Linux System Security

On Linux security

Computer security is an ongoing process, a relentless contest between system administrators and intruders. A good administrator needs to stay one step ahead of any adversaries, which often involves a continuing process of education. If you're grounded in the basics of security, however, you won't necessarily want a complete treatise on the subject each time you pick up a book. Sometimes you want to get straight to the point. That's exactly what the new Linux Security Cookbook does. Rather than provide a total security solution for Linux computers, the authors present a series of easy-to-follow recipes--short, focused pieces of code that administrators can use to improve security and perform common tasks securely.The Linux Security Cookbook includes real solutions to a wide range of targeted problems, such as sending encrypted email within Emacs, restricting access to network services at particular times of day, firewalling a webserver, preventing IP spoofing, setting up key-based SSH authentication, and much more. With over 150 ready-to-use scripts and configuration files, this unique book helps administrators secure their systems without having to look up specific syntax. The book begins with recipes devised to establish a secure system, then moves on to secure day-to-day practices, and concludes with techniques to help your system stay secure.Some of the "recipes" you'll find in this book are: Controlling access to your system from firewalls down to individual services, using iptables, ipchains, xinetd, inetd, and more Monitoring your network with tcpdump, dsniff, netstat, and other tools Protecting network connections with Secure Shell (SSH) and stunnel Safeguarding email sessions with Secure Sockets Layer (SSL) Encrypting files and email messages with GnuPG Probing your own security with password crackers, nmap, and handy scripts This cookbook's proven techniques are derived from hard-won experience. Whether you're responsible for security on a home Linux system or for a large corporation, or somewhere in between, you'll find valuable, to-the-point, practical recipes for dealing with everyday security issues. This book is a system saver.

A comprehensive guide to securing your Linux system against cyberattacks and intruders Key Features Deliver a system that reduces the risk of being hacked Explore a variety of advanced Linux security techniques with the help of hands-on labs Master the art of securing a Linux environment with this end-to-end practical guide Book DescriptionFrom creating networks and servers to automating the entire working environment, Linux has been extremely popular with system administrators for the last couple of decades. However, security has always been a major concern. With limited resources available in the Linux security domain, this book will be an invaluable guide in helping you get your Linux systems properly secured. Complete with in-depth explanations of essential concepts, practical examples, and self-assessment questions, this book begins by helping you set up a practice lab environment and takes you through the core functionalities of securing Linux. You'll practice various Linux hardening techniques and advance to setting up a locked-down Linux server. As you progress, you will also learn how to create user accounts with appropriate privilege levels, protect sensitive data by setting permissions and encryption, and configure a firewall. The book will help you set up mandatory access control, system auditing, security profiles, and kernel hardening, and finally cover best practices and troubleshooting techniques to secure your Linux environment efficiently. By the end of this Linux security book, you will be able to confidently set up a Linux server that will be much harder for malicious actors to compromise.What you will learn Create locked-down user accounts with strong passwords Configure firewalls with iptables, UFW, nftables, and firewalld Protect your data with different encryption technologies Harden the secure shell service to prevent security break-ins Use mandatory access control to protect against system exploits Harden kernel parameters and set up a kernel-level auditing system Apply OpenSCAP security profiles and set up intrusion detection Configure securely the GRUB 2 bootloader and BIOS/UEFI Who this book is for This book is for Linux administrators, system administrators, and network engineers interested in securing moderate to complex Linux environments. Security consultants looking to enhance their Linux security skills will also find this book useful. Working experience with the Linux command line and package management is necessary to understand the concepts covered in this book.

"The Second Edition of Security Strategies in Linux Platforms and Applications opens with a discussion of risks, threats, and vulnerabilities. Part 2 discusses how to take advantage of the layers of security and the modules associated with AppArmor and SELinux. Part 3 looks at the use of open source and proprietary tools when building a layered sec

Authoritative Answers to All Your Linux Security Questions—Specifically for Linux Administrators This is the most complete, most advanced guide to Linux security you'll find anywhere. Written by a Linux security expert with over a decade of experience, Linux Security teaches you, step-by-step, all the standard and advanced techniques you need to know to keep your Linux environment safe from threats of all kinds. Hundreds of clear, consistent examples illustrate these techniques in detail†so you stay on track and accomplish all your goals. Coverage includes: Understanding information and system security procedures Developing a corporate security policy Designing and deploying an effective system and network monitoring strategy Managing the network services offered by Linux servers Understanding Sendmail security, including authentication and privacy Providing application-level mail security using PGP Designing and deploying an Apache HTTP server, including SSL extensions Securing your Samba server Building a network layer firewall using IPtables and Linux kernel v.2.4 Using the NEC SOCKS5 transport layer firewall Deploying the TIS firewall toolkit Offering secure remote connectivity with IPsec and PPTP VPNs Adding strong user authentication to Linux servers using Kerberos Understanding the Linux Pluggable Authentication Modules (PAM)

Enhance file system security and learn about network attack, security tools and different versions of Linux build. Key Features Hands-on recipes to create and administer a secure Linux system Enhance file system security and local and remote user authentication Use various security tools and different versions of Linux for different tasks Book Description Over the last few years, system security has gained a lot of momentum and software professionals are focusing heavily on it. Linux is often treated as a highly secure operating system. However, the reality is that Linux has its share of security flaws, and these security flaws allow attackers to get into your system and modify or even destroy your important data. But there’s no need to panic, since there are various mechanisms by which these flaws can be removed, and this book will help you learn about different types of Linux security to create a more secure Linux system. With a step-by-step recipe approach, the book starts by introducing you to various threats to Linux systems. Then, this book will walk you through customizing the Linux kernel and securing local files. Next, you will move on to managing user authentication both locally and remotely and mitigating network attacks. Later, you will learn about application security and kernel vulnerabilities. You will also learn about patching Bash vulnerability, packet filtering, handling incidents, and monitoring system logs. Finally, you will learn about auditing using system services and performing vulnerability scanning on Linux. By the end of this book, you will be able to secure your Linux systems and create a robust environment. What you will learn Learn about vulnerabilities and exploits in relation to Linux systems Configure and build a secure kernel and test it Learn about file permissions and how to securely modify files Authenticate users remotely and securely copy files on remote systems Review different network security methods and tools Perform vulnerability scanning on Linux machines using tools Learn about malware scanning and read through logs Who this book is for This book is intended for all those Linux users who already have knowledge of Linux file systems and administration. You should be familiar with basic Linux commands. Understanding information security and its risks to a Linux system is also helpful in understanding the recipes more easily.

There are many objectives and goals to be considered when securing a operating system. When configuring Unix operating system security, consider the critical principles of security known as the confidentiality, integrity, and availability (CIA) triad. In addition to incorporating security controls that relate to the CIA triad, three other security features directly affect CIA and aid the overall site security program: access control, auditing, and backups. Although this chapter covers general Unix considerations, it also addresses several Linux specific items. This chapter is for all Linux variants: file names, directory paths, variable names, and so on, may also have to be taken into consideration. There are numerous versions of Linux, and it would be beyond the scope of this chapter to try to detail them all. All requirements listed within this chapter will pertain to all versions of Linux unless explicitly noted otherwise.

CD-ROM contains: Book chapters in searchable PDF format -- Sample book scripts in text format -- Security tools.