7. Security Tools | Practical Linux Security Cookbook

Sign In Start Free Trial

Book Overview & Buying
Table Of Contents

Practical Linux Security Cookbook

By : Tajinder Kalsi

4 (1)

Practical Linux Security Cookbook

4 (1)

By: Tajinder Kalsi

Overview of this book

With the growing popularity of Linux, more and more administrators have started moving to the system to create networks or servers for any task. This also makes Linux the first choice for any attacker now. Due to the lack of information about security-related attacks, administrators now face issues in dealing with these attackers as quickly as possible. Learning about the different types of Linux security will help create a more secure Linux system. Whether you are new to Linux administration or experienced, this book will provide you with the skills to make systems more secure. With lots of step-by-step recipes, the book starts by introducing you to various threats to Linux systems. You then get to walk through customizing the Linux kernel and securing local files. Next you will move on to manage user authentication locally and remotely and also mitigate network attacks. Finally, you will learn to patch bash vulnerability and monitor system logs for security. With several screenshots in each example, the book will supply a great learning experience and help you create more secure Linux systems.

Preface

Preface

What this book covers

What you need for this book

Who this book is for

Sections

Conventions

Reader feedback

Customer support

Free Chapter

1. Linux Security Problems

1. Linux Security Problems

Introduction

The security policy of Linux

Configuring password protection

Configuring server security

Security controls

Conducting integrity checks of the installation medium using checksum

Using the LUKS disk encryption

Making use of sudoers – configuring sudo access

Scanning hosts with Nmap

Gaining a root on a vulnerable Linux system

2. Configuring a Secure and Optimized Kernel

2. Configuring a Secure and Optimized Kernel

Introduction

Requirements for building and using a kernel

Creating a USB boot media

Retrieving a kernel source

Configuring and building a kernel

Installing and booting from a kernel

Testing and debugging a kernel

Configuring a console for debugging using Netconsole

Debugging a kernel on boot

3. Local Filesystem Security

3. Local Filesystem Security

Viewing file and directory details using the ls command

Changing the file permissions using the chmod command

Implementing access control list (ACL)

File handling using the mv command (moving and renaming)

Install and configure a basic LDAP server on Ubuntu

4. Local Authentication in Linux

4. Local Authentication in Linux

User authentication and logging

Limiting the login capabilities of users

Monitoring user activity using acct

Login authentication using a USB device and PAM

Defining user authorization controls

5. Remote Authentication

5. Remote Authentication

Remote server/host access using SSH

Disabling or enabling SSH root login

Restricting remote access with key-based login into SSH

Copying files remotely

Setting up a Kerberos server with Ubuntu

6. Network Security

6. Network Security

Managing the TCP/IP network

Using Iptables to configure a firewall

Blocking spoofed addresses

Blocking incoming traffic

Configuring and using the TCP Wrapper

7. Security Tools

7. Security Tools

Linux sXID

PortSentry

Using Squid proxy

OpenSSL Server

Tripwire

Shorewall

8. Linux Security Distros

8. Linux Security Distros

Kali Linux

pfSense

DEFT – Digital Evidence and Forensic Toolkit

NST – Network Security Toolkit

Helix

9. Patching a Bash Vulnerability

9. Patching a Bash Vulnerability

Understanding the bash vulnerability through Shellshock

Shellshock's security issues

The patch management system

Applying patches on the Linux systems

10. Security Monitoring and Logging

10. Security Monitoring and Logging

Viewing and managing log files using Logcheck

Monitoring a network using Nmap

Using glances for system monitoring

Monitoring logs using MultiTail

Using system tools – Whowatch

Using system tools – stat

Using system tools – lsof

Using system tools – strace

Using Lynis

Index

Index

PortSentry

As a system administrator, one major concern is to protect the system from network intrusions.

This is where PortSentry comes into the picture. It has the ability to detect scans on a host system and react to those scans in the way we choose.

Getting Ready

To demonstrate the implementation and usage of PortSentry, we need two systems on the same network that can ping each other.

Also, we need the Nmap package on one system, which will be used as the client, and on the other system, we will install and configure the PortSentry package.

To install the Nmap package, use the following command:

apt-get install nmap

How to do it?

On the first system, we install the Portsentry package, using the following command:
```
apt-get install portsentry
```
During the installation process a window will open containing some information about Portsentry. Just click OK to continue:
As soon as the installation completes, portsentry starts monitoring on the TCP and UDP ports. We can verify this by checking the file...

CONTINUE READING

83

Tech Concepts

36

Programming languages

73

Tech Tools

Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.

Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.

50+ new titles added per month and exclusive early access to books as they are being written.

Practical Linux Security Cookbook

Search

Your notes and bookmarks