Difference between revisions of "OPS235 Resources"
(→Firewall Configuration) |
(→SELinux Configuration) |
||
Line 68: | Line 68: | ||
Policy from config file: targeted | Policy from config file: targeted | ||
− | It is not recommended to turn off SELinux. | + | It is not recommended to turn off SELinux. If you encounter some SELinux policy issues and can not get it resolve, then you should set it to permissive mode. |
To switch SELinux from "permissive" mode to "enforcing" mode, do the following: | To switch SELinux from "permissive" mode to "enforcing" mode, do the following: | ||
Line 75: | Line 75: | ||
SELinux status: enabled | SELinux status: enabled | ||
SELinuxfs mount: /selinux | SELinuxfs mount: /selinux | ||
− | Current mode: | + | Current mode: enforcing |
Mode from config file: enforcing | Mode from config file: enforcing | ||
Policy version: 24 | Policy version: 24 |
Revision as of 19:46, 25 November 2009
Contents
Installation Video
F12 Live CD update Tracker
The following table shows the number of packages available for update on a given date on a Live Fedora 12 system.
Date | No. of Packages | Size | Time(min.) |
---|---|---|---|
November 25, 2009 | 100 | 94MB | 5 |
November 24, 2009 | 89 | 87MB | 5 |
Date | No of Package | Size | Time(min.) |
Some facts about Fedora 12 Live DVD
Version information
[root@localhost ~]# uname -a Linux localhost.localdomain 2.6.31.5-127.fc12.i686 #1 SMP Sat Nov 7 21:41:45 EST 2009 i686 athlon i386 GNU/Linux
Number of packages
[root@localhost ~]# rpm -qa | wc -l 1017
TCP/IP Network Services running on the Live DVD by default
- cups on port 631 (Common Unix Print Service)
- smtp on port 25 (Simple Message Transfer protocol, for handling emails exchange between local users)
- avahi-daemon on port 5353 and 49032
- bootpc on port 68 (DHCP Client)
[root@localhost ~]# netstat -atup Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 localhost.localdomain:ipp *:* LISTEN 1500/cupsd tcp 0 0 localhost.localdomain:smtp *:* LISTEN 1800/sendmail: acce tcp 0 0 localhost6.localdomain6:ipp *:* LISTEN 1500/cupsd udp 0 0 *:mdns *:* 1489/avahi-daemon: udp 0 0 *:ipp *:* 1500/cupsd udp 0 0 *:49032 *:* 1489/avahi-daemon: udp 0 0 *:bootpc *:* 1698/dhclient
SELinux Configuration
Security Enhence Linux is enabled by default.
[root@localhost ~]# sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 24 Policy from config file: targeted [root@localhost ~]#
To Keep SELinux running but ask it not to enforce the Security Policy, do the following:
[root@localhost ~]# setenforce 0 [root@localhost ~]# sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: permissive Mode from config file: enforcing Policy version: 24 Policy from config file: targeted
It is not recommended to turn off SELinux. If you encounter some SELinux policy issues and can not get it resolve, then you should set it to permissive mode.
To switch SELinux from "permissive" mode to "enforcing" mode, do the following:
[root@localhost ~]# setenforce 1 [root@localhost ~]# sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 24 Policy from config file: targeted
Firewall Configuration
Fedora distribution use "netfilter" kernel module for building a Stateful Packet Filtering firewall. Firewall is enable on Fedora Live DVD by default. The default firewall configuration:
[root@localhost ~]# iptables -L --line-number Chain INPUT (policy ACCEPT) num target prot opt source destination 1 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED 2 ACCEPT icmp -- anywhere anywhere 3 ACCEPT all -- anywhere anywhere 4 ACCEPT udp -- anywhere 224.0.0.251 state NEW udp dpt:mdns 5 REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) num target prot opt source destination 1 REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) num target prot opt source destination
- Incoming packets will be filtered based on firewall rules for the INPUT chain (Chain num 1 to 5)
- Rule number 1 allows any packets which are related to any packets went out before
- Rule number 2 allows any icmp packets, including echo-request and echo-reply packet (used by the ping command)
- Rule number 3 allows packets coming from the loop back network interface (lo), need to "-v" to show the interface name.
- Rule number 4 allows packets go to IP address 224.0.0.251 port 5353
- Rule number 5 blocks all other incoming packets
- No packet will be forwarded.
- All outgoing packets is allowed.
Additional Software Package Installation
Apache Manual
Installation using yum
[root@localhost ~]# yum install httpd-manual Loaded plugins: presto, refresh-packagekit Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package httpd-manual.noarch 0:2.2.13-4.fc12 set to be updated --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: httpd-manual noarch 2.2.13-4.fc12 fedora 767 k Transaction Summary ================================================================================ Install 1 Package(s) Upgrade 0 Package(s) Total download size: 767 k Is this ok [y/N]: y Downloading Packages: Setting up and reading Presto delta metadata fedora/prestodelta | 1.3 kB 00:00 Processing delta metadata Package(s) data still to download: 767 k httpd-manual-2.2.13-4.fc12.noarch.rpm | 767 kB 00:02 Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Installing : httpd-manual-2.2.13-4.fc12.noarch 1/1 Installed: httpd-manual.noarch 0:2.2.13-4.fc12 Complete!
Starting Apache Server
[root@localhost ~]# service httpd start Starting httpd: [ OK ] [root@localhost ~]#
To access your Apache Web Server running on the Live DVD
- Open the Firefox Web Browser
- Type the url "http://localhost" into the address box and press ENTER
- Type the url "http://localhost/manual" to access the Apache manual