85 lines
1.5 KiB
Markdown
85 lines
1.5 KiB
Markdown
# 🔥 Phase 4: Security
|
|
|
|
> Goal: Lock it down — firewall, logging, hardening
|
|
|
|
---
|
|
|
|
## 🎯 Exercise 1 — iptables Basics
|
|
|
|
```bash
|
|
# Check current rules
|
|
iptables -L -n -v
|
|
|
|
# Default policy (block all inbound)
|
|
iptables -P INPUT DROP
|
|
iptables -P FORWARD DROP
|
|
iptables -P OUTPUT ACCEPT
|
|
|
|
# Allow established connections
|
|
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
|
|
|
|
# Allow SSH only from lab network
|
|
iptables -A INPUT -s 10.0.1.0/24 -p tcp --dport 22 -j ACCEPT
|
|
iptables -A INPUT -p tcp --dport 22 -j DROP
|
|
|
|
# Allow loopback
|
|
iptables -A INPUT -i lo -j ACCEPT
|
|
|
|
# Save rules
|
|
iptables-save > /etc/iptables/rules-save
|
|
```
|
|
|
|
---
|
|
|
|
## 🎯 Exercise 2 — Test the Firewall
|
|
|
|
```bash
|
|
# From alpine-1: block pings from alpine-2
|
|
iptables -A INPUT -s 10.0.1.2 -j DROP
|
|
|
|
# From alpine-2: try to ping alpine-1
|
|
ping 10.0.1.1
|
|
|
|
# Delete the rule
|
|
iptables -D INPUT -s 10.0.1.2 -j DROP
|
|
```
|
|
|
|
---
|
|
|
|
## 🎯 Exercise 3 — Logging
|
|
|
|
```bash
|
|
# Check system logs
|
|
cat /var/log/messages
|
|
dmesg | tail
|
|
|
|
# Log a test message
|
|
logger "Testing logging from my lab VM"
|
|
```
|
|
|
|
---
|
|
|
|
## 🎯 Exercise 4 — SSH Hardening
|
|
|
|
```bash
|
|
# Edit SSH config
|
|
nano /etc/ssh/sshd_config
|
|
# Change:
|
|
# Port 2222
|
|
# PermitRootLogin prohibit-password
|
|
# PasswordAuthentication no
|
|
# AllowUsers bob
|
|
|
|
rc-service sshd restart
|
|
```
|
|
|
|
---
|
|
|
|
## ✅ Phase 4 Checklist
|
|
- [ ] iptables firewall rules
|
|
- [ ] Test blocking/unblocking traffic
|
|
- [ ] System logging
|
|
- [ ] SSH hardening
|
|
|
|
**Previous:** [[Phase 3 - Users and Files]] | **Next:** [[Phase 5 - Server Stuff]]
|