Learn Linux Chapter 31 of 40
Learn Linux Chapter 32 of 40
Learn Linux Chapter 33 of 40
Learn Linux Chapter 34 of 40
Learn Linux Chapter 35 of 40
Learn Linux Chapter 36 of 40
Learn Linux Chapter 37 of 40
Learn Linux Chapter 38 of 40
Learn Linux Chapter 39 of 40
Learn Linux Chapter 40 of 40
i m a rhce certified person. This blog contain RH033,RH133,RH233 practice,tasks,question,video,dumps,etc. use it and spread to your friends.. Also i am working as oracle database administrator. I am positing documents which could help you to administrate oracle database.
Monday, January 4, 2010
Learn Linux Chapter part 3
Learn Linux Chapter 21 of 40
Learn Linux Chapter 22 of 40
Learn Linux Chapter 23 of 40
Learn Linux Chapter 24 of 40
Learn Linux Chapter 25 of 40
Learn Linux Chapter 26 of 40
Learn Linux Chapter 27 of 40
Learn Linux Chapter 28 of 40
Learn Linux Chapter 29 of 40
Learn Linux Chapter 30 of 40
Learn Linux Chapter 22 of 40
Learn Linux Chapter 23 of 40
Learn Linux Chapter 24 of 40
Learn Linux Chapter 25 of 40
Learn Linux Chapter 26 of 40
Learn Linux Chapter 27 of 40
Learn Linux Chapter 28 of 40
Learn Linux Chapter 29 of 40
Learn Linux Chapter 30 of 40
Learn Linux part Chapter 2
Learn Linux Chapter 11 of 40
Learn Linux Chapter 12 of 40
Learn Linux Chapter 13 of 40
Learn Linux Chapter 14 of 40
Learn Linux Chapter 15 of 40
Learn Linux Chapter 16 of 40
Learn Linux Chapter 17 of 40
Learn Linux Chapter 18 of 40
Learn Linux Chapter 19 of 40
Learn Linux Chapter 20 of 40
Learn Linux Chapter 12 of 40
Learn Linux Chapter 13 of 40
Learn Linux Chapter 14 of 40
Learn Linux Chapter 15 of 40
Learn Linux Chapter 16 of 40
Learn Linux Chapter 17 of 40
Learn Linux Chapter 18 of 40
Learn Linux Chapter 19 of 40
Learn Linux Chapter 20 of 40
Learn Linux Chapter part-1
Learn Linux Chapter 01 of 40
Learn Linux Chapter 02 of 40
Learn Linux Chapter 03 of 40
Learn Linux Chapter 04 of 40
Learn Linux Chapter 05 of 40
Learn Linux Chapter 06 of 40
Learn Linux Chapter 07 of 40
Learn Linux Chapter 08 of 40
Learn Linux Chapter 09 of 40
Learn Linux Chapter 10 of 40
Learn Linux Chapter 02 of 40
Learn Linux Chapter 03 of 40
Learn Linux Chapter 04 of 40
Learn Linux Chapter 05 of 40
Learn Linux Chapter 06 of 40
Learn Linux Chapter 07 of 40
Learn Linux Chapter 08 of 40
Learn Linux Chapter 09 of 40
Learn Linux Chapter 10 of 40
RH033 Red Hat Linux Essentials Unit 4 part-2
RH033 Red Hat Linux Essentials Unit 4 - Browsing the File system-08
RH033 Red Hat Linux Essentials Unit 4 - Browsing the File system-09
RH033 Red Hat Linux Essentials Unit 4 - Browsing the File system-10
RH033 Red Hat Linux Essentials Unit 4 - Browsing the
File system-11
RH033 Red Hat Linux Essentials Unit 4 - Browsing the File system-12
RH033 Red Hat Linux Essentials Unit 4 - Browsing the File system-09
RH033 Red Hat Linux Essentials Unit 4 - Browsing the File system-10
RH033 Red Hat Linux Essentials Unit 4 - Browsing the
File system-11
RH033 Red Hat Linux Essentials Unit 4 - Browsing the File system-12
RH033 Red Hat Linux Essentials Unit 4 part-1
RH033 Red Hat Linux Essentials Unit 4 - Browsing the File system-01
RH033 Red Hat Linux Essentials Unit 4 - Browsing the File system-02
RH033 Red Hat Linux Essentials Unit 4 - Browsing the File system-03
RH033 Red Hat Linux Essentials Unit 4 - Browsing the File system-04
RH033 Red Hat Linux Essentials Unit 4 - Browsing the File system-05
RH033 Red Hat Linux Essentials Unit 4 - Browsing the File system-06
RH033 Red Hat Linux Essentials Unit 4 - Browsing the File system-07
RH033 Red Hat Linux Essentials Unit 4 - Browsing the File system-02
RH033 Red Hat Linux Essentials Unit 4 - Browsing the File system-03
RH033 Red Hat Linux Essentials Unit 4 - Browsing the File system-04
RH033 Red Hat Linux Essentials Unit 4 - Browsing the File system-05
RH033 Red Hat Linux Essentials Unit 4 - Browsing the File system-06
RH033 Red Hat Linux Essentials Unit 4 - Browsing the File system-07
RH033 Red Hat Linux Essentials Unit 3
RH033 Red Hat Linux Essentials Unit 3 - Running Commands and Getting Help-00
RH033 Red Hat Linux Essentials Unit 2
RH033 Red Hat Linux Essentials Unit 2 - Linux Usage Basics-01
RH033 Red Hat Linux Essentials Unit 2 - Linux Usage Basics-02
RH033 Red Hat Linux Essentials Unit 2 - Linux Usage Basics-03
RH033 Red Hat Linux Essentials Unit 2 - Linux Usage Basics-04
RH033 Red Hat Linux Essentials Unit 2 - Linux Usage Basics-05
RH033 Red Hat Linux Essentials Unit 2 - Linux Usage Basics-02
RH033 Red Hat Linux Essentials Unit 2 - Linux Usage Basics-03
RH033 Red Hat Linux Essentials Unit 2 - Linux Usage Basics-04
RH033 Red Hat Linux Essentials Unit 2 - Linux Usage Basics-05
RH033 Red Hat Linux Essentials part -1 unit-1
RH033 Red Hat Linux Essentials Unit 1 - Linux Ideas and History-01
RH033 Red Hat Linux Essentials Unit 1 - Linux Ideas and History-02
RH033 Red Hat Linux Essentials Unit 1 - Linux Ideas and History-03
RH033 Red Hat Linux Essentials Unit 1 - Linux Ideas and History-04
RH033 Red Hat Linux Essentials Unit 1 - Linux Ideas and History-02
RH033 Red Hat Linux Essentials Unit 1 - Linux Ideas and History-03
RH033 Red Hat Linux Essentials Unit 1 - Linux Ideas and History-04
Saturday, January 2, 2010
SNORT NIDS SETUP IN REDHAT LINUX
SNORT NIDS SETUP
1. Setup MySQL DB environment
•create database snort;
•grant insert,select on root.* to snort@localhost;
•set password for snort@localhost=password('abc123');
•grant create,insert,select,delete,update on snort.* to snort@localhost;
•grant create,insert,select,delete,update on snort.* to snort;
2. Import MySQL DB schema
•mysql -u root -p < /home/linuxcbt/temp/Snort/snort-2.8.0.2 /schemas/create_mysqlsnort
3. Setup Snort NIDS /etc/snort environment
•mkdir /etc/snort && cp -v /home/linuxcbt/temp/Snort/snort-2.8.0.2 /etc/* /etc/snort
Note: Snort's primary configuration file for NIDS mode: /etc/snort/snort.conf
4. Download the latest Snort rules file and extract to: /etc/snort/rules
Note: Snort rules are available as follows:
1. Registered users: with delay
2. Subscriber: no delay - NOT FREE
3. Unregistered users: release version (very old) of rules
4. Various third-party sites: i.e. Bleeding Snort, etc.
•cd /etc/snort && tar -xzvf snortrules*
5. Configure: /etc/snort/snort.conf to use MySQL and rules
•MySQL - output
•Rules - path to the rules
6. Start Snort in NIDS mode
•snort -i eth0 -c /etc/snort/snort.conf -D
7. Setup BASE web analysis application
•wget http://easynews.dl.sourceforge.net/sourceforge/adodb/adodb480.tgz
•tar -xzvf adodb480.tgz
Note: adodb480.tgz - provides DB-connectivity for BASE to MySQL
• Download BASE from http://base.secureideas.net
• Configure: base_conf.php file
• $BASE_urlpath = '/base';
• $Dblib_path = "/var/www/html/adodb";
• $Dbtype = 'mysql';
• alert_dbname = 'snort';
• alert_host = 'localhost';
• alert_password = 'abc123';
Note:•Ensure that your Apache instance has PHP support
•Ensure that 'php-mysql*' package is installed
8. Connect to BASE via web browser
Note: Consider protecting '/base' application using HTDIGEST or basic auth
1. Setup MySQL DB environment
•create database snort;
•grant insert,select on root.* to snort@localhost;
•set password for snort@localhost=password('abc123');
•grant create,insert,select,delete,update on snort.* to snort@localhost;
•grant create,insert,select,delete,update on snort.* to snort;
2. Import MySQL DB schema
•mysql -u root -p < /home/linuxcbt/temp/Snort/snort-2.8.0.2 /schemas/create_mysqlsnort
3. Setup Snort NIDS /etc/snort environment
•mkdir /etc/snort && cp -v /home/linuxcbt/temp/Snort/snort-2.8.0.2 /etc/* /etc/snort
Note: Snort's primary configuration file for NIDS mode: /etc/snort/snort.conf
4. Download the latest Snort rules file and extract to: /etc/snort/rules
Note: Snort rules are available as follows:
1. Registered users: with delay
2. Subscriber: no delay - NOT FREE
3. Unregistered users: release version (very old) of rules
4. Various third-party sites: i.e. Bleeding Snort, etc.
•cd /etc/snort && tar -xzvf snortrules*
5. Configure: /etc/snort/snort.conf to use MySQL and rules
•MySQL - output
•Rules - path to the rules
6. Start Snort in NIDS mode
•snort -i eth0 -c /etc/snort/snort.conf -D
7. Setup BASE web analysis application
•wget http://easynews.dl.sourceforge.net/sourceforge/adodb/adodb480.tgz
•tar -xzvf adodb480.tgz
Note: adodb480.tgz - provides DB-connectivity for BASE to MySQL
• Download BASE from http://base.secureideas.net
• Configure: base_conf.php file
• $BASE_urlpath = '/base';
• $Dblib_path = "/var/www/html/adodb";
• $Dbtype = 'mysql';
• alert_dbname = 'snort';
• alert_host = 'localhost';
• alert_password = 'abc123';
Note:•Ensure that your Apache instance has PHP support
•Ensure that 'php-mysql*' package is installed
8. Connect to BASE via web browser
Note: Consider protecting '/base' application using HTDIGEST or basic auth
SNORT NIDS IN REDHAT LINUX
SNORT NIDS
Features:
1. Network Intrusion Detection System (NIDS)
2. Packet Sniffer
3. Packet Logger - logs using TCPDump format
Tasks:
1. Download and install Snort NIDS
•snort.org
•Confirm MD5SUM: 'md5sum snort-2.8.0.2.tar.gz' Compare to snort-2.8.0.2.tar.gz.md5
•Import GPG key used to sign the current release of Snort
•gpg --verify snort-2.8.0.2.tar.gz.sig snort-2.8.0.2.tar.gz
Requirements:
1. gcc - C compiler
2. make - creates binaries
3. libpcre - Provides access to Perl Compatible RegExes
4. mysql-devel* - provides access to MySQL
5. libpcap* - provides the TCPDump, packet capture library
•Extract and install (compile) Snort NIDS
•tar -xzvf snort-2.8.0.2.tar.gz - creates top-level directory
•./configure --with-mysql --enable-dynamicplugin - checks for
prerequisites, including: mysql-devel, libpcre, gcc, make, etc.
• make - creates binaries
• su (as 'root') and execute 'make install' - places binaries in
/usr/local/ accessible location
Usage - Packet Sniffer:
1. snort -v -i eth0 - reveals layers 3 & 4 of the OSI model
2. snort -vde -i eth0 - reveals layers 2-7
3. snort -vde -i eth0 tcp port 23
Usage - Packet Logger:
1. snort -v -i eth0 -l ./ tcp port 23 - logs binary file in current directory
with Unix Epoch suffix
2. snort -b -i eth0 - attempts to log in: /var/log/snort
3. snort -b -L test.snort.log -i
eth0 -creates: /var/log/snort/test.snort.log.UnixEpochDate
Note: Snort drops less packets when run in binary logging mode than
in verbose, dump-to-screen, mode
Features:
1. Network Intrusion Detection System (NIDS)
2. Packet Sniffer
3. Packet Logger - logs using TCPDump format
Tasks:
1. Download and install Snort NIDS
•snort.org
•Confirm MD5SUM: 'md5sum snort-2.8.0.2.tar.gz' Compare to snort-2.8.0.2.tar.gz.md5
•Import GPG key used to sign the current release of Snort
•gpg --verify snort-2.8.0.2.tar.gz.sig snort-2.8.0.2.tar.gz
Requirements:
1. gcc - C compiler
2. make - creates binaries
3. libpcre - Provides access to Perl Compatible RegExes
4. mysql-devel* - provides access to MySQL
5. libpcap* - provides the TCPDump, packet capture library
•Extract and install (compile) Snort NIDS
•tar -xzvf snort-2.8.0.2.tar.gz - creates top-level directory
•./configure --with-mysql --enable-dynamicplugin - checks for
prerequisites, including: mysql-devel, libpcre, gcc, make, etc.
• make - creates binaries
• su (as 'root') and execute 'make install' - places binaries in
/usr/local/ accessible location
Usage - Packet Sniffer:
1. snort -v -i eth0 - reveals layers 3 & 4 of the OSI model
2. snort -vde -i eth0 - reveals layers 2-7
3. snort -vde -i eth0 tcp port 23
Usage - Packet Logger:
1. snort -v -i eth0 -l ./ tcp port 23 - logs binary file in current directory
with Unix Epoch suffix
2. snort -b -i eth0 - attempts to log in: /var/log/snort
3. snort -b -L test.snort.log -i
eth0 -creates: /var/log/snort/test.snort.log.UnixEpochDate
Note: Snort drops less packets when run in binary logging mode than
in verbose, dump-to-screen, mode
NESSUS IN REDHAT LINUX
NESSUS
Features:
1. Vulnerability Scanner
2. Port Scanner
3. Host | Device detection
4. Can be used to scan NETBIOS (Windows|Samba) servers
5. Profiles (Scan Policies) for target scans, with specific exploits to query
6. Reporting
7. Client/Server enabled; multiple clients may use the central Nessus server
8. Client support for Windows, Linux, etc.
9. Runs as a service, awaiting inbound PenTest requests
10. Penetration testing tool
11. Nessus can be automated
12. Supports plug-ins for vulnerability signatures
13. Supports parallel scanning of targets
Tasks:
1. Download Nessus from nessus.org and install
2. Register nessus using 'nessus-fetch', with provided code
•/opt/nessus/bin/nessus-fetch --register A65E-5116-4D76-FCD5-FF2A
3. Install Nessus Client and Explore the interface
•rpm -Uvh NessusClient*
4. Perform a PenTest of the localhost
5. Perform a PenTest of the local network
6. Evaluate results
Note: Nessus will auto-update its plug-ins after registration, every 12-hours
Features:
1. Vulnerability Scanner
2. Port Scanner
3. Host | Device detection
4. Can be used to scan NETBIOS (Windows|Samba) servers
5. Profiles (Scan Policies) for target scans, with specific exploits to query
6. Reporting
7. Client/Server enabled; multiple clients may use the central Nessus server
8. Client support for Windows, Linux, etc.
9. Runs as a service, awaiting inbound PenTest requests
10. Penetration testing tool
11. Nessus can be automated
12. Supports plug-ins for vulnerability signatures
13. Supports parallel scanning of targets
Tasks:
1. Download Nessus from nessus.org and install
2. Register nessus using 'nessus-fetch', with provided code
•/opt/nessus/bin/nessus-fetch --register A65E-5116-4D76-FCD5-FF2A
3. Install Nessus Client and Explore the interface
•rpm -Uvh NessusClient*
4. Perform a PenTest of the localhost
5. Perform a PenTest of the local network
6. Evaluate results
Note: Nessus will auto-update its plug-ins after registration, every 12-hours
NMAP IN REDHAT LINUX
NMAP
Features:
1. Port/Reconnaissance Scanner
2. Hosts & device detection
3. Service detection
4. OS Fingerprinting
5. Multi-target scanning
6. Produces various reports
Tasks:
1. Download and install the latest version of NMap - nmap.org
•wget http://download.insecure.org/nmap/dist/nmap-4.53-1.i386.rpm
•rpm -Uvh nmap-4.53-1.i386.rpm
•/usr/bin/nmap - primary binary
Note: Executing 'nmap' as non-privileged user, causes it to operate in TCP-Connect mode, instead of the stealthy TCP-SYN mode
•/usr/share/nmap - top-level container for key NMap files
•/usr/share/nmap/nmap-os-db - OS Fingerprinting DB
•/usr/share/nmap/nmap-mac-prefixes - Maps MAC prefixes to companies
•/usr/share/nmap/nmap-services - resolves service names to port numbers
Usage:
1. Scan the localhost for open ports
•nmap -v localhost
2. Service detection scan - attempts to resolve services to names & versions
•nmap -v -sV 192.168.75.199
3. OS Fingerprinting scan
•nmap -v -O 192.168.75.199
4. Reporting
•nmap -v -oN filename.txt 192.168.75.1 - normal output
•nmap -v -oX filename.xml 192.168.75.1 - XML output
5. OS Fingerprinting & Service detection
•nmap -v -A 192.168.75.1
6. Scan the entire network using '-A' and XML output
•nmap -v -A -oX 192.168.75.0.scan.xml 192.168.75.0/24
Features:
1. Port/Reconnaissance Scanner
2. Hosts & device detection
3. Service detection
4. OS Fingerprinting
5. Multi-target scanning
6. Produces various reports
Tasks:
1. Download and install the latest version of NMap - nmap.org
•wget http://download.insecure.org/nmap/dist/nmap-4.53-1.i386.rpm
•rpm -Uvh nmap-4.53-1.i386.rpm
•/usr/bin/nmap - primary binary
Note: Executing 'nmap' as non-privileged user, causes it to operate in TCP-Connect mode, instead of the stealthy TCP-SYN mode
•/usr/share/nmap - top-level container for key NMap files
•/usr/share/nmap/nmap-os-db - OS Fingerprinting DB
•/usr/share/nmap/nmap-mac-prefixes - Maps MAC prefixes to companies
•/usr/share/nmap/nmap-services - resolves service names to port numbers
Usage:
1. Scan the localhost for open ports
•nmap -v localhost
2. Service detection scan - attempts to resolve services to names & versions
•nmap -v -sV 192.168.75.199
3. OS Fingerprinting scan
•nmap -v -O 192.168.75.199
4. Reporting
•nmap -v -oN filename.txt 192.168.75.1 - normal output
•nmap -v -oX filename.xml 192.168.75.1 - XML output
5. OS Fingerprinting & Service detection
•nmap -v -A 192.168.75.1
6. Scan the entire network using '-A' and XML output
•nmap -v -A -oX 192.168.75.0.scan.xml 192.168.75.0/24
IPv6 IPTABLES IN REDHAT LINUX
IPv6 IPTABLES
Features:
1. Firewall for IPv6
/etc/rc.d/init.d/ip6tables - run-script
/etc/sysconfig/ip6tables-config - system-wide config file
/sbin/ip6tables - primary tool for administering IP6Tables
/sbin/ip6tables-restore
/sbin/ip6tables-save
2. Maintains 3 default tables:
•Filter - matches IPTables(IPv4)
•Mangle - matches IPTables(IPv4)
•Raw
Usage:
1. ip6tables -L
Note: IPv6 firewall rules are administered independently of IPv4 rules
Tasks:
1. Filter inbound traffic to remote RH5 system to SSH
•ip6tables -A INPUT -p tcp --dport 22 -j ACCEPT
•ip6tables -A INPUT -j DROP
2. Filter outbound traffic to ANY remote SSH port
•ip6tables -A OUTPUT -p tcp --dport 22 -j DROP
3. Flush ALL rules from OUTPUT chain of the Filter table
•ip6tables -F OUTPUT
4. Save rules to file, then flush rules
•ip6tables-save > ip6tables.rules.1
5. Reinstate flushed rules
•ip6tables-restore ip6tables.rules.1
Features:
1. Firewall for IPv6
/etc/rc.d/init.d/ip6tables - run-script
/etc/sysconfig/ip6tables-config - system-wide config file
/sbin/ip6tables - primary tool for administering IP6Tables
/sbin/ip6tables-restore
/sbin/ip6tables-save
2. Maintains 3 default tables:
•Filter - matches IPTables(IPv4)
•Mangle - matches IPTables(IPv4)
•Raw
Usage:
1. ip6tables -L
Note: IPv6 firewall rules are administered independently of IPv4 rules
Tasks:
1. Filter inbound traffic to remote RH5 system to SSH
•ip6tables -A INPUT -p tcp --dport 22 -j ACCEPT
•ip6tables -A INPUT -j DROP
2. Filter outbound traffic to ANY remote SSH port
•ip6tables -A OUTPUT -p tcp --dport 22 -j DROP
3. Flush ALL rules from OUTPUT chain of the Filter table
•ip6tables -F OUTPUT
4. Save rules to file, then flush rules
•ip6tables-save > ip6tables.rules.1
5. Reinstate flushed rules
•ip6tables-restore ip6tables.rules.1
IPTABLES IN REDHAT LINUX
IPTABLES
Features:
1. Firewall for Linux
2. Interface to Netfilter, which is loaded by the kernel
3. Operates primarily @ layers 3 & 4 of the OSI model
4. Modular
5. Provides Network Address Translation (NAT)
6. IPTables can also access other layers (2, 5-7), with modules
•grep -i config_netfilter /boot/config*
Note:Save rules in: /etc/sysconfig/iptables so that when IPTables is restarted, the rules will be applied OR, update /etc/sysconfig/iptables-config to save the rules automatically
/sbin/iptables - primary ACL modifier utility
/sbin/iptables-restore - restores rules to current IPTables instance
/sbin/iptables-save - saves rules to STDOUT, by default, or to a file
IPTables includes 3 default tables, which you cannot remove:
1. NAT
2. Mangle
3. Filter (Default) - filters inbound/outbound traffic
Note: Each table, includes chains, which include Access Control Entries (ACEs)
Usage:
1. iptables -L
Note: The Filter table includes 3 chains:
1. INPUT - applies to traffic destined to a service that our system is bound to
2. FORWARD - applies to traffic being routed through the system
3. OUTPUT - applies to traffic sourced from our system, heading outbound
Tasks:
1. Filter inbound traffic to remote RH5 system to SSH
• iptables -A INPUT -p tcp --dport 22 -j ACCEPT
• iptables -A INPUT -j DROP
2. Filter outbound traffic to ANY remote SSH port
• iptables -A OUTPUT -p tcp --dport 22 -j DROP
3. Flush ALL rules from OUTPUT chain of the Filter table
• iptables -F OUTPUT
4. Save rules to file, then flush rules
• iptables-save > iptables.rules.1
5. Reinstate flushed rules
• iptables-restore iptables.rules.1
Features:
1. Firewall for Linux
2. Interface to Netfilter, which is loaded by the kernel
3. Operates primarily @ layers 3 & 4 of the OSI model
4. Modular
5. Provides Network Address Translation (NAT)
6. IPTables can also access other layers (2, 5-7), with modules
•grep -i config_netfilter /boot/config*
Note:Save rules in: /etc/sysconfig/iptables so that when IPTables is restarted, the rules will be applied OR, update /etc/sysconfig/iptables-config to save the rules automatically
/sbin/iptables - primary ACL modifier utility
/sbin/iptables-restore - restores rules to current IPTables instance
/sbin/iptables-save - saves rules to STDOUT, by default, or to a file
IPTables includes 3 default tables, which you cannot remove:
1. NAT
2. Mangle
3. Filter (Default) - filters inbound/outbound traffic
Note: Each table, includes chains, which include Access Control Entries (ACEs)
Usage:
1. iptables -L
Note: The Filter table includes 3 chains:
1. INPUT - applies to traffic destined to a service that our system is bound to
2. FORWARD - applies to traffic being routed through the system
3. OUTPUT - applies to traffic sourced from our system, heading outbound
Tasks:
1. Filter inbound traffic to remote RH5 system to SSH
• iptables -A INPUT -p tcp --dport 22 -j ACCEPT
• iptables -A INPUT -j DROP
2. Filter outbound traffic to ANY remote SSH port
• iptables -A OUTPUT -p tcp --dport 22 -j DROP
3. Flush ALL rules from OUTPUT chain of the Filter table
• iptables -F OUTPUT
4. Save rules to file, then flush rules
• iptables-save > iptables.rules.1
5. Reinstate flushed rules
• iptables-restore iptables.rules.1
OPEN SSHV2 IN REDHAT LINUX
OPEN SSHV2
Features:
1. Provides data encryption services based on PKI - Confidentiality
2. Primarily used to protect the transport layer
3. Encrypted shell sessions, file transfers
4. Password-less logins
5. Port forwarding - Pseudo-VPN
SSH Clients:
/etc/ssh/ssh_config - shared system-wide config file for SSH clients
1. scp - secure, non-interactive, copy program
•scp sample.txt linuxcbt@linuxcbtmedia1:
•scp linuxcbt@linuxcbtmedia1:testRH5/sample.txt sample2.txt
2. sftp - secure, interactive, FTP-like, copy program
•sftp linuxcbt@linuxcbtmedia1
3. ssh - shell-based client
•ssh linuxcbt@linuxcbtmedia1
•ssh linuxcbt@linuxcbtmedia1 "uptime"
4. ssh-copy-id - permits easy propagation of SSH pub/priv keypair
•ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.75.10
5. ssh-keygen - used to generage SSH pub/priv keypair
Note: Use '-v' with SSH clients to enable verbosity
•ssh-keygen -t rsa
Task:
•Setup Password-less logins using SSH
Features:
1. Provides data encryption services based on PKI - Confidentiality
2. Primarily used to protect the transport layer
3. Encrypted shell sessions, file transfers
4. Password-less logins
5. Port forwarding - Pseudo-VPN
SSH Clients:
/etc/ssh/ssh_config - shared system-wide config file for SSH clients
1. scp - secure, non-interactive, copy program
•scp sample.txt linuxcbt@linuxcbtmedia1:
•scp linuxcbt@linuxcbtmedia1:testRH5/sample.txt sample2.txt
2. sftp - secure, interactive, FTP-like, copy program
•sftp linuxcbt@linuxcbtmedia1
3. ssh - shell-based client
•ssh linuxcbt@linuxcbtmedia1
•ssh linuxcbt@linuxcbtmedia1 "uptime"
4. ssh-copy-id - permits easy propagation of SSH pub/priv keypair
•ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.75.10
5. ssh-keygen - used to generage SSH pub/priv keypair
Note: Use '-v' with SSH clients to enable verbosity
•ssh-keygen -t rsa
Task:
•Setup Password-less logins using SSH
OPEN PGP|GNU PRIVACY GUARD (GPG) IN REDHAT LINUX
OPEN PGP|GNU PRIVACY GUARD (GPG)
Features:
1. Confidentiality - Data (Files or e-mail) are encrypted
2. Integrity - Digital signatures
3. Compression
4. Public Key Infrastructure (PKI)
a. Public key - used to encrypt data to a recipient
b. Private key - used to decrypt data from a sender
5. GPG is OpenPGP compliant
Usage:
1. gpg --list-keys - this enumerates keys in ~/
2. gpg --gen-key - generates a PKI keypair for the current user
3. gpg --encrypt -r LinuxCBT --armor sample.txt - encrypts sample.txt using
our 'LinuxCBT's' public key
4. gpg --decrypt sample.txt.asc
5. gpg --decrypt sample.txt.gpg
6. gpg --export -a - dumps public key to STDOUT
7. gpg --import - waits on STDIN for user to paste a key for import
8. gpg --decrypt -o sample.txt sample.txt.gpg
Features:
1. Confidentiality - Data (Files or e-mail) are encrypted
2. Integrity - Digital signatures
3. Compression
4. Public Key Infrastructure (PKI)
a. Public key - used to encrypt data to a recipient
b. Private key - used to decrypt data from a sender
5. GPG is OpenPGP compliant
Usage:
1. gpg --list-keys - this enumerates keys in ~/
2. gpg --gen-key - generates a PKI keypair for the current user
3. gpg --encrypt -r LinuxCBT --armor sample.txt - encrypts sample.txt using
our 'LinuxCBT's' public key
4. gpg --decrypt sample.txt.asc
5. gpg --decrypt sample.txt.gpg
6. gpg --export -a - dumps public key to STDOUT
7. gpg --import - waits on STDIN for user to paste a key for import
8. gpg --decrypt -o sample.txt sample.txt.gpg
Subscribe to:
Posts (Atom)