book

Security Strategies in Linux Platforms and Applications, 3rd Edition

by Ric Messier, Michael Jang

October 2022

Intermediate to advanced

500 pages

19h 57m

English

Jones & Bartlett Learning

Read now

Unlock full access

The Basic Linux Kernel PhilosophyBasic Linux KernelsDistribution-Specific Linux KernelsCustom Linux KernelsLinux Kernel Security Options
Unified Extensible Firmware Interface (UEFI)Physical SecurityThe Threat of the Live CDBoot Process SecurityMore Boot Process IssuesVirtual Physical Security
Service Process SecuritySecurity Issues with the GUI
Firewall Support OptionsMandatory Access Control Support
Linux Security Updates for Regular UsersLinux Security Updates for Home HobbyistsLinux Security Updates for Power UsersSecurity Updates for Linux AdministratorsLinux Security Update Administration
A Basic Comparison: Red Hat and UbuntuMore Diversity in Services
Physical SystemVirtual MachinesCloud ServicesInfrastructure as a ServicePlatform as a Service
Linux LoaderGrand Unified Boot Loader
RunlevelsWrappers
/etc/passwd/etc/group/etc/shadow/etc/gshadowDefaults for the Shadow Password Suite
User Private Group SchemeCreate a Special Group
Administrative Privileges in ServicesThe su and sg CommandsOptions with sudo and /etc/sudoersBasic Options in /etc/sudoersMore Detailed Options with /etc/sudoersUse the sudo Command
The Set User ID BitThe Set Group ID BitThe Sticky Bit
Authorization Log OptionsAuthorization Log Files
The Structure of a PAM Configuration FilePAM Configuration for Users
How the Polkit WorksPolkit Concepts
NIS If You MustLDAP Shares Authentication
Filesystem BasicsThe Filesystem Hierarchy StandardGood Volume Organization Can Help Protect a SystemRead-Only Mount Points
Partition TypesThe Right Format ChoiceAvailable Format Tools
Encryption ToolsEncrypted FilesEncrypted DirectoriesEncrypted Partitions and Volumes
Basic File Ownership ConceptsBasic File-Permission ConceptsChanging File Permissions
NFS IssuesSamba/CIFS Network PermissionsNetwork Permissions for the vsftp Daemon
The Quota Configuration ProcessQuota ManagementQuota Reports
Configure a Filesystem for ACLsACL CommandsConfigure Files and Directories with ACLs
SysV InitUpstartSystemd
Security Enhanced LinuxAppArmor
Protocols and Numbers in /etc/servicesProtection by the Protocol and Number
Obscure PortsOpening Obscure Open PortsObscurity by Other Means
What Services Are TCP Wrapped?Configure TCP Wrapper Protection
Basic Firewall CommandsFirewalldA Firewall for the DMZA Firewall for the Internal Network
Attacks Through Nonstandard ConnectionsAttacks on Scheduling Services
Linux and Wireless HardwareEncrypting Wireless NetworksBluetooth Connections
The Power of SELinuxBasic SELinux ConfigurationConfiguration from the Command LineThe SELinux Administration ToolThe SELinux TroubleshooterSELinux Boolean Settings
Basic AppArmor ConfigurationAppArmor Configuration FilesAppArmor ProfilesAppArmor Access ModesSample AppArmor ProfilesAppArmor Configuration and Management Commands
Configure an NTP ServerInstall and Configure a Kerberos ServerBasic Kerberos ConfigurationAdditional Kerberos Configuration Options
Configure NFS Kerberos TicketsConfigure NFS Shares for Kerberos
Configuration Options for vsftpAdditional vsftp Configuration Files
Samba Global OptionsSamba as a Primary Domain Controller
The SSH ServerThe SSH ClientCreate a Secure Shell Passphrase
Host-to-Host IPSecNetwork-to-Network IPSec
The Basics of RADIUSRADIUS Configuration FilesMoving Away from Cleartext AccessThe Simple rsync SolutionEmail Clients
The LAMP StackApache ModulesSecurity-Related Apache DirectivesConfigure Protection on a WebsiteAdding Encryption to Your WebsiteConfigure a Certificate Authoritymod_securityApache as a Reverse Proxy
Basic Squid ConfigurationSecurity-Related Squid DirectivesLimit Remote Access with Squid
The Basics of DNS on the InternetDNS Network ConfigurationSecure BIND ConfigurationA BIND DatabaseDNS Targets to ProtectDomain Name System Security Extensions
Open Source sendmailThe Postfix AlternativeDovecot for POP and IMAPMore Email Services
Security Considerations with Asterisk
Printer AdministratorsShared PrintersRemote AdministrationThe CUPS Administrative Tool
Kernels by ArchitectureKernels for Different Functions
Kernel Numbering SystemsProduction Releases and MoreDownload the Stock KernelStock Kernel Patches and Upgrades
Stock Kernel Security IssuesDistribution-Specific Kernel Security IssuesInstalling an Updated Kernel
Red Hat Kernel Development SoftwareUbuntu Kernel Development Software
Before Customizing a KernelStart the Kernel Customization ProcessKernel-Configuration Options
Download Kernel Source CodeDownload Ubuntu Kernel Source CodeDownload Red Hat Kernel Source CodeInstall Required Development ToolsNavigate to the Directory with the Source CodeCompile a Kernel on Ubuntu SystemsCompile a Kernel on Red Hat SystemsCompile a Stock KernelInstall the New Kernel and MoreCheck the Boot LoaderTest the Result
Don’t Reply to BroadcastsProtect from Bad ICMP MessagesProtect from SYN FloodsActivate Reverse Path FilteringClose Access to Routing TablesAvoid Source RoutingDon’t Pass Traffic Between NetworksLog Spoofed, Source-Routed, and Redirected Packets
Red Hat AlertsRed Hat Enterprise LinuxRocky LinuxFedora Core LinuxUbuntu Alerts
The Clam AntiVirus SystemSpamAssassinDetecting Other Malware
Ubuntu’s LaunchpadRed Hat’s BugzillaApplication-Specific Bug Reports
The Institute for Security and Open MethodologiesThe National Security AgencyThe Free Software FoundationUser Procedures
Do You Trust Your Distribution?Do You Trust Application Developers?Do You Trust Service Developers?
Standard dnf UpdatesUpdates on FedoraUpdates on Red Hat Enterprise LinuxStandard apt-* Updates
Configuring Automated UpdatesAutomatic Red Hat UpdatesPushing or Pulling UpdatesLocal or Remote RepositoriesConfiguring a Local Repository
The Red Hat NetworkCanonical LandscapeMicro Focus’ ZENworks
Various apt-* CommandsVarious dnf CommandsRed Hat Spacewalk
A Minimal Red Hat BaselineA Minimal Ubuntu Baseline
Appropriate Read-Only FilesystemsLive CDs and DVDs
A Gold BaselineBaseline Backups
The System and Kernel Log ServicesLogging with journaldLogs from Individual Services
Default rsyslog ConfigurationThe Standard rsyslog Configuration File
Collect a List of PackagesCompare Files, Permissions, and OwnershipDefine the Baseline Network ConfigurationCollect Runtime Information
TripwireAdvanced Intrusion Detection Environment
Testing a FirewallTesting Various ServicesTesting PasswordsTesting Mandatory Access Control Systems
The telnet CommandThe netstat CommandThe lsof CommandThe nmap Command
Verifying a PackagePerforming a Tripwire CheckTesting with the Advanced Intrusion Detection Environment
Reasonable Password PoliciesAllowing Access from Legitimate Systems
Virtual Machine HardwareVirtual Machine OptionsUsing Virtual Machines on Linux
SnortNetcat and the nc Command
NessusOpenVASNexpose
Hint: Not Where Attackers Can Use Them Against YouSome Tools Are Already Available on Live CDs
The Basic Tools: ps and topThe System Status PackageFor Additional Analysis
Appropriate PoliciesEducationUser Installation of Problematic Services
Identifying Users Who Have Logged InSystem Authentication Logs
Downloaded Packages and Source CodeExecutable Files
Increased VigilanceShould You Leave the System On?Acquiring the Memory Contents
Helix Live ResponseSANS Investigative Forensics ToolkitDigital Evidence and Forensics ToolkitBuild Your Own MediaForensic Live Media
Confirming the BreachIdentifying Compromised SystemsHaving Replacement Systems in Place
Disk Images for Later InvestigationThe rsync CommandMount Encrypted Filesystems
Basic Principles for EvidenceRemembering the Volatile DataPreserving the Hard Disks
Determining What HappenedPreventionReplacement
If the Security Issue Is Known…If the Security Issue Has Not Been Reported…
Monitoring Security ReportsWorking Through UpdatesRecalibrating System Integrity
A Gold Physical BaselineA Gold Virtual Baseline Host
Red Hat Support OptionsCanonical Support OptionsOpen-Source Community Support
User SecurityAdministrator Security
Baseline UpdatesFunctional BugsNew Releases
Server ApplicationsDesktop Applications
Licensing IssuesSupport Issues
Which Community?Sharing with DevelopersSharing on Mailing Lists
Testing UpdatesDocumenting ResultsBeta Testing
A New Firewall CommandMore Mandatory Access ControlsPenetration-Testing ToolsSingle Sign-OnIncident Response

Content preview from Security Strategies in Linux Platforms and Applications, 3rd Edition

Logging Access into the Network

There are two basic ways to see who has logged into a system and a network. One is to use a command to review users who are currently logged in. Another is to review logins in log files. Log files also reveal direct and indirect access to the root administrative account. System authentication logs can do more, depending on how logging services have been configured.

Identifying Users Who Have Logged In

Two commands identify users who are currently logged into a system: w and who. As shown here, the who command displays currently logged in users along with remote login locations, if applicable:

The who command which displays currently logged in users along with remote login locations. Description