Title:
Linux system security : an administrator's guide to open source security tools
Personal Author:
Publication Information:
Upper Saddle River, N.J. : Prentice Hall, 2000
ISBN:
9780130158079
Added Author:
Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
|---|---|---|---|---|---|
Searching... | 30000004902965 | QA76.76.O63 M354 2000 | Open Access Book | Book | Searching... |
Searching... | 30000004902957 | QA76.76.O63 M354 2000 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
-- One of the first Linux security books to cover Bastille, a program which tightens system security and can even lock down the entire system in cases where the system is seriously compromised.-- New chapter on network sniffers and port scanners used to detect intruders.-- Updated for Redhat 7.2.As more companies are moving to Linux for mission-critical applications, security becomes a major issue. This guide explains the pros and cons of the most the valuable open source security tools and is complete with implementation details. It gives detailed instructions on the implementation, configuration, and use of publicly available tools and features of Linux as they relate to Linux security. Essential background information is provided in the book's introductory chapters. Administrators will learn to: Prepare Linux systems for a production environment; Identify vulnerabilities, and planning for security administration; Configure Linux-based firewalls, authentication, and encryption; Secure filesystems, email, web servers, and other key applications; Protect mixed Linux/Unix and Windows environments. New to this Edition: Updated for Redhat 7.2; One of the first Linux security books to cover Bastille, a hardening program which tightens system security and can even lock down the entire system in cases where the system is seriously compromised; New chapter on network sniffers and port scanners used to detect intruders; Will Cover Open SSH - the new open sour
Author Notes
Scott Mann currently works for SGI, specializing in Linux systems. Previously, he was an independent consultant providing system, network, and security administration services and education.
Ellen L. Mitchell is a network analyst at Texas AandM University, responsible for campus network security, development, and administration. A consultant specializing in UNIX and network security, she currently maintains the tiger UNIX security package.
Table of Contents
| Figures | p. xix |
| Examples | p. xxi |
| Tables | p. xxix |
| Preface | p. xxxiii |
| Chapter 1 Vulnerability Survey | p. 1 |
| What Happened? | p. 2 |
| Other Cracker Activities | p. 3 |
| So, Are You Going to Show Us How to Break into Systems? | p. 3 |
| A Survey of Vulnerabilities and Attacks | p. 4 |
| Technical | p. 4 |
| Social | p. 6 |
| Physical | p. 6 |
| Chapter 2 Security Policies | p. 11 |
| What Is Computer and Network Security? | p. 13 |
| Elements of a Computing Environment | p. 13 |
| Risk Analysis | p. 14 |
| The Security Policy | p. 14 |
| Securing Computers and Networks | p. 15 |
| User Privacy and Administrator Ethics | p. 18 |
| Chapter 3 Background Information | p. 21 |
| BIOS Passwords | p. 22 |
| Linux Installation and LILO | p. 22 |
| A Note about LILO | p. 22 |
| Recovering a Corrupt System | p. 24 |
| Installation and LILO Resources | p. 24 |
| Start-Up Scripts | p. 24 |
| Red Hat Package Manager | p. 26 |
| Verifying Packages with RPM | p. 26 |
| Checking PGP Signatures with RPM | p. 27 |
| RPM Resources | p. 28 |
| RPM Mailing List | p. 28 |
| TCP/IP Networking Overview | p. 28 |
| The TCP/IP Model Layers | p. 30 |
| Remote Procedure Call Applications | p. 36 |
| Trusted Host Files and Related Commands | p. 36 |
| Some Major Applications | p. 37 |
| Network Monitoring | p. 38 |
| General TCP/IP Networking Resources | p. 39 |
| NFS, Samba, NIS, and DNS Resources | p. 40 |
| Request for Comment | p. 40 |
| Cryptography | p. 41 |
| The Purpose of Cryptography | p. 41 |
| Algorithm Types | p. 42 |
| Hash Functions and Digital Signatures | p. 44 |
| Passwords Aren't Encrypted, They're Hashed! | p. 45 |
| An Overview of PGP | p. 45 |
| Cryptography References | p. 47 |
| Testing and Production Environments | p. 47 |
| Security Archives | p. 47 |
| Software Testing | p. 48 |
| Source Code Auditing | p. 48 |
| Pristine Backups | p. 49 |
| Security Resources | p. 49 |
| Licenses | p. 50 |
| Chapter 4 Users, Permissions, and Filesystems | p. 57 |
| User Account Management | p. 57 |
| Good Passwords | p. 58 |
| All Accounts Must Have Passwords! Or Be Locked! | p. 59 |
| Password Aging and the Shadow File | p. 61 |
| Restricted Accounts | p. 64 |
| Shell History | p. 66 |
| The Root Account | p. 66 |
| Using the Root Account | p. 66 |
| Multiple root Users | p. 67 |
| Minimizing the Impact of root Compromise | p. 68 |
| Configuring /etc/securetty | p. 68 |
| Group Account Management | p. 69 |
| File and Directory Permissions | p. 70 |
| User File and Directory Permissions | p. 71 |
| System File and Directory Permissions | p. 73 |
| SUID and SGID | p. 74 |
| File Attributes | p. 75 |
| Using xlock and xscreensaver | p. 77 |
| Filesystem Restrictions | p. 78 |
| Chapter 5 Pluggable Authentication Modules | p. 81 |
| PAM Overview | p. 82 |
| PAM Configuration | p. 83 |
| PAM Administration | p. 86 |
| PAM and Passwords | p. 86 |
| PAM and Passwords Summary | p. 92 |
| PAM and login | p. 93 |
| Time and Resource Limits | p. 95 |
| Access Control with pam_listfile | p. 100 |
| PAM and su | p. 103 |
| Using pam_access | p. 104 |
| Using pam_lastlog | p. 105 |
| Using pam_rhosts_auth | p. 106 |
| One-Time Password Support | p. 108 |
| PAM and the other Configuration File | p. 108 |
| Additional PAM Options | p. 109 |
| PAM Logs | p. 109 |
| Available PAM Modules | p. 109 |
| PAM-Aware Applications | p. 112 |
| Important Notes about Configuring PAM | p. 112 |
| The Future of PAM | p. 114 |
| Chapter 6 One-Time Passwords | p. 117 |
| The Purpose of One-Time Passwords | p. 118 |
| S/Key | p. 118 |
| S/Key OTP Overview | p. 119 |
| S/Key Version 1.1b | p. 121 |
| S/Key Version 2.2 | p. 132 |
| OPIE | p. 132 |
| Obtaining and Installing OPIE | p. 133 |
| Implementing and Using OPIE | p. 139 |
| OPIE and PAM | p. 143 |
| Obtaining and Installing pam_opie | p. 143 |
| Obtaining and Installing pam_if | p. 144 |
| Implementing pam_opie and pam_if | p. 144 |
| Which OTP System Should I Use? | p. 147 |
| Advantages and Disadvantages of S/Key | p. 147 |
| Advantages and Disadvantages of OPIE | p. 147 |
| S/Key and OPIE Vulnerabilities | p. 147 |
| Chapter 7 System Accounting | p. 149 |
| General System Accounting | p. 149 |
| Connection Accounting | p. 150 |
| The last Command | p. 151 |
| The who Command | p. 152 |
| One Other Command | p. 153 |
| Process Accounting | p. 153 |
| The sa Command | p. 154 |
| The lastcomm Command | p. 155 |
| Accounting Files | p. 156 |
| Chapter 8 System Logging | p. 159 |
| The syslog System Logging Utility | p. 159 |
| Overview | p. 160 |
| The /etc/syslog.conf File | p. 160 |
| Invoking the syslogd Daemon | p. 164 |
| Configuring /etc/syslog.conf | p. 164 |
| The klogd Daemon | p. 170 |
| Other Logs | p. 170 |
| Alternatives to syslog | p. 171 |
| The auditd Utility | p. 171 |
| Chapter 9 Superuser Do (sudo) | p. 173 |
| What Is sudo? | p. 173 |
| Obtaining and Implementing sudo | p. 174 |
| Features of Version 1.5.9p4 | p. 174 |
| Implementing Version 1.5.9p4 | p. 175 |
| Using sudo | p. 178 |
| The Functionality of sudo | p. 178 |
| The /etc/sudoers File | p. 178 |
| General Syntax of /etc/sudoers | p. 181 |
| The visudo Command | p. 184 |
| Options to the sudo Command | p. 184 |
| A More Sophisticated Example | p. 185 |
| Setting Up sudo Logging | p. 188 |
| Reading sudo Logs | p. 188 |
| PAM and sudo | p. 189 |
| Disabling root Access | p. 190 |
| Vulnerabilities of sudo | p. 191 |
| Chapter 10 Securing Network Services: TCP_wrappers, portmap, and xinetd | p. 193 |
| TCP_Wrappers | p. 194 |
| Building TCP_Wrappers | p. 196 |
| Access Control with TCP_Wrappers | p. 202 |
| TCP_Wrappers Utility Programs | p. 216 |
| TCP_Wrappers Vulnerabilities | p. 218 |
| The Portmapper | p. 218 |
| Building the Portmapper | p. 219 |
| Implementing Portmapper Access Control | p. 223 |
| The portmap Log Entries | p. 224 |
| Gracefully Terminating and Recovering the Portmapper | p. 224 |
| Portmapper Vulnerabilities | p. 226 |
| Unwrapped Services | p. 226 |
| Replacing inetd with xinetd | p. 226 |
| Advantages of xinetd | p. 227 |
| Disadvantages of xinetd | p. 228 |
| Obtaining xinetd | p. 228 |
| Building xinetd | p. 229 |
| The xinetd Configuration File | p. 232 |
| The xinetd Daemon | p. 250 |
| Which One Should I Use? | p. 252 |
| Chapter 11 The Secure Shell | p. 257 |
| Overview of SSH | p. 257 |
| Host-Based Authentication Using RSA | p. 257 |
| Authenticating the User | p. 259 |
| Available Versions of SSH | p. 263 |
| Obtaining and Installing SSH | p. 264 |
| Compiling SSH | p. 265 |
| Configuring the Secure Shell | p. 267 |
| Configuring the Server Side | p. 269 |
| Configuring the Client Side | p. 275 |
| Using SSH | p. 282 |
| Configuring SSH Authentication Behavior | p. 282 |
| sshd Missing in Action | p. 282 |
| Authentication Flow of Events | p. 283 |
| Nonpassword Authentication | p. 289 |
| Password-Based Authentication | p. 304 |
| Exploring ssh Functionality | p. 304 |
| ssh Examples | p. 304 |
| scp Examples | p. 306 |
| Port Forwarding and Application Proxying | p. 307 |
| Secure Shell Alternatives | p. 310 |
| Chapter 12 Crack | p. 313 |
| Obtaining Crack | p. 314 |
| Major Components of Crack | p. 314 |
| Crack Overview | p. 315 |
| Building Crack | p. 318 |
| Modifying Crack for Linux | p. 318 |
| Modifying Crack for MD5 | p. 319 |
| Modifying Crack for Bigcrypt | p. 319 |
| Preparing Crack for crypt (3) | p. 320 |
| Compiling and Linking Crack | p. 320 |
| Compiling Crack Itself | p. 320 |
| Crack Dictionaries | p. 321 |
| Obtaining Other Crack Dictionaries | p. 323 |
| Using Crack | p. 323 |
| Running Crack | p. 323 |
| Running Crack over the Network | p. 328 |
| Crack 7 | p. 330 |
| Crack Rules | p. 330 |
| What Do We Do about Cracked Passwords? | p. 336 |
| The White Hat Use of Crack | p. 337 |
| Effectively Using Crack | p. 338 |
| Chapter 13 Auditing Your System with tiger | p. 341 |
| Overview of tiger | p. 341 |
| Obtaining tiger | p. 342 |
| Major Components of tiger | p. 342 |
| Overview of tiger Configuration | p. 347 |
| Overview of Run-Time Operation | p. 360 |
| tiger Scripts | p. 361 |
| Installing tiger to Run through cron | p. 368 |
| Which Scripts Should I Run? | p. 370 |
| cronrc for a Development Machine | p. 372 |
| Running Crack from tiger | p. 373 |
| Deciphering tiger Output | p. 373 |
| Troubleshooting tiger | p. 375 |
| Modifying tiger | p. 375 |
| Modifying Scripts | p. 376 |
| Adding New Checks | p. 376 |
| Signatures | p. 377 |
| Recommendations | p. 379 |
| Chapter 14 Tripwire | p. 381 |
| Tripwire Overview | p. 382 |
| Obtaining and Installing Tripwire | p. 383 |
| Tripwire Version 1.2 | p. 383 |
| The Tripwire Configuration File | p. 386 |
| Extending the Configuration File | p. 389 |
| Effectively Building the Tripwire Configuration File | p. 391 |
| Example Configuration File for Red Hat Linux | p. 393 |
| The tripwire Command | p. 395 |
| Tripwire Initialize Mode | p. 396 |
| Effective Tripwire Initialization | p. 397 |
| Storing the Database | p. 398 |
| Routine Tripwire Runs--Compare Mode | p. 399 |
| A Note on Performance | p. 402 |
| Tripwire Update Mode | p. 402 |
| Chapter 15 The Cryptographic and Transparent Cryptographic Filesystems | p. 405 |
| Overview of the Cryptographic File System | p. 405 |
| CFS Flow of Events | p. 406 |
| Obtaining and Installing CFS | p. 406 |
| CFS Administrative Tasks | p. 408 |
| Using CFS | p. 410 |
| Creating and Attaching CFS Directories | p. 410 |
| The CFS Commands and Daemon Detailed | p. 414 |
| Using CFS over NFS | p. 416 |
| Vulnerabilities of CFS | p. 416 |
| Overview of TCFS | p. 416 |
| Obtaining and Installing TCFS | p. 417 |
| The TCFS Client Side | p. 417 |
| The TCFS Server Side | p. 424 |
| Using TCFS | p. 425 |
| Configuring TCFS for Use with PAM | p. 425 |
| TCFS Administrative Tasks | p. 426 |
| Extended Attributes for TCFS | p. 427 |
| Setting up the Encrypted Directory | p. 428 |
| TCFS Groups | p. 429 |
| TCFS Key Management | p. 429 |
| Vulnerabilities of TCFS | p. 430 |
| CFS and TCFS Comparison | p. 431 |
| Securely Deleting Files | p. 431 |
| Alternatives to CFS and TCFS | p. 432 |
| Chapter 16 Packet Filtering with ipchains | p. 435 |
| Packet Filtering | p. 436 |
| Configuring the Kernel for ipchains | p. 437 |
| ipchains Overview | p. 437 |
| Behavior of a Chain | p. 438 |
| Malformed Packets | p. 438 |
| Analysis of an Inbound Packet | p. 438 |
| Analysis of an Outbound Packet | p. 440 |
| The Loopback Interface | p. 440 |
| Custom Chains | p. 440 |
| Introduction to Using ipchains | p. 440 |
| The ipchains Command | p. 441 |
| Some Simple Examples | p. 446 |
| Packet Fragments | p. 457 |
| IP Masquerading | p. 458 |
| Adding Custom Chains | p. 461 |
| ICMP Rules in a Custom Chain | p. 461 |
| Antispoofing Rules | p. 463 |
| Rule Ordering Is Important! | p. 464 |
| Saving and Restoring Rules | p. 465 |
| Rule Writing and Logging Tips | p. 466 |
| Changing Rules | p. 467 |
| ipchains Start-up Scripts | p. 467 |
| Building Your Firewall | p. 469 |
| Simple Internal Network | p. 469 |
| Simple Internal Network Using DHCP | p. 481 |
| ipchains Isn't Just for Firewalls! | p. 484 |
| One More Thing | p. 484 |
| Supplementary Utilities | p. 484 |
| Other Examples | p. 484 |
| Port Forwarding | p. 485 |
| The fwconfig GUI | p. 485 |
| Mason | p. 485 |
| The Network Mapper (nmap) | p. 486 |
| Additional Firewall Software | p. 486 |
| Virtual Private Networks and Encrypted Tunnels | p. 486 |
| The Next Generation | p. 486 |
| Chapter 17 Log File Management | p. 491 |
| General Log File Management | p. 491 |
| logrotate | p. 492 |
| Obtaining and Installing logrotate | p. 492 |
| Configuring logrotate | p. 492 |
| Pulling It All Together | p. 498 |
| swatch | p. 498 |
| Obtaining swatch | p. 499 |
| Installing swatch | p. 500 |
| Configuring and Running swatch | p. 503 |
| logcheck | p. 507 |
| Obtaining logcheck | p. 507 |
| Major Components of logcheck | p. 508 |
| Configuring and Installing logcheck | p. 508 |
| logcheck Output | p. 513 |
| Troubleshooting logcheck | p. 514 |
| Chapter 18 Implementing and Managing Security | p. 515 |
| So, Where Do I Start? | p. 516 |
| Hardening Linux | p. 516 |
| Selecting the Right Tools | p. 523 |
| Reducing the Workload | p. 523 |
| What if My Systems Are Already in the Production Environment? | p. 524 |
| The Internal Network | p. 524 |
| Critical Internal Servers | p. 524 |
| Internal Maintenance | p. 525 |
| Firewalls and the DMZ | p. 525 |
| External Maintenance | p. 526 |
| Break-in Recovery | p. 526 |
| Adding New Software | p. 526 |
| Only through Knowledge | p. 527 |
| Appendix A Keeping Up to Date | p. 529 |
| Appendix B Tools Not Covered | p. 543 |
| Glossary | p. 547 |
| Index | p. 555 |
