BCE-C712 Linux System Administration

0 of 74 lessons complete (0%)
Exit Course

Lab

Lab 2- Security Management

You don’t have access to this lesson

Please register or sign in to access the course content.

Lab 2: Security Management

Objective:

  • To understand and practice security management tasks on a Linux system.

Topics Covered:

  1. File Permissions and Ownership
  2. sudo Configuration
  3. SSH Configuration
  4. Firewall Management (using ufw)
  5. File Integrity Checking (using tripwire)

Lab Exercises:

Exercise 1: File Permissions and Ownership

  1. Create a file named secure_file.txt in the home directory.
  2. Restrict read and write permissions to the owner only.
  3. Allow read permissions to the group.
  4. Deny all permissions to others.
  5. Change the owner of the file to a different user.
# Create a file named secure_file.txt in the home directory.
touch secure_file.txt

# Restrict read and write permissions to the owner only.
chmod 600 secure_file.txt

# Allow read permissions to the group.
chmod 640 secure_file.txt

# Deny all permissions to others.
chmod 640 secure_file.txt

# Change the owner of the file to a different user.
chown new_owner:group secure_file.txt

Exercise 2: sudo Configuration

  1. Add a new user named admin to the sudo group.
  2. Verify that the admin user can execute commands with sudo.
  3. Edit the sudoers file to allow a specific user to run a command without entering a password.
# Add a new user named admin to the sudo group.
sudo useradd -m -G sudo admin

# Verify that the admin user can execute commands with sudo.
sudo -u admin echo "Testing sudo access"

# Edit the sudoers file to allow a specific user to run a command without entering a password.
sudo visudo

# Add the following line:
# username ALL=(ALL:ALL) NOPASSWD: /path/to/command

Exercise 3: SSH Configuration

  1. Change the default SSH port from 22 to a custom port.
  2. Disable password-based authentication for SSH.
  3. Generate SSH key pairs for two users (user1 and user2).
  4. Allow only specific users to log in via SSH.
# Change the default SSH port from 22 to a custom port.
sudo nano /etc/ssh/sshd_config
# Update the "Port" line, e.g., Port 2222

# Disable password-based authentication for SSH.
sudo nano /etc/ssh/sshd_config
# Set PasswordAuthentication no

# Generate SSH key pairs for two users (user1 and user2).
sudo su - user1
ssh-keygen

sudo su - user2
ssh-keygen

# Allow only specific users to log in via SSH.
sudo nano /etc/ssh/sshd_config
# Add the line: AllowUsers user1 user2

Exercise 4: Firewall Management (using ufw)

  1. Enable the UFW (Uncomplicated Firewall) service.
  2. Allow incoming SSH connections.
  3. Allow incoming connections on a custom service/port (e.g., web server).
  4. Deny incoming connections from a specific IP address.
  5. Disable the UFW service.
# Enable the UFW (Uncomplicated Firewall) service.
sudo ufw enable

# Allow incoming SSH connections.
sudo ufw allow 2222/tcp

# Allow incoming connections on a custom service/port (e.g., web server).
sudo ufw allow 80/tcp

# Deny incoming connections from a specific IP address.
sudo ufw deny from 192.168.1.2

# Disable the UFW service.
sudo ufw disable

Exercise 5: File Integrity Checking (using tripwire)

  1. Install tripwire on the system.
  2. Initialize the tripwire database.
  3. Run a manual check of file integrity.
  4. Modify a system file and run another integrity check to detect changes.
  5. Review tripwire reports and logs.
# Install tripwire on the system.
sudo apt-get install tripwire

# Initialize the tripwire database.
sudo tripwire --init

# Run a manual check of file integrity.
sudo tripwire --check

# Modify a system file and run another integrity check to detect changes.
sudo nano /etc/passwd
# Modify a line

sudo tripwire --check

# Review tripwire reports and logs.
sudo tripwire --print-report

Lab Documentation:

Provide detailed instructions for each exercise, including command syntax and expected outcomes. Include explanations of the purpose behind each security task.