Practical Linux Security Cookbook
Описание
Practical Linux Security Cookbook is intended for all those Linux users who already have knowledge of Linux filesystems and administration. You should be familiar with basic Linux commands. Understanding information security and its risks to a Linux system is also helpful in understanding the recipes more easily.
However, even if you are unfamiliar with information security, you will be able to easily follow and understand the recipes discussed.
Since Practical Linux Security Cookbook follows a practical approach, following the steps is very easy.
Категории
Связанные категории
Соответствующие авторы
Отрывок книги
Practical Linux Security Cookbook — Tajinder Kalsi
Table of Contents
Practical Linux Security Cookbook
Credits
About the Author
About the Reviewer
www.PacktPub.com
eBooks, discount offers, and more
Why Subscribe?
Preface
What this book covers
What you need for this book
Who this book is for
Sections
Getting ready
How to do it…
How it works…
There’s more…
See also
Conventions
Reader feedback
Customer support
Downloading the example code
Downloading the color images of this book
Errata
Piracy
Questions
1. Linux Security Problems
Introduction
The security policy of Linux
Developing a security policy
Configuring password protection
How to do it…
How it works…
Configuring server security
How to do it…
How it works…
There’s more…
Security controls
Conducting integrity checks of the installation medium using checksum
Getting ready
How to do it…
How it works…
See also
Using the LUKS disk encryption
Getting ready
How to do it…
How it works…
Making use of sudoers – configuring sudo access
Getting ready
How to do it…
How it works…
There’s more…
Vulnerability assessment
Scanning hosts with Nmap
Getting ready
How to do it…
How it works…
See also
Gaining a root on a vulnerable Linux system
Getting ready
How to do it…
How it works
There’s more…
Null or default passwords
IP spoofing
Eavesdropping
Service vulnerabilities
Denial of Service (DoS) attack
2. Configuring a Secure and Optimized Kernel
Introduction
Requirements for building and using a kernel
Creating a USB boot media
Getting ready
How to do it…
How it works…
Retrieving a kernel source
Getting ready
How to do it…
How it works…
Configuring and building a kernel
Getting ready
How to do it…
How it works…
Installing and booting from a kernel
Getting ready
How to do it…
How it works…
Testing and debugging a kernel
Configuring a console for debugging using Netconsole
Getting ready
How to do it…
How it works
There’s more…
Debugging a kernel on boot
How to do it…
3. Local Filesystem Security
Viewing file and directory details using the ls command
Getting ready
How to do it…
How it works…
Changing the file permissions using the chmod command
Getting ready
How to do it…
How it works…
There’s more.
Implementing access control list (ACL)
Getting ready
How to do it…
There’s more…
File handling using the mv command (moving and renaming)
Getting ready…
How it works…
There’s more…
Install and configure a basic LDAP server on Ubuntu
Getting ready
How to do it…
How it works…
4. Local Authentication in Linux
User authentication and logging
Getting Started
How to do it.
How it works.
Limiting the login capabilities of users
Getting ready
How to do it.
How it works.
Monitoring user activity using acct
Getting started
How to do it?
How it works.
Login authentication using a USB device and PAM
Getting ready
How to do it…
How it works.
There’s more.
Defining user authorization controls
Getting started.
How to do it.
How it works.
5. Remote Authentication
Remote server/host access using SSH
Getting ready
How to do it…
How it works…
Disabling or enabling SSH root login
Getting ready
How to do it…
How it works…
There’s more…
Restricting remote access with key-based login into SSH
Getting ready
How to do it.
How it works.
Copying files remotely
Getting ready
How to do it.
How it works.
Setting up a Kerberos server with Ubuntu
Getting ready
How to do it.
How it works.
6. Network Security
Managing the TCP/IP network
Getting ready
How to do it.
How it works.
Using Iptables to configure a firewall
Getting Ready
How to do it.
How it works.
Blocking spoofed addresses
Getting Ready
How to do it.
How it works.
Blocking incoming traffic
Getting Ready
How to do it.
How it works.
Configuring and using the TCP Wrapper
Getting Ready
How to do it?
How it works.
7. Security Tools
Linux sXID
Getting Ready
How to do it.
How it works.
PortSentry
Getting Ready
How to do it?
How it works.
Using Squid proxy
Getting Ready
How to do it.
How it works.
OpenSSL Server
Getting Ready
How to do it.
How it works.
Tripwire
Getting Ready
How to do it.
How it works.
Shorewall
Getting ready
How to do it.
How it works.
8. Linux Security Distros
Kali Linux
Getting ready
How to do it.
How it works.
pfSense
Getting ready
How to do it.
How it works.
DEFT – Digital Evidence and Forensic Toolkit
Getting ready
How to do it.
How it works.
NST – Network Security Toolkit
Getting ready
How to do it.
How it works.
Helix
Getting ready
How to do it?
How it works.
9. Patching a Bash Vulnerability
Understanding the bash vulnerability through Shellshock
Getting Ready
How to do it…
How it works…
Shellshock’s security issues
Getting Ready
How to do it…
How it works…
The patch management system
Getting ready
How to do it…
How it works…
Applying patches on the Linux systems
Getting ready
How to do it.
How it works.
10. Security Monitoring and Logging
Viewing and managing log files using Logcheck
Getting ready
How to do it…
How it works…
Monitoring a network using Nmap
Getting ready
How to do it…
How it works…
Using glances for system monitoring
Getting ready
How to do it…
How it works…
Monitoring logs using MultiTail
Getting ready
How to do it…
How it works…
Using system tools – Whowatch
Getting ready
How to do it…
How it works
Using system tools – stat
Getting ready
How to do it…
How it works
Using system tools – lsof
Getting ready
How to do it…
How it works
Using system tools – strace
Getting ready
How to do it…
How it works
Using Lynis
Getting ready
How to do it…
How it works
Index
Practical Linux Security Cookbook
Practical Linux Security Cookbook
Copyright © 2016 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: April 2016
Production reference: 1260416
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham B3 2PB, UK.
ISBN 978-1-78528-642-1
www.packtpub.com
Credits
Author
Tajinder Kalsi
Reviewer
Nick Glynn
Commissioning Editor
Veena Pagare
Acquisition Editor
Divya Poojari
Content Development Editor
Mehvash Fatima
Technical Editors
Gebin George
Anushree Arun Tendulkar
Copy Editors
Sonia Cheema
Safis Editing
Project Coordinator
Shweta H Birwatkar
Proofreader
Safis Editing
Indexer
Rekha Nair
Production Coordinator
Aparna Bhagat
Cover Work
Aparna Bhagat
About the Author
Tajinder Kalsi is an innovative professional with more than 9 years of progressive experience within the information security industry. He has a good amount of knowledge and experience in web application testing, vulnerability assessment, network penetration testing, and risk assessment.
At present, he is working as an independent information security consultant. He started his career with Wipro as a technical associate, and later on he became an ISMS consultant cum technical evangelist. In his free time, he conducts seminars in colleges all across India on various topics, and he has covered more than 125 colleges and spoken to 10,000+ students.
In the past, he has reviewed books such as Web Application Penetration Testing with Kali Linux, Mastering Kali Linux for Advanced Penetration Testing, and Advanced Wireless Penetration Testing for Highly-Secured Environments.
You can find him on Facebook at www.facebook.com/tajinder.kalsi.tj, or contact him on his website at www.tajinderkalsi.com.
About the Reviewer
Nick Glynn is a senior software/API engineer working for freelancer.com, where he provides backend and platform support across the stack using the latest technologies.
Drawing on his broad range of experience from Board Bring up, Linux driver development and systems development through to full stack deployments, web app development and security hardening for both the Linux and Android platforms, Nick continues his independent efforts as a training instructor and consultant, delivering courses and expertise on Go, Python, and secure Linux development across the globe through his company Curiola (www.curiola.com).
I would like to thank my family for their love and my beautiful daughter, Inara, for always being there to brighten my day.
www.PacktPub.com
eBooks, discount offers, and more
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at for more details.
At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.
https://www2.packtpub.com/books/subscription/packtlib
Do you need instant solutions to your IT questions? PacktLib is Packt’s online digital book library. Here, you can search, access, and read Packt’s entire library of books.
Why Subscribe?
Fully searchable across every book published by Packt
Copy and paste, print, and bookmark content
On demand and accessible via a web browser
Preface
When setting up a Linux system, security is supposed to be an important part of all stages. A good knowledge of the fundamentals of Linux is essential to implementing a good security policy on the machine.
Linux, as it ships, is not completely secure, and it is the responsibility of the administrator to configure the machine in a way such that it becomes more secure.
Practical Linux Security Cookbook will work as a practical guide for administrators and help them configure a more secure machine.
If you want to learn about Kernel configuration, filesystem security, secure authentication, network security, and various security tools for Linux, this book is for you.
Linux security is a massive subject and not everything can be covered in just one book. Still, Practical Linux Security Cookbook will give you a lot of recipes for securing your machine.
What this book covers
Chapter 1, Linux Security Problems, covers various vulnerabilities and exploits in relation to Linux. It also discusses the kinds of security that can be implemented for these exploits. Topics include preparing security policies and security controls for password protection and server security and performing vulnerability assessments of the Linux system. It also covers the configuration of sudo access.
Chapter 2, Configuring a Secure and Optimized Kernel, focuses on the process of configuring and building the Linux kernel and its testing. Topics covered include requirements for building a kernel, configuring a kernel, kernel installation, customization, and kernel debugging. The chapter also discusses configuring a console using Netconsole.
Chapter 3, Local Filesystem Security, looks at Linux file structures and permissions. It covers topics such as viewing file and directory details, handling files and file permissions using chmod, and the implementation of an access control list. The chapter also gives readers an introduction to the configuration of LDAP.
Chapter 4, Local Authentication in Linux, explores user authentication on a local system while maintaining security. Topics covered in this chapter include user authentication logging, limiting user login capabilities, monitoring user activity, authentication control definition, and also how to use PAM.
Chapter 5, Remote Authentication, talks about authenticating users remotely on a Linux system. The topics included in this chapter are remote server access using SSH, disabling and enabling root login, restricting remote access when using SSH, copying files remotely over SSH, and setting up Kerberos.
Chapter 6, Network Security, provides information about network attacks and security. It covers managing the TCP/IP network, configuring a firewall using Iptables, blocking spoofed addresses, and unwanted incoming traffic. The chapter also gives readers an introduction to configuring and using TCP Wrapper.
Chapter 7, Security Tools, targets various security tools or software that can be used for security on a Linux system. Tools covered in this chapter include sXID, PortSentry, Squid proxy, OpenSSL server, Tripwire, and Shorewall.
Chapter 8, Linux Security Distros, introduces the readers to some of the famous distributions of Linux/Unix that have been developed in relation to security and penetration testing. The distros covered in this chapter include Kali Linux, pfSense, DEFT, NST, and Helix.
Chapter 9, Patching a Bash Vulnerability, explores the most famous vulnerability of Bash shell, which is known as Shellshock. It gives readers an understanding of Shellshock vulnerability and the security issues that can arise with its presence. The chapter also tells the reader how to use the Linux Patch Management system to secure their machine and also gives them an understanding of how patches are applied in a Linux system.
Chapter 10, Security Monitoring and Logging, provides information on monitoring logs in Linux, on a local system as well as a network. Topics discussed in this chapter include monitoring logs using Logcheck, using Nmap for network monitoring, system monitoring using Glances, and using MultiTail to monitor logs. A few other tools are also discussed, which include Whowatch, stat, lsof, strace, and Lynis.
What you need for this book
To get the most out of this book, readers should have a basic understanding of the Linux filesystem and administration. They should be aware of the basic commands