: James Turnbull
: Hardening Linux
: Apress
: 9781430200055
: 1
: CHF 74.40
:
: Informatik
: English
: 584
: Wasserzeichen/DRM
: PC/MAC/eReader/Tablet
: PDF
Imparts good security doctrine, methodology, and strategies

*Each application-focused chapter will be able to be used as a stand-alone HOW-TO for that particular application.

Offers users a selection of resources (websites, mailing lists, and books) to further their knowledge.



James Turnbull is the author of five technical books about open source software and a longtime member of the open source community. James authored the first and second books about Puppet, and works for Puppet Labs, running client services. James speaks regularly at conferences including OSCON, Linux.conf.au, FOSDEM, OpenSourceBridge, DevOpsDays and a number of others. He is a past president of Linux Australia, has run Linux.conf.au and serves on the program committee of Linux.conf.au and OSCON. James is Australian but currently lives in Portland, Oregon. His interests include cooking, wine, political theory, photojournalism, philosophy, and most recently the Portland Timbers association football team.
Contents6
About the Author14
About the Technical Reviewer15
Acknowledgments16
Introduction17
Chapter 1 Hardening the Basics24
Installing Your Distribution Securely25
Some Answers to Common Installation Questions25
Install Only What You Need25
Secure Booting, Boot Loaders, and Boot-Time Services27
Securing Your Boat Loader28
Init, Starting Services, and Boot Sequencing31
Consoles, Virtual Terminals, and Login Screens38
Securing the Console39
The Red Hat Console39
Securing Virtual Terminals40
Securing Login Screens41
Users and Groups42
Shadow Passwording45
Groups46
Adding Users47
Adding Groups49
Deleting Unnecessary Users and Groups51
Passwords54
Password Aging58
User Accounting65
Process Accounting67
Pluggable Authentication Modules (PAM)69
PAM Module Stacking71
The PAM “Other” Service72
Restricting su Using PAM73
Setting Limits with PAM74
Restricting Users to Specific Login Times with PAM76
Package Management, File Integrity, and Updating79
Ensuring File Integrity80
Downloading Updates and Patches84
Compilers and Development Tools87
Removing the Compilers and Development Tools87
Restricting the Compilers and Development Tools88
Hardening and Securing Your Kernel89
Getting Your Kernel Source89
The Openwall Project91
Other Kernel-Hardening Options97
Keeping Informed About Security98
Security Sites and Mailing Lists98
Vendor and Distribution Security Sites99
Resources99
Mailing Lists99
Sites100
Chapter 2 Firewalling Your Hosts101
So, How Does a Linux Firewall Work?102
Tables104
Chains104
Policies104
Adding Your First Rules105
Choosing Filtering Criteria108
The iptables Command109
Creating a Basic Firewall113
Creating a Firewall for a Bastion Host119
Kernel Modules and Parameters139
Patch-o-Matic139
Kernel Parameters146
Managing iptables and Your Rules151
iptables-save and iptables-restore152
iptables init Scripts153
Testing and Troubleshooting154
Resources158
Mailing Lists158
Sites158
Books158
Chapter 3 Securing Connections and Remote Administration159
Public-Key Encryption159
SSL, TLS, and OpenSSL162
Stunnel174
IPSec,VPNs, and Openswan181
inetd and xinetd-Based Connections189
Remote Administration191
ssh-agent and Agent Forwarding199
The sshd Daemon201
Configuring ssh and sshd202
Port Forwarding with OpenSSH205
Forwarding X with OpenSSH206
Resources207
Mailing Lists207
Sites207
Chapter 4 Securing Files and File Systems208
Basic File Permissions and File Attributes209
Access Permissions209
Ownership219
Immutable Files219
Capabilities and lcap221
Encrypting Files223
Securely Mounting File Systems225
Securing Removable Devices228
Creating an Encrypted File System229
Installing the Userland Tools230
Enabling the Functionality230
Encrypting a Loop File System231
Unmounting Your Encrypted File System235
Remounting236
Maintaining File Integrity with Tripwire236
Configuring Tripwire237
Explaining Tripwire Policy239
Network File System (NFS)250
Resources252
Mailing Lists252
Sites252
Sites About ACLs252
Chapter 5 Understanding Logging and Log Monitoring253
Syslog253
Configuring Syslog255
Starting syslogd and Its Options259
syslog-NG261
Installing and Configuring syslog-NG261
The contrib Directory