Implementing System Security on Linux

30 minutes
  • 5 Learning Objectives

About this Hands-on Lab

Implementing security best practices is a necessary skill for a system administrator. In this hands-on lab, you will be tasked with securing a Linux host in a wide array of areas.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Update the System Software
  • Use the package manager to update all software packages (depending on the state of the lab image, packages may already be updated).
Limit the Services on the Host to Only the Apache HTTP Server
  • Stop and disable the postfix service.
  • Remove the postfix package.
Set Up a Local Firewall
  • Start and enable the firewalld service.
  • Allow the https service through the firewall.
Implement File-Level Security and Detection
  • Set SELinux to enforcing mode.
  • Install the the aide utility.
Create a Remote Backup of Important Data on the Host
  • Generate a public and private key on server01. This should use the default location for storing the keys, and a password should be provided.
  • Share the public key with the backup server (server02).
  • Use the rsync command to back up the contents of the /opt/data directory to the /home/cloud_user/data directory on server02.

Additional Resources

You work as part of a group of Linux administrators at a small company. After an audit of the Linux servers, several security vulnerabilities were discovered. In response to these findings, you have been tasked with implementing security best practices on the host you administer. This includes ensuring that all system software is updated and on the latest version. Your team has also decided to reduce the services provided by the hosts in order to reduce possible areas of attack. Next, you will need to set up a local firewall which allows HTTPS communication on port 443. It was also discovered that SELinux is not set to enforcing mode, which is needed to provide file-level security. It was decided to implement the AIDE utility, which will help with intrusion detection. Lastly, you will need create a remote backup of the contents of the /opt/data directory.

Note:

  • All tasks should be performed as the cloud_user.
  • The cloud_user has been given sudo access to perform the required tasks.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?