110.2 Setup host

Tech Tutorial: 110.2 Setup Host Security #

Introduction #

In today’s digital age, securing a host machine is a fundamental necessity to protect against unauthorized access and potential threats. This tutorial will guide you through the process of setting up basic host security on a Linux system. We will cover necessary utilities and commands, as well as provide detailed examples to ensure a secure environment.

Key Knowledge Areas: #

  • Configuring host security
  • Understanding system services
  • Managing users and groups
  • Setting file permissions and ownership
  • Using access control lists (ACLs)
  • Firewall configurations

Utilities: #

  • ssh
  • firewalld
  • chmod
  • chown
  • usermod
  • groupmod
  • getfacl
  • setfacl

Step-by-Step Guide #

1. Secure SSH Access #

SSH (Secure Shell) is a protocol used to securely access a remote computer. Configuring SSH properly is crucial for host security.

Code Example: Configure SSH #

# Edit the SSH configuration file
sudo nano /etc/ssh/sshd_config

# Disable root login over SSH
PermitRootLogin no

# Disable password authentication, use keys instead
PasswordAuthentication no

# Specify allowed users (optional)
AllowUsers user1 user2

# Restart SSH service to apply changes
sudo systemctl restart sshd

2. Setting Up a Firewall with firewalld #

A firewall is critical to protect your system from unwanted incoming and outgoing traffic.

Code Example: Configure firewalld #

# Start firewalld
sudo systemctl start firewalld

# Enable firewalld to start on boot
sudo systemctl enable firewalld

# Add a service to the public zone
sudo firewall-cmd --zone=public --add-service=http --permanent

# Reload firewall to apply changes
sudo firewall-cmd --reload

3. Managing Users and Groups #

Proper management of users and groups is essential for securing access to system resources.

Code Example: Modify Users and Groups #

# Add a new user
sudo useradd newuser

# Modify a user's group
sudo usermod -g users newuser

# Change user's primary group
sudo usermod -g newgroup newuser

# Add user to a supplementary group
sudo usermod -aG wheel newuser

4. Setting File Permissions and Ownership #

Permissions and ownership determine who can read, write, or execute files.

Code Example: Use chmod and chown #

# Change ownership of a directory and its contents
sudo chown newowner:newgroup -R /path/to/directory

# Set read and write permissions for the owner, and read for others
sudo chmod 644 /path/to/file

# Set execute permission for everyone
sudo chmod a+x /path/to/script

5. Using Access Control Lists (ACLs) #

ACLs provide more granular permission settings than traditional file permissions.

Code Example: getfacl and setfacl #

# Set ACL to give user read and write access to a file
setfacl -m u:newuser:rw /path/to/file

# Get current ACLs for a file
getfacl /path/to/file

# Remove a specific ACL entry
setfacl -x u:newuser /path/to/file

Conclusion #

Securing your host involves multiple layers of configuration, from securing remote access with SSH, managing firewall rules, to handling users and file permissions. By following the steps outlined in this tutorial, you can establish a basic but strong security posture for your Linux host. Regularly review and update your security settings in response to emerging threats and vulnerabilities to maintain a secure system environment.