Linux: Firewalls and SELinux

Learn how to secure Linux servers and workstations. Find out how to configure and troubleshoot firewalls and leverage the security-enhancing features of SELinux.

Introduction

• Welcome to firewalls and SELinux
• Prerequisites

1. Firewall Basics on Linux

• Iptables and Firewalld
• Installing Firewalld
• Installing the Firewalld GUI controls
• Installing GUI controls with no GUI
• Understand Firewalld zones
• Understand Firewalld services
• Zones explored

2. Configuring Firewalld for Local Protection

• Firewall-cmd configuration preparation
• Allowing the Apache web server
• Allowing any mail server
• Allowing an XMPP server
• Allowing an SMB server
• Allowing an NFS server
• Allowing an LDAP server
• Allowing a PostgreSQL server
• Allowing FTP and SFTP servers
• VM Port Forwarding
• ShieldsUP! panic mode

3. SELinux Fundamentals

• Installing SELinux utils
• Discretionary vs. mandatory access
• Understanding contexts
• Installing SELinux man pages
• Understanding Booleans

4. Working with SELinux

• Enabling SELinux and modes
• Graphical management tools
• Changing context labels
• Changing ports on services
• Copying files
• Moving files

5. SELinux Troubleshooting

• Running sepolicy
• Finding SELinux logs
• Making domains permissive
• Disabling and reenabling SELinux

Conclusion

• Next steps