Professional Documents
Culture Documents
LAB 5
Hardening security for Linux services and applications
Objective of LAB5:
Harden Linux server services when enabling and installing them, and keep a security
perspective during configuration
Perform basic security configurations to ensure that the system has been hardened
before hosting a Web site
Configure and perform basic security for a MySQL database, understanding the
ramifications of a default installation and recommending hardening steps for the
database instance
Set up and perform basic security configuration for Sendmail to be able to leverage the
built-in messaging capabilities of the Linux system
Enable and implement secure SSH for encrypted remote access over the network or
across the Internet of a Linux server system
A. Deliverables
Upon completion of this lab, you are required to provide the following deliverables to your
instructor:
Lab Report file including screen captures of the following steps:
o Part 1, Step 5e;
o Part 2, Step 5; Step 10;
o Part 3, Step 4; Step 7;
o Part 4, Step 13; Step 16;
Lab Assessments file.
Optional: Challenge Questions file, if assigned by your instructor.
B. Hand-on Steps
I. Part 1: Install LAMP Stack on Centos
1. Update your system
sudo yum update
2. Install apache
a. Install apache
sudo yum install httpd
b. Start apache service
sudo systemctl start httpd.service
c. Activate apache to start during system boot:
sudo systemctl enable httpd.service
3. Install MariaDB database
a. Install MariaDB
sudo yum install mariadb-server mariadb
b. Start MariaDB service
This method has the potential to leak more information about the server
than necessary and poses a security risk
4. Check the syntax error for your edits: sudo /sbin/service httpd configtest and press
Enter. Capture your screen.
5. At the command prompt, type sudo /sbin/service httpd reload and press Enter to
reload the configuration file and put your changes into effect.
6. At the command prompt, type telnet localhost 80 and press Enter to open a
connection to port 80 to test your configuration changes.
7. At the solid cursor command prompt, type TRACE and press Enter to open the raw
code of an HTML file. Capture your screen.
In this case, the system generates an HTML file that indicates the method is
not allowed, which verifies that your changes were successful.
5. Use the arrow keys to locate the #UsePAM no line in the file and delete the # symbol
from the beginning of the line to enable the command.
6. Use the arrow keys to locate the UsePAM yes line in the file and type the # symbol at
the beginning of the line to disable the command.
7. Use the arrow keys to locate the #Banner none line in the file and delete the # symbol
from the beginning of the line to enable the command.
8. In the Banner line, type /etc/motd to replace the none and specify the name of the file
that will display an error message to every user who attempts to log in.
9. Save the file.
10. At the command prompt, type sudo vi /etc/motd and press Enter to open the MOTD
(message of the day) banner file in the vi Editor.
11. At the beginning of the first blank line, type PROPERTY OF FIRST WORLD BANK
SAVINGS AND LOAN. AUTHORIZED USERS ONLY!
12. Save the file.
13. At the command prompt, type sudo /sbin/service sshd status and press Enter to check
the status of the open SSH server. Capture your screen.
14. At the command prompt, type sudo /sbin/service sshd reload and press Enter to
reload the open SSH configuration file and put your changes into effect.
15. At the command prompt, type ssh localhost and press Enter to open an SSH
connection to the localhost.
16. When prompted to continue connecting, type yes and press Enter. Capture your screen