Setting up LUKS 2 – Keeping the Data Safe – Securing a System
We can now look at the LUKS key slots. You should see the key in the second slot now.As seen in the following screenshot, slot 1: is populated with a key: Figure 9.7 – LUKS with the second slot used…
Setting up LUKS – Keeping the Data Safe – Securing a System
Setting up LUKS dnf -y install cryptsetup clevis clevis-luks clevis-dracut [root@clevis ~]# lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTsda 8:0 0 100G 0 disk├─sda1 8:1 0 1G 0 part /boot └─sda2 8:2 0 72.9G 0 part├─ol-root 252:0 0 50G…
Validating adherence to a compliance policy – Keeping the Data Safe – Securing a System
Validating adherence to a compliance policy Securing systems is much more than encrypting data at rest or in motion. Many configuration files should be checked, along with other common security settings. This can be done automatically using Security Content Automation…
Validating adherence to a compliance policy 2 – Keeping the Data Safe – Securing a System
The families of profiles included are as follows: When picking a standard, you can use the default generic standards (such as the Standard System Security Profile for Oracle Linux 8 found at https://static.open-scap.org/ssg-guides/ssg-ol8-guide-standard.html) or a standard that aligns with the…
Port protection and restricting network access – Keeping the Data Safe – Securing a System
Port protection and restricting network accessOracle Linux has a firewall built into the distribution. This firewall is called firewalld, short for firewall daemon. firewalld is a dynamic firewall management tool used on Linux systems that provides a simple and consistent…
Port protection and restricting network access 2 – Keeping the Data Safe – Securing a System
Adding new rules is easy to do. A rule can be added using the service name (found in the /etc/services file) or the port number. The most common task is to add a common user service, such as http or…
Keeping SELinux active – Keeping the Data Safe – Securing a System
Keeping SELinux active SELinux, or Security-Enhanced Linux, is a security module that provides mandatory access control (MAC) policies in the Linux kernel. It is needed because it offers a higher level of security for Linux systems by enforcing strict rules…
SELinux fixfiles – Keeping the Data Safe – Securing a System
SELinux fixfilesSELinux fixfiles is a command-line tool that’s used to restore the SELinux file contexts of files and directories. SELinux uses file contexts to determine which processes and users can access specific files or directories on the system. When file…
Keeping SELinux active 2 – Keeping the Data Safe – Securing a System
How to do it… The state of SELinux can be changed on the fly using the command setenforce with the parameters 1 or 0. Using 1 puts SELinux into enforcing mode, while 0 puts it into permissive mode. Additionally, you…
Searching and listing AppStream modules – Revisiting Modules and AppStreams
Searching and listing AppStream modules First things first, let’s review the list of commands that pertain to modules:• disable: Disable a module with all its streams• enable: Enable a module stream• info: Print detailed information about a module• install: Install…