Skip to main content

Linux Kernel Security

Hands-On Lab

 

Photo of Stosh Oldham

Stosh Oldham

Course Development Director in Content

Length

00:30:00

Difficulty

Advanced

Many important security configurations can be set using kernel parameters. In this hands-on lab, we will learn how to find and modify these parameters using various utilities. These skills are essential for passing advanced security certification exams such as the LPIC 303-200 exam.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Linux Kernel Security

Introduction

Many important security configurations can be set using kernel parameters. In this hands-on lab, we will learn how to find and modify these parameters using various utilities. These skills are essential for passing advanced security certification exams such as the LPIC 303-200 exam.

Connecting to the Lab

  1. Open your terminal application, and run the following command (remember to replace <PUBLIC_IP> with the public IP you were provided on the lab instructions page):
    ssh cloud_user@<PUBLIC_IP>
  2. Type yes at the prompt.
  3. Enter your cloud_user password at the prompt.

Create a Text File for the Kernel Parameters

  1. Create a new text file called investigate.txt.
    touch /home/cloud_user/investigate.txt

Install the Kernel Documentation

  1. Run the following command:
    sudo yum install kernel-doc
  2. Type y at the prompt.

Find and Document the Value of the randomize_va_space Parameter

  1. Open the kernel.txt file of the sysctl documentation.
    vim /usr/share/doc/kernel-doc-3.10.0/Documentation/sysctl/kernel.txt
  2. Type /random to search the document for entries pertaining to address space randomization.
  3. Press Esc, and type :q to exit the vim text editor.
  4. Search for the term "randomize_va" using sysctl.
    sysctl -ar randomize_va
  5. Add the value of the parameter to the investigate.txt file.
    sysctl -ar randomize_va >> investigate.txt

Find and Document the Values of All ICMP Kernel Parameters

  1. Search for the term "ICMP" using sysctl.
    sysctl -ar icmp
  2. Add the values of the ICMP parameters to the investigate.txt file.
    sysctl –ar icmp >> investigate.txt

Temporarily Disable ICMP Using a Kernel Parameter

  1. Run the following command:
    sudo sysctl –w net.ipv4.icmp_echo_ignore_all=1

Find and Document the Current Kernel Security Limits

  1. View the contents of /etc/security/limits.conf.
    vim /etc/security/limits.conf
  2. Press Esc, and type :q to exit the vim text editor.
  3. Write the contents of /etc/security/limits.conf to investigate.txt.
    cat /etc/security/limits.conf >> investigate.txt
  4. Locate the current security limits for cloud_user.
    ulimit -a
  5. Write the output of the ulimit -a command to investigate.txt.
    ulimit -a >> investigate.txt
  6. Review the contents of the investigate.txt file.
    vim investigate.txt

Conclusion

Congratulations, you've successfully completed this hands-on lab!