Chapter 4.4 Linux Host Security

¡Supera tus tareas y exámenes ahora con Quizwiz!

Which command would you use to list all of the currently defined iptables rules? sudo iptables -F sudo /sbin/iptables-save sudo iptables -L sudo iptables -A INPUT -j DROP

sudo iptables -L

You want to make sure no unneeded software packages are running on your Linux server. Select the command from the drop-down list that you can use to see all installed RPM packages. yum list packages yum list rpm packages yum list installed yum list rpm installed

yum list installed

Question 7 In which of the iptables default chains would you configure a rule to allow an external device to access the HTTPS port on the Linux server? Forward Accept Output Input

Input

Question 1 Which command should you use to display both listening and non-listening sockets on your Linux system? (Tip: enter the command as if in Command Prompt.)

netstat -a

Question 3 You need to increase the security of your Linux system by finding and closing open ports. Which of the following commands should you use to locate open ports? nslookup netstat nmap traceroute

nmap

Question 2 Which command should you use to scan for open TCP ports on your Linux system? (Tip: enter the command as if in Command Prompt.)

nmap -sT

Action: Clear current rules

Command: sudo iptables -F

Action: List current rules

Command: sudo iptables -L

Question 4 What does the netstat -a command show? All listening and non-listening sockets All network users All connected hosts All listening sockets

All listening and non-listening sockets

You have configured the following rules. What is the effect? sudo iptables -A INPUT -p tcp --dport 25 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT sudo iptables -A OUTPUT -p tcp --sport 25 -m conntrack --ctstate ESTABLISHED -j ACCEPT Allow SSH traffic Block SMTP traffic Allow SMTP traffic Block SSH traffic

Allow SMTP traffic

Accept

Allows the connection.

Action:Allow HTTP traffic on portAllow HTTPS traffic on port 443

Command: sudo iptables -A INPUT -p tcp -m multiport --dports 80,443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT sudo iptables -A OUTPUT -p tcp -m multiport --dports 80,443 -m conntrack --ctstate ESTABLISHED -j ACCEPT

Action: Block connections from 192.168.0.254

Command: sudo iptables -A INPUT -s 192.168.0.254 -j DROP

Action: Save iptables changes (Ubuntu)

Command: sudo /sbin/iptables-save The command may be different on other Linux systems.

Action: Drop all incoming traffic

Command: sudo iptables -A INPUT -j DROP

Action: Allow SMTP mail on port 25

Command: sudo iptables -A INPUT -p tcp --dport 25 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT sudo iptables -A OUTPUT -p tcp --sport 25 -m conntrack --ctstate ESTABLISHED -j ACCEPT

Action: Allow HTTP traffic on port 80

Command: sudo iptables -A INPUT -p tcp --dport 80 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT sudo iptables -A OUTPUT -p tcp --sport 80 -m conntrack --ctstate ESTABLISHED -j ACCEPT (To allow HTTPS, you would use port 443.)

Action: Block SMTP mail on port 25

Command: sudo iptables -A OUTPUT -p tcp --dport 25 -j REJECT

Question 6 Which action would you use in a rule to disallow a connection silently? Forward Drop Reject Accept

Drop

Drop

Drops the connection. For example, an IP address in a rule with a drop action pings your system; the request is dropped. No response is sent to the user.

Check network connections

Open network connections (open sockets) on a computer create a security risk. A socket is an endpoint of a bi-directional communication flow across a computer network. Use the following netstat (network statistics) options to identify the open network connections on Linux systems: -a lists both listening and non-listening sockets. -l (lowercase 'L') lists listening sockets. -s displays statistics for each protocol. -i displays a table of all network interfaces.

Locate open ports

Open ports can provide information about which operating system a computer uses. Also, they can provide entry points or information about ways to formulate an attack. To locate open ports: 1.Install the nmap utility if it is not already installed. *yum install nmap *apt -i nmap 2.Use both of the following commands to scan for open ports: *nmap -sT ipaddress|fqdn scans for TCP ports *nmap -sU ipaddress|fqdn scans for UDP ports 3.Determine which services use the open ports. 4.Disable any unused service using the open ports information. (Make sure the service used is not a dependency for another service). *systemctl disable servicename *systemctl stop servicename

Which type of packet would the sender receive if they sent a connection request to TCP port 25 on a server with the following command applied? sudo iptables -A OUTPUT -p tcp --dport 25 -j REJECT RST ACK SYN ICMP Unreachable Port

RST

Reject

Rejects the connection, but will send a response back. This lets the sender know that the traffic reached a system, but was rejected.

Chains

The Linux iptables firewall utility uses policy chains (sets of rules) to allow or block network traffic. When a connection is initiated to your system, iptables looks for a matching rule. If it doesn't find one, it uses the default action in the tables. Be aware that iptables almost always comes pre-installed on any Linux distribution.

Input

This chain controls the behavior for incoming connections. For example, if a user attempts to ping the system, iptables attempts to match the IP address and port to a rule in the input chain

Output

This chain is used for outgoing connections. For example, if you ping testout.com, iptables checks its output chain to see what the rules are regarding ping and testout.com before allowing or denying the ping request.

Forward

This chain is used for packets leaving the system. These are incoming connections that aren't delivered locally. In other words, the traffic is not destined for the router; the router forwards the traffic to the destination device.

Check for unnecessary network services

Unnecessary network services waste computer resources and increase the system's attack service. To remove unnecessary network services: 1.Find all installed services and determine which are not needed: DNS, SNMP, DHCP and others. *systemctl --type=service --state=active 2.Use the man command and the Internet to research services you don't recognize. *If the service is not needed, determine if it is a dependency for another service. 3.Disable the service by using the following command: *systemctl disable servicename 4.Use one of the following commands to immediately stop the script: *systemctl stop servicename 5.Use one of the following commands to remove the script package entirely. yum erase packagename apt remove packagename rpm -e packagename dpkg -r packagename

Remove unnecessary software

Unnecessary software occupies disk space and could introduce security flaws. To remove unnecessary software: 1.Enter one of the following commands: yum list installed to see installed RPM packages on the computer. apt *apt autoremove automatically removes unused packages *apt list list all installed packages dpkg get-selections to see installed Debian packages on the computer. 2.Research the function of any unrecognized package to determine if it is necessary. 3.Use one of the following commands to uninstall unnecessary packages. yum erase packagename apt remove packagename rpm -e packagename dpkg -r packagename

Actions Performed

You can accept, drop, or reject the connections. After you define your accept rules, you should create a rule to drop all other traffic to prevent unauthorized access to the system.

iptables

iptables is a firewall command line utility for Linux operation systems that uses three policy chains to allow or block network traffic.


Conjuntos de estudio relacionados

Unit 2 (Eastern Classical Civilization (500 BC - 500 AD)

View Set

Chapter 50: Caring for Clients with Disorders of the Endocrine System

View Set