Files
2026-05-22 02:17:18 +02:00

1.5 KiB

🔥 Phase 4: Security

Goal: Lock it down — firewall, logging, hardening


🎯 Exercise 1 — iptables Basics

# Check current rules
iptables -L -n -v

# Default policy (block all inbound)
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

# Allow established connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow SSH only from lab network
iptables -A INPUT -s 10.0.1.0/24 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j DROP

# Allow loopback
iptables -A INPUT -i lo -j ACCEPT

# Save rules
iptables-save > /etc/iptables/rules-save

🎯 Exercise 2 — Test the Firewall

# From alpine-1: block pings from alpine-2
iptables -A INPUT -s 10.0.1.2 -j DROP

# From alpine-2: try to ping alpine-1
ping 10.0.1.1

# Delete the rule
iptables -D INPUT -s 10.0.1.2 -j DROP

🎯 Exercise 3 — Logging

# Check system logs
cat /var/log/messages
dmesg | tail

# Log a test message
logger "Testing logging from my lab VM"

🎯 Exercise 4 — SSH Hardening

# Edit SSH config
nano /etc/ssh/sshd_config
# Change:
#   Port 2222
#   PermitRootLogin prohibit-password
#   PasswordAuthentication no
#   AllowUsers bob

rc-service sshd restart

Phase 4 Checklist

  • iptables firewall rules
  • Test blocking/unblocking traffic
  • System logging
  • SSH hardening

Previous: Phase 3 - Users and Files | Next: Phase 5 - Server Stuff