Securing Linux - CentOS7

scottalanmiller

I am trying hard to keep several new articles coming each week.

wirestyle22

@scottalanmiller said:

I am trying hard to keep several new articles coming each week.

I appreciate that greatly. I'll be updating my progress and I'm sure I'll be asking a lot of questions to break everything down and provide hypotheticals.

stacksofplates

If you're running Fedora, there is an SELinux Troubleshooter tool that comes in really handy. I just moved my KVM images to a different folder. I had to change the context of the folder to allow KVM to read the images. As soon as the error happened, I got a notification from the troubleshooter. Highlighted is the commands you need to allow the action.

hobbit666

What about users?
At the moment I don't create a new user I just use root with a strong password.

Can I "link" Linux with out AD and user our usernames and passwords that way (but limit how i.e. just the IT Dept?)? Or should I create new local users on the Linux machines?

scottalanmiller

@hobbit666 said:

What about users?
At the moment I don't create a new user I just use root with a strong password.

Can I "link" Linux with out AD and user our usernames and passwords that way (but limit how i.e. just the IT Dept?)? Or should I create new local users on the Linux machines?

Really depends on how you plan to use the system.

hobbit666

@scottalanmiller said:

@hobbit666 said:

What about users?
At the moment I don't create a new user I just use root with a strong password.

Can I "link" Linux with out AD and user our usernames and passwords that way (but limit how i.e. just the IT Dept?)? Or should I create new local users on the Linux machines?

Really depends on how you plan to use the system.

At the moment its one VM for FOG and another VM for SnipeIT

stacksofplates

@hobbit666 said:

What about users?
At the moment I don't create a new user I just use root with a strong password.

Can I "link" Linux with out AD and user our usernames and passwords that way (but limit how i.e. just the IT Dept?)? Or should I create new local users on the Linux machines?

If you're only going to have a few Linux boxes its probably easier to just script the user/key creation.

hobbit666

thinking about it ...... it's more the backend I guess as FOG and SnipeIT (soon to be Zabbix and Unifi as well) all have there own User control. So more for running yum update command once in a while

scottalanmiller

@hobbit666 said:

thinking about it ...... it's more the backend I guess as FOG and SnipeIT (soon to be Zabbix and Unifi as well) all have there own User control. So more for running yum update command once in a while

Yeah, UNIX logins are actually not all that common for end users. We have them, but it is because we use Linux as terminal servers.

StrongBad

@scottalanmiller I almost never use them. A few service accounts and that's about it.