Linux Security Administrator's Guide

Dave Wreski, [email protected]

1. Introduction

• 1.1 New Versions of this Document
• 1.2 Feedback
• 1.3 Disclaimer
• 1.4 Copyright Information

2. Overview

• 2.1 Organization of This Document
• 2.2 Host Security
• 2.3 Network Security
• 2.4 Security Through Obscurity
• 2.5 Why Do We Need Security?
• 2.6 How Vulnerable Are We?
• 2.7 How Secure Is Secure?
• 2.8 What Are You Trying to Protect?
• 2.9 Developing A Security Policy
• 2.10 Means of Securing Your Site
• 2.11 Temporary Changes

3. Network Security

• 3.1 Windows Networking
• 3.2 Identify Gateway Machines
• 3.3 Network Monitoring
• 3.4 Network Configuration Files
• 3.5 Check for Poor Topology Configuration
• 3.6 Disable Unnecessary and Unauthorized Services
• 3.7 Monitoring Network Services with TCP Wrappers
• 3.8 Running Services in a chroot Environment
• 3.9 Domain Name Service (DNS) Security
• 3.10 Network File System (NFS) Security
• 3.11 Network Information Service (NIS)
• 3.12 File Transport Protocol (FTP)
• 3.13 Simple Mail Transport Protocol (SMTP)

4. Host Security

• 4.1 Delete Unnecessary Packages
• 4.2 Default System Configuration
• 4.3 Make a Full Backup of Your Machine
• 4.4 Backup Your Red Hat or Debian File Database
• 4.5 Make Use of Your System Accounting Data
• 4.6 Apply All New System Updates
• 4.7 Creating New Accounts
• 4.8 Root Security
• 4.9 Workstations and DialUp Security
• 4.10 X11, SVGA and display security
• 4.11 identd

5. User, System, and Process Accounting

• 5.1 Using Syslog
• 5.2 Using User Accounting
• 5.3 Using Process Accounting
• 5.4 Managing User Accounts

6. Physical Security

• 6.1 Computer Locks
• 6.2 BIOS Security
• 6.3 Boot Loader Security
• 6.4 xlock and vlock

7. Intrusion Detection

• 7.1 What is Intrusion Detection?
• 7.2 General Indications of Intrusion
• 7.3 General Methods for Detecting Intrusions
• 7.4 Intrusion Detection Tools
• 7.5 Integrity Checking
• 7.6 Using tripwire
• 7.7 Using The Red Hat Package Mangaer
• 7.8 File System Guidelines
• 7.9 Physical Intrusion Detection
• 7.10 Packet Sniffers

8. Files and File System Security

• 8.1 File Permissions and Ownership
• 8.2 Directory Permissions and Ownership
• 8.3 Changing File and Directory Permissions
• 8.4 Changing File Ownership
• 8.5 Changing Group Ownership
• 8.6 Umask Settings
• 8.7 Monitoring Files with Special Permissions
• 8.8 General Guidelines

9. Data Encryption, Cryptography and Authentication

• 9.1 Password Security
• 9.2 PGP and Public Key Cryptography
• 9.3 SSL, S-HTTP, HTTPS and S/MIME
• 9.4 IPSec and S/WAN and other IP Encryption Implementations
• 9.5 The Secure Shell and Secure Telnet
• 9.6 SKIP - Simple Key management for Internet Protocols
• 9.7 PAM - Pluggable Authentication Modules
• 9.8 Cryptographic IP Encapsulation (CIPE)
• 9.9 Kerberos
• 9.10 Shadow Passwords.
• 9.11 Crack and John the Ripper
• 9.12 Cryptography and File Systems

10. Kernel Security

• 10.1 Securing Hosts with Many Users
• 10.2 Securelevel, Capabilities and Linux-Privs
• 10.3 Kernel Compile Options
• 10.4 Kernel Devices

11. Exploits

• 11.1 Worm Attacks
• 11.2 Trojan Horse Programs
• 11.3 Cracking Attacks
• 11.4 Direct Physical Access
• 11.5 Spoofing
• 11.6 Denial of Service Attacks
• 11.7 Program Code Exploits
• 11.8 Misconfigured Services
• 11.9 Known Vulnerabilities
• 11.10 WWW and CGI-BIN attacks

12. Firewalls and Border Patrol

• 12.1 Introduction
• 12.2 General Documentation
• 12.3 The Firewall Toolkit
• 12.4 Packet Filtering and Accounting
• 12.5 Linux Firewall Tools
• 12.6 Proxy Servers
• 12.7 Masquerading and Address Translation

13. Writing Secure Code

• 13.1 Preventing /tmp Exploits
• 13.2 References
• 13.3 Preventing Buffer Overflows

14. Incident Response: Before, During, and After

• 14.1 Preparation
• 14.2 Detection
• 14.3 Containment
• 14.4 Eradication
• 14.5 Restoration
• 14.6 Follow Up
• 14.7 Additional Information

15. Security Sources and Tools

• 15.1 Network Scanners and Auditing Tools
• 15.2 The Art of Port Scanning
• 15.3 Incident Response Contacts
• 15.4 Vendor Information
• 15.5 Mailing Lists
• 15.6 General References
• 15.7 Books - Printed Reading Material (Works Referenced)

16. Glossary

17. Frequently Asked Questions

• 17.1 Is Linux a secure Operating System?
• 17.2 Loadable modules versus compiled kernel?
• 17.3 How can I securely use the Apache Front Page Extensions?
• 17.4 How do I know whether my machine is secure?
• 17.5 What are the arguments for ipfwadm(8)?
• 17.6 Where do I find the most secure version of program XYZ?
• 17.7 Logging in as root from a remote machine always fails.
• 17.8 How do I enable shadow passwords?
• 17.9 How can I enable the Apache SSL extensions?
• 17.10 How can I securely manipulate user accounts?
• 17.11 How can I password protect specific HTML documents?
• 17.12 My Set-User-ID shell script does not work!

18. Conclusion

19. Thanks To