RH134 v8.2 CH11: Managing Network Security (Firewalld/SELinux ports)

What web-based utility allows you to graphically manage firewalld?

cockpit

You've just typed firewall-cmd --list-all, which zone information will be displayed?

default zone

Which service listens on port 53 by default?

dns

Which service listens on port 21 by default?

ftp

Which service listens on port 80 by default?

http

Which service listens on port 443 by default?

https

Which service listens on port 22 by default?

ssh

You want to manually edit the /usr/lib/firewalld/services/ssh.xml to listen on port 222. What directory do you need to copy it to before editing the file?

/etc/firewalld/services/

Where are the default service files stored for firewalld?

/usr/lib/firewalld/services

What steps would you need to perform to configure ssh to accept connections on port 222?

1. Edit /etc/ssh/sshd_conf. Change port to 222 2. Add port 222 to ssh in SELinux policy 3. Restart sshd.service 4. Open port 222 in firewalld and make it permanent 5. Reload firewalld

You want to add nfs access to your firewall and you want that change to be active in runtime and persistent over restarts. What do you need to do?

1. firewall-cmd --persistent --add-service=nfs 2. firewall-cmd --reload

True or False You should copy firewalld service (ssh.xml for example) files to /etc/firewalld/services before editing them?

True

You've configured ssh to listen on port 222 instead of 22. How would open port 222 in your default zone?

firewall-cmd --add-port=222/tcp

Add the nfs service to your default firewalld zone

firewall-cmd --add-service=nfs

Add the nfs service to the firewalld work zone

firewall-cmd --add-service=nfs --zone=work

What command would list all configured interfaces, services, and ports for the trusted zone

firewall-cmd --list-all --zone=trusted

How can you see the firewalld zone available by default?

firewall-cmd --list-all-zones

What firewall-cmd command will block all incoming and outgoing traffic?

firewall-cmd --panic-on

Type a one-line command that allows nfs traffic in the default zone and makes it active in run-time and persistent.

firewall-cmd --permanent --add-service=nfs && firewall-cmd --reload

Which command will show you if panic mode is enabled?

firewall-cmd --query-panic

You've made changes to your persistent firewall configuration and want those changes applied to runtime. What command will accomplish this?

firewall-cmd --reload

Remove the ftp service from the default zone

firewall-cmd --remove-service=ftp

Remove the http service from the firewalld work zone

firewall-cmd --remove-service=http --zone=work

How would you set your default firewalld zone from public to work?

firewall-cmd --set-default-zone=work

Which command will allow you to view sealert messages in a non-graphical environment?

sealert -a /var/log/audit/audit.log

Which command would you allow you to update the current SELinux policy so that port 222 can be used with ssh?

semanage port -a -t ssh_port_t -p tcp 222

Which SELinux command would allow you to view the correct PORT_TYPE and default ports associated with the ssh (or any other) service?

semanage port -l | grep ssh

Which man-page contains examples of how to modify SELinux default ports?

semanage-ports