did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

9780596003913

Linux Security Cookbook

by ; ; ;
  • ISBN13:

    9780596003913

  • ISBN10:

    0596003919

  • Format: Paperback
  • Copyright: 2003-06-01
  • Publisher: Oreilly & Associates Inc

Note: Supplemental materials are not guaranteed with Rental or Used book purchases.

Purchase Benefits

  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Write a Review Icon Write a Review
List Price: $39.99 Save up to $14.80
  • Rent Book $25.19
    Add to Cart Free Shipping Icon Free Shipping

    TERM
    PRICE
    DUE
    USUALLY SHIPS IN 3-5 BUSINESS DAYS
    *This item is part of an exclusive publisher rental program and requires an additional convenience fee. This fee will be reflected in the shopping cart.

Supplemental Materials

What is included with this book?

Summary

Computer security is an ongoing process, a relentless contest between system administrators and intruders. Systems need to be monitored carefully and revised frequently.Rather than provide a total security solution for Linux computers, the authors of the Linux Security Cookbook have condensed this complex subject into a series of easy-to-follow recipes-short, focused pieces of code that administrators can use to improve security and perform common tasks securely. This guide includes real solutions to a wide range of targeted problems, such as sending encrypted email within Emacs, restricting access to network services at particular times of day, firewalling a webserver, preventing IP spoofing, setting up key-based SSH authentication, and much more. The Linux Security Cookbook gives administrators a way to close common security holes quickly without having to look up specific syntax. This book is a system saver.

Author Biography

  1. Daniel J. Barrett

    Dan Barrett has been immersed in Internet technology since 1985. Currently working as a software engineer, Dan has also been a heavy metal singer, Unix system administrator, university lecturer, web designer, and humorist. He has written several O'Reilly books, as well as monthly columns for Compute! and Keyboard Magazine. Dan and his family reside in Boston.

  2. Richard E. Silverman

    Richard E. Silverman has a B.A. in computer science and an M.A. in pure mathematics. Richard has worked in the fields of networking, formal methods in software development, public-key infrastructure, routing security, and Unix systems administration. He is the co-author of SSH, The Secure Shell: The Definitive Guide.

Table of Contents

Preface xi
1. System Snapshots with Tripwire 1(22)
1.1 Setting Up Tripwire
4(1)
1.2 Displaying the Policy and Configuration
5(1)
1.3 Modifying the Policy and Configuration
6(1)
1.4 Basic Integrity Checking
7(1)
1.5 Read-Only Integrity Checking
8(1)
1.6 Remote Integrity Checking
9(2)
1.7 Ultra-Paranoid Integrity Checking
11(2)
1.8 Expensive, Ultra-Paranoid Security Checking
13(1)
1.9 Automated Integrity Checking
13(1)
1.10 Printing the Latest Tripwire Report
14(1)
1.11 Updating the Database
15(1)
1.12 Adding Files to the Database
16(1)
1.13 Excluding Files from the Database
17(1)
1.14 Checking Windows VFAT Filesystems
17(1)
1.15 Verifying RPM-Installed Files
18(1)
1.16 Integrity Checking with rsync
19(1)
1.17 Integrity Checking Manually
20(3)
2. Firewalls with iptables and ipchains 23(26)
2.1 Enabling Source Address Verification
24(2)
2.2 Blocking Spoofed Addresses
26(2)
2.3 Blocking All Network Traffic
28(1)
2.4 Blocking Incoming Traffic
28(2)
2.5 Blocking Outgoing Traffic
30(1)
2.6 Blocking Incoming Service Requests
30(1)
2.7 Blocking Access from a Remote Host
31(1)
2.8 Blocking Access to a Remote Host
32(1)
2.9 Blocking Outgoing Access to All Web Servers on a Network
33(1)
2.10 Blocking Remote Access, but Permitting Local
34(1)
2.11 Controlling Access by MAC Address
35(1)
2.12 Permitting SSH Access Only
36(1)
2.13 Prohibiting Outgoing Telnet Connections
37(1)
2.14 Protecting a Dedicated Server
38(1)
2.15 Preventing pings
39(1)
2.16 Listing Your Firewall Rules
39(2)
2.17 Deleting Firewall Rules
41(1)
2.18 Inserting Firewall Rules
42(1)
2.19 Saving a Firewall Configuration
42(1)
2.20 Loading a Firewall Configuration
43(2)
2.21 Testing a Firewall Configuration
45(1)
2.22 Building Complex Rule Trees
46(1)
2.23 Logging Simplified
47(2)
3. Network Access Control 49(23)
3.1 Listing Your Network Interfaces
51(1)
3.2 Starting and Stopping the Network Interface
52(1)
3.3 Enabling/Disabling a Service (xinetd)
53(1)
3.4 Enabling/Disabling a Service (inetd)
54(1)
3.5 Adding a New Service (xinetd)
55(1)
3.6 Adding a New Service (inetd)
56(1)
3.7 Restricting Access by Remote Users
57(1)
3.8 Restricting Access by Remote Hosts (xinetd)
58(1)
3.9 Restricting Access by Remote Hosts (xinetd with libwrap)
59(1)
3.10 Restricting Access by Remote Hosts (xinetd with tcpd)
60(1)
3.11 Restricting Access by Remote Hosts (inetd)
61(1)
3.12 Restricting Access by Time of Day
62(2)
3.13 Restricting Access to an SSH Server by Host
64(1)
3.14 Restricting Access to an SSH Server by Account
64(1)
3.15 Restricting Services to Specific Filesystem Directories
65(2)
3.16 Preventing Denial of Service Attacks
67(2)
3.17 Redirecting to Another Socket
69(1)
3.18 Logging Access to Your Services
70(1)
3.19 Prohibiting root Logins on Terminal Devices
71(1)
4. Authentication Techniques and Infrastructures 72(30)
4.1 Creating a PAM-Aware Application
74(1)
4.2 Enforcing Password Strength with PAM
75(1)
4.3 Creating Access Control Lists with PAM
76(2)
4.4 Validating an SSL Certificate
78(1)
4.5 Decoding an SSL Certificate
79(1)
4.6 Installing a New SSL Certificate
80(1)
4.7 Generating an SSL Certificate Signing Request (CSR)
81(2)
4.8 Creating a Self-Signed SSL Certificate
83(1)
4.9 Setting Up a Certifying Authority
84(3)
4.10 Converting SSL Certificates from DER to PEM
87(1)
4.11 Getting Started with Kerberos
88(4)
4.12 Adding Users to a Kerberos Realm
92(1)
4.13 Adding Hosts to a Kerberos Realm
93(1)
4.14 Using Kerberos with SSH
94(2)
4.15 Using Kerberos with Telnet
96(2)
4.16 Securing IMAP with Kerberos
98(2)
4.17 Using Kerberos with PAM for System-Wide Authentication
100(2)
5. Authorization Controls 102(22)
5.1 Running a root Login Shell
104(1)
5.2 Running X Programs as root
105(1)
5.3 Running Commands as Another User via sudo
106(1)
5.4 Bypassing Password Authentication in sudo
106(2)
5.5 Forcing Password Authentication in sudo
108(1)
5.6 Authoring per Host in sudo
108(2)
5.7 Granting Privileges to a Group via sudo
110(1)
5.8 Running Any Program in a Directory via sudo
110(1)
5.9 Prohibiting Command Arguments with sudo
111(1)
5.10 Sharing Files Using Groups
111(1)
5.11 Permitting Read-Only Access to a Shared File via sudo
112(1)
5.12 Authorizing Password Changes via sudo
113(1)
5.13 Starting/Stopping Daemons via sudo
114(1)
5.14 Restricting root's Abilities via sudo
115(1)
5.15 Killing Processes via sudo
115(2)
5.16 Listing sudo Invocations
117(1)
5.17 Logging sudo Remotely
118(1)
5.18 Sharing root Privileges via SSH
118(2)
5.19 Running root Commands via SSH
120(1)
5.20 Sharing root Privileges via Kerberos su
121(3)
6. Protecting Outgoing Network Connections 124(23)
6.1 Logging into a Remote Host
125(1)
6.2 Invoking Remote Programs
126(1)
6.3 Copying Files Remotely
127(2)
6.4 Authenticating by Public Key (OpenSSH)
129(2)
6.5 Authenticating by Public Key (OpenSSH Client, SSH2 Server, OpenSSH Key)
131(2)
6.6 Authenticating by Public Key (OpenSSH Client, SSH2 Server, SSH2 Key)
133(1)
6.7 Authenticating by Public Key (SSH2 Client, OpenSSH Server)
134(1)
6.8 Authenticating by Trusted Host
135(3)
6.9 Authenticating Without a Password (Interactively)
138(2)
6.10 Authenticating in crop Jobs
140(1)
6.11 Terminating an SSH Agent on Logout
141(1)
6.12 Tailoring SSH per Host
142(1)
6.13 Changing SSH Client Defaults
143(1)
6.14 Tunneling Another TCP Session Through SSH
144(2)
6.15 Keeping Track of Passwords
146(1)
7. Protecting Files 147(28)
7.1 Using File Permissions
148(1)
7.2 Securing a Shared Directory
149(1)
7.3 Prohibiting Directory Listings
150(1)
7.4 Encrypting Files with a Password
151(1)
7.5 Decrypting Files
152(1)
7.6 Setting Up GnuPG for Public-Key Encryption
152(2)
7.7 Listing Your Keyring
154(1)
7.8 Setting a Default Key
155(1)
7.9 Sharing Public Keys
156(1)
7.10 Adding Keys to Your Keyring
157(1)
7.11 Encrypting Files for Others
158(1)
7.12 Signing a Text File
159(1)
7.13 Signing and Encrypting Files
159(1)
7.14 Creating a Detached Signature File
160(1)
7.15 Checking a Signature
161(1)
7.16 Printing Public Keys
162(1)
7.17 Backing Up a Private Key
162(2)
7.18 Encrypting Directories
164(1)
7.19 Adding Your Key to a Keyserver
165(1)
7.20 Uploading New Signatures to a Keyserver
165(1)
7.21 Obtaining Keys from a Keyserver
166(2)
7.22 Revoking a Key
168(1)
7.23 Maintaining Encrypted Files with Emacs
169(1)
7.24 Maintaining Encrypted Files with vim
170(1)
7.25 Encrypting Backups
171(2)
7.26 Using PGP Keys with GnuPG
173(2)
8. Protecting Email 175(27)
8.1 Encrypted Mail with Emacs
175(2)
8.2 Encrypted Mail with vim
177(1)
8.3 Encrypted Mail with Pine
178(1)
8.4 Encrypted Mail with Mozilla
179(1)
8.5 Encrypted Mail with Evolution
180(1)
8.6 Encrypted Mail with mutt
181(1)
8.7 Encrypted Mail with elm
182(1)
8.8 Encrypted Mail with MH
183(1)
8.9 Running a POP/IMAP Mail Server with SSL
183(5)
8.10 Testing an SSL Mail Connection
188(1)
8.11 Securing POP/IMAP with SSL and Pine
188(2)
8.12 Securing POP/IMAP with SSL and mutt
190(1)
8.13 Securing POP/IMAP with SSL and Evolution
191(1)
8.14 Securing POP/IMAP with stunnel and SSL
192(1)
8.15 Securing POP/IMAP with SSH
193(2)
8.16 Securing POP/IMAP with SSH and Pine
195(2)
8.17 Receiving Mail Without a Visible Server
197(1)
8.18 Using an SMTP Server from Arbitrary Clients
198(4)
9. Testing and Monitoring 202(81)
9.1 Testing Login Passwords (John the Ripper)
203(2)
9.2 Testing Login Passwords (CrackLib)
205(1)
9.3 Finding Accounts with No Password
206(1)
9.4 Finding Superuser Accounts
207(1)
9.5 Checking for Suspicious Account Use
207(2)
9.6 Checking for Suspicious Account Use, Multiple Systems
209(2)
9.7 Testing Your Search Path
211(1)
9.8 Searching Filesystems Effectively
212(3)
9.9 Finding setuid (or setgid) Programs
215(2)
9.10 Securing Device Special Files
217(1)
9.11 Finding Writable Files
218(1)
9.12 Looking for Rootkits
219(1)
9.13 Testing for Open Ports
220(6)
9.14 Examining Local Network Activities
226(5)
9.15 Tracing Processes
231(2)
9.16 Observing Network Traffic
233(5)
9.17 Observing Network Traffic (GUI)
238(2)
9.18 Searching for Strings in Network Traffic
240(3)
9.19 Detecting Insecure Network Protocols
243(4)
9.20 Getting Started with Snort
247(1)
9.21 Packet Sniffing with Snort
248(2)
9.22 Detecting Intrusions with Snort
250(2)
9.23 Decoding Snort Alert Messages
252(1)
9.24 Logging with Snort
253(2)
9.25 Partitioning Snort Logs Into Separate Files
255(1)
9.26 Upgrading and Tuning Snort's Ruleset
256(1)
9.27 Directing System Messages to Log Files (syslog)
257(4)
9.28 Testing a syslog Configuration
261(1)
9.29 Logging Remotely
262(1)
9.30 Rotating Log Files
263(1)
9.31 Sending Messages to the System Logger
264(1)
9.32 Writing Log Entries via Shell Scripts
265(2)
9.33 Writing Log Entries via Peri
267(1)
9.34 Writing Log Entries via C
268(1)
9.35 Combining Log Files
269(2)
9.36 Summarizing Your Logs with logwatch
271(1)
9.37 Defining a logwatch Filter
272(1)
9.38 Monitoring All Executed Commands
273(2)
9.39 Displaying All Executed Commands
275(3)
9.40 Parsing the Process Accounting Log
278(1)
9.41 Recovering from a Hack
279(1)
9.42 Filing an Incident Report
280(3)
Index 283

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program