Categories
Basic

Cheat Sheet: Advanced Linux Commands

As an example scenario, we are going to pretend we are developing a LAMP (Linux,
Apache, MariaDB and PHP) application on single machine running Red Hat Enterprise
Linux 7. As a first step, we’re going to install Apache, PHP and MariaDB (the drop-in
replacement for MySQL that’s shipped with Red Hat Enterprise Linux 7), and start the
appropriate services:

# yum -y install httpd mariadb-server
php-mysql php

Installs the correct packages to start developing a LAMP application: the Apache
webserver, the base packages for PHP, and a MariaDB server, including MySQL bindings
for PHP.

$ systemctl status httpd

Show information about httpd, including process ID, child processes, time since startup, what man pages are available, the most recent log messages, and more.

# systemctl start httpd mariadb

Start the httpd and mariadb services. Instead of ‘start’, you can also use stop or restart, for
obvious use cases.

# systemctl enable httpd mariadb

Enable the httpd and mariadb services to start at next boot. You can also use disable, mask or unmask.
So the framework is installed and services should be running; let’s check if everything is ok by checking out the logs. (You must either be a member of the ‘adm’ group on the system, or run these commands with ‘sudo’ prepended to them to see all log messages.)

$ journalctl -f -l

Show and keep open (-f) the system log, allowing you to see new messages scrolling by. The -l flag  prevents truncating of long lines.

$ journalctl -f -l -u httpd -u mariadb

Same as above, but only for log messages from the httpd and mariadb services.

$ journalctl -f -l -u httpd -u mariadb –since -300

Same as above, only for log messages that are less than 300 seconds (5 minutes) old

Now in order to test our app in the VM, we need the IP address of the server. For that we want to see the IP address configured for the first network card, called ‘eth0’ in most virtual machines:

$ nmcli d

Show the status of all network interfaces

$ nmcli d show eth0

Show details of network interface eth0; alternatively you can use ‘ip a s eth0’

# nmcli d connect eth0

Bring up the network interface eth0. You can use ‘disconnect’ to bring the interface down. Now let’s drop an example PHP file in /var/www/html to see if everything works

$ cat << EOF > /var/www/html/test.php
<?
phpinfo();
?>
EOF

All text between the first line and EOF will be added to /var/www/html/test.php. Any existing content in that file will be overwritten. This is called a ‘heredoc’.
Now we can download the test.php file from either the same machine, or our local workstation:

$ curl http://www.someapp.org/test.php
$ curl http://10.0.0.10/test.php

Use the ‘curl’ command to perform a download of the test.php file at www. someapp.org or 10.0.0.10, respectively

$ curl http://localhost:80/someapp/api -v

Fetch sent and received HTTP GET status, API response payload from the local host

$ curl https://localhost:443/someapp/ api -v -F “arg1=foo” -F “arg2=bar”

Fetch sent and received HTTPS POST status, API response payload from the local host

$ host www.someapp.org

Use the ‘host’ command to test DNS name resolution; you might need to run ‘yum -y install bind-utils’ for this command to work.

Generally, files in /var/www/html are owned by apache. In a dev environment, you might want to make those files owned by apache and a developer group. Here are some commands that are useful to make that a reality.

# chown apache:developers test.php

Change ownership of test.php to “apache” and the “developers” group. (You can only change ownership of a file to another user if you are the superuser, “root”.)

# chmod u+rw,g+rw,o+r test.php

Change the mode of test.php to allow owner (u) and users in the group (g) to read and write (+rw) it, and the rest of the world (o) to just read (+r) it.

# chmod g+rw test.php

Allow users in the group of test.php to read and write it

# chown -R :developers /var/www/html

Change ownership of /var/www/html and all files in that directory to the developers
group.

# chmod g+s /var/www/html

Special command to make sure that all files created in /var/www/html are owned by the group that own /var/www/html; it sets to so-called sticky bit. Maybe you have a script that you want to use on that server, too. You’ll need to make it executable first:

$ chmod 755 somescript

Allow the owner of somescript to read, write and execute it, and the rest of the world to just read and execute it.

$ chmod +x somefile

Allow execution of somefile Red Hat Enterprise Linux 7 ships with a security feature called SELinux. SELinux basically labels all files, and then whitelists what labels a program (e.g. Apache) is allowed to read.

$ ls -lZ test.php

Show the SELinux label of test.php. Files in /var/www/html need to be labeled httpd_sys_content_t (content readable by Apache) or httpd_sys_rw_content_t (content readable and writable by Apache).

# ausearch -sv no –comm httpd

Search the audit log for recently denied events triggered by Apache (‘httpd’). Useful for debugging an application that might be running into SELinux related problems.

# restorecon -FvR /var/www/html

Use this command to restore the default labels on all files under /var/www/html if different from those mentioned above.

$ getenforce

Show what mode SELinux is in: Disabled, Permissive or Enforcing. Switch SELinux to enforcing mode with ‘setenforce 1’.

# semanage fcontext -l | grep ‘/var/www’

View all SELinux rules that potentially apply to /var/www in the extensive SELinux docs. Install the policycoreutils-python package with yum to get the ‘semanage’ command. If you have a database on a separate server, you need to allow Apache to initiate network connections, which SELinux denies by default. This is done by setting an SELinux boolean.

$ getsebool -a

Show all available SELinux boolean settings
# setsebool httpd_can_network_connect_db 1

Tell SELinux to allow httpd to make connections to databases on other servers.
Use the -P flag to make permanent. The above should hopefully get you started with developing on RHEL, but you can do so much more! For example, here are some commands to run a program in the background in your shell.

$ ./someprogram &

Start someprogram in the background. You can also just start someprogram and hit CTRL-Z to suspend it and send it to the background.

$ jobs

Show all background jobs in current shell; add -l for more information on the jobs.

$ bg [number]

Continue suspended job (i.e. a job suspended with CTRL-Z) in the background.

$ fg [number]

Bring a background job to the foreground again. And if you need to get an idea on how your application or system is performing, you might like these commands

$ free

Show the amount of free memory. Please note it’s not necessarily a problem if Linux seems to use a lot of memory!

$ vmstat 3

Every three seconds, show statistics about the system, like utilization, memory in use, etc.

$ iotop

Show ‘top’ like output for disk i/o. Must be root to run this. First install the iotop package with yum.

$ ps xauww

Show the system process list Finally, maybe you want to use Java instead of PHP. These two commands install some programs you might want to use in that case

# subscription-manager repos –enable rhel-server-rhscl-7-rpms

Enable the Software Collections repositories to install packages from (required for Maven)

# yum -y install java-1.8.0-openjdkdevel tomcat maven30 git

Single command to install your Java compiler, Tomcat webserver, maven and git.

Categories
Recovery

Recover MySQL root password

YOU CAN RECOVER A MYSQL DATABASE SERVER PASSWORD WITH THE FOLLOWING FIVE EASY STEPS:

  1. Stop the MySQL server process.
  2. Start the MySQL (mysqld) server/daemon process with the –skip-grant-tables option so that it will not prompt for a password.
  3. Set a new root password.
  4. Exit and restart the MySQL server.

Here are the commands you need to type for each step (log in as the root user):

Step # 1 : Stop the MySQL service:

# /etc/init.d/mysql stop

Step # 2: Start the MySQL server w/o password:

# mysqld_safe –skip-grant-tables &

Output:

[1] 5988
Starting mysqld daemon with databases from /var/lib/mysql
mysqld_safe[6025]: started

Step # 3: Connect to the MySQL server using the MySQL client:

# mysql -u root

mysql>

Step # 4: Set a new MySQL root user password:

mysql> use mysql;
mysql> update user set password=PASSWORD(“NEW-ROOT-PASSWORD”) where User=’root’;
mysql> flush privileges;
mysql> quit

Step # 5: Stop the MySQL server:

# /etc/init.d/mysql stop

Output:

Stopping MySQL database server: mysqld
STOPPING server from pid file /var/run/mysqld/mysqld.pid
mysqld_safe[6186]: ended

[1]+  Done                    mysqld_safe –skip-grant-tables

Start the MySQL server and test it:

# /etc/init.d/mysql start
# mysql -u root -p

Change MySQL password for other users

To change a normal user password you need to type:

$ mysqladmin -u user-name -p oldpassword newpass

 

Categories
Basic

Getting the size of a directory on the command line?

Here is a function for  .bash_aliases (vi ~/.bash_aliases)

# du with mount exclude and sort
function dusort () {
    DIR=$(echo $1 | sed 's#\/$##')
    du -scxh $(mount | awk '{print $3}' | sort | uniq \
     | sed 's#/# --  exclude=/#') $DIR/* | sort -h
}

source vi ~/.bash_aliases 

sample output:

$ dusort /
...
0       /mnt  
0       /sbin
0       /srv
4,0K    /tmp
728K    /home
23M     /etc
169M    /boot  
528M    /root
1,4G    /usr
3,3G    /var
4,3G    /opt
9,6G    total

for subdirs:

$ dusort .
$ dusort /var/log/
Categories
Optimization Security

Kernel Tuning of Linux web server

Config  /etc/sysctl.conf

# Configuration file for runtime kernel parameters.
# See sysctl.conf(5) for more information.

# See also http://www.nateware.com/linux-network-tuning-for-2013.html for
# an explanation about some of these parameters, and instructions for
# a few other tweaks outside this file.

# Protection from SYN flood attack.
net.ipv4.tcp_syncookies = 1

# See evil packets in your logs.
net.ipv4.conf.all.log_martians = 1

# Discourage Linux from swapping idle server processes to disk (default = 60)
vm.swappiness = 10

# Tweak how the flow of kernel messages is throttled.
#kernel.printk_ratelimit_burst = 10
#kernel.printk_ratelimit = 5

# ——————————————————————–
# The following allow the server to handle lots of connection requests
# ——————————————————————–

# Increase number of incoming connections that can queue up
# before dropping
net.core.somaxconn = 50000

# Handle SYN floods and large numbers of valid HTTPS connections
net.ipv4.tcp_max_syn_backlog = 30000

# Increase the length of the network device input queue
net.core.netdev_max_backlog = 5000

# Increase system file descriptor limit so we will (probably)
# never run out under lots of concurrent requests.
# (Per-process limit is set in /etc/security/limits.conf)
fs.file-max = 100000

# Widen the port range used for outgoing connections
net.ipv4.ip_local_port_range = 10000 65000

# If your servers talk UDP, also up these limits
net.ipv4.udp_rmem_min = 8192
net.ipv4.udp_wmem_min = 8192

# ——————————————————————–
# The following help the server efficiently pipe large amounts of data
# ——————————————————————–

# Disable source routing and redirects
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.accept_source_route = 0

# Disable packet forwarding.
net.ipv4.ip_forward = 0
net.ipv6.conf.all.forwarding = 0

# Disable TCP slow start on idle connections
net.ipv4.tcp_slow_start_after_idle = 0

# Increase Linux autotuning TCP buffer limits
# Set max to 16MB for 1GE and 32M (33554432) or 54M (56623104) for 10GE
# Don’t set tcp_mem itself! Let the kernel scale it based on RAM.
# net.core.rmem_max = 16777216
# net.core.wmem_max = 16777216
# net.core.rmem_default = 16777216
# net.core.wmem_default = 16777216
# net.core.optmem_max = 40960
# net.ipv4.tcp_rmem = 4096 87380 16777216
# net.ipv4.tcp_wmem = 4096 65536 16777216
# ——————————————————————–
# The following allow the server to handle lots of connection churn
# ——————————————————————–

# Disconnect dead TCP connections after 1 minute
net.ipv4.tcp_keepalive_time = 60

# Wait a maximum of 5 * 2 = 10 seconds in the TIME_WAIT state after a FIN, to handle
# any remaining packets in the network.
net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 5

# Allow a high number of timewait sockets
net.ipv4.tcp_max_tw_buckets = 2000000

# Timeout broken connections faster (amount of time to wait for FIN)
net.ipv4.tcp_fin_timeout = 10

# Let the networking stack reuse TIME_WAIT connections when it thinks it’s safe to do so
net.ipv4.tcp_tw_reuse = 1

# Determines the wait time between isAlive interval probes (reduce from 75 sec to 15)
net.ipv4.tcp_keepalive_intvl = 15

# Determines the number of probes before timing out (reduce from 9 sec to 5 sec)
net.ipv4.tcp_keepalive_probes = 5

# ————————————————————-

From 

Categories
Optimization

optimize and speed up linux server

Its a common meditation – think of us that hardware upgrade is the best way to speed up a server. Its like more memory, or cpu cant deliver vetter performance.

Hardware upgrades are only a temporary fix. if services / application are not optimized.

Online applications are hosted/running on a web server front-end & db servers in the back-end. Over time these services tend to cause cpu, memory and I/O bottlenecks. that lead the decrease performance or even crashes server.

Steps to speed up server

  • Lean & mean website
    • Unused theme, plugin & add-ons
    • Combine css, java script files
    • Image optimization
    • compression enable
  • Web server optimization
    • Timeout -how long apache will wait for a visitortosend a request. Best to keep  this value as low as possible to prevernt  resource. In busy server, it sets up to 120 Sec
    • KeepAlive – is set to ON, Apache uses a single connection to transfer all files to load a page. This saves time in establishing a new connection to each file.
    • MaxKeepALiveRequests – this means that how many files can be transfered via a KeepAlive connection.  This setting can be set to “0” that is “Unlimited”.
    • KeepAliveTimeout – In a heavily loaded server it should keep at 10 sec
    • MaxClients – In busy server, it should keep at 512
    • MinSpareServers & MaxSpareServers –  In a heavily loaded server. MaxSpareServers value of 10  & MaxSpareServers value of 15 to be a good limit/
    • HostnameLookups – Apache try to to find out the hostname of every ip thst connects to it, This is wastage of resources. To prevent this it set to “O”.
  • HTTP/2 – Majority of wbistes use HTTP v1.1. This is old version released in 1997 that forces browsers to download files for a page sequentially one after another. HTTP/2 was released in 2015,  provides many speed boosting features such as multi-file transfer per connection. compressed headers. etc. As with everything nice, adopting HTTP/2 comes with a couple of caveats:
    • Converts the site to HTTPS
    • Monitoring of vulnerabilities- It is still news. while the protocol itselfs is stong, there could be exists vulnerability in server code. So it is important to keep a close eye on security news & patched it regularly.
  • Caching – Uses of PHP OpCode caches and HTML caches. APC Opcode cache & varnish HTML cache bump the performance of over 70%
  • Fast PHP Engine – Moderns are php-fpm, hhvm & php 7 that are really speed up scripts.
  • Database Optimization – DBs grows in size over a period to time, and the queries execution increases as site traffic increases. so that db tuning in continues result in performance issues
    • max_connections  – In dedicated server it can be 250 but in heavily loaded shared server it can be as low as 10.
    • innodb_buffer_pool_size – Set this value between 50-70% of available of RAM for MySQL
    • query_cache_size – this is enabled for a single website server. it is set to 1-MB or less depending of how slow the queries are at present.
Categories
Optimization

Remove packages including unused dependencies on Linux

Very often we install a package just for short usage.
Most of the time do these packages install a lot of dependencies along with it. After you don’t require the package anymore you remove it but the dependencies are not removed. Every unused package increases the security risk and it also needs some space.

A good example is an environment for compiling from sources.

$> yum groupinstall “Development tools”
...
Transaction Summary
==============================================
Install  19 Packages (+21 Dependent packages)
...
After compiling your source code you might want to get rid of the development tools:

$> yum groupremove “Development tools”


Transaction Summary
==============================================
Remove 25 Packages (+2 Dependent packages)

And here is the solution:

There is a nice plugin called “yum-plugin-remove-with-leaves” which does what it says to do.

Now you can suffix a yum remove command with “–remove-leaves”, which will remove any unused dependencies along with the package.
If you want this behaviour by default you can modify “/etc/yum/pluginconf.d/remove-with-leaves.conf” and set “remove_always” to true:

Taking our example from above you see the difference:

All the 58 packages that were installed are going to be removed!

Categories
Virtualization

Vmware template creation : Centos 7

# some variables
export ADMIN_USER=“admin”
export ADMIN_PUBLIC_KEY=“your public ssh key”
# install necessary and helpful components
yum y install nettools nano deltarpm wget bashcompletion yumpluginremovewithleaves yumutils
# install VM tools and perl for VMware VM customizations
yum y install openvmtools perl
# Stop logging services
systemctl stop rsyslog
service auditd stop
# Remove old kernels
packagecleanup y oldkernels count=1
# Clean out yum
yum clean all
# Force the logs to rotate & remove old logs we don’t need
/usr/sbin/logrotate /etc/logrotate.conf force
rm f /var/log/*???????? /var/log/*.gz
rm f /var/log/dmesg.old
rm rf /var/log/anaconda
# Truncate the audit logs (and other logs we want to keep placeholders for)
cat /dev/null > /var/log/audit/audit.log
cat /dev/null > /var/log/wtmp
cat /dev/null > /var/log/lastlog
cat /dev/null > /var/log/grubby
# Remove the traces of the template MAC address and UUIDs
sed i ‘/^\(HWADDR\|UUID\)=/d’ /etc/sysconfig/networkscripts/ifcfge*
# enable network interface onboot
sed i e ‘s@^ONBOOT=”no@ONBOOT=”yes@’ /etc/sysconfig/networkscripts/ifcfge*
# Clean /tmp out
rm rf /tmp/*
rm rf /var/tmp/*
# Remove the SSH host keys
rm f /etc/ssh/*key*
# configure sshd_config to only allow Pubkey Authentication
sed i r ‘s/^#?(PermitRootLogin|PasswordAuthentication|PermitEmptyPasswords) (yes|no)/\1 no/’ /etc/ssh/sshd_config
sed i r ‘s/^#?(PubkeyAuthentication) (yes|no)/\1 yes/’ /etc/ssh/sshd_config
# add user ‘ADMIN_USER’
adduser $ADMIN_USER
# add public SSH key
mkdir m 700 /home/$ADMIN_USER/.ssh
chown $ADMIN_USER:$ADMIN_USER /home/$ADMIN_USER/.ssh
echo $ADMIN_PUBLIC_KEY > /home/$ADMIN_USER/.ssh/authorized_keys
chmod 600 /home/$ADMIN_USER/.ssh/authorized_keys
chown $ADMIN_USER:$ADMIN_USER /home/$ADMIN_USER/.ssh/authorized_keys
# add support for ssh-add
echo ‘eval $(ssh-agent) > /dev/null’ >> /home/$ADMIN_USER/.bashrc
# add user ‘ADMIN_USER’ to sudoers
echo “$ADMIN_USER    ALL = NOPASSWD: ALL” > /etc/sudoers.d/$ADMIN_USER
chmod 0440 /etc/sudoers.d/$ADMIN_USER
# Remove the root user’s SSH history
rm rf ~root/.ssh/
rm f ~root/anacondaks.cfg
# remove the root password
passwd d root
# for support guest customization of CentOS 7 in vSphere 5.5 and vCloud Air
# mv /etc/redhat-release /etc/redhat-release.old && touch /etc/redhat-release && echo ‘Red Hat Enterprise Linux Server release 7.0 (Maipo)’ > /etc/redhat-release
# Remove the root user’s shell history
history cw
# shutdown
init 0
Categories
web server

Sentora install with NginX and Varnish for performance optimization

Sentora, comes with Apache 2.2 and I feel that it’s a bad solution when there are many good solutions already for using as web server e.g. Litespeed, NginX, Lighttpd etc. Litespeed is a paid service. If you have the ability to pay for it, you should use it as it is very good Benchmark test results. The person, like me, should go through the most of the benchmark test results. Then you will see that NginX, one of the best web server, has a very good reputation. After Apache, NginX has the most market share about to 14%. But NginX need PHP-FPM to work sound. Sentora comes with PHP 5.3. Nginx working here as reverse proxy in front of Apache.

At first, we will make Apache default port changed to a non-standard port. We will edit httpd-vhosts.conf file & change port 80 to port 8081.

vi /etc/Sentora/configs/apache/httpd-vhosts.conf

Then we need to install NginX on our server. I am using CentOS 7.3 (64-bit) so I am telling you the installation process on CentOS server. For more info or other OS based servers, follow NginX Installation Wiki to get it installed. If you can’t or get any error, let me know I will help you as far as I can.

We have to add NginX yum repository. Enter following command:

vi /etc/yum.repos.d/nginx.repo

Now paste the following configurations in it:

[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1

Use this command to install NginX:

yum install nginx

So, NginX has been installed on the server. Now we will edit nginx.conf file. Use the following command:

vi /etc/nginx/nginx.conf

Delete all default lines and paste the following lines:

user nginx;
worker_processes 3; #this number should be as same as your CPU core

error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;

events {
    worker_connections 1024; #this number indicates the connections, may be larger for large server
}

http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;
    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
    '$status $body_bytes_sent "$http_referer" '
    '"$http_user_agent" "$http_x_forwarded_for"';
    access_log /var/log/nginx/access.log main;
    sendfile on;
    keepalive_timeout 65;
    gzip on;
    gzip_min_length 1100;
    gzip_buffers 4 32k;
    gzip_types text/plain application/x-javascript text/xml text/css;
    gzip_vary on;
    
    server {
	    listen 8083 default_server;
	    
		    location / {
			    proxy_set_header Host $host;
			    proxy_pass http://127.0.0.1:8080;
		 	}
	 
			location ~ /\.ht {
				deny all;
			}
	}
}

Find the following lines:

server {
    listen 8083 default server;

Here our Nginx will listen to port 8083 as I also tell you how to set up Varnish Cache on your server. But if you want to use only NginX in front of Apache then change the port to 80. Hope you understand!

Let’s try to set up Varnish Cache now. Something about Varnish Cache. Apache+NginX+Varnish combination requires a higher RAM. Varnish Cache is a web application accelerator known as a caching HTTP reverse proxy. It uses RAM for caching as RAM is faster than our hard-disk. 

To install Varnish cache, enter these commands:

rpm --nosignature -i https://repo.varnish-cache.org/redhat/varnish-4.0.el6.rpm
yum install varnish

We have to change Varnish default backend port to 8083 on default.vcl. Use this command:

vi /etc/varnish/default.vcl

Now set .port=”8083”;

Then we have to edit /etc/sysconfig/varnish file and change VARNISH_LISTEN_PORT to 80. Have you done this? It’s time we should restart Apache and start NginX & Varnish (if you use) for working together. Enter following commands:

systemctl start httpd; systemctl start nginx; systemctl start vasrnish

That’s all. Now you should check your CPU and RAM usage. I hope you will see them in better health. For Apache+NginX+Varnish combination, Varnish works in front of NginX and NginX works in front of Apache, i;e;Varnish works in front of all.

For Apache+NginX combination, NginX works in front of Apache simply.

Categories
Security

Disable open relay on Postfix

Edit /etc/postfix/main.cf

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sender_restrictions = reject_unknown_sender_domain


Shows a list of files in queue

postqueue -p
postfix reload
postsuper -d ALL

to delete all the items in queue

tail /var/log/mail.log -n 100

 

Categories
Security

Requirement of Linux Security Engineer

Linux System

  Building and administrating Red Hat Enterprise Virtualization for Servers
●  Building and administrating Red Hat Enterprise Linux Servers
●  Using GFS2, KVM, and clustering Linux systems
●  Patching and building servers using Red Hat Network Satellite Server
●  Configuring HP Blade Systems and Virtual Connects
●  Managed storage on HP EVA and MSA storage systems
●  Configured zones on HP/Brocade Fiber Switches
●  Monitoring server hardware health, OS state and network connectivity, real-time and via SMTP e-mail notifications
●  Managing data and systems backups using Legato Networker and tapes
●  Configuring and maintaining Snort IDS devices
●  Used Putty, Xming and WinSCP on Windows desktops
●  Leveraging Systems Change Request system for change approvals
●  Development of complex unix shell scripts
●  Managed cron jobs
●  Configured individual and group level access to files and directories
●  Loaded data from a wide verity of devices and formats
●  Disaster recovery planning and implementation
●  Supporting SAS, Stata and Gaus econometric application in a Red Hat Linux environment
●  Administrating Oracle RH Linux Virtualization
●  Configured LDAP based authentication
● Symantec NetBackup and EMC Legato backup operations
●  Management of HP Tape Libraries

Security Engineering – Systems Security Analysis and Engineering – Familiarity, limited experience and the ability to learn the following:

●          Vulnerability & Patch Scans – Configures, builds templates, and executes vulnerability and patch scan software.  Analyses results and works closely with system administrators and DBAs to remediate vulnerabilities, or document the business requirements which make the acceptance of the risks associated with identified vulnerabilities acceptable.  Vulnerability scan tools
●          Nessus Software
●          AppDetective Data Base Scan Software
●          Foundstone Server Scan Software
●          Security Information Management (SIM) Software – Management and monitoring of SIM audit log data, development of policies and procedures for SIM operations,  development of queries, reports and executive dashboards, and business rules for automatic SMTP e-mail notifications on high risk alerts, for:
●          ArcSight SIEM
●          Deep Packet Inspection Software
●          RSA Security Analytics / NetWitness
●          Anomaly Detection Software
●          Riverbed Cascade
●          Configuration Management Data Base (CMDB) software
●          Network Intrusion Detection and Host Based Intrusion Detection hardware and software.
●          SourceFire Snort IDS/IPS
●          OSSEC HIDS
●          Firewall Software
●          Cisco PIX
●          Symantec End Point
●          Security C&A Analysis and Documentation
●          Performing and documenting risk assessments, analyzing security vulnerabilities, and the metrics to measure the risks associated with those vulnerabilities;
●          Based on the risk profile of the analyzed systems, development and documentation of a IT security policies and procedures for ameliorating those risks;
●          Design, development and documentation of comprehensive Systems Security Plan, covering at a high level the infrastructure, and policies and procedures which define the systems security profile for the analyzed systems;
●          Development of Systems Security Users Guides specific to selected networks, desktop computers, servers and data base systems;
●          Design, development, and validation of System Test and Evaluation (ST&E) reviews for new and/or legacy systems.
●          In summary, specific C&A documents to be prepared, reviewed and/or strengthened include:

  • Systems Security Plan
  • Risk Assessment
  • Contingency Plan
  • Incident Response Plan
  • System Test and Evaluation
  • Privileged Rules of Behavior
  • Interconnect Security Agreement (ISA)
  • Plans of Action and Milestones (POA&Ms)

●          NIST 800-53 Security Control analysis, assessment, and best practice-based remediation planning and documentation