Summary
Lock down your Linux system NOW!
- Up-to-the-minute security techniques for your entire Linux environment!
- NEW! In-depth coverage of Bastille, the breakthrough Linux lockdown tool!
- NEW! Intrusion detection with network sniffers and port scanners
- NEW! Complete coverage of the OpenSSH encryption suite
- Firewalls, email, Web services, filesystems, applications, and more
- Completely updated for RedHat 7.2
Now there's an up-to-the-minute, hands-on guide to using open source tools to protect any Linux system! Completely updated for the newest tools and distributions, Linux System Security, Second Edition covers virtually every facet of Linux security, from firewalls and intrusion detection to authentication and secure Web services. You'll master over a dozen crucial open source security tools, including sudo, portmap, xinetd, tiger, tripwire, ipchains, pam, crack, and more. Along the way, three long-time Linux sysadmins will show you the "gotchas," rules of thumb, and undocumented tricks it would take you years to learn on your own!
- Preparing Linux systems for a production environment
- Using Bastille to lock down Linux systems without unnecessarily compromising their functionality
- Combatting Trojan horses, backdoors, password cracking, buffer overflows, spoofing, DoS, and more
- OpenSSH: eliminating eavesdropping, connection hijacking, and other network-level attacks
- Detecting intrusions with network sniffers and port scanners
- Firewalls, email, Web services, filesystems, applications, and much more
- Protecting mixed Linux/UNIX(r) environments
- Includes a concise introduction to security policies
Want the benefits of Linux without the security risks? Get Linux System Security, Second Edition!
Prentice Hall Series on Computer Networking and Distributed Systems, Radia Perlman, Series Advisor
Table of Contents
Preface.
1. How Did That Happen?: Vulnerability Survey.
2. Imagine That! You're Big Brother! Security Policies.
3. This 'n That: Background Information.
4. Of Course I Trust My Users! Users, Permissions, and Filesystems.
5. Been Cracked? Just Put PAM on It! Pluggable Authentication Modules.
6. Just Once, Only Once! One-Time Passwords.
7. Bean Counting: System Accounting.
8. And You Thought Wiretapping Was for the Feds! System Logging.
9. Want To Be Root? Superuser Do (sudo).
10. Which Doors Are Open? Securing Network Services: xinetd.
11. Let 'Em Sniff the Net! The Secure Shell.
12. So You Think You've Got a Good Password! Crack.
13. What's Been Happening? Auditing Your System with Bastille.
14. Setting the Trap: Tripwire.
15. We Must Censor! Part 1: ipchains.
16. We Must Censor! Part 2: iptables.
17. Who's Watching Now? Scanners, Sniffers, and Detectors.
18. Wiretapping Is Not So Much Fun after All! Log File Management.
19. This Is an Awful Lot of Work! Implementing and Managing Security.
Appendix A. Keeping Up to Date.
Appendix B. Tools Not Covered.
Appendix C. OPIE.
Appendix D. Securing Network Services: TCP_Wrappers and portmap.
Appendix E. The Cryptographic and Transparent Cryptographic Filesystems.
Glossary.
Index.