Lab 1 System Monitoring

Goal: To build skills to better assess system resources, performance and security.

Sequence 1: Inspecting your system

Scenario: You are assigned responsibility for this system. You must learn how it is
configured.

Deliverable: Knowledge about your system.

System Setup: Before you use the system, inspect its configuration by answering the following questions with the command(s) you used to derive this answer. Throughout the class, you may need to install additional software packages on your system. Consult the Appendix for information and instruction for installing software.

Instructions:

1. What IP addresses are configured for the system?

Use /sbin/ifconfig or /sbin/ip addr to find your IP addresses. One of them should be 192.168.0.X.

2. How are these IP addresses configured?

Look in /etc/sysconfig/network-scripts/ifcfg-*

3. What runlevel is the system currently in?

runlevel or who -r

4. How was this configured?

head -20 /etc/inittab Compare the "id" record value to /proc/cmdline in the event that the current runlevel was set by the bootloader(GRUB). cat /proc/cmdline

5. Which services are currently running?

service --status-all

6. Which services are installed?

chkconfig --list (This will only display services that are controlled by a service initialization script or by xinetd. Services started by other means will not be displayed.)

7. How many "end user" accounts are there?

Use the command getent passwd | sort -t":" -k 3 -g. The end user accounts are those 500 or above. The command above merely sorts all
user accounts.

8. Which account are you now using?

whoami

9. Has anyone else logged into your system recently?

last will show who recently logged in.

Sequence 2: Monitoring TCP/IP ports

Scenario: You have done your best to understand which services you must offer, and to whom, and now must verify this configuration. This is a mere exercise in a long and on-going effort to manage your system within the definitions of your Security Policy.

If you are located in an Internet-enabled classroom, please do not attempt to use nmap to scan machines outside the example.com domain or outside the 192.168.0.0/24 subnet unless instructed to do so. Thank you for your cooperation.

Deliverable: Familiarity with utilities in an audit of system services..

Instructions:

1. Work with a lab partner, and monitor network ports on each of your systems. Which TCP ports are open, and which have a service listening at the other end? With respect to your system, which ports have a service listening, but are not open to your partner?

a. For purposes of this lab, instructions will refer to station X and stationY, where stationX is the "local" system and stationY, the "remote." In the listings below, data redirected to a file is suggested, but not required while gathering data about the systems.

# netstat -tpnl > $HOME/netstat-stationY.out
# nmap stationX | grep tcp > $HOME/nmap-stationX.out

2. Determine which hosts are on your subnet.

a. Again, the nmap utility may be used to more broadly scan your system networking subnet. As we are using a IPV4 class C address range, the argument provided nmap is in the form "N.N.N.*", where "N" is replaced by the 3 octets of your IP network address.

# nmap -sP Your IP Network Address

3. Determine which programs, utilities or services are configured to run at system boot time. Which of these was configured during package installation, and which were configured by the system administrator?

a. Run chkconfig to audit your system, based on the current runlevel.

# chkconfig --list | grep $(runlevel | cut -d" " -f2):on

b. Each system initialization script contains lines used by chkconfig which describe how and when the script is to be run. Note that the example below uses regular expression classes to ensure, for example, a "space" and a "tab" are both matched.

To determine which scripts are default installed to run at system boot:

# grep '^#[[:space:]]chkconfig:[[:space:]][[:digit:]]\+' /etc/init.d/*

To determine which scripts are default installed not to run at system boot:

# grep '^#[[:space:]]chkconfig:[[:space:]]-' /etc/init.d/*

Sequence 3: Logging to a centralized loghost

Scenario: Your boss thinks it is a great idea to have one central logging host. Work together with your neighbor to configure your machine as a logging host.

Deliverable: A central logging host

Instructions:

1. Set up syslogd to accept remote messages.

a. Edit /etc/sysconfig/syslog, and add the -r option as below:

SYSLOGD_OPTIONS="-r -m 0"

2. Restart syslogd.

a. # service syslog restart

Now your machine will accept logging messages from other machines.

3. Set up syslogd to send some messages to another machine.

a. Append /etc/syslog.conf with the following line:

user.* @192.168.0.Y

Where 192.168.0.Y is your neighbor's IP address.

b. If you have SELinux problems, you may need to restore the context on all files in /etc/

# restorecon -R /etc/

4. Restart syslogd.

a. # service syslog restart

Now your machine sends messages from user programs to your neighbor's machine.

5. Test the new setup by using logger to generate a syslog message:

# logger -i -t yourname "This is a test"

Does the message appear in your neighbor's /var/log/messages?

6. Challenge questions:

Why does this message also appear in your own /var/log/messages?

How can you prevent it?

The message appears in /var/log/messages because the syslog.conf file has an entry that sends all user messages to /var/log/messages:

*.info;mail.none... /var/log/messages

To prevent this, add a user.none entry like the others:

*.info;user.none,mail.none... /var/log/messages

RH253读书笔记(1)-Lab 1 System Monitoring的更多相关文章

  1. RH253读书笔记(2)-Lab 2 System Resource Access Controls

    Lab 2 System Resource Access Controls Goal: To become familiar with system resource access controls. ...

  2. RH133读书 笔记(4) - Lab 4 System Services

    Lab 4 System Services Goal: Develop skills using system administration tools and setting up and admi ...

  3. RH133读书笔记(11)-Lab 11 System Rescue and Troubleshooting

    Lab 11 System Rescue and Troubleshooting Goal: To build skills in system rescue procedures. Estimate ...

  4. RH253读书笔记(4)-Lab 4 The Domain Name System

    Lab 4 The Domain Name System Goal: To install and configure a DNS server System Setup: Throughout th ...

  5. RH253读书笔记(3)-Lab 3 Securing Networking

    Lab 3 Securing Networking Goal: To build skills with the Netfilter packet filter Sequence 1: Applyin ...

  6. RH253读书笔记(6)-Lab 6 Implementing Web(HTTP) Services

    Lab 6 Implementing Web(HTTP) Services Goal: To implement a Web(HTTP) server with a virtual host and ...

  7. RH253读书笔记(5)-Lab 5 Network File Sharing Services

    Lab 5 Network File Sharing Services Goal: Share file or printer resources with FTP, NFS and Samba Se ...

  8. RH253读书笔记(7)-Lab 7 Electronic Mail

    Lab 7 Electronic Mail Goal: To build common skills with MTA configuration Estimated Duration: 90 min ...

  9. RH253读书笔记(9)-Lab 9 Account Management Methods

    Lab 9 Account Management Methods Goal: To build skills with PAM configuration Sequence 1: Track Fail ...

随机推荐

  1. 成为JAVA软件开发工程师要学哪些东西

    2010-04-22 15:34 提问者采纳 Java EE(旧称j2ee)   第一阶段:Java基础,包括java语法,面向对象特征,常见API,集合框架: *第二阶段:java界面编程,包括AW ...

  2. Linux系统部署规范v1.0

    Linux系统部署规范v1.0 目的: 1.尽可能减少线上操作: 2.尽可能实现自动化部署: 3.尽可能减少安装服务和启动的服务: 4.尽可能使用安全协议提供服务: 5.尽可能让业务系统单一: 6.尽 ...

  3. 【C/C++】BinarySearch

    /* * BinarySearch.c * * Created on: 2014年6月25日 * Author: wenbo */ #include <stdio.h> int binar ...

  4. hdu2457 Trie图+dp

    hdu2457 给定n个模式串, 和一个文本串 问如果修改最少的字符串使得文本串不包含模式串, 输出最少的次数,如果不能修改成功,则输出-1 dp[i][j] 表示长度为i的字符串, 到达状态j(Tr ...

  5. 安装好.net framework后运行慢

    表现 系统有时运行慢,尤其是.net程序运行得相当慢 mscorsvw.exe与mscorsvw.exe *32两个进程挂在任务管理器里时不时地占着CPU 解决 运行以下两条命令,加快这两进程的运行, ...

  6. quartz.net持久化和集群

    首先你应该使用的是持久化的quartz,所有定时任务的情况都是保存在数据库表总的,每次启动时,scheduler容器都是按照qrtz_triggers等表内存储的信息来执行定时任务(主要包括cron表 ...

  7. 设单链表中存放n个字符,试设计一个算法,使用栈推断该字符串是否中心对称

    转载请注明出处:http://blog.csdn.net/u012860063 问题:设单链表中存放n个字符.试设计一个算法,使用栈推断该字符串是否中心对称,如xyzzyx即为中心对称字符串. 代码例 ...

  8. sql中 in 、not in 、exists、not exists 使用方法和区别

    % 的一类. NOT IN:通过 NOT IN keyword引入的子查询也返回一列零值或很多其它值. 以下查询查找没有出版过商业书籍的出版商的名称. SELECT pub_name FROM pub ...

  9. COM模块三---根的形成和注册代理server(Building and Registering a Proxy DLL)

    Prerequisite:C++ 程序员,熟windows计划,熟Win32 Dll,了解windows注册表. 笔者:割者 上一篇文章中,我们定义了COM接口.通过编译生成了四个文件,本文使用这四个 ...

  10. NOI 评价体系 arbiter 安装方法 常见的问题 移植

    #!/bin/bash AppPath="$PWD"   读取当前文件夹 echo "Arbiter is installing..." sudo apt-ge ...