舉報 
會員
Mastering Linux Security and Hardening
IfyouareasystemsadministratororanetworkengineerinterestedinmakingyourLinuxenvironmentmoresecure,thenthisbookisforyou.SecurityconsultantswantingtoenhancetheirLinuxsecurityskillswillalsobenefitfromthisbook.PriorknowledgeofLinuxismandatory.
最新章節
- Leave a review – let other readers know what you think
- Other Books You May Enjoy
- Summary
- Using a security checklist for system setup
- Securely configuring BIOS/UEFI
- Password-protecting boot option steps for both Ubuntu and Red Hat
品牌:中圖公司
上架時間:2021-07-02 18:21:18
出版社:Packt Publishing
本書數字版權由中圖公司提供,并由其授權上海閱文信息技術有限公司制作發行
- Leave a review – let other readers know what you think 更新時間:2021-07-02 19:20:00
- Other Books You May Enjoy
- Summary
- Using a security checklist for system setup
- Securely configuring BIOS/UEFI
- Password-protecting boot option steps for both Ubuntu and Red Hat
- Disabling the submenu for Ubuntu
- Password-protecting boot options
- Preventing kernel parameter edits on Ubuntu
- Preventing kernel parameter edits on Red Hat/CentOS
- Resetting the password for Ubuntu
- Resetting the password for Red Hat/CentOS
- Password-protecting the GRUB 2 bootloader
- Scan types
- Port states
- Auditing network services with Nmap
- Auditing network services with netstat
- Auditing system services with systemctl
- Auditing system services
- Security Tips and Tricks for the Busy Bee
- Summary
- Scanning a web server with Nikto
- Installing and updating Nikto on Linux
- Nikto in Kali Linux
- Web server scanning with Nikto
- Finding vulnerabilities with OpenVAS
- Scanning with Lynis
- Installing Lynis on Ubuntu
- Installing Lynis on Red Hat/CentOS
- Scanning and hardening with Lynis
- Using Security Onion
- Getting Snort in prebuilt appliances
- Graphical interfaces for Snort
- Obtaining and installing Snort
- Looking at Snort and Security Onion
- Vulnerability Scanning and Intrusion Detection
- Summary
- Applying an OpenSCAP profile during system installation
- More about OpenSCAP profiles
- Using SCAP Workbench
- Remediating the system
- Scanning the system
- Viewing the profile files
- Installing OpenSCAP
- Applying OpenSCAP policies with oscap
- Using predefined rules sets
- Generating authentication reports
- Searching for system call rule violations
- Searching for directory access rule violations
- Searching for file change alerts
- Using ausearch and aureport
- Auditing system calls
- Auditing a directory
- Auditing a file for changes
- Creating audit rules
- Controlling the auditd daemon
- Scanning for rootkits
- Installing and updating Rootkit Hunter
- Scanning for rootkits with Rootkit Hunter
- SELinux considerations
- Scanning with ClamAV and maldet
- Updating ClamAV and maldet
- Configuring maldet
- Installing ClamAV and maldet
- Installing and updating ClamAV and maldet
- Scanning Auditing and Hardening
- Summary
- Troubleshooting AppArmor problems
- Working with AppArmor command-line utilities
- Looking at AppArmor profiles
- How AppArmor can benefit a systems administrator
- Hands-on lab – SELinux Booleans and ports
- Creating custom policy modules
- Protecting network ports
- Protecting your web server
- Configuring the Booleans
- Viewing the Booleans
- Working with SELinux policies
- Troubleshooting in permissive mode
- Using the graphical setroubleshoot utility
- Viewing setroubleshoot messages
- Troubleshooting with setroubleshoot
- Hands-on lab – SELinux type enforcement
- Using semanage
- Using restorecon
- Using chcon
- Fixing an incorrect SELinux context
- Creating web content files with SELinux enabled
- Installing the SELinux tools
- Setting security contexts for files and directories
- How SELinux can benefit a systems administrator
- Implementing Mandatory Access Control with SELinux and AppArmor
- Summary
- Hands-on lab – creating a shared group directory
- Charlie tries to access Vicky's file with an ACL set for Cleopatra
- Setting the permissions and creating the ACL
- Using ACLs to access files in the shared directory
- Setting the SGID bit and the sticky bit on the shared directory
- Creating a shared directory
- Adding users to a group by editing the /etc/group file
- Using usermod to add an existing user to a group
- Adding members as we create their user accounts
- Creating a user group and adding members to it
- Using the tar --acls option to prevent the loss of ACLs during a backup
- Removing a specific permission by using an ACL mask
- Creating an inherited access control list for a directory
- Creating an access control list for either a user or a group
- Access Control Lists and Shared Directory Management
- Summary
- Hands-on lab – setting security-related extended file attributes
- Setting the i attribute
- Setting the a attribute
- Using extended file attributes to protect sensitive files
- Preventing SUID and SGID usage on a partition
- Hands-on lab – searching for SUID and SGID files
- Finding spurious SUID or SGID files
- The security implications of the SUID and SGID permissions
- Using SUID and SGID on regular files
- Setting permissions with the numerical method
- Setting permissions with the symbolic method
- Using chmod to set permissions values on files and directories
- Using chown to change ownership of files and directories
- Mastering Discretionary Access Control
- Summary
- Hands-on lab – setting up a chroot directory for sftpusers group
- Creating a group and configuring the sshd_config file
- Setting up a chroot environment for SFTP users
- Disabling username/password logins
- Disabling root user login
- Transferring the public key to the remote server
- Creating a user's SSH key set
- Creating and managing keys for password-less logins
- Ensuring that SSH protocol 1 is disabled
- Using VeraCrypt in GUI mode
- Creating and mounting a VeraCrypt volume in console mode
- Getting and installing VeraCrypt
- Using VeraCrypt for cross-platform sharing of encrypted containers
- Encrypting the swap partition with eCryptfs
- Encrypting other directories with eCryptfs
- Creating a private directory within an existing home directory
- Encrypting a home directory for a new user account
- Home directory and disk encryption during Ubuntu installation
- Encrypting directories with eCryptfs
- Configuring the LUKS partition to mount automatically
- Adding an encrypted partition with LUKS
- Disk encryption during operating system installation
- Encrypting partitions with Linux Unified Key Setup – LUKS
- Signing a file without encryption
- Using private and public keys for asymmetric encryption and signing
- Hands-on lab – combining gpg and tar for encrypted backups
- Symmetrically encrypting your own files
- Creating your GPG keys
- GNU Privacy Guard
- Encrypting and SSH Hardening
- Summary
- Hands-on lab for nftables on Ubuntu
- Using nft commands
- Getting started with nftables
- nftables tables and chains
- nftables – a more universal type of firewall system
- Hands-on lab for firewalld commands
- firewalld rich language rules
- Adding ports to a firewalld zone
- firewalld services
- firewalld zones
- Verifying the status of firewalld
- firewalld for Red Hat systems
- Hands-on lab for basic ufw usage
- Basic usage of ufw
- Uncomplicated Firewall for Ubuntu systems
- Hands-on lab for basic iptables usage
- Basic usage of iptables
- An overview of iptables
- Securing Your Server with a Firewall
- Summary
- Using the issue.net file
- Using the issue file
- Using the motd file
- Setting up security banners
- Locking the root user account
- Using passwd to lock user accounts
- Using usermod to lock a user account
- Locking user accounts
- Hands-on lab for configuring pam_tally2
- Configuring the pam_tally2 PAM module
- Preventing brute-force password attacks
- Hands-on lab for setting account and password expiry data
- Setting expiry data on a per-account basis with chage
- Setting expiry data on a per-account basis with useradd and usermod
- Configuring default expiry data for useradd – for Red Hat or CentOS only
- Setting and enforcing password and account expiration
- Hands-on lab for setting password complexity criteria
- Installing and configuring pwquality
- Enforcing strong password criteria
- Hands-on lab for configuring adduser
- adduser on Debian/Ubuntu
- useradd on Debian/Ubuntu
- Locking down users' home directories the Debian/Ubuntu way
- Locking down users' home directories the Red Hat or CentOS way
- Letting users run as other users
- Limiting the user's actions with commands
- Preventing users from using other dangerous programs
- Preventing users from using shell escapes
- Preventing users from having root shell access
- Hands-on lab for disabling the sudo timer
- The sudo timer
- Advanced tips and tricks for using sudo
- Hands-on lab for assigning limited sudo privileges
- Setting up sudo for users with only certain delegated privileges
- Method 2 – creating an entry in the sudo policy file
- Method 1 – adding users to a predefined admin group
- Setting up sudo privileges for full administrative users
- The advantages of using sudo
- The dangers of logging in as the root user
- Securing User Accounts
- Summary
- Installing Cygwin on your Windows host
- Using Cygwin to connect to your virtual machines
- Creating a virtual machine snapshot with VirtualBox
- Configuring a network for VirtualBox virtual machines
- The EPEL repository on the CentOS virtual machine
- Installing a virtual machine in VirtualBox
- Introduction to VirtualBox and Cygwin
- Keeping up with security news
- So how does this happen?
- The threat landscape
- Running Linux in a Virtual Environment
- Reviews
- Get in touch
- Conventions used
- Download the color images
- To get the most out of this book
- What this book covers
- Who this book is for
- Preface
- Packt is searching for authors like you
- About the reviewer
- About the author
- Contributors
- PacktPub.com
- Why subscribe?
- Packt Upsell
- 版權信息
- 封面
- 封面
- 版權信息
- Packt Upsell
- Why subscribe?
- PacktPub.com
- Contributors
- About the author
- About the reviewer
- Packt is searching for authors like you
- Preface
- Who this book is for
- What this book covers
- To get the most out of this book
- Download the color images
- Conventions used
- Get in touch
- Reviews
- Running Linux in a Virtual Environment
- The threat landscape
- So how does this happen?
- Keeping up with security news
- Introduction to VirtualBox and Cygwin
- Installing a virtual machine in VirtualBox
- The EPEL repository on the CentOS virtual machine
- Configuring a network for VirtualBox virtual machines
- Creating a virtual machine snapshot with VirtualBox
- Using Cygwin to connect to your virtual machines
- Installing Cygwin on your Windows host
- Summary
- Securing User Accounts
- The dangers of logging in as the root user
- The advantages of using sudo
- Setting up sudo privileges for full administrative users
- Method 1 – adding users to a predefined admin group
- Method 2 – creating an entry in the sudo policy file
- Setting up sudo for users with only certain delegated privileges
- Hands-on lab for assigning limited sudo privileges
- Advanced tips and tricks for using sudo
- The sudo timer
- Hands-on lab for disabling the sudo timer
- Preventing users from having root shell access
- Preventing users from using shell escapes
- Preventing users from using other dangerous programs
- Limiting the user's actions with commands
- Letting users run as other users
- Locking down users' home directories the Red Hat or CentOS way
- Locking down users' home directories the Debian/Ubuntu way
- useradd on Debian/Ubuntu
- adduser on Debian/Ubuntu
- Hands-on lab for configuring adduser
- Enforcing strong password criteria
- Installing and configuring pwquality
- Hands-on lab for setting password complexity criteria
- Setting and enforcing password and account expiration
- Configuring default expiry data for useradd – for Red Hat or CentOS only
- Setting expiry data on a per-account basis with useradd and usermod
- Setting expiry data on a per-account basis with chage
- Hands-on lab for setting account and password expiry data
- Preventing brute-force password attacks
- Configuring the pam_tally2 PAM module
- Hands-on lab for configuring pam_tally2
- Locking user accounts
- Using usermod to lock a user account
- Using passwd to lock user accounts
- Locking the root user account
- Setting up security banners
- Using the motd file
- Using the issue file
- Using the issue.net file
- Summary
- Securing Your Server with a Firewall
- An overview of iptables
- Basic usage of iptables
- Hands-on lab for basic iptables usage
- Uncomplicated Firewall for Ubuntu systems
- Basic usage of ufw
- Hands-on lab for basic ufw usage
- firewalld for Red Hat systems
- Verifying the status of firewalld
- firewalld zones
- firewalld services
- Adding ports to a firewalld zone
- firewalld rich language rules
- Hands-on lab for firewalld commands
- nftables – a more universal type of firewall system
- nftables tables and chains
- Getting started with nftables
- Using nft commands
- Hands-on lab for nftables on Ubuntu
- Summary
- Encrypting and SSH Hardening
- GNU Privacy Guard
- Creating your GPG keys
- Symmetrically encrypting your own files
- Hands-on lab – combining gpg and tar for encrypted backups
- Using private and public keys for asymmetric encryption and signing
- Signing a file without encryption
- Encrypting partitions with Linux Unified Key Setup – LUKS
- Disk encryption during operating system installation
- Adding an encrypted partition with LUKS
- Configuring the LUKS partition to mount automatically
- Encrypting directories with eCryptfs
- Home directory and disk encryption during Ubuntu installation
- Encrypting a home directory for a new user account
- Creating a private directory within an existing home directory
- Encrypting other directories with eCryptfs
- Encrypting the swap partition with eCryptfs
- Using VeraCrypt for cross-platform sharing of encrypted containers
- Getting and installing VeraCrypt
- Creating and mounting a VeraCrypt volume in console mode
- Using VeraCrypt in GUI mode
- Ensuring that SSH protocol 1 is disabled
- Creating and managing keys for password-less logins
- Creating a user's SSH key set
- Transferring the public key to the remote server
- Disabling root user login
- Disabling username/password logins
- Setting up a chroot environment for SFTP users
- Creating a group and configuring the sshd_config file
- Hands-on lab – setting up a chroot directory for sftpusers group
- Summary
- Mastering Discretionary Access Control
- Using chown to change ownership of files and directories
- Using chmod to set permissions values on files and directories
- Setting permissions with the symbolic method
- Setting permissions with the numerical method
- Using SUID and SGID on regular files
- The security implications of the SUID and SGID permissions
- Finding spurious SUID or SGID files
- Hands-on lab – searching for SUID and SGID files
- Preventing SUID and SGID usage on a partition
- Using extended file attributes to protect sensitive files
- Setting the a attribute
- Setting the i attribute
- Hands-on lab – setting security-related extended file attributes
- Summary
- Access Control Lists and Shared Directory Management
- Creating an access control list for either a user or a group
- Creating an inherited access control list for a directory
- Removing a specific permission by using an ACL mask
- Using the tar --acls option to prevent the loss of ACLs during a backup
- Creating a user group and adding members to it
- Adding members as we create their user accounts
- Using usermod to add an existing user to a group
- Adding users to a group by editing the /etc/group file
- Creating a shared directory
- Setting the SGID bit and the sticky bit on the shared directory
- Using ACLs to access files in the shared directory
- Setting the permissions and creating the ACL
- Charlie tries to access Vicky's file with an ACL set for Cleopatra
- Hands-on lab – creating a shared group directory
- Summary
- Implementing Mandatory Access Control with SELinux and AppArmor
- How SELinux can benefit a systems administrator
- Setting security contexts for files and directories
- Installing the SELinux tools
- Creating web content files with SELinux enabled
- Fixing an incorrect SELinux context
- Using chcon
- Using restorecon
- Using semanage
- Hands-on lab – SELinux type enforcement
- Troubleshooting with setroubleshoot
- Viewing setroubleshoot messages
- Using the graphical setroubleshoot utility
- Troubleshooting in permissive mode
- Working with SELinux policies
- Viewing the Booleans
- Configuring the Booleans
- Protecting your web server
- Protecting network ports
- Creating custom policy modules
- Hands-on lab – SELinux Booleans and ports
- How AppArmor can benefit a systems administrator
- Looking at AppArmor profiles
- Working with AppArmor command-line utilities
- Troubleshooting AppArmor problems
- Summary
- Scanning Auditing and Hardening
- Installing and updating ClamAV and maldet
- Installing ClamAV and maldet
- Configuring maldet
- Updating ClamAV and maldet
- Scanning with ClamAV and maldet
- SELinux considerations
- Scanning for rootkits with Rootkit Hunter
- Installing and updating Rootkit Hunter
- Scanning for rootkits
- Controlling the auditd daemon
- Creating audit rules
- Auditing a file for changes
- Auditing a directory
- Auditing system calls
- Using ausearch and aureport
- Searching for file change alerts
- Searching for directory access rule violations
- Searching for system call rule violations
- Generating authentication reports
- Using predefined rules sets
- Applying OpenSCAP policies with oscap
- Installing OpenSCAP
- Viewing the profile files
- Scanning the system
- Remediating the system
- Using SCAP Workbench
- More about OpenSCAP profiles
- Applying an OpenSCAP profile during system installation
- Summary
- Vulnerability Scanning and Intrusion Detection
- Looking at Snort and Security Onion
- Obtaining and installing Snort
- Graphical interfaces for Snort
- Getting Snort in prebuilt appliances
- Using Security Onion
- Scanning and hardening with Lynis
- Installing Lynis on Red Hat/CentOS
- Installing Lynis on Ubuntu
- Scanning with Lynis
- Finding vulnerabilities with OpenVAS
- Web server scanning with Nikto
- Nikto in Kali Linux
- Installing and updating Nikto on Linux
- Scanning a web server with Nikto
- Summary
- Security Tips and Tricks for the Busy Bee
- Auditing system services
- Auditing system services with systemctl
- Auditing network services with netstat
- Auditing network services with Nmap
- Port states
- Scan types
- Password-protecting the GRUB 2 bootloader
- Resetting the password for Red Hat/CentOS
- Resetting the password for Ubuntu
- Preventing kernel parameter edits on Red Hat/CentOS
- Preventing kernel parameter edits on Ubuntu
- Password-protecting boot options
- Disabling the submenu for Ubuntu
- Password-protecting boot option steps for both Ubuntu and Red Hat
- Securely configuring BIOS/UEFI
- Using a security checklist for system setup
- Summary
- Other Books You May Enjoy
- Leave a review – let other readers know what you think 更新時間:2021-07-02 19:20:00
