會員

Mastering Linux Security and Hardening

更新時間：2021-07-02 19:20:00

開會員，本書免費讀 >

最新章節： Leave a review – let other readers know what you think

IfyouareasystemsadministratororanetworkengineerinterestedinmakingyourLinuxenvironmentmoresecure,thenthisbookisforyou.SecurityconsultantswantingtoenhancetheirLinuxsecurityskillswillalsobenefitfromthisbook.PriorknowledgeofLinuxismandatory.

目錄(244章)

倒序

封面
版權信息
Packt Upsell
Why subscribe?
PacktPub.com
Contributors
About the author
About the reviewer
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Reviews
Running Linux in a Virtual Environment
The threat landscape
So how does this happen?
Keeping up with security news
Introduction to VirtualBox and Cygwin
Installing a virtual machine in VirtualBox
The EPEL repository on the CentOS virtual machine
Configuring a network for VirtualBox virtual machines
Creating a virtual machine snapshot with VirtualBox
Using Cygwin to connect to your virtual machines
Installing Cygwin on your Windows host
Summary
Securing User Accounts
The dangers of logging in as the root user
The advantages of using sudo
Setting up sudo privileges for full administrative users
Method 1 – adding users to a predefined admin group
Method 2 – creating an entry in the sudo policy file
Setting up sudo for users with only certain delegated privileges
Hands-on lab for assigning limited sudo privileges
Advanced tips and tricks for using sudo
The sudo timer
Hands-on lab for disabling the sudo timer
Preventing users from having root shell access
Preventing users from using shell escapes
Preventing users from using other dangerous programs
Limiting the user's actions with commands
Letting users run as other users
Locking down users' home directories the Red Hat or CentOS way
Locking down users' home directories the Debian/Ubuntu way
useradd on Debian/Ubuntu
adduser on Debian/Ubuntu
Hands-on lab for configuring adduser
Enforcing strong password criteria
Installing and configuring pwquality
Hands-on lab for setting password complexity criteria
Setting and enforcing password and account expiration
Configuring default expiry data for useradd – for Red Hat or CentOS only
Setting expiry data on a per-account basis with useradd and usermod
Setting expiry data on a per-account basis with chage
Hands-on lab for setting account and password expiry data
Preventing brute-force password attacks
Configuring the pam_tally2 PAM module
Hands-on lab for configuring pam_tally2
Locking user accounts
Using usermod to lock a user account
Using passwd to lock user accounts
Locking the root user account
Setting up security banners
Using the motd file
Using the issue file
Using the issue.net file
Summary
Securing Your Server with a Firewall
An overview of iptables
Basic usage of iptables
Hands-on lab for basic iptables usage
Uncomplicated Firewall for Ubuntu systems
Basic usage of ufw
Hands-on lab for basic ufw usage
firewalld for Red Hat systems
Verifying the status of firewalld
firewalld zones
firewalld services
Adding ports to a firewalld zone
firewalld rich language rules
Hands-on lab for firewalld commands
nftables – a more universal type of firewall system
nftables tables and chains
Getting started with nftables
Using nft commands
Hands-on lab for nftables on Ubuntu
Summary
Encrypting and SSH Hardening
GNU Privacy Guard
Creating your GPG keys
Symmetrically encrypting your own files
Hands-on lab – combining gpg and tar for encrypted backups
Using private and public keys for asymmetric encryption and signing
Signing a file without encryption
Encrypting partitions with Linux Unified Key Setup – LUKS
Disk encryption during operating system installation
Adding an encrypted partition with LUKS
Configuring the LUKS partition to mount automatically
Encrypting directories with eCryptfs
Home directory and disk encryption during Ubuntu installation
Encrypting a home directory for a new user account
Creating a private directory within an existing home directory
Encrypting other directories with eCryptfs
Encrypting the swap partition with eCryptfs
Using VeraCrypt for cross-platform sharing of encrypted containers
Getting and installing VeraCrypt
Creating and mounting a VeraCrypt volume in console mode
Using VeraCrypt in GUI mode
Ensuring that SSH protocol 1 is disabled
Creating and managing keys for password-less logins
Creating a user's SSH key set
Transferring the public key to the remote server
Disabling root user login
Disabling username/password logins
Setting up a chroot environment for SFTP users
Creating a group and configuring the sshd_config file
Hands-on lab – setting up a chroot directory for sftpusers group
Summary
Mastering Discretionary Access Control
Using chown to change ownership of files and directories
Using chmod to set permissions values on files and directories
Setting permissions with the symbolic method
Setting permissions with the numerical method
Using SUID and SGID on regular files
The security implications of the SUID and SGID permissions
Finding spurious SUID or SGID files
Hands-on lab – searching for SUID and SGID files
Preventing SUID and SGID usage on a partition
Using extended file attributes to protect sensitive files
Setting the a attribute
Setting the i attribute
Hands-on lab – setting security-related extended file attributes
Summary
Access Control Lists and Shared Directory Management
Creating an access control list for either a user or a group
Creating an inherited access control list for a directory
Removing a specific permission by using an ACL mask
Using the tar --acls option to prevent the loss of ACLs during a backup
Creating a user group and adding members to it
Adding members as we create their user accounts
Using usermod to add an existing user to a group
Adding users to a group by editing the /etc/group file
Creating a shared directory
Setting the SGID bit and the sticky bit on the shared directory
Using ACLs to access files in the shared directory
Setting the permissions and creating the ACL
Charlie tries to access Vicky's file with an ACL set for Cleopatra
Hands-on lab – creating a shared group directory
Summary
Implementing Mandatory Access Control with SELinux and AppArmor
How SELinux can benefit a systems administrator
Setting security contexts for files and directories
Installing the SELinux tools
Creating web content files with SELinux enabled
Fixing an incorrect SELinux context
Using chcon
Using restorecon
Using semanage
Hands-on lab – SELinux type enforcement
Troubleshooting with setroubleshoot
Viewing setroubleshoot messages
Using the graphical setroubleshoot utility
Troubleshooting in permissive mode
Working with SELinux policies
Viewing the Booleans
Configuring the Booleans
Protecting your web server
Protecting network ports
Creating custom policy modules
Hands-on lab – SELinux Booleans and ports
How AppArmor can benefit a systems administrator
Looking at AppArmor profiles
Working with AppArmor command-line utilities
Troubleshooting AppArmor problems
Summary
Scanning Auditing and Hardening
Installing and updating ClamAV and maldet
Installing ClamAV and maldet
Configuring maldet
Updating ClamAV and maldet
Scanning with ClamAV and maldet
SELinux considerations
Scanning for rootkits with Rootkit Hunter
Installing and updating Rootkit Hunter
Scanning for rootkits
Controlling the auditd daemon
Creating audit rules
Auditing a file for changes
Auditing a directory
Auditing system calls
Using ausearch and aureport
Searching for file change alerts
Searching for directory access rule violations
Searching for system call rule violations
Generating authentication reports
Using predefined rules sets
Applying OpenSCAP policies with oscap
Installing OpenSCAP
Viewing the profile files
Scanning the system
Remediating the system
Using SCAP Workbench
More about OpenSCAP profiles
Applying an OpenSCAP profile during system installation
Summary
Vulnerability Scanning and Intrusion Detection
Looking at Snort and Security Onion
Obtaining and installing Snort
Graphical interfaces for Snort
Getting Snort in prebuilt appliances
Using Security Onion
Scanning and hardening with Lynis
Installing Lynis on Red Hat/CentOS
Installing Lynis on Ubuntu
Scanning with Lynis
Finding vulnerabilities with OpenVAS
Web server scanning with Nikto
Nikto in Kali Linux
Installing and updating Nikto on Linux
Scanning a web server with Nikto
Summary
Security Tips and Tricks for the Busy Bee
Auditing system services
Auditing system services with systemctl
Auditing network services with netstat
Auditing network services with Nmap
Port states
Scan types
Password-protecting the GRUB 2 bootloader
Resetting the password for Red Hat/CentOS
Resetting the password for Ubuntu
Preventing kernel parameter edits on Red Hat/CentOS
Preventing kernel parameter edits on Ubuntu
Password-protecting boot options
Disabling the submenu for Ubuntu
Password-protecting boot option steps for both Ubuntu and Red Hat
Securely configuring BIOS/UEFI
Using a security checklist for system setup
Summary
Other Books You May Enjoy
Leave a review – let other readers know what you think 更新時間：2021-07-02 19:20:00

官术网_书友最值得收藏!

Mastering Linux Security and Hardening