Hardening Linux,9781590594445

Hardening Linux

by
ISBN13: 9781590594445
ISBN10: 1590594444
Format: Paperback
Pub. Date: 2005-02-28
Publisher(s): Apress
List Price: $66.56

Buy New

Usually Ships in 2-3 Business Days.
$63.39
Add to Cart

Rent Book

Select for Price
Add to Cart
There was a problem. Please try again later.

Rent Digital

Rent Digital Options
Online:30 Days access
Downloadable:30 Days
$28.80
Online:60 Days access
Downloadable:60 Days
$38.40
Online:90 Days access
Downloadable:90 Days
$48.00
Online:120 Days access
Downloadable:120 Days
$57.60
Online:180 Days access
Downloadable:180 Days
$62.40
Online:1825 Days access
Downloadable:Lifetime Access
$95.99
*To support the delivery of the digital material to you, a digital delivery fee of $3.99 will be charged on each digital item.
$62.40*
Add to Cart

Used Book

We're Sorry
Sold Out

Buy from our Marketplace starting at $5.50

How Marketplace Works:

  • This item is offered by an independent seller and not shipped from our warehouse
  • Item details like edition and cover design may differ from our description; see seller's comments before ordering.
  • Sellers much confirm and ship within two business days; otherwise, the order will be cancelled and refunded.
  • Marketplace purchases cannot be returned to eCampus.com. Contact the seller directly for inquiries; if no response within two days, contact customer service.
  • Additional shipping costs apply to Marketplace purchases. Review shipping costs at checkout.

Summary

Hardening Linuxby James Turnbull belongs on the shelf of anyone who installs and maintains Linux servers. - Ray Lodato, Slashdot ContributorI felt like I learned more about Linux reading this book than I've learned during the last year at work. - Lasse Koskela, JavaRanch SheriffI thinkHardening Linuxmay be the best example I've seen of a practical book on the subject. - Anomaly - G. Wade JohnsonI was a bit surprised when I scanned the table of contents. The first thought in my head was, 'hey, this has everything in it.' And it does. - Joe Topjian, Adminspotting.net"Hardening" is the process of protecting a system and its applications against unknown threats.Hardening Linuxidentifies many of the risks of running Linux hosts and applications and provides practical examples and methods to minimize those risks. The book is written for Linux/UNIX administrators who do not necessarily have in-depth knowledge of security but need to know how to secure their networks.In this book, you'll learn how to secure: The base operating system and firewall with iptables Connections to your hosts Fie systems and files Email servers IMAP and POP servers FTP serversA quick reference of the procedures discussed in each chapter are summarized in Appendix C.

Table of Contents

About the Author xv
About the Technical Reviewer xvii
Acknowledgments xix
Introduction xxi
Hardening the Basics
1(78)
Installing Your Distribution Securely
2(2)
Some Answers to Common Installation Questions
2(1)
Install Only What You Need
2(2)
Secure Booting, Boot Loaders, and Boot-Time Services
4(11)
Securing Your Boat Loader
5(3)
Init, Starting Services, and Boot Sequencing
8(7)
Consoles, Virtual Terminals, and Login Screens
15(4)
Securing the Console
16(1)
The Red Hat Console
16(1)
Securing Virtual Terminals
17(1)
Securing Login Screens
18(1)
Users and Groups
19(25)
Shadow Passwording
22(1)
Groups
23(1)
Adding Users
24(2)
Adding Groups
26(2)
Deleting Unnecessary Users and Groups
28(3)
Passwords
31(4)
Password Aging
35(2)
sudo
37(5)
User Accounting
42(2)
Process Accounting
44(2)
Pluggable Authentication Modules (PAM)
46(10)
PAM Module Stacking
48(1)
The PAM ``Other'' Service
49(1)
Restricting su Using PAM
50(1)
Setting Limits with PAM
51(2)
Restricting Users to Specific Login Times with PAM
53(3)
Package Management, File Integrity, and Updating
56(8)
Ensuring File Integrity
57(4)
Downloading Updates and Patches
61(3)
Compilers and Development Tools
64(2)
Removing the Compilers and Development Tools
64(1)
Restricting the Compilers and Development Tools
65(1)
Hardening and Securing Your Kernel
66(9)
Getting Your Kernel Source
66(2)
The Openwall Project
68(6)
Other Kernel-Hardening Options
74(1)
Keeping Informed About Security
75(1)
Security Sites and Mailing Lists
75(1)
Vendor and Distribution Security Sites
76(1)
Resources
76(3)
Mailing Lists
76(1)
Sites
77(2)
Firewalling Your Hosts
79(58)
So, How Does a Linux Firewall Work?
80(3)
Tables
82(1)
Chains
82(1)
Policies
82(1)
Adding Your First Rules
83(3)
Choosing Filtering Criteria
86(1)
The iptables Command
87(4)
Creating a Basic Firewall
91(6)
Creating a Firewall for a Bastion Host
97(20)
Securing the Bastion Services
98(3)
Firewall Logging
101(4)
Handling ICMP Traffic
105(3)
Spoofing, Hijacking, and Denial of Service Attacks
108(3)
iptables and TCP Flags
111(5)
Some Final Bastion Host Rules
116(1)
Kernel Modules and Parameters
117(12)
Patch-o-Matic
117(7)
Kernel Parameters
124(5)
Managing iptables and Your Rules
129(7)
iptables-save and iptables-restore
130(1)
iptables init Scripts
131(1)
Testing and Troubleshooting
132(4)
Resources
136(1)
Mailing Lists
136(1)
Sites
136(1)
Books
136(1)
Securing Connections and Remote Administration
137(50)
Public-Key Encryption
137(32)
SSL, TLS, and OpenSSL
140(12)
Stunnel
152(7)
IPSec, VPNs, and Openswan
159(8)
inetd and xinetd-Based Connections
167(2)
Remote Administration
169(16)
ssh
171(4)
scp and sftp
175(2)
ssh-agent and Agent Forwarding
177(2)
The sshd Daemon
179(1)
Configuring ssh and sshd
180(3)
Port Forwarding with OpenSSH
183(1)
Forwarding X with OpenSSH
184(1)
Resources
185(2)
Mailing Lists
185(1)
Sites
185(2)
Securing Files and File Systems
187(46)
Basic File Permissions and File Attributes
188(10)
Access Permissions
188(10)
Ownership
198(1)
Immutable Files
198(2)
Capabilities and Icap
200(2)
Encrypting Files
202(2)
Securely Mounting File Systems
204(3)
Securing Removable Devices
207(1)
Creating an Encrypted File System
208(7)
Installing the Userland Tools
209(1)
Enabling the Functionality
209(1)
Encrypting a Loop File System
210(4)
Unmounting Your Encrypted File System
214(1)
Remounting
215(1)
Maintaining File Integrity with Tripwire
215(14)
Configuring Tripwire
216(2)
Explaining Tripwire Policy
218(11)
Network File System (NFS)
229(2)
Resources
231(2)
Mailing Lists
231(1)
Sites
231(1)
Sites About ACLs
231(2)
Understanding Logging and Log Monitoring
233(48)
Syslog
233(8)
Configuring Syslog
235(4)
Starting syslogd and Its Options
239(2)
syslog-NG
241(23)
Installing and Configuring syslog-NG
241(1)
The contrib Directory
242(1)
Running and Configuring syslog-NG
242(12)
Sample syslog-ng.conf File
254(2)
Logging to a Database with syslog-NG
256(3)
Secure Logging with syslog-NG
259(4)
Testing Logging with logger
263(1)
Log Analysis and Correlation
264(13)
Installing and Running SEC
267(2)
Inputting Messages to SEC
269(1)
Building Your SEC Rules
270(7)
Log Management and Rotation
277(3)
Resources
280(1)
Mailing Lists
280(1)
Sites
280(1)
Books
280(1)
Using Tools for Security Testing
281(40)
Inner Layer
282(13)
Scanning for Exploits and Root Kits
282(5)
Testing Your Password Security
287(3)
Automated Security Hardening with Bastille Linux
290(5)
Outer Layer
295(18)
NMAP
296(6)
Nessus
302(11)
Other Methods of Detecting a Penetration
313(2)
Recovering from a Penetration
315(3)
Additional Security Tools
318(1)
dsniff
318(1)
Ethereal
318(1)
Ettercap
318(1)
LIDS
318(1)
Netcat
319(1)
SARA
319(1)
Snort
319(1)
tcpdump
319(1)
Titan
319(1)
Resources
319(2)
Sites
320(1)
Securing Your Mail Server
321(52)
Which Mail Server to Choose?
321(2)
How Is Your Mail Server at Risk?
323(1)
Protecting Your Mail Server
323(10)
Chrooting a Sendmail SMTP Gateway or Relay
324(6)
Chrooting Postfix
330(3)
Securing Your SMTP Server
333(13)
Obfuscating the MTA Banner and Version
333(3)
Disabling Dangerous and Legacy SMTP Commands
336(3)
Some Additional Sendmail Privacy Flags
339(1)
Sendmail and smrsh
339(1)
Writing to Files Safely
340(1)
Limiting the Risk of (Distributed) DoS Attacks
341(5)
Relaying, SPAM, and Viruses
346(26)
Relaying
346(5)
Antispam
351(13)
Antivirus Scanning Your E-mail Server
364(8)
Resources
372(1)
Mailing Lists
372(1)
Sites
372(1)
Authenticating and Securing Your Mail
373(30)
TLS
373(14)
Creating Certificates for TLS
374(3)
TLS with Sendmail
377(4)
TLS with Postfix
381(6)
SMTP AUTH Using Cyrus SASL
387(2)
Compiling Cyrus SASL
388(1)
Configuring SASL saslauthd
389(1)
SMTP AUTH Using Cyrus SASL for Sendmail
389(6)
Compiling Cyrus SASL into Sendmail
390(1)
Configuring Cyrus SASL for Sendmail
391(1)
Using SMTP Server Authentication with Sendmail
392(2)
Using SMTP Client Authentication with Sendmail
394(1)
SMTP AUTH Using Cyrus SASL for Postfix
395(5)
Compiling Cyrus SASL into Postfix
395(1)
Configuring Cyrus SASL for Postfix
396(2)
Using SMTP Server Authentication with Postfix
398(2)
Using SMTP Client Authentication with Postfix
400(1)
Testing SMTP AUTH with Outlook Express
400(2)
Resources
402(1)
Mailing Lists
402(1)
Sites
402(1)
Hardening Remote Access to E-mail
403(40)
IMAP
404(1)
POP
404(1)
Choosing IMAP or POP Servers
405(1)
How Is Your IMAP or POP Server at Risk?
406(1)
Cyrus IMAP
407(23)
Installing and Compiling Cyrus IMAP
409(2)
Installing Cyrus IMAP into a chroot Jail
411(6)
Configuring Cyrus IMAP
417(5)
Cyrus IMAP Authentication with SASL
422(3)
Cyrus IMAP Access Control and Authorization
425(3)
Testing Cyrus IMAP with imtest/pop3test
428(2)
Fetchmail
430(11)
Installing Fetchmail
431(3)
Configuring and Running Fetchmail
434(7)
Resources
441(2)
Mailing Lists
441(1)
Sites
441(2)
Securing an FTP Server
443(20)
How Does FTP Work?
444(2)
Firewalling Your FTP Server
446(2)
What FTP Server to Use?
448(1)
Installing vsftpd
448(2)
Configuring vsftpd for Anonymous FTP
450(6)
General Configuration
451(1)
Mode and Access Rights
452(2)
General Security
454(1)
Preventing Denial of Service Attacks
455(1)
Configuring vsftpd with Local Users
456(3)
Adding SSL/TLS Support
459(2)
Starting and Stopping vsftpd
461(1)
Resources
461(2)
Sites
461(2)
Hardening DNS and BIND
463(48)
Your DNS Server at Risk
464(2)
Man-in-the-Middle Attacks
464(1)
Cache Poisoning
465(1)
Denial of Service Attacks
465(1)
Data Corruption and Alteration
466(1)
Other Risks
466(1)
What DNS Server Should You Choose?
466(1)
Secure BIND Design
467(3)
Installing BIND
470(2)
Chrooting BIND
472(1)
Permissions in the chroot Jail
473(1)
Starting and Running named
474(2)
Configuring BIND
476(24)
Access Control Lists
479(1)
Logging
480(4)
Options
484(9)
Views and Zones
493(4)
Zones
497(3)
TSIG
500(4)
The rndc Command
504(6)
rndc.conf
505(2)
Adding rndc Support to named.conf
507(1)
Using rndc
508(2)
Resources
510(1)
Mailing Lists
510(1)
Sites
510(1)
Information About Zone Files
510(1)
Books
510(1)
APPENDIX A The Bastion Host Firewall Script
511(6)
APPENDIX B BIND Configuration Files
517(8)
A Caching Server
517(2)
An Authoritative Master Name Server
519(1)
A Split DNS Name Server
520(3)
A Sample Named init Script
523(2)
APPENDIX C Checkpoints
525(8)
Chapter 1
525(1)
Chapter 2
526(1)
Chapter 3
527(1)
Chapter 4
527(1)
Chapter 5
528(1)
Chapter 6
529(1)
Chapter 7
529(1)
Chapter 8
530(1)
Chapter 9
530(1)
Chapter 10
531(1)
Chapter 11
531(2)
Index 533

An electronic version of this book is available through VitalSource.

This book is viewable on PC, Mac, iPhone, iPad, iPod Touch, and most smartphones.

By purchasing, you will be able to view this book online, as well as download it, for the chosen number of days.

Digital License

You are licensing a digital product for a set duration. Durations are set forth in the product description, with "Lifetime" typically meaning five (5) years of online access and permanent download to a supported device. All licenses are non-transferable.

More details can be found here.

A downloadable version of this book is available through the eCampus Reader or compatible Adobe readers.

Applications are available on iOS, Android, PC, Mac, and Windows Mobile platforms.

Please view the compatibility matrix prior to purchase.