3. Agenda
Introduction to Fedora Linux
Importance of Access Control
Linux Access Control BasicsFile Permissions in
Fedora
User Management
Group Management
Access Control Lists (ACLs)
SELinux (Security-Enhanced Linux)
Firewalld and Security
Logging and Auditing
Best Practices
Real-World Examples
4. Introduction to Fedora
Linux
The name Fedora refers to the characteristic fedora hat in Red Hat's Shadowman logo. Fedora, also
known as Fedora Linux, is a popular open source Linux-based operating system (OS). Designed as a
secure, general-purpose OS, Fedora is developed on a six-month to eight-month release cycle under
the Fedora Project. Both the OS and the Fedora Project are financially sponsored and supported by Red
Hat.
Fedora is a free and open source OS platform for hardware, clouds and containers. Based on the Linux
OS kernel architecture, It is a user-friendly OS that enables users to perform their tasks easily and
efficiently with minimal friction.
5. Importance of Access
Control
Access control is a critical aspect of any operating system, including Fedora, which is a Linux-based
distribution. Access control in Fedora OS plays a crucial role in ensuring the security, integrity, and
confidentiality of the system and its data. Here are some of the key reasons why access control is important
in Fedora and other Linux distributions:
• Security: Access control mechanisms help prevent unauthorized users or processes from accessing
sensitive system resources. By specifying who can access what, it helps in safeguarding the system
from malicious activities, such as unauthorized access, data breaches, and malware infections.
• Data Protection: Access control ensures that only authorized users can read, modify, or delete
specific files or directories. This is essential for protecting sensitive data and preventing accidental or
intentional data loss or corruption.
6. Importance of Access
Control
• System Integrity: Fedora relies on access control to maintain the integrity of the system. By restricting
access to system files and configurations, it prevents unauthorized changes that could lead to system
instability or vulnerabilities.
• User Isolation: Access control helps separate user accounts and their associated processes, ensuring
that users cannot interfere with each other's data or processes. This isolation is vital for multi-user
systems to maintain individual privacy and prevent one user from compromising the security of
another.
• Compliance: Many organizations and regulatory bodies have specific security and data protection
requirements that must be met. Access control is crucial in helping Fedora OS meet these compliance
standards by enforcing access policies and auditing access attempts.
7. Linux Access Control Basics
Linux access control basics involve managing permissions to restrict or allow access to system resources. Key elements
include:
Users: Identify individuals or entities interacting with the system.
Groups: Organize users into groups for easier permission management.
File Permissions: Determine who can read, write, or execute a file or directory by user, group, and others (world).
Access Control Lists (ACLs): Provide fine-grained control over access permissions beyond traditional file permissions.
Root Privileges: The root user has superuser privileges, allowing full access to the system.
Role of chmod and chown: Commands to change file permissions and ownership.
SELinux and AppArmor: Security modules that enhance access control by enforcing security policies.
These basics are essential for maintaining security and controlling resource access in Linux-based operating systems like
Fedora.
8. File permissions in Fedora and other Linux-based systems are governed by a set of three categories:
user, group, and others. Permissions for each category are represented by three characters: read (r), write
(w), and execute (x). In short:
- User (owner) permissions determine access for the file's creator.
- Group permissions apply to a specific user group.
- Others permissions cover all users not in the owner's group.
Permissions are set using commands like `chmod`, and
they control read, write, and execute rights for files and
directories, ensuring data security and access control
in the system.
File Permissions in Fedora
9. User Management
User management in Fedora OS involves creating, modifying, and managing user accounts. Key tasks
include:
1. Creating Users: Use commands like `useradd` to add new user accounts.
2. Deleting Users: Use `userdel` to remove user accounts.
3. Password Management: Change passwords with `passwd`.
4. User Groups: Organize users into groups using `groupadd` and `usermod`.
5. Access Control: Manage user permissions and access rights to system resources.
These actions help control access, maintain security, and manage user accounts in Fedora OS.
10. Group Management
Group management in Fedora OS involves organizing users into groups for easier permission
management and access control. Key tasks include:
1. Creating Groups: Use `groupadd` to create new user groups.
2. Adding Users to Groups: Add users to groups using `usermod` or `useradd`.
3. Removing Users from Groups: Use `gpasswd` or manually edit `/etc/group`.
4. Managing Group Permissions: Control group access to resources by setting file and directory
permissions.
Group management simplifies access control and user administration in Fedora OS.
11. Access Control Lists
Access Control Lists (ACLs) in Fedora OS are a feature that allows for finer-grained control over file and
directory permissions. In short, ACLs:
1. Extend Basic Permissions: ACLs provide additional user and group permissions beyond the standard
read, write, and execute.
2. Allow Detailed Access Control: You can specify permissions for individual users or groups on a per-file
or per-directory basis.
3. Enhance Flexibility: ACLs are used to grant specific access rights without changing the primary file
ownership or group.
4. Can be Managed with Commands: Use commands like `getfacl` and `setfacl` to view and modify ACLs.
ACLs are valuable for managing access to resources in Fedora OS when traditional file permissions are not
sufficient for precise control.
12. SELinux (Security-Enhanced Linux)
SELinux (Security-Enhanced Linux) is a security module used in Fedora and other Linux distributions to enhance access
control and provide fine-grained security policies. In short, SELinux:
1. Enforces Mandatory Access Controls: SELinux goes beyond traditional Linux discretionary access controls (DAC) to
mandate specific policies for system resources and processes.
2. Labels Resources: Each file, process, or network port is assigned a security label, and access is determined based on
these labels.
3. Provides Multi-Level Security: SELinux offers various security levels, allowing strict control for different types of
systems, from desktops to servers.
4. Enhances System Security: It helps prevent privilege escalation, restricts unauthorized access, and isolates
processes.
5. Can Be Managed with Tools: SELinux policies can be customized using tools like `semanage` and `setsebool`.
SELinux is a powerful security feature that plays a crucial role in protecting the Fedora OS and its resources from various
security threats.
13. Firewall and Security in fedora OS
Firewall is a dynamic firewall management tool used in Fedora and other Linux distributions to enhance security.
In Fedora, it is installed by default during the installation of the operating system, enabled and configured to provide
secure operation even without any additional action by the administrator.
1. Manages Firewall Rules: Firewall simplifies the management of firewall rules, making it easier to control network
traffic.
2. Zones: It categorizes network connections into different zones (e.g., public, home, work) and applies specific rules to
each zone.
3. Dynamic Rule Updates: Firewall allows real-time rule updates without disrupting existing connections, increasing
flexibility and security.
4. Rich Rules: It supports the creation of more complex rules based on services, source addresses, and ports.
5. Default Security: Fedora ships with Firewall configured to provide a basic level of security.
Firewall is an essential component in securing the network and ensuring that only authorized traffic is allowed in
Fedora OS, contributing to system security.
14. Logging and Auditing
Logging and auditing are critical components of security and system management in Fedora OS. In short, in Fedora
OS:
1. Logging: The system generates logs to record events, activities, and errors, which are essential for troubleshooting,
monitoring, and security analysis.
2. Audit: Fedora OS includes the audit daemon (`auditd`) for auditing. It monitors system activities, creates audit logs,
and supports fine-grained control of what to audit.
3. Audit Rules: Administrators can define custom audit rules to track specific events or actions, such as file access,
user authentication, or system changes.
4. Log Files: Audit logs are typically stored in `/var/log/audit/`, and other system logs can be found in various locations
like `/var/log/secure` and `/var/log/messages`.
5. Log Rotation: Log files are periodically rotated and compressed to save disk space and maintain historical records.
Effective logging and auditing in Fedora OS are crucial for detecting and responding to security incidents, tracking
system changes, and ensuring compliance with security policies.
15. Applications of Fedora Operating System
1. Cloud computing: Fedora Cloud is intended for use in cloud computing
environments and includes only the software packages required to run cloud-native
applications. It is designed for use in containerized environments such as
Kubernetes and is appropriate for developing and deploying cloud-based
applications.
2. Development: Fedora includes a large number of software development tools
and libraries, making it popular among developers for building and testing
applications. It’s especially well-suited for creating applications with open-source
technologies like Python, Ruby, and Java.
16. Benefits of Fedora Operating System
•Free and open-source: Fedora is free to download and use, and the source code is
freely available for anyone to view, modify, and distribute. As a result, it is a popular
choice among users who prefer open-source software and value transparency and
community involvement.
•Stable and reliable: Fedora is well-known for its stability and dependability, and it is
used as the primary operating system by many organizations and individuals. It is well-
maintained and subjected to rigorous testing before new versions are released, which
contributes to its stability and dependability.
•Fast release cycle: Fedora has a fast release cycle, which means that new versions of
the operating system are released to users on a regular basis, usually every six months.
This assists in keeping the operating system up to date with the latest software and
technologies, as well as allowing users to easily access the latest features and security
updates.
17. Limitations of Fedora Operating System
Complexity: Fedora is a powerful operating system designed for advanced users, and it
may be more difficult to use and configure than other operating systems. This may make it
more difficult for inexperienced users to install and use the operating system, particularly if
they are unfamiliar with Linux.
Limited support for proprietary software: Because Fedora is a free and open-source
operating system, it does not include support for proprietary software by default. This
means that users may have to manually install proprietary software or use alternative
open-source software.