Linux Fundamentals - Network Configuration

#readwise # Linux Fundamentals - Network Configuration ![rw-book-cover](https://readwise-assets.s3.amazonaws.com/static/images/article3.5c705a01b476.png) ## Metadata - Author: [[Hack The Box]] - Full Title: Linux Fundamentals - Network Configuration - URL: https://academy.hackthebox.com/module/18/section/2098 ## Summary Network configuration is crucial for penetration testers working with Linux systems. It involves managing network interfaces, assigning IP addresses, and setting up security measures like SELinux and TCP wrappers. Understanding these configurations helps optimize testing and enhances network security. Learning about these tools is essential for effectively identifying and addressing vulnerabilities in networks. ## Highlights Tools such as `syslog`, `rsyslog`, `ss` (for socket statistics), `lsof` (to list open files), and the `ELK stack` (Elasticsearch, Logstash, and Kibana) can be used to monitor and analyze network traffic. These tools help identify anomalies, potential information disclosure/expose, security breaches, and other critical network issues. ([View Highlight](https://read.readwise.io/read/01jn6bawazrxz780zrxtrb79sb)) --- One way to obtain information regarding network interfaces, such as IP addresses, netmasks, and status, is by using the `ifconfig` command. By executing this command, we can view the available network interfaces and their respective attributes in a clear and organized manner. This information can be particularly useful when troubleshooting network connectivity issues or setting up a new network configuration. It should be noted that the `ifconfig` command has been deprecated in newer versions of Linux and replaced by the `ip` command, which offers more advanced features. Nevertheless, the `ifconfig` command is still widely used in many Linux distributions and continues to be a reliable tool for network management. ([View Highlight](https://read.readwise.io/read/01jn6bh2n8h75p0m3nm5kz5vkq)) --- When it comes to activating network interfaces, `ifconfig` and `ip` commands are two commonly used tools. These commands allow users to modify and activate settings for a specific interface, such as `eth0`. We can adjust the network settings to suit our needs by using the appropriate syntax and specifying the interface name. ```sh sudo ifconfig eth0 up ``` or ```sh sudo ip link set eth0 up ``` ([View Highlight](https://read.readwise.io/read/01jn6bkxrcc3psyybza0q9738t)) --- One way to allocate an IP address to a network interface is by utilizing the `ifconfig` command. We must specify the interface's name and IP address as arguments to do this. This is a crucial step in setting up a network connection. The IP address serves as a unique identifier for the interface and enables the communication between devices on the network. ```sh sudo ifconfig eth0 192.168.1.2 ``` To set the netmask for a network interface, we can run the following command with the name of the interface and the netmask: ```sh sudo ifconfig eth0 netmask 255.255.255.0 ``` When we want to set the default gateway for a network interface, we can use the `route` command with the `add` option. ```sh sudo route add default gw 192.168.1.1 eth0 ``` ([View Highlight](https://read.readwise.io/read/01jn6bpamyzyrnj661ygnqhz67)) --- When configuring a network interface in Linux, it is often necessary to set Domain Name System (`DNS`) servers to ensure proper network functionality. ... On Linux systems, this can be achieved by updating the `/etc/resolv.conf` file, which is a simple text file containing the system’s DNS information. --- After completing the necessary modifications to the network configuration, it is essential to ensure that these changes are saved to persist across reboots. This can be achieved by editing the `/etc/network/interfaces` file, which defines network interfaces for Linux-based operating systems. Thus, it is vital to save any changes made to this file to avoid any potential issues with network connectivity. ([View Highlight](https://read.readwise.io/read/01jn6bsh1n56sjjze4htz0sk1d)) --- It’s important to note that changes made directly to the `/etc/resolv.conf` file are not persistent across reboots or network configuration changes. This is because the file may be automatically overwritten by network management services like `NetworkManager` or `systemd-resolved`. To make DNS changes permanent, you should configure DNS settings through the appropriate network management tool, such as editing network configuration files or using network management utilities that store persistent settings. After that, we must restart the networking service to apply the changes. ```sh sudo systemctl restart networking ``` ([View Highlight](https://read.readwise.io/read/01jn6bw76rbtknpja5yn60r3dp)) --- ### Network Access Control The following are the different NAC technologies that can be used to enhance security measures: • Discretionary access control (DAC) • Mandatory access control (MAC) • Role-based access control (RBAC) These technologies are designed to provide different levels of access control and security. Each technology has its unique characteristics and is suitable for different use cases. ([View Highlight](https://read.readwise.io/read/01jn6bynec1t5gkfeg4w66x97n)) --- As penetration testers, we need to be well-versed in how NAC can enhance network security and the various technologies available. Key NAC models include: | Type | Description | | ------------------------------------ | ------------------------------------------------------------------------------------------------------------------------- | | Discretionary Access Control (`DAC`) | This model allows the owner of the resource to set permissions for who can access it. | | Mandatory Access Control (`MAC`) | Permissions are enforced by the operating system, not the owner of the resource, making it more secure but less flexible. | | Role-Based Access Control (`RBAC`) | Permissions are assigned based on roles within an organization, making it easier to manage user privileges. | ([View Highlight](https://read.readwise.io/read/01jn6ban8psrmz356drstv77qr)) --- #### Discretionary Access Control DAC is a crucial component of modern security systems as it helps organizations provide access to their resources while managing the associated risks of unauthorized access. It is a widely used access control system that enables users to manage access to their resources by granting resource owners the responsibility of controlling access permissions to their resources. This means that users and groups who own a specific resource can decide who has access to their resources and what actions they are authorized to perform. These permissions can be set for reading, writing, executing, or deleting the resource. ([View Highlight](https://read.readwise.io/read/01jn6bzk9ac443zrj0tpkec5zg)) --- #### Mandatory Access Control MAC is used in infrastructure that provides more fine-grained control over resource access than DAC systems. Those systems define rules that determine resource access based on the resource's security level and the user's security level or process requesting access. Each resource is assigned a security label that identifies its security level, and each user or process is assigned a security clearance that identifies its security level. Access to a resource is only granted if the user's or process's security level is equal to or greater than the security level of the resource. MAC is often used in operating systems and applications that require a high level of security, such as military or government systems, financial systems, and healthcare systems. MAC systems are designed to prevent unauthorized access to resources and minimize the impact of security breaches. ([View Highlight](https://read.readwise.io/read/01jn6c0xqhbp8wpapvcxemhwsb)) --- #### Role-based Access Control RBAC assigns permissions to users based on their roles within an organization. Users are assigned roles based on their job responsibilities or other criteria, and each role is granted a set of permissions that determine the actions they can perform. RBAC simplifies the management of access permissions, reduces the risk of errors, and ensures that users can access only the resources necessary to perform their job functions. It can restrict access to sensitive resources and data, limit the impact of security breaches, and ensure compliance with regulatory requirements. Compared to Discretionary Access Control (DAC) systems, RBAC provides a more flexible and scalable approach to managing resource access. In an RBAC system, each user is assigned one or more roles, and each role is assigned a set of permissions that define the user's actions. Resource access is granted based on the user's assigned role rather than their identity or ownership of the resource. RBAC systems are typically used in environments with many users and resources, such as large organizations, government agencies, and financial institutions. ([View Highlight](https://read.readwise.io/read/01jn6c2c7ywt2t3e8npk9v2ase)) --- ### Troubleshooting Tools `Netstat` is used to display active network connections and their associated ports. It can be used to identify network traffic and troubleshoot connectivity issues. ... We can expect to receive detailed information about each connection when using this tool. This includes the protocol used, the number of bytes received and sent, IP addresses, port numbers of both local and remote devices, and the current connection state. The output provides valuable insights into the network activity on the system --- ### Hardening Several mechanisms are highly effective in securing Linux systems in keeping our and other companies' data safe. Three such mechanisms are SELinux, AppArmor, and TCP wrappers. ([View Highlight](https://read.readwise.io/read/01jn6cnmpk80v640p4rkjzz8w9)) --- #### Security-Enhanced Linux Security-Enhanced Linux (`SELinux`) is a mandatory access control (`MAC`) system integrated into the Linux kernel. It provides fine-grained control over access to system resources and applications by enforcing security policies. These policies define the permissions for each process and file on the system, significantly limiting the damage that a compromised process or service can do. SELinux operates at a low level, and though it offers strong security, it can be complex to configure and manage due to its granular controls. ([View Highlight](https://read.readwise.io/read/01jn6cpezsye54t31seam5a7ft)) --- #### AppArmor Like SELinux, `AppArmor` is a MAC system that controls access to system resources and applications, but it operates in a simpler, more user-friendly manner. AppArmor is implemented as a Linux Security Module (`LSM`) and uses application profiles to define what resources an application can access. While it may not provide the same level of fine-grained control as SELinux, AppArmor is often easier to configure and is generally considered more straightforward for day-to-day use. ([View Highlight](https://read.readwise.io/read/01jn6cqgj6zmhkv5xxy9918a6s)) --- #### TCP Wrappers `TCP wrappers` are a host-based network access control tool that restricts access to network services based on the IP address of incoming connections. When a network request is made, TCP wrappers intercept it, checking the request against a list of allowed or denied IP addresses. This is a simple yet effective way to control access to services, especially for blocking unauthorized systems from accessing networked resources. While it does not offer the fine-grained control of SELinux or AppArmor, TCP wrappers are an excellent tool for basic network-level protection. ([View Highlight](https://read.readwise.io/read/01jn6cr93a8nb4mr7ebke28k2q)) ---