# 🔥 Phase 4: Security > Goal: Lock it down — firewall, logging, hardening --- ## 🎯 Exercise 1 — iptables Basics ```bash # Check current rules iptables -L -n -v # Default policy (block all inbound) iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT # Allow established connections iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow SSH only from lab network iptables -A INPUT -s 10.0.1.0/24 -p tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp --dport 22 -j DROP # Allow loopback iptables -A INPUT -i lo -j ACCEPT # Save rules iptables-save > /etc/iptables/rules-save ``` --- ## 🎯 Exercise 2 — Test the Firewall ```bash # From alpine-1: block pings from alpine-2 iptables -A INPUT -s 10.0.1.2 -j DROP # From alpine-2: try to ping alpine-1 ping 10.0.1.1 # Delete the rule iptables -D INPUT -s 10.0.1.2 -j DROP ``` --- ## 🎯 Exercise 3 — Logging ```bash # Check system logs cat /var/log/messages dmesg | tail # Log a test message logger "Testing logging from my lab VM" ``` --- ## 🎯 Exercise 4 — SSH Hardening ```bash # Edit SSH config nano /etc/ssh/sshd_config # Change: # Port 2222 # PermitRootLogin prohibit-password # PasswordAuthentication no # AllowUsers bob rc-service sshd restart ``` --- ## ✅ Phase 4 Checklist - [ ] iptables firewall rules - [ ] Test blocking/unblocking traffic - [ ] System logging - [ ] SSH hardening **Previous:** [[Phase 3 - Users and Files]] | **Next:** [[Phase 5 - Server Stuff]]