LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-21-2016, 07:32 PM   #1
wheat
LQ Newbie
 
Registered: Jul 2016
Posts: 3

Rep: Reputation: Disabled
Newbie Fedora Install, Need to Configure Security, No Idea What I'm Doing


I am taking a class and we have installed Fedora on a VM. I have installed ssh and can connect to it through putty. My next task is to configure security which I don't know how to do. I've tried cd /etc/pam.d/passwd and it said "not a directory". I tried /etc/pam.d/passwd and it said permission denied yet I'm logged in as the root user.

Any help would be appreciated, I am so freakin lost on this and I have to have a LAMP server installed by Sunday, not good.....
 
Old 07-21-2016, 08:57 PM   #2
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Debian, Mint, OpenBSD
Posts: 11,333
Blog Entries: 12

Rep: Reputation: 2729Reputation: 2729Reputation: 2729Reputation: 2729Reputation: 2729Reputation: 2729Reputation: 2729Reputation: 2729Reputation: 2729Reputation: 2729Reputation: 2729
This might help you get started.

http://fedoraproject.org/wiki/SELinux
 
1 members found this post helpful.
Old 07-21-2016, 09:30 PM   #3
Ztcoracat
LQ Guru
 
Registered: Dec 2011
Distribution: Slackware
Posts: 6,371
Blog Entries: 6

Rep: Reputation: Disabled
https://www.unixmen.com/how-to-insta...-in-fedora-23/
 
1 members found this post helpful.
Old 07-21-2016, 10:38 PM   #4
jamison20000e
Senior Member
 
Registered: Nov 2005
Location: ...uncanny valley... infinity\1975; (randomly born:) Milwaukee, WI, US, Earth, end border$! ◣◢┌∩┐ Fe26-E,e...
Distribution: any GPL that works well on my cheapest, has been KDE or CLI but open... http://goo.gl/NqgqJx &c ;-)
Posts: 3,091
Blog Entries: 2

Rep: Reputation: 840Reputation: 840Reputation: 840Reputation: 840Reputation: 840Reputation: 840Reputation: 840
These may help as well: http://www.sc.edu/beaufort/library/p...es/bones.shtml
http://www.linuxquestions.org/questi...4/#post5049376

Last edited by jamison20000e; 07-21-2016 at 10:40 PM. Reason: fixed link
 
Old 07-21-2016, 10:44 PM   #5
John VV
LQ Muse
 
Registered: Aug 2005
Location: A2 area Mi.
Posts: 16,817

Rep: Reputation: 2408Reputation: 2408Reputation: 2408Reputation: 2408Reputation: 2408Reputation: 2408Reputation: 2408Reputation: 2408Reputation: 2408Reputation: 2408Reputation: 2408
other than new bugs

Fedora is rather secure out of the box

root remote login is OFF
tellnet is not enabled

the only thing is to set SElinux

on install it is set to "permissive" , this only gives warnings so that you can FIX the issues

then set it to ENFORCING

and the normal everyday things

disable UNUSED services in the boot "target"


also keep in mind fedora is one of the WORST!!!!! operating systems to run a Apache server on

the life span of only 13 MONTHS is way way WAY too short
and that new versions released every 6 MONTHS can be very different than the last version

RHEL or Cent are preferred -- 10 YEAR and 7 YEAR lifespan



as to setting up and configuring
Apache
MariaDB
php
PhpMyadmin
( optional but NICE )
AwStats and perl
imagemagkck or Gmic


all of these ARE in the fedora 23 and 24 repos

BUT
i have always been of the mind that for the first 6 to 12 lamp installs you install everything from Source od base packages
manually inatall apache ,mariadb,phpmyadmin

this TEACHES YOU!!!! to LEARN where all the config settings are and HOW to set up a secure install of Apache

it is very very VERY easy to set up a VERY INSECURE install of Apache
and it is rather COMPLEX to install a SECURE install of Apache

Last edited by John VV; 07-21-2016 at 10:54 PM.
 
1 members found this post helpful.
Old 07-22-2016, 12:49 AM   #6
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,240

Rep: Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324
Quote:
I have to have a LAMP server installed by Sunday
... then don't use Fedora. Its RedHat's bleeding edge R&D distro (as hinted above by JohnVV). Either pay for RHEL itself or get Centos, a free rebuild of RHEL sans some small proprietary bits.

PS: I am of course assuming you mean a real ie serious server and not just something to play with.
BTW: if this is real, definitely check out the Security Forum - you'll thank me later

Last edited by chrism01; 07-22-2016 at 12:51 AM.
 
Old 07-22-2016, 10:11 AM   #7
Ztcoracat
LQ Guru
 
Registered: Dec 2011
Distribution: Slackware
Posts: 6,371
Blog Entries: 6

Rep: Reputation: Disabled
https://www.centos.org/
 
Old 07-22-2016, 10:30 AM   #8
urbanwks
Member
 
Registered: Sep 2003
Distribution: Slackware64-Current, FreeBSD 11.0
Posts: 107

Rep: Reputation: 86
Quote:
Originally Posted by wheat View Post
I've tried cd /etc/pam.d/passwd and it said "not a directory". I tried /etc/pam.d/passwd and it said permission denied yet I'm logged in as the root user.
One thing to note - /etc/pam.d/passwd is a non-executable file. When you do this:

Code:
cd /etc/pam.d/passwd
It returns "not a directory", because it isn't, and you're trying to cd into it.

When you do this:

Code:
/etc/pam.d/passwd
It returns "permission denied", because it's not executable, and you're trying to execute it.

Try:

Code:
vim /etc/pam.d/passwd
Alternatively, just open it in a GUI text editor, because trying the above might just generate a lot of questions about vim.

[edit]
All of that said, I'm not sure what you're planning to do with the passwd file manually.

Last edited by urbanwks; 07-22-2016 at 10:31 AM.
 
1 members found this post helpful.
Old 07-22-2016, 10:38 AM   #9
jamison20000e
Senior Member
 
Registered: Nov 2005
Location: ...uncanny valley... infinity\1975; (randomly born:) Milwaukee, WI, US, Earth, end border$! ◣◢┌∩┐ Fe26-E,e...
Distribution: any GPL that works well on my cheapest, has been KDE or CLI but open... http://goo.gl/NqgqJx &c ;-)
Posts: 3,091
Blog Entries: 2

Rep: Reputation: 840Reputation: 840Reputation: 840Reputation: 840Reputation: 840Reputation: 840Reputation: 840
Four pack of Red Bull for the weekend...
 
Old 07-22-2016, 12:25 PM   #10
DavidMcCann
Senior Member
 
Registered: Jul 2006
Location: London
Distribution: CentOS, Salix
Posts: 4,158

Rep: Reputation: 1223Reputation: 1223Reputation: 1223Reputation: 1223Reputation: 1223Reputation: 1223Reputation: 1223Reputation: 1223Reputation: 1223
Security comes in two ways with Fedora (or CentOS, for that matter). I'm not sure that you have anything to do, but obviously the course will expect you to know what to do if you did.

Firstly, there's the SEL: Security Enhanced Linux. Only the Red Hat family come with that ready and running. As John said, that's managed as root user from the command line. The commands
man getenforce
man setenforce
will tell you all you need to know.

Secondly, there's the firewall, aka iptables. That is already set up (unlike Debian, which installs with it switched off!) and there's a GUI tool in the menu (in System - Administration for me) where you can see that it's on. That also has a quick configuration section, where you can open and close ports by just ticking a box: it should come with just ssh enabled and everything else shut down.
 
Old 07-27-2016, 06:18 PM   #11
Ztcoracat
LQ Guru
 
Registered: Dec 2011
Distribution: Slackware
Posts: 6,371
Blog Entries: 6

Rep: Reputation: Disabled
Were you able to get everything done by Sunday?
 
Old 07-29-2016, 08:15 AM   #12
wheat
LQ Newbie
 
Registered: Jul 2016
Posts: 3

Original Poster
Rep: Reputation: Disabled
Yes, I was successful, thanks for all the help!
 
Old 07-29-2016, 11:07 AM   #13
Ztcoracat
LQ Guru
 
Registered: Dec 2011
Distribution: Slackware
Posts: 6,371
Blog Entries: 6

Rep: Reputation: Disabled
Quote:
Originally Posted by wheat View Post
Yes, I was successful, thanks for all the help!
Congrads! You're Welcome.

Kindly mark your thread SOLVED-
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
how to install idea net sutter in backtrack4 and how to configure wi-fi network in ba sannd Linux - Newbie 1 01-15-2013 08:30 AM
how to install apt-get on fedora, no idea which one ...? frenchn00b Fedora 4 10-22-2008 02:51 AM
Apache on fedora core 3, how to configure diferent domains & security fatum112 Linux - Software 1 11-22-2005 06:02 PM


All times are GMT -5. The time now is 10:06 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration