OSP201 Open Source Platform and Network Administration

LAB 4
Applying Hardened Linux Filesystem Security Controls
Objective of LAB4:
 Mount a filesystem without execute permissions, so you can safely read the data
contained in the disk without executing any unexpected programs
 Mount a remote filesystem and configure the system to be mounted at boot time for an
automatic network share on a Linux system
 Set user quotas on disk to protect the availability and security on the Linux system and
to prevent users from taking up all the disk drive space on the system
 Edit and modify the /etc/fstab file to manage local and remote network file shares as
well as the necessary disk mounting configurations required
 Configure and use the repquota command to verify usage of disk space by users and
manage quotas

A. Deliverables
Upon completion of this lab, you are required to provide the following deliverables to your
instructor:
 Lab Report file including screen captures of the following steps:
o Part 1, Step 8;
o Part 2, Step 8; Step 9;
 Lab Assessments file.
 Optional: Challenge Questions file, if assigned by your instructor.

B. Hand-on Steps
I. Part 1: Filesystem Permissions
In this part, we will apply hardened security measures on this server by mounting a filesystem
with read-only permissions. We will modify the /etc/fstab file and perform several tests to
make sure that your changes were effective.
The /etc/fstab file (or filesystems table) is a system configuration file commonly found on
UNIX systems. This file usually lists all available disks and disk partitions, and indicates how
they are to be initialized or otherwise integrated into the overall system's filesystem.
1. Open the CentOS virtual machine.
2. Type sudo vi /etc/fstab to edit that file.
3. Press the i key to enter the Insert mode.
4. Add “,ro” to set read-only permission for “/home”.

5. Save and exit edit mode.

Lab4 huonglh3@fe.edu.vn Page 1 of 3

OSP201 Open Source Platform and Network Administration

6. Type below command to remount the “/home” filesystem.

mount –o remount /home
7. Move to /home file system:
cd /home/

8. Do anything to check the read-only permission on this filesystem. After that, capture your
screen and paste into the answer file.
9. Redo anything.

II. Part 2: Setting Quotas

1. Add usrquota and grpquota on /home in /etc/fstab file as below:

2. Type below command to remount the “/home” filesystem.

mount –o remount /home

3. Recheck the /home file system whether Quota is enable or not.

4. Install quota tool by running the following command:

yum –y install quota
5. Create Quota Database Files using quotacheck. Command will create aquota.user &
aquota.group files under /home
quotacheck –cugv /home

 -c : create quota file and don’t use the existing file

 -v : verbose output

Lab4 huonglh3@fe.edu.vn Page 2 of 3

OSP201 Open Source Platform and Network Administration

 -u : user disk quota

 -g : group disk quota
6. Turn on quota on /home using below command:
quotaon /home/

7. Set quota for user via setquota commands

setquota –u <user_name> <soft limit (kb)> <hard limit (kb)> <soft-inodes> <hard-inodes>
<filesystem>

You must use setquota to set quota for your user

8. Assign user & group disk quota via edquota commands

edquota –u <user_name>
edquota –g <group_name>

Capture your screen and paste it into your answer file

9. Set quota for your group and show the quota of that group. Capture your screen and paste
it into your answer file.

III. Lab Assessment Q&A

1) Which fstab option would allow customers to view PDF files without being able to
modify the files?
2) Describe the process to create a quota hard limit of 2G for a user.
3) What is the /etc/fstab file for?
4) What is the mount command? Explain.

Lab4 huonglh3@fe.edu.vn Page 3 of 3