Added SELinux task

prudvikeshav · Aug 30, 2024 · cf8d147 · cf8d147
1 parent 1810697
commit cf8d147
Show file tree

Hide file tree

Showing 7 changed files with 102 additions and 39 deletions.
diff --git a/Linux/Custom Apache User Setup.md b/Linux/Custom Apache User Setup.md
@@ -1,5 +1,4 @@
 
-
 # Problem Statement
 
 In response to heightened security concerns, the xFusionCorp Industries security team has opted for custom Apache users for their web applications. Each user is tailored specifically for an application, enhancing security measures. Your task is to create a custom Apache user according to the outlined specifications:
@@ -12,8 +11,6 @@ b. Assign a unique UID _1321_ and designate the home directory as _/var/www/john
 
 ## Solution
 
-
-
 ### Steps to Create and Configure the User
 
 1. **Log in to App Server 3:**
@@ -61,7 +58,7 @@ b. Assign a unique UID _1321_ and designate the home directory as _/var/www/john
 
    You should see an output similar to:
 
-   ```
+   ```plain
    john:x:1321:1321::/var/www/john:/bin/bash
    ```
 
@@ -71,4 +68,3 @@ b. Assign a unique UID _1321_ and designate the home directory as _/var/www/john
    - `1321` is the UID and GID (group ID).
    - `/var/www/john` is the home directory.
    - `/bin/bash` is the default shell.
-
diff --git a/Linux/Data Backup for Developer.md b/Linux/Data Backup for Developer.md
@@ -1,14 +1,13 @@
 # Problem Statement
+
 Within the Stratos DC, the Nautilus storage server hosts a directory named */data*, serving as a repository for various developers non-confidential data. Developer *anita* has requested a copy of their data stored in */data/anita*. The System Admin team has provided the following steps to fulfill this request:
 
 a. Create a compressed archive named *anita.tar.gz* of the */data/anita* directory.
 
-b. Transfer the archive to the _/home_ directory on the Storage Server.
-
+b. Transfer the archive to the */home* directory on the Storage Server.
 
 ## Solution
 
-
 1. **SSH into the server**:
 
    ```bash

diff --git a/Linux/Default GUI Boot Configuration.md b/Linux/Default GUI Boot Configuration.md
@@ -1,10 +1,10 @@
 # Problem Statement
+
 With the installation of new tools on the app servers within the Stratos Datacenter, certain functionalities now necessitate graphical user interface (GUI) access.
 
 Adjust the default runlevel on all App servers in Stratos Datacenter to enable GUI booting by default. It's imperative not to initiate a server reboot after completing this task.
 
-## Solution:
-
+## Solution
 
 1. **SSH into the First Server**
 
@@ -28,8 +28,6 @@ Adjust the default runlevel on all App servers in Stratos Datacenter to enable G
    systemctl get-default
    ```
 
-
-
 4. **Change the Default Target to Graphical**
 
    If the current default target is not `graphical.target`, set it as the default:
@@ -40,12 +38,10 @@ Adjust the default runlevel on all App servers in Stratos Datacenter to enable G
 
    You should see a message like:
 
-   ```
+   ```plain
    Created symlink /etc/systemd/system/default.target → /usr/lib/systemd/system/graphical.target.
    ```
 
-
-
 5 . **Repeat for the Remaining Servers**
 
    Perform steps 1 through 6 on the remaining servers (`stapp02` and `stapp03`), using the appropriate usernames and passwords:
@@ -60,5 +56,3 @@ Adjust the default runlevel on all App servers in Stratos Datacenter to enable G
    exit
    exit
    ```
-
-
diff --git a/Linux/File Permission Correction.md b/Linux/File Permission Correction.md
@@ -1,4 +1,5 @@
 # Problem Statement
+
 After conducting a security audit within the Stratos DC, the Nautilus security team discovered misconfigured permissions on critical files. To address this, corrective actions are being taken by the production support team. Specifically, the file named /etc/hosts on Nautilus App 1 server requires adjustments to its Access Control Lists (ACLs) as follows:
 
 1. The file's user owner and group owner should be set to *root*.
@@ -9,11 +10,9 @@ After conducting a security audit within the Stratos DC, the Nautilus security t
 
 4. User *jerome* should be granted *read only* permission on the file.
 
+## Solution
 
-## Solution:
-
-
-#### **1. Connect to Nautilus App 1 Server**
+### **1. Connect to Nautilus App 1 Server**
 
 Log in to the server as the user `tony`:
 
@@ -23,8 +22,6 @@ ssh tony@stapp01
 
 #### **2. Switch to the Root User**
 
-
-
 ```bash
 sudo su
 ```
@@ -39,7 +36,7 @@ getfacl /etc/hosts
 
 - **Output Example:**
 
-  ```
+  ```plain
   getfacl: Removing leading '/' from absolute path names
   # file: etc/hosts
   # owner: root
@@ -51,16 +48,13 @@ getfacl /etc/hosts
 
 #### **4. Ensure the File Ownership is Correct**
 
-
-
 ```bash
 chown root:root /etc/hosts
 ```
 
-
 #### **5. Create the User `kirsty`**
 
-```
+```plain
  id kristy
  
  #  id: ‘kristy’: no such user
@@ -70,8 +64,6 @@ chown root:root /etc/hosts
 useradd kirsty
 ```
 
-
-
 #### **6. Set ACLs on the File**
 
 1. **Remove All Permissions for `kirsty`**:
@@ -80,27 +72,21 @@ useradd kirsty
    setfacl -m u:kirsty:0 /etc/hosts
    ```
 
-
-
 2. **Grant Read-Only Permissions to `jerome`**:
 
    ```bash
    setfacl -m u:jerome:r /etc/hosts
    ```
 
-
-
 #### **7. Verify the Updated ACLs**
 
-
-
 ```bash
 getfacl /etc/hosts
 ```
 
 - **Expected Output:**
 
-  ```
+  ```plain
   getfacl: Removing leading '/' from absolute path names
   # file: etc/hosts
   # owner: root
@@ -112,4 +98,3 @@ getfacl /etc/hosts
   mask::r--
   other::r--
   ```
-
diff --git a/Linux/Firewall Configuration.md b/Linux/Firewall Configuration.md
@@ -1 +1,5 @@
 # Problem Statement
+
+The *Nautilus* system admins team has rolled out a web UI application for their backup utility on the *Nautilus backup* server within the *Stratos Datacenter*. This application operates on port *8084*, and *firewalld* is active on the server. To meet operational needs, the following requirements have been identified:
+
+Allow all incoming connections on port *8084/tcp*. Ensure the zone is set to *public*.
diff --git a/Linux/SElinux Installation and Configuration.md b/Linux/SElinux Installation and Configuration.md
@@ -0,0 +1,85 @@
+# Problem Statement
+
+Following a security audit, the xFusionCorp Industries security team has opted to enhance application and server security with SELinux. To initiate testing, the following requirements have been established for *App server 2* in the Stratos Datacenter:
+
+Install the required *SELinux* packages.
+
+Permanently disable *SELinux* for the time being; it will be re-enabled after necessary configuration changes.
+
+No need to reboot the server, as a scheduled maintenance reboot is already planned for tonight.
+
+Disregard the current status of SELinux via the command line; the final status after the reboot should be *disabled*.
+
+## Solution
+
+---
+
+### 1. Connect to the Server
+
+1. **SSH into the Server:**
+
+   ```bash
+   ssh steve@stapp02
+   ```
+
+2. **Switch to Root User:**
+
+   ```bash
+   sudo su
+   ```
+
+### 2. Update the System
+
+1. **Update All Packages:**
+
+   ```bash
+   sudo yum update
+   ```
+
+### 3. Verify SELinux Package Installation
+
+1. **Check for Existing SELinux Packages:**
+
+   ```bash
+   sudo rpm -aq | grep selinux
+   ```
+
+.
+
+2.**Install Required SELinux Packages:**
+
+   ```bash
+   sudo yum install policycoreutils policycoreutils-python setools setools-console setroubleshoot
+   ```
+
+### 4. Configure SELinux to be Disabled
+
+1. **Edit SELinux Configuration File:**
+
+   ```bash
+   vi /etc/selinux/config
+   ```
+
+2. **Modify Configuration Settings:**
+
+      ```plain
+     # This file controls the state of SELinux on the system.
+     # SELINUX= can take one of these three values:
+     #     enforcing - SELinux security policy is enforced.
+     #     permissive - SELinux prints warnings instead of enforcing.
+     #     disabled - No SELinux policy is loaded.
+     SELINUX=disabled
+     # SELINUXTYPE= can take one of three values:
+     #     targeted - Targeted processes are protected,
+     #     minimum - Modification of targeted policy. Only selected processes are protected.
+     #     mls - Multi Level Security protection.
+     SELINUXTYPE=targeted
+     ```
+
+### 5. Verify Configuration
+
+1. **Check SELinux Status:**
+
+   ```bash
+   sudo sestatus
+   ```
diff --git a/Linux/Timezone Alignment.md b/Linux/Timezone Alignment.md
@@ -58,6 +58,6 @@ Synchronize the timezone settings to match the local datacenter's timezone (*Ame
    exit
    ```
 
-7. **Repeat for All Servers**
+6. **Repeat for All Servers**
 
    Perform the above steps on all relevant servers (e.g., `stapp02`, `stapp03`). Ensure that each server has the timezone set to `America/Argentina/Ushuaia`.