Security – Technology evangelist

network, Openstack, Security

Neutron Validation Testing Part 3

Posted on June 25, 2018June 25, 2018 by Vishwanath Mule

External/Floating outgoing/incoming network

I have used following steps to test this.

Create tenant network, tenant subnet
Create shared router
For external network, I have created external network ext-net outside of script because we have to do some manual stuff here. For external networking make sure physical Ethernet port is added into external bridge br-ex and network configuration file ifcfg-br-ex and ifcfg-ethX is created with relevant info.
Add tenant network interface to router and set gateway of router to external network.
Create VM instance into tenant network.
Create and assign floating IP to VM
Add security rule for PING and SSH testing.
For external/outgoing access ping to 8.8.8.8 (google DNS) from VM and for floating incoming access ssh to VM using floating IP from outside.

Continue reading “Neutron Validation Testing Part 3” →

Linux, Security

Access Control List (ACL) Permissions in RHEL 7/Centos 7

Posted on June 11, 2015December 16, 2016 by Vishwanath Mule

Today I am going to show you how to use access control list (ACL) permissions in rhel7. Traditionally we have assigned permission to one user/owner and one group for file or directory but in some cases we need other user or other group apart from owner need to have readonly access or write access on same directory. To achieve this we have access control list permission concept in Linux.

Other users and and groups can also access file or directory even when they are not owners and member of group who is having ownership on that file or directory.

we use only two commands getfacl to see ACL permissions on directory/file and setfacl to set ACL permissions. We can even set default ACL so that new files and sub-directories created in directory will inherit ACL permissions of parent directory.

The filesystem needs to be mounted with ACL support enabled. XFS filesystems have built-in ACL support and Ext4 filesystem in RHEL7 have ACL option enabled by default. In earlier versions of RHEL you may need the ACL option included with mount request.

First we see ACL permission on file named prod.conf.

Continue reading “Access Control List (ACL) Permissions in RHEL 7/Centos 7” →

Linux, Security

Configure SSH key based authentication on rhel 7/centos 7

Posted on May 31, 2015December 16, 2016 by Vishwanath Mule

In this post I am going to show you how to configure SSH key based authentication on rhel7/centos7. Configuration of SSH key based authentication is little different in rhel7 compared to traditional method of manually copying public key to another server. Users can login using ssh with password and authenticate using public key authentication.

On every server we have two keys private and public. Private key is used as authentication credentials like password which must be kept secret and secure. Public key we need to copy on the server where user want to login and used to verify private key so public key does not need to be secret.

How authentication happens in SSH key key based authentication. SSH server that has public key can issue a challenge that can only be answered by system who is holding private key as a result user can authenticate without password only with the help of public key and system grant login access to the user.

Use ssh-keygen command to generate private and public key as follows

Continue reading “Configure SSH key based authentication on rhel 7/centos 7” →