RedHat Administering Red Hat Linux Part III

=Content=

Session 4 - Network Management
ifconfig eth0 hw ether AA:BB:CC:DD:EE:FF

# or

ifconfig eth0 192.168.0.1 hw ether 11:12:13:14:15:16 up
 * source: http://www.axllent.org/docs/networking/mac-address-spoofing/

Session 5 - Securing Network Traffic

 * IPV4 iptables
 * 1) cat /etc/sysconfig/iptables


 * 1) Firewall configuration written by system-config-firewall
 * 2) Manual customization of this file is not recommended.
 * filter
 * INPUT DROP [0:0]
 * FORWARD ACCEPT [0:0]
 * OUTPUT ACCEPT [0:0]

-A INPUT -m state --state NEW -m limit --limit 1/s --limit-burst 7 -m udp -p udp --dport 123 -j LOG --log-level 4 --log-prefix '**LEVEL4-LOG**' -A INPUT -m state --state NEW -m udp -p udp --dport 123 -j ACCEPT -A INPUT -m state --state NEW -m limit --limit 1/s --limit-burst 7 -j LOG --log-level 4 --log-prefix '**ALL_OTHERS**' -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT


 * some notes
 * INPUT DROP [0:0] <--- after all INPUT RULES, default is DROP
 * FORWARD ACCEPT [0:0] <--- after all FORWARD RULES, default is ACCEPT
 * OUTPUT ACCEPT [0:0] < after all OUTPUT RULES, default is ACCEPT

Session 7 - Centralised and Secure Storage

 * iSCSI
 * ...work in progress

mount -t ecryptfs /data/safe /data/safe
 * ecryptfs
 * http://ecryptfs.org/

Session 8: Configuring Network Time Protocol

 * Network time protocol (NTP)

disaster 1

 * 1) dis1 ###
 * 2) Makes the system continually reboot

cp /etc/inittab /etc/inittab.save sed 's/id:5:initdefault/id:6:initdefault/' < /etc/inittab > /tmp/$$ \mv /tmp/$$ /etc/inittab halt

disaster 2

 * 1) dis2 ###
 * 2) Changes root password so they cannot login as root - Forgotten root password

cp /etc/shadow /etc/shadow.bak

passwd root << Here >/dev/null 2>&1 passwd1 passwd1 Here halt

disaster 3

 * 1) dis3 ###
 * 2) No filesystems to mount at boot.

mv /etc/fstab /etc/fstab.save halt

disaster 4

 * 1) dis4 ###
 * 2) Breaks the students machine.
 * 3) NOTE Change the of= construct to that of the
 * 4) bootable disk

dd if=/dev/zero of=/dev/sda bs=446 count=1 halt

disaster 5
[root@room5-03 /disasters]# cat dis5
 * 1) dis5 ###
 * 1) Screws the /boot file system
 * 2) NOTE you may need to change the of= directive for your /boot file system before you run this

dd if=/dev/zero of=/dev/sda1 bs=4096 count=1 halt -p >/dev/null 2>&1

disaster 6
cp /boot/grub/grub.conf /boot/grub/grub.old sed 's/vmlinuz/???????/' /boot/grub/grub.conf > /tmp/$$ sed 's/root (hd0,0)/root (hd0,0) # The next line loads the vmlinuz kernel/' \ /tmp/$$ > /tmp/$$grub.conf mv /tmp/$$grub.conf /boot/grub/grub.conf halt
 * 1) dis6 ###
 * 2) Breaks the grub file.