Linux Security Cookbook - Brossura

Preface; A Cookbook About Security?!?; Intended Audience; Roadmap of the Book; Our Security Philosophy; Supported Linux Distributions; Trying the Recipes; Conventions Used in This Book; We'd Like to Hear from You; Acknowledgments; Chapter 1: System Snapshots with Tripwire; 1.1 Setting Up Tripwire; 1.2 Displaying the Policy and Configuration; 1.3 Modifying the Policy and Configuration; 1.4 Basic Integrity Checking; 1.5 Read-Only Integrity Checking; 1.6 Remote Integrity Checking; 1.7 Ultra-Paranoid Integrity Checking; 1.8 Expensive, Ultra-Paranoid Security Checking; 1.9 Automated Integrity Checking; 1.10 Printing the Latest Tripwire Report; 1.11 Updating the Database; 1.12 Adding Files to the Database; 1.13 Excluding Files from the Database; 1.14 Checking Windows VFAT Filesystems; 1.15 Verifying RPM-Installed Files; 1.16 Integrity Checking with rsync; 1.17 Integrity Checking Manually; Chapter 2: Firewalls with iptables and ipchains; 2.1 Enabling Source Address Verification; 2.2 Blocking Spoofed Addresses; 2.3 Blocking All Network Traffic; 2.4 Blocking Incoming Traffic; 2.5 Blocking Outgoing Traffic; 2.6 Blocking Incoming Service Requests; 2.7 Blocking Access from a Remote Host; 2.8 Blocking Access to a Remote Host; 2.9 Blocking Outgoing Access to All Web Servers on a Network; 2.10 Blocking Remote Access, but Permitting Local; 2.11 Controlling Access by MAC Address; 2.12 Permitting SSH Access Only; 2.13 Prohibiting Outgoing Telnet Connections; 2.14 Protecting a Dedicated Server; 2.15 Preventing pings; 2.16 Listing Your Firewall Rules; 2.17 Deleting Firewall Rules; 2.18 Inserting Firewall Rules; 2.19 Saving a Firewall Configuration; 2.20 Loading a Firewall Configuration; 2.21 Testing a Firewall Configuration; 2.22 Building Complex Rule Trees; 2.23 Logging Simplified; Chapter 3: Network Access Control; 3.1 Listing Your Network Interfaces; 3.2 Starting and Stopping the Network Interface; 3.3 Enabling/Disabling a Service (xinetd); 3.4 Enabling/Disabling a Service (inetd); 3.5 Adding a New Service (xinetd); 3.6 Adding a New Service (inetd); 3.7 Restricting Access by Remote Users; 3.8 Restricting Access by Remote Hosts (xinetd); 3.9 Restricting Access by Remote Hosts (xinetd with libwrap); 3.10 Restricting Access by Remote Hosts (xinetd with tcpd); 3.11 Restricting Access by Remote Hosts (inetd); 3.12 Restricting Access by Time of Day; 3.13 Restricting Access to an SSH Server by Host; 3.14 Restricting Access to an SSH Server by Account; 3.15 Restricting Services to Specific Filesystem Directories; 3.16 Preventing Denial of Service Attacks; 3.17 Redirecting to Another Socket; 3.18 Logging Access to Your Services; 3.19 Prohibiting root Logins on Terminal Devices; Chapter 4: Authentication Techniques and Infrastructures; 4.1 Creating a PAM-Aware Application; 4.2 Enforcing Password Strength with PAM; 4.3 Creating Access Control Lists with PAM; 4.4 Validating an SSL Certificate; 4.5 Decoding an SSL Certificate; 4.6 Installing a New SSL Certificate; 4.7 Generating an SSL Certificate Signing Request (CSR); 4.8 Creating a Self-Signed SSL Certificate; 4.9 Setting Up a Certifying Authority; 4.10 Converting SSL Certificates from DER to PEM; 4.11 Getting Started with Kerberos; 4.12 Adding Users to a Kerberos Realm; 4.13 Adding Hosts to a Kerberos Realm; 4.14 Using Kerberos with SSH; 4.15 Using Kerberos with Telnet; 4.16 Securing IMAP with Kerberos; 4.17 Using Kerberos with PAM for System-Wide Authentication; Chapter 5: Authorization Controls; 5.1 Running a root Login Shell; 5.2 Running X Programs as root; 5.3 Running Commands as Another User via sudo; 5.4 Bypassing Password Authentication in sudo; 5.5 Forcing Password Authentication in sudo; 5.6 Authorizing per Host in sudo; 5.7 Granting Privileges to a Group via sudo; 5.8 Running Any Program in a Directory via sudo; 5.9 Prohibiting Command Arguments with sudo; 5.10 Sharing Files Using Groups; 5.11 Permitting Read-Only Access to a Shared File via sudo; 5.12 Authorizing Password Changes via sudo; 5.13 Starting/Stopping Daemons via sudo; 5.14 Restricting root's Abilities via sudo; 5.15 Killing Processes via sudo; 5.16 Listing sudo Invocations; 5.17 Logging sudo Remotely; 5.18 Sharing root Privileges via SSH; 5.19 Running root Commands via SSH; 5.20 Sharing root Privileges via Kerberos su; Chapter 6: Protecting Outgoing Network Connections; 6.1 Logging into a Remote Host; 6.2 Invoking Remote Programs; 6.3 Copying Files Remotely; 6.4 Authenticating by Public Key (OpenSSH); 6.5 Authenticating by Public Key (OpenSSH Client, SSH2 Server, OpenSSH Key); 6.6 Authenticating by Public Key (OpenSSH Client, SSH2 Server, SSH2 Key); 6.7 Authenticating by Public Key (SSH2 Client, OpenSSH Server); 6.8 Authenticating by Trusted Host; 6.9 Authenticating Without a Password (Interactively); 6.10 Authenticating in cron Jobs; 6.11 Terminating an SSH Agent on Logout; 6.12 Tailoring SSH per Host; 6.13 Changing SSH Client Defaults; 6.14 Tunneling Another TCP Session Through SSH; 6.15 Keeping Track of Passwords; Chapter 7: Protecting Files; 7.1 Using File Permissions; 7.2 Securing a Shared Directory; 7.3 Prohibiting Directory Listings; 7.4 Encrypting Files with a Password; 7.5 Decrypting Files; 7.6 Setting Up GnuPG for Public-Key Encryption; 7.7 Listing Your Keyring; 7.8 Setting a Default Key; 7.9 Sharing Public Keys; 7.10 Adding Keys to Your Keyring; 7.11 Encrypting Files for Others; 7.12 Signing a Text File; 7.13 Signing and Encrypting Files; 7.14 Creating a Detached Signature File; 7.15 Checking a Signature; 7.16 Printing Public Keys; 7.17 Backing Up a Private Key; 7.18 Encrypting Directories; 7.19 Adding Your Key to a Keyserver; 7.20 Uploading New Signatures to a Keyserver; 7.21 Obtaining Keys from a Keyserver; 7.22 Revoking a Key; 7.23 Maintaining Encrypted Files with Emacs; 7.24 Maintaining Encrypted Files with vim; 7.25 Encrypting Backups; 7.26 Using PGP Keys with GnuPG; Chapter 8: Protecting Email; 8.1 Encrypted Mail with Emacs; 8.2 Encrypted Mail with vim; 8.3 Encrypted Mail with Pine; 8.4 Encrypted Mail with Mozilla; 8.5 Encrypted Mail with Evolution; 8.6 Encrypted Mail with mutt; 8.7 Encrypted Mail with elm; 8.8 Encrypted Mail with MH; 8.9 Running a POP/IMAP Mail Server with SSL; 8.10 Testing an SSL Mail Connection; 8.11 Securing POP/IMAP with SSL and Pine; 8.12 Securing POP/IMAP with SSL and mutt; 8.13 Securing POP/IMAP with SSL and Evolution; 8.14 Securing POP/IMAP with stunnel and SSL; 8.15 Securing POP/IMAP with SSH; 8.16 Securing POP/IMAP with SSH and Pine; 8.17 Receiving Mail Without a Visible Server; 8.18 Using an SMTP Server from Arbitrary Clients; Chapter 9: Testing and Monitoring; 9.1 Testing Login Passwords (John the Ripper); 9.2 Testing Login Passwords (CrackLib); 9.3 Finding Accounts with No Password; 9.4 Finding Superuser Accounts; 9.5 Checking for Suspicious Account Use; 9.6 Checking for Suspicious Account Use, Multiple Systems; 9.7 Testing Your Search Path; 9.8 Searching Filesystems Effectively; 9.9 Finding setuid (or setgid) Programs; 9.10 Securing Device Special Files; 9.11 Finding Writable Files; 9.12 Looking for Rootkits; 9.13 Testing for Open Ports; 9.14 Examining Local Network Activities; 9.15 Tracing Processes; 9.16 Observing Network Traffic; 9.17 Observing Network Traffic (GUI); 9.18 Searching for Strings in Network Traffic; 9.19 Detecting Insecure Network Protocols; 9.20 Getting Started with Snort; 9.21 Packet Sniffing with Snort; 9.22 Detecting Intrusions with Snort; 9.23 Decoding Snort Alert Messages; 9.24 Logging with Snort; 9.25 Partitioning Snort Logs Into Separate Files; 9.26 Upgrading and Tuning Snort's Ruleset; 9.27 Directing System Messages to Log Files (syslog); 9.28 Testing a syslog Configuration; 9.29 Logging Remotely; 9.30 Rotating Log Files; 9.31 Sending Messages to the System Logger; 9.32 Writing Log Entries via Shell Scripts; 9.33 Writing Log Entries via Perl; 9.34 Writing Log Entries via C; 9.35 Combining Log Files; 9.36 Summarizing Your Logs with logwatch; 9.37 Defining a logwatch Filter; 9.38 Monitoring All Executed Commands; 9.39 Displaying All Executed Commands; 9.40 Parsing the Process Accounting Log; 9.41 Recovering from a Hack; 9.42 Filing an Incident Report; Colophon;