Cybersecurity Operations & Management

Hi fellow Fedora users, I am new to Fedora linux! I love the system security. I am going to go to school for Cybersecurity Operations & Management at harrisburg university and I also just started at my first ticket booth for remote pc repair. I have to ask, what do you guys/gals suggest in terms of my situation. I would kind of like to switch to Fedora Security spin, that way I have access to my own personal toolset for practical purpose. On top of that, I am trying to setup a proper network segmentation/port security with my firewall and chosen os. It’s like I said, i am currently using workstation so essentially my question is. Should I switch to the security spin for school. Will that be beneficial in practice. That being said, what ports am I going to need to keep open for booking tickets and performing remote IT Support while i am attending school daily. I am really into Off sec, but since i am In Cybersecurity Ops Management. I will need a firm understanding of how to secure my own network security systems and system security. I found that AIDE is my favorite IDS, it’s cool, however I am not sure how it interacts with fusion rpm because I am always getting " Changes " in sqlite db…
Someone please send me in the right direction, I am concerned for my own firewall being configured properly, as well as my own network being segmented properly. Also how do I handle changes found in AIDE, will I have to configure the .conf file for it a specific way?

How would we be able to answer that.?

The name implies it may be of benefit, but without both having experience with the spin you ask about and knowing the content of what is being taught it becomes impossible to fully evaluate the choices.

Without knowing your specific configuration in detail it is difficult to give specific answers – even for experts in security.

Security can be a lifelong learning and updating process.

1 Like

Well I would like to first achieve a proper setup as far as firewalld configuration when using the station for IT Support as well as that of intrusion detection systems and will having the Security Spin have a significant impact on the performance as that role of IT support at my current business partnership with https://www.itttsupport.com . Not trying to advertise here, just an attempt to elaborate what my goals are here. I do have my IT fundamentals certification. I am not however as talented as I might seem as far as being educated on “port forwarding”. I understand to some extent i will need to remove access to specific ports. For instance those that are vulnerable to that of recent exploits.

Just a few slight incentives from my side:

  • the security lab is not intended to be secure but to make other systems secure (keep in mind that an “offensive” system that is used to test other systems is itself often widely unprotected because some security measures for protecting a system tend to also block the tools that are used for security testing)
  • however, in these realms, Kali Linux is more widespread and at least when I was involved with such means (admittedly some years ago), especially the available packages of Fedora Security lab could not compete with Kali Linux. If you are new, it is also important that there is much documentation and support for you about how to do security testing with Kali, but much less documentation for doing it with Fedora security lab. In many cases, documentation is usable for both, but not all. If you attend industry courses about penetration testing, most courses that have an os focus will have a focus on Kali, and thus this might be easier for you.
  • with regards to firewalld, you will find a lot on the Internet about how to use it [1] [2] [3] [4] [5] [6], but your questions seem to go less in the direction of firewalld in specific, but rather about how the environment works in which firewalld is deployed: I suggest to start with searching and getting into topics like this at first:
    → inbound ports
    → outbound ports (incoming and outgoing ports are different, and when you sent something to port 80 on the other side it might start at port 5000 on your side)
    → OSI Layer, important protocols and their interaction through their layers and ports (ssh, http, https, tcp, ip)
    → difference between ports 0-1023 and all ports above
    → and generally firewalling with regards to ports
  • However, it is definitely a good idea to test and play! I suggest to run a virtual network with virtual machines (e.g., using virt-manager and kvm/qemu), which you can setup on Fedora, and test your machines by pentesting but also test how they behave when you reconfigure a firewalld. Check out the behavior and then check out WHY they behave that way they do (inbound and outbound ports are indeed a challenge that you will need to understand - but just knowing that there is a difference and then playing a little can make a difference!). But be careful with playing with the firewall of your production system :wink: You can set up some Fedoras (and maybe also other systems) as virtual machines, and additionally a virtual machine with security lab or kali to pentest them. And maybe set up some services in between the Fedoras: servers and clients (and then test firewalling on both sides).

A question that might help you to get some incentives: why is the FTP protocol a mess for firewalling? How far does it interfere with firewalling? A hint: it’s much about ports :slight_smile: (just something to start with : )

[1] https://firewalld.org/
[2] https://www.redhat.com/sysadmin/beginners-guide-firewalld
[3] Control the firewall at the command line - Fedora Magazine
[4] Firewalld - ArchWiki
[5] Control of System Accessibility by firewalld :: Fedora Docs
[6] Chapter 45. Using and configuring firewalld Red Hat Enterprise Linux 8 | Red Hat Customer Portal
→ just some examples that might be helpful

1 Like

Removed kde-plasma

The security spin is nice, for a penetration testing tool. I have issues with it sometimes. if I am understanding you correctly, you’re saying it’s probably flawed to use fedora security every day because of recon tools just being there, can cause defensive security measures to break, like firewalld or ufw. I appreciate the advice on getting knowledge on ports, like you said since then I have. I stopped firewalld and uninstalled it, installed ufw because it was simpler for me to use. I like the deny all rule. I usually just do that and open 443 and other things. if you have any suggestion for me go ahead, im not advanced or anything but if I can just focus and get through this course im in now ill know alot more about securing a network.I am taking a fortinet course for technical fundamentals of cybersecurity and am on the hashing module. i could use virt-manager, but only if i switched to a different fedora version. I am going to college, but at the same time im going for cyber security, and i need windows programs so i might use wine. I like gaming a little, but only games like stardew valley, terreria, children of morta, so no high end gaming is happening on my system. Maybe ill try to play left 4 dead too sometimes but that never seems to connect properly. I don’t really need that but anyway if you have any suggestions please let me know. It’s like i said, i deny all. Even 22 unless i need it. I just keep https open

Note again that a pentesting OS is different from a secure “production” OS. You might want to use Kali on a live USB install for testing.

As a secure Fedora variant I recommend secureblue which has a lot of hardening in place.

Not sure about firewalld vs ufw, should be fine. But firewalld is also used on the immutable distros and has a GUI.

i could use virt-manager, but only if i switched to a different fedora version.

Why? You can even install virt-manager on atomic variants, either by layering, or isolating that in podman containers which is very cool.

If you use WINE I recommend bottles flatpak. But many programs might run better in a virtual machine. Here make sure to

  • increase performance by debloating and using ChrisTitus’ WinUtil
  • install the Redhat VirtIO drivers by downloading the ISO, mounting it from within virt-manager and installing the drivers in the VM

For gaming use pupgui flagpak and bottles flatpak, its the most secure solution to use proton-GE.

1 Like

I actually just noticed bottles, that looks awesome I want to run Microsoft office 365, for class, on bottles. I haven’t tried a git hub/ custom fedora build yet. Is that really safe?

Great area to become proficient in, congratulations!

I have never considered AIDE, tripwire etc to be IDSs and find it interesting you do. On fedora using rpm -Va for files included in packages and aide for other files cuts down on plenty of otherwise false positives. The more configuration of aide to narrow in on only what should not change the better.

This is such a large topic. Here is a paper with descriptions of a number of areas and associated certifications. There are plenty of other lists. Finding what you want will be an adventure in itself.

Internal to fedora, following the flow of data from the network through the firewalls and routing and namespaces etc to the applications is great fun (e.g. use the nft command to figure out what firewalld is doing). Throw in podman, openvswitch and maybe an orchestration system like k8s and things become quite the brain teaser.

Have fun.

Office will not run in Wine, and dont dream of Office 365 which is basically a rootkit. Some older versions like 2016 (with actually buyable licenses) may, and in general its best to use a VM

Yeah ublue runs entirely on Github, even their signing keys are there afaik, because builds are automatic. This is probably safe but feels a bit bad, building on Fedora infra is not possible because they preinstall the proprietary / nonfree codecs and drivers and Fedora is reeeeeally cautious about legal issues.

Atomic Distros basically cant be built on Fedora infra without lacking hardware support and video codecs. Once your Filemanager works perfectly (including mounting drives, using LUKS etc…) as a flatpak, at least codecs are no longer needed.