SuSE - YaST
CentOS/RHEL
• Online (aka, requires internet connection)– yum– yum install <package> # or update or….– VERY easy, very nice, I highly recommend it
• Offline (aka, no internet connection)– Must know package name– rpm (RedHat Package Manager)– Flags will then lead us to install, uninstall, update,
etc…
RPM Usage
• Simple installation– rpm -i <filename>– rpm -ivh <filename>
• List installed programs– rpm -qa #optional: <package>
• Uninstall program– rpm -ev <package>
• Notice difference between filename and package
RPM File Names
• An RPM filename will end in .rpm• The name will usually contain package, version,
OS version, and architecture• CentOS 5 Apache installation file • httpd-2.2.3-43.el5.i386.rpm– Package: httpd– Apache version: 2.2.3-43– OS version: ‘Enterprise Linux’ 5 (el5)– Architecture: i386 (Intel, 32-bit)
Complex Installations
• Some packages will require a ‘depdency’• A dependency is another install package– Possibly another program, possibly a library
• For example, to run the GNU C++ Compiler (g++), you have to have the GNU C Compiler installed (gcc)
• g++ has a dependency of gcc• rpm -R <package>
Failures
• Dependencies
• 2 packages, 2 libraries• Packages will most likely appear with that name• Libraries will have to be Google’d for
Library Packages
• libapr-1.so.0 – library package• In an offline install this will not show up as
libapr.rpm or any variation
Libapr-1.so.0
• Easily handled - apr package and apr-util packages contain the libapr and libapr-util libraries
• Go through each dependency from the top, install all the ones you can easily
• Then try to install the main packages and Google anything left over
Successful Install
• rpm -ivh apr-util-1.3.9-3.el6_0.1.x86_64.rpm
So We Can Use It
• We can see it in the output of rpm -qa httpd• Even more, we can use it
What Is A Web Server?
• “The hardware or software that delivers web content” –wikipedia
• Thanks, wikipedia, that’s helpful• Web server is a computer running– Windows OS & IIS application– Linux OS & Apache application– There are others, those are the big ones
• They hold the code files that make up web pages (facebook, Amazon, ESPN, etc…)
Apache Web Server
• “LAMP Stack” – Linux, Apache, MySQL, PHP– Everything you need to build a ‘feature-rich’
website (ESPN.com)• Config file in /etc/httpd/conf/httpd.conf• Contains ‘modules’ that help develop web site• Code files in /var/www– Expected to be ‘feature rich’
Apache Details
• Service named httpd (so we can control it by the services command or see it in ps)
• Starts about 8 processes named httpd• Sits “on top” of our networking scripts, opens
port 80 to “listen” for incoming web (http) connections, etc…
Apache COnfig• So when we browse to the IP
Quick Aside – Regular Tasks
• Starting out in IT, expect:• Programmers: documenting code– Possibly minor bug fixes
• Networking: monitoring – I actually know the least about this one
• Sysadmin: Password resets, low-level user calls– Aka, help desk
Help Desk• Help desk isn’t a bad place to be• But it’s hard to move out into ‘sysadmin’ work– Easier to move up to L2/L3 support– Internships are the way to go
• Regardless, you’ll usually have a ‘script’
Help Desk
• In that script you won’t have too much freedom, which means you won’t have too much opportunity to show off skills
• Sometimes you do, and sticking with something (especially the really annoying things) are what managers look for
• They call it “issue ownership”– Do you take the next step when it’s not in your
script?
Example
• Apache is not installed on our VM’s
Or You Might Get A Ticket• “User X Can’t Log In”– Login to what?! – Obviously not the ticketing system
• This is why I structure our class this way– This is also the least-favorite assignment of many
students• “Scope” the problem• Outline the fix• Implement• Write-up
Your Homework and Practical
• Install Apache on our vm’s– Not using yum
• Turn in a short write-up of what you did and how
• Documentation is necessary– 1) tells you where you are– 2) tells you what you’re doing– 3) covers your behind
Tickets
• IDS was owned by ‘Enterasys’• Awful support, except for 2/3 guys• Used their tickets to show their mgmt they
weren’t responding (many times)• Got 2 of the “good” responders dedicated to our
account• I’m sure they were chewed out after the
4th/5th/6th time we escalated through our mgmt
Own Study
• Installations and updates– Rpm command and packages– http://www.thegeekstuff.com/2010/07/rpm-com
mand-examples/
• Apache– http://
www.centos.org/docs/5/html/Cluster_Administration/s1-apache-inshttpd-CA.html
