Linux System Security - Scott Mann, Ellen L. Mitchell, Mitchell Krell

Linux System Security

The Administrator's Guide to Open Source Security Tools
Buch | Hardcover
896 Seiten
2002 | 2nd edition
Prentice Hall (Verlag)
978-0-13-047011-9 (ISBN)
57,65 inkl. MwSt
  • Titel ist leider vergriffen;
    keine Neuauflage
  • Artikel merken
A tutorial guide to securing your system using LINUX-based open source tools. Covers account and password security, e-mail and directory security, intrusion detection, how to design and implement a firewall.
As more companies are moving to Linux for mission-critical applications, security becomes a major issue. This guide explains the pros and cons of the most the valuable open source security tools and is complete with implementation details. It gives detailed instructions on the implementation, configuration, and use of publicly available tools and features of Linux as they relate to Linux security. Essential background information is provided in the book's introductory chapters. Administrators will learn to: Prepare Linux systems for a production environment; Identify vulnerabilities, and planning for security administration; Configure Linux-based firewalls, authentication, and encryption; Secure filesystems, email, web servers, and other key applications; Protect mixed Linux/Unix and Windows environments. New to this Edition: Updated for Redhat 7.2
; One of the first Linux security books to cover Bastille, a hardening program which tightens system security and can even lock down the entire system in cases where the system is seriously compromised; New chapter on network sniffers and port scanners used to detect intruders; Will Cover Open SSH - the new open source version of a popular suite of connectivity tools which allow you to login into remote computers and execute commands on these computers. Open SSH contains encryption capabilities that encrypts all traffic including passwords.

SCOTT MANN is a Linux software engineer at LeftHand Networks in Colorado. He has previously specialized in Linux and UNIX systems for both SGI and Sun Microsystems. His previous Prentice Hall PTR books include Linux TCP/IP Network Administration. ELLEN L. MITCHELL is a security analyst at Texas A&M University, where she is responsible for campus network security, development, and administration. She currently maintains the Tiger UNIX security package. MITCHELL KRELL, Ph.D., is a former university professor turned consultant. He currently travels around the country teaching classes and consulting for various government agencies on a variety of topics including Linux, IRIX, system administration, networking, web development, and computer security.

Preface.


1. How Did That Happen?: Vulnerability Survey.


What Happened? So, Are You Going to Show Us How to Break into Systems? A Survey of Vulnerabilities and Attacks. Summary. For Further Reading.



2. Imagine That! You're Big Brother! Security Policies.


What Is Computer and Network Security? Securing Computers and Networks. User Privacy and Administrator Ethics. Summary. For Further Reading.



3. This 'n That: Background Information.


BIOS Passwords. Linux Installation and LILO. Start-Up Scripts. Red Hat Package Manager. TCP/IP Networking Overview. Request for Comment. Cryptography. Testing and Production Environments. Licenses.



4. Of Course I Trust My Users! Users, Permissions, and Filesystems.


User Account Management. The Root Account. Group Account Management. File and Directory Permissions. Using xlock and xscreensaver. Filesystem Restrictions. Access Control Lists and Extended Attributes. Summary. For Further Reading.



5. Been Cracked? Just Put PAM on It! Pluggable Authentication Modules.


PAM Overview. PAM Administration. PAM Logs. Available PAM Modules. PAM-Aware Applications. Important Notes about Configuring PAM. The Future of PAM. Summary. For Further Reading.



6. Just Once, Only Once! One-Time Passwords.


The Purpose of One-Time Passwords. S/Key. Which OTP System Should I Use? S/Key Vulnerabilities. Summary. For Further Reading.



7. Bean Counting: System Accounting.


General System Accounting. Connection Accounting. Process Accounting. Accounting Files. Summary. For Further Reading.



8. And You Thought Wiretapping Was for the Feds! System Logging.


The syslog System Logging Utility. Other Logs. Alternatives to syslog. The auditd Utility. Summary. For Further Reading.



9. Want To Be Root? Superuser Do (sudo).


What Is sudo? Obtaining and Implementing sudo. Using sudo. PAM and sudo. Disabling root Access. Vulnerabilities of sudo. Summary. For Further Reading.



10. Which Doors Are Open? Securing Network Services: xinetd.


Using xinetd. Summary. For Further Reading. Internet Services Resources.



11. Let 'Em Sniff the Net! The Secure Shell.


Available Versions of SSH. Overview of SSH Version 1. Overview of SSH Version 2. Installing OpenSSH. Configuring the Secure Shell. Using SSH. Configuring SSH Authentication Behavior. Exploring ssh Functionality. Secure Shell Alternatives. Summary. For Further Reading.



12. So You Think You've Got a Good Password! Crack.


Obtaining Crack. Major Components of Crack. Crack Overview. Building Crack. Compiling and Linking Crack. Crack Dictionaries. Using Crack. The White Hat Use of Crack. Summary. For Further Reading.



13. What's Been Happening? Auditing Your System with Bastille.


Bastille Overview. Obtaining and Installing Bastille. Configuring Bastille. Duplicating Setup on Additional Hosts. UNDO! Automated Bastille. Summary.



14. Setting the Trap: Tripwire.


Tripwire Overview. Obtaining and Installing Tripwire. Tripwire Version 2.3.1-5. Configuring Tripwire. The Tripwire Configuration File. The Tripwire Policy File. The tripwire Command. Initializing the Tripwire Database. Effective Tripwire Initialization. Routine Tripwire Runs3/4Compare Mode. Tripwire Update Mode. Policy Update Mode. Testing Email Notification. Twprint. Summary. For Further Reading.



15. We Must Censor! Part 1: ipchains.


What is a Firewall? Packet Filtering. Configuring the Kernel for ipchains. ipchains Overview. Introduction to Using ipchains. Packet Fragments. IP Masquerading. Adding Custom Chains. Antispoofing Rules. Rule Ordering Is Important! Saving and Restoring Rules. Rule Writing and Logging Tips. Building Your Firewall. ipchains IsnÕt Just for Firewalls! A Few More Thingsú Supplementary Utilities. The Next Generationú Summary. For Further Reading.



16. We Must Censor! Part 2: iptables.


Netfilter Overview. The iptables Utility. iptables Examples. Summary. For Further Reading.



17. Who's Watching Now? Scanners, Sniffers, and Detectors.


Introduction. Scanners. Sniffers. Detectors. Summary. For Further Reading.



18. Wiretapping Is Not So Much Fun after All! Log File Management.


General Log File Management. Logrotate. Swatch. Logcheck. Summary.



19. This Is an Awful Lot of Work! Implementing and Managing Security.


So, Where Do I Start? Reducing the Workload. What If My Systems Are Already in the Production Environment? The Internal Network. Firewalls and the DMZ. Break-in Recovery. Adding New Software. Only through Knowledgeú



Appendix A. Keeping Up to Date.


Web Pages. Full Disclosure Resources. Mailing Lists.



Appendix B. Tools Not Covered.


Appendix C. OPIE.


Obtaining and Installing OPIE. Implementing and Using OPIE. OPIE and PAM.



Appendix D. Securing Network Services: TCP_Wrappers and portmap.


TCP_Wrappers. The Portmapper. Unwrapped Services. For Further Reading.



Appendix E. The Cryptographic and Transparent Cryptographic Filesystems.


Overview of the Cryptographic File System. Obtaining and Installing CFS. Using CFS. Vulnerabilities of CFS. Overview of TCFS. Obtaining and Installing TCFS. The TCFS Client Side. Using TCFS. Vulnerabilities of TCFS. CFS and TCFS Comparison. Securely Deleting Files. Alternatives to CFS and TCFS. Summary. For Further Reading.



Glossary.


Index.

Erscheint lt. Verlag 2.10.2002
Verlagsort Upper Saddle River
Sprache englisch
Maße 185 x 242 mm
Gewicht 1451 g
Themenwelt Informatik Betriebssysteme / Server Unix / Linux
Mathematik / Informatik Informatik Netzwerke
Informatik Theorie / Studium Kryptologie
Wirtschaft Betriebswirtschaft / Management Wirtschaftsinformatik
ISBN-10 0-13-047011-2 / 0130470112
ISBN-13 978-0-13-047011-9 / 9780130470119
Zustand Neuware
Haben Sie eine Frage zum Produkt?
Mehr entdecken
aus dem Bereich
Die wichtigen Befehle

von Daniel J. Barrett

Buch | Softcover (2024)
O'Reilly (Verlag)
16,90
das umfassende Handbuch

von Dirk Deimeke; Daniel van Soest; Stefan Kania

Buch | Hardcover (2023)
Rheinwerk (Verlag)
69,90
das umfassende Handbuch

von Michael Kofler

Buch | Hardcover (2023)
Rheinwerk (Verlag)
49,90