Linux Security

A. Justin Wilder, Telos Corporation

Introduction

The Basics

BIOS

Installation Considerations

System Initialization

Boot Loader

Runlevels

Kernel Security

Recompiling

Kernel Modifications

/proc

Network Security

Network Interface Configuration

Netfilter

Host-Based Firewall

File System Security

Mount Control

Files and Directories

Applications and Service Daemons

/etc/init.d

Xinetd

Verification

Restricting Applications and Services

Application and Services References

Patch and Package Management

RPM (RedHat Package Manager)

Up2date

Root, User, and Group Accounts

Note About Passwords

Root Account

User and Group Accounts

System Auditing

Syslog

Log Administration

Audit Tools

Syslog Replacements

Backups

Backup Considerations

Backup Utilities

Recovery

Additional Utilities

Legal Protections

Implementation

Sample Logon Banner

Conclusion

Glossary

Cross References

References

Further Reading

INTRODUCTION

This chapter was written based on version 9 of the Red Hat Linux and the Red Hat Fedora Core 1 and 2 distributions. Although the examples used in this chapter may focus on a limited set of Linux distributions, the fundamental concepts can be used with nearly every Linux distribution. Each section remains focused on hardening the core operating system using the tools and capabilities of the base installation. The sections do not go into detail on other additive security controls as there are far too many variations to adequately address within the scope of this chapter.

The reader ...

Get Handbook of Information Security: Information Warfare, Social, Legal, and International Issues and Security Foundations, Volume 2 now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.