Continuing on Chapter 4 finds firewall configuration and selinux.
Firewalls are something I’ve dealt with before over the years. In general they’re pretty simple but you do need to understand what you’re doing in order to properly set up a firewall.
SELinux is a different kettle of fish. You have basic system access; logins and groups with sudo to provide additional access at root level where necessary. Then you have ACLs which let you further define access restrictions but you need to enable it for the file system you’re intending on using it on. When I enabled acl on my /home directory on my system, it failed to boot this morning. I had to remove it and reboot. I’ll need to check that out and see what I did wrong.
SELinux is even more restrictive or controlling. Plus there are differences between RH6 and RH7, at least in the location of some of the info. RH6 has /selinux which doesn’t exist on RH7. So there will be differences in what I get from the RH6 book and possible RH7 test. I found a RH7 (CentOS7) page on the ‘net:
There are some differences between 6 and 7. I’ll need to identify and document the changes. Main good thing is if it is used, make sure you install the setroubleshooting package.
Next up, chapter 5 which deals with the boot process, network configuration, and time configuration. Shouldn’t be too hard. The security part is harder in part because it’s not needed is a majority of environments. Firewalls are dealt with by a different team (InfoSec) but is good to know for your personal gear and most folks can be permitted access within the guidelines.