Review Security Hardening IPTables SELinux. Today Installations and updates – Rpm command and...
Transcript of Review Security Hardening IPTables SELinux. Today Installations and updates – Rpm command and...
![Page 1: Review Security Hardening IPTables SELinux. Today Installations and updates – Rpm command and packages Apache “Issue Ownership”](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e795503460f94b78e7f/html5/thumbnails/1.jpg)
Review
• Security• Hardening• IPTables• SELinux
![Page 2: Review Security Hardening IPTables SELinux. Today Installations and updates – Rpm command and packages Apache “Issue Ownership”](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e795503460f94b78e7f/html5/thumbnails/2.jpg)
Today
• Installations and updates– Rpm command and packages
• Apache• “Issue Ownership”
![Page 3: Review Security Hardening IPTables SELinux. Today Installations and updates – Rpm command and packages Apache “Issue Ownership”](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e795503460f94b78e7f/html5/thumbnails/3.jpg)
Installing Items
• Several Different Ways– Build from source works on all systems– Download source code, unzip it, run ‘make file’– Compiles it on your system– Annoying, time consuming, etc…
• Different distributions have ‘package managers’– Debian/Ubuntu – Apt-Get / dpkg– SuSE - YaST
![Page 4: Review Security Hardening IPTables SELinux. Today Installations and updates – Rpm command and packages Apache “Issue Ownership”](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e795503460f94b78e7f/html5/thumbnails/4.jpg)
CentOS/RHEL
• Online (aka, requires internet connection)– yum– yum install <package> # or update or….– VERY easy, very nice, I highly recommend it
• Offline (aka, no internet connection)– Must know package name– rpm (RedHat Package Manager)– Flags will then lead us to install, uninstall, update,
etc…
![Page 5: Review Security Hardening IPTables SELinux. Today Installations and updates – Rpm command and packages Apache “Issue Ownership”](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e795503460f94b78e7f/html5/thumbnails/5.jpg)
RPM Usage
• Simple installation– rpm -i <filename>– rpm -ivh <filename>
• List installed programs– rpm -qa #optional: <package>
• Uninstall program– rpm -ev <package>
• Notice difference between filename and package
![Page 6: Review Security Hardening IPTables SELinux. Today Installations and updates – Rpm command and packages Apache “Issue Ownership”](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e795503460f94b78e7f/html5/thumbnails/6.jpg)
RPM File Names
• An RPM filename will end in .rpm• The name will usually contain package, version,
OS version, and architecture• CentOS 6 Apache installation file • httpd-2.2.15-26.el6.x86_64.rpm– Package: httpd– Apache version: 2.2.15-26– OS version: ‘Enterprise Linux’ 6 (el6)– Architecture: x86_64 (Intel, 64-bit)
![Page 7: Review Security Hardening IPTables SELinux. Today Installations and updates – Rpm command and packages Apache “Issue Ownership”](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e795503460f94b78e7f/html5/thumbnails/7.jpg)
Complex Installations
• Some packages will require a ‘depdency’• A dependency is another install package– Possibly another program, possibly a library
• For example, to run the GNU C++ Compiler (g++), you have to have the GNU C Compiler installed (gcc)
• g++ has a dependency of gcc• rpm -R <package>
![Page 8: Review Security Hardening IPTables SELinux. Today Installations and updates – Rpm command and packages Apache “Issue Ownership”](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e795503460f94b78e7f/html5/thumbnails/8.jpg)
Failures
• Dependencies
• 2 packages, 2 libraries• Packages will most likely appear with that name• Libraries will have to be Google’d for
![Page 9: Review Security Hardening IPTables SELinux. Today Installations and updates – Rpm command and packages Apache “Issue Ownership”](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e795503460f94b78e7f/html5/thumbnails/9.jpg)
Library Packages
• libapr-1.so.0 – library package• In an offline install this will not show up as
libapr.rpm or any variation
![Page 10: Review Security Hardening IPTables SELinux. Today Installations and updates – Rpm command and packages Apache “Issue Ownership”](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e795503460f94b78e7f/html5/thumbnails/10.jpg)
Libapr-1.so.0
• Easily handled - apr package and apr-util packages contain the libapr and libapr-util libraries
• Go through each dependency from the top, install all the ones you can easily
• Then try to install the main packages and Google anything left over
![Page 11: Review Security Hardening IPTables SELinux. Today Installations and updates – Rpm command and packages Apache “Issue Ownership”](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e795503460f94b78e7f/html5/thumbnails/11.jpg)
Successful Install
• rpm -ivh apr-util-1.3.9-3.el6_0.1.x86_64.rpm
![Page 12: Review Security Hardening IPTables SELinux. Today Installations and updates – Rpm command and packages Apache “Issue Ownership”](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e795503460f94b78e7f/html5/thumbnails/12.jpg)
So We Can Use It
• We can see it in the output of rpm -qa httpd• Even more, we can use it
![Page 13: Review Security Hardening IPTables SELinux. Today Installations and updates – Rpm command and packages Apache “Issue Ownership”](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e795503460f94b78e7f/html5/thumbnails/13.jpg)
What Is A Web Server?
• “The hardware or software that delivers web content” –wikipedia
• Thanks, wikipedia, that’s helpful• Web server is a computer running– Windows OS & IIS application– Linux OS & Apache application– There are others, those are the big ones
• They hold the code files that make up web pages (facebook, Amazon, ESPN, etc…)
![Page 14: Review Security Hardening IPTables SELinux. Today Installations and updates – Rpm command and packages Apache “Issue Ownership”](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e795503460f94b78e7f/html5/thumbnails/14.jpg)
Apache Web Server
• “LAMP Stack” – Linux, Apache, MySQL, PHP– Everything you need to build a ‘feature-rich’
website (ESPN.com)• Config file in /etc/httpd/conf/httpd.conf• Contains ‘modules’ that help develop web site• Code files in /var/www– Expected to be ‘feature rich’
![Page 15: Review Security Hardening IPTables SELinux. Today Installations and updates – Rpm command and packages Apache “Issue Ownership”](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e795503460f94b78e7f/html5/thumbnails/15.jpg)
Apache Details
• Service named httpd (so we can control it by the services command & see it in ps)– What would that command be?
• Starts about 8 processes named httpd• Sits “on top” of our networking scripts, opens
port 80 to “listen” for incoming web (http) connections, etc…
![Page 16: Review Security Hardening IPTables SELinux. Today Installations and updates – Rpm command and packages Apache “Issue Ownership”](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e795503460f94b78e7f/html5/thumbnails/16.jpg)
Apache Config• So when we browse to the IP
![Page 17: Review Security Hardening IPTables SELinux. Today Installations and updates – Rpm command and packages Apache “Issue Ownership”](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e795503460f94b78e7f/html5/thumbnails/17.jpg)
Quick Aside – Regular Tasks
• Starting out in IT, expect:• Programmers: documenting code– Possibly minor bug fixes
• Networking: monitoring – I actually know the least about what entry-level
networking is• Sysadmin: Password resets, low-level user calls– Aka, help desk
![Page 18: Review Security Hardening IPTables SELinux. Today Installations and updates – Rpm command and packages Apache “Issue Ownership”](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e795503460f94b78e7f/html5/thumbnails/18.jpg)
Help Desk• Help desk isn’t a bad place to be• But it’s hard to move out into ‘sysadmin’ work– Easier to move up to L2/L3 support– Internships are the way to go
• Regardless, you’ll usually have a ‘script’
![Page 19: Review Security Hardening IPTables SELinux. Today Installations and updates – Rpm command and packages Apache “Issue Ownership”](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e795503460f94b78e7f/html5/thumbnails/19.jpg)
Help Desk
• In that script you won’t have too much freedom, which means you won’t have too much opportunity to show off skills
• Sometimes you do, and sticking with something (especially the really annoying things) are what managers look for
• They call it “issue ownership”– Do you take the next step when it’s not in your
script?
![Page 20: Review Security Hardening IPTables SELinux. Today Installations and updates – Rpm command and packages Apache “Issue Ownership”](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e795503460f94b78e7f/html5/thumbnails/20.jpg)
Example
• Apache is not installed on our VM’s
![Page 21: Review Security Hardening IPTables SELinux. Today Installations and updates – Rpm command and packages Apache “Issue Ownership”](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e795503460f94b78e7f/html5/thumbnails/21.jpg)
Or You Might Get A Ticket• “User X Can’t Log In”– Login to what?! – Obviously not the ticketing system
• This is why I structure our class this way– This is also the least-favorite assignment of many
students• “Scope” the problem• Outline the fix• Implement• Write-up
![Page 22: Review Security Hardening IPTables SELinux. Today Installations and updates – Rpm command and packages Apache “Issue Ownership”](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e795503460f94b78e7f/html5/thumbnails/22.jpg)
Your Homework and Practical
• Install Apache on our vm’s– Using rpm, not using yum
• Turn in a short write-up of what you did and how
• Documentation is necessary– 1) tells you where you are– 2) tells you what you’re doing– 3) covers your behind
![Page 23: Review Security Hardening IPTables SELinux. Today Installations and updates – Rpm command and packages Apache “Issue Ownership”](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e795503460f94b78e7f/html5/thumbnails/23.jpg)
Tickets
• IDS was owned by ‘Enterasys’ (now Dell)• Awful support, except for 2/3 guys• Used their tickets to show their mgmt they
weren’t responding (many times)• Got 2 of the “good” responders dedicated to
our account• I’m sure they were chewed out after the
4th/5th/6th time we escalated through our mgmt
![Page 24: Review Security Hardening IPTables SELinux. Today Installations and updates – Rpm command and packages Apache “Issue Ownership”](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e795503460f94b78e7f/html5/thumbnails/24.jpg)
Own Study
• Installations and updates– Rpm command and packages– http://www.thegeekstuff.com/2010/07/rpm-com
mand-examples/
• Apache– http://
www.centos.org/docs/5/html/Cluster_Administration/s1-apache-inshttpd-CA.html