1,576
edits
Changes
m
Chris.johnson moved page OPS705 Lab 2 to OPS705 Lab 2 (2221) without leaving a redirect
Normally, the shell environment will ask you for your account password as an extra security precaution when using sudo. However, cloud-based Linux VMs typically have ''password-less sudo access''. The idea is that identity management and security is handled by the cloud infrastructure. We'll explore that in detail later in the course.
[[Image:Ops705_lab2_fig1.png|thumb|right|350px|Figure 1. Example commands with sudo.]]
Run the following commands:
# <code> whoami </code>
Notice that your command prompt has immediately changed. It no longer prints out your username at the beginning of each line, but the name of the '''root''' account. This is a good visual aid to let you know how you're logged in.
[[Image:Ops705_lab2_fig2.png|thumb|right|350px|Figure 2. Example commands as root.]]
Run the same commands from the sudo subsection:
# <code> whoami </code>
As mentioned in the Week 2 lecture, keeping your Linux system up to date is an incredibly important task and must be done regularly. You are the administrator of this system, you must keep it running well. While updating is a graded part of this lab, you should run the command again regularly to check for new updates while you continue to work with this virtual machine over the next several week..
[[Image:Ops705_lab2_fig3.png|thumb|right|500px|Figure 3. A yum update in progress.]]
Run the command to update CentOS: <code>sudo yum update</code>
== Part 1: Replacing ''firewalld'' with ''iptables'' ==
[[Image:Ops705_lab4_fig1Ops705_lab2_fig16.png|thumb|right|500px|Figure 14. Service status of both firewalls.]][[Image:Ops705_lab2_fig4.png|thumb|right|500px|Figure 5. Default iptables firewall rules.]]
The default firewall for CentOS, ''firewalld'' is more complex than we need. We'll be reverting to the easier to use ''iptables'' standard. This will require the removal of the ''firewalld'' package, the installation of the ''iptables-services'' package, and working with systemd services to turn on your new firewall.
There are a few standard security practices to follow when dealing with firewalls. In this section, we will changes our firewall rules to follow those practices. For more detail, refer to the Week 2 lecture and material.
[[Image:Ops705_lab2_fig15.png|thumb|right|500px|Figure 6. Modified iptables firewall rules.]]
# Set your default policy for the INPUT chain to DROP: <code>iptables -P INPUT DROP</code>
# Remove the reject rule from the INPUT chain to hide our server from scans: <code> iptables -D INPUT 5</code>
# Set your default policy for the FORWARD chain to DROP: <code>iptables -P FORWARD DROP</code>
# Remove the reject rule from the FORWARD chain to hide it from scans: <code>iptables -D FORWARD 1</code>
# Verify your changes by running the list rules command again: <code>iptables -nvL --line</code> Refer to ''Fig. 4 6'' as a reference.
# To confirm you haven't locked yourself out, log out of SSH and log back in. If you don't encounter any login issues, you're good to go.
# '''Assuming the step above works''', in your Linux VM, save your rule changes: <code>service iptables save</code>