Book Image

Mastering Linux Security and Hardening - Second Edition

By : Donald A. Tevault
Book Image

Mastering Linux Security and Hardening - Second Edition

By: Donald A. Tevault

Overview of this book

From creating networks and servers to automating the entire working environment, Linux has been extremely popular with system administrators for the last couple of decades. However, security has always been a major concern. With limited resources available in the Linux security domain, this book will be an invaluable guide in helping you get your Linux systems properly secured. Complete with in-depth explanations of essential concepts, practical examples, and self-assessment questions, this book begins by helping you set up a practice lab environment and takes you through the core functionalities of securing Linux. You'll practice various Linux hardening techniques and advance to setting up a locked-down Linux server. As you progress, you will also learn how to create user accounts with appropriate privilege levels, protect sensitive data by setting permissions and encryption, and configure a firewall. The book will help you set up mandatory access control, system auditing, security profiles, and kernel hardening, and finally cover best practices and troubleshooting techniques to secure your Linux environment efficiently. By the end of this Linux security book, you will be able to confidently set up a Linux server that will be much harder for malicious actors to compromise.
Table of Contents (20 chapters)
1
Section 1: Setting up a Secure Linux System
8
Section 2: Mastering File and Directory Access Control (DAC)
11
Section 3: Advanced System Hardening Techniques

To get the most out of this book

To get the most out of this book, you don't need much. However, the following things would be quite helpful:

  • A working knowledge of basic Linux commands and how to navigate through the Linux filesystem
  • A basic knowledge about tools such as less and grep
  • Familiarity with command-line editing tools, such as vim or nano
  • A basic knowledge of how to control systemd services with systemctl commands

For hardware, you don't need anything fancy. All you need is a machine that's capable of running 64-bit virtual machines. So, you can use any host machine that runs with almost any modern CPU from either Intel or AMD. (The exception to this rule is with Intel Core i3 and Core i5 CPUs. Even though they're 64-bit CPUs, they lack the hardware acceleration that's needed to run 64-bit virtual machines. Ironically, Intel Core 2 CPUs and AMD Opteron CPUs that are much older work just fine.) For memory, I'd recommend at least 8 GB.

You can run any of the three major operating systems on your host machine, because the virtualization software that we'll be using comes in flavors for Windows, macOS, and Linux.

Download the example code files

You can download the example code files for this book from your account at www.packt.com. If you purchased this book elsewhere, you can visit www.packtpub.com/support and register to have the files emailed directly to you.

You can download the code files by following these steps:

  1. Log in or register at www.packt.com.
  2. Select the Support tab.
  3. Click on Code Downloads.
  4. Enter the name of the book in the Search box and follow the onscreen instructions.

Once the file is downloaded, please make sure that you unzip or extract the folder using the latest version of:

  • WinRAR/7-Zip for Windows
  • Zipeg/iZip/UnRarX for Mac
  • 7-Zip/PeaZip for Linux

The code bundle for the book is also hosted on GitHub at https://github.com/PacktPublishing/Mastering-Linux-Security-and-Hardening-Second-Edition. In case there's an update to the code, it will be updated on the existing GitHub repository.

We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!

Download the color images

Conventions used

There are a number of text conventions used throughout this book.

CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "Download the installation .iso files for Ubuntu Server 18.04, CentOS 7, and CentOS 8."

A block of code is set as follows:

//Unattended-Upgrade::Automatic-Reboot "false";
Unattended-Upgrade::Automatic-Reboot "true";

Any command-line input or output is written as follows:

sudo apt update
sudo apt dist-upgrade

Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "Spend some time perusing the Common Vulnerabilities and Exposures database, and you'll soon see why it's so important to keep your systems updated."

Warnings or important notes appear like this.
Tips and tricks appear like this.