Hack Proofing Linux : A Guide to... | Buy

Foreword

xxvii

Introduction to Open Source Security

(40)

Introduction

(1)

The Tools Used in This Book

(1)

Using the GNU General Public License

(3)

Fee-Based GPL Software

(1)

Can I Use GPL Software in My Company?

(1)

Soft Skills: Coping with Open Source Quirks

(4)

General Lack of Installation and Configuration Support

(1)

Infrequent or Irregular Update Schedules

(1)

Command-Line Dominance

(1)

Lack of Backward Compatibility and No Regular Distribution Body

(1)

Inconvenient Upgrade Paths

(1)

Conflicts in Supporting Libraries and Limited Platform Support

(1)

Interface Changes

(1)

Partially Developed Solutions

(2)

Should I Use an RPM or Tarballs?

(2)

Tarball

(1)

Red Hat Package Manager

(1)

Debian

(1)

Obtaining Open Source Software

(4)

Source Forge

(1)

Freshmeat

(1)

Packetstorm

(1)

SecurityFocus

(1)

Is That Download Safe?

(1)

A Brief Encryption Review

(3)

Symmetric Key Encryption

(1)

Asymmetric Key Encryption

(1)

Public Key and Trust Relationships

(12)

One-Way Encryption

(1)

GNU Privacy Guard

(1)

Deploying GNU Privacy Guard

(8)

Skipping Public Key Verification

(1)

Using GPG to Verify Signatures on Tarball Packages

(1)

Using Md5sum

(1)

Auditing Procedures

(4)

Locking Down Your Network Hosts

(1)

Securing Data across the Network

(1)

Protecting the Network Perimeter

(2)

Summary

(1)

Solutions Fast Track

(3)

Frequently Asked Questions

(3)

Hardening the Operating System

(68)

Introduction

(1)

Updating the Operating System

(1)

Red Hat Linux Errata and Update Service Packages

(1)

Handling Maintenance Issues

(4)

Red Hat Linux Errata: Fixes and Advisories

(2)

Bug Fix Case Study

(1)

Manually Disabling Unnecessary Services and Ports

(3)

Services to Disable

(1)

The xinetd.conf File

(2)

Locking Down Ports

(5)

Well-Known and Registered Ports

(2)

Determining Ports to Block

(1)

Blocking Ports

(1)

Xinetd Services

(1)

Stand-Alone Services

(1)

Hardening the System with Bastille

(22)

Bastille Functions

(8)

Bastille Versions

(1)

Implementing Bastille

(10)

Undoing Bastille Changes

(3)

Controlling and Auditing Root Access with Sudo

(19)

System Requirements

(1)

The Sudo Command

(1)

Downloading Sudo

(2)

Installing Sudo

(4)

Configuring Sudo

(4)

Running Sudo

(2)

No Password

(1)

Sudo Logging

(3)

Managing Your Log Files

(1)

Using Logging Enhancers

(6)

SWATCH

(3)

Scanlogd

100

(1)

Syslogd-ng

101

(2)

Summary

103

(1)

Solutions Fast Track

104

(3)

Frequently Asked Questions

107

(2)

System Scanning and Probing

109

(82)

Introduction

110

(1)

Scanning for Viruses Using the AntiVir Antiviru Application

110

(13)

Understanding Linux Viruses

110

(2)

Using AntiVir

112

(2)

Key Mode and Non-Key Mode

114

(1)

Licensing AntiVir

114

(1)

Exercise: Updating AntiVir

114

(2)

Using TkAntivir

116

(1)

Required Libraries and Settings

117

(1)

Scanning Systems for Boot Sector and E-Mail Viruses

117

(3)

Additional Information

120

(1)

Exercise: Using TkAntivir

120

(3)

Scanning Systems for DDoS Attack Software Using a Zombie Zapper

123

(6)

How Zombies Work and How to Stop Them

124

(1)

When Should I Use a Zombie Zapper?

125

(1)

What Zombie Zapper Should I Use?

125

(2)

What Does Zombie Zapper Require to Compile?

127

(1)

Exercise: Using Zombie Zapper

127

(2)

Scanning System Ports Using the Gnome Service Scan Port Scanner

129

(4)

Required Libraries

130

(1)

Why Use a Port Scanner?

131

(1)

Exercise: Using Gnome Service Scanner

131

(2)

Using Nmap

133

(13)

Isn't Nmap Just Another Port Scanner?

134

(2)

Acquiring and Installing Nmap

136

(1)

Common Nmap Options

136

(1)

Applied Examples

137

(1)

Scanning Entire Networks and Subnets

138

(1)

Selective Scanning

139

(1)

Adding More Stealth

139

(1)

Saving to Text and Reading from Text

140

(1)

Testing Firewalls and Intrusion Detection Systems

141

(1)

Example: Spoofing the Source Address of a Scan

142

(1)

Timing Your Scan Speeds

142

(1)

Example: Conducting a Paranoid Scan

143

(1)

Exercise: Using Nmap

143

(1)

Using Nmap in Interactive Mode

144

(1)

Exercise: Using Nmap in Interactive Mode

144

(2)

Using NmapFE as a Graphical Front End

146

(1)

Exercise: Using NmapFE

147

(1)

Using Remote Nmap (Rnmap) as a Central Scanning Device

147

(4)

Exercise: Scanning Systems with Rnmap

148

(3)

Deploying Cheops to Monitor Your Network

151

(14)

How Cheops Works

153

(1)

Obtaining Cheops

154

(1)

Required Libraries

154

(1)

The Cheops Interface

155

(2)

Mapping Relations between Computers

157

(1)

Cheops Monitoring Methods

157

(2)

Connectivity Features

159

(1)

Exercise: Installing and Configuring Cheops

160

(5)

Deploying Nessus to Test Daemon Security

165

(20)

The Nessus Client/Server Relationship

167

(2)

Windows Nessus Clients

169

(1)

Required Libraries

169

(1)

Order of Installation

170

(3)

Configuring Plug-Ins

173

(1)

Creating a New Nessus User

174

(1)

The Rules Database

174

(1)

Exercise: Installing Nessus and Conducting a Vulnerability Scan

175

(4)

Updating Nessus

179

(1)

Understanding Differential, Detached, and Continuous Scans

180

(2)

Exercise: Conducting Detached and Differential Scans with Nessus

182

(3)

Summary

185

(1)

Solutions Fast Track

185

(4)

Frequently Asked Questions

189

(2)

Implementing an Intrusion Detection System

191

(70)

Introduction

192

(2)

Understanding IDS Strategies and Types

194

(12)

IDS Types

195

(1)

Host-Based IDS Applications

196

(1)

Network-Based IDS Applications

196

(1)

IDS Applications and Fault Tolerance

197

(3)

What Can an IDS Do for Me?

200

(3)

Which IDS Strategy Is Best?

203

(1)

Network-Based IDS Applications and Firewalls

203

(1)

IDS Applications

204

(2)

Installing Tripwire to Detect File Changes on Your Operating System

206

(9)

Tripwire Dependencies

207

(1)

Availability

208

(1)

Deploying Tripwire

208

(1)

Tripwire Files

208

(1)

Tripwire Installation Steps

209

(1)

Configuring the Tripwire Policy File

209

(3)

Creating the Tripwire Policy File

212

(1)

Database Initialization Mode

212

(2)

Testing E-Mail Capability

214

(1)

Integrity Checking Mode

214

(1)

Specifying a Different Database

215

(1)

Reading Reports

215

(1)

Updating Tripwire to Account for Legitimate Changes in the OS

215

(2)

Updating the Policy

216

(1)

What Do I Do if I Find a Discrepancy?

217

(1)

Configuring Tripwire to Inform You Concerning Changes

217

(3)

Exercise: Installing Tripwire

217

(2)

Exercise: Securing the Tripwire Database

219

(1)

Exercise: Using Cron to Run Tripwire Automatically

220

(1)

Deploying PortSentry to Act as a Host-Based IDS

220

(2)

Important PortSentry Files

221

(1)

Installing PortSentry

222

(1)

Configuring PortSentry to Block Users

222

(1)

Optimizing PortSentry to Sense Attack Types

223

(6)

Exercise: Installing and Configuring PortSentry

224

(3)

Exercise: Clearing Ipchains Rules

227

(1)

Exercise: Running an External Command Using PortSentry

227

(2)

Installing and Configuring Snort

229

(7)

Availability

229

(1)

Supporting Libraries

229

(1)

Understanding Snort Rules

230

(1)

Snort Variables

230

(1)

Snort Files and Directories

231

(1)

Snort Plug-Ins

232

(1)

Starting Snort

233

(3)

Logging Snort Entries

236

(1)

Running Snort as a Network-Based IDS

236

(2)

Ignoring Hosts

237

(1)

Additional Logging Options: Text files, Tcpdump, and Databases

237

(1)

Configuring Snort to Log to a Database

238

(13)

Controlling Logging and Alerts

239

(1)

Getting Information

240

(1)

Exercise: Installing Snort

240

(1)

Exercise: Using Snort as an IDS Application

241

(2)

Exercise: Configuring Snort to Log to a Database

243

(8)

Exercise: Querying a Snort Database from a Remote Host

251

(1)

Identifying Snort Add-Ons

251

(3)

SnortSnarf

252

(1)

Exercise: Using SnortSnarf to Read Snort Logs

252

(1)

Analysis Console for Intrusion Databases

252

(2)

Summary

254

(1)

Solutions Fast Track

254

(4)

Frequently Asked Questions

258

(3)

Troubleshooting the Network with Sniffers

261

(38)

Introduction

262

(2)

Understanding Packet Analysis and TCP Handshakes

264

(4)

TCP Handshakes

265

(1)

Establishing a TCP Connection

265

(1)

Terminating a TCP Connection

266

(2)

Creating Filters Using Tcpdump

268

(11)

Tcpdump Options

268

(3)

Tcpdump Expressions

271

(4)

Boolean Operators

275

(1)

Installing and Using Tcpdump

276

(3)

Configuring Ethereal to Capture Network Packets

279

(9)

Ethereal Options

281

(2)

Ethereal Filters

283

(1)

Configuring Ethereal and Capturing Packets

283

(5)

Viewing Network Traffic between Hosts Using EtherApe

288

(5)

Configuring EtherApe and Viewing Network Traffic

289

(4)

Summary

293

(1)

Solutions Fast Track

294

(2)

Frequently Asked Questions

296

(3)

Network Authentication and Encryption

299

(54)

Introduction

300

(1)

Understanding Network Authentication

300

(3)

Attacking Encrypted Protocols

301

(2)

Creating Authentication and Encryption Solutions

303

(2)

Implementing One-Time Passwords (OTP and OPIE)

305

(14)

What Files Does OPIE Replace?

305

(1)

How Does OPIE Work?

305

(1)

OPIE Files and Applications

306

(1)

opiepasswd

307

(1)

Password Format

308

(1)

Using opiekey

309

(1)

Using opieinfo and opiekey to Generate a List

310

(1)

Installing OPIE

310

(1)

Configuration Options

310

(1)

Installation Options

311

(1)

Uninstalling OPIE

312

(1)

Exercise: Installing OPIE

312

(3)

Exercise: Installing the OPIE Client on a Remote Server

315

(1)

Exercise: Using opie-tk and Allowing Windows Users to Deploy OPIE

316

(2)

Exercise: Installing opieftpd

318

(1)

Implementing Kerberos Version 5

319

(10)

Why Is Kerberos Such a Big Deal?

320

(1)

Kerberos Terms

321

(1)

Kerberos Principals

322

(1)

The Kerberos Authentication Process

323

(1)

How Information Traverses the Network

324

(1)

Creating the Kerberos Database

325

(1)

Using Kadmin.local

325

(1)

Using kadmin

326

(2)

Using kadmin on the Client

328

(1)

Using kadmin and Creating Kerberos Client Passwords

329

(8)

Setting Policies

330

(1)

Using Kinit

330

(2)

The kinit Command and Time Limits

332

(1)

Managing Kerberos Client Credentials

333

(1)

The kdestroy Command

333

(1)

Exercise: Configuring a KDC

334

(3)

Establishing Kerberos Client Trust Relationships with kadmin

337

(3)

Additional Daemon Principal Names

339

(1)

Logging On to a Kerberos Host Daemon

340

(5)

Common Kerberos Client Troubleshooting Issues and Solutions

340

(1)

Kerberos Client Applications

341

(1)

Kerberos Authentication and klogin

342

(1)

Exercise: Configuring a Kerberos Client

342

(3)

Summary

345

(1)

Solutions Fast Track

345

(3)

Frequently Asked Questions

348

(5)

Avoiding Sniffing Attacks through Encryption

353

(38)

Introduction

354

(1)

Understanding Network Encryption

354

(1)

Capturing and Analyzing Unencrypted Network Traffic

355

(6)

Using OpenSSH to Encrypt Network Traffic between Two Hosts

361

(3)

The OpenSSH Suite

362

(2)

Installing OpenSSH

364

(3)

Configuring SSH

367

(6)

How SSH Works

368

(1)

Insecure r-command Authentication

368

(3)

Secure SSH Authentication

371

(2)

Implementing SSH to Secure Data Transmissions over an Insecure Network

373

(8)

Distributing the Public Key

376

(5)

Capturing and Analyzing Encyrpted Network Traffic

381

(4)

Summary

385

(1)

Solutions Fast Track

386

(2)

Frequently Asked Questions

388

(3)

Creating Virtual Private Networks

391

(54)

Introduction

392

(1)

Secure Tunneling with VPNs

392

(4)

Telecommuter VPN Solution

392

(2)

Router-to-Router VPN Solution

394

(1)

Host-to-Host VPN Solution

395

(1)

Tunneling Protocols

395

(1)

Explaining the IP Security Architecture

396

(6)

Using IPSec with a VPN Tunneling Protocol

400

(1)

Internet Key Exchange Protocol

401

(1)

Creating a VPN by Using FreeS/WAN

402

(37)

Downloading and Unpacking FreeS/WAN

404

(3)

Compiling the Kernel to Run FreeS/WAN

407

(10)

Recompiling FreeS/WAN into the New Kernel

417

(3)

Configuring FreeS/WAN

420

(1)

Testing IP Networking

420

(4)

Configuring Public Key Encryption for Secure Authentication of VPN Endpoints

424

(10)

Starting the Tunnel

434

(2)

Capturing VPN Tunnel Traffic

436

(2)

Closing the VPN Tunnel

438

(1)

Summary

439

(1)

Solutions Fast Track

440

(1)

Frequently Asked Questions

441

(4)

Implementing a Firewall with Ipchains and Iptables

445

(62)

Introduction

446

(1)

Understanding the Need for a Firewall

447

(6)

Building a Personal Firewall

449

(1)

Understanding Packet Filtering Terminology

450

(2)

Choosing a Linux Firewall Machine

452

(1)

Protecting the Firewall

452

(1)

Deploying IP Forwarding and Masquerading

453

(5)

Masquerading

456

(2)

Configuring Your Firewall to Filter Network Packets

458

(3)

Configuring the Kernel

460

(1)

Packet Accounting

460

(1)

Understanding Tables and Chains in a Linux Firewall

461

(10)

Built-In Targets and User-Defined Chains

462

(1)

Specifying Interfaces

463

(1)

Setting Policies

464

(3)

Using Ipchains to Masquerade Connections

467

(1)

Iptables Masquerading Modules

468

(1)

Using Iptables to Masquerade Connections

468

(2)

Iptables Modules

470

(1)

Exercise: Masquerading Connections Using Ipchains or Iptables

471

(1)

Logging Packets at the Firewall

471

(7)

Setting Log Limits

472

(1)

Adding and Removing Packet Filtering Rules

472

(1)

ICMP Types

473

(2)

Exercise: Creating a Personal Firewall and Creating a User-Defined Chain

475

(2)

Redirecting Ports in Ipchains and Iptables

477

(1)

Configuring a Firewall

478

(5)

Setting a Proper Foundation

478

(1)

Creating Anti-Spoofing Rules

479

(4)

Counting Bandwidth Usage

483

(5)

Listing and Resetting Counters

484

(1)

Setting Type of Service (ToS) in a Linux Router

484

(2)

Setting ToS Values in Ipchains and Iptables

486

(2)

Using and Obtaining Automated Firewall Scripts and Graphical Firewall Utilities

488

(12)

Firewall Works in Progress

490

(1)

Exercise: Using Firestarter to Create a Personal Firewall

490

(8)

Exercise: Using Advanced Firestarter Features

498

(2)

Summary

500

(1)

Solutions Fast Track

500

(5)

Frequently Asked Questions

505

(2)

Deploying the Squid Web Proxy Cache Server

507

(36)

Introduction

508

(1)

Benefits of Proxy Server Implementation

508

(4)

Proxy Caching

508

(2)

Network Address Translation

510

(2)

Differentiating between a Packet Filter and a Proxy Server

512

(1)

Implementing the Squid Web Proxy Cache Server

513

(16)

System Requirements Specific to Proxy Caching

516

(1)

Installing Squid

517

(3)

Configuring Squid

520

(2)

The http_port Tag

522

(1)

The Cache_dir Tag

523

(2)

The acl Tag

525

(1)

The http_access Tag

526

(2)

Starting and Testing Squid

528

(1)

Configuring Proxy Clients

529

(6)

Configuring Netscape Navigator and Lynx

530

(1)

Configuring Netscape Navigator

530

(2)

Configuring Lynx

532

(1)

Configuring Internet Explorer (Optional)

533

(2)

Summary

535

(1)

Solutions Fast Track

536

(2)

Frequently Asked Questions

538

(5)

Maintaining Firewalls

543

(56)

Introduction

544

(1)

Testing Firewalls

544

(6)

IP Spoofing

546

(1)

Open Ports/Daemons

546

(1)

Monitoring System Hard Drives, RAM, and Processors

547

(1)

Suspicious Users, Logins, and Login Times

547

(1)

Check the Rules Database

548

(1)

Verify Connectivity with Company Management and End Users

548

(1)

Remain Informed Concerning the Operating System

549

(1)

Port Scans

549

(1)

Using Telnet, Ipchains, Netcat, and SendIP to Probe Your Firewall

550

(13)

Ipchains

551

(1)

Telnet

551

(1)

Using Multiple Terminals

552

(1)

Netcat

552

(2)

Sample Netcat Commands

554

(1)

Additional Netcat Commands

555

(2)

Exercise: Using Netcat

557

(1)

SendIP: The Packet Forger

558

(1)

SendIP Syntax

558

(2)

Exercise: Using SendIP to Probe a Firewall

560

(3)

Understanding Firewall Logging, Blocking, and Alert Options

563

(27)

Firewall Log Daemon

563

(1)

Obtaining Firelogd

563

(1)

Syntax and Configuration Options

563

(1)

Message Format

564

(2)

Customizing Messages

566

(2)

Reading Log Files Generated by Other Firewalls

568

(1)

Exercise: Configuring and Compiling Firelogd

568

(1)

Fwlogwatch

569

(1)

Fwlogwatch Modes

570

(2)

Fwlogwatch Options and Generating Reports

572

(3)

Exercise: Generating an HTML-Based Firewall Log with Fwlogwatch

575

(1)

Automating Fwlogwatch

575

(1)

The Fwlogwatch Configuration File

576

(3)

Notification Options

579

(2)

Response Options

581

(2)

Exercise: Configuring Fwlogwatch to Send Automatic Alerts and Block Users

583

(1)

Using Fwlogwatch with CGI Scripts

584

(2)

Obtaining More Information

586

(1)

Viewing the Results

587

(1)

Exercise: Using Cron and Fwlogwatch CGI Scripts to Generate an Automatic HTML Report

588

(2)

Additional Fwlog Features

590

(1)

Obtaining Additional Firewall Logging Tools

590

(3)

Summary

593

(1)

Solutions Fast Track

593

(4)

Frequently Asked Questions

597

(2)

Appendix A Bastille Log

599

(6)

Appendix B Hack Proofing Linux Fast Track

605

(32)

Index

637

Rent More, Save More! Use code: ECRENTAL

Rent More, Save More! Use code: ECRENTAL

5% off 1 book, 7% off 2 books, 10% off 3+ books

Hack Proofing Linux : A Guide to Open Source Security

Summary

Table of Contents

Supplemental Materials

Rewards Program