Introduction: Security management is crucial for protecting systems from unauthorized access, vulnerabilities, and threats. This module covers configuring the firewall to control network traffic and implementing SELinux (Security-Enhanced Linux) to enforce mandatory access controls (MAC) and enhance system security.
1. Configuring the Firewall
Introduction and Fundamentals: Firewalls are essential for network security, filtering incoming and outgoing network traffic based on predefined rules. Configuring the firewall allows administrators to define access policies and protect services running on the system.
Commands and Concepts:
- Firewall Management Tool (firewalld):
- firewalld is the default firewall management tool in RHEL/CentOS.
- Start, Stop, and Reload:
systemctl start firewalld
systemctl stop firewalld
systemctl reload firewalld
- start: Activates the firewall service.
- stop: Deactivates the firewall service.
- reload: Reloads firewall rules without interrupting active connections.
- Zone Configuration:
- Set Zone for Network Interface:
firewall-cmd –zone=public –change-interface=<interface>
- Assigns a network interface (<interface>) to a predefined zone (public, internal, trusted, etc.).
- Opening Ports:
- Permanent Port Open:
firewall-cmd –zone=public –add-port=80/tcp –permanent
firewall-cmd –reload
- Opens port 80/tcp (HTTP) permanently in the public zone and reloads firewall rules.
- Listing Rules:
- List All Zones and Services:
firewall-cmd –list-all
- Displays all active zones and their configured services with associated firewall rules.
2. SELinux (Security-Enhanced Linux)
Introduction and Fundamentals: SELinux is a Linux kernel security module that provides access control security policies, including mandatory access controls (MAC). It enhances system security by enforcing policies that define which processes and users can access specific resources.
Commands and Concepts:
- SELinux Status:
- Check SELinux Status:
sestatus
- Displays the current status of SELinux, including whether it is enabled or disabled.
- Changing SELinux Modes:
- Set SELinux to Enforcing Mode:
setenforce 1
- Sets SELinux to enforcing mode, where security policies are actively enforced.
- Set SELinux to Permissive Mode:
setenforce 0
- Sets SELinux to permissive mode, where security policy violations are logged but not enforced.
- File Contexts and Labels:
- View File Contexts:
ls -Z /path/to/file
- Displays SELinux security context (security context) of files and directories.
- SELinux Booleans:
- List SELinux Booleans:
getsebool -a
- Lists all SELinux booleans (runtime parameters) and their current settings.
- Restore Default File Contexts:
- Restore Default Contexts Recursively:
restorecon -R /path/to/directory
- Restores default SELinux security contexts recursively for files and directories under /path/to/directory.
Additional Points
- Each security management topic includes in-depth theoretical concepts and practical command usage, providing comprehensive guidance on configuring firewall rules and implementing SELinux to enhance system security.
- Understanding firewall configuration and SELinux implementation is essential for securing systems, protecting against unauthorized access, and ensuring compliance with security policies.
- Practical examples and scenarios illustrate the application of security management concepts in real-world Linux environments.
This study material offers a detailed exploration of managing security aspects within a Linux environment, focusing on configuring the firewall and implementing SELinux to strengthen system security and protect against potential threats
