Here we’re going to cover how to migrate an existing running instance of Tenable SecurityCenter from one Linux server to another.
I was not able to find great documentation around this process, and after contacting Tenable support for instructions I found that the steps provided were very basic and did not actually include everything needed, so I have documented everything that I needed to do here.
In Linux we can delete local user accounts with the ‘userdel’ command. Here we will cover some examples of using the various syntax options with userdel in order to remove a local user account in Linux.
In Linux we can copy files and directories around with the ‘cp’ command. Here we will demonstrate some common examples in which ‘cp’ can be used.
With the Bash shell in Linux it is quite simple to append the contents of one file to another, here we will cover how to perform file concatenation.
In Linux we can modify a local user account with the ‘usermod’ command. Here we will cover some examples of using the various syntax options with usermod in order to modify existing user accounts in Linux, specifically to add them into a group.
In Linux we can create a new user account with the ‘useradd’ command. Here we will cover some examples of using the various syntax options with useradd in order to create a new local user account in Linux.
By default NFS is not very secure, there’s no real authentication and access is granted based on hostname or IP address, information is sent over the network in plain text, and it’s also fairly easy to fake your UID/GID.
By making use of Kerberos we can secure NFS as this provides authentication, encryption and integrity.
Kerberos is an authentication protocol that can provide secure network login or SSO for various services over a non-secure network. Kerberos works with the concept of tickets which are encrypted and can help reduce the amount of times passwords need to be sent over the network.
These tickets are issued throughout the Kerberos realm by a centralised key distribution center (KDC). Here we will cover how to setup a KDC and obtain a Kerberos ticket from a client system in CentOS Linux.
Samba is an open source implementation of the server message block (SMB) and common internet file system (CIFS) protocols, it allows us to access Windows file share resources from Linux.
With Samba we can export specific directories within a file system over the network to other Windows or Linux clients, allowing us to share various files over the network between different operating systems.
Here we’re going to cover setting up a samba file share that allows for group collaboration. Users within a particular group will be able to create content within a samba share that other users within the same group will be able to access and modify.
Samba is an open source implementation of the server message block (SMB) and common internet file system (CIFS) protocols, it allows us to access Windows file share resources from Linux.
With Samba we can export specific directories within a file system over the network to other Windows or Linux clients, allowing us to share various files over the network between different operating systems.
It is important to configure this properly and secure it as much as possible so that only the required clients and users have access to the SMB/CIFS share, otherwise it may be possible for anyone to mount and access the data.
To do this we are going to use the /etc/samba/smb.conf file on the SMB/CIFS server and lock down shares to only be accessible by specific IP addresses and user accounts.