Skip to content
Cart (0) Free shipping over $35*
Buybacks (0) Free shipping on buybacks
loading
Help Contact
Return rental ›

Linux System Security The Administrator's Guide to Open Source Security Tools

Best in textbook rentals since 2012!

ISBN-10: 0130158070

ISBN-13: 9780130158079

Edition: 2000

Authors: Scott Mann, Ellen L. Mitchell

List price: $48.99
Blue ribbon 30 day, 100% satisfaction guarantee!
Out of stock
We're sorry. This item is currently unavailable.
what's this?
Rush Rewards U
Members Receive:
Carrot Coin icon
XP icon
You have reached 400 XP and carrot coins. That is the daily max!

More and more companies are depending on Linux to run their mission critical networks and store their most important data. This expert guide shows Linux system administrators exactly how to protect those resources and networks, using the powerful open source tools the Linux community has developed. Start by learning how to prepare your Linux system for a production environment, including identifying system vulnerabilities, planning for day-to-day security administration; implementing firewalls, and more. Review the key steps involved in securing filesystems, email, web servers, and other key applications; then learn how to protect applications running in a mixed Linux/Unix and Windows NT…    
Customers also bought

Book details

List price: $48.99
Copyright year: 2000
Publisher: Prentice Hall PTR
Publication date: 12/23/1999
Binding: Hardcover
Pages: 604
Size: 7.24" wide x 9.53" long x 1.73" tall
Weight: 2.882
Language: English

Figures
Examples
Tables
Preface
Vulnerability Survey
What Happened?
Other Cracker Activities
So, Are You Going to Show Us How to Break into Systems?
A Survey of Vulnerabilities and Attacks
Technical
Social
Physical
Security Policies
What Is Computer and Network Security?
Elements of a Computing Environment
Risk Analysis
The Security Policy
Securing Computers and Networks
User Privacy and Administrator Ethics
Background Information
BIOS Passwords
Linux Installation and LILO
A Note about LILO
Recovering a Corrupt System
Installation and LILO Resources
Start-Up Scripts
Red Hat Package Manager
Verifying Packages with RPM
Checking PGP Signatures with RPM
RPM Resources
RPM Mailing List
TCP/IP Networking Overview
The TCP/IP Model Layers
Remote Procedure Call Applications
Trusted Host Files and Related Commands
Some Major Applications
Network Monitoring
General TCP/IP Networking Resources
NFS, Samba, NIS, and DNS Resources
Request for Comment
Cryptography
The Purpose of Cryptography
Algorithm Types
Hash Functions and Digital Signatures
Passwords Aren't Encrypted, They're Hashed!
An Overview of PGP
Cryptography References
Testing and Production Environments
Security Archives
Software Testing
Source Code Auditing
Pristine Backups
Security Resources
Licenses
Users, Permissions, and Filesystems
User Account Management
Good Passwords
All Accounts Must Have Passwords! Or Be Locked!
Password Aging and the Shadow File
Restricted Accounts
Shell History
The Root Account
Using the Root Account
Multiple root Users
Minimizing the Impact of root Compromise
Configuring /etc/securetty
Group Account Management
File and Directory Permissions
User File and Directory Permissions
System File and Directory Permissions
SUID and SGID
File Attributes
Using xlock and xscreensaver
Filesystem Restrictions
Pluggable Authentication Modules
PAM Overview
PAM Configuration
PAM Administration
PAM and Passwords
PAM and Passwords Summary
PAM and login
Time and Resource Limits
Access Control with pam_listfile
PAM and su
Using pam_access
Using pam_lastlog
Using pam_rhosts_auth
One-Time Password Support
PAM and the other Configuration File
Additional PAM Options
PAM Logs
Available PAM Modules
PAM-Aware Applications
Important Notes about Configuring PAM
The Future of PAM
One-Time Passwords
The Purpose of One-Time Passwords
S/Key
S/Key OTP Overview
S/Key Version 1.1b
S/Key Version 2.2
OPIE
Obtaining and Installing OPIE
Implementing and Using OPIE
OPIE and PAM
Obtaining and Installing pam_opie
Obtaining and Installing pam_if
Implementing pam_opie and pam_if
Which OTP System Should I Use?
Advantages and Disadvantages of S/Key
Advantages and Disadvantages of OPIE
S/Key and OPIE Vulnerabilities
System Accounting
General System Accounting
Connection Accounting
The last Command
The who Command
One Other Command
Process Accounting
The sa Command
The lastcomm Command
Accounting Files
System Logging
The syslog System Logging Utility
Overview
The /etc/syslog.conf File
Invoking the syslogd Daemon
Configuring /etc/syslog.conf
The klogd Daemon
Other Logs
Alternatives to syslog
The auditd Utility
Superuser Do (sudo)
What Is sudo?
Obtaining and Implementing sudo
Features of Version 1.5.9p4
Implementing Version 1.5.9p4
Using sudo
The Functionality of sudo
The /etc/sudoers File
General Syntax of /etc/sudoers
The visudo Command
Options to the sudo Command
A More Sophisticated Example
Setting Up sudo Logging
Reading sudo Logs
PAM and sudo
Disabling root Access
Vulnerabilities of sudo
Securing Network Services: TCP_wrappers, portmap, and xinetd
TCP_Wrappers
Building TCP_Wrappers
Access Control with TCP_Wrappers
TCP_Wrappers Utility Programs
TCP_Wrappers Vulnerabilities
The Portmapper
Building the Portmapper
Implementing Portmapper Access Control
The portmap Log Entries
Gracefully Terminating and Recovering the Portmapper
Portmapper Vulnerabilities
Unwrapped Services
Replacing inetd with xinetd
Advantages of xinetd
Disadvantages of xinetd
Obtaining xinetd
Building xinetd
The xinetd Configuration File
The xinetd Daemon
Which One Should I Use?
The Secure Shell
Overview of SSH
Host-Based Authentication Using RSA
Authenticating the User
Available Versions of SSH
Obtaining and Installing SSH
Compiling SSH
Configuring the Secure Shell
Configuring the Server Side
Configuring the Client Side
Using SSH
Configuring SSH Authentication Behavior
sshd Missing in Action
Authentication Flow of Events
Nonpassword Authentication
Password-Based Authentication
Exploring ssh Functionality
ssh Examples
scp Examples
Port Forwarding and Application Proxying
Secure Shell Alternatives
Crack
Obtaining Crack
Major Components of Crack
Crack Overview
Building Crack
Modifying Crack for Linux
Modifying Crack for MD5
Modifying Crack for Bigcrypt
Preparing Crack for crypt (3)
Compiling and Linking Crack
Compiling Crack Itself
Crack Dictionaries
Obtaining Other Crack Dictionaries
Using Crack
Running Crack
Running Crack over the Network
Crack 7
Crack Rules
What Do We Do about Cracked Passwords?
The White Hat Use of Crack
Effectively Using Crack
Auditing Your System with tiger
Overview of tiger
Obtaining tiger
Major Components of tiger
Overview of tiger Configuration
Overview of Run-Time Operation
tiger Scripts
Installing tiger to Run through cron
Which Scripts Should I Run?
cronrc for a Development Machine
Running Crack from tiger
Deciphering tiger Output
Troubleshooting tiger
Modifying tiger
Modifying Scripts
Adding New Checks
Signatures
Recommendations
Tripwire
Tripwire Overview
Obtaining and Installing Tripwire
Tripwire Version 1.2
The Tripwire Configuration File
Extending the Configuration File
Effectively Building the Tripwire Configuration File
Example Configuration File for Red Hat Linux
The tripwire Command
Tripwire Initialize Mode
Effective Tripwire Initialization
Storing the Database
Routine Tripwire Runs--Compare Mode
A Note on Performance
Tripwire Update Mode
The Cryptographic and Transparent Cryptographic Filesystems
Overview of the Cryptographic File System
CFS Flow of Events
Obtaining and Installing CFS
CFS Administrative Tasks
Using CFS
Creating and Attaching CFS Directories
The CFS Commands and Daemon Detailed
Using CFS over NFS
Vulnerabilities of CFS
Overview of TCFS
Obtaining and Installing TCFS
The TCFS Client Side
The TCFS Server Side
Using TCFS
Configuring TCFS for Use with PAM
TCFS Administrative Tasks
Extended Attributes for TCFS
Setting up the Encrypted Directory
TCFS Groups
TCFS Key Management
Vulnerabilities of TCFS
CFS and TCFS Comparison
Securely Deleting Files
Alternatives to CFS and TCFS
Packet Filtering with ipchains
Packet Filtering
Configuring the Kernel for ipchains
ipchains Overview
Behavior of a Chain
Malformed Packets
Analysis of an Inbound Packet
Analysis of an Outbound Packet
The Loopback Interface
Custom Chains
Introduction to Using ipchains
The ipchains Command
Some Simple Examples
Packet Fragments
IP Masquerading
Adding Custom Chains
ICMP Rules in a Custom Chain
Antispoofing Rules
Rule Ordering Is Important!
Saving and Restoring Rules
Rule Writing and Logging Tips
Changing Rules
ipchains Start-up Scripts
Building Your Firewall
Simple Internal Network
Simple Internal Network Using DHCP
ipchains Isn't Just for Firewalls!
One More Thing
Supplementary Utilities
Other Examples
Port Forwarding
The fwconfig GUI
Mason
The Network Mapper (nmap)
Additional Firewall Software
Virtual Private Networks and Encrypted Tunnels
The Next Generation
Log File Management
General Log File Management
logrotate
Obtaining and Installing logrotate
Configuring logrotate
Pulling It All Together
swatch
Obtaining swatch
Installing swatch
Configuring and Running swatch
logcheck
Obtaining logcheck
Major Components of logcheck
Configuring and Installing logcheck
logcheck Output
Troubleshooting logcheck
Implementing and Managing Security
So, Where Do I Start?
Hardening Linux
Selecting the Right Tools
Reducing the Workload
What if My Systems Are Already in the Production Environment?
The Internal Network
Critical Internal Servers
Internal Maintenance
Firewalls and the DMZ
External Maintenance
Break-in Recovery
Adding New Software
Only through Knowledge
Keeping Up to Date
Tools Not Covered
Glossary
Index
  • TextbookRush.com BBB Business Review
  • Trustpilot
Like TextbookRush on Facebook Follow TextbookRush on X Follow TextbookRush on Instagram Subscribe to TextbookRush on YouTube Follow TextbookRush on Pinterest Add TextbookRush on Snapchat Add TextbookRush on TikTok
© 2002-2024 TextbookRush
Subscribe