Difference between revisions of "Ict-usb-linux"

From CDOT Wiki
Jump to: navigation, search
(Features)
(Open Firewall wall - no filtering rules)
 
(6 intermediate revisions by the same user not shown)
Line 5: Line 5:
 
Distribution: Linux Mint 17
 
Distribution: Linux Mint 17
 
==Features==
 
==Features==
 +
=== Basic System Info ===
 +
<pre>
 +
ict-2014-v1 ~ # hostname
 +
ict-2014-v1
 +
 +
ict-2014-v1 ~ # uname -a
 +
Linux ict-2014-v1 3.13.0-37-generic #64-Ubuntu SMP Mon Sep 22 21:28:38 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
 +
 +
Regular user account name:
 +
student:x:999:999:Seneca College ICT student,,,:/home/student:/bin/bash
 +
 +
student@ict-2014-v1 ~ $ id
 +
uid=999(student) gid=999(student) groups=999(student),4(adm),24(cdrom),30(dip),46(plugdev),108(lpadmin),110(sambashare)
 +
 +
student@ict-2014-v1 ~ $ cat /etc/resolv.conf
 +
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
 +
#    DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
 +
nameserver 127.0.1.1
 +
search senecacollege.ca
 +
 +
student@ict-2014-v1 ~ $ grep host /etc/nsswitch.conf
 +
hosts:          files mdns4_minimal [NOTFOUND=return] dns
 +
 +
</pre>
 +
 +
===Disk Usage===
 +
<pre>
 +
Filesystem    1K-blocks    Used Available Use% Mounted on
 +
/cow            3984736  93728  3891008  3% /
 +
udev            3973320      4  3973316  1% /dev
 +
tmpfs            796948    1364    795584  1% /run
 +
/dev/sdb1        3897904 1651776  2246128  43% /cdrom
 +
/dev/loop0      1610368 1610368        0 100% /rofs
 +
none                  4      0        4  0% /sys/fs/cgroup
 +
tmpfs            3984736    140  3984596  1% /tmp
 +
none                5120      0      5120  0% /run/lock
 +
none            3984736      76  3984660  1% /run/shm
 +
none              102400      16    102384  1% /run/user
 +
/dev/sdb2      25858132  70220  24451336  1% /home
 +
</pre>
 +
 +
=== mail ===
 +
No mail client installed.
 +
To install, run the command "apt-get install mailutils"
 +
 
===Open Firewall wall - no filtering rules===
 
===Open Firewall wall - no filtering rules===
** Suggestion:
+
* Suggestion:
*** Drop policy on INPUT and Forward chains
+
** Drop policy on INPUT and Forward chains
*** Accept policy on OUTPUT chains
+
** Accept policy on OUTPUT chain
*** Add accept rule to FORWARD chain to allow "ESTABLISHED" and "RELATED" packets
+
** Add accept rule to FORWARD chain to allow "ESTABLISHED" and "RELATED" packets
 
<pre>
 
<pre>
 
/sbin/iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
 
/sbin/iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
 
</pre>
 
</pre>
 +
 
===smbd and nmbd services ===
 
===smbd and nmbd services ===
 
* Do you really want to have these on?
 
* Do you really want to have these on?
Line 44: Line 90:
 
udp6      0      0 :::28749                :::*                                3233/dhclient   
 
udp6      0      0 :::28749                :::*                                3233/dhclient   
 
udp6      0      0 :::5353                :::*                                1231/avahi-daemon:
 
udp6      0      0 :::5353                :::*                                1231/avahi-daemon:
 +
</pre>
 +
 +
=== SELinux ===
 +
Disable and no tools
 +
 +
=== Python ===
 +
<pre>
 +
Python 2.x:
 +
student@ict-2014-v1 ~ $ python
 +
Python 2.7.6 (default, Mar 22 2014, 22:59:56)
 +
[GCC 4.8.2] on linux2
 +
Type "help", "copyright", "credits" or "license" for more information.
 +
 +
Python 3.x:
 +
student@ict-2014-v1 ~ $ python3
 +
Python 3.4.0 (default, Apr 11 2014, 13:05:11)
 +
[GCC 4.8.2] on linux
 +
Type "help", "copyright", "credits" or "license" for more information.
 +
 
</pre>
 
</pre>

Latest revision as of 11:21, 17 December 2014

ICT Linux USB for First Semester Students

Version 1, 2014

Date Created: December 2014 Distribution: Linux Mint 17

Features

Basic System Info

ict-2014-v1 ~ # hostname
ict-2014-v1

ict-2014-v1 ~ # uname -a
Linux ict-2014-v1 3.13.0-37-generic #64-Ubuntu SMP Mon Sep 22 21:28:38 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

Regular user account name:
student:x:999:999:Seneca College ICT student,,,:/home/student:/bin/bash

student@ict-2014-v1 ~ $ id
uid=999(student) gid=999(student) groups=999(student),4(adm),24(cdrom),30(dip),46(plugdev),108(lpadmin),110(sambashare)

student@ict-2014-v1 ~ $ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.1.1
search senecacollege.ca

student@ict-2014-v1 ~ $ grep host /etc/nsswitch.conf
hosts:          files mdns4_minimal [NOTFOUND=return] dns

Disk Usage

Filesystem     1K-blocks    Used Available Use% Mounted on
/cow             3984736   93728   3891008   3% /
udev             3973320       4   3973316   1% /dev
tmpfs             796948    1364    795584   1% /run
/dev/sdb1        3897904 1651776   2246128  43% /cdrom
/dev/loop0       1610368 1610368         0 100% /rofs
none                   4       0         4   0% /sys/fs/cgroup
tmpfs            3984736     140   3984596   1% /tmp
none                5120       0      5120   0% /run/lock
none             3984736      76   3984660   1% /run/shm
none              102400      16    102384   1% /run/user
/dev/sdb2       25858132   70220  24451336   1% /home

mail

No mail client installed. To install, run the command "apt-get install mailutils"

Open Firewall wall - no filtering rules

  • Suggestion:
    • Drop policy on INPUT and Forward chains
    • Accept policy on OUTPUT chain
    • Add accept rule to FORWARD chain to allow "ESTABLISHED" and "RELATED" packets
/sbin/iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

smbd and nmbd services

  • Do you really want to have these on?
ict-2014-v1 selinux # netstat -taunp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN      1436/smbd      
tcp        0      0 127.0.1.1:53            0.0.0.0:*               LISTEN      3237/dnsmasq   
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      3004/cupsd     
tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN      1436/smbd      
tcp6       0      0 :::139                  :::*                    LISTEN      1436/smbd      
tcp6       0      0 ::1:631                 :::*                    LISTEN      3004/cupsd     
tcp6       0      0 :::445                  :::*                    LISTEN      1436/smbd      
tcp6       1      0 ::1:55026               ::1:631                 CLOSE_WAIT  2185/cups-browsed
tcp6       0      0 ::1:55028               ::1:631                 ESTABLISHED 2635/cinnamon-setti
tcp6       0      0 ::1:631                 ::1:55028               ESTABLISHED 3004/cupsd     
udp        0      0 127.0.1.1:53            0.0.0.0:*                           3237/dnsmasq   
udp        0      0 0.0.0.0:68              0.0.0.0:*                           3233/dhclient  
udp        0      0 172.18.255.255:137      0.0.0.0:*                           3361/nmbd      
udp        0      0 172.18.81.236:137       0.0.0.0:*                           3361/nmbd      
udp        0      0 0.0.0.0:137             0.0.0.0:*                           3361/nmbd      
udp        0      0 172.18.255.255:138      0.0.0.0:*                           3361/nmbd      
udp        0      0 172.18.81.236:138       0.0.0.0:*                           3361/nmbd      
udp        0      0 0.0.0.0:138             0.0.0.0:*                           3361/nmbd      
udp        0      0 0.0.0.0:631             0.0.0.0:*                           2185/cups-browsed
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           1231/avahi-daemon:
udp        0      0 0.0.0.0:35063           0.0.0.0:*                           1231/avahi-daemon:
udp        0      0 0.0.0.0:14647           0.0.0.0:*                           3233/dhclient  
udp6       0      0 :::52153                :::*                                1231/avahi-daemon:
udp6       0      0 :::28749                :::*                                3233/dhclient  
udp6       0      0 :::5353                 :::*                                1231/avahi-daemon:

SELinux

Disable and no tools

Python

Python 2.x:
student@ict-2014-v1 ~ $ python
Python 2.7.6 (default, Mar 22 2014, 22:59:56)
[GCC 4.8.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.

Python 3.x:
student@ict-2014-v1 ~ $ python3
Python 3.4.0 (default, Apr 11 2014, 13:05:11)
[GCC 4.8.2] on linux
Type "help", "copyright", "credits" or "license" for more information.