Resources
New Features
Monitoring System Main Log File
Most system daemons write log messages to the main system log file at /var/log/messages. As a system administrator, you can view any new log messages written to the file in real time using the following command line in a terminal window:
[root@localhost ~]# tail -f /var/log/messages
Jan 13 11:59:01 localhost kernel: usb 1-2: new high speed USB device using ehci_hcd and address 5
Jan 13 11:59:01 localhost kernel: usb 1-2: New USB device found, idVendor=058f, idProduct=6387
Jan 13 11:59:01 localhost kernel: usb 1-2: New USB device strings: Mfr=1, Product=2, SerialNumber=3
Jan 13 11:59:01 localhost kernel: usb 1-2: Product: Mass Storage
Jan 13 11:59:01 localhost kernel: usb 1-2: Manufacturer: USB2.0
Jan 13 11:59:01 localhost kernel: usb 1-2: SerialNumber: 1C7FED06
Jan 13 11:59:01 localhost kernel: usb 1-2: configuration #1 chosen from 1 choice
Jan 13 11:59:01 localhost kernel: scsi9 : SCSI emulation for USB Mass Storage devices
Jan 13 11:59:06 localhost kernel: scsi 9:0:0:0: Direct-Access USB2.0 Flash Disk 8.07 PQ: 0 ANSI: 2
Jan 13 11:59:06 localhost kernel: sd 9:0:0:0: Attached scsi generic sg3 type 0
Jan 13 11:59:06 localhost kernel: sd 9:0:0:0: [sdc] 1998848 512-byte logical blocks: (1.02 GB/976 MiB)
Jan 13 11:59:06 localhost kernel: sd 9:0:0:0: [sdc] Write Protect is off
Jan 13 11:59:06 localhost kernel: sd 9:0:0:0: [sdc] Assuming drive cache: write through
Jan 13 11:59:06 localhost kernel: sd 9:0:0:0: [sdc] Assuming drive cache: write through
Jan 13 11:59:07 localhost kernel: sdc: unknown partition table
Jan 13 11:59:07 localhost kernel: sd 9:0:0:0: [sdc] Assuming drive cache: write through
Jan 13 11:59:07 localhost kernel: sd 9:0:0:0: [sdc] Attached SCSI removable disk
Jan 13 11:59:07 localhost kernel: kjournald starting. Commit interval 5 seconds
Jan 13 11:59:07 localhost kernel: EXT3 FS on sdc, internal journal
Jan 13 11:59:07 localhost kernel: EXT3-fs: recovery complete.
Jan 13 11:59:07 localhost kernel: EXT3-fs: mounted filesystem with ordered data mode.
The above messages were generated when a user plugged in an USB Flash drive to the system. In this example, the system assgined the device name [sdc] to identify the Flash drive.
Firewall Configuration
Default Firewall Setting
The default firewall configuration:
[root@localhost ~]# iptables -L --line-number
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
2 ACCEPT icmp -- anywhere anywhere
3 ACCEPT all -- anywhere anywhere
4 ACCEPT udp -- anywhere 224.0.0.251 state NEW udp dpt:mdns
5 REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
- Incoming packets will be filtered based on firewall rules for the INPUT chain (Chain num 1 to 5)
- Rule number 1 allows any packets which are related to any packets went out before
- Rule number 2 allows any icmp packets, including echo-request and echo-reply packet (used by the ping command)
- Rule number 3 allows packets coming from the loop back network interface (lo). Use the "-v" option to show the interface name.
- Rule number 4 allows packets go to IP address 224.0.0.251 port 5353
- Rule number 5 blocks all other incoming packets
- All packets will be forwarded.
- All outgoing packets are allowed.
Improving system security with some better rules
A better configuration
[root@localhost ~]# iptables -L --line-number
Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
2 ACCEPT icmp -- anywhere anywhere
3 ACCEPT all -- anywhere anywhere
Chain FORWARD (policy DROP)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
- Incoming packets will be filtered based on firewall rules for the INPUT chain (Chain num 1 to 3)
- Rule number 1 allows any packets which are related to any packets went out before
- Rule number 2 allows any icmp packets, including echo-request and echo-reply packet (used by the ping command)
- Rule number 3 allows packets coming from the loop back network interface (lo). Use the "-v" option to show the interface name.
- As we aren't using MDNS, we can delete that rule.
- Instead of rejecting unwanted traffic (which sends a response back), simply drop it (note the changed default policy).
- No packets will be forwarded.
- Unless you expect to be forwarding traffic, why allow it?
Logging unexpected traffic
It can also be useful to keep a log of the traffic that your machine drops. This could be traffic that you want, but haven't added a rule to accept, or it could provide early warning that someone is trying to compromise your machine. This is particularly useful on machines/interfaces that face the outside world.
[root@localhost ~]# iptables -A INPUT -j LOG
Restore default firewall rules to the Filter table
To restore the firewall to saved settings, do the following:
[root@localhost ~]# systemctl restart iptables
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: raw mangle nat f[ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules:
Reporting Problems about your Fedora Installation
Please read the bug report guide line to collect as much information as possible when reporting your Fedora problem to your professor.