| |
| |
Figures | |
| |
| |
Examples | |
| |
| |
Tables | |
| |
| |
Preface | |
| |
| |
| |
Vulnerability Survey | |
| |
| |
What Happened? | |
| |
| |
Other Cracker Activities | |
| |
| |
So, Are You Going to Show Us How to Break into Systems? | |
| |
| |
A Survey of Vulnerabilities and Attacks | |
| |
| |
Technical | |
| |
| |
Social | |
| |
| |
Physical | |
| |
| |
| |
Security Policies | |
| |
| |
What Is Computer and Network Security? | |
| |
| |
Elements of a Computing Environment | |
| |
| |
Risk Analysis | |
| |
| |
The Security Policy | |
| |
| |
Securing Computers and Networks | |
| |
| |
User Privacy and Administrator Ethics | |
| |
| |
| |
Background Information | |
| |
| |
BIOS Passwords | |
| |
| |
Linux Installation and LILO | |
| |
| |
A Note about LILO | |
| |
| |
Recovering a Corrupt System | |
| |
| |
Installation and LILO Resources | |
| |
| |
Start-Up Scripts | |
| |
| |
Red Hat Package Manager | |
| |
| |
Verifying Packages with RPM | |
| |
| |
Checking PGP Signatures with RPM | |
| |
| |
RPM Resources | |
| |
| |
RPM Mailing List | |
| |
| |
TCP/IP Networking Overview | |
| |
| |
The TCP/IP Model Layers | |
| |
| |
Remote Procedure Call Applications | |
| |
| |
Trusted Host Files and Related Commands | |
| |
| |
Some Major Applications | |
| |
| |
Network Monitoring | |
| |
| |
General TCP/IP Networking Resources | |
| |
| |
NFS, Samba, NIS, and DNS Resources | |
| |
| |
Request for Comment | |
| |
| |
Cryptography | |
| |
| |
The Purpose of Cryptography | |
| |
| |
Algorithm Types | |
| |
| |
Hash Functions and Digital Signatures | |
| |
| |
Passwords Aren't Encrypted, They're Hashed! | |
| |
| |
An Overview of PGP | |
| |
| |
Cryptography References | |
| |
| |
Testing and Production Environments | |
| |
| |
Security Archives | |
| |
| |
Software Testing | |
| |
| |
Source Code Auditing | |
| |
| |
Pristine Backups | |
| |
| |
Security Resources | |
| |
| |
Licenses | |
| |
| |
| |
Users, Permissions, and Filesystems | |
| |
| |
User Account Management | |
| |
| |
Good Passwords | |
| |
| |
All Accounts Must Have Passwords! Or Be Locked! | |
| |
| |
Password Aging and the Shadow File | |
| |
| |
Restricted Accounts | |
| |
| |
Shell History | |
| |
| |
The Root Account | |
| |
| |
Using the Root Account | |
| |
| |
Multiple root Users | |
| |
| |
Minimizing the Impact of root Compromise | |
| |
| |
Configuring /etc/securetty | |
| |
| |
Group Account Management | |
| |
| |
File and Directory Permissions | |
| |
| |
User File and Directory Permissions | |
| |
| |
System File and Directory Permissions | |
| |
| |
SUID and SGID | |
| |
| |
File Attributes | |
| |
| |
Using xlock and xscreensaver | |
| |
| |
Filesystem Restrictions | |
| |
| |
| |
Pluggable Authentication Modules | |
| |
| |
PAM Overview | |
| |
| |
PAM Configuration | |
| |
| |
PAM Administration | |
| |
| |
PAM and Passwords | |
| |
| |
PAM and Passwords Summary | |
| |
| |
PAM and login | |
| |
| |
Time and Resource Limits | |
| |
| |
Access Control with pam_listfile | |
| |
| |
PAM and su | |
| |
| |
Using pam_access | |
| |
| |
Using pam_lastlog | |
| |
| |
Using pam_rhosts_auth | |
| |
| |
One-Time Password Support | |
| |
| |
PAM and the other Configuration File | |
| |
| |
Additional PAM Options | |
| |
| |
PAM Logs | |
| |
| |
Available PAM Modules | |
| |
| |
PAM-Aware Applications | |
| |
| |
Important Notes about Configuring PAM | |
| |
| |
The Future of PAM | |
| |
| |
| |
One-Time Passwords | |
| |
| |
The Purpose of One-Time Passwords | |
| |
| |
S/Key | |
| |
| |
S/Key OTP Overview | |
| |
| |
S/Key Version 1.1b | |
| |
| |
S/Key Version 2.2 | |
| |
| |
OPIE | |
| |
| |
Obtaining and Installing OPIE | |
| |
| |
Implementing and Using OPIE | |
| |
| |
OPIE and PAM | |
| |
| |
Obtaining and Installing pam_opie | |
| |
| |
Obtaining and Installing pam_if | |
| |
| |
Implementing pam_opie and pam_if | |
| |
| |
Which OTP System Should I Use? | |
| |
| |
Advantages and Disadvantages of S/Key | |
| |
| |
Advantages and Disadvantages of OPIE | |
| |
| |
S/Key and OPIE Vulnerabilities | |
| |
| |
| |
System Accounting | |
| |
| |
General System Accounting | |
| |
| |
Connection Accounting | |
| |
| |
The last Command | |
| |
| |
The who Command | |
| |
| |
One Other Command | |
| |
| |
Process Accounting | |
| |
| |
The sa Command | |
| |
| |
The lastcomm Command | |
| |
| |
Accounting Files | |
| |
| |
| |
System Logging | |
| |
| |
The syslog System Logging Utility | |
| |
| |
Overview | |
| |
| |
The /etc/syslog.conf File | |
| |
| |
Invoking the syslogd Daemon | |
| |
| |
Configuring /etc/syslog.conf | |
| |
| |
The klogd Daemon | |
| |
| |
Other Logs | |
| |
| |
Alternatives to syslog | |
| |
| |
The auditd Utility | |
| |
| |
| |
Superuser Do (sudo) | |
| |
| |
What Is sudo? | |
| |
| |
Obtaining and Implementing sudo | |
| |
| |
Features of Version 1.5.9p4 | |
| |
| |
Implementing Version 1.5.9p4 | |
| |
| |
Using sudo | |
| |
| |
The Functionality of sudo | |
| |
| |
The /etc/sudoers File | |
| |
| |
General Syntax of /etc/sudoers | |
| |
| |
The visudo Command | |
| |
| |
Options to the sudo Command | |
| |
| |
A More Sophisticated Example | |
| |
| |
Setting Up sudo Logging | |
| |
| |
Reading sudo Logs | |
| |
| |
PAM and sudo | |
| |
| |
Disabling root Access | |
| |
| |
Vulnerabilities of sudo | |
| |
| |
| |
Securing Network Services: TCP_wrappers, portmap, and xinetd | |
| |
| |
TCP_Wrappers | |
| |
| |
Building TCP_Wrappers | |
| |
| |
Access Control with TCP_Wrappers | |
| |
| |
TCP_Wrappers Utility Programs | |
| |
| |
TCP_Wrappers Vulnerabilities | |
| |
| |
The Portmapper | |
| |
| |
Building the Portmapper | |
| |
| |
Implementing Portmapper Access Control | |
| |
| |
The portmap Log Entries | |
| |
| |
Gracefully Terminating and Recovering the Portmapper | |
| |
| |
Portmapper Vulnerabilities | |
| |
| |
Unwrapped Services | |
| |
| |
Replacing inetd with xinetd | |
| |
| |
Advantages of xinetd | |
| |
| |
Disadvantages of xinetd | |
| |
| |
Obtaining xinetd | |
| |
| |
Building xinetd | |
| |
| |
The xinetd Configuration File | |
| |
| |
The xinetd Daemon | |
| |
| |
Which One Should I Use? | |
| |
| |
| |
The Secure Shell | |
| |
| |
Overview of SSH | |
| |
| |
Host-Based Authentication Using RSA | |
| |
| |
Authenticating the User | |
| |
| |
Available Versions of SSH | |
| |
| |
Obtaining and Installing SSH | |
| |
| |
Compiling SSH | |
| |
| |
Configuring the Secure Shell | |
| |
| |
Configuring the Server Side | |
| |
| |
Configuring the Client Side | |
| |
| |
Using SSH | |
| |
| |
Configuring SSH Authentication Behavior | |
| |
| |
sshd Missing in Action | |
| |
| |
Authentication Flow of Events | |
| |
| |
Nonpassword Authentication | |
| |
| |
Password-Based Authentication | |
| |
| |
Exploring ssh Functionality | |
| |
| |
ssh Examples | |
| |
| |
scp Examples | |
| |
| |
Port Forwarding and Application Proxying | |
| |
| |
Secure Shell Alternatives | |
| |
| |
| |
Crack | |
| |
| |
Obtaining Crack | |
| |
| |
Major Components of Crack | |
| |
| |
Crack Overview | |
| |
| |
Building Crack | |
| |
| |
Modifying Crack for Linux | |
| |
| |
Modifying Crack for MD5 | |
| |
| |
Modifying Crack for Bigcrypt | |
| |
| |
Preparing Crack for crypt (3) | |
| |
| |
Compiling and Linking Crack | |
| |
| |
Compiling Crack Itself | |
| |
| |
Crack Dictionaries | |
| |
| |
Obtaining Other Crack Dictionaries | |
| |
| |
Using Crack | |
| |
| |
Running Crack | |
| |
| |
Running Crack over the Network | |
| |
| |
Crack 7 | |
| |
| |
Crack Rules | |
| |
| |
What Do We Do about Cracked Passwords? | |
| |
| |
The White Hat Use of Crack | |
| |
| |
Effectively Using Crack | |
| |
| |
| |
Auditing Your System with tiger | |
| |
| |
Overview of tiger | |
| |
| |
Obtaining tiger | |
| |
| |
Major Components of tiger | |
| |
| |
Overview of tiger Configuration | |
| |
| |
Overview of Run-Time Operation | |
| |
| |
tiger Scripts | |
| |
| |
Installing tiger to Run through cron | |
| |
| |
Which Scripts Should I Run? | |
| |
| |
cronrc for a Development Machine | |
| |
| |
Running Crack from tiger | |
| |
| |
Deciphering tiger Output | |
| |
| |
Troubleshooting tiger | |
| |
| |
Modifying tiger | |
| |
| |
Modifying Scripts | |
| |
| |
Adding New Checks | |
| |
| |
Signatures | |
| |
| |
Recommendations | |
| |
| |
| |
Tripwire | |
| |
| |
Tripwire Overview | |
| |
| |
Obtaining and Installing Tripwire | |
| |
| |
Tripwire Version 1.2 | |
| |
| |
The Tripwire Configuration File | |
| |
| |
Extending the Configuration File | |
| |
| |
Effectively Building the Tripwire Configuration File | |
| |
| |
Example Configuration File for Red Hat Linux | |
| |
| |
The tripwire Command | |
| |
| |
Tripwire Initialize Mode | |
| |
| |
Effective Tripwire Initialization | |
| |
| |
Storing the Database | |
| |
| |
Routine Tripwire Runs--Compare Mode | |
| |
| |
A Note on Performance | |
| |
| |
Tripwire Update Mode | |
| |
| |
| |
The Cryptographic and Transparent Cryptographic Filesystems | |
| |
| |
Overview of the Cryptographic File System | |
| |
| |
CFS Flow of Events | |
| |
| |
Obtaining and Installing CFS | |
| |
| |
CFS Administrative Tasks | |
| |
| |
Using CFS | |
| |
| |
Creating and Attaching CFS Directories | |
| |
| |
The CFS Commands and Daemon Detailed | |
| |
| |
Using CFS over NFS | |
| |
| |
Vulnerabilities of CFS | |
| |
| |
Overview of TCFS | |
| |
| |
Obtaining and Installing TCFS | |
| |
| |
The TCFS Client Side | |
| |
| |
The TCFS Server Side | |
| |
| |
Using TCFS | |
| |
| |
Configuring TCFS for Use with PAM | |
| |
| |
TCFS Administrative Tasks | |
| |
| |
Extended Attributes for TCFS | |
| |
| |
Setting up the Encrypted Directory | |
| |
| |
TCFS Groups | |
| |
| |
TCFS Key Management | |
| |
| |
Vulnerabilities of TCFS | |
| |
| |
CFS and TCFS Comparison | |
| |
| |
Securely Deleting Files | |
| |
| |
Alternatives to CFS and TCFS | |
| |
| |
| |
Packet Filtering with ipchains | |
| |
| |
Packet Filtering | |
| |
| |
Configuring the Kernel for ipchains | |
| |
| |
ipchains Overview | |
| |
| |
Behavior of a Chain | |
| |
| |
Malformed Packets | |
| |
| |
Analysis of an Inbound Packet | |
| |
| |
Analysis of an Outbound Packet | |
| |
| |
The Loopback Interface | |
| |
| |
Custom Chains | |
| |
| |
Introduction to Using ipchains | |
| |
| |
The ipchains Command | |
| |
| |
Some Simple Examples | |
| |
| |
Packet Fragments | |
| |
| |
IP Masquerading | |
| |
| |
Adding Custom Chains | |
| |
| |
ICMP Rules in a Custom Chain | |
| |
| |
Antispoofing Rules | |
| |
| |
Rule Ordering Is Important! | |
| |
| |
Saving and Restoring Rules | |
| |
| |
Rule Writing and Logging Tips | |
| |
| |
Changing Rules | |
| |
| |
ipchains Start-up Scripts | |
| |
| |
Building Your Firewall | |
| |
| |
Simple Internal Network | |
| |
| |
Simple Internal Network Using DHCP | |
| |
| |
ipchains Isn't Just for Firewalls! | |
| |
| |
One More Thing | |
| |
| |
Supplementary Utilities | |
| |
| |
Other Examples | |
| |
| |
Port Forwarding | |
| |
| |
The fwconfig GUI | |
| |
| |
Mason | |
| |
| |
The Network Mapper (nmap) | |
| |
| |
Additional Firewall Software | |
| |
| |
Virtual Private Networks and Encrypted Tunnels | |
| |
| |
The Next Generation | |
| |
| |
| |
Log File Management | |
| |
| |
General Log File Management | |
| |
| |
logrotate | |
| |
| |
Obtaining and Installing logrotate | |
| |
| |
Configuring logrotate | |
| |
| |
Pulling It All Together | |
| |
| |
swatch | |
| |
| |
Obtaining swatch | |
| |
| |
Installing swatch | |
| |
| |
Configuring and Running swatch | |
| |
| |
logcheck | |
| |
| |
Obtaining logcheck | |
| |
| |
Major Components of logcheck | |
| |
| |
Configuring and Installing logcheck | |
| |
| |
logcheck Output | |
| |
| |
Troubleshooting logcheck | |
| |
| |
| |
Implementing and Managing Security | |
| |
| |
So, Where Do I Start? | |
| |
| |
Hardening Linux | |
| |
| |
Selecting the Right Tools | |
| |
| |
Reducing the Workload | |
| |
| |
What if My Systems Are Already in the Production Environment? | |
| |
| |
The Internal Network | |
| |
| |
Critical Internal Servers | |
| |
| |
Internal Maintenance | |
| |
| |
Firewalls and the DMZ | |
| |
| |
External Maintenance | |
| |
| |
Break-in Recovery | |
| |
| |
Adding New Software | |
| |
| |
Only through Knowledge | |
| |
| |
| |
Keeping Up to Date | |
| |
| |
| |
Tools Not Covered | |
| |
| |
Glossary | |
| |
| |
Index | |