In Module 110.2 of LPIC version 500, we are talking about host security. We start by seeing how shadow file secures your passwords and will continue with blocking shell access for some users (using /usr/sbin/nologin) or preventing all normal users from logging into the system (using /etc/nologin).
Then I will convert the concept of Super Servers which might be called TCP Wrappers or Service Dispatchers. The older one is the inetd and xinetd. You can use /etc/hosts.allow or /etc/hosts.deny to control services if a service respects inetd using the libwrap library. Then we will cover a newer super service using systemd sockets and will finish by seeing how you can check and disable / stop unwanted / unused services. Attack surface is important; lets reduce it!
00:00 - Intro to lpic 110.2 version 500
01:20 - /etc/shadow
03:50 - Prevent shell login using /usr/sbin/nologin
05:00 - Prevent login using /etc/nologin
07:05 - Understanding / Why Super Server (TCP Wrappers) (xinetd)
13:30 - Control servers using hosts.allow & hosts.deny
15:40 - service despatching using systemd socket
18:30 - Removing unwanted linux services
Full LPIC1 course: • LPIC 1 (version 500) Course
Textbook: https://linux1st.com/1102-setup-host-security.html
9 Comments