Linux Security Cookbook
Linux Security Cookbook By Daniel J. Barrett, Richard E. Silverman, Robert G. Byrnes
June 2003
Pages: 332

| Table of Contents | Index | Sample Excerpt | Colophon

Table of Contents

  1. Chapter 1 System Snapshots with Tripwire

    1. Setting Up Tripwire

    2. Displaying the Policy and Configuration

    3. Modifying the Policy and Configuration

    4. Basic Integrity Checking

    5. Read-Only Integrity Checking

    6. Remote Integrity Checking

    7. Ultra-Paranoid Integrity Checking

    8. Expensive, Ultra-Paranoid Security Checking

    9. Automated Integrity Checking

    10. Printing the Latest Tripwire Report

    11. Updating the Database

    12. Adding Files to the Database

    13. Excluding Files from the Database

    14. Checking Windows VFAT Filesystems

    15. Verifying RPM-Installed Files

    16. Integrity Checking with rsync

    17. Integrity Checking Manually

  2. Chapter 2 Firewalls with iptables and ipchains

    1. Enabling Source Address Verification

    2. Blocking Spoofed Addresses

    3. Blocking All Network Traffic

    4. Blocking Incoming Traffic

    5. Blocking Outgoing Traffic

    6. Blocking Incoming Service Requests

    7. Blocking Access from a Remote Host

    8. Blocking Access to a Remote Host

    9. Blocking Outgoing Access to All Web Servers on a Network

    10. Blocking Remote Access, but Permitting Local

    11. Controlling Access by MAC Address

    12. Permitting SSH Access Only

    13. Prohibiting Outgoing Telnet Connections

    14. Protecting a Dedicated Server

    15. Preventing pings

    16. Listing Your Firewall Rules

    17. Deleting Firewall Rules

    18. Inserting Firewall Rules

    19. Saving a Firewall Configuration

    20. Loading a Firewall Configuration

    21. Testing a Firewall Configuration

    22. Building Complex Rule Trees

    23. Logging Simplified

  3. Chapter 3 Network Access Control

    1. Listing Your Network Interfaces

    2. Starting and Stopping the Network Interface

    3. Enabling/Disabling a Service (xinetd)

    4. Enabling/Disabling a Service (inetd)

    5. Adding a New Service (xinetd)

    6. Adding a New Service (inetd)

    7. Restricting Access by Remote Users

    8. Restricting Access by Remote Hosts (xinetd)

    9. Restricting Access by Remote Hosts (xinetd with libwrap)

    10. Restricting Access by Remote Hosts (xinetd with tcpd)

    11. Restricting Access by Remote Hosts (inetd)

    12. Restricting Access by Time of Day

    13. Restricting Access to an SSH Server by Host

    14. Restricting Access to an SSH Server by Account

    15. Restricting Services to Specific Filesystem Directories

    16. Preventing Denial of Service Attacks

    17. Redirecting to Another Socket

    18. Logging Access to Your Services

    19. Prohibiting root Logins on Terminal Devices

  4. Chapter 4 Authentication Techniques and Infrastructures

    1. Creating a PAM-Aware Application

    2. Enforcing Password Strength with PAM

    3. Creating Access Control Lists with PAM

    4. Validating an SSL Certificate

    5. Decoding an SSL Certificate

    6. Installing a New SSL Certificate

    7. Generating an SSL Certificate Signing Request (CSR)

    8. Creating a Self-Signed SSL Certificate

    9. Setting Up a Certifying Authority

    10. Converting SSL Certificates from DER to PEM

    11. Getting Started with Kerberos

    12. Adding Users to a Kerberos Realm

    13. Adding Hosts to a Kerberos Realm

    14. Using Kerberos with SSH

    15. Using Kerberos with Telnet

    16. Securing IMAP with Kerberos

    17. Using Kerberos with PAM for System-Wide Authentication

  5. Chapter 5 Authorization Controls

    1. Running a root Login Shell

    2. Running X Programs as root

    3. Running Commands as Another User via sudo

    4. Bypassing Password Authentication in sudo

    5. Forcing Password Authentication in sudo

    6. Authorizing per Host in sudo

    7. Granting Privileges to a Group via sudo

    8. Running Any Program in a Directory via sudo

    9. Prohibiting Command Arguments with sudo

    10. Sharing Files Using Groups

    11. Permitting Read-Only Access to a Shared File via sudo

    12. Authorizing Password Changes via sudo

    13. Starting/Stopping Daemons via sudo

    14. Restricting root's Abilities via sudo

    15. Killing Processes via sudo

    16. Listing sudo Invocations

    17. Logging sudo Remotely

    18. Sharing root Privileges via SSH

    19. Running root Commands via SSH

    20. Sharing root Privileges via Kerberos su

  6. Chapter 6 Protecting Outgoing Network Connections

    1. Logging into a Remote Host

    2. Invoking Remote Programs

    3. Copying Files Remotely

    4. Authenticating by Public Key (OpenSSH)

    5. Authenticating by Public Key (OpenSSH Client, SSH2 Server, OpenSSH Key)

    6. Authenticating by Public Key (OpenSSH Client, SSH2 Server, SSH2 Key)

    7. Authenticating by Public Key (SSH2 Client, OpenSSH Server)

    8. Authenticating by Trusted Host

    9. Authenticating Without a Password (Interactively)

    10. Authenticating in cron Jobs

    11. Terminating an SSH Agent on Logout

    12. Tailoring SSH per Host

    13. Changing SSH Client Defaults

    14. Tunneling Another TCP Session Through SSH

    15. Keeping Track of Passwords

  7. Chapter 7 Protecting Files

    1. Using File Permissions

    2. Securing a Shared Directory

    3. Prohibiting Directory Listings

    4. Encrypting Files with a Password

    5. Decrypting Files

    6. Setting Up GnuPG for Public-Key Encryption

    7. Listing Your Keyring

    8. Setting a Default Key

    9. Sharing Public Keys

    10. Adding Keys to Your Keyring

    11. Encrypting Files for Others

    12. Signing a Text File

    13. Signing and Encrypting Files

    14. Creating a Detached Signature File

    15. Checking a Signature

    16. Printing Public Keys

    17. Backing Up a Private Key

    18. Encrypting Directories

    19. Adding Your Key to a Keyserver

    20. Uploading New Signatures to a Keyserver

    21. Obtaining Keys from a Keyserver

    22. Revoking a Key

    23. Maintaining Encrypted Files with Emacs

    24. Maintaining Encrypted Files with vim

    25. Encrypting Backups

    26. Using PGP Keys with GnuPG

  8. Chapter 8 Protecting Email

    1. Encrypted Mail with Emacs

    2. Encrypted Mail with vim

    3. Encrypted Mail with Pine

    4. Encrypted Mail with Mozilla

    5. Encrypted Mail with Evolution

    6. Encrypted Mail with mutt

    7. Encrypted Mail with elm

    8. Encrypted Mail with MH

    9. Running a POP/IMAP Mail Server with SSL

    10. Testing an SSL Mail Connection

    11. Securing POP/IMAP with SSL and Pine

    12. Securing POP/IMAP with SSL and mutt

    13. Securing POP/IMAP with SSL and Evolution

    14. Securing POP/IMAP with stunnel and SSL

    15. Securing POP/IMAP with SSH

    16. Securing POP/IMAP with SSH and Pine

    17. Receiving Mail Without a Visible Server

    18. Using an SMTP Server from Arbitrary Clients

  9. Chapter 9 Testing and Monitoring

    1. Testing Login Passwords (John the Ripper)

    2. Testing Login Passwords (CrackLib)

    3. Finding Accounts with No Password

    4. Finding Superuser Accounts

    5. Checking for Suspicious Account Use

    6. Checking for Suspicious Account Use, Multiple Systems

    7. Testing Your Search Path

    8. Searching Filesystems Effectively

    9. Finding setuid (or setgid) Programs

    10. Securing Device Special Files

    11. Finding Writable Files

    12. Looking for Rootkits

    13. Testing for Open Ports

    14. Examining Local Network Activities

    15. Tracing Processes

    16. Observing Network Traffic

    17. Observing Network Traffic (GUI)

    18. Searching for Strings in Network Traffic

    19. Detecting Insecure Network Protocols

    20. Getting Started with Snort

    21. Packet Sniffing with Snort

    22. Detecting Intrusions with Snort

    23. Decoding Snort Alert Messages

    24. Logging with Snort

    25. Partitioning Snort Logs Into Separate Files

    26. Upgrading and Tuning Snort's Ruleset

    27. Directing System Messages to Log Files (syslog)

    28. Testing a syslog Configuration

    29. Logging Remotely

    30. Rotating Log Files

    31. Sending Messages to the System Logger

    32. Writing Log Entries via Shell Scripts

    33. Writing Log Entries via Perl

    34. Writing Log Entries via C

    35. Combining Log Files

    36. Summarizing Your Logs with logwatch

    37. Defining a logwatch Filter

    38. Monitoring All Executed Commands

    39. Displaying All Executed Commands

    40. Parsing the Process Accounting Log

    41. Recovering from a Hack

    42. Filing an Incident Report

  1. Colophon

Return to Linux Security Cookbook