search for books and compare prices
Tables of Contents for Linux Security Cookbook
Chapter/Section Title
Page #
Page Count
Preface xi
1. System Snapshots with Tripwire
1
22
1.1 Setting Up Tripwire
4
1
1.2 Displaying the Policy and Configuration
5
1
1.3 Modifying the Policy and Configuration
6
1
1.4 Basic Integrity Checking
7
1
1.5 Read-Only Integrity Checking
8
1
1.6 Remote Integrity Checking
9
2
1.7 Ultra-Paranoid Integrity Checking
11
2
1.8 Expensive, Ultra-Paranoid Security Checking
13
1
1.9 Automated Integrity Checking
13
1
1.10 Printing the Latest Tripwire Report
14
1
1.11 Updating the Database
15
1
1.12 Adding Files to the Database
16
1
1.13 Excluding Files from the Database
17
1
1.14 Checking Windows VFAT Filesystems
17
1
1.15 Verifying RPM-Installed Files
18
1
1.16 Integrity Checking with rsync
19
1
1.17 Integrity Checking Manually
20
3
2. Firewalls with iptables and ipchains
23
26
2.1 Enabling Source Address Verification
24
2
2.2 Blocking Spoofed Addresses
26
2
2.3 Blocking All Network Traffic
28
1
2.4 Blocking Incoming Traffic
28
2
2.5 Blocking Outgoing Traffic
30
1
2.6 Blocking Incoming Service Requests
30
1
2.7 Blocking Access from a Remote Host
31
1
2.8 Blocking Access to a Remote Host
32
1
2.9 Blocking Outgoing Access to All Web Servers on a Network
33
1
2.10 Blocking Remote Access, but Permitting Local
34
1
2.11 Controlling Access by MAC Address
35
1
2.12 Permitting SSH Access Only
36
1
2.13 Prohibiting Outgoing Telnet Connections
37
1
2.14 Protecting a Dedicated Server
38
1
2.15 Preventing pings
39
1
2.16 Listing Your Firewall Rules
39
2
2.17 Deleting Firewall Rules
41
1
2.18 Inserting Firewall Rules
42
1
2.19 Saving a Firewall Configuration
42
1
2.20 Loading a Firewall Configuration
43
2
2.21 Testing a Firewall Configuration
45
1
2.22 Building Complex Rule Trees
46
1
2.23 Logging Simplified
47
2
3. Network Access Control
49
23
3.1 Listing Your Network Interfaces
51
1
3.2 Starting and Stopping the Network Interface
52
1
3.3 Enabling/Disabling a Service (xinetd)
53
1
3.4 Enabling/Disabling a Service (inetd)
54
1
3.5 Adding a New Service (xinetd)
55
1
3.6 Adding a New Service (inetd)
56
1
3.7 Restricting Access by Remote Users
57
1
3.8 Restricting Access by Remote Hosts (xinetd)
58
1
3.9 Restricting Access by Remote Hosts (xinetd with libwrap)
59
1
3.10 Restricting Access by Remote Hosts (xinetd with tcpd)
60
1
3.11 Restricting Access by Remote Hosts (inetd)
61
1
3.12 Restricting Access by Time of Day
62
2
3.13 Restricting Access to an SSH Server by Host
64
1
3.14 Restricting Access to an SSH Server by Account
64
1
3.15 Restricting Services to Specific Filesystem Directories
65
2
3.16 Preventing Denial of Service Attacks
67
2
3.17 Redirecting to Another Socket
69
1
3.18 Logging Access to Your Services
70
1
3.19 Prohibiting root Logins on Terminal Devices
71
1
4. Authentication Techniques and Infrastructures
72
30
4.1 Creating a PAM-Aware Application
74
1
4.2 Enforcing Password Strength with PAM
75
1
4.3 Creating Access Control Lists with PAM
76
2
4.4 Validating an SSL Certificate
78
1
4.5 Decoding an SSL Certificate
79
1
4.6 Installing a New SSL Certificate
80
1
4.7 Generating an SSL Certificate Signing Request (CSR)
81
2
4.8 Creating a Self-Signed SSL Certificate
83
1
4.9 Setting Up a Certifying Authority
84
3
4.10 Converting SSL Certificates from DER to PEM
87
1
4.11 Getting Started with Kerberos
88
4
4.12 Adding Users to a Kerberos Realm
92
1
4.13 Adding Hosts to a Kerberos Realm
93
1
4.14 Using Kerberos with SSH
94
2
4.15 Using Kerberos with Telnet
96
2
4.16 Securing IMAP with Kerberos
98
2
4.17 Using Kerberos with PAM for System-Wide Authentication
100
2
5. Authorization Controls
102
22
5.1 Running a root Login Shell
104
1
5.2 Running X Programs as root
105
1
5.3 Running Commands as Another User via sudo
106
1
5.4 Bypassing Password Authentication in sudo
106
2
5.5 Forcing Password Authentication in sudo
108
1
5.6 Authoring per Host in sudo
108
2
5.7 Granting Privileges to a Group via sudo
110
1
5.8 Running Any Program in a Directory via sudo
110
1
5.9 Prohibiting Command Arguments with sudo
111
1
5.10 Sharing Files Using Groups
111
1
5.11 Permitting Read-Only Access to a Shared File via sudo
112
1
5.12 Authorizing Password Changes via sudo
113
1
5.13 Starting/Stopping Daemons via sudo
114
1
5.14 Restricting root's Abilities via sudo
115
1
5.15 Killing Processes via sudo
115
2
5.16 Listing sudo Invocations
117
1
5.17 Logging sudo Remotely
118
1
5.18 Sharing root Privileges via SSH
118
2
5.19 Running root Commands via SSH
120
1
5.20 Sharing root Privileges via Kerberos su
121
3
6. Protecting Outgoing Network Connections
124
23
6.1 Logging into a Remote Host
125
1
6.2 Invoking Remote Programs
126
1
6.3 Copying Files Remotely
127
2
6.4 Authenticating by Public Key (OpenSSH)
129
2
6.5 Authenticating by Public Key (OpenSSH Client, SSH2 Server, OpenSSH Key)
131
2
6.6 Authenticating by Public Key (OpenSSH Client, SSH2 Server, SSH2 Key)
133
1
6.7 Authenticating by Public Key (SSH2 Client, OpenSSH Server)
134
1
6.8 Authenticating by Trusted Host
135
3
6.9 Authenticating Without a Password (Interactively)
138
2
6.10 Authenticating in crop Jobs
140
1
6.11 Terminating an SSH Agent on Logout
141
1
6.12 Tailoring SSH per Host
142
1
6.13 Changing SSH Client Defaults
143
1
6.14 Tunneling Another TCP Session Through SSH
144
2
6.15 Keeping Track of Passwords
146
1
7. Protecting Files
147
28
7.1 Using File Permissions
148
1
7.2 Securing a Shared Directory
149
1
7.3 Prohibiting Directory Listings
150
1
7.4 Encrypting Files with a Password
151
1
7.5 Decrypting Files
152
1
7.6 Setting Up GnuPG for Public-Key Encryption
152
2
7.7 Listing Your Keyring
154
1
7.8 Setting a Default Key
155
1
7.9 Sharing Public Keys
156
1
7.10 Adding Keys to Your Keyring
157
1
7.11 Encrypting Files for Others
158
1
7.12 Signing a Text File
159
1
7.13 Signing and Encrypting Files
159
1
7.14 Creating a Detached Signature File
160
1
7.15 Checking a Signature
161
1
7.16 Printing Public Keys
162
1
7.17 Backing Up a Private Key
162
2
7.18 Encrypting Directories
164
1
7.19 Adding Your Key to a Keyserver
165
1
7.20 Uploading New Signatures to a Keyserver
165
1
7.21 Obtaining Keys from a Keyserver
166
2
7.22 Revoking a Key
168
1
7.23 Maintaining Encrypted Files with Emacs
169
1
7.24 Maintaining Encrypted Files with vim
170
1
7.25 Encrypting Backups
171
2
7.26 Using PGP Keys with GnuPG
173
2
8. Protecting Email
175
27
8.1 Encrypted Mail with Emacs
175
2
8.2 Encrypted Mail with vim
177
1
8.3 Encrypted Mail with Pine
178
1
8.4 Encrypted Mail with Mozilla
179
1
8.5 Encrypted Mail with Evolution
180
1
8.6 Encrypted Mail with mutt
181
1
8.7 Encrypted Mail with elm
182
1
8.8 Encrypted Mail with MH
183
1
8.9 Running a POP/IMAP Mail Server with SSL
183
5
8.10 Testing an SSL Mail Connection
188
1
8.11 Securing POP/IMAP with SSL and Pine
188
2
8.12 Securing POP/IMAP with SSL and mutt
190
1
8.13 Securing POP/IMAP with SSL and Evolution
191
1
8.14 Securing POP/IMAP with stunnel and SSL
192
1
8.15 Securing POP/IMAP with SSH
193
2
8.16 Securing POP/IMAP with SSH and Pine
195
2
8.17 Receiving Mail Without a Visible Server
197
1
8.18 Using an SMTP Server from Arbitrary Clients
198
4
9. Testing and Monitoring
202
81
9.1 Testing Login Passwords (John the Ripper)
203
2
9.2 Testing Login Passwords (CrackLib)
205
1
9.3 Finding Accounts with No Password
206
1
9.4 Finding Superuser Accounts
207
1
9.5 Checking for Suspicious Account Use
207
2
9.6 Checking for Suspicious Account Use, Multiple Systems
209
2
9.7 Testing Your Search Path
211
1
9.8 Searching Filesystems Effectively
212
3
9.9 Finding setuid (or setgid) Programs
215
2
9.10 Securing Device Special Files
217
1
9.11 Finding Writable Files
218
1
9.12 Looking for Rootkits
219
1
9.13 Testing for Open Ports
220
6
9.14 Examining Local Network Activities
226
5
9.15 Tracing Processes
231
2
9.16 Observing Network Traffic
233
5
9.17 Observing Network Traffic (GUI)
238
2
9.18 Searching for Strings in Network Traffic
240
3
9.19 Detecting Insecure Network Protocols
243
4
9.20 Getting Started with Snort
247
1
9.21 Packet Sniffing with Snort
248
2
9.22 Detecting Intrusions with Snort
250
2
9.23 Decoding Snort Alert Messages
252
1
9.24 Logging with Snort
253
2
9.25 Partitioning Snort Logs Into Separate Files
255
1
9.26 Upgrading and Tuning Snort's Ruleset
256
1
9.27 Directing System Messages to Log Files (syslog)
257
4
9.28 Testing a syslog Configuration
261
1
9.29 Logging Remotely
262
1
9.30 Rotating Log Files
263
1
9.31 Sending Messages to the System Logger
264
1
9.32 Writing Log Entries via Shell Scripts
265
2
9.33 Writing Log Entries via Peri
267
1
9.34 Writing Log Entries via C
268
1
9.35 Combining Log Files
269
2
9.36 Summarizing Your Logs with logwatch
271
1
9.37 Defining a logwatch Filter
272
1
9.38 Monitoring All Executed Commands
273
2
9.39 Displaying All Executed Commands
275
3
9.40 Parsing the Process Accounting Log
278
1
9.41 Recovering from a Hack
279
1
9.42 Filing an Incident Report
280
3
Index
283