Week 3 Lab
This lab consists of two parts. Make sure you label each section accordingly and answer all the questions. For this lab it is recommended that you review the Demo Lab presentations in the Unit 5 and Unit 6 Learning Space. Click the PRACTICE link > DEMO LAB > then click the hyperlink to launch the demonstration. Part #1
Apply Hardened Security for Linux Services & Applications
Learning Objectives and Outcomes
Upon completing this lab, students will learn about the following tasks: •
Harden Linux server services when enabling and installing them, and keep a security perspective during configuration •
Create an Apache Web Server installation and perform basic security configurations to assure that the system has been hardened before hosting a web site •
Configure and perform basic security for a MySQL database, understanding the ramifications of a default installation and recommending hardening steps for the database instance •
Install, setup and perform basic security configuration for Sendmail to be able to leverage the built-in messaging capabilities of the Linux System •
Enable and implement secure SSH for encrypted remote access over the network or across the Internet of a Linux server system
This lab is an extension of the previous hands-on labs, and it incorporates security hardening for Linux services and applications loaded in the physical server. This demonstration will configure security and hardened services and applications to ensure C-I-A of these services. It will take the steps to configure and secure an Apache web server and MySQL database and the components necessary to security harden the implementation of both. The students will also see how to use and configure the Sendmail application for secure local messaging and will enable secure, encrypted remote access using Secure Shell (SSH).
Lab Assessment Questions & Answers
When configuring services, what Linux directory typically contains server configuration files? Apache HTTP Server is configured by placing directives in plain text configuration files. The main configuration file is usually called httpd.conf. The location of this file is set at compile-time, but may be overridden with the -f command line flag. In addition, other configuration files may be added using the Include directive, and wildcards can be used to include many configuration files. Any directive may be placed in any of these configuration files. Changes to the main configuration files are only recognized by httpd when it is started or restarted.
The lab covered some very basic security hardening settings for MySQL Database server and application. 2.
What command disables remote access to the MySQL Database? Is this a security hardening best practice? If remote access is used, ensure that only defined hosts can access the server. This is typically done through TCP wrappers, iptables, or any other firewall software or hardware available on the market. To restrict MySQL from opening a network socket, the following parameter should be added in the [mysqld] section of my.cnf or my.ini: Skip-networking
The file is located in the "C:\Program Files\MySQL\MySQL Server 5.1" directory on the Windows operating system or "/etc/my.cnf" or "/etc/mysql/my.cnf" on Linux. This line disables the initiation of networking during MySQL startup. Please note that a local connection can still be established to the MySQL server. Another possible solution is to force MySQL to listen only to the localhost by adding the following line in the [mysqld] section of my.cnf This procedure is considered essential for best practices.
What is a Linux runlevel for a specific service or application? What command allows you to define the runlevel uniquely for a service or application? The term runlevel refers to a mode of operation in one of the computer operating systems that implement Unix System V-style initialization. Conventionally, seven runlevels exist, numbered from zero...
Please join StudyMode to read the full document