RHCSA: Manage security

  • Configure firewall settings using firewall-config, firewall-cmd, or iptables
    firewall-config (graphical tool)
    firewall-cmd
    iptables
  • Configure key-based authentication for SSH
    ssh-keygen –t rsa
    ~/.ssh/authorized_keys
  • Set enforcing and permissive modes for SELinux
    boot parameter “enforcing=0|1”
    Edit /etc/sysconfig/selinux applied at reboot
    setenforce Enforcing|Permissive|1|0
  • List and identify SELinux file and process context
    /etc/selinux/targeted/contexts/
  • Restore default file contexts
    restorecon /file
  • Use boolean settings to modify system SELinux settings
    /etc/selinux/targeted/modules/active/Booleans
    getsebool
    setsebool
    sestatus –b | grep ‘httpd’
  • Diagnose and address routine SELinux policy violations
    view SELinux violations: sealert
    fix basic problems: restorecon, or with the instructions shown
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s