Attached is a list of tasks for the security category. Admittedly, these tasks were originally written prior to the release of iptables. We will not be removing the ipchains tasks, but we must also include duplicate tasks which address iptables. Can you security experts provide matching tasks (or additional ones if applicable) which covers technical details involved with iptables? -- Kara Pritchard Phone: 618-398-7360 Author, RHCE Exam Cram Director of Exam Development http://www.lpi.org/ Site Manager http://www.LinuxUsersGroups.org/ --
1.1.5 Pre-configure ssh-agent system-wide 3.2.1 Turn on and off IP forwarding by changing the value of /proc/sys/net/ipv4/ip_forward. 3.2.2 Use tcp_max_syn_backlog, tcp_syn_retries and tcp_syncookies to manage syn connections and synflood attacks. Subarea 4: CIDR 3.4.1 Configure ipchains to set up ip masquerading. 3.4.2 Use ipchains redirect to send input packets to IP servers 3.4.4 List firewall rules on a chain using ipchains. 3.7.1 Set up secure anonymous ftp server for web host clients 3.7.2 L1 Change the /etc/ftpaccess file to include the DENY keyword. 5.2.2 hi,L1 Set up secure shell 5.2.5 L1 Generate a SSH public/private key pair (in ~/.ssh/identity and ~/.ssh/identity.pub). 5.2.7 Configure a remote system to allow SSH logins with a public key by adding the key to ~/.ssh/authorized_keys. 5.2.8 L1 Properly configure and use ssh-agent, including killing it off at logout properly. 5.2.9 Manage multiple connections from multiple locations to prevent network connection loss during sensitive remote system changes. 5.2.10 Set up special secure ports to allow remote administration as superuser. 5.2.11 hi Use tcpwrappers or ipchains to manage remote access. 5.2.13 Use ssh's port forward ability to encrypt insecure connections to a remote server and vice versa 5.2.16 Setup ssh to properly handle incoming and outgoing Ssh ver. 1 and ver. 2 connections 5.2.17 Disable ssh connections for everyone except root during system maintenance 5.2.18 Setup trusted hosts for ssh connections that allow logins without password 5.2.22 lo Setup kerberos to provide better security while allowing centralized user account management 6.2.2 lo Perform basic security auditing of sensitive source code, such as scanning for insecure usage of functions like 'strcpy' and 'sprintf' 6.2.7 Read bug track to learn about new security problems and fix them. 6.2.8 Check for open mail relays and anonymous ftp servers 6.2.9 lo Install and configure the snort intrusion detection tool 6.2.10 lo Update the snort configuration files to reflect newly-discovered vulnurabilities 6.3.1 Disable logging on as root by changing the /etc/ssh/sshd_config by entering DenyGroup root 6.3.5 hi Apply security bugfixes to important daemons 6.4.1 Change the firewall setup to block hosts that do portscans or test for vulnerabilities 6.4.3 Set up ipchains to accept packets into your network by specific network blocks. 6.4.4 Set up ipchains to deny ICMP packets into your network by specific network blocks. 6.4.5 Set up ipchains to reject ICMP packets into your network.
