Contact us |
llm4-lab4-exercise-1To reiterate............Thus far we have used a mixture of best and worst computer security practices. To reiterate: What we did...1. First we installed the system by choosing to install all packages. This is not a good practice because the more software/services you have running on system, the more possible holes/bugs you will have to worry about. But this was done deliberately to demonstrate the effects of such a practice as you will soon see. Correction / Proper Practice:Install only the software that will allow a system to perform it’s specific roles and no more. What we did....2. We updated/patched the system while it was online from various sources/ media. Correction / Proper Practice:Try as much as you can to use a trusted, secure and verified media/repository to perform your system patches. This will help to minimize the effect of X factor (unknown factor). What we did....3. We took a snapshot of the system state and files after patching the system. Correction / Proper Practice:It may be useful to take a snapshot of the system both before and after patching the system and at regular intervals during the life span of the system. Pre-Exercise? Enabling all servicesIn this lab, we will perform one final bad practice. You will enable all the services that you system can possibly provide. You will enable both the services that you need and the ones that you don’t need. You will enable services whose function you know and services that you don’t even understand. This will be done with the help of another home grown script (turn_on_off.sh). To enable all services1. While logged in as root, open up any text editor and enter in the text of the script below. Type:
case "$*" in on) for i in `chkconfig --list | gawk '{print $1}' | gawk -F: '{print $1}'` do chkconfig $i on echo "$i" | gawk '{printf "%-11s %s\n", $1, "...is being ENABLED " }' done ;; off) for i in `chkconfig --list | gawk '{print $1}' | gawk -F: '{print $1}'` do chkconfig $i off echo "$i" | gawk '{printf "%-11s %s\n", $1, "...is being DISABLED " }' done ;; status) chkconfig --list ;; *) echo "Usage: This scripts accepts only {on|off|status} as arguments " esac Save the file as “turn_on_off.sh” and make it executable. 2. Run the script with the “status” argument. Type: root@serverXY root# ./turn_on_off.sh status kudzu 0:off 1:off 2:on 3:on 4:on 5:on 6:off syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off .......................................... Examine your output. 3. Enable all the services you have installed on your system. Type: root@serverXY root# ./turn_on_off.sh on 4. Run the “turn_on_off.sh” script again with status option and examine your output again. 5. Consult the man page for the “chkconfig” program and describe briefly below what it does? Does enabling all the services on your system imply that they are running currently? 6. Run the command below to display all the service that are currently running on your system. Type: root@serverXY root# service --status-all Compare your output above with the output from step 2 above. Can you explain the differences? 7. Use the “turn_on_off.sh” script to make sure that all your services are set to start up automatically upon your next change in runlevel ( by running it with the “on” option). 8. Reboot your system. We have now successfully done a very dumb thing. Exercise 1In this exercise you will learn how to use various investigative tools on your system. netstatNetstat prints information about the networking subsystem. It prints network connections, routing tables, interface statistics, masquerade connections and multicast memberships To use netstat1. While logged into your system use netstat to view all open sockets. Type: root@serverXY root# netstat Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 serverxy.example.or:ssh 10.0.5.2:3272 ESTABLISHED tcp 0 140 serverxy.example.or:ssh 10.0.5.2:3065 ESTABLISHED udp 0 0 localhost.localdom:1035 localhost.localdom:1035 ESTABLISHED ..................................... 2. Show only listening sockets. Type: root@serverXY root# netstat -l Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 *:exec *:* LISTEN tcp 0 0 *:kshell *:* LISTEN tcp 0 0 *:1024 *:* LISTEN ............................................ Consult the man page for netstat and find out the difference between a socket that is in an established state and one that is in a listening state? While you are at it - what are sockets and why should you care? 3. Display a list of both listening and non-listening UDP type sockets as well as the user associated with the socket. Type: root@serverXY root# netstat -aue What is the command to display all TCP type sockets? 4. Display a listing of all TCP and UDP type sockets along with the program using the port. Type: root@serverXY root# netstat -atuvp | more
|
Login... |
