This document provides instructions for securing hosts on a Linux system. It covers configuring TCP wrappers and the xinetd super daemon to control access, and setting up remote logging. Steps are provided to block specific IP addresses from SSH, create a custom finger daemon, and configure remote logging and log rotation.
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF or read online on Scribd
0 ratings0% found this document useful (0 votes)
62 views1 page
Linux Lab 18 Securing Hosts
This document provides instructions for securing hosts on a Linux system. It covers configuring TCP wrappers and the xinetd super daemon to control access, and setting up remote logging. Steps are provided to block specific IP addresses from SSH, create a custom finger daemon, and configure remote logging and log rotation.
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF or read online on Scribd
You are on page 1/ 1
Linux Workshop
Lab 18 Securing hosts (wrapper,xinetd,logging)
Requirements Quick Reference Objectives to learn
➢ Modern Linux distribution TCP wrapper #Check order and examples: ➢ finger package installed vi /etc/hosts.allow #See: man 5 hosts_access in.telnetd : ALL : spawn echo “login from %c to %s ¦ mail -s warn root vi /etc/hosts.deny sshd : ALL EXCEPT 172.28.24.
Super daemon xinetd #Tip: Use snippetname from /etc/services
vi /etc/xinetd.conf #Edit general settings vi /etc/xinetd.d/snippet #Change settings per snippet only_from = 172.28.0.0/16 172.27.200.1 no_access = 172.28.24.1 access_times = 9:00-18:00 To Do per_source =2 1. When your neighbor is finished with ssh, block /etc/init.d/xinetd restart #Activate changes your neighbor's IP address from using ssh with the /etc/hosts.allow and/or hosts.deny. Test the Logging results. vi /etc/syslog.conf #Edit syslog logger configuration You may also block a Windows host from using #See: man syslog.conf for facilities and priorities putty.exe (the ssh-client). vi /etc/sysconfig/syslog #Edit syslogdaemon -r for remote logging SYSLOGD_PARAMS=”-r -s my.domain” 2. Create your own fake finger daemon: SYSLOGD_OPTIONS=”-r -m 0” - Checkout the finger command: #Generate message for syslogger: finger [email protected] logger -i -p kern.emerg -t yourname “Text” - Create a script file called /usr/local/sbin/fingerd vi /etc/logrotate.conf #Edit maxlog files, logrotate is in crontab with the following content: #!/bin/bash echo “Finger is disabled for privacy reasons ...” - Make the new file executable: chmod +x fingerd - Copy an existing snippet to a file called finger Theory Modules and use the following options in the file: LPIC 1 Certification Bible, isbn 0-7645-4772-0 wait = no ➢ p. 413-420 System Logging user = nobody ➢ p. 602-604 Using the Internet Super Server protocol = tcp ➢ p. 697-701 Configuring TCP wrappers server = /usr/local/sbin/fingerd - Activate the changes by restarting the super daemon or by using: killall -SIGHUP xinetd - Checkout the finger command again. Extra References 3. Make your syslogger available for remote logging (add -r in /etc/sysconfig/syslog). Others may ➢ www.tldp.org redirect to your host by addressing you with @hostname in the syslog.conf file. 4. Create a group called loggroup. Add your user as a member. Change the default group owner of the /var/log/messages file to loggroup in the /etc/logrotate.conf.