LINUX- 46 SECURITY & HARDENING (BASICS) -P1 (USER SECURITY)

        LINUX- 46 SECURITY & HARDENING (BASICS) -P1

IN LINUX (RHEL6 & RHEL7),

WHAT IS SECURITY?

As I know, to protect something from unwanted or unauthorized access is security. Whatever is unauthorized its illegal because its done without my consent.

It’s a generalized statement. But very true in all aspects to secure our belongings from harm/damage.

Same is applicable here in case of our Systems.

Area of Concern,

USER/LOGIN SECURITY

NETWORK SECURITY

FILE / OPERATING SYSTEM SECURITY

PHYSICAL SECURITY

LOG EVERYTHING

LOG FILE SECURITY

45 - SNMP BASICS -P2

                              45 - SNMP BASICS -P2

Other post under SNMP-Basics
SNMP-BASICS P1

HOW TO INSTAALL AND CONFIGURE SNMP IN LINUX (RHEL6 & RHEL7),

The purpose of installing SNMP (Simple Network Transfer Protocol) is to monitor host resources like CPU, Memory, Network and Disk Utilization etc.

Required Packages,

net-snmp, net-snmp-libs, net-snmp-utils

44 - SNMP BASICS -P1

              44 - SNMP  BASICS -P1

Other post under SNMP-Basics
SNMP-BASICS P2

WHAT IS SNMP AND Its SIGNIFICANCE,

SNMP: SIMPLE NETWORK MANAGEMENT PROTOCOL

SNMP is an Application Layer protocol created in 1989.

SNMP used to manage and monitor network elements and their functions. In simple it is the standard way of monitoring hardware and software (Multivendor).

SNMP is part of TCP/IP protocol suite.

SNMP supports multivendor Hardware/software (NAS, routers, hubs, bridges, IoT devices, wireless access points, switches, servers (UNIX/Windows), workstations, printers, modems and other network components and devices) compatibility.

SNMP based on simple client/server architecture (where the servers called managers and clients are agents).

SNMP collects information on IP networks.

SNMP uses UDP as the Transfer Protocol.

SNMP uses Port 161 (UDP): Agent listens for requests and replies to them over port 161

SNMP TRAPS uses Port 162 (UDP): Agent reports asynchronous traps on port 162, unless instructed to use different ports

LINUX- 42 TCPDUMP -P2

                           LINUX- 42 TCPDUMP -P2

TCPDUMP Part1
TCPDUMP-P1

WHAT IS TCPDUMP AND Its SIGNIFICANCE,

In previous post we learned about various switches used with tcpdump and here we will learn about expressions with tcpdump.

Type / Direction / Protocol

TYPE: host, net & port

DIRECTION: src & dst

PROTOCOL: tcp, udp, icmp, arp ……and more

TYPE:

LINUX- 42 TCPDUMP -P1

                              LINUX- 42 TCPDUMP -P1

TCPDUMP Part2
TCPDUMP-P2

WHAT IS TCPDUMP AND Its SIGNIFICANCE,

A Packet Sniffer or Network Analyzer or Trace Network traffic

Or Simply answer of Wireshark by UNIX.

Different parameters can be assigned to tcpdump for various results.

It works at Network layer and we know that network traffic travels in packets. Each packet having header which contains information which need to travel them across network. Most valuable info carried by TCP Header is source & destination address, state info and protocol identifiers. Rest of packet contains actual data.

LINUX- 41 AUDIT (RHEL-7) P4

                          LINUX- 41 AUDIT (RHEL-7) P4

Other Posts under audit,
Auditd P1
Auditd P2
Auditd P3

HOW TO REPORT & TRACE AUDIT LOGS:

There are three commands,

ausearch = to query audit logs, various criteria’s can be applied.

aureport = for summary report

autrace  = to generate audit records from a specific process

All above commands can run by “root” only.

aureport

tool that produces summary reports of the audit system logs from /var/log/audit/audit.log

LINUX- 40 AUDIT (RHEL-7) P3

                             LINUX- 40 AUDIT (RHEL-7) P3            

Other Posts under audit,
Auditd P1
Auditd P2
Auditd P4

HOW TO SEARCH AUDIT LOGS:

[root@rhel7-server ~]# ls -l /var/log/audit/audit.log

-rw-------. 1 root root 7523772 Sep  1 14:58 /var/log/audit/audit.log

There are three commands,

ausearch = to query audit logs, various criteria’s can be applied.

aureport = for summary report

autrace  = to generate audit records from a specific process

All above commands can run by “root” only.