TOPIC A: IMPLEMENT CYBERSECURITY BEST PRACTICES

A chroot jail is a technique of controlling what a process a user can access on a file system by changing the root directory of that process's environment:

Encryption is a cryptographic technique that converts data from plaintext into coded, or ciphertext, form. Decryption is the companion technique that converts ciphertext back to plaintext:

LUKS: Linux Unified Key Setup is a platform-independent FDE solution that is commonly that is commonly used to encrypt storage devices in a Linux environment.

The cryptsetup command is used as a front-end to LUKS and dm-crypt

SYNTAX

The syntax of the cryptsetup command is cryptsetup [options] {actions} [action arguments]

Hashing is a process or function that transforms plaintext input into an indecipherable fixed-length output and ensures this process cannot be feasibly reversed. The resulting output of the hashing process is called a hash, hash value, or message digest.

TOPIC B: IMPLEMENT IAM METHODS

SSH Authentication

Password vs public-key cryptography: generate a key pair - one public key, one private key

SSH Authentication Files in Linux

The following is a list of files that are used to configure SSH key-based authentication in Linux:

~/.ssh/ —A directory that contains files related to SSH keys.
id_rsa —Contains the user's private key.
id_rsa.pub —Contains the user's public key.
authorized_keys —A file on the remote server that lists the public keys that the server accepts. In other words, the server uses this file to authenticate the client.
known_hosts —A file on the client that lists the public keys that the client accepts. In other words, the client uses this file to authenticate servers.
config —A file on the client that you can use to configure SSH connection settings, such as using an IdentityFile directive to associate multiple keys with specific servers.

Note... Note: The /etc/ssh/ssh_config file is similar to ~/.ssh/config except that it applies globally rather than to a specific user.

SSH Key Commands

Various commands are available that you can use to work with SSH keys, including the following.

Command	Used To
`ssh-keygen`	Generate a public/private key pair using a specified asymmetric encryption algorithm.
`ssh-copy-id`	Append the user's public keys to the remote server's `authorized_keys` file so that the server can authenticate the user's private key. The public key is sent over SSH and typically requires password authentication to be enabled.
`ssh-add`	Add private key identities to the SSH key agent. If the key is protected by a password, the user only needs to enter the password once, and the agent will automatically authenticate the user.

Private key location is in the line: Your identification has been saved in. Public key location is in the line: Your public key has been saved in.

Figure: Generating a public/private key pair for use in SSH.

THE sshd_config FILE

The /etc/ssh/sshd_config file is used to configure an SSH server. Some of the settings you can configure include the following.

Setting	Used To
`PasswordAuthentication`	Enable or disable password-based authentication.
`PubkeyAuthentication`	Enable or disable public key-based authentication.
`HostKey`	Reference the locations of the server's private keys.
`UsePAM`	Enable or disable support for Pluggable Authentication Modules (PAM).
`Port`	Change the port number to bind the SSH service to.
`ListenAddress`	Change the IP address the SSH service should listen on.
`SyslogFacility`	Change the logging level of SSH events.
`ChrootDirectory`	Reference a chroot jail path for a user.
`AllowUsers`, `AllowGroups`	Enable user-specific access by allowing the specified users or groups access over SSH.
`DenyUsers`, `DenyGroups`	Restrict the specified users or groups from accessing the server over SSH.
`PermitRootLogin`	Enable or disable the ability for the root user to log in over SSH.

Note... Note: The sshd_config file is not be confused with the ssh_config file mentioned earlier.

TCP WRAPPERS

While you can deny access to specific users and groups, you can also deny connections to SSH that come from specific hosts. This is done by wrapping the SSH service in a TCP wrapper, which checks what hosts are explicitly allowed and denied before permitting the host to connect with the SSH service. You can specify hosts to allow in /etc/hosts.allow and hosts to deny in /etc/hosts.deny. The former has precedence over the latter, and is applied first. In these files you can specify hosts by their hostnames, IP addresses, network segments, etc.

For example, to deny all hosts, add the following line to /etc/hosts.deny:

sshd : ALL

Then, to whitelist your desired hosts, add them to /etc/hosts.allow:

sshd : 192.168.1.0/24
sshd : server01@domain.tld

PKI Components

Three servers in a triangle: Certificate Authority C A, Email, and Web. Arrows with certificates point from the C A server to the other 2.

Figure: A PKI hierarchy in which a CA issues certificates to servers.

OpenSSL

OpenSSL is an open source implementation of the SSL/TLS protocol for securing data in transit using cryptography.

SYNTAX

The syntax of the openssl command is openssl [subcommand] [options]

TOPIC C: Configure SELinux or AppArmor

SELinux Context

User:

unconfined_u: All users
user_u: Unprivileged users
sysadm_u: System administrators
root: The root user

The user is unconfined underscore u. The Role is object underscore r. The type is admin underscore home underscore t.

Figure: An example of a file's SELinux contexts.

SELinux Modes

SELinux has three different modes. Each mode configures the overall implementation of SELinux on the system.

Mode	Description
Disabled	In this mode, SELinux is turned off. So, MAC will not be implemented and the default DAC method will be prevalent.
Enforcing	In this mode, all the SELinux security policies are enforced. Therefore, processes cannot violate the security policies.
Permissive	In this mode, SELinux is enabled, but the security policies are not enforced. So, processes can bypass the security policies. However, when a security violation occurs, it is logged and a warning message is sent to the user.

SELinux Commands

The following table describes some of the major commands that you can use to configure an SELinux environment.

Command	Used To
`semanage`	Configure SELinux policies.
`sestatus`	Get the status of SELinux, including its current mode, policy type, and mount point.
`getenforce`	Display which mode SELinux is running in.
`setenforce`	Change which mode SELinux runs in. You can issue `setenforce 1` to enable enforcing mode and `setenforce 0` to enable permissive mode.
`getsebool`	Display the on/off status of SELinux boolean values. Boolean values enable you to change policy configurations at runtime without actually writing the policy directly.
`setsebool`	Change the on/off status of an SELinux boolean value.
`ls -Z`	List directory contents along with each object's security context. You can check the context of specific objects by issuing `ls -Z {file or directory name}`
`ps -Z`	List running processes along with each process's security context. You can check the context of specific processes by issuing `ps -Z {PID}`
`chcon`	Change the security context of a file. The basic syntax is `chcon {-u\|-r\|-t} {context value} {file or directory name}` where `{-u\|-r\|-t}` refers to user, role, or type, respectively.
`restorecon`	Restore the default security context of one or more files. You restore objects by issuing `restorecon {file or directory name}`

The status and info of S E Linux is shown, including the root directory, current mode, policy M L S status, and Max kernel policy version.

Figure: Checking the status of SELinux.

AppArmor

Whereas SELinux is more commonly associated with RHEL, AppArmor is packaged with Debian-based and SUSE Linux distros.

# /etc/apparmor.d/

# /etc/apparmor.d/bin.dig

# Mode: complain and enforce

AppArmor Commands

The following table describes some of the major commands that you can use to configure an AppArmor environment.

Command	Used To
`apparmor_status`	Display the current status of AppArmor profiles.
`aa-complain`	Place a profile in complain mode. The basic syntax is `aa-complain {path to profile}`
`aa-enforce`	Place a profile in enforce mode. The basic syntax is `aa-enforce {path to profile}`
`aa-disable`	Disable a profile, unloading it from the kernel. The basic syntax is `aa-disable {path to profile}`
`aa-unconfined`	List processes with open network sockets that don't have an AppArmor profile loaded.

TOPIC D: Configure Firewalls

The iptables tools: manage packet filtering as well as stateful firewall functionality

Each table applies to a certain context and consists of rule sets, called chains.

3 actions: ACTION, DROP, RETURN

The firewall chain is I N underscore D M Z. The rules specify the log, deny, and allow options. The action is Accept. The protocol is I c m p.

Figure: Listing the rules in a firewall chain.

SYNTAX

The syntax of the iptables command is iptables [options] [-t table] [commands] {chain/rule specification}

DEFAULT TABLES

There are five default tables that may be active depending on how the kernel is configured:

filter —The default table used for typical packet filtering functionality.
nat —Used to implement Network Address Translation (NAT) rules.
mangle —Used to alter packets' TCP/IP headers.
raw —Used to configure exceptions for packets involved in connection tracking.
security —Used to mark packets with SELinux security contexts.

LOGGING

You can enable logging for iptables rules by including the LOG action. In the following example, all dropped packets are being logged:

iptables -N LOGCHN
iptables -I INPUT -j LOGCHN
iptables -I LOGCHN -j LOG
iptables -I LOGCHN -j DROP

The first line creates a new chain called LOGCHN. The second line ensures all incoming packets not already processed by any prior rules will "jump" to the LOGCHN chain. The third line logs all packets that reach this chain, and the fourth line performs the actual dropping of packets. You can also substitute ACCEPT for DROP if you only want to log accepted packets.

Events for iptables are typically written to the /var/log/messages or /var/log/kern.log files.

UFW

The Uncomplicated Firewall (UFW) is a firewall management tool that makes it easier to configure the iptables service.

For example, the following commands set up an allow rule for HTTP, turn on logging, and enable the firewall. This automatically creates a default deny configuration for incoming traffic—in other words, everything without an explicit allow rule is dropped:

ufw allow http/tcp
ufw logging on
ufw enable

SYNTAX

The syntax of the ufw command is ufw [options] {action}

THE firewalld SERVICE

The firewall daemon (firewalld) is used to dynamically manage a firewall without requiring the firewall to restart upon modification. It is an alternative to iptables and uses zones and services rather than chains and rules.

THE firewall-cmd COMMAND

The firewall-cmd command enables you to configure firewalld by querying, adding, modifying, and deleting zones and services as desired

Zone: d m z. Interface: e n p 3 s 0. Services: s s h, h t t p, and h t t p s. Ports applied: 7 7 4 3 slash t c p and 6 0 1 slash t c p.

Figure: Listing the configurations for a specific firewalld zone.

SYNTAX

The syntax of the firewall-cmd command is firewall-cmd [options]

firewall-cmd COMMAND EXAMPLES

The following are some common examples of using the firewall-cmd command:

firewall-cmd --get-zones —list all available firewalld zones.
firewall-cmd --zone=dmz --list-all —list all details of the dmz zone, including the interfaces, ports, services, protocols, and more that the zone applies to.
firewall-cmd --zone=dmz --change-interface=<device ID> —add the specified interface to the dmz zone.
firewall-cmd --zone=dmz --add-service=http —add the HTTP service to the dmz zone.
firewall-cmd --zone=dmz --add-port=21/tcp —add TCP port 21 (FTP) to the dmz zone.
firewall-cmd --zone=dmz --remove-service=http —remove the HTTP service from the dmz zone.
firewall-cmd --zone=dmz --remove-port=21/tcp —remove TCP port 21 (FTP) from the dmz zone.
firewall-cmd --reload —reload the zone's configuration.

Netfilter

Netfilter is a Linux kernel framework that handles packets that traverse a network interface. Some of the major services it provides are packet filtering, NAT, and connection tracking. The iptables tool is closely integrated with Netfilter. It is able to allow, drop, and perform other firewall actions because it can interact with packets that are on Netfilter hooks. Both UFW and firewalld call iptables in some capacity, so they likewise rely on Netfilter.

P Sets

The ipset command enables you to create and modify IP sets. First you need to set a name, storage method, and data type for your set, such as:

ipset create range_set hash:net

In this case, range_set is the name, hash is the storage method, and net is the data type. Then, you can add the ranges to the set:

ipset add range_set 178.137.87.0/24
ipset add range_set 46.148.22.0/24

Then, you use iptables to configure a rule to drop traffic whose source matches the ranges in this set:

iptables -I INPUT -m set --match-set range_set src -j DROP

Alternatively, to drop traffic whose destination matches the set:

iptables -I OUTPUT -m set --match-set range_set dst -j DROP

SYNTAX

The syntax of the ipset command is ipset [options] {command}

TROUBLESHOOTING

The ipset tool can also be used when troubleshooting the iptables firewall. For example, you can use the test subcommand to test whether or not an entry exists:

ipset test range_set 178.137.87.5

If the firewall still isn't handling the IP address ranges as expected, you can list the rules that are using the relevant set:

iptables -L | grep range_set

Even if the rules are using your set, keep in mind that the rules are processed in order; the unexpected behavior may be due to how these rules flow in the table.

DenyHosts and Fail2ban

There are many IPS solutions available. Two common third-party solutions are DenyHosts and Fail2ban, both of which examine log files for anomalies.

DenyHosts primarily protects SSH servers from brute force password cracking attacks. It will take the source IP address and number of failed attempts into consideration. If enough failed attempts from the same source meet the threshold you've configured (or the default), DenyHosts will block that source.

Fail2ban also prevents brute force attacks, but unlike DenyHosts, it does not focus on any one service. Instead, it can monitor log files that pertain to any system service with an authentication component. Fail2ban leverages Netfilter and iptables to actually perform blocking actions, and can even be used to update your firewall rules. Fail2ban supports both IPv4 and IPv6.

CONFIGURATION

The primary configuration file for DenyHosts is the /etc/denyhosts.conf file. There are various settings you can adjust in this file. Some examples include:

ADMIN_EMAIL —Define what email address to send alerts to.
BLOCK_SERVICE —Define what services will be blocked from access by unauthorized users.
DENY_THRESHOLD_VALID —Defines how many times a user can attempt to log in to an existing account before being blocked.

The primary configuration file for Fail2ban is the /etc/fail2ban/jail.conf file. However, if you plan on configuring Fail2ban, it is best to copy this file to /etc/fail2ban/jail.local or make a custom .conf file within the /etc/fail2ban/jail.d/ directory. The following are some example settings:

bantime —Defines how long a host is blocked from accessing a resource.
maxretry —Defines the number of times a host can fail to authenticate before being blocked.
ignoreip —Defines a whitelist of accepted hosts.

TOPIC E: Implement Logging Service

System Logs: tracked and maintained by the syslogd daemon.

Severity codes indicate what level of impact the event might be, from 0 (most critical) to 7 (least critical).

Log File Locations

Log File	Contains
`/var/log/syslog`	All types of system events except for authentication messages. Primarily used by Debian-based distros.
`/var/log/messages`	General non-critical system events. Primarily used by RHEL and CentOS.
`/var/log/auth.log`	Authentication messages (e.g., login successes and failures). Primarily used by Debian-based distros.
`/var/log/secure`	Authentication messages. Primarily used by RHEL and CentOS.
`/var/log/kern.log`	Kernel messages (e.g., `dmesg` output).
`/var/log/[application]`	Messages from miscellaneous applications (e.g., `cron`, `firewalld`, `maillog`, etc.).

Log Rotation

The logrotate utility is used to perform automatic rotation of logs.

CONFIGURATION

Log rotation behavior can be configured in the /etc/logrotate.d/ directory, where each relevant service has its own configuration file. The following is an example configuration file for a service called myservice:

/var/log/myservice.log {
size 1k
create 700 user group
dateext
rotate 10
}

The first line defines where the log should be output. The size directive indicates that the log should rotate when it reaches 1,000 bytes in size. The create directive rotates the log file by creating a new one with the specified permissions, user, and group. The dateext directive appends the date to the rotated log. Finally, rotate specifies that only the 10 most recent log files should be kept.

THE journalctl COMMAND

The journalctl command enables you to view and query log files created by the journal component of the systemd suite. Log information is collected and stored via the systemd journald service.

The journald service is often used in conjunction with a traditional syslog daemon such as syslogd or rsyslogd. The settings for journald are configured in the /etc/systemd/journald.conf file.

A listing of journal messages, including dates, times, host, domain, and kernel.

Figure: Viewing the systemd journal.

SYNTAX

The syntax of the journalctl command is journalctl [options] [matches]

journalctl COMMAND OPTIONS

The journalctl utility provides a number of options for querying journald log data. Some of the frequently used options are listed in the following table.

Option	Used To
`-n {number of lines}`	Specify the number of lines of journal logs to display.
`-o {output format}`	Specify the format of the output. For example: `short`, `verbose`, or `export`.
`-f`	Display the most recent journal entries, and continuously update the display with new entries as they are added to the journal.
`-p`	Filter journal log output by severity (`alert`, `err`, `warning`, `notice`, `info`, etc.).
`-u`	Filter journal log output by the specified unit, such as the name of a service.
`-b [boot ID]`	Show log message from the current boot only, or the boot ID specified.

THE /var/log/journal/ DIRECTORY

In its default configuration, the systemd journal only stores logs in memory, and logs are cleared on each system reboot. You can have the journald logs persist after a reboot by creating the /var/log/journal/ directory. The systemd service is configured to automatically maintain logs in this directory if it exists.

THE last COMMAND

The last command displays the running history of user login and logout actions, along with the actual time and date. It also has options that enable you to filter users who have logged in through a specific terminal. For example, last 1 will display the details of users who logged in using the first terminal. The last command retrieves information from the /var/log/wtmp file.

To pull this same information for only failed login events, you can use the lastb command. This command retrieves information from the /var/log/btmp file.

A listing of log in and log out events, including user, dates, times, and status.

Figure: Displaying user login/logout history.

SYNTAX

The syntax of the last command is last [options]

`THE lastlog COMMAND`

The lastlog command is similar to the last command, but instead of listing the most recent login events, it lists all users and the last time they logged in. This command retrieves information from the /var/log/lastlog file.

TOPIC F: Backup, Restore, and Verify Data

Backup Types

A series of four gradually larger cylinders, labeled Mon, Tue, Wed, and Thu.

Figure: A full backup.

Differential: 4 cylinders. Mon is full. Next 3 are full and that day. Incremental: 4 cylinders. Mon is full. Next 3 are full, that day and previous.

THE tar COMMAND

The tar command enables you to create archives of data. It's commonly used to create an archive file from a directory that contains the data you want to back up. You can also use the command on previously created archives to extract files, store additional files, update files, and list files that were already stored.

Files file 1 dot t x t and file 2 dot t x t are listed as the files added to the archive. The archive name, archive dot t a r, is in red.

Figure: Creating an archive from multiple files.

SYNTAX

The syntax of the tar command is tar [options] {file names}

RESTORING FILES WITH THE tar COMMAND

The command tar -xvf will restore the entire contents of the source file or directory structure. To restore a portion of a tar file, use the path and name of the file you wish to extract. You must use the exact path and name that was used when you created the tar file. You can also make restores interactive by using the command tar -wxvf [destination] [source]

THE dar COMMAND

The dar ("disk archiver") command is intended to replace tar by offering more backup and archiving functionality. It is especially useful at creating full, differential, and incremental backups. The following command creates a full backup of the mydata directory and outputs a backup file named full.bak:

dar -R mydata -c full.bak

To create a differential backup (diff1.bak), you can reference the full backup using the -A option:

dar -R mydata -c diff1.bak -A full.bak

You can then create more differential backups as needed by referencing the full backup with the -A option. However, to perform incremental backups instead, you need to reference the previous incremental backup, like so:

dar -R mydata -c incr1.bak -A full.bak
dar -R mydata -c incr2.bak -A incr1.bak

The -x (extract) option is used to recover a backup. If you performed differential backups, you need to first extract the full backup, then the latest differential backup:

dar -x full.bak
dar -x diff1.bak -w

The -w option automatically overwrites changes to files; otherwise, you will be prompted to confirm.

To recover an incremental backup, you need to first extract the full backup, then each incremental backup, in order:

dar -x full.bak
dar -x incr1.bak -w
dar -x incr2.bak -w

THE dd COMMAND

The dd command copies and converts files to enable them to be transferred from one type of media to another. The dd command has various operands, or actions, to perform.

Operand	Used To
`if={file name}`	Specify the file from which data will be read.
`of={file name}`	Specify the file to which data will be written.
`bs={bytes}`	Specify the total block size to read and write, in bytes. Bytes can also be formatted in a more human-friendly way, such as `50M` to specify 50 megabytes and `10G` to specify 10 gigabytes.
`count={count}`	Specify the number of blocks to be written to the output file from the input file.
`status={level}`	Specify the level of information to print to standard error: `none` to suppress everything except error messages. `noxfer` to suppress total transfer statistics. `progress` to display transfer statistics periodically.

Note... Note: A selected input file is copied to a selected output file. If no files are selected, the standard input and the standard output are used.

SYNTAX

The syntax of the dd command is dd [options] [operands]

USING dd FOR BACKUPS

You can use dd to perform a full backup of a storage partition. The following example copies data from /dev/sda1 to /dev/sdb2:

dd if=/dev/sda of=/dev/sdb

Using dd, you can also create an image of a drive and then clone a second drive with it:

dd if=/dev/sda of=drive_image.iso
dd if=drive_image.iso of=/dev/sdb

THE mirrorvg COMMAND

The mirrorvg command creates copies, or mirrors, of all logical volumes in a specified logical volume group.

SYNTAX

The syntax of the mirrorvg command is mirrorvg [options] {volume group}

OTHER WAYS TO MIRROR LOGICAL VOLUMES

Other than using mirrorvg to mirror all volumes in a group, you can also use the mklvcopy command to mirror individual logical volumes in a volume group. You can also use the -m# option with lvcreate to create one or more mirrors of a logical volume. For example, the following command creates one 10 GB mirror called mirrorlv that copies from the volgr volume group:

lvcreate -L 10G -m1 -n mirrorlv volgr

Data Transfer Tools

The following data transfer tools are useful in facilitating the off-site backup process.

Data Transfer Tool	Description
`scp`	This tool is used to copy data to or from a remote host over SSH. Because it uses SSH, data you send to an off-site backup will be encrypted in transit, protecting its confidentiality. Like SSH, `scp` uses TCP port 22 by default. The following is an example of copying a file to a remote host: scp file.txt user@host:/home/dir
`sftp`	This command is the implementation of the Secure File Transport Protocol (SFTP). SFTP uses SSH tunnel as a transportation mechanism to encrypt data. Whereas `scp` is used purely for transferring files, `sftp` can transfer files and manage files and directories. So, you can list, create, and remove directories on the remote system. The `sftp` command also supports resuming file transfers, whereas `scp` does not. Just like with the standard `ftp` command, you can use `sftp` interactively or non-interactively. For example, to retrieve a file non-interactively: sftp user@host:file.txt
`rsync`	This tool is used to copy files locally and to remote systems. Its real power lies in its efficient use of network bandwidth; instead of copying all files, it only copies differences between files. So, if you use `rsync` on all files in a directory, it will check the destination directory to see if those exact files already exist. Only files that aren't already in the destination will be copied. The `rsync` command can copy files over SSH, or it can use the `rsyncd` daemon if you set it up on the remote system. The following is an example of synchronizing the files in a local directory to a remote directory over SSH: rsync -a /home/mydir/ user@host:/home/mydir/

Compression

gzip COMMAND

GNU zip (gzip) is a compression utility that reduces the size of selected files. Files compressed with gzip frequently have the .gz file extension. The gzip command has several options. These command options are described in the following table.

Option	Used To
`-d`	Reverse file compression (decompression).
`-f`	Force compression or decompression of a file even if it has multiple links or if the file exists.
`-n`	Omit saving the original file name and timestamp.
`-N`	Save the original file name and timestamp.
`-q`	Suppress all warnings.
`-r`	Enable directory recursion during compression or decompression.
`-v`	Display the name and percentage reduction of the compressed or decompressed file.
`-t`	Perform an integrity check on the compressed file.

The file to compress is archive dot t a r. The size decrease is 141. The compressed archive name, archive dot t a r dot g z, is in red.

Figure: Compressing an archive file with gzip.

SYNTAX

The syntax of the gzip command is gzip [options] [file names]

THE gunzip COMMAND

The gunzip command is equivalent to issuing gzip -d at the command-line.

THE xz COMMAND

The xz command is a data compression utility, similar to gzip, that reduces the size of selected files and manages files in the .xz file format. The xz command has several options.

Option	Used To
`-d`	Decompress a file.
`-f`	Force compression or decompression of a file even if it has multiple links or if the file exists.
`-q`	Suppress all warnings.
`-v`	Display the name and percentage reduction of the compressed or decompressed file.
`-t`	Perform an integrity check on the compressed file.

The file to compress is archive dot t a r. The size decrease is 180. The compressed archive name, archive dot t a r dot x z, is in red.

Figure: Compressing an archive file with xz.

SYNTAX

The syntax of the xz command is xz [options] [file names]

THE bzip2 SUITE

The bzip2 command and its related commands manage file compression. Files compressed with bzip2 frequently have the .bz2 file extension. The bzip2-related commands are described in the following table.

Command	Used To
`bzip2`	Compress a file.
`bunzip2`	Decompress a file.
`bzcat`	Decompress a file to standard output.
`bzdiff`	Run the `diff` command on compressed files.
`bzip2recover`	Recover data from damaged .bz2 files.
`bzless`	Run the `less` command on compressed files.
`bzmore`	Run the `more` command on compressed files.

Note... Note: Archives made with tar are frequently compressed with gzip (resulting in the file extension .tar.gz) or bzip2 (resulting in the file extension .tar.bz2).

The file to compress is archive dot t a r. The size decrease is 133. The compressed archive name, archive dot t a r dot b z 2, is in red.

Figure: Compressing an archive file with bzip2.

SYNTAX

The syntax of the bzip2 command is bzip2 [options] {file names}

For example, to compress files file1 and file2:

bzip2 file1 file2

THE zip COMMAND

The zip command is another compression utility, but unlike gzip, xz, and bzip2, it also features file archiving functionality. In fact, zip is a combination of an older compression utility called compress and the tar archive command. Files compressed with zip frequently have the .zip file extension. The zip command has several options.

Option	Used To
`-d`	Delete entries in a .zip archive.
`-e`	Encrypt the contents of an archive.
`-F`	Fix a corrupted .zip archive.
`-r`	Enable recursion.
`-T`	Perform an integrity check on the archive file.

[LINUX] - SECURING LINUX SYSTEMS

SSH Authentication Files in Linux

SSH Key Commands

SSH Key Commands

THE sshd_config FILE

TCP WRAPPERS

OpenSSL

SELinux Modes

SELinux Commands

AppArmor

AppArmor Commands

SYNTAX

DEFAULT TABLES

LOGGING

UFW

SYNTAX

THE firewalld SERVICE

THE firewall-cmd COMMAND

SYNTAX

firewall-cmd COMMAND EXAMPLES

Netfilter

P Sets

SYNTAX

TROUBLESHOOTING

DenyHosts and Fail2ban

CONFIGURATION

Log Rotation

CONFIGURATION

THE journalctl COMMAND

SYNTAX

journalctl COMMAND OPTIONS

THE /var/log/journal/ DIRECTORY

THE last COMMAND

SYNTAX

THE lastlog COMMAND

Backup Types

THE tar COMMAND

SYNTAX

RESTORING FILES WITH THE tar COMMAND

THE dar COMMAND

THE dd COMMAND

SYNTAX

USING dd FOR BACKUPS

THE mirrorvg COMMAND

SYNTAX

OTHER WAYS TO MIRROR LOGICAL VOLUMES

Data Transfer Tools

gzip COMMAND

SYNTAX

THE gunzip COMMAND

THE xz COMMAND

SYNTAX

THE bzip2 SUITE

SYNTAX

THE zip COMMAND

SYNTAX

Which Compression Method Should You Choose?

Hash Functions

THE md5sum COMMAND

SYNTAX

SHA Commands

SYNTAX

Encrypting a Volume

Scenario

Objectives

Prepare the data backup volume for encryption

Encrypt the data backup volume with a passphrase

Open the encrypted volume and verify that it is listed

Format the volume, mount it, and create a file

Add the encrypted volume to the /etc/crypttab and /etc/fstab files

Reboot the machine and unlock the encrypted volume

onfiguring SSH Authentication Using a Key Pair

Scenario

Objectives

Generate a public and private key pair to use with SSH authentication

Verify that the keys were generated and saved to the home directory

Copy your public key to your second server

Verify that your public key was added to your second server

Authenticate with your second server's SSH server using your private key

For added security, disable password authentication

`THE lastlog COMMAND`