1,760
edits
Changes
→Open Firewall wall - no filtering rules
ICT Linux USB for First Semester Students
=Version 1, 2014 =
Date Created: December 2014
Distribution: Linux Mint 17
==Features==
=== Basic System Info ===
<pre>
ict-2014-v1 ~ # hostname
ict-2014-v1
ict-2014-v1 ~ # uname -a
Linux ict-2014-v1 3.13.0-37-generic #64-Ubuntu SMP Mon Sep 22 21:28:38 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
Regular user account name:
student:x:999:999:Seneca College ICT student,,,:/home/student:/bin/bash
student@ict-2014-v1 ~ $ id
uid=999(student) gid=999(student) groups=999(student),4(adm),24(cdrom),30(dip),46(plugdev),108(lpadmin),110(sambashare)
student@ict-2014-v1 ~ $ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.1.1
search senecacollege.ca
student@ict-2014-v1 ~ $ grep host /etc/nsswitch.conf
hosts: files mdns4_minimal [NOTFOUND=return] dns
</pre>
===Disk Usage===
<pre>
Filesystem 1K-blocks Used Available Use% Mounted on
/cow 3984736 93728 3891008 3% /
udev 3973320 4 3973316 1% /dev
tmpfs 796948 1364 795584 1% /run
/dev/sdb1 3897904 1651776 2246128 43% /cdrom
/dev/loop0 1610368 1610368 0 100% /rofs
none 4 0 4 0% /sys/fs/cgroup
tmpfs 3984736 140 3984596 1% /tmp
none 5120 0 5120 0% /run/lock
none 3984736 76 3984660 1% /run/shm
none 102400 16 102384 1% /run/user
/dev/sdb2 25858132 70220 24451336 1% /home
</pre>
=== mail ===
No mail client installed.
To install, run the command "apt-get install mailutils"
===Open Firewall wall - no filtering rules===
* Suggestion:
** Drop policy on INPUT and Forward chains
** Accept policy on OUTPUT chain
** Add accept rule to FORWARD chain to allow "ESTABLISHED" and "RELATED" packets
<pre>
/sbin/iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
</pre>
===smbd and nmbd services ===
* Do you really want to have these on?
<pre>
ict-2014-v1 selinux # netstat -taunp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 1436/smbd
tcp 0 0 127.0.1.1:53 0.0.0.0:* LISTEN 3237/dnsmasq
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 3004/cupsd
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 1436/smbd
tcp6 0 0 :::139 :::* LISTEN 1436/smbd
tcp6 0 0 ::1:631 :::* LISTEN 3004/cupsd
tcp6 0 0 :::445 :::* LISTEN 1436/smbd
tcp6 1 0 ::1:55026 ::1:631 CLOSE_WAIT 2185/cups-browsed
tcp6 0 0 ::1:55028 ::1:631 ESTABLISHED 2635/cinnamon-setti
tcp6 0 0 ::1:631 ::1:55028 ESTABLISHED 3004/cupsd
udp 0 0 127.0.1.1:53 0.0.0.0:* 3237/dnsmasq
udp 0 0 0.0.0.0:68 0.0.0.0:* 3233/dhclient
udp 0 0 172.18.255.255:137 0.0.0.0:* 3361/nmbd
udp 0 0 172.18.81.236:137 0.0.0.0:* 3361/nmbd
udp 0 0 0.0.0.0:137 0.0.0.0:* 3361/nmbd
udp 0 0 172.18.255.255:138 0.0.0.0:* 3361/nmbd
udp 0 0 172.18.81.236:138 0.0.0.0:* 3361/nmbd
udp 0 0 0.0.0.0:138 0.0.0.0:* 3361/nmbd
udp 0 0 0.0.0.0:631 0.0.0.0:* 2185/cups-browsed
udp 0 0 0.0.0.0:5353 0.0.0.0:* 1231/avahi-daemon:
udp 0 0 0.0.0.0:35063 0.0.0.0:* 1231/avahi-daemon:
udp 0 0 0.0.0.0:14647 0.0.0.0:* 3233/dhclient
udp6 0 0 :::52153 :::* 1231/avahi-daemon:
udp6 0 0 :::28749 :::* 3233/dhclient
udp6 0 0 :::5353 :::* 1231/avahi-daemon:
</pre>
=== SELinux ===
Disable and no tools
=== Python ===
<pre>
Python 2.x:
student@ict-2014-v1 ~ $ python
Python 2.7.6 (default, Mar 22 2014, 22:59:56)
[GCC 4.8.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
Python 3.x:
student@ict-2014-v1 ~ $ python3
Python 3.4.0 (default, Apr 11 2014, 13:05:11)
[GCC 4.8.2] on linux
Type "help", "copyright", "credits" or "license" for more information.
</pre>