OSL840 Resources
New Features
Monitoring System Main Log File
Most system daemons write log messages to the main system log file at /var/log/messages. As a system administrator, you can view any new log messages written to the file in real time using the following command line in a terminal window:
[root@localhost ~]# tail -f /var/log/messages Jan 13 11:59:01 localhost kernel: usb 1-2: new high speed USB device using ehci_hcd and address 5 Jan 13 11:59:01 localhost kernel: usb 1-2: New USB device found, idVendor=058f, idProduct=6387 Jan 13 11:59:01 localhost kernel: usb 1-2: New USB device strings: Mfr=1, Product=2, SerialNumber=3 Jan 13 11:59:01 localhost kernel: usb 1-2: Product: Mass Storage Jan 13 11:59:01 localhost kernel: usb 1-2: Manufacturer: USB2.0 Jan 13 11:59:01 localhost kernel: usb 1-2: SerialNumber: 1C7FED06 Jan 13 11:59:01 localhost kernel: usb 1-2: configuration #1 chosen from 1 choice Jan 13 11:59:01 localhost kernel: scsi9 : SCSI emulation for USB Mass Storage devices Jan 13 11:59:06 localhost kernel: scsi 9:0:0:0: Direct-Access USB2.0 Flash Disk 8.07 PQ: 0 ANSI: 2 Jan 13 11:59:06 localhost kernel: sd 9:0:0:0: Attached scsi generic sg3 type 0 Jan 13 11:59:06 localhost kernel: sd 9:0:0:0: [sdc] 1998848 512-byte logical blocks: (1.02 GB/976 MiB) Jan 13 11:59:06 localhost kernel: sd 9:0:0:0: [sdc] Write Protect is off Jan 13 11:59:06 localhost kernel: sd 9:0:0:0: [sdc] Assuming drive cache: write through Jan 13 11:59:06 localhost kernel: sd 9:0:0:0: [sdc] Assuming drive cache: write through Jan 13 11:59:07 localhost kernel: sdc: unknown partition table Jan 13 11:59:07 localhost kernel: sd 9:0:0:0: [sdc] Assuming drive cache: write through Jan 13 11:59:07 localhost kernel: sd 9:0:0:0: [sdc] Attached SCSI removable disk Jan 13 11:59:07 localhost kernel: kjournald starting. Commit interval 5 seconds Jan 13 11:59:07 localhost kernel: EXT3 FS on sdc, internal journal Jan 13 11:59:07 localhost kernel: EXT3-fs: recovery complete. Jan 13 11:59:07 localhost kernel: EXT3-fs: mounted filesystem with ordered data mode.
The above messages were generated when a user plugged in an USB Flash drive to the system. In this example, the system assgined the device name [sdc] to identify the Flash drive.
Firewall Configuration
Default Firewall Setting
The default firewall configuration:
[root@localhost ~]# iptables -L --line-number Chain INPUT (policy ACCEPT) num target prot opt source destination 1 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED 2 ACCEPT icmp -- anywhere anywhere 3 ACCEPT all -- anywhere anywhere 4 ACCEPT udp -- anywhere 224.0.0.251 state NEW udp dpt:mdns 5 REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) num target prot opt source destination Chain OUTPUT (policy ACCEPT) num target prot opt source destination
- Incoming packets will be filtered based on firewall rules for the INPUT chain (Chain num 1 to 5)
- Rule number 1 allows any packets which are related to any packets went out before
- Rule number 2 allows any icmp packets, including echo-request and echo-reply packet (used by the ping command)
- Rule number 3 allows packets coming from the loop back network interface (lo). Use the "-v" option to show the interface name.
- Rule number 4 allows packets go to IP address 224.0.0.251 port 5353
- Rule number 5 blocks all other incoming packets
- All packets will be forwarded.
- All outgoing packets are allowed.
Improving system security with some better rules
A better configuration
[root@localhost ~]# iptables -L --line-number Chain INPUT (policy DROP) num target prot opt source destination 1 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED 2 ACCEPT icmp -- anywhere anywhere 3 ACCEPT all -- anywhere anywhere Chain FORWARD (policy DROP) num target prot opt source destination Chain OUTPUT (policy ACCEPT) num target prot opt source destination
- Incoming packets will be filtered based on firewall rules for the INPUT chain (Chain num 1 to 3)
- Rule number 1 allows any packets which are related to any packets went out before
- Rule number 2 allows any icmp packets, including echo-request and echo-reply packet (used by the ping command)
- Rule number 3 allows packets coming from the loop back network interface (lo). Use the "-v" option to show the interface name.
- As we aren't using MDNS, we can delete that rule.
- Instead of rejecting unwanted traffic (which sends a response back), simply drop it (note the changed default policy).
- No packets will be forwarded.
- Unless you expect to be forwarding traffic, why allow it?
Logging unexpected traffic
It can also be useful to keep a log of the traffic that your machine drops. This could be traffic that you want, but haven't added a rule to accept, or it could provide early warning that someone is trying to compromise your machine. This is particularly useful on machines/interfaces that face the outside world.
[root@localhost ~]# iptables -A INPUT -j LOG
Restore default firewall rules to the Filter table
To restore the firewall to saved settings, do the following:
[root@localhost ~]# systemctl restart iptables iptables: Flushing firewall rules: [ OK ] iptables: Setting chains to policy ACCEPT: raw mangle nat f[ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules:
Reporting Problems about your Fedora Installation
Please read the bug report guide line to collect as much information as possible when reporting your Fedora problem to your professor.