RH415 - ch01s05

This course is now legacy content

This course is using an outdated version of the technology and is now considered to be Legacy content. It will be removed from our catalog on June 28, 2024. Please be sure to complete your course and finish any remaining labs before that date. We recommend moving to version 9.2, which is the latest version currently available.

Preface A: Introduction

Section A.1: Red Hat Security: Linux in Physical, Virtual, and Cloud

Section A.2: Orientation to the Classroom Environment

Section A.3: Internationalization

Chapter 1: Managing Security and Risk

Section 1.1: Managing Security and Risk

Section 1.2: Quiz: Managing Security and Risk

Section 1.3: Reviewing Recommended Security Practices

Section 1.4: Guided Exercise: Reviewing Recommended Security Practices

SectionSection 1.5: Lab: Managing Security and Risk

Section 1.6: Summary

Chapter 2: Automating Configuration and Remediation with Ansible

Section 2.1: Configuring Ansible for Security Automation

Section 2.2: Guided Exercise: Configuring Ansible for Security Automation

Section 2.3: Remediating Issues with Ansible Playbooks

Section 2.4: Guided Exercise: Remediating Issues with Ansible Playbooks

Section 2.5: Managing Playbooks with Red Hat Ansible Tower

Section 2.6: Guided Exercise: Managing Playbooks with Red Hat Ansible Tower

Section 2.7: Lab: Automating Configuration and Remediation with Ansible

Section 2.8: Summary

Chapter 3: Protecting Data with LUKS and NBDE

Section 3.1: Managing File System Encryption with LUKS

Section 3.2: Guided Exercise: Managing File System Encryption with LUKS

Section 3.3: Controlling File System Decryption with NBDE

Section 3.4: Guided Exercise: Controlling File System Decryption with NBDE

Section 3.5: Lab: Protecting Data with LUKS and NBDE

Section 3.6: Summary

Chapter 4: Restricting USB Device Access

Section 4.1: Controlling USB Access with USBGuard

Section 4.2: Guided Exercise: Controlling USB access with USBGuard

Section 4.3: Lab: Restricting USB Device Access

Section 4.4: Summary

Chapter 5: Controlling Authentication with PAM

Section 5.1: Auditing the PAM Configuration

Section 5.2: Guided Exercise: Auditing the PAM Configuration

Section 5.3: Modifying the PAM Configuration

Section 5.4: Guided Exercise: Modifying the PAM Configuration

Section 5.5: Configuring Password Quality Requirements

Section 5.6: Guided Exercise: Configuring Password Quality Requirements

Section 5.7: Limiting Access After Failed Logins

Section 5.8: Guided Exercise: Limiting Access After Failed Logins

Section 5.9: Lab: Controlling Authentication with PAM

Section 5.10: Summary

Chapter 6: Recording System Events with Audit

Section 6.1: Configuring Audit to Record System Events

Section 6.2: Guided Exercise: Configuring Audit to Record System Events

Section 6.3: Inspecting Audit Logs

Section 6.4: Guided Exercise: Inspecting Audit Logs

Section 6.5: Writing Custom Audit Rules

Section 6.6: Guided Exercise: Writing Custom Audit Rules

Section 6.7: Enabling Prepackaged Audit Rule Sets

Section 6.8: Guided Exercise: Enabling Prepackaged Audit Rule Sets

Section 6.9: Lab: Recording System Events with Audit

Section 6.10: Summary

Chapter 7: Monitoring File System Changes

Section 7.1: Detecting File System Changes with AIDE

Section 7.2: Guided Exercise: Detecting File System Changes with AIDE

Section 7.3: Investigating File System Changes with AIDE

Section 7.4: Guided Exercise: Investigating File System Changes with AIDE

Section 7.5: Lab: Monitoring File System Changes

Section 7.6: Summary

Chapter 8: Mitigating Risk with SELinux

Section 8.1: Enabling SELinux from the Disabled State

Section 8.2: Guided Exercise: Enabling SELinux from the Disabled State

Section 8.3: Controlling Access with Confined Users

Section 8.4: Guided Exercise: Controlling Access with Confined Users

Section 8.5: Auditing the SELinux Policy

Section 8.6: Guided Exercise: Auditing the SELinux Policy

Section 8.7: Lab: Mitigating Risk with SELinux

Section 8.8: Summary

Chapter 9: Managing Compliance with OpenSCAP

Section 9.1: Installing OpenSCAP

Section 9.2: Guided Exercise: Installing OpenSCAP

Section 9.3: Scanning and Analyzing Compliance

Section 9.4: Guided Exercise: Scanning and Analyzing Compliance

Section 9.5: Customizing OpenSCAP Policy

Section 9.6: Guided Exercise: Customizing OpenSCAP Policy

Section 9.7: Remediating OpenSCAP Issues with Ansible

Section 9.8: Guided Exercise: Remediating OpenSCAP Issues with Ansible

Section 9.9: Lab: Managing Compliance with OpenSCAP

Section 9.10: Summary

Chapter 10: Automating Compliance with Red Hat Satellite

Section 10.1: Configuring Red Hat Satellite for OpenSCAP

Section 10.2: Guided Exercise: Configuring Red Hat Satellite for OpenSCAP

Section 10.3: Scan OpenSCAP Compliance with Red Hat Satellite

Section 10.4: Guided Exercise: Scan OpenSCAP Compliance with Red Hat Satellite

Section 10.5: Customize the OpenSCAP Policy in Red Hat Satellite

Section 10.6: Guided Exercise: Customize OpenSCAP Policy in Red Hat Satellite

Section 10.7: Lab: Automating Compliance with Red Hat Satellite

Section 10.8: Summary

Chapter 11: Analyzing and Remediating Issues with Red Hat Insights

Section 11.1: Registering Systems with Red Hat Insights

Section 11.2: Quiz: Registering Systems with Red Hat Insights

Section 11.3: Reviewing Red Hat Insights Reports

Section 11.4: Quiz: Reviewing Red Hat Insights Reports

Section 11.5: Automating Issue Remediation

Section 11.6: Quiz: Automating Issue Remediation

Section 11.7: Summary

Chapter 12: Comprehensive Review

Section 12.1: Comprehensive Review

Section 12.2: Lab: Automating Configuration and Remediation with Ansible

Section 12.3: Lab: Protecting Data with LUKS and NBDE

Section 12.4: Lab: Restricting USB Device Access and Mitigating Risk with SELinux

Section 12.5: Lab: Recording Events, Monitoring File System Changes and Managing Compliance with OpenSCAP

Bookmark this page

P 1 2 3 4 5 6 7 8 9 10 11 12

Lab: Managing Security and Risk

Performance Checklist

In this lab, you will run various commands to identify all security notices related to this system. You will assess the severity of the notices and update the system to eliminate any critical threats to the security of the system.

Outcomes

You should be able to:

Identify all critical, important, and moderate security notices.
Update the system to eliminate potential critical security vulnerabilities.

Verify that the workstation and servera systems are started.

Log in to workstation as student using student as the password. On workstation, run lab securityrisk-review setup to verify that the environment is ready.

[student@workstation ~]$ lab securityrisk-review setup

Identify all critical, important, and moderate security notices on servera.

[student@workstation ~]$ ssh student@servera
[student@servera ~]$

Use the sudo -i command to change to the root user. Use student as the password.

[student@servera ~]$ sudo -i
[sudo] password for student: student
[root@servera ~]#

List all security notices.

[root@servera ~]# yum updateinfo --security
Loaded plugins: enabled_repos_upload, langpacks, package_upload, product-id, search-disabled-repos, subscription-manager
...output omitted...
Updates Information Summary: updates
    8 Security notice(s)
        1 Critical Security notice(s)
        5 Important Security notice(s)
        2 Moderate Security notice(s)
updateinfo summary done
Uploading Enabled Repositories Report
Loaded plugins: langpacks, product-id, subscription-manager
[root@servera ~]#

Determine how many security-related packages are available for this machine.

Of the 8 security notices identified for this machine, 11 packages are related to security, out of 56 available updates.

[root@servera ~]# yum --security list updates
...output omitted...
11 package(s) needed for security, out of 56 available
Updated Packages
dhclient.x86_64           12:4.2.5-68.el7_5.1 rhel-7-server-rpms
dhcp-common.x86_64        12:4.2.5-68.el7_5.1 rhel-7-server-rpms
dhcp-libs.x86_64          12:4.2.5-68.el7_5.1 rhel-7-server-rpms
gnupg2.x86_64             2.0.22-5.el7_5      rhel-7-server-rpms
kernel.x86_64             3.10.0-862.9.1.el7  rhel-7-server-rpms
kernel-tools.x86_64       3.10.0-862.9.1.el7  rhel-7-server-rpms
kernel-tools-libs.x86_64  3.10.0-862.9.1.el7  rhel-7-server-rpms
procps-ng.x86_64          3.3.10-17.el7_5.2   rhel-7-server-rpms
python.x86_64             2.7.5-69.el7_5      rhel-7-server-rpms
python-libs.x86_64        2.7.5-69.el7_5      rhel-7-server-rpms
python-perf.x86_64        3.10.0-862.9.1.el7  rhel-7-server-rpms
Uploading Enabled Repositories Report
Loaded plugins: langpacks, product-id, subscription-manager
[root@servera ~]#

Identify any RHSAs that are unique, considered critical, and available as updates for your machine.

[root@servera ~]# yum updateinfo list updates | grep Critical
RHSA-2018:1453 Critical/Sec.  dhclient-12:4.2.5-68.el7_5.1.x86_64
RHSA-2018:1453 Critical/Sec.  dhcp-common-12:4.2.5-68.el7_5.1.x86_64
RHSA-2018:1453 Critical/Sec.  dhcp-libs-12:4.2.5-68.el7_5.1.x86_64

There is one RHSA that meets the criteria: RHSA-2018:1453.

View the synopsis of the critical RHSA to validate its content.

Read through the Description and Security Fix(es) sections of RHSA-2018:1453 to better understand this advisory and subsequent CVE. Log the CVE code so that you can use it later to update only the packages related to this RHSA.

[root@servera ~]# yum updateinfo RHSA-2018:1453
...output omitted...
===============================================================================
  Critical: dhcp security update
===============================================================================
  Update ID : RHSA-2018:1453
    Release : 0
       Type : security
     Status : final
     Issued : 2018-05-15 12:14:45 UTC
    Updated : 2018-05-15 12:15:00 UTC       Bugs : 1567974 - CVE-2018-1111 dhcp: Command injection vulnerability in the DHCP client NetworkManager integration script
       CVEs : CVE-2018-1111
Description : The Dynamic Host Configuration Protocol (DHCP) is a protocol
            : that allows individual devices on an IP network to
            : get their own network configuration information,
            : including an IP address, a subnet mask, and a
            : broadcast address. The dhcp packages provide a
            : relay agent and ISC DHCP service required to
            : enable and administer DHCP on a network.
            :
            : Security Fix(es):
            :
            : * A command injection flaw was found in the
            :   NetworkManager integration script included in
            :   the DHCP client packages in Red Hat Enterprise
            :   Linux. A malicious DHCP server, or an attacker
            :   on the local network able to spoof DHCP
            :   responses, could use this flaw to execute
            :   arbitrary commands with root privileges on
            :   systems using NetworkManager and configured to
            :   obtain network configuration using the DHCP
            :   protocol. (CVE-2018-1111)
            :
            : Red Hat would like to thank Felix Wilhelm (Google
            : Security Team) for reporting this issue.
   Severity : Critical
updateinfo info done
Uploading Enabled Repositories Report
Loaded plugins: langpacks, product-id, subscription-manager
[root@servera ~]#

Use YUM and the CVE code to list the packages required to update this system.

[root@servera ~]# yum updateinfo list --cve CVE-2018-1111
...output omitted...
RHSA-2018:1453 Critical/Sec. dhclient-12:4.2.5-68.el7_5.1.x86_64
RHSA-2018:1453 Critical/Sec. dhcp-common-12:4.2.5-68.el7_5.1.x86_64
RHSA-2018:1453 Critical/Sec. dhcp-libs-12:4.2.5-68.el7_5.1.x86_64
updateinfo list done
Uploading Enabled Repositories Report
Loaded plugins: langpacks, product-id, subscription-manager
[root@servera ~]#

The machine needs three package updates to resolve CVE-2018-1111.

Use YUM and the CVE code to update the system with the necessary packages that provide the security fixes.

[root@servera ~]# yum update --cve CVE-2018-1111
...output omitted...
3 package(s) needed (+0 related) for security, out of 56 available
Resolving Dependencies
--> Running transaction check
---> Package dhclient.x86_64 12:4.2.5-68.el7 will be updated
---> Package dhclient.x86_64 12:4.2.5-68.el7_5.1 will be an update
---> Package dhcp-common.x86_64 12:4.2.5-68.el7 will be updated
---> Package dhcp-common.x86_64 12:4.2.5-68.el7_5.1 will be an update
---> Package dhcp-libs.x86_64 12:4.2.5-68.el7 will be updated
---> Package dhcp-libs.x86_64 12:4.2.5-68.el7_5.1 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

=================================================================
 Package     Arch   Version             Repository          Size
=================================================================
Updating:
 dhclient    x86_64 12:4.2.5-68.el7_5.1 rhel-7-server-rpms 284 k
 dhcp-common x86_64 12:4.2.5-68.el7_5.1 rhel-7-server-rpms 175 k
 dhcp-libs   x86_64 12:4.2.5-68.el7_5.1 rhel-7-server-rpms 131 k

Transaction Summary
=================================================================
Upgrade  3 Packages

Total download size: 590 k
Is this ok [y/d/N]: y
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/3): dhcp-common-4.2.5-68.el7_5.1.x86_64.rpm | 175 kB  00:00:01
(2/3): dhclient-4.2.5-68.el7_5.1.x86_64.rpm    | 284 kB  00:00:02
(3/3): dhcp-libs-4.2.5-68.el7_5.1.x86_64.rpm   | 131 kB  00:00:00
-----------------------------------------------------------------
Total                                 215 kB/s | 590 kB  00:00:02
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : 12:dhcp-libs-4.2.5-68.el7_5.1.x86_64    1/6
  Updating   : 12:dhcp-common-4.2.5-68.el7_5.1.x86_64  2/6
  Updating   : 12:dhclient-4.2.5-68.el7_5.1.x86_64     3/6
  Cleanup    : 12:dhclient-4.2.5-68.el7.x86_64         4/6
  Cleanup    : 12:dhcp-common-4.2.5-68.el7.x86_64      5/6
  Cleanup    : 12:dhcp-libs-4.2.5-68.el7.x86_64        6/6
Uploading Package Profile
  Verifying  : 12:dhcp-common-4.2.5-68.el7_5.1.x86_64  1/6
  Verifying  : 12:dhclient-4.2.5-68.el7_5.1.x86_64     2/6
  Verifying  : 12:dhcp-libs-4.2.5-68.el7_5.1.x86_64    3/6
  Verifying  : 12:dhcp-libs-4.2.5-68.el7.x86_64        4/6
  Verifying  : 12:dhclient-4.2.5-68.el7.x86_64         5/6
  Verifying  : 12:dhcp-common-4.2.5-68.el7.x86_64      6/6

Updated:
  dhclient.x86_64 12:4.2.5-68.el7_5.1
  dhcp-common.x86_64 12:4.2.5-68.el7_5.1
  dhcp-libs.x86_64 12:4.2.5-68.el7_5.1

Complete!
Uploading Enabled Repositories Report
Loaded plugins: langpacks, product-id, subscription-manager
[root@servera ~]#

List the security notices again to confirm that there are no longer any critical security notices listed.

There should now only be seven total security notices with none of them listed as critical notices.

[root@servera ~]# yum updateinfo --security
Loaded plugins: enabled_repos_upload, langpacks, package_upload, product-id, search-disabled-repos, subscription-manager
...output omitted...
Updates Information Summary: updates
    7 Security notice(s)
        5 Important Security notice(s)
        2 Moderate Security notice(s)
updateinfo summary done
Uploading Enabled Repositories Report
Loaded plugins: langpacks, product-id, subscription-manager
[root@servera ~]#

Log out from servera.

[root@servera ~]# logout
[student@servera ~]$ logout
[student@workstation ~]$

Evaluation

On workstation, run the lab securityrisk-review grade command to confirm success of this exercise.

[student@workstation ~]$ lab securityrisk-review grade

Cleanup

On workstation, run the lab securityrisk-review cleanup script to clean up this exercise.

[student@workstation ~]$ lab securityrisk-review cleanup

This concludes the lab.

Discuss Red Hat Security: Linux in Physical, Virtual, and Cloud

Go to community

Welcome to the Red Hat Security: Linux in Physical, Virtual, and Cloud (RH415) group!

Deanna

26 wrz 2023

We are excited to launch a space dedicated to the Red Hat Training course Red Hat Security: Linux in Physical, Virtual, and Cloud! To gain the most value from this group - click the "Join Group" button in the upper right hand corner of the group home page.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to RH415.Read more about Red Hat Security: Linux in Physical, Virtual, and Cloud here.

415

Revision: rh415-7.5-813735c