RHCE LAB/Red Hat System Administration III missing LAB
Subhect: There is objective for host based security in RHCE exam but missing related lab and proper explanation for NFS, SAMBA, HTTPD, SSH
RHCE LAB course or Red Hat System Administration III do not cover lab material on host based security for NFS, SAMBA,httpd,SSJD
There is not even enough explanation theory how it can be done, but at the same time there is objective for the exam
There should one LAB for NFS, SAMBA, HTTPD, SSH
e.g. How sub-doamin or subnet can be restricted for NFS, SAMBA, HTTPD, SSH
How user,group can be restricted for HTTPD in config file with Require directives
Thank you
Yash
Responses
Yash,
I saw you had requested an instructor office hour on this as well, I'll let the Learning Experience team address any additional details if you're pursuing an appointment with them.
No one at Red Hat, nor any certificate holder, due to the Non-disclosure agreement one accepts when taking Red Hat Certification Exams, will speak to specifics around what is or is not on an exam.
I reviewed the EX300 exam objectives and my further comments relate only to this publicly accessible document: https://www.redhat.com/en/services/training/ex300-red-hat-certified-engineer-rhce-exam
Some services, like samba or NFS implement their own configuration directives to control access to the service (or resources offered by the service) by specific ips/hostnames/domain names/subnets
Some services, like sshd and [I think NFS still uses this as well], utilize tcpwrappers to either augment their own restriction configurations or take the place of needing to build in those features.
But all network services, regardless of their own security implementations, will have to pass through the kernel's netfilter module. So another, very effective method would be to use firewalld to manage port-based rules to control access to services. If you're using this method, you'd have to know the ports used by the different services, but /etc/services can give some ideas there.
It's been a while since I've taken Red Hat Systems Admin III, but I don't recall the materials explicitly covering all the potential ways that one could configure access controls on each service. However, I know that we do have an entire chapter devoted to firewalld.
As for httpd user/group access control, I didn't see anything specific to users or groups on the exam objectives (I did see something about access restrictions on directories, but there are not enough specifics in that objective to know exactly what they're referring to) Generally speaking though, one could use htpasswd if you really wanted (though that's pretty dated and over http it would transmit the user credentials in plain text) Alternatively, apache does hook into other authentication sources like kerberos, ldap, and others. Still, BLECK! Most application developers will instead use the authentication frameworks included in their programming libraries for their site content rather than relying on the web server's authentication options. To my knowledge, implementing in-application security is best practice instead of using your webserver to authenticate users.
-Scott
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
