RH413 – Red Hat Server Hardening

I’m attending this training in a week or so. This post will be updated as I go through the sections I want to check out before the training starts.

https://www.redhat.com/en/services/training/rh413-red-hat-server-hardening

  • Track security updates
    • Understand how Red Hat Enterprise Linux produces updates and how to use yum to perform queries to identify what errata are available.
  • Manage software updates
    • Develop a process for applying updates to systems including verifying properties of the update.
  • Create file systems
    • Allocate an advanced file system layout and use file system encryption.
  • Manage file systems
    • Adjust file system properties through security related options and file system attributes.
  • Manage special permissions
    • Work with set user ID (SUID), set group ID (SGID), and sticky (SVTX) permissions and locate files with these permissions enabled.
  • Manage additional file access controls
    • Modify default permissions applied to files and directories; work with file access control lists.
  • Monitor for file system changes
    • Configure software to monitor the files on your machine for changes.
  • Manage user accounts
    • Set password-aging properties for users; audit user accounts.
  • Manage pluggable authentication modules (PAMs)
    • Apply changes to PAMs to enforce different types of rules on users.
  • Secure console access
    • Adjust properties for various console services to enable or disable settings based on security.
  • Install central authentication
    • Install and configure a Red Hat Identity Management server and client.
  • Manage central authentication

Let’s encrypt the web – renewal

So easy!

just:

As I ran the letsencrypt-auto last time, I did again.

  • sudo systemctl stop nginx
  • cd letsencrypt
  • git pull
  • ./letsencrypt-auto
  • enter enter etc
  • sudo apache2ctl stop # .. why did it start apache2 automatically?
  • sudo systemctl start nginx

 

Since letsencrypt-auto version 0.5.0 it’s:

  • sudo systemctl stop nginx
  • cd letsencrypt
  • git pull
  • ./letsencrypt-auto –standalone –domains “my.example.com,2.example.com”
  • sudo systemctl restart nginx

Since certbot-auto (renamed from letsencrypt):

  • sudo systemctl stop nginx
  • ./certbot-auto renew
  • sudo systemctl start nginx

 

read on
Posted at 8pm on 15/02/16 | 1 Comment » | Filed Under: IT


css.php