redhat training

#to delete a directory ,need to own w right to parent directory.
#rpm management
#ifdown eth0; ifup eth0

#comm symmetric encription
gpg-c install.log
gpg -d install.log.pgp
-----------
passwd
------------
openssl
--------------

#Asymmertric encryption I
based upon pubic/private key pair
recipient
  Generate pub/pri
  publish pub p , guard pri key s
sender
  encrypts messages M with reciepeint public key
  send P(M) to recipient
recipient
   decrypts with secret key to recover: M = S(P(M))
---------------------------
#Asymmertric encryption II
Digital signature
  sender
  Generate P /S
  publish P , Guard S
  encryt message M with S
  send recipient S(M)
 
  recipient
   decrpt with sender's S
---------------------------------
# public Key infrastructures
 ---------------------
Openssh
vi /etc/ssh/sshd_config
#PermitRootlogin yes
better change to no
#X11Forwarding yes
default open this one in redhat
#TCPkeepAlive yes
defalut should be no

#Allowusers user1, user2
#Denyusers

think of 2 ways when consider access restriction.
1. based on user's accessing control
2. based on host's accessing control
-------------

Port forwarding
ssh and sshd can forward TCP traffic
Obtuse syntax can be confusing
   -L clientport: host: hostport
   -R serverport: host : hostport
Can be used to bypass access  controls
   requess succuesful authtication t oremote sshd by client
  AllowTcpForwarding

station 1 is server with telnet service
ssh -L 5000:station1:23 root@station1

create a channel to establish a connection , one way encypt by forwading
by ssh
------------
RPM
GPG public signature
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat*
rpm --checksig package_file name (or -K)
------------------------

SELinux
default context checking
#semanage -l fcontext |grep '/etc/tm'
check sebool value
#getsebool -a | grep mail | grep 'on$'

troubleshooting if selinux block us
check log file in : /var/log/messages
man -k selinux
service setroubleshoot status
rpm -q setroubleshoot
-----------------
# iptables basic operation
 iptables -t filter -D INPUT 4
#transport protocol and port
 -p tcp --dport 80
 -p udp --sport 53
iptables -A INPUT -p icmp --icmp-type echo-request -j REJECT
#service iptables stop
just flushing firewall rules:
vi /etc/rc.d/rc.local
#iptables -F
#iptables -F -t nat
#iptables -Z
#iptables -P INPUT DROP
#iptables -P