book

Security Strategies in Linux Platforms and Applications, 2nd Edition

by Michael Jang, Ric Messier

October 2015

Intermediate to advanced

514 pages

16h 19m

English

Jones & Bartlett Learning

Read now

Unlock full access

The Origins of LinuxSecurity in an Open Source WorldLinux DistributionsThe C-I-A TriadLinux as a Security DeviceLinux in the EnterpriseRecent Security IssuesChapter SummaryKey Concepts and TermsChapter 1 Assessment
Linux Security Relates to the KernelThe Basic Linux Kernel PhilosophyBasic Linux KernelsDistribution-Specific Linux KernelsCustom Linux KernelsLinux Kernel Security OptionsSecuring a System During the Boot ProcessPhysical SecurityThe Threat of the Live CDBoot Process SecurityMore Boot Process IssuesVirtual Physical SecurityLinux Security Issues Beyond the Basic Operating SystemService Process SecuritySecurity Issues with the GUILinux User Authentication DatabasesProtecting Files with Ownership, Permissions, and Access ControlsFirewalls and Mandatory Access Controls in a Layered DefenseFirewall Support OptionsMandatory Access Control SupportProtecting Networks Using Encrypted CommunicationTracking the Latest Linux Security UpdatesLinux Security Updates for Regular UsersLinux Security Updates for Home HobbyistsLinux Security Updates for Power UsersSecurity Updates for Linux AdministratorsLinux Security Update AdministrationThe Effect of Virtualization on SecurityVariations Between DistributionsA Basic Comparison: Red Hat and UbuntuMore Diversity in ServicesChapter SummaryKey Concepts and TermsChapter 2 Assessment

Picking a DistributionPicking a Delivery PlatformPhysical SystemVirtual MachinesCloud ServicesChoosing a Boot LoaderLinux LoaderGrand Unified Boot LoaderServicesRunlevelsWrappersinetd and xinetdR-servicesChapter SummaryKey Concepts and TermsChapter 3 Assessment
The Shadow Password Suite/etc/passwd/etc/group/etc/shadow/etc/gshadowDefaults for the Shadow Password SuiteShadow Password Suite CommandsAvailable User PrivilegesSecuring Groups of UsersUser Private Group SchemeCreate a Special GroupConfiguring the Hierarchy of Administrative PrivilegesAdministrative Privileges in ServicesThe su and sg CommandsOptions with sudo and /etc/sudoersRegular and Special PermissionsThe Set User ID BitThe Set Group ID BitThe Sticky BitTracking Access Through LogsAuthorization Log OptionsAuthorization Log FilesPluggable Authentication ModulesThe Structure of a PAM Configuration FilePAM Configuration for UsersAuthorizing Access with the PolkitHow the Polkit WorksPolkit ConceptsThe Polkit and Local AuthorityNetwork User Verification ToolsNIS If You MustLDAP Shares AuthenticationBest Practices: User Privileges and PermissionsChapter SummaryKey Concepts and TermsChapter 4 Assessment
Filesystem OrganizationFilesystem BasicsThe Filesystem Hierarchy StandardGood Volume Organization Can Help Secure a SystemRead-Only Mount PointsHow Options for Journals, Formats, and File Sizes Affect SecurityPartition TypesThe Right Format ChoiceAvailable Format ToolsUsing EncryptionEncryption ToolsEncrypted FilesEncrypted DirectoriesEncrypted Partitions and VolumesLocal File and Folder PermissionsBasic File Ownership ConceptsBasic File-Permission ConceptsChanging File PermissionsNetworked File and Folder PermissionsNFS IssuesSamba/CIFS Network PermissionsNetwork Permissions for the vsftp DaemonConfiguring and Implementing Quotas on a FilesystemThe Quota Configuration ProcessQuota ManagementQuota ReportsHow to Configure and Implement Access Control Lists on a FilesystemConfigure a Filesystem for ACLsACL CommandsConfigure Files and Directories with ACLsBest Practices: Filesystems, Volumes, and EncryptionChapter SummaryKey Concepts and TermsChapter 5 Assessment
Starting a Hardened SystemService ManagementSysV InitUpstartSystemdHardening ServicesUsing Mandatory Access ControlsSecurity Enhanced LinuxAppArmorServers Versus DesktopsProtecting Against Development ToolsChapter SummaryKey Concepts and TermsChapter 6 Assessment
Services on Every TCP/IP PortProtocols and Numbers in /etc/servicesProtection by the Protocol and NumberObscurity and the Open Port ProblemObscure PortsOpening Obscure Open PortsObscurity by Other MeansProtect with TCP WrapperWhat Services Are TCP Wrapped?Configure TCP Wrapper ProtectionPacket-Filtering FirewallsBasic Firewall CommandsFirewalldA Firewall for the Demilitarized ZoneA Firewall for the Internal NetworkAlternate Attack VectorsAttacks Through Nonstandard ConnectionsAttacks on Scheduling ServicesWireless-Network IssuesLinux and Wireless HardwareEncrypting Wireless NetworksBluetooth ConnectionsSecurity Enhanced LinuxThe Power of SELinuxBasic SELinux ConfigurationConfiguration from the Command LineThe SELinux Administration ToolThe SELinux TroubleshooterSELinux Boolean SettingsSetting Up AppArmor ProfilesBasic AppArmor ConfigurationAppArmor Configuration FilesAppArmor ProfilesAppArmor Access ModesSample AppArmor ProfilesAppArmor Configuration and Management CommandsAn AppArmor Configuration ToolBest Practices: Networks, Firewalls, and TCP/IP CommunicationsChapter SummaryKey Concepts and TermsChapter 7 Assessment
Basic Principles for Systems with Shared Networking ServicesConfigure an NTP ServerInstall and Configure a Kerberos ServerBasic Kerberos ConfigurationAdditional Kerberos Configuration OptionsSecuring NFS as If It Were LocalConfigure NFS Kerberos TicketsConfigure NFS Shares for KerberosKeeping vsftp Very SecureConfiguration Options for vsftpAdditional vsftp Configuration FilesLinux as a More Secure Windows ServerSamba Global OptionsSamba as a Primary Domain ControllerMaking Sure SSH Stays SecureThe Secure Shell ServerThe Secure Shell ClientCreate a Secure Shell PassphraseBasic Principles of Encryption on NetworksHost-to-Host IPSec on Red HatHost-to-Host IPSec on UbuntuNetwork-to-Network IPSec on Red HatNetwork-to-Network IPSec on UbuntuHelping Users Who Must Use TelnetPersuade Users to Convert to SSHInstall More Secure Telnet Servers and ClientsSecuring Modem ConnectionsThe Basics of RADIUSRADIUS Configuration FilesMoving Away from Cleartext AccessThe Simple rsync SolutionE-mail ClientsBest Practices: Networked Filesystems and Remote AccessChapter SummaryKey Concepts and TermsChapter 8 Assessment
Options for Secure Web Sites with ApacheThe LAMP StackApache ModulesSecurity-Related Apache DirectivesConfigure Protection on a Web SiteConfigure a Secure Web siteConfigure a Certificate Authoritymod_securityWorking with SquidBasic Squid ConfigurationSecurity-Related Squid DirectivesLimit Remote Access with SquidProtecting DNS Services with BINDThe Basics of DNS on the InternetDNS Network ConfigurationSecure BIND ConfigurationA BIND DatabaseDNS Targets to ProtectDomain Name System Security ExtensionsMail Transfer AgentsOpen Source sendmailThe Postfix AlternativeDovecot for POP and IMAPMore E-mail ServicesUsing AsteriskBasic Asterisk ConfigurationSecurity Risks with AsteriskLimiting PrintersPrinter AdministratorsShared PrintersRemote AdministrationThe CUPS Administrative ToolProtecting Time ServicesObscuring Local and Network ServicesBest Practices: Networked Application SecurityChapter SummaryKey Concepts and TermsChapter 9 Assessment
Distribution-Specific Functional KernelsKernels by ArchitectureKernels for Different FunctionsThe Stock KernelKernel Numbering SystemsProduction Releases and MoreDownload the Stock KernelStock Kernel Patches and UpgradesManaging Security and Kernel UpdatesStock Kernel Security IssuesDistribution-Specific Kernel Security IssuesInstalling an Updated KernelDevelopment Software for Custom KernelsRed Hat Kernel Development SoftwareUbuntu Kernel Development SoftwareKernel-Development ToolsBefore Customizing a KernelStart the Kernel Customization ProcessKernel Configuration OptionsBuilding Your Own Secure KernelDownload Kernel Source CodeDownload Ubuntu Kernel Source CodeDownload Red Hat Kernel Source CodeInstall Required Development ToolsNavigate to the Directory with the Source CodeCompile a Kernel on Ubuntu SystemsCompile a Kernel on Red Hat SystemsCompile a Stock KernelInstall the New Kernel and MoreCheck the Boot LoaderTest the ResultIncreasing Security Using Kernels and the /proc/ FilesystemDon’t Reply to BroadcastsProtect from Bad ICMP MessagesProtect from SYN FloodsActivate Reverse Path FilteringClose Access to Routing TablesAvoid Source RoutingDon’t Pass Traffic Between NetworksLog Spoofed, Source-Routed, and Redirected PacketsBest Practices: Kernel Security Risk MitigationChapter SummaryKey Concepts and TermsChapter 10 Assessment
Keeping Up with Distribution SecurityRed Hat AlertsRed Hat Enterprise LinuxCentOS LinuxFedora Core LinuxUbuntu AlertsKeeping Up with Application SecurityThe OpenOffice.org SuiteWeb BrowsersAdobe ApplicationsService ApplicationsAntivirus Options for Linux SystemsThe Clam AntiVirus SystemAVG AntivirusThe Kaspersky Antivirus AlternativeSpamAssassinDetecting Other MalwareUsing Bug ReportsUbuntu’s LaunchpadRed Hat’s BugzillaApplication-Specific Bug ReportsSecurity in an Open Source WorldThe Institute for Security and Open MethodologiesThe National Security AgencyThe Free Software FoundationUser ProceduresDeciding Between Automated Updates or Analyzed AlertsDo You Trust Your Distribution?Do You Trust Application Developers?Do You Trust Service Developers?Linux Patch ManagementStandard yum UpdatesUpdates on FedoraUpdates on Red Hat Enterprise LinuxStandard apt-* UpdatesOptions for Update ManagersConfiguring Automated UpdatesAutomatic Red Hat UpdatesPushing or Pulling UpdatesLocal or Remote RepositoriesConfiguring a Local RepositoryCommercial Update ManagersThe Red Hat NetworkCanonical LandscapeNovell’s ZENworksOpen Source Update ManagersVarious apt-* CommandsVarious yum commandsRed Hat SpacewalkBest Practices: Security Operations ManagementChapter SummaryKey Concepts and TermsChapter 11 Assessment
Configuring a Simple BaselineA Minimal Red Hat BaselineA Minimal Ubuntu BaselineRead-Only or Live Bootable Operating SystemsAppropriate Read-Only FilesystemsLive CDs and DVDsKeeping the Baseline Up to DateA Gold BaselineBaseline BackupsMonitoring Local LogsThe System and Kernel Log ServicesLogs from Individual ServicesConsolidating and Securing Remote LogsDefault rsyslog ConfigurationThe Standard rsyslog Configuration FileIdentifying a Baseline System StateCollect a List of PackagesCompare Files, Permissions, and OwnershipDefine the Baseline Network ConfigurationCollect Runtime InformationChecking for Changes with Integrity ScannersTripwireAdvanced Intrusion Detection EnvironmentBest Practices: Building and Maintaining a Secure BaselineChapter SummaryKey Concepts and TermsChapter 12 Assessment
Testing Every Component of a Layered DefenseTesting a FirewallTesting Various ServicesTesting PasswordsTesting Mandatory Access Control SystemsChecking for Open Network PortsThe telnet CommandThe netstat CommandThe lsof CommandThe nmap CommandRunning Integrity Checks of Installed Files and ExecutablesVerifying a PackagePerforming a Tripwire CheckTesting with the Advanced Intrusion Detection EnvironmentEnsuring that Security Does Not Prevent Legitimate AccessReasonable Password PoliciesAllowing Access from Legitimate SystemsMonitoring Virtualized HardwareVirtual Machine HardwareVirtual Machine OptionsMonitoring the Kernel-Based Virtual Machine (KVM)Standard Open Source Security-Testing ToolsSnortNetcat and the nc CommandVulnerability Scanners for LinuxNessusOpenVASNexposeWhere to Install Security-Testing ToolsHint: Not Where Attackers Can Use Them Against YouSome Tools Are Already Available on Live CDsBest Practices: Testing and ReportingChapter SummaryKey Concepts and TermsChapter 13 Assessment
Performing Regular Performance AuditsThe Basic Tools: ps and topThe System Status PackageFor Additional AnalysisMaking Sure Users Stay Within Secure LimitsAppropriate PoliciesEducationUser Installation of Problematic ServicesLogging Access into the NetworkIdentifying Users Who Have Logged InSystem Authentication LogsMonitoring Account Behavior for Security IssuesDownloaded Packages and Source CodeExecutable FilesCreating an Incident Response PlanIncreased VigilanceShould You Leave the System On?Acquiring the Memory ContentsHaving Live Linux CDs Ready for Forensics PurposesHelix Live ResponseSANS Investigative Forensics ToolkitDigital Evidence and Forensics ToolkitBuild Your Own MediaForensic Live MediaWhen You Put Your Plan into ActionConfirming the BreachIdentifying Compromised SystemsHaving Replacement Systems in PlaceSecure Backup and Recovery ToolsDisk Images for Later InvestigationThe rsync CommandMount Encrypted FilesystemsThe Right Way to Save Compromised Data as EvidenceBasic Principles for EvidenceRemembering the Volatile DataPreserving the Hard DisksDisaster Recovery from a Security BreachDetermining What HappenedPreventionReplacementHow and When to Share with the Open Source CommunityIf the Security Issue Is Known…If the Security Issue Has Not Been Reported…Best Practices: Security Breach Detection and ResponseChapter SummaryKey Concepts and TermsChapter 14 Assessment
Maintaining a Gold BaselineMonitoring Security ReportsWorking Through UpdatesRecalibrating System IntegrityEnsuring Availability with RedundancyA Gold Physical BaselineA Gold Virtual Baseline HostIdentifying Your Support OptionsRed Hat Support OptionsCanonical Support OptionsOpen Source Community SupportChecking Compliance with Security PoliciesUser SecurityAdministrator SecurityKeeping the Linux Operating System Up to DateBaseline UpdatesFunctional BugsNew ReleasesKeeping Distribution-Related Applications Up to DateServer ApplicationsDesktop ApplicationsManaging Third-Party ApplicationsLicensing IssuesSupport IssuesSharing Problems and Solutions with the CommunityWhich Community?Sharing with DevelopersSharing on Mailing ListsTesting New Components Before Putting Them into ProductionTesting UpdatesDocumenting ResultsBeta TestingKeeping Up with Security on Your SystemsA New Firewall CommandMore Mandatory Access ControlsPenetration-Testing ToolsSingle Sign-OnIncident ResponseChapter SummaryKey Concepts and TermsChapter 15 Assessment

Content preview from Security Strategies in Linux Platforms and Applications, 2nd Edition

CHAPTER
14	Detecting and Responding to Security Breaches

YOU SPEND A LOT OF TIME protecting your systems from attack. You should keep one axiom in mind, however: Your system will be attacked, and there is a good chance it will be breached. This may come by accident or it may be deliberate. It may come from inside or it may come from outside. If you expect to be breached, you are more likely to be ready for an incident when it does happen. Think about all that you can and should do to help protect your system. Think of all of the ways these strategies can fail.

With that in mind, you should audit a system to identify baseline performance parameters. Deviations may be causes for concern. You will be able to identify user access through ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Security Strategies in Linux Platforms and Applications

Publisher Resources

ISBN: 9781284090659

Security Strategies in Linux Platforms and Applications, 2nd Edition

by Michael Jang, Ric Messier

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like