Professional Documents
Culture Documents
Alaeddine Jebnoun
INDP3-CySD
2019-2020
Part I
POSIX ACL
1 S TANDARD P ERMISSIONS
1. After creating the different files and directories
we can see that the defaults permissions for files and directories are:
• Directories: Readable by everyone (owner,group,others), writable by owner and
group, supports search by everyone (x for directories stand for search).
• Files: Readable by everyone, writable only by owner and group and nobody can
execute them.
To explain these default permissions we can type the command umask. This command
displays 0002 which mean that the default permissions for directories can be figured
out by calculating 777-002 which give 775 (rwx rwx r-x) and for files by calculating 666-
002=664 (rw- rw- r–)
1
2. To obtain the same results as in the lab we can execute the following commands:
2. To copy all ACL permissions from file1 to file3 in one command we can write:
2
3. user1 cannot read file3 because the mask is set to — that’s why no one can read, write or
execute file3.
To set effective permissions as indicated in the figure we can use the command:
$ chmod g= file3
Part II
SELinux
2. To display SELinux Booleans related to httpd process we can use grep on the output of
getsebool
3
After copying in the home directory we can see that the context label has been changed.
4
4 SEL INUX AND K EY- BASED SSH AUTHENTICATION
First of all, we need to check that the ssh server and the ssh client are under the same network.
So we will ping the server from the client.
1. The ip address of our ssh server is 192.168.1.159 and for the client the address is 192.168.1.147
3. scp will be used in this step to copy the public key to the /.ssh/authorized_key in the
server machine
5
5. To disable the use of password-based authentication we should modify the /etc/ssh/sshd_config
file.
The SSH access will be denied by SELinux because we are no longer able to enter the
authorized_keys folder.
When we restore the default context we are able again to connect
6
Part III
Firewalld and Port Security
5 F IREWALLD
1. The default zone is public.
4. Since we disabled the SSH service, trying to remotely access via SSH fails.