Scribd
Upload
38 views18 pages

Implementing Security in GNU/Linux

The document details the implementation of security in GNU/Linux using the Endian firewall, including installation and configuration steps. It outlines objectives such as utilizing iptables commands, investigating firewalls, and configuring network services. The report also emphasizes the importance of proper installation order and network definition for effective firewall communication.

Uploaded by

ScribdTranslations
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
38 views18 pages

Implementing Security in GNU/Linux

The document details the implementation of security in GNU/Linux using the Endian firewall, including installation and configuration steps. It outlines objectives such as utilizing iptables commands, investigating firewalls, and configuring network services. The report also emphasizes the importance of proper installation order and network definition for effective firewall communication.

Uploaded by

ScribdTranslations
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

DIPLOMA IN DEPTH STUDY OF LINUX

CODE: 201494A_761

Unit 5
Step 6 - Implementing security in GNU/Linux Forum

Presented to:

Daniel Andrés Guzmán

Tutor

Delivered by:

Juan Camilo Jaramillo Rodríguez


Code: 1020730216

Group: 22

NATIONAL OPEN AND DISTANCE UNIVERSITY - UNAD


SCHOOL OF BASIC SCIENCES, TECHNOLOGY AND ENGINEERING
19 de abril de 2019
Bogotá D.C.
Introduction

The following document compiles the development of step 6, where the installation is carried out.
Endian tool, with which the services will be installed, configured, and managed according to
the selected theme.

Objectives

Perform the action with the iptables command.


Investigate the chosen firewall according to the theme.
Perform the installation of the Endian firewall.
Perform the initial configuration of the Endian firewall and carry out the respective processes of
agreement with the selected theme.
Individual report

Table A

Command Function(s), action or purpose Syntax of eachContextualized example of each


os command command
IPTables
Theme 3: Additional matching options are available Example limited module
Modules through modules loaded by the iptables command.--limit 5/hour, allows 5
To use a match option module, rule
loadmatchesthe
per hour.
options module by name using –m <module-name>,
where <module-name> is the name of the module.
Many modules are available in a
NCIA default. You can also create modules to
provide additional features.
The following is a partial list of the most
commonly used

Module Function
Limit Limit: set maximum number
for a period of time
determined, specified as a
par<value>/<period>.
Limit-burst: sets a limit on
the number of packages that can
match with one rule at a time
State Allows state matches
State: Corresponds to a package with
the following connection states:
Established: The package matches with
other packets in a connection
established.
The matching package does not
can connect to a connection
known.
New: The matching package creates a
new connection or is part of a
unseen two-way connection
previously.
The matching package starts
a new related connection of
some form with a connection
existing.
Mac Allows the matching between
MAC addresses of hardware
Mac source: matches an address
MAC of the network interface card that
I sent the package, for example:
--mac-sour[Link]

Table B

Interface Tem Tem Tema 3: pfsense Theme Theme 5:


/ a 1: a 2: 4: Firewall
Guf Zorp functionality IPCo l
w GPL p Builder
(ufw)
Description PfSense is a powerful Linux-based firewall.
general of the open and free that is used for servers
FreeBSD offers many features that
Interface they are usually found in the products of
commercial firewalls. pfSense is based on the
Stateful packet filtering concept.
Block the
access to our
team from the
IP
[Link] a
through the port
22 in function
of the protocol
SSH.

Deny the
access to
Internet for the
device with IP
[Link]
Restrict the
access to the
application
Dropbox
URL of
download
3. Table C

Firewall / The Theme Theme 3: ConfigServer Security Tema 4: Tema 5:


Main feature 2: Firewall (CSF) IPCop
OPNsense
s Smoo
End the wall
ian
Descripción The Config Server firewall
general of Firewall (CSF) is a firewall of
the distribution thorough inspection of
packages (SPI), an application
of security and detection of
intruders/login for
Linux servers. It is a
security tool that
you can protect your server
contra ataques, como la fuerza
brutal and improve security
from the server.

This application works as


a WHM add-on and it is
free.
Distribution RedHat Enterprise v6 to v7
GNU/Linux in CentOS v6 to v7
the one that is CloudLinux v6 to v7
based Fedora v30
OpenSUSE v10, v11, v12
Debian v8 - v10
Ubuntu v18 to v19
Slackware v12
Characteristic CSF supervises
traffic continuously the file of
server log and
notify errors in the
login authentication
SSH, SMTP, HTTP session,
IMAP, POP3 and FTP and others
many protocols.
Feature This firewall allows you
s block and unblock
Of Security manually IP addresses
specific ways
temporary or permanent.
Block/Allow Ports.
Failed Attempts of
authentication (LFD) to
FTP and email accounts
electronic.
Temporary lock or
permanent IP that
comply with the rules
configured.
Scan Block
Ports.
Prevent and mitigate attacks
DOS/DDOS
Brute Force Attacks.
Hardware A cloud server running
recommended with Ubuntu 18.04.
for A static IP [Link].
installation A root password.
Others CSF es muy simple, fácil de
characteristics install, simple and it is
additional compatible with many
based operating systems
in Linux such as CentOS,
["Ubuntu","RedHat","OpenSUSE"]
and Debian.

Collaborative report

Theme 3: Permit DMZ Zone services for the network.

Expected product:

Allow HTTP services (Port 80) and FTP (Port 21) from the web server under Ubuntu Server.
Deny the ICMP protocol (Port 8 and port 30) to prevent pinging on the network. Test through
a console or terminal does not respond to the ping command towards an IP on the network.
Check the outgoing traffic, the creation of the rules.

4. Endian Installation
Image 1: Endian Installation

The IP to be used is selected (in this case it was replaced later in another installation)

Image 2: Endian Installation


Image 3: Endian Installation

The installation was done again and the IP [Link] was used.

Image 4: Endian Installation

5. Endian Configuration
Image 5: Endian Configuration

We select the language and time zone.


Image 6: Endian Configuration
We accept the conditions:

Image 7: Endian Configuration

We did not make a backup as it is the first entry.

Image 8: Endian Configuration


We typed the passwords for the web interface and SSH:

Image 9: Endian Configuration

We select the red area to be used:

Image 10: Endian Configuration


We set up the green zone:

Image 11: Endian Configuration

We configure the DNS

Image 12: Endian Configuration


Email is configured if desired:

Image 13: Endian Configuration

We have completed the network configuration:

Image 14: Endian Configuration


Access the panel:

Image 15: Endian Configuration

We confirm the changes in the Endian machine:

Image 16: Endian Configuration

6. Allow HTTP services (Port 80) and FTP (Port 21) from the Web server under Ubuntu
Server.

Permission rules are created for the htp services with port 80 and FTP with port 21.
Image 17: Use of Endian

7. Deny the ICMP protocol (Port 8 and port 30) to prevent pinging on the network.
Try through a console or terminal the lack of response from the ping command to an IP of
the net.

Traffic is blocked in the ICMP protocol on ports 8 and 30.

Image 18: Use of Endian

Conclusions
It is important to carry out the installations in the correct order to avoid complications.
later.
In Endian installation, the network adapters must be configured first to avoid having
problems and that the client, server, and firewall can communicate with each other.
It is important to have the networks defined that are going to be worked on to configure them properly.
the firewall.

Bibliography
Admin. (February 22, 2013). Iptables Commands, Parameters, and Actions. Retrieved from:
[Link]

Alcalde, Alejandro. (Septiembre 21, 2017). 20 ejemplos de iptables para SysAdmins novatos.
Recovered from:[Link]

Altadill, Pello. (2020). Iptables. Retrieved from:[Link]

From light, Sergio. (September 22, 2012). Firewall configuration in Linux with IPtables.
Recovered from:[Link]
linux-con-iptables/

Saiz, Marcos. (January, 2020). How to Install and Configure Config Server Firewall (CSF) in
Ubuntu 18.04. Retrieved from:[Link]
Install and Configure Config Server Firewall (CSF) on Ubuntu 18.04

El Blog del Aminsitrador. (Noviembre 24, 2014). Instalacion y configuracion de Endian Firewall
in VirtualBox. [Video]. Retrieved from: [Link]
v=7FHg7HLRfJU&t=92s

You might also like