| |
| |
Preface | |
| |
| |
| |
System Snapshots with Tripwire | |
| |
| |
| |
Setting Up Tripwire | |
| |
| |
| |
Displaying the Policy and Configuration | |
| |
| |
| |
Modifying the Policy and Configuration | |
| |
| |
| |
Basic Integrity Checking | |
| |
| |
| |
Read-Only Integrity Checking | |
| |
| |
| |
Remote Integrity Checking | |
| |
| |
| |
Ultra-Paranoid Integrity Checking | |
| |
| |
| |
Expensive, Ultra-Paranoid Security Checking | |
| |
| |
| |
Automated Integrity Checking | |
| |
| |
| |
Printing the Latest Tripwire Report | |
| |
| |
| |
Updating the Database | |
| |
| |
| |
Adding Files to the Database | |
| |
| |
| |
Excluding Files from the Database | |
| |
| |
| |
Checking Windows VFAT Filesystems | |
| |
| |
| |
Verifying RPM-Installed Files | |
| |
| |
| |
Integrity Checking with rsync | |
| |
| |
| |
Integrity Checking Manually | |
| |
| |
| |
Firewalls with iptables and ipchains | |
| |
| |
| |
Enabling Source Address Verification | |
| |
| |
| |
Blocking Spoofed Addresses | |
| |
| |
| |
Blocking All Network Traffic | |
| |
| |
| |
Blocking Incoming Traffic | |
| |
| |
| |
Blocking Outgoing Traffic | |
| |
| |
| |
Blocking Incoming Service Requests | |
| |
| |
| |
Blocking Access from a Remote Host | |
| |
| |
| |
Blocking Access to a Remote Host | |
| |
| |
| |
Blocking Outgoing Access to All Web Servers on a Network | |
| |
| |
| |
Blocking Remote Access, but Permitting Local | |
| |
| |
| |
Controlling Access by MAC Address | |
| |
| |
| |
Permitting SSH Access Only | |
| |
| |
| |
Prohibiting Outgoing Telnet Connections | |
| |
| |
| |
Protecting a Dedicated Server | |
| |
| |
| |
Preventing pings | |
| |
| |
| |
Listing Your Firewall Rules | |
| |
| |
| |
Deleting Firewall Rules | |
| |
| |
| |
Inserting Firewall Rules | |
| |
| |
| |
Saving a Firewall Configuration | |
| |
| |
| |
Loading a Firewall Configuration | |
| |
| |
| |
Testing a Firewall Configuration | |
| |
| |
| |
Building Complex Rule Trees | |
| |
| |
| |
Logging Simplified | |
| |
| |
| |
Network Access Control | |
| |
| |
| |
Listing Your Network Interfaces | |
| |
| |
| |
Starting and Stopping the Network Interface | |
| |
| |
| |
Enabling/Disabling a Service (xinetd) | |
| |
| |
| |
Enabling/Disabling a Service (inetd) | |
| |
| |
| |
Adding a New Service (xinetd) | |
| |
| |
| |
Adding a New Service (inetd) | |
| |
| |
| |
Restricting Access by Remote Users | |
| |
| |
| |
Restricting Access by Remote Hosts (xinetd) | |
| |
| |
| |
Restricting Access by Remote Hosts (xinetd with libwrap) | |
| |
| |
| |
Restricting Access by Remote Hosts (xinetd with tcpd) | |
| |
| |
| |
Restricting Access by Remote Hosts (inetd) | |
| |
| |
| |
Restricting Access by Time of Day | |
| |
| |
| |
Restricting Access to an SSH Server by Host | |
| |
| |
| |
Restricting Access to an SSH Server by Account | |
| |
| |
| |
Restricting Services to Specific Filesystem Directories | |
| |
| |
| |
Preventing Denial of Service Attacks | |
| |
| |
| |
Redirecting to Another Socket | |
| |
| |
| |
Logging Access to Your Services | |
| |
| |
| |
Prohibiting root Logins on Terminal Devices | |
| |
| |
| |
Authentication Techniques and Infrastructures | |
| |
| |
| |
Creating a PAM-Aware Application | |
| |
| |
| |
Enforcing Password Strength with PAM | |
| |
| |
| |
Creating Access Control Lists with PAM | |
| |
| |
| |
Validating an SSL Certificate | |
| |
| |
| |
Decoding an SSL Certificate | |
| |
| |
| |
Installing a New SSL Certificate | |
| |
| |
| |
Generating an SSL Certificate Signing Request (CSR) | |
| |
| |
| |
Creating a Self-Signed SSL Certificate | |
| |
| |
| |
Setting Up a Certifying Authority | |
| |
| |
| |
Converting SSL Certificates from DER to PEM | |
| |
| |
| |
Getting Started with Kerberos | |
| |
| |
| |
Adding Users to a Kerberos Realm | |
| |
| |
| |
Adding Hosts to a Kerberos Realm | |
| |
| |
| |
Using Kerberos with SSH | |
| |
| |
| |
Using Kerberos with Telnet | |
| |
| |
| |
Securing IMAP with Kerberos | |
| |
| |
| |
Using Kerberos with PAM for System-Wide Authentication | |
| |
| |
| |
Authorization Controls | |
| |
| |
| |
Running a root Login Shell | |
| |
| |
| |
Running X Programs as root | |
| |
| |
| |
Running Commands as Another User via sudo | |
| |
| |
| |
Bypassing Password Authentication in sudo | |
| |
| |
| |
Forcing Password Authentication in sudo | |
| |
| |
| |
Authorizing per Host in sudo | |
| |
| |
| |
Granting Privileges to a Group via sudo | |
| |
| |
| |
Running Any Program in a Directory via sudo | |
| |
| |
| |
Prohibiting Command Arguments with sudo | |
| |
| |
| |
Sharing Files Using Groups | |
| |
| |
| |
Permitting Read-Only Access to a Shared File via sudo | |
| |
| |
| |
Authorizing Password Changes via sudo | |
| |
| |
| |
Starting/Stopping Daemons via sudo | |
| |
| |
| |
Restricting root's Abilities via sudo | |
| |
| |
| |
Killing Processes via sudo | |
| |
| |
| |
Listing sudo Invocations | |
| |
| |
| |
Logging sudo Remotely | |
| |
| |
| |
Sharing root Privileges via SSH | |
| |
| |
| |
Running root Commands via SSH | |
| |
| |
| |
Sharing root Privileges via Kerberos su | |
| |
| |
| |
Protecting Outgoing Network Connections | |
| |
| |
| |
Logging into a Remote Host | |
| |
| |
| |
Invoking Remote Programs | |
| |
| |
| |
Copying Files Remotely | |
| |
| |
| |
Authenticating by Public Key (OpenSSH) | |
| |
| |
| |
Authenticating by Public Key (OpenSSH Client, SSH2 Server, OpenSSH Key) | |
| |
| |
| |
Authenticating by Public Key (OpenSSH Client, SSH2 Server, SSH2 Key) | |
| |
| |
| |
Authenticating by Public Key (SSH2 Client, OpenSSH Server) | |
| |
| |
| |
Authenticating by Trusted Host | |
| |
| |
| |
Authenticating Without a Password (Interactively) | |
| |
| |
| |
Authenticating in cron Jobs | |
| |
| |
| |
Terminating an SSH Agent on Logout | |
| |
| |
| |
Tailoring SSH per Host | |
| |
| |
| |
Changing SSH Client Defaults | |
| |
| |
| |
Tunneling Another TCP Session Through SSH | |
| |
| |
| |
Keeping Track of Passwords | |
| |
| |
| |
Protecting Files | |
| |
| |
| |
Using File Permissions | |
| |
| |
| |
Securing a Shared Directory | |
| |
| |
| |
Prohibiting Directory Listings | |
| |
| |
| |
Encrypting Files with a Password | |
| |
| |
| |
Decrypting Files | |
| |
| |
| |
Setting Up GnuPG for Public-Key Encryption | |
| |
| |
| |
Listing Your Keyring | |
| |
| |
| |
Setting a Default Key | |
| |
| |
| |
Sharing Public Keys | |
| |
| |
| |
Adding Keys to Your Keyring | |
| |
| |
| |
Encrypting Files for Others | |
| |
| |
| |
Signing a Text File | |
| |
| |
| |
Signing and Encrypting Files | |
| |
| |
| |
Creating a Detached Signature File | |
| |
| |
| |
Checking a Signature | |
| |
| |
| |
Printing Public Keys | |
| |
| |
| |
Backing Up a Private Key | |
| |
| |
| |
Encrypting Directories | |
| |
| |
| |
Adding Your Key to a Keyserver | |
| |
| |
| |
Uploading New Signatures to a Keyserver | |
| |
| |
| |
Obtaining Keys from a Keyserver | |
| |
| |
| |
Revoking a Key | |
| |
| |
| |
Maintaining Encrypted Files with Emacs | |
| |
| |
| |
Maintaining Encrypted Files with vim | |
| |
| |
| |
Encrypting Backups | |
| |
| |
| |
Using PGP Keys with GnuPG | |
| |
| |
| |
Protecting Email | |
| |
| |
| |
Encrypted Mail with Emacs | |
| |
| |
| |
Encrypted Mail with vim | |
| |
| |
| |
Encrypted Mail with Pine | |
| |
| |
| |
Encrypted Mail with Mozilla | |
| |
| |
| |
Encrypted Mail with Evolution | |
| |
| |
| |
Encrypted Mail with mutt | |
| |
| |
| |
Encrypted Mail with elm | |
| |
| |
| |
Encrypted Mail with MH | |
| |
| |
| |
Running a POP/IMAP Mail Server with SSL | |
| |
| |
| |
Testing an SSL Mail Connection | |
| |
| |
| |
Securing POP/IMAP with SSL and Pine | |
| |
| |
| |
Securing POP/IMAP with SSL and mutt | |
| |
| |
| |
Securing POP/IMAP with SSL and Evolution | |
| |
| |
| |
Securing POP/IMAP with stunnel and SSL | |
| |
| |
| |
Securing POP/IMAP with SSH | |
| |
| |
| |
Securing POP/IMAP with SSH and Pine | |
| |
| |
| |
Receiving Mail Without a Visible Server | |
| |
| |
| |
Using an SMTP Server from Arbitrary Clients | |
| |
| |
| |
Testing and Monitoring | |
| |
| |
| |
Testing Login Passwords (John the Ripper) | |
| |
| |
| |
Testing Login Passwords (CrackLib) | |
| |
| |
| |
Finding Accounts with No Password | |
| |
| |
| |
Finding Superuser Accounts | |
| |
| |
| |
Checking for Suspicious Account Use | |
| |
| |
| |
Checking for Suspicious Account Use, Multiple Systems | |
| |
| |
| |
Testing Your Search Path | |
| |
| |
| |
Searching Filesystems Effectively | |
| |
| |
| |
Finding setuid (or setgid) Programs | |
| |
| |
| |
Securing Device Special Files | |
| |
| |
| |
Finding Writable Files | |
| |
| |
| |
Looking for Rootkits | |
| |
| |
| |
Testing for Open Ports | |
| |
| |
| |
Examining Local Network Activities | |
| |
| |
| |
Tracing Processes | |
| |
| |
| |
Observing Network Traffic | |
| |
| |
| |
Observing Network Traffic (GUI) | |
| |
| |
| |
Searching for Strings in Network Traffic | |
| |
| |
| |
Detecting Insecure Network Protocols | |
| |
| |
| |
Getting Started with Snort | |
| |
| |
| |
Packet Sniffing with Snort | |
| |
| |
| |
Detecting Intrusions with Snort | |
| |
| |
| |
Decoding Snort Alert Messages | |
| |
| |
| |
Logging with Snort | |
| |
| |
| |
Partitioning Snort Logs Into Separate Files | |
| |
| |
| |
Upgrading and Tuning Snort's Ruleset | |
| |
| |
| |
Directing System Messages to Log Files (syslog) | |
| |
| |
| |
Testing a syslog Configuration | |
| |
| |
| |
Logging Remotely | |
| |
| |
| |
Rotating Log Files | |
| |
| |
| |
Sending Messages to the System Logger | |
| |
| |
| |
Writing Log Entries via Shell Scripts | |
| |
| |
| |
Writing Log Entries via Perl | |
| |
| |
| |
Writing Log Entries via C | |
| |
| |
| |
Combining Log Files | |
| |
| |
| |
Summarizing Your Logs with logwatch | |
| |
| |
| |
Defining a logwatch Filter | |
| |
| |
| |
Monitoring All Executed Commands | |
| |
| |
| |
Displaying All Executed Commands | |
| |
| |
| |
Parsing the Process Accounting Log | |
| |
| |
| |
Recovering from a Hack | |
| |
| |
| |
Filing an Incident Report | |
| |
| |
Index | |