RH199 - ch15s02

Preface A: Introduction

Section A.1: Orientation to the Classroom Lab Environment

Chapter 1: Local and Remote Logins

Section 1.1: Accessing the Command Line Using the Local Console

Section 1.2: Quiz: Local Console Access Terms

Section 1.3: Configuring SSH Key-based Authentication

Section 1.4: Guided Exercise: Using SSH Key-based Authentication

Section 1.5: Getting Help From Red Hat

Section 1.6: Guided Exercise: Creating and Viewing an SoS Report

Chapter 2: File System Navigation

Section 2.1: The Linux File System Hierarchy

Section 2.2: Quiz: File System Hierarchy

Section 2.3: Managing Files Using Command-Line Tools

Section 2.4: Guided Exercise: Command-Line File Management

Section 2.5: Making Links Between Files

Section 2.6: Guided Exercise: Making Links Between Files

Chapter 3: Users and Groups

Section 3.1: Users and Groups

Section 3.2: Quiz: User and Group Concepts

Section 3.3: Gaining Superuser Access

Section 3.4: Guided Exercise: Running Commands as root

Section 3.5: Managing Local User Accounts

Section 3.6: Guided Exercise: Creating Users Using Command-line Tools

Section 3.7: Managing Local Group Accounts

Section 3.8: Guided Exercise: Managing Groups Using Command-line Tools

Section 3.9: Managing User Passwords

Section 3.10: Guided Exercise: Managing User Password Aging

Section 3.11: Using Identity Management Services

Section 3.12: Guided Exercise: Connecting to a Central LDAP and Kerberos Server

Section 3.13: Lab: Managing Linux Users and Groups

Chapter 4: File Permissions

Section 4.1: Managing File System Permissions from the Command Line

Section 4.2: Guided Exercise: Managing File Security from the Command Line

Section 4.3: Managing Default Permissions and File Access

Section 4.4: Guided Exercise: Controlling New File Permissions and Ownership

Section 4.5: POSIX Access Control Lists (ACLs)

Section 4.6: Quiz: Interpret ACLs

Section 4.7: Securing Files with ACLs

Section 4.8: Guided Exercise: Using ACLs to Grant and Limit Access

Chapter 5: SELinux Permissions

Section 5.1: Enabling and Monitoring Security Enhanced Linux (SELinux)

Section 5.2: Quiz: SELinux Concepts

Section 5.3: Changing SELinux Modes

Section 5.4: Guided Exercise: Changing SELinux Modes

Section 5.5: Changing SELinux Contexts

Section 5.6: Guided Exercise: Changing SELinux Contexts

Section 5.7: Changing SELinux Booleans

Section 5.8: Guided Exercise: Changing SELinux Booleans

Section 5.9: Troubleshooting SELinux

Section 5.10: Guided Exercise: Troubleshooting SELinux

Section 5.11: Lab: Managing SELinux Security

Chapter 6: Process Management

Section 6.1: Killing Processes

Section 6.2: Guided Exercise: Killing Processes

Section 6.3: Monitoring Process Activity

Section 6.4: Guided Exercise: Monitoring Process Activity

Section 6.5: Using nice and renice to Influence Process Priority

Section 6.6: Guided Exercise: Discovering Process Priorities

Section 6.7: Lab: Managing Priority of Linux Processes

Chapter 7: Updating Software Packages

Section 7.1: Attaching Systems to Subscriptions for Software Updates

Section 7.2: Quiz: Red Hat Subscription Management

Section 7.3: Managing Software Updates with yum

Section 7.4: Guided Exercise: Installing and Updating Software with yum

Section 7.5: Enabling yum Software Repositories

Section 7.6: Guided Exercise: Enabling Software Repositories

Section 7.7: Lab: Installing and Updating Software Packages

Chapter 8: Creating and Mounting File Systems

Section 8.1: Mounting and Unmounting File Systems

Section 8.2: Guided Exercise: Mounting and Unmounting File Systems

Section 8.3: Adding Partitions, File Systems, and Persistent Mounts

Section 8.4: Guided Exercise: Adding Partitions, File Systems, and Persistent Mounts

Section 8.5: Managing Swap Space

Section 8.6: Guided Exercise: Adding and Enabling Swap Space

Section 8.7: Lab: Adding Disks, Partitions, and File Systems to a Linux System

Chapter 9: Service Management and Boot Troubleshooting

Section 9.1: Identifying Automatically Started System Processes

Section 9.2: Guided Exercise: Identify the Status of systemd Units

Section 9.3: Controlling System Services

Section 9.4: Guided Exercise: Using systemctl to Manage Services

Section 9.5: The Red Hat Enterprise Linux Boot Process

Section 9.6: Guided Exercise: Selecting a Boot Target

Section 9.7: Repairing Common Boot Issues

Section 9.8: Guided Exercise: Resetting a Lost root Password

Section 9.9: Repairing File System Issues at Boot

Section 9.10: Guided Exercise: Repairing Boot Problems

Section 9.11: Repairing Boot Loader Issues

Section 9.12: Guided Exercise: Repairing a Boot Loader Problem

Section 9.13: Lab: Controlling Services and Daemons

Chapter 10: Network Configuration

Section 10.1: Validating Network Configuration

Section 10.2: Guided Exercise: Examining Network Configuration

Section 10.3: Configuring Networking with nmcli

Section 10.4: Guided Exercise: Configuring Networking with nmcli

Section 10.5: Editing Network Configuration Files

Section 10.6: Guided Exercise: Editing Network Configuration Files

Section 10.7: Configuring Host Names and Name Resolution

Section 10.8: Guided Exercise: Configuring Host Names and Name Resolution

Section 10.9: Lab: Managing Red Hat Enterprise Linux Networking

Chapter 11: System Logging and NTP

Section 11.1: System Log Architecture

Section 11.2: Quiz: System Logging Components

Section 11.3: Reviewing Syslog Files

Section 11.4: Guided Exercise: Finding Log Entries

Section 11.5: Reviewing systemd Journal Entries

Section 11.6: Guided Exercise: Finding Events With journalctl

Section 11.7: Preserving the systemd Journal

Section 11.8: Guided Exercise: Configure a Persistent systemd Journal

Section 11.9: Maintaining Accurate Time

Section 11.10: Guided Exercise: Adjusting System Time

Section 11.11: Lab: Analyzing and Storing Logs

Chapter 12: Logical Volume Management

Section 12.1: Managing Logical Volumes

Section 12.2: Guided Exercise: Adding a Logical Volume

Section 12.3: Extending Logical Volumes

Section 12.4: Guided Exercise: Extending a Logical Volume

Section 12.5: Lab: Managing Logical Volume Management (LVM) Storage

Chapter 13: Scheduled Processes

Section 13.1: Scheduling System cron Jobs

Section 13.2: Guided Exercise: Scheduling System cron Jobs

Section 13.3: Managing Temporary Files

Section 13.4: Guided Exercise: Managing Temporary Files

Chapter 14: Mounting Network File Systems

Section 14.1: Mounting Network Storage with NFS

Section 14.2: Guided Exercise: Mounting and Unmounting NFS

Section 14.3: Automounting Network Storage with NFS

Section 14.4: Guided Exercise: Automounting NFS

Section 14.5: Accessing Network Storage with SMB

Section 14.6: Guided Exercise: Mounting a SMB File System

Section 14.7: Lab: Accessing Network Storage with Network File System (NFS)

Section 14.8: Lab: Accessing Network Storage with SMB

Chapter 15: Firewall Configuration

Section 15.1: Limiting Network Communication

SectionSection 15.2: Guided Exercise: Limiting Network Communication

Section 15.3: Lab: Limiting Network Communication

Chapter 16: Virtualization and Kickstart

Section 16.1: Defining the Anaconda Kickstart System

Section 16.2: Quiz: Kickstart File Syntax and Modification

Section 16.3: Deploying a New Virtual System with Kickstart

Section 16.4: Guided Exercise: Installing a System Using Kickstart

Section 16.5: Managing a Local Virtualization Host

Section 16.6: Quiz: Managing a Local Virtualization Host

Bookmark this page

P 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

Guided Exercise: Limiting Network Communication

In this lab, you will configure a basic firewall.

Resources
Machines:	`serverX` and `desktopX`

Outcomes

After completion of this exercise, your serverX machine should have a running web server, listening on both the cleartext port 80/TCP and the SSL encapsulated port 443/TCP. The firewall configuration on serverX should only allow connections to the SSL encapsulated port.

The firewall should allow access to sshd and vnc from all hosts.

Reset your serverX system.

On your serverX system, make sure that both the httpd and mod_ssl packages are installed. These packages provide the Apache web server you will protect with a firewall, and the necessary extensions for the web server to serve content over SSL.
1. ```
[student@serverX ~]$ sudo yum -y
            install httpd mod_ssl
```
On your serverX system, create a new file called /var/www/html/index.html, with the following contents:
```
I am alive
```
1. ```
[student@serverX ~]$ sudo bash -c "echo 'I am alive' > /var/www/html/index.html"
```

Start and enable the httpd service on your serverX system.

[student@serverX ~]$ sudo systemctl start httpd

[student@serverX ~]$ sudo systemctl enable httpd

On your serverX system, make sure that both the iptables and ip6tables services are masked, and that the firewalld service is enabled and running.

[student@serverX ~]$ sudo systemctl mask iptables
[student@serverX ~]$ sudo systemctl mask ip6tables
[student@serverX ~]$ sudo systemctl status firewalld

On your serverX system, start the firewall-config application. When prompted for the student password, enter student.
1. ```
[student@serverX ~]$ firewall-config
```
  or
  Select Applications → Sundry → Firewall from the system menu.
From the Configuration dropdown menu, select Permanent to switch to editing the permanent configuration.
Add the https service to the list of services allowed in the public zone.
1. In the Zone list, select public. Since this zone is also the default zone, it is highlighted in bold.
2. In the Services tab, add a checkmark in front of the https service.
3. Important: Also add a checkmark in front of the vnc-server service. Failing to do so will lock out your graphical interface when you activate the firewall. If you do accidentally lock yourself out, recover by using ssh -X serverX firewall-config from your desktopX machine.
Activate your firewall configuration by selecting Options → Reload Firewalld from the menu.
Verify your work by attempting to view your web server contents from desktopX.
1. This command should fail:
```
[student@desktopX ~]$ curl -k http://serverX.example.com
```
2. This command should succeed:
```
[student@desktopX ~]$ curl -k https://serverX.example.com
```
Note
If you use firefox to connect to the web server, it will prompt for verification of the host certificate if it successfully gets past the firewall.

Revision: rh199-7-d0984a3