Book Image

Mastering Linux Security and Hardening - Second Edition

By : Donald A. Tevault

Book Image

Mastering Linux Security and Hardening - Second Edition

By: Donald A. Tevault

Overview of this book

From creating networks and servers to automating the entire working environment, Linux has been extremely popular with system administrators for the last couple of decades. However, security has always been a major concern. With limited resources available in the Linux security domain, this book will be an invaluable guide in helping you get your Linux systems properly secured. Complete with in-depth explanations of essential concepts, practical examples, and self-assessment questions, this book begins by helping you set up a practice lab environment and takes you through the core functionalities of securing Linux. You'll practice various Linux hardening techniques and advance to setting up a locked-down Linux server. As you progress, you will also learn how to create user accounts with appropriate privilege levels, protect sensitive data by setting permissions and encryption, and configure a firewall. The book will help you set up mandatory access control, system auditing, security profiles, and kernel hardening, and finally cover best practices and troubleshooting techniques to secure your Linux environment efficiently. By the end of this Linux security book, you will be able to confidently set up a Linux server that will be much harder for malicious actors to compromise.

Preface

Who this book is for

What this book covers

To get the most out of this book

Section 1: Setting up a Secure Linux System

Section 1: Setting up a Secure Linux System

Free Chapter

Running Linux in a Virtual Environment

Running Linux in a Virtual Environment

Looking at the threat landscape

Why do security breaches happen?

Keeping up with security news

Differences between physical, virtual, and cloud setups

Introducing VirtualBox and Cygwin

Keeping the Linux systems updated

Further reading

Securing User Accounts

Securing User Accounts

The dangers of logging in as the root user

The advantages of using sudo

Setting up sudo privileges for full administrative users

Setting up sudo for users with only certain delegated privileges

Advanced tips and tricks for using sudo

Locking down users' home directories the Red Hat or CentOS way

Locking down users' home directories the Debian/Ubuntu way

Enforcing strong password criteria

Setting and enforcing password and account expiration

Configuring default expiry data for useradd for Red Hat or CentOS only

Setting expiry data on a per-account basis with useradd and usermod

Setting expiry data on a per-account basis with chage

Preventing brute-force password attacks

Locking user accounts

Locking the root user account

Setting up security banners

Detecting compromised passwords

Understanding centralized user management

Further reading

Securing Your Server with a Firewall - Part 1

Securing Your Server with a Firewall - Part 1

Technical requirements

An overview of firewalld

An overview of iptables

Uncomplicated firewall for Ubuntu systems

Further reading

Securing Your Server with a Firewall - Part 2

Securing Your Server with a Firewall - Part 2

Technical requirements

nftables – a more universal type of firewall system

firewalld for Red Hat systems

Further reading

Encryption Technologies

Encryption Technologies

GNU Privacy Guard (GPG)

Encrypting partitions with Linux Unified Key Setup (LUKS)

Encrypting directories with eCryptfs

Using VeraCrypt for cross-platform sharing of encrypted containers

OpenSSL and the public key infrastructure

Further reading

SSH Hardening

Ensuring that SSH protocol 1 is disabled

Creating and managing keys for passwordless logins

Disabling root user login

Disabling username/password logins

Configuring Secure Shell with strong encryption algorithms

Setting system-wide encryption policies on RHEL 8/CentOS 8

Configuring more detailed logging

Configuring access control with whitelists and TCP Wrappers

Configuring automatic logouts and security banners

Configuring other miscellaneous security settings

Setting up a chroot environment for SFTP users

Sharing a directory with SSHFS

Remotely connecting from Windows desktops

Further reading

Section 2: Mastering File and Directory Access Control (DAC)

Section 2: Mastering File and Directory Access Control (DAC)

Mastering Discretionary Access Control

Mastering Discretionary Access Control

Using chown to change ownership of files and directories

Using chmod to set permissions on files and directories

Using SUID and SGID on regular files

The security implications of the SUID and SGID permissions

Using extended file attributes to protect sensitive files

Securing system configuration files

Further reading

Access Control Lists and Shared Directory Management

Access Control Lists and Shared Directory Management

Creating an ACL for either a user or a group

Creating an inherited ACL for a directory

Removing a specific permission by using an ACL mask

Using the tar --acls option to prevent the loss of ACLs during a backup

Creating a user group and adding members to it

Creating a shared directory

Setting the SGID bit and the sticky bit on the shared directory

Using ACLs to access files in the shared directory

Further reading

Section 3: Advanced System Hardening Techniques

Section 3: Advanced System Hardening Techniques

Implementing Mandatory Access Control with SELinux and AppArmor

Implementing Mandatory Access Control with SELinux and AppArmor

How SELinux can benefit a systems administrator

Setting security contexts for files and directories

Troubleshooting with setroubleshoot

Working with SELinux policies

How AppArmor can benefit a systems administrator

Looking at AppArmor profiles

Working with AppArmor command-line utilities

Troubleshooting AppArmor problems

Exploiting a system with an evil Docker container

Further reading

Kernel Hardening and Process Isolation

Kernel Hardening and Process Isolation

Understanding the /proc filesystem

Setting kernel parameters with sysctl

Configuring the sysctl.conf file

Understanding process isolation

Further reading

Scanning, Auditing, and Hardening

Scanning, Auditing, and Hardening

Technical requirements

Installing and updating ClamAV and maldet

Scanning with ClamAV and maldet

Scanning for rootkits with Rootkit Hunter

Performing a quick malware analysis with strings and VirusTotal

Understanding the auditd daemon

Using ausearch and aureport

Applying OpenSCAP policies with oscap

Further reading

Logging and Log Security

Logging and Log Security

Understanding the Linux system log files

Understanding rsyslog

Understanding journald

Making things easier with Logwatch

Setting up a remote log server

Further reading

Vulnerability Scanning and Intrusion Detection

Vulnerability Scanning and Intrusion Detection

Introduction to Snort and Security Onion

IPFire and its built-in Intrusion Prevention System (IPS)

Scanning and hardening with Lynis

Finding vulnerabilities with OpenVAS

Web server scanning with Nikto

Further reading

Security Tips and Tricks for the Busy Bee

Security Tips and Tricks for the Busy Bee

Technical requirements

Auditing system services

Password protecting the GRUB 2 bootloader

Securely configuring BIOS/UEFI

Using a security checklist for system setup

Further reading

Assessments

Other Books You May Enjoy

Other Books You May Enjoy

Leave a review – let other readers know what you think

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Configuring more detailed logging

In its default configuration, SSH already creates log entries whenever someone logs in via SSH, SCP, or SFTP. On Debian/Ubuntu systems, the entry is made in the /var/log/auth.log file. On Red Hat/CentOS systems, the entry is made in the /var/log/secure file. Either way, the log entry looks something like this:

Oct  1 15:03:23 donnie-ca sshd[1141]: Accepted password for donnie from 192.168.0.225 port 54422 ssh2

Oct  1 15:03:24 donnie-ca sshd[1141]: pam_unix(sshd:session): session opened for user donnie by (uid=0)

Open the sshd_config man page and scroll down to the LogLevel item. There, you'll see the various settings that provide different levels of detail for logging SSH messages. The levels are as follows:

QUIET
FATAL
ERROR
INFO
VERBOSE
DEBUG or DEBUG1
DEBUG2
DEBUG3

Normally, the only two of these we would care about are INFO and VERBOSE...