This lab consists of two parts. Make sure you label each section accordingly and answer all the questions.
For this lab it is recommended that you review the Demo Lab presentations in the Unit 5 and Unit 6 Learning Space. Click the PRACTICE link > DEMO LAB > then click the hyperlink to launch the demonstration.
Part #1
Apply Hardened Security for Linux Services & Applications
Learning Objectives and Outcomes
Upon completing this lab, students will learn about the following tasks:
• Harden Linux server services when enabling and installing them, and keep a security perspective during configuration
• Create an Apache Web Server installation and perform basic security configurations to assure that the system has been hardened …show more content…
Unlike a hard link, a symbolic link does not contain the data in the target file. It simply points to another entry somewhere in the file system. This difference gives symbolic links certain qualities that hard links do not have, such as the ability to link to directories, or to files on remote computers networked through NFS. Also, when you delete a target file, symbolic links to that file become unusable, whereas hard links preserve the contents of the file.
7. Why is it recommended to disable Symbolic Links in MySQL? symbolic links are enabled by default. If you don't need them, you can disable them with the skip-symbolic-links option.
8. Why would you add the ‘skip-networking’ command?
You may even have services that are listening on a TCP port but don’t need to be. Database servers such as MySQL are often used in conjunction with Apache, and are frequently set up to coexist on the same server when used in this way. Connections that come from the same machine that MySQL is installed on use a domain socket in the filesystem for communications. Therefore, you don’t need to have MySQL listening on a TCP socket. To do this, you can either use the --skip-networking command-line option when starting MySQL or specify it in the [mysqld] section of your my.cnf file:
[mysqld]
... …show more content…
What command would you use to allow all the traffic from the loopback?
-A INPUT -i lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT - allows all traffic to the loopback network coming from the loopback device.
6. What command would you use to view the network port configuration for the iptables? iptables -vnL | more will give some port information, but portmap will provide even more.
7. If a service is to allow in one place and to deny in another what is the outcome?
First encountered rule takes priority.
8. Is the order of the rules important? If you deny something within the IP network layer, but permit something within the TCP transport layer that uses the IP network layer that you just denied, will your TCP traffic be permitted?
Yes. See #1 and #7. No, TCP traffic will not be allowed because it was already blocked by IP.
9. If one of the files does not exist what happens?
TCPWrappers will continue down its list without incident. Rules apply when matched.
10. Are the rules from TCP wrapped services cached? TCP wrapped services do not cache the rules from the hosts access files, so any changes to hosts.allow or hosts.deny take effect immediately without restarting network