Configure SELinux – Part 3

Ensure SELinux policy is configured Overview: Configure SELinux to meet or exceed the default targeted policy, which constrains daemons and system software only. Why: Security configuration requirements vary from site to site. Some sites may mandate a policy that is stricter than the default policy, which is perfectly acceptable. This item is intended to ensure... Continue Reading →

Configure SELinux – Part 2

Ensure the SELinux state is enforcing Overview: Set SELinux to enable when the system is booted. Why: SELinux must be enabled at boot time in to ensure that the controls it provides are in effect at all times. Audit: Run the following commands and ensure output matches: # grep SELINUX=enforcing /etc/selinux/config SELINUX=enforcing # sestatus SELinux... Continue Reading →

Configure SELinux – Part 1

SELinux provides a Mandatory Access Control (MAC) system that greatly augments the default Discretionary Access Control (DAC) model. Under SELinux, every process and every object (files, sockets, pipes) on the system is assigned a security context, a label that includes detailed type information about the object. The kernel allows processes to access objects only if... Continue Reading →

How To Add a User and Grant Root Privileges on Ubuntu

Step 1: Add the Username austin@wazuh:~$ sudo adduser ansible Adding user `ansible' ... Adding new group `ansible' (1002) ... Adding new user `ansible' (1002) with group `ansible' ... Creating home directory `/home/ansible' ... Copying files from `/etc/skel' ... Enter new UNIX password: Retype new UNIX password: No password supplied Enter new UNIX password: Retype new... Continue Reading →

Wazuh: No ElasticSearch Template

Failed to connect to localhost port 9200 austin@wazuh2:~$ sudo curl | curl -X PUT "http://localhost:9200/_template/wazuh" -H 'Content-Type: application/json' -d @- % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 46821 100 46821 0 0 357k 0 --:--:-- --:--:-- --:--:-- 357k curl: (7) Failed to... Continue Reading →

Linux Security: Packet Capture and Analysis

It's crucial for any security or systems administrator to be able to capture and analyze network traffic. This allows for advanced troubleshooting as well as security review. Use a tshark capture filter to collect TCP traffic on port 80. Use a tshark capture filter to collect TCP traffic on port 80. Store the capture command... Continue Reading →

Linux Security: Working with IP sets and iptables

IP Sets can facilitate the management of a complex firewall ruleset. This exercise refreshes basic skills with the iptables command and begins developing an understanding of working with IP Sets.  Create a new IP set called 'clienthosts' that contains the IP and Port combinations for each client server. Be sure the 'ipset' is configured to persist a... Continue Reading →

Linux Security: Working with OpenVPN (and iptables)

Install and Configure the OpenVPN server on 'vpn-server' Install OpenVPN: Run yum install -y openvpn.Copy the server config: cp /usr/share/doc/openvpn-2.4.7/sample/sample-config-files/server.conf /etc/openvpn/Edit the server config to contain the following topology configuration: topology subnet Install the provided server certificates Run cp /home/cloud_user/certs/ca.crt /home/cloud_user/certs/server.crt /home/cloud_user/certs/server.key /etc/openvpn. Generate the required Server Keys Generate the dhparamopenssl dhparam -out /etc/openvpn/dh2048.pem 2048Generate... Continue Reading →

A Website.

Up ↑