Professional Documents
Culture Documents
LAB 4
Applying Hardened Linux Filesystem Security Controls
Objective of LAB4:
Mount a filesystem without execute permissions, so you can safely read the data
contained in the disk without executing any unexpected programs
Mount a remote filesystem and configure the system to be mounted at boot time for an
automatic network share on a Linux system
Set user quotas on disk to protect the availability and security on the Linux system and
to prevent users from taking up all the disk drive space on the system
Edit and modify the /etc/fstab file to manage local and remote network file shares as
well as the necessary disk mounting configurations required
Configure and use the repquota command to verify usage of disk space by users and
manage quotas
A. Deliverables
Upon completion of this lab, you are required to provide the following deliverables to your
instructor:
Lab Report file including screen captures of the following steps:
o Part 1, Step 8;
o Part 2, Step 8; Step 9;
Lab Assessments file.
Optional: Challenge Questions file, if assigned by your instructor.
B. Hand-on Steps
I. Part 1: Filesystem Permissions
In this part, we will apply hardened security measures on this server by mounting a filesystem
with read-only permissions. We will modify the /etc/fstab file and perform several tests to
make sure that your changes were effective.
The /etc/fstab file (or filesystems table) is a system configuration file commonly found on
UNIX systems. This file usually lists all available disks and disk partitions, and indicates how
they are to be initialized or otherwise integrated into the overall system's filesystem.
1. Open the CentOS virtual machine.
2. Type sudo vi /etc/fstab to edit that file.
3. Press the i key to enter the Insert mode.
4. Add “,ro” to set read-only permission for “/home”.
8. Do anything to check the read-only permission on this filesystem. After that, capture your
screen and paste into the answer file.
9. Redo anything.
9. Set quota for your group and show the quota of that group. Capture your screen and paste
it into your answer file.