did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

9780130470119

Linux System Security: An Administrator's Guide to Open Source Security Tools

by ; ;
  • ISBN13:

    9780130470119

  • ISBN10:

    0130470112

  • Edition: 2nd
  • Format: Hardcover
  • Copyright: 2002-09-01
  • Publisher: Prentice Hall Ptr
  • Purchase Benefits
  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Write a Review Icon Write a Review
List Price: $49.99

Summary

One of the first Linux security books to cover Bastille, this workbook contains a program which tightens system security and can even lock down the entire system in cases where the system is seriously compromised. Includes a new chapter on network sniffers and port scanners used to detect intruders.

Table of Contents

Preface xxxi
How Did That Happen?: Vulnerability Survey
1(12)
What Happened?
2(1)
Other Cracker Activities
3(1)
So, Are You Going to Show Us How to Break into Systems?
3(1)
A Survey of Vulnerabilities and Attacks
4(4)
Technical
4(3)
Social
7(1)
Physical
7(1)
Summary
8(1)
For Further Reading
8(5)
Books
8(1)
Interesting Cracker Tales
9(1)
Web Sites
10(1)
Full-Disclosure Resources
10(3)
Imagine That! You're Big Brother! Security Policies
13(12)
What Is Computer and Network Security?
15(2)
Elements of a Computing Environment
15(1)
Risk Analysis
16(1)
The Security Policy
17(1)
Securing Computers and Networks
17(4)
User Privacy and Administrator Ethics
21(1)
Summary
22(1)
For Further Reading
22(3)
Books
22(1)
Web Resources
22(1)
Other Resources
23(2)
This `n That: Background Information
25(42)
BIOS Passwords
25(1)
Linux Installation and LILO
26(3)
A Note about LILO
26(2)
Recovering a Corrupt System
28(1)
Installation and LILO Resources
29(1)
Start-Up Scripts
29(2)
Red Hat Package Manager
31(3)
Verifying Packages with RPM
31(1)
Checking PGP/GPG Signatures with RPM
32(1)
RPM Resources
33(1)
RPM Mailing List
34(1)
TCP/IP Networking Overview
34(16)
The TCP/IP Model Layers
36(8)
Remote Procedure Call Applications
44(1)
Trusted Host Files and Related Commands
45(1)
Some Major Applications
46(1)
Network Monitoring
47(1)
General TCP/IP Networking Resources
48(1)
NFS, Samba, NIS, and DNS Resources
49(1)
Request for Comment
50(1)
Cryptography
50(8)
The Purpose of Cryptography
51(1)
Algorithm Types
52(2)
Hash Functions and Digital Signatures
54(1)
Passwords Aren't Encrypted, They're Hashed!
55(1)
An Overview of PGP
56(1)
Cryptography References
57(1)
Testing and Production Environments
58(3)
Security Archives
58(1)
Software Testing
58(1)
Source Code Auditing
59(1)
Pristine Backups
60(1)
Security Resources
60(1)
Licenses
61(6)
Of Course I Trust My Users! Users, Permissions, and Filesystems
67(34)
User Account Management
67(11)
Good Passwords
68(1)
All Accounts Must Have Passwords or Be Locked!
69(2)
Password Aging and the Shadow File
71(5)
Restricted Accounts
76(2)
Shell History
78(1)
The Root Account
78(3)
Using the Root Account
78(1)
Multiple root Users
79(1)
Minimizing the Impact of root Compromise
80(1)
Configuring /etc/securetty
80(1)
Group Account Management
81(1)
File and Directory Permissions
82(7)
User File and Directory Permissions
85(2)
System File and Directory Permissions
87(1)
SUID and SGID
87(2)
Using xlock and xscreensaver
89(1)
Filesystem Restrictions
90(3)
A Note about Filesystems
92(1)
Access Control Lists and Extended Attributes
93(7)
Adding ACL and EA Support to the Linux Kernel
93(2)
ACL Functionality
95(2)
EA Functionality
97(3)
Summary
100(1)
For Further Reading
100(1)
System Administration
100(1)
System Security
100(1)
Been Cracked? Just Put PAM on It! Pluggable Authentication Modules
101(48)
PAM Overview
102(5)
PAM Configuration
103(4)
PAM Administration
107(35)
Red Hat 7.2 Default PAM Configuration Notes
108(1)
PAM and Passwords
109(9)
PAM and Passwords Summary
118(1)
PAM and login
119(3)
Time and Resource Limits
122(6)
Access Control with pam_listfile
128(3)
PAM and su
131(1)
Using pam_access
132(2)
Using pam_lastog
134(2)
Using pam_rhosts_auth
136(1)
One-Time Password Support
137(1)
PAM and the other Configuration File
138(1)
Creating More Flexible PAM Stacks
139(2)
Additional PAM Options
141(1)
PAM Logs
142(1)
Available PAM Modules
142(4)
PAM-Aware Applications
146(1)
Important Notes about Configuring PAM
147(1)
The Future of PAM
148(1)
Summary
148(1)
For Further Reading
148(1)
Just Once, Only Once! One-Time Passwords
149(20)
The Purpose of One-Time Passwords
149(1)
S/Key
150(16)
S/Key OTP Overview
151(2)
S/Key Version 1.1.5 Installation
153(4)
Obtaining and Installing pam_skey
157(1)
Using S/Key and PAM
158(7)
S/Key Version 2.2
165(1)
Which OTP System Should I Use?
166(1)
Advantages and Disadvantages of S/Key
166(1)
S/Key Vulnerabilities
166(1)
Summary
166(1)
For Further Reading
167(2)
Bean Counting: System Accounting
169(10)
General System Accounting
169(1)
Connection Accounting
170(4)
The last Command
171(2)
The who Command
173(1)
One Other Command
174(1)
Process Accounting
174(3)
The sa Command
175(1)
The lastcomm Command
176(1)
Accounting Files
177(1)
Summary
178(1)
For Further Reading
178(1)
Books
178(1)
Online Documentation
178(1)
And You Thought Wiretapping Was for the Feds! System Logging
179(18)
The syslog System Logging Utility
179(14)
Overview
180(1)
The /etc/syslog.conf File
180(5)
Invoking the syslogd Daemon
185(1)
Configuring /etc/syslog.conf
185(7)
The klogd Daemon
192(1)
Other Logs
193(1)
Alternatives to syslog
193(1)
The auditd Utility
194(1)
Summary
194(1)
For Further Reading
195(2)
General System Logging
195(1)
Intrusion Detection
195(2)
Want To Be Root? Superuser Do (sudo)
197(30)
What IS sudo?
197(1)
Obtaining and Implementing sudo
198(7)
Features of Version 1.6.6
199(1)
Implementing Version 1.6.6
199(6)
Using sudo
205(18)
The Functionality of sudo
205(1)
The /etc/sudoers File
205(5)
General Syntax of /etc/sudoers
210(4)
The visudo Command
214(1)
Options to the sudo Command
215(1)
A More Sophisticated Example
216(5)
Setting Up sudo Logging
221(1)
Reading sudo Logs
221(1)
PAM and sudo
222(1)
Disabling root Access
223(1)
Vulnerabilities of sudo
224(1)
Summary
225(1)
For Further Reading
225(2)
Reference Books
225(1)
Email Lists
225(1)
Web Sites
225(1)
Online Documentation
225(1)
Kerberos Resources
226(1)
FWTK Resources
226(1)
The Restricted Easy Editor
226(1)
Which Doors Are Open? Securing Network Services: xinetd
227(40)
Using xinetd
228(37)
Advantages of xinetd
228(1)
Disadvantages of xinetd
229(1)
Obtaining xinetd
229(4)
The xinetd Configuration File
233(27)
Modular Configuration in xinetd.conf
260(1)
The xinetd Daemon
261(2)
Signals Available for Use with xinetd
263(1)
Start, Stopping, and Reloading the xinetd Daemon
264(1)
Summary
265(1)
For Further Reading
266(1)
Internet Services Resources
266(1)
Let 'Em Sniff the Net! The Secure Shell
267(90)
Available Versions of SSH
267(1)
Overview of SSH Version 1
268(7)
Host-Based Authentication Using RSA
268(2)
Authenticating the User
270(5)
Overview of SSH Version 2
275(1)
Installing OpenSSH
276(1)
Configuring the Secure Shell
277(35)
Configuring the Server Side
283(11)
Configuring the Client Side
294(13)
A New Feature---the sftp Program
307(5)
Using SSH
312(1)
Configuring SSH Authentication Behavior
313(30)
sshd Missing in Action
313(7)
Nonpassword Authentication
320(23)
Exploring ssh Functionality
343(11)
ssh Examples
343(2)
sftp Examples
345(3)
scp Examples
348(2)
Port Forwarding and Application Proxying
350(4)
Secure Shell Alternatives
354(1)
Summary
355(1)
For Further Reading
355(2)
So You Think You've Got a Good Password! Crack
357(32)
Obtaining Crack
358(1)
Major Components of Crack
358(3)
Crack Overview
361(1)
Building Crack
362(3)
Modifying Crack for Linux
363(1)
Modifying Crack for MD5
364(1)
Modifying Crack for Bigcrypt
364(1)
Preparing Crack for crypt (3)
365(1)
Compiling and Linking Crack
365(1)
Compiling Crack Itself
366(1)
Crack Dictionaries
366(2)
Obtaining Other Crack Dictionaries
368(1)
Using Crack
368(17)
Running Crack
369(5)
Running Crack over the Network
374(3)
Crack Rules
377(7)
What Do We Do about Cracked Passwords?
384(1)
The White Hat Use of Crack
385(2)
Effectively Using Crack
386(1)
Summary
387(1)
For Further Reading
387(2)
What's Been Happening? Auditing Your System with Bastille
389(60)
Bastille Overview
389(1)
Obtaining and Installing Bastille
390(3)
Main Bastille RPM
390(1)
Bastille User Interface Module
391(1)
Perl Module for the User Interface
392(1)
Installing the RPMs
392(1)
Configuring Bastille
393(53)
Interactive Bastille
393(36)
Firewall Module
429(16)
TODO list
445(1)
Bastille BackEnd
445(1)
Duplicating Setup on Additional Hosts
446(1)
UNDO!
446(1)
Automated Bastille
447(1)
Summary
448(1)
Web Site
448(1)
Setting the Trap: Tripwire
449(40)
Tripwire Overview
450(1)
Obtaining and Installing Tripwire
450(2)
Tripwire Version 2.3.1-5
452(4)
Configuring Tripwire
456(2)
twinstall.sh
456(2)
The Tripwire Configuration File
458(4)
The Tripwire Policy File
462(13)
Comments
463(1)
Rules
463(3)
Variables
466(1)
Extending the Policy File
467(6)
Effectively Building the Tripwire Configuration File
473(2)
The tripwire Command
475(1)
Initializing the Tripwire Database
476(1)
Effective Tripwire Initialization
477(2)
Storing the Database
479(1)
Routine Tripwire Runs---Compare Mode
479(4)
A Note on Performance
483(1)
Tripwire Update Mode
483(2)
Policy Update Mode
485(1)
Testing Email Notification
485(1)
twprint
486(1)
Summary
486(1)
For Further Reading
487(2)
On-Line Documentation
487(1)
Web Site
487(2)
We Must Censor! Part 1: ipchains
489(66)
What is a Firewall?
489(1)
Packet Filtering
490(1)
Configuring the Kernel for ipchains
491(1)
ipchains Overview
492(3)
Behavior of a Chain
494(1)
Malformed Packets
494(1)
Analysis of an Inbound Packet
494(1)
Analysis of an Outbound Packet
495(1)
The Loopback Interface
495(1)
Custom Chains
495(1)
Introduction to Using ipchains
495(22)
The ipchains Command
496(6)
Some Simple Examples
502(15)
Packet Fragments
517(1)
Accounting
517(1)
IP Masquerading
518(3)
Adding Custom Chains
521(2)
ICMP Rules in a Custom Chain
521(2)
Antispoofing Rules
523(2)
Rule Ordering Is Important!
525(2)
Saving and Restoring Rules
527(1)
Rule Writing and Logging Tips
527(1)
Changing Rules
528(1)
Building Your Firewall
528(18)
Small Internal Network
529(13)
Simple Internal Network Using DHCP
542(4)
ipchains Isn't Just for Firewalls!
546(1)
A Few More Things...
547(1)
Supplementary Utilities
547(4)
Other Examples
547(1)
Port Forwarding
547(1)
The fwconfig GUI
548(1)
Mason
548(1)
The Network Mapper (nmap)
548(1)
Additional Firewall Software
549(1)
Virtual Private Networks and Encrypted Tunnels
549(2)
The Next Generation...
551(1)
Summary
551(1)
For Further Reading
551(4)
ipchains Documentation
551(1)
Masquerading Documentation
552(1)
ISP Connectivity-Related Resources
552(1)
General Firewall References
552(1)
DMZ Resources
553(1)
Cryptography References
553(1)
General Security References
553(2)
We Must Censor! Part 2: iptables
555(28)
Netfilter Overview
555(5)
The filter Table
556(1)
The nat Table
557(1)
The mangle Table
558(1)
Netfilter Flowchart
558(2)
The iptables Utility
560(14)
Flags or Commands of iptables
561(1)
Options to iptables
562(3)
iptables Extensions
565(5)
iptables Actions
570(4)
iptabies Examples
574(6)
Chain Policies
574(1)
Some Basic Rules
575(1)
Connection Tracking
576(2)
NAT Rules
578(2)
Using Existing ipchains Rules
580(1)
Summary
580(1)
For Further Reading
580(3)
Who's Watching Now? Scanners, Sniffers, and Detectors
583(78)
Introduction
583(1)
Scanners
584(48)
How Do Scanners Work Their Magic?
584(1)
Nmap
584(11)
SARA
595(9)
Nessus
604(8)
NetSaint
612(19)
Honorable Mentions
631(1)
Defense Against Scanners
632(1)
Sniffers
632(20)
How Sniffers Work
632(1)
Tcpdump
632(5)
Ethereal
637(7)
Ettercap
644(7)
Other Sniffers
651(1)
Defending Against Sniffers
651(1)
Detectors
652(7)
What Can We Do?
652(1)
Neped
652(1)
PortSentry
653(5)
Other Detection Programs of Note
658(1)
Summary
659(1)
For Further Reading
659(2)
Wiretapping Is Not So Much Fun after All! Log File Management
661(30)
General log File Management
661(1)
logrotate
662(8)
Obtaining and Installing logrotate
662(1)
Configuring logrotate
662(8)
Pulling It All Together
670(1)
swatch
670(11)
Obtaining swatch
670(3)
Installing swatch
673(2)
Configuring and Running swatch
675(6)
logcheck
681(9)
Obtaining logcheck
682(1)
Major Components of logcheck
682(1)
Configuring and Installing logcheck
683(2)
logcheck.hacking
685(1)
logcheck.violations
686(1)
logcheck.violations.ignore
687(1)
logcheck.ignore
688(1)
logcheck Output
689(1)
Troubleshooting logcheck
690(1)
Summary
690(1)
This Is an Awful Lot of Work! Implementing and Managing Security
691(16)
So, Where Do I Start?
692(9)
Hardening Linux
692(9)
Selecting the Right Tools
701(1)
Reducing the Workload
701(1)
What If My Systems Are Already in the Production Environment?
702(1)
The Internal Network
702(2)
Critical Internal Servers
703(1)
Internal Maintenance
703(1)
Firewalls and the DMZ
704(1)
External Maintenance
704(1)
Break-in Recovery
705(1)
Adding New Software
705(1)
Only through Knowledge...
705(2)
Appendix A Keeping Up to Date 707(16)
Web Pages
707(8)
AFCERT
707(1)
AusCERT
707(1)
Caldera OpenLinux
707(1)
CERT (Computer Emergency Response Team)
708(1)
CFS
708(1)
CIAC (U.S. Department of Energy's Computer Incident Advisory Capability)
708(1)
COAST (Computer Operations, Audit, and Security Technology)
708(1)
CSI (Computer Security Institute)
708(1)
Debian GNU/Linux
708(1)
The DOE Information Security Server (DOE-IS)
709(1)
FAQ.org
709(1)
First (Forum of Incident Response and Security Teams)
709(1)
Global Network Security Systems
709(1)
IEEE (Institute of Electrical and Electronics Engineers)
709(1)
IETF (Internet Engineering Task Force) Request for Comments
709(1)
Internet Security Systems
709(1)
IPSec Protocol
710(1)
IPv6 Information Page
710(1)
ISC (Internet Software Consortium)
710(1)
(ISC)2
710(1)
ISSA (Information Systems Security Association)
710(1)
LASG (Linux Administrators Security Guide)
710(1)
Lawrence Berkeley Laboratory
710(1)
Linux Documentation Project
710(1)
The Linux Kernel Archives
711(1)
Linux Online
711(1)
Mandrake Linux
711(1)
Maximum RPM
711(1)
NIST Computer Security Resource Clearinghouse
711(1)
North American Cryptography Archives
711(1)
Open Group Request for Comments
711(1)
OPIE
711(1)
OTP Working Group
712(1)
PAM Information
712(1)
PGP Commercial (USA)
712(1)
PGP Freeware (USA)
712(1)
PGP from GNU
712(1)
PGP International
712(1)
Postfix
712(1)
Psionic
712(1)
Red Hat Linux
712(1)
The Risks Forum
713(1)
Sage
713(1)
Sans
713(1)
Sans Security Roadmap
713(1)
Secure Linux Projects
713(1)
Secure Programming FAQ
713(1)
Security Focus (and bugtraq Archive)
713(1)
sendmail
714(1)
S/KEY
714(1)
Slackware
714(1)
slashdot
714(1)
SSH (Secure Shell)
714(1)
S.u.S.E. Linux
714(1)
TrinityOS
714(1)
UNIXPower
715(1)
Usenet FAQs
715(1)
Usenix
715(1)
xinetd
715(1)
Full Disclosure Resources
715(1)
8lgm
715(1)
Coast
715(1)
Infilsec
716(1)
Insecure.org
716(1)
L0pht Heavy Industries
716(1)
Phrack
716(1)
Rootshell
716(1)
Mailing Lists
716(5)
bugtraq
717(1)
CERT Advisories Mailing List
717(1)
CFS Mailing List
717(1)
CIAC Advisories Mailing List
717(1)
Debian-Security Mailing List
717(1)
exploit-dev Mailing List
717(1)
fwconfig Mailing List
718(1)
Incidents Mailing List
718(1)
Intrusion Detection Systems
718(1)
ipchains Mailing List
718(1)
ISS Mailing List
718(1)
lasg (Linux Administrators Security Guide) Mailing List
719(1)
Mandrake Mailing List
719(1)
Redhat Linux Security
719(1)
rootshell Mailing List
719(1)
RPM Mailing List
720(1)
SANS Network Security Digest
720(1)
security-audit Mailing List
720(1)
Sneakers Mailing List
720(1)
SSH Users Mailing List
720(1)
sudo Mailing List
720(1)
SuSE Mailing List
721(1)
TCFS Mailing List
721(1)
tiger Mailing List
721(1)
Usenet Newsgroups
721(2)
Appendix B Tools Not Covered 723(4)
AAFID (Autonomous Agents for Intrusion Detection)
723(1)
FreeSwan
723(1)
fwconfig
724(1)
FWTK (Firewall Toolkit)
724(1)
Mason
724(1)
Merlin
724(1)
nessus
724(1)
netfilter
724(1)
nfsbug
725(1)
nfstrace
725(1)
nfswatch
725(1)
nmap (Network Mapper)
725(1)
Shadow (Secondary Heuristic Analysis for Defensive Online Warfare)
725(1)
Socksv5
726(1)
SSLeay
726(1)
Appendix C OPIE 727(20)
Obtaining and Installing OPIE
728(8)
Implementing and Using OPIE
736(5)
OPIE and PAM
741(6)
Obtaining and Installing pam_opie
742(1)
Obtaining and Installing pam_if
742(1)
Implementing pam_opie and pam_if
742(5)
Appendix D Securing Network Services: TCP_Wrappers and portmap 747(44)
TCP_Wrappers
748(30)
Building TCP_Wrappers
752(6)
Access Control with TCP_Wrappers
758(18)
TCP_Wrappers Utility Programs
776(2)
TCP_ Wrappers Vulnerabilities
778(1)
The Portmapper
778(10)
Building the Portmapper
779(5)
Implementing Portmapper Access Control
784(1)
The portmap Log Entries
785(2)
Gracefully Terminating and Recovering the Portmapper
787(1)
Portmapper Vulnerabilities
788(1)
Unwrapped Services
788(1)
For Further Reading
789(2)
Resources for TCP_Wrappers
789(1)
Resources for the Portmapper
789(1)
Internet Services Resources
789(2)
Appendix E The Cryptographic and Transparent Cryptographic Filesystems 791(34)
Overview of the Cryptographic File System
791(2)
CFS Flow of Events
792(1)
Obtaining and Installing CFS
793(3)
CFS Administrative Tasks
795(1)
Using CFS
796(7)
Creating and Attaching CFS Directories
796(5)
The CFS Commands and Daemon Detailed
801(2)
Using CFS over NFS
803(1)
Vulnerabilities of CFS
803(1)
Overview of TCFS
804(1)
Obtaining and Installing TCFS
804(2)
The TCFS Client Side
806(8)
The TCFS Server Side
814(1)
Using TCFS
814(7)
Configuring TCFS for Use with PAM
815(1)
TCFS Administrative Tasks
816(1)
Extended Attributes for TCFS
817(1)
Setting Up the Encrypted Directory
818(2)
TCFS Groups
820(1)
TCFS Key Management
820(1)
Vulnerabilities of TCFS
821(1)
CFS and TCFS Comparison
821(1)
Securely Deleting Files
822(1)
Alternatives to CFS and TCFS
823(1)
Summary
823(1)
For Further Reading
824(1)
Papers
824(1)
Email Lists
824(1)
Glossary 825(8)
Index 833

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program