Book description
A comprehensive guide to securing your Linux system against cyberattacks and intruders
Key Features
- Deliver a system that reduces the risk of being hacked
- Explore a variety of advanced Linux security techniques with the help of hands-on labs
- Master the art of securing a Linux environment with this end-to-end practical guide
Book Description
From creating networks and servers to automating the entire working environment, Linux has been extremely popular with system administrators for the last couple of decades. However, security has always been a major concern. With limited resources available in the Linux security domain, this book will be an invaluable guide in helping you get your Linux systems properly secured.
Complete with in-depth explanations of essential concepts, practical examples, and self-assessment questions, this book begins by helping you set up a practice lab environment and takes you through the core functionalities of securing Linux. You'll practice various Linux hardening techniques and advance to setting up a locked-down Linux server. As you progress, you will also learn how to create user accounts with appropriate privilege levels, protect sensitive data by setting permissions and encryption, and configure a firewall. The book will help you set up mandatory access control, system auditing, security profiles, and kernel hardening, and finally cover best practices and troubleshooting techniques to secure your Linux environment efficiently.
By the end of this Linux security book, you will be able to confidently set up a Linux server that will be much harder for malicious actors to compromise.
What you will learn
- Create locked-down user accounts with strong passwords
- Configure firewalls with iptables, UFW, nftables, and firewalld
- Protect your data with different encryption technologies
- Harden the secure shell service to prevent security break-ins
- Use mandatory access control to protect against system exploits
- Harden kernel parameters and set up a kernel-level auditing system
- Apply OpenSCAP security profiles and set up intrusion detection
- Configure securely the GRUB 2 bootloader and BIOS/UEFI
Who this book is for
This book is for Linux administrators, system administrators, and network engineers interested in securing moderate to complex Linux environments. Security consultants looking to enhance their Linux security skills will also find this book useful. Working experience with the Linux command line and package management is necessary to understand the concepts covered in this book.
Table of contents
- Title Page
- Copyright and Credits
- About Packt
- Contributors
- Preface
- Section 1: Setting up a Secure Linux System
-
Running Linux in a Virtual Environment
- Looking at the threat landscape
- Why do security breaches happen?
- Keeping up with security news
- Differences between physical, virtual, and cloud setups
-
Introducing VirtualBox and Cygwin
- Installing a virtual machine in VirtualBox
- Installing the EPEL repository on the CentOS 7 virtual machine
- Installing the EPEL repository on the CentOS 8 virtual machine
- Configuring a network for VirtualBox virtual machines
- Creating a virtual machine snapshot with VirtualBox
- Using Cygwin to connect to your virtual machines
- Using Windows 10 Pro Bash shell to interface with Linux virtual machines
- Keeping the Linux systems updated
- Summary
- Questions
- Further reading
-
Securing User Accounts
- The dangers of logging in as the root user
- The advantages of using sudo
- Setting up sudo privileges for full administrative users
- Setting up sudo for users with only certain delegated privileges
-
Advanced tips and tricks for using sudo
- The sudo timer
- View your sudo privileges
- Preventing users from having root shell access
- Preventing users from using shell escapes
- Preventing users from using other dangerous programs
- Limiting the user's actions with commands
- Letting users run as other users
- Preventing abuse via user's shell scripts
- Detecting and deleting default user accounts
- Locking down users' home directories the Red Hat or CentOS way
- Locking down users' home directories the Debian/Ubuntu way
- Enforcing strong password criteria
- Setting and enforcing password and account expiration
- Configuring default expiry data for useradd for Red Hat or CentOS only
- Setting expiry data on a per-account basis with useradd and usermod
- Setting expiry data on a per-account basis with chage
- Preventing brute-force password attacks
- Locking user accounts
- Locking the root user account
- Setting up security banners
- Detecting compromised passwords
- Understanding centralized user management
- Summary
- Questions
- Further reading
-
Securing Your Server with a Firewall - Part 1
- Technical requirements
- An overview of firewalld
- An overview of iptables
- Uncomplicated firewall for Ubuntu systems
- Summary
- Questions
- Further reading
-
Securing Your Server with a Firewall - Part 2
- Technical requirements
- nftables – a more universal type of firewall system
-
firewalld for Red Hat systems
- Verifying the status of firewalld
- Working with firewalld zones
- Adding services to a firewalld zone
- Adding ports to a firewalld zone
- Blocking ICMP
- Using panic mode
- Logging dropped packets
- Using firewalld rich language rules
- Looking at iptables rules in RHEL/CentOS 7 firewalld
- Creating direct rules in RHEL/CentOS 7 firewalld
- Looking at nftables rules in RHEL/CentOS 8 firewalld
- Creating direct rules in RHEL/CentOS 8 firewalld
- Hands-on lab for firewalld commands
- Summary
- Questions
- Further reading
-
Encryption Technologies
- GNU Privacy Guard (GPG)
- Encrypting partitions with Linux Unified Key Setup (LUKS)
-
Encrypting directories with eCryptfs
- Home directory and disk encryption during Ubuntu installation
- Hands-on lab – encrypting a home directory for a new user account
- Creating a private directory within an existing home directory
- Hands-on lab – encrypting other directories with eCryptfs
- Encrypting the swap partition with eCryptfs
- Using VeraCrypt for cross-platform sharing of encrypted containers
- OpenSSL and the public key infrastructure
- Summary
- Questions
- Further reading
-
SSH Hardening
- Ensuring that SSH protocol 1 is disabled
- Creating and managing keys for passwordless logins
- Disabling root user login
- Disabling username/password logins
- Configuring Secure Shell with strong encryption algorithms
- Setting system-wide encryption policies on RHEL 8/CentOS 8
- Configuring more detailed logging
- Configuring access control with whitelists and TCP Wrappers
- Configuring automatic logouts and security banners
- Configuring other miscellaneous security settings
- Setting up a chroot environment for SFTP users
- Sharing a directory with SSHFS
- Remotely connecting from Windows desktops
- Summary
- Questions
- Further reading
- Section 2: Mastering File and Directory Access Control (DAC)
-
Mastering Discretionary Access Control
- Using chown to change ownership of files and directories
- Using chmod to set permissions on files and directories
- Using SUID and SGID on regular files
- The security implications of the SUID and SGID permissions
- Using extended file attributes to protect sensitive files
- Securing system configuration files
- Summary
- Questions
- Further reading
-
Access Control Lists and Shared Directory Management
- Creating an ACL for either a user or a group
- Creating an inherited ACL for a directory
- Removing a specific permission by using an ACL mask
- Using the tar --acls option to prevent the loss of ACLs during a backup
- Creating a user group and adding members to it
- Creating a shared directory
- Setting the SGID bit and the sticky bit on the shared directory
- Using ACLs to access files in the shared directory
- Summary
- Questions
- Further reading
- Section 3: Advanced System Hardening Techniques
-
Implementing Mandatory Access Control with SELinux and AppArmor
- How SELinux can benefit a systems administrator
- Setting security contexts for files and directories
- Troubleshooting with setroubleshoot
- Working with SELinux policies
- How AppArmor can benefit a systems administrator
- Looking at AppArmor profiles
- Working with AppArmor command-line utilities
- Troubleshooting AppArmor problems
- Exploiting a system with an evil Docker container
- Summary
- Questions
- Further reading
-
Kernel Hardening and Process Isolation
- Understanding the /proc filesystem
- Setting kernel parameters with sysctl
- Configuring the sysctl.conf file
- Understanding process isolation
- Summary
- Questions
- Answers
- Further reading
-
Scanning, Auditing, and Hardening
- Technical requirements
- Installing and updating ClamAV and maldet
- Scanning with ClamAV and maldet
- Scanning for rootkits with Rootkit Hunter
- Performing a quick malware analysis with strings and VirusTotal
- Understanding the auditd daemon
- Using ausearch and aureport
- Applying OpenSCAP policies with oscap
- Summary
- Questions
- Further reading
-
Logging and Log Security
- Understanding the Linux system log files
- Understanding rsyslog
- Understanding journald
- Making things easier with Logwatch
- Setting up a remote log server
- Summary
- Questions
- Further reading
- Vulnerability Scanning and Intrusion Detection
-
Security Tips and Tricks for the Busy Bee
- Technical requirements
- Auditing system services
- Password protecting the GRUB 2 bootloader
- Securely configuring BIOS/UEFI
- Using a security checklist for system setup
- Summary
- Questions
- Further reading
- Assessments
- Other Books You May Enjoy
Product information
- Title: Mastering Linux Security and Hardening - Second Edition
- Author(s):
- Release date: February 2020
- Publisher(s): Packt Publishing
- ISBN: 9781838981778
You might also like
book
Mastering Linux Security and Hardening - Third Edition
Gain a firm practical understanding of how to secure your Linux system from intruders, malware attacks, …
book
Linux Basics for Hackers
If you’re getting started along the exciting path of hacking, cybersecurity, and pentesting, Linux Basics for …
video
Linux Fundamentals, 2nd Edition
10+ Hours of Video Instruction More than 10 hours of video instruction to get you up …
video
Linux Fundamentals
The second edition of this video title is available. Please go to Linux Fundamentals, 2nd Edition …