How to install Red Hat GPG key for RPM verification.
If the Red Hat GPG key is not installed, install it from a secure, static location, such as a Red Hat installation CD-ROM or DVD.
All Red Hat Enterprise Linux packages are signed with the Red Hat GPG key. GPG stands for GNU Privacy Guard, or GnuPG, a free software package used for ensuring the authenticity of distributed files. For example, a private key (secret key) locks the package while the public key unlocks and verifies the package. If the public key distributed by Red Hat Enterprise Linux does not match the private key during RPM verification, the package may have been altered and therefore cannot be trusted.
use the following command to import it into the keyring (a database of trusted keys on the system):
rpm –import /mnt/cdrom/RPM-GPG-KEY
To display a list of all keys installed for RPM verification, execute the following command:
It is extremely important to verify the signature of the RPM files before installing them to ensure that they have not been altered from the original source of the packages. To verify all the downloaded packages at once, issue the following command:
rpm -K /tmp/updates/*.rpm
Adding new User buddy to the wheel group
The wheel group is a group which limits the number of people who are able to su to root. This usually consists of a group named “wheel” and a set of users that are permitted to use the utility ’su’ in order to change to root.
Many systems, especially either commercial systems or Linux systems, come without wheel groups configured and implemented. At least one Linux distribution, comes with wheel groups preconfigured but not active. However, all or nearly all BSD based systems will come with the wheel group installed and set up.
Adding new user “buddy” to the wheel group in order to allow it to gain root access, with *NO* root privileges. That means that this user will be able to log into the server, but won’t be able to perform any root tasks until the user switches to the root user.
Once you are in SSH, you have to type the below command, the user buddy should already exist.
#/usr/sbin/usermod –G wheel buddy
Before proceeding, re-login to your server using the “buddy” account. At the SSH prompt, type “su” followed by the Enter key, and then enter in the root password. If you were successful, you should be at a root prompt:
To confirm that you are root, at the SSH prompt type the command whoami , which should display your root account.
Nessus
The official website at the following URL: http://www.nessus.org/
Nessus is a full-service security scanner. The plug-in architecture of Nessus allows users to customize it for their systems and networks. As with any scanner, Nessus is only as good as the signature database it relies upon. Fortunately, Nessus is frequently updated and features full reporting, host scanning, and real-time vulnerability searches. Remember that there could be false positives and false negatives, even in a tool as powerful and as frequently updated as Nessus.
Nikto
Nikto can be found at the following URL: http://cirt.net/nikto2
Nikto is an excellent common gateway interface (CGI) script scanner. Nikto not only checks for CGI vulnerabilities but does so in an evasive manner, so as to elude intrusion detection systems.
If you have Web servers serving up CGI scripts, Nikto can be an excellent resource for checking the security of these servers.
How to find open sockets on your Linux server
Here we will look into lsof - list open file, and Nmap (“Network Mapper”)
Nmap is an open source tool for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts.
There are a number of methods that you can use to show open sockets at least:
lsof -U will list open sockets
nmap -sT -sU localhost will scan your local machine for open TCP or UDP ports
$ sudo nmap -sT -sU localhost
Starting Nmap 4.68 ( http://nmap.org ) at 2010-11-15 06:54 IST
Interesting ports on localhost (127.0.0.1):
Not shown: 3201 closed ports
PORT STATE SERVICE
123/udp open|filtered ntp
5353/udp open|filtered zeroconf
Nmap done: 1 IP address (1 host up) scanned in 4.003 seconds
netstat -a | grep LISTEN will show all listening sockets.
Nmap has lots of options, so we are going to focus on only some of them.
sudo nmap -sS -O 127.0.0.1
-sS
TCP SYN scan
-O
Enable Operating System detection
Labels containing security-relevant information for SELinux.
Security-Enhanced Linux (SELinux) adds Mandatory Access Control (MAC) to the Linux kernel, and is enabled by default in Red Hat Enterprise Linux. A general purpose MAC architecture needs the ability to enforce an administratively-set security policy over all processes and files in the system
The following is an example of the labels containing security-relevant information that are used on processes, Linux users, and files, on Linux operating systems that run SELinux. This information is called the SELinux context, and is viewed using the ls -Z command:
$ ls -Z filename
-rwxrw-r– user1 group1 unconfined_u:object_r:user_home_t:s0 filename
On Linux operating systems that run SELinux, there are Linux users as well as SELinux users. SELinux users are part of SELinux policy. Linux users are mapped to SELinux users.
In this example, SELinux provides a user (unconfined_u), a role (object_r), a type (user_home_t), and a level (s0). This information is used to make access control decisions. With DAC, access is controlled based only on Linux user and group IDs. It is important to remember that SELinux policy rules are checked after DAC rules. SELinux policy rules are not used if DAC rules deny access first.