[root@comptia-test -)#- Question As a security administrator, you are asked to h

Question

[root@comptia-test -)#- Question As a security administrator, you are asked to harden a server running Red Hat Enterprise Server 5.5 64-bit This server is being used as a DNS and time server. It is not used as a database, web server, or print server There are no wireless connections to the server and it does not need to print. You need to disable and turn off unrelated services and processes. The command window will be provided along with root access. You are connected via secure shell with root access. You may query help for a list of commands Instructions: It is possible to simulate a crash of your server session. The simulation can be reset but the server cannot be rebooted Reset Help ATA Simulation Done This window can be resized

Explanation / Answer

Solution: -

For hardening of the server here are the steps that needs to be followed.:

Step 1: - At first using the commands, cat /etc/service | grep -i “running” we need to check what and all services are running on that system. After looking into the output, I need to figure out what all things needs to be done in order to harden this system.

Step 2 : - We need to check whether there is any slowness while login into my system. If any user complained any issue then as a root we need to debug it using TCP dump.

Run this command: tcp dump -n -i <port_number> -w /tmp/ssh-slowness.pcap here we are generating a .pcap output file which will help us to debug the issue analyzed from the output file.

Step 3: - After inspection of ssh-slowness.pcap file, we shall consider exchanging the secondary to primary Name Server of DNS because there would be simultaneous request reaching on all the name server, but the primary is taking a long time to resolve the address as because ssh can take time to respond to any login shells due to DNS reverse lookup from secondary or tertiary servers while the primary not working for some reasons.

Step 4: - Checking what all packages are running on my system by using yum check command so if any duplicate packages are there, the output will provide the same. We will identify those packages using rpm -e <package_version>. Then we will run another command /sbin/chkconfig --list |grep ‘3:on’ once we found any unwanted services are running we will disable using running chkconfig <service_name> off.

Step 5: - we will check for yum updates to keep the system updated with latest release patches security fixes when it is available, we can do the same using yum check -update command. We will check for cron where we can disable certain jobs or users to access cron if we find any security threats to the system. This can be done using echo ALL >> /etc/cron.deny. We can monitor lot of user activities and information about each user and their consumed processes using Linux tools like psacct and acct. These tools will be running in system’s background and it will continuously track each and every user’s activity on that server and even we can check the resources consumed by those services such as ssh, ftp.

Finally, we will check under /var/log/messages for any warning messages available in the system and we will take necessary action accordingly. At last after running all the above step logout from the remote session which is established using ssh.

The above step will help the server to get simulated without getting rebooted.

Related Questions

Navigate

• Browse (All)
• Browse #
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.