Mastering Linux security and hardening: secure your Linux server and protect it from intruders, malware attacks, and other external threats

Tevault, Donald A.,

Вход в систему

Детальная информация

	Таблица	Карточка	RUSMARC

Название:	Mastering Linux security and hardening: secure your Linux server and protect it from intruders, malware attacks, and other external threats
Авторы:	Tevault Donald A.,
Коллекция:	Электронные книги зарубежных издательств; Общая коллекция
Тематика:	Computer security.; Computer security — Standards.; Computer Security; Sécurité informatique — Normes.; Sécurité informatique.; Linux.; Computer networking & communications.; COMPUTERS — Operating Systems — Linux.; COMPUTERS — Security — General.; EBSCO eBooks
Тип документа:	Другой
Тип файла:	PDF
Язык:	Английский
Права доступа:	Доступ по паролю из сети Интернет (чтение, печать, копирование)
Ключ записи:	on1021887823

Разрешенные действия:

pdf/1699218.pdf	–	Действие 'Прочитать' будет доступно, если вы выполните вход в систему или будете работать с сайтом на компьютере в другой сети Действие 'Загрузить' будет доступно, если вы выполните вход в систему или будете работать с сайтом на компьютере в другой сети
epub/1699218.epub	–	Действие 'Загрузить' будет доступно, если вы выполните вход в систему или будете работать с сайтом на компьютере в другой сети

Группа: Анонимные пользователи

Сеть: Интернет

Аннотация

The author presents a guide to mastering the art of preventing Linux systems from getting compromised. Learn how to perform a number of advanced Linux security techniques such as network service detection, user authentication, controlling special permissions, encrypting file systems, and more. This book has coverage of techniques that will help prevent attackers from breaching systems, covering topics such as SSH hardening, network service detection, setting up firewalls, encrypting file systems, and protecting user accounts.

Права на использование объекта хранения

	Место доступа		Группа пользователей		Действие
	Локальная сеть ИБК СПбПУ		Все
	Интернет		Авторизованные пользователи СПбПУ
	Интернет		Анонимные пользователи

Cover
Copyright and Credits
Packt Upsell
Contributors
Table of Contents
Preface
Chapter 1: Running Linux in a Virtual Environment
- The threat landscape
  - So, how does this happen?
- Keeping up with security news
- Introduction to VirtualBox and Cygwin
  - Installing a virtual machine in VirtualBox
  - The EPEL repository on the CentOS virtual machine
  - Configuring a network for VirtualBox virtual machines
  - Creating a virtual machine snapshot with VirtualBox
- Using Cygwin to connect to your virtual machines
  - Installing Cygwin on your Windows host
- Summary
Chapter 2: Securing User Accounts
- The dangers of logging in as the root user
- The advantages of using sudo
- Setting up sudo privileges for full administrative users
  - Method 1 – adding users to a predefined admin group
  - Method 2 – creating an entry in the sudo policy file
- Setting up sudo for users with only certain delegated privileges
  - Hands-on lab for assigning limited sudo privileges
- Advanced tips and tricks for using sudo
  - The sudo timer
    - Hands-on lab for disabling the sudo timer
  - Preventing users from having root shell access
  - Preventing users from using shell escapes
  - Preventing users from using other dangerous programs
  - Limiting the user's actions with commands
  - Letting users run as other users
- Locking down users' home directories the Red Hat or CentOS way
- Locking down users' home directories the Debian/Ubuntu way
  - useradd on Debian/Ubuntu
  - adduser on Debian/Ubuntu
    - Hands-on lab for configuring adduser
- Enforcing strong password criteria
  - Installing and configuring pwquality
    - Hands-on lab for setting password complexity criteria
- Setting and enforcing password and account expiration
  - Configuring default expiry data for useradd – for Red Hat or CentOS only
  - Setting expiry data on a per-account basis, with useradd and usermod
  - Setting expiry data on a per-account basis, with chage
    - Hands-on lab for setting account and password expiry data
- Preventing brute-force password attacks
  - Configuring the pam_tally2 PAM module
    - Hands-on lab for configuring pam_tally2
- Locking user accounts
  - Using usermod to lock a user account
  - Using passwd to lock user accounts
  - Locking the root user account
- Setting up security banners
  - Using the motd file
  - Using the issue file
  - Using the issue.net file
- Summary
Chapter 3: Securing Your Server with a Firewall
- An overview of iptables
  - Basic usage of iptables
    - Hands-on lab for basic iptables usage
- Uncomplicated Firewall for Ubuntu systems
  - Basic usage of ufw
    - Hands-on lab for basic ufw usage
- firewalld for Red Hat systems
  - Verifying the status of firewalld
  - firewalld zones
  - firewalld services
  - Adding ports to a firewalld zone
  - firewalld rich language rules
    - Hands-on lab for firewalld commands
- nftables – a more universal type of firewall system
  - nftables tables and chains
  - Getting started with nftables
  - Using nft commands
    - Hands-on lab for nftables on Ubuntu
- Summary
Chapter 4: Encrypting and SSH Hardening
- GNU Privacy Guard
  - Creating your GPG keys
  - Symmetrically encrypting your own files
    - Hands-on lab – combining gpg and tar for encrypted backups
  - Using private and public keys for asymmetric encryption and signing
  - Signing a file without encryption
- Encrypting partitions with Linux Unified Key Setup – LUKS
  - Disk encryption during operating system installation
  - Adding an encrypted partition with LUKS
  - Configuring the LUKS partition to mount automatically
- Encrypting directories with eCryptfs
  - Home directory and disk encryption during Ubuntu installation
  - Encrypting a home directory for a new user account
  - Creating a private directory within an existing home directory
  - Encrypting other directories with eCryptfs
  - Encrypting the swap partition with eCryptfs
- Using VeraCrypt for cross-platform sharing of encrypted containers
  - Getting and installing VeraCrypt
  - Creating and mounting a VeraCrypt volume in console mode
  - Using VeraCrypt in GUI mode
- Ensuring that SSH protocol 1 is disabled
- Creating and managing keys for password-less logins
  - Creating a user's SSH key set
  - Transferring the public key to the remote server
- Disabling root user login
- Disabling username/password logins
- Setting up a chroot environment for SFTP users
  - Creating a group and configuring the sshd_config file
    - Hands-on lab – setting up a chroot directory for sftpusers group
- Summary
Chapter 5: Mastering Discretionary Access Control
- Using chown to change ownership of files and directories
- Using chmod to set permissions values on files and directories
  - Setting permissions with the symbolic method
  - Setting permissions with the numerical method
- Using SUID and SGID on regular files
- The security implications of the SUID and SGID permissions
  - Finding spurious SUID or SGID files
    - Hands-on lab – searching for SUID and SGID files
  - Preventing SUID and SGID usage on a partition
- Using extended file attributes to protect sensitive files
  - Setting the a attribute
  - Setting the i attribute
    - Hands-on lab – setting security-related extended file attributes
- Summary
Chapter 6: Access Control Lists and Shared Directory Management
- Creating an access control list for either a user or a group
- Creating an inherited access control list for a directory
- Removing a specific permission by using an ACL mask
- Using the tar --acls option to prevent the loss of ACLs during a backup
- Creating a user group and adding members to it
  - Adding members as we create their user accounts
  - Using usermod to add an existing user to a group
  - Adding users to a group by editing the /etc/group file
- Creating a shared directory
- Setting the SGID bit and the sticky bit on the shared directory
- Using ACLs to access files in the shared directory
  - Setting the permissions and creating the ACL
  - Charlie tries to access Vicky's file with an ACL set for Cleopatra
    - Hands-on lab – creating a shared group directory
- Summary
Chapter 7: Implementing Mandatory Access Control with SELinux and AppArmor
- How SELinux can benefit a systems administrator
- Setting security contexts for files and directories
  - Installing the SELinux tools
  - Creating web content files with SELinux enabled
  - Fixing an incorrect SELinux context
    - Using chcon
    - Using restorecon
    - Using semanage
    - Hands-on lab – SELinux type enforcement
- Troubleshooting with setroubleshoot
  - Viewing setroubleshoot messages
  - Using the graphical setroubleshoot utility
  - Troubleshooting in permissive mode
- Working with SELinux policies
  - Viewing the Booleans
  - Configuring the Booleans
  - Protecting your web server
  - Protecting network ports
  - Creating custom policy modules
    - Hands-on lab – SELinux Booleans and ports
- How AppArmor can benefit a systems administrator
- Looking at AppArmor profiles
- Working with AppArmor command-line utilities
- Troubleshooting AppArmor problems
- Summary
Chapter 8: Scanning, Auditing, and Hardening
- Installing and updating ClamAV and maldet
  - Installing ClamAV and maldet
  - Configuring maldet
  - Updating ClamAV and maldet
- Scanning with ClamAV and maldet
- SELinux considerations
- Scanning for rootkits with Rootkit Hunter
  - Installing and updating Rootkit Hunter
  - Scanning for rootkits
- Controlling the auditd daemon
- Creating audit rules
  - Auditing a file for changes
  - Auditing a directory
  - Auditing system calls
- Using ausearch and aureport
  - Searching for file change alerts
  - Searching for directory access rule violations
  - Searching for system call rule violations
  - Generating authentication reports
  - Using predefined rules sets
- Applying OpenSCAP policies with oscap
  - Installing OpenSCAP
  - Viewing the profile files
  - Scanning the system
  - Remediating the system
- Using SCAP Workbench
- More about OpenSCAP profiles
- Applying an OpenSCAP profile during system installation
- Summary
Chapter 9: Vulnerability Scanning and Intrusion Detection
- Looking at Snort and Security Onion
  - Obtaining and installing Snort
  - Graphical interfaces for Snort
  - Getting Snort in prebuilt appliances
  - Using Security Onion
- Scanning and hardening with Lynis
  - Installing Lynis on Red Hat/CentOS
  - Installing Lynis on Ubuntu
  - Scanning with Lynis
- Finding vulnerabilities with OpenVAS
- Web server scanning with Nikto
  - Nikto in Kali Linux
  - Installing and updating Nikto on Linux
  - Scanning a web server with Nikto
- Summary
Chapter 10: Security Tips and Tricks for the Busy Bee
- Auditing system services
  - Auditing system services with systemctl
  - Auditing network services with netstat
  - Auditing network services with Nmap
    - Port states
    - Scan types
- Password-protecting the GRUB 2 bootloader
  - Resetting the password for Red Hat/CentOS
  - Resetting the password for Ubuntu
  - Preventing kernel parameter edits on Red Hat/CentOS
  - Preventing kernel parameter edits on Ubuntu
  - Password-protecting boot options
    - Disabling the submenu for Ubuntu
    - Password-protecting boot option steps for both Ubuntu and Red Hat
- Securely configuring BIOS/UEFI
- Using a security checklist for system setup
- Summary
Other Books You May Enjoy
- Leave a review – let other readers know what you think
Index

Статистика использования

pdf/1699218.pdf

Количество обращений: 1
За последние 30 дней: 0
Подробная статистика

epub/1699218.epub