Difference between revisions of "Ict-usb-linux"
(→Features) |
(→Open Firewall wall - no filtering rules) |
||
(6 intermediate revisions by the same user not shown) | |||
Line 5: | Line 5: | ||
Distribution: Linux Mint 17 | Distribution: Linux Mint 17 | ||
==Features== | ==Features== | ||
+ | === Basic System Info === | ||
+ | <pre> | ||
+ | ict-2014-v1 ~ # hostname | ||
+ | ict-2014-v1 | ||
+ | |||
+ | ict-2014-v1 ~ # uname -a | ||
+ | Linux ict-2014-v1 3.13.0-37-generic #64-Ubuntu SMP Mon Sep 22 21:28:38 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux | ||
+ | |||
+ | Regular user account name: | ||
+ | student:x:999:999:Seneca College ICT student,,,:/home/student:/bin/bash | ||
+ | |||
+ | student@ict-2014-v1 ~ $ id | ||
+ | uid=999(student) gid=999(student) groups=999(student),4(adm),24(cdrom),30(dip),46(plugdev),108(lpadmin),110(sambashare) | ||
+ | |||
+ | student@ict-2014-v1 ~ $ cat /etc/resolv.conf | ||
+ | # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) | ||
+ | # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN | ||
+ | nameserver 127.0.1.1 | ||
+ | search senecacollege.ca | ||
+ | |||
+ | student@ict-2014-v1 ~ $ grep host /etc/nsswitch.conf | ||
+ | hosts: files mdns4_minimal [NOTFOUND=return] dns | ||
+ | |||
+ | </pre> | ||
+ | |||
+ | ===Disk Usage=== | ||
+ | <pre> | ||
+ | Filesystem 1K-blocks Used Available Use% Mounted on | ||
+ | /cow 3984736 93728 3891008 3% / | ||
+ | udev 3973320 4 3973316 1% /dev | ||
+ | tmpfs 796948 1364 795584 1% /run | ||
+ | /dev/sdb1 3897904 1651776 2246128 43% /cdrom | ||
+ | /dev/loop0 1610368 1610368 0 100% /rofs | ||
+ | none 4 0 4 0% /sys/fs/cgroup | ||
+ | tmpfs 3984736 140 3984596 1% /tmp | ||
+ | none 5120 0 5120 0% /run/lock | ||
+ | none 3984736 76 3984660 1% /run/shm | ||
+ | none 102400 16 102384 1% /run/user | ||
+ | /dev/sdb2 25858132 70220 24451336 1% /home | ||
+ | </pre> | ||
+ | |||
+ | === mail === | ||
+ | No mail client installed. | ||
+ | To install, run the command "apt-get install mailutils" | ||
+ | |||
===Open Firewall wall - no filtering rules=== | ===Open Firewall wall - no filtering rules=== | ||
− | + | * Suggestion: | |
− | + | ** Drop policy on INPUT and Forward chains | |
− | + | ** Accept policy on OUTPUT chain | |
− | + | ** Add accept rule to FORWARD chain to allow "ESTABLISHED" and "RELATED" packets | |
<pre> | <pre> | ||
/sbin/iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT | /sbin/iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT | ||
</pre> | </pre> | ||
+ | |||
===smbd and nmbd services === | ===smbd and nmbd services === | ||
* Do you really want to have these on? | * Do you really want to have these on? | ||
Line 44: | Line 90: | ||
udp6 0 0 :::28749 :::* 3233/dhclient | udp6 0 0 :::28749 :::* 3233/dhclient | ||
udp6 0 0 :::5353 :::* 1231/avahi-daemon: | udp6 0 0 :::5353 :::* 1231/avahi-daemon: | ||
+ | </pre> | ||
+ | |||
+ | === SELinux === | ||
+ | Disable and no tools | ||
+ | |||
+ | === Python === | ||
+ | <pre> | ||
+ | Python 2.x: | ||
+ | student@ict-2014-v1 ~ $ python | ||
+ | Python 2.7.6 (default, Mar 22 2014, 22:59:56) | ||
+ | [GCC 4.8.2] on linux2 | ||
+ | Type "help", "copyright", "credits" or "license" for more information. | ||
+ | |||
+ | Python 3.x: | ||
+ | student@ict-2014-v1 ~ $ python3 | ||
+ | Python 3.4.0 (default, Apr 11 2014, 13:05:11) | ||
+ | [GCC 4.8.2] on linux | ||
+ | Type "help", "copyright", "credits" or "license" for more information. | ||
+ | |||
</pre> | </pre> |
Latest revision as of 11:21, 17 December 2014
ICT Linux USB for First Semester Students
Contents
Version 1, 2014
Date Created: December 2014 Distribution: Linux Mint 17
Features
Basic System Info
ict-2014-v1 ~ # hostname ict-2014-v1 ict-2014-v1 ~ # uname -a Linux ict-2014-v1 3.13.0-37-generic #64-Ubuntu SMP Mon Sep 22 21:28:38 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux Regular user account name: student:x:999:999:Seneca College ICT student,,,:/home/student:/bin/bash student@ict-2014-v1 ~ $ id uid=999(student) gid=999(student) groups=999(student),4(adm),24(cdrom),30(dip),46(plugdev),108(lpadmin),110(sambashare) student@ict-2014-v1 ~ $ cat /etc/resolv.conf # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 127.0.1.1 search senecacollege.ca student@ict-2014-v1 ~ $ grep host /etc/nsswitch.conf hosts: files mdns4_minimal [NOTFOUND=return] dns
Disk Usage
Filesystem 1K-blocks Used Available Use% Mounted on /cow 3984736 93728 3891008 3% / udev 3973320 4 3973316 1% /dev tmpfs 796948 1364 795584 1% /run /dev/sdb1 3897904 1651776 2246128 43% /cdrom /dev/loop0 1610368 1610368 0 100% /rofs none 4 0 4 0% /sys/fs/cgroup tmpfs 3984736 140 3984596 1% /tmp none 5120 0 5120 0% /run/lock none 3984736 76 3984660 1% /run/shm none 102400 16 102384 1% /run/user /dev/sdb2 25858132 70220 24451336 1% /home
No mail client installed. To install, run the command "apt-get install mailutils"
Open Firewall wall - no filtering rules
- Suggestion:
- Drop policy on INPUT and Forward chains
- Accept policy on OUTPUT chain
- Add accept rule to FORWARD chain to allow "ESTABLISHED" and "RELATED" packets
/sbin/iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
smbd and nmbd services
- Do you really want to have these on?
ict-2014-v1 selinux # netstat -taunp Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 1436/smbd tcp 0 0 127.0.1.1:53 0.0.0.0:* LISTEN 3237/dnsmasq tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 3004/cupsd tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 1436/smbd tcp6 0 0 :::139 :::* LISTEN 1436/smbd tcp6 0 0 ::1:631 :::* LISTEN 3004/cupsd tcp6 0 0 :::445 :::* LISTEN 1436/smbd tcp6 1 0 ::1:55026 ::1:631 CLOSE_WAIT 2185/cups-browsed tcp6 0 0 ::1:55028 ::1:631 ESTABLISHED 2635/cinnamon-setti tcp6 0 0 ::1:631 ::1:55028 ESTABLISHED 3004/cupsd udp 0 0 127.0.1.1:53 0.0.0.0:* 3237/dnsmasq udp 0 0 0.0.0.0:68 0.0.0.0:* 3233/dhclient udp 0 0 172.18.255.255:137 0.0.0.0:* 3361/nmbd udp 0 0 172.18.81.236:137 0.0.0.0:* 3361/nmbd udp 0 0 0.0.0.0:137 0.0.0.0:* 3361/nmbd udp 0 0 172.18.255.255:138 0.0.0.0:* 3361/nmbd udp 0 0 172.18.81.236:138 0.0.0.0:* 3361/nmbd udp 0 0 0.0.0.0:138 0.0.0.0:* 3361/nmbd udp 0 0 0.0.0.0:631 0.0.0.0:* 2185/cups-browsed udp 0 0 0.0.0.0:5353 0.0.0.0:* 1231/avahi-daemon: udp 0 0 0.0.0.0:35063 0.0.0.0:* 1231/avahi-daemon: udp 0 0 0.0.0.0:14647 0.0.0.0:* 3233/dhclient udp6 0 0 :::52153 :::* 1231/avahi-daemon: udp6 0 0 :::28749 :::* 3233/dhclient udp6 0 0 :::5353 :::* 1231/avahi-daemon:
SELinux
Disable and no tools
Python
Python 2.x: student@ict-2014-v1 ~ $ python Python 2.7.6 (default, Mar 22 2014, 22:59:56) [GCC 4.8.2] on linux2 Type "help", "copyright", "credits" or "license" for more information. Python 3.x: student@ict-2014-v1 ~ $ python3 Python 3.4.0 (default, Apr 11 2014, 13:05:11) [GCC 4.8.2] on linux Type "help", "copyright", "credits" or "license" for more information.