Book Image

Practical Linux Security Cookbook - Second Edition

By : Tajinder Kalsi
Book Image

Practical Linux Security Cookbook - Second Edition

By: Tajinder Kalsi

Overview of this book

Over the last few years, system security has gained a lot of momentum and software professionals are focusing heavily on it. Linux is often treated as a highly secure operating system. However, the reality is that Linux has its share of security ?aws, and these security ?aws allow attackers to get into your system and modify or even destroy your important data. But there’s no need to panic, since there are various mechanisms by which these ?aws can be removed, and this book will help you learn about different types of Linux security to create a more secure Linux system. With a step-by-step recipe approach, the book starts by introducing you to various threats to Linux systems. Then, this book will walk you through customizing the Linux kernel and securing local files. Next, you will move on to managing user authentication both locally and remotely and mitigating network attacks. Later, you will learn about application security and kernel vulnerabilities. You will also learn about patching Bash vulnerability, packet filtering, handling incidents, and monitoring system logs. Finally, you will learn about auditing using system services and performing vulnerability scanning on Linux. By the end of this book, you will be able to secure your Linux systems and create a robust environment.

Related Content you might be interested in

Current Title:

Small book image
Practical Linux Security Cookbook - Second Edition
Tajinder Kalsi
Aug, 2018 | 482 pages
Small book image
Mastering Linux Security and Hardening
Donald A Tevault
Jan, 2018 | 376 pages
Small book image
Mastering Linux Security and Hardening
Donald A Tevault
Feb, 2020 | 666 pages
Small book image
Mastering Linux Security and Hardening
Donald A Tevault
Feb, 2023 | 618 pages
Table of Contents (20 chapters)
Title Page
Title Page
Copyright and Credits
Copyright and Credits
Contributors
Contributors
Packt Upsell
Packt Upsell
Preface
Preface
Free Chapter
1
Linux Security Problem
Linux Security Problem
Security policy
Configuring server security
Security policy – server security
Defining security controls
Checking the integrity of installation medium by using checksum
Using LUKS disk encryption
Make use of sudoers – configuring sudo access
Scanning hosts with Nmap
Gaining root on a vulnerable Linux system
Missing backup plans
2
Configuring a Secure and Optimized Kernel
Configuring a Secure and Optimized Kernel
Creating USB boot media
Retrieving the kernel source
Configuring and building kernel
Installing and booting from a kernel
Kernel testing and debugging
Debugging kernel boot
Kernel errors
Checking kernel parameters using Lynis
3
Local Filesystem Security
Local Filesystem Security
Viewing files and directory details using ls
Using chmod to set permissions on files and directories
Using chown to change ownership of files and directories
Using ACLs to access files
File handling using the mv command (moving and renaming)
Implementing Mandatory Access Control with SELinux
Using extended file attributes to protect sensitive files
Installing and configuring a basic LDAP server on Ubuntu
4
Local Authentication in Linux
Local Authentication in Linux
User authentication and logging
Limiting login capabilities of users
Disabling username/password logins
Monitoring user activity using acct
Login authentication using a USB device and PAM
Defining user authorization controls
Access Management using IDAM
5
Remote Authentication
Remote Authentication
Remote server/host access using SSH
Enabling and disabling root login over SSH
Key-based login into SSH for restricting remote access
Copying files remotely
Setting up a Kerberos server with Ubuntu
Using LDAP for user authentication and management
6
Network Security
Network Security
Managing TCP/IP networks
Using a packet sniffer to monitor network traffic
Using IP tables for configuring a firewall
Blocking spoofed addresses
Blocking incoming traffic
Configuring and using TCP Wrappers
Blocking country-specific traffic using mod_security
Securing network traffic using SSL
7
Security Tools
Security Tools
Linux sXID
Port Sentry
Using Squid proxy
Open SSL server
Tripwire
Shorewall
OSSEC
Snort
Rsync and Grsync – backup tool
8
Linux Security Distros
Linux Security Distros
Kali Linux
pfSense
Digital Evidence and Forensic Toolkit  (DEFT)
Network Security Toolkit (NST)
Security Onion
Tails OS
Qubes OS
9
Bash Vulnerability Patching
Bash Vulnerability Patching
Understanding the Bash vulnerability – Shellshock
Security issues – Shellshock
Linux patch management system
Applying patches in Linux
Other well-known Linux vulnerabilities
10
Security Monitoring and Logging
Security Monitoring and Logging
Viewing and managing log files using Logcheck
Monitoring the network using Nmap
Using Glances for system monitoring
Monitoring logs using MultiTail
Using system tools – whowatch
Using system tools – stat
Using System tools – lsof
Using System tools – strace
Real time IP LAN monitoring using IPTraf
Network security monitoring using Suricata
Network monitoring using OpenNMS
11
Understanding Linux Service Security
Understanding Linux Service Security
Web server – HTTPD
Remote service login – Telnet
Secure remote login – SSH
File transfer security – FTP
Securing Mail Transfer – SMTP
12
Scanning and Auditing Linux
Scanning and Auditing Linux
Installing an antivirus on Linux
Scanning with ClamAV
Finding rootkits
Using the auditd daemon
Using ausearch and aureport to read logs
Auditing system services with systemctl
13
Vulnerability Scanning and Intrusion Detection
Vulnerability Scanning and Intrusion Detection
Network security monitoring using Security Onion
Finding vulnerabilities with OpenVAS
Using Nikto for web server scanning
Hardening using Lynis
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think
Index
Index

Scanning hosts with Nmap

Nmap, which can be used for scanning a network, is one of the most popular tools included in Linux. It has been in existence for many years, and is currently one of the preferred tools for gathering information about a network. Nmap can be used by administrators on their networks to find any open ports and the host systems. When performing vulnerability assessments, Nmap is surely a tool not to be missed.

Getting ready

Most Linux versions come with Nmap installed. The first step is to check whether you already have it by using the following command:

nmap --version

If Nmap exists, you should see output similar to this:

If Nmap is not already installed, you can download and install it from this link: https://nmap.org/download.html.

The following command will quickly install Nmap on your system:

sudo apt-get install nmap

How to do it...

Follow these steps for scanning hosts with Nmap:

  1. The most common use of Nmap is to find all the hosts online within a given IP range. The default command used takes some time to scan the complete network, depending on the number of hosts in the network.
  2. The following screenshot shows an example:
  1. To perform a SYN scan on a particular IP from a subnet, use the following command:
  2. If SYN scan does not work properly, you can also use Stealth scan:
  1. To detect the version number of the services running on the remote host, you can perform Service Version Detection scan as follows:
  2. If you want to detect the operating system running on the remote host, run the following command:
nmap -O 192.168.1.102
  1. The output here has been truncated:
  2. If you wish to scan only for a particular port, such as 80, run the command:

How it works...

Nmap checks for the services that are listening by testing the most common network communication ports. This information helps the network administrator to close all unwanted or unused ports and services. The previous examples show how to use port scanning and Nmap as a powerful tool to study the network around us.

See also

Nmap also has scripting features that we can use to write custom scripts. These scripts can be used with Nmap to automate and extend the scanning capabilities of Nmap.

You can find more information about using Nmap at its official homepage:https://nmap.org/.https://nmap.org/

Previous Section
End of Section 9
Next Section