Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Title Page Copyright and Credits
Mastering Linux Security and Hardening
Packt Upsell
Why subscribe? PacktPub.com
Contributors
About the author About the reviewer Packt is searching for authors like you
Preface
Who this book is for What this book covers To get the most out of this book
Download the color images Conventions used
Get in touch
Reviews
Running Linux in a Virtual Environment
The threat landscape
So, how does this happen?
Keeping up with security news Introduction to VirtualBox and Cygwin
Installing a virtual machine in VirtualBox The EPEL repository on the CentOS virtual machine Configuring a network for VirtualBox virtual machines Creating a virtual machine snapshot with VirtualBox
Using Cygwin to connect to your virtual machines
Installing Cygwin on your Windows host
Summary
Securing User Accounts
The dangers of logging in as the root user The advantages of using sudo Setting up sudo privileges for full administrative users
Method 1 – adding users to a predefined admin group Method 2 – creating an entry in the sudo policy file
Setting up sudo for users with only certain delegated privileges
Hands-on lab for assigning limited sudo privileges
Advanced tips and tricks for using sudo
The sudo timer
Hands-on lab for disabling the sudo timer
Preventing users from having root shell access Preventing users from using shell escapes Preventing users from using other dangerous programs Limiting the user's actions with commands Letting users run as other users
Locking down users' home directories the Red Hat or CentOS way Locking down users' home directories the Debian/Ubuntu way
useradd on Debian/Ubuntu adduser on Debian/Ubuntu
Hands-on lab for configuring adduser
Enforcing strong password criteria
Installing and configuring pwquality
Hands-on lab for setting password complexity criteria
Setting and enforcing password and account expiration
Configuring default expiry data for useradd – for Red Hat or CentOS only Setting expiry data on a per-account basis, with useradd and usermod Setting expiry data on a per-account basis, with chage
Hands-on lab for setting account and password expiry data
Preventing brute-force password attacks
Configuring the pam_tally2 PAM module
Hands-on lab for configuring pam_tally2
Locking user accounts
Using usermod to lock a user account Using passwd to lock user accounts Locking the root user account
Setting up security banners
Using the motd file Using the issue file Using the issue.net file
Summary
Securing Your Server with a Firewall
An overview of iptables
Basic usage of iptables
Hands-on lab for basic iptables usage
Uncomplicated Firewall for Ubuntu systems
Basic usage of ufw
Hands-on lab for basic ufw usage
firewalld for Red Hat systems
Verifying the status of firewalld firewalld zones firewalld services Adding ports to a firewalld zone firewalld rich language rules
Hands-on lab for firewalld commands
nftables – a more universal type of firewall system
nftables tables and chains Getting started with nftables Using nft commands
Hands-on lab for nftables on Ubuntu
Summary
Encrypting and SSH Hardening
GNU Privacy Guard
Creating your GPG keys Symmetrically encrypting your own files
Hands-on lab – combining gpg and tar for encrypted backups
Using private and public keys for asymmetric encryption and signing Signing a file without encryption
Encrypting partitions with Linux Unified Key Setup – LUKS
Disk encryption during operating system installation Adding an encrypted partition with LUKS Configuring the LUKS partition to mount automatically
Encrypting directories with eCryptfs
Home directory and disk encryption during Ubuntu installation Encrypting a home directory for a new user account Creating a private directory within an existing home directory Encrypting other directories with eCryptfs Encrypting the swap partition with eCryptfs
Using VeraCrypt for cross-platform sharing of encrypted containers
Getting and installing VeraCrypt Creating and mounting a VeraCrypt volume in console mode Using VeraCrypt in GUI mode
Ensuring that SSH protocol 1 is disabled Creating and managing keys for password-less logins
Creating a user's SSH key set Transferring the public key to the remote server
Disabling root user login Disabling username/password logins Setting up a chroot environment for SFTP users
Creating a group and configuring the sshd_config file
Hands-on lab – setting up a chroot directory for sftpusers group
Summary
Mastering Discretionary Access Control
Using chown to change ownership of files and directories Using chmod to set permissions values on files and directories
Setting permissions with the symbolic method Setting permissions with the numerical method
Using SUID and SGID on regular files The security implications of the SUID and SGID permissions
Finding spurious SUID or SGID files
Hands-on lab – searching for SUID and SGID files
Preventing SUID and SGID usage on a partition
Using extended file attributes to protect sensitive files
Setting the a attribute Setting the i attribute
Hands-on lab – setting security-related extended file attributes
Summary
Access Control Lists and Shared Directory Management
Creating an access control list for either a user or a group Creating an inherited access control list for a directory Removing a specific permission by using an ACL mask Using the tar --acls option to prevent the loss of ACLs during a backup Creating a user group and adding members to it
Adding members as we create their user accounts Using usermod to add an existing user to a group Adding users to a group by editing the /etc/group file
Creating a shared directory Setting the SGID bit and the sticky bit on the shared directory Using ACLs to access files in the shared directory
Setting the permissions and creating the ACL Charlie tries to access Vicky's file with an ACL set for Cleopatra
Hands-on lab – creating a shared group directory
Summary
Implementing Mandatory Access Control with SELinux and AppArmor
How SELinux can benefit a systems administrator Setting security contexts for files and directories
Installing the SELinux tools Creating web content files with SELinux enabled Fixing an incorrect SELinux context
Using chcon Using restorecon Using semanage Hands-on lab – SELinux type enforcement
Troubleshooting with setroubleshoot
Viewing setroubleshoot messages Using the graphical setroubleshoot utility Troubleshooting in permissive mode
Working with SELinux policies
Viewing the Booleans Configuring the Booleans Protecting your web server Protecting network ports Creating custom policy modules
Hands-on lab – SELinux Booleans and ports
How AppArmor can benefit a systems administrator Looking at AppArmor profiles Working with AppArmor command-line utilities Troubleshooting AppArmor problems Summary
Scanning, Auditing, and Hardening
Installing and updating ClamAV and maldet
Installing ClamAV and maldet Configuring maldet Updating ClamAV and maldet
Scanning with ClamAV and maldet SELinux considerations Scanning for rootkits with Rootkit Hunter
Installing and updating Rootkit Hunter Scanning for rootkits
Controlling the auditd daemon Creating audit rules
Auditing a file for changes Auditing a directory Auditing system calls
Using ausearch and aureport
Searching for file change alerts Searching for directory access rule violations Searching for system call rule violations Generating authentication reports Using predefined rules sets
Applying OpenSCAP policies with oscap
Installing OpenSCAP Viewing the profile files Scanning the system Remediating the system
Using SCAP Workbench More about OpenSCAP profiles Applying an OpenSCAP profile during system installation Summary
Vulnerability Scanning and Intrusion Detection
Looking at Snort and Security Onion
Obtaining and installing Snort Graphical interfaces for Snort Getting Snort in prebuilt appliances Using Security Onion
Scanning and hardening with Lynis
Installing Lynis on Red Hat/CentOS Installing Lynis on Ubuntu Scanning with Lynis
Finding vulnerabilities with OpenVAS Web server scanning with Nikto
Nikto in Kali Linux Installing and updating Nikto on Linux Scanning a web server with Nikto
Summary
Security Tips and Tricks for the Busy Bee
Auditing system services
Auditing system services with systemctl Auditing network services with netstat Auditing network services with Nmap
Port states Scan types
Password-protecting the GRUB 2 bootloader
Resetting the password for Red Hat/CentOS Resetting the password for Ubuntu Preventing kernel parameter edits on Red Hat/CentOS Preventing kernel parameter edits on Ubuntu Password-protecting boot options
Disabling the submenu for Ubuntu Password-protecting boot option steps for both Ubuntu and Red Hat
Securely configuring BIOS/UEFI Using a security checklist for system setup Summary
Other Books You May Enjoy
Leave a review – let other readers know what you think
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion