By Daniel J. Barrett, Robert G. Byrnes, Richard Silverman
Publisher : O'Reilly
Pub Date : June 2003
ISBN : 0-596-00391-9
Pages : 332
The Linux Security Cookbook includes real solutions to a wide range of targeted problems, such as sending encrypted email within Emacs, restricting access to network services at particular times of day, firewalling a webserver, preventing IP spoofing, setting up key-based SSH authentication, and much more. With over 150 ready-to-use scripts and configuration files, this unique book helps administrators secure their systems without having to look up specific syntax.
Copyright
Preface
A Cookbook About Security?!?
Intended Audience
Roadmap of the Book
Our Security Philosophy
Supported Linux Distributions
Trying the Recipes
Conventions Used in This Book
We'd Like to Hear from You
Acknowledgments
Chapter 1. System Snapshots with Tripwire
Recipe 1.1. Setting Up Tripwire
Recipe 1.2. Displaying the Policy and Configuration
Recipe 1.3. Modifying the Policy and Configuration
Recipe 1.4. Basic Integrity Checking
Recipe 1.5. Read-Only Integrity Checking
Recipe 1.6. Remote Integrity Checking
Recipe 1.7. Ultra-Paranoid Integrity Checking
Recipe 1.8. Expensive, Ultra-Paranoid Security Checking
Recipe 1.9. Automated Integrity Checking
Recipe 1.10. Printing the Latest Tripwire Report
Recipe 1.11. Updating the Database
Recipe 1.12. Adding Files to the Database
Recipe 1.13. Excluding Files from the Database
Recipe 1.14. Checking Windows VFAT Filesystems
Recipe 1.15. Verifying RPM-Installed Files
Recipe 1.16. Integrity Checking with rsync
Recipe 1.17. Integrity Checking Manually
Chapter 2. Firewalls with iptables and ipchains
Recipe 2.1. Enabling Source Address Verification
Recipe 2.2. Blocking Spoofed Addresses
Recipe 2.3. Blocking All Network Traffic
Recipe 2.4. Blocking Incoming Traffic
Recipe 2.5. Blocking Outgoing Traffic
Recipe 2.6. Blocking Incoming Service Requests
Recipe 2.7. Blocking Access from a Remote Host
Recipe 2.8. Blocking Access to a Remote Host
Recipe 2.9. Blocking Outgoing Access to All Web Servers on a Network
Recipe 2.10. Blocking Remote Access, but Permitting Local
Recipe 2.11. Controlling Access by MAC Address
Recipe 2.12. Permitting SSH Access Only
Recipe 2.13. Prohibiting Outgoing Telnet Connections
Recipe 2.14. Protecting a Dedicated Server
Recipe 2.15. Preventing pings
Recipe 2.16. Listing Your Firewall Rules
Recipe 2.17. Deleting Firewall Rules
Recipe 2.18. Inserting Firewall Rules
Recipe 2.19. Saving a Firewall Configuration
Recipe 2.20. Loading a Firewall Configuration
Recipe 2.21. Testing a Firewall Configuration
Recipe 2.22. Building Complex Rule Trees
Recipe 2.23. Logging Simplified
Chapter 3. Network Access Control
Recipe 3.1. Listing Your Network Interfaces
Recipe 3.2. Starting and Stopping the Network Interface
Recipe 3.3. Enabling/Disabling a Service (xinetd)
Recipe 3.4. Enabling/Disabling a Service (inetd)
Recipe 3.5. Adding a New Service (xinetd)
Recipe 3.6. Adding a New Service (inetd)
Recipe 3.7. Restricting Access by Remote Users
Recipe 3.8. Restricting Access by Remote Hosts (xinetd)
Recipe 3.9. Restricting Access by Remote Hosts (xinetd with libwrap)
Recipe 3.10. Restricting Access by Remote Hosts (xinetd with tcpd)
Recipe 3.11. Restricting Access by Remote Hosts (inetd)
Recipe 3.12. Restricting Access by Time of Day
Recipe 3.13. Restricting Access to an SSH Server by Host
Recipe 3.14. Restricting Access to an SSH Server by Account
Recipe 3.15. Restricting Services to Specific Filesystem Directories
Recipe 3.16. Preventing Denial of Service Attacks
Recipe 3.17. Redirecting to Another Socket
Recipe 3.18. Logging Access to Your Services
Recipe 3.19. Prohibiting root Logins on Terminal Devices
Chapter 4. Authentication Techniques and Infrastructures
Recipe 4.1. Creating a PAM-Aware Application
Recipe 4.2. Enforcing Password Strength with PAM
Recipe 4.3. Creating Access Control Lists with PAM
Recipe 4.4. Validating an SSL Certificate
Recipe 4.5. Decoding an SSL Certificate
Recipe 4.6. Installing a New SSL Certificate
Recipe 4.7. Generating an SSL Certificate Signing Request (CSR)
Recipe 4.8. Creating a Self-Signed SSL Certificate
Recipe 4.9. Setting Up a Certifying Authority
Recipe 4.10. Converting SSL Certificates from DER to PEM
Recipe 4.11. Getting Started with Kerberos
Recipe 4.12. Adding Users to a Kerberos Realm
Recipe 4.13. Adding Hosts to a Kerberos Realm
Recipe 4.14. Using Kerberos with SSH
Recipe 4.15. Using Kerberos with Telnet
Recipe 4.16. Securing IMAP with Kerberos
Recipe 4.17. Using Kerberos with PAM for System-Wide Authentication
Chapter 5. Authorization Controls
Recipe 5.1. Running a root Login Shell
Recipe 5.2. Running X Programs as root
Recipe 5.3. Running Commands as Another User via sudo
Recipe 5.4. Bypassing Password Authentication in sudo
Recipe 5.5. Forcing Password Authentication in sudo
Recipe 5.6. Authorizing per Host in sudo
Recipe 5.7. Granting Privileges to a Group via sudo
Recipe 5.8. Running Any Program in a Directory via sudo
Recipe 5.9. Prohibiting Command Arguments with sudo
Recipe 5.10. Sharing Files Using Groups
Recipe 5.11. Permitting Read-Only Access to a Shared File via sudo
Recipe 5.12. Authorizing Password Changes via sudo
Recipe 5.13. Starting/Stopping Daemons via sudo
Recipe 5.14. Restricting root's Abilities via sudo
Recipe 5.15. Killing Processes via sudo
Recipe 5.16. Listing sudo Invocations
Recipe 5.17. Logging sudo Remotely
Recipe 5.18. Sharing root Privileges via SSH
Recipe 5.19. Running root Commands via SSH
Recipe 5.20. Sharing root Privileges via Kerberos su
Chapter 6. Protecting Outgoing Network Connections
Recipe 6.1. Logging into a Remote Host
Recipe 6.2. Invoking Remote Programs
Recipe 6.3. Copying Files Remotely
Recipe 6.4. Authenticating by Public Key (OpenSSH)
Recipe 6.5. Authenticating by Public Key (OpenSSH Client, SSH2 Server, OpenSSH Key)
Recipe 6.6. Authenticating by Public Key (OpenSSH Client, SSH2 Server, SSH2 Key)
Recipe 6.7. Authenticating by Public Key (SSH2 Client, OpenSSH Server)
Recipe 6.8. Authenticating by Trusted Host
Recipe 6.9. Authenticating Without a Password (Interactively)
Recipe 6.10. Authenticating in cron Jobs
Recipe 6.11. Terminating an SSH Agent on Logout
Recipe 6.12. Tailoring SSH per Host
Recipe 6.13. Changing SSH Client Defaults
Recipe 6.14. Tunneling Another TCP Session Through SSH
Recipe 6.15. Keeping Track of Passwords
Chapter 7. Protecting Files
Recipe 7.1. Using File Permissions
Recipe 7.2. Securing a Shared Directory
Recipe 7.3. Prohibiting Directory Listings
Recipe 7.4. Encrypting Files with a Password
Recipe 7.5. Decrypting Files
Recipe 7.6. Setting Up GnuPG for Public-Key Encryption
Recipe 7.7. Listing Your Keyring
Recipe 7.8. Setting a Default Key
Recipe 7.9. Sharing Public Keys
Recipe 7.10. Adding Keys to Your Keyring
Recipe 7.11. Encrypting Files for Others
Recipe 7.12. Signing a Text File
Recipe 7.13. Signing and Encrypting Files
Recipe 7.14. Creating a Detached Signature File
Recipe 7.15. Checking a Signature
Recipe 7.16. Printing Public Keys
Recipe 7.17. Backing Up a Private Key
Recipe 7.18. Encrypting Directories
Recipe 7.19. Adding Your Key to a Keyserver
Recipe 7.20. Uploading New Signatures to a Keyserver
Recipe 7.21. Obtaining Keys from a Keyserver
Recipe 7.22. Revoking a Key
Recipe 7.23. Maintaining Encrypted Files with Emacs
Recipe 7.24. Maintaining Encrypted Files with vim
Recipe 7.25. Encrypting Backups
Recipe 7.26. Using PGP Keys with GnuPG
Chapter 8. Protecting Email
Recipe 8.1. Encrypted Mail with Emacs
Recipe 8.2. Encrypted Mail with vim
Recipe 8.3. Encrypted Mail with Pine
Recipe 8.4. Encrypted Mail with Mozilla
Recipe 8.5. Encrypted Mail with Evolution
Recipe 8.6. Encrypted Mail with mutt
Recipe 8.7. Encrypted Mail with elm
Recipe 8.8. Encrypted Mail with MH
Recipe 8.9. Running a POP/IMAP Mail Server with SSL
Recipe 8.10. Testing an SSL Mail Connection
Recipe 8.11. Securing POP/IMAP with SSL and Pine
Recipe 8.12. Securing POP/IMAP with SSL and mutt
Recipe 8.13. Securing POP/IMAP with SSL and Evolution
Recipe 8.14. Securing POP/IMAP with stunnel and SSL
Recipe 8.15. Securing POP/IMAP with SSH
Recipe 8.16. Securing POP/IMAP with SSH and Pine
Recipe 8.17. Receiving Mail Without a Visible Server
Recipe 8.18. Using an SMTP Server from Arbitrary Clients
Chapter 9. Testing and Monitoring
Recipe 9.1. Testing Login Passwords (John the Ripper)
Recipe 9.2. Testing Login Passwords (CrackLib)
Recipe 9.3. Finding Accounts with No Password
Recipe 9.4. Finding Superuser Accounts
Recipe 9.5. Checking for Suspicious Account Use
Recipe 9.6. Checking for Suspicious Account Use, Multiple Systems
Recipe 9.7. Testing Your Search Path
Recipe 9.8. Searching Filesystems Effectively
Recipe 9.9. Finding setuid (or setgid) Programs
Recipe 9.10. Securing Device Special Files
Recipe 9.11. Finding Writable Files
Recipe 9.12. Looking for Rootkits
Recipe 9.13. Testing for Open Ports
Recipe 9.14. Examining Local Network Activities
Recipe 9.15. Tracing Processes
Recipe 9.16. Observing Network Traffic
Recipe 9.17. Observing Network Traffic (GUI)
Recipe 9.18. Searching for Strings in Network Traffic
Recipe 9.19. Detecting Insecure Network Protocols
Recipe 9.20. Getting Started with Snort
Recipe 9.21. Packet Sniffing with Snort
Recipe 9.22. Detecting Intrusions with Snort
Recipe 9.23. Decoding Snort Alert Messages
Recipe 9.24. Logging with Snort
Recipe 9.25. Partitioning Snort Logs Into Separate Files
Recipe 9.26. Upgrading and Tuning Snort's Ruleset
Recipe 9.27. Directing System Messages to Log Files (syslog)
Recipe 9.28. Testing a syslog Configuration
Recipe 9.29. Logging Remotely
Recipe 9.30. Rotating Log Files
Recipe 9.31. Sending Messages to the System Logger
Recipe 9.32. Writing Log Entries via Shell Scripts
Recipe 9.33. Writing Log Entries via Perl
Recipe 9.34. Writing Log Entries via C
Recipe 9.35. Combining Log Files
Recipe 9.36. Summarizing Your Logs with logwatch
Recipe 9.37. Defining a logwatch Filter
Recipe 9.38. Monitoring All Executed Commands
Recipe 9.39. Displaying All Executed Commands
Recipe 9.40. Parsing the Process Accounting Log
Recipe 9.41. Recovering from a Hack
Recipe 9.42. Filing an Incident Report
Colophon
Index
Download
Another Linux Books
Another Computer Security Books
No comments:
Post a Comment