Book Image

Practical Linux Security Cookbook

By : Michael A Lindner, Tajinder Kalsi
Book Image

Practical Linux Security Cookbook

By: Michael A Lindner, Tajinder Kalsi

Overview of this book

With the growing popularity of Linux, more and more administrators have started moving to the system to create networks or servers for any task. This also makes Linux the first choice for any attacker now. Due to the lack of information about security-related attacks, administrators now face issues in dealing with these attackers as quickly as possible. Learning about the different types of Linux security will help create a more secure Linux system. Whether you are new to Linux administration or experienced, this book will provide you with the skills to make systems more secure. With lots of step-by-step recipes, the book starts by introducing you to various threats to Linux systems. You then get to walk through customizing the Linux kernel and securing local files. Next you will move on to manage user authentication locally and remotely and also mitigate network attacks. Finally, you will learn to patch bash vulnerability and monitor system logs for security. With several screenshots in each example, the book will supply a great learning experience and help you create more secure Linux systems.

Related Content you might be interested in

Current Title:

Small book image
Practical Linux Security Cookbook
Michael A Lindner | Tajinder Kalsi
Apr, 2016 | 276 pages
No titles found
Table of Contents (17 chapters)
Practical Linux Security Cookbook
Practical Linux Security Cookbook
Credits
Credits
About the Author
About the Author
About the Reviewer
About the Reviewer
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Linux Security Problems
Linux Security Problems
Introduction
The security policy of Linux
Configuring password protection
Configuring server security
Security controls
Conducting integrity checks of the installation medium using checksum
Using the LUKS disk encryption
Making use of sudoers – configuring sudo access
Scanning hosts with Nmap
Gaining a root on a vulnerable Linux system
2
Configuring a Secure and Optimized Kernel
Configuring a Secure and Optimized Kernel
Introduction
Requirements for building and using a kernel
Creating a USB boot media
Retrieving a kernel source
Configuring and building a kernel
Installing and booting from a kernel
Testing and debugging a kernel
Configuring a console for debugging using Netconsole
Debugging a kernel on boot
3
Local Filesystem Security
Local Filesystem Security
Viewing file and directory details using the ls command
Changing the file permissions using the chmod command
Implementing access control list (ACL)
File handling using the mv command (moving and renaming)
Install and configure a basic LDAP server on Ubuntu
4
Local Authentication in Linux
Local Authentication in Linux
User authentication and logging
Limiting the login capabilities of users
Monitoring user activity using acct
Login authentication using a USB device and PAM
Defining user authorization controls
5
Remote Authentication
Remote Authentication
Remote server/host access using SSH
Disabling or enabling SSH root login
Restricting remote access with key-based login into SSH
Copying files remotely
Setting up a Kerberos server with Ubuntu
6
Network Security
Network Security
Managing the TCP/IP network
Using Iptables to configure a firewall
Blocking spoofed addresses
Blocking incoming traffic
Configuring and using the TCP Wrapper
7
Security Tools
Security Tools
Linux sXID
PortSentry
Using Squid proxy
OpenSSL Server
Tripwire
Shorewall
8
Linux Security Distros
Linux Security Distros
Kali Linux
pfSense
DEFT – Digital Evidence and Forensic Toolkit
NST – Network Security Toolkit
Helix
9
Patching a Bash Vulnerability
Patching a Bash Vulnerability
Understanding the bash vulnerability through Shellshock
Shellshock's security issues
The patch management system
Applying patches on the Linux systems
10
Security Monitoring and Logging
Security Monitoring and Logging
Viewing and managing log files using Logcheck
Monitoring a network using Nmap
Using glances for system monitoring
Monitoring logs using MultiTail
Using system tools – Whowatch
Using system tools – stat
Using system tools – lsof
Using system tools – strace
Using Lynis
Index
Index

Making use of sudoers – configuring sudo access

Whenever the system administrator wants to provide trusted users administrative access to the system without sharing the password of the root user, they can do so using the sudo mechanism.

Once the user is given access using the sudo mechanism, they can execute any administrative command by preceding it with sudo. Then, the user will be asked to enter their own password. After this, the administrative command will be executed in the same way as run by the root user.

Getting ready

As the file for the configuration is predefined and the commands used are inbuilt, nothing extra needs to be configured before starting these steps.

How to do it…

  1. We will first create a normal account and then give it sudo access. Once done, we will be able to use the sudo command from the new account and then execute the administrative commands. Follow the steps given to configure the sudo access. Firstly, use the root account to login to the system. Then, create a user account using the useradd command, as shown in the following figure:

    Replace USERNAME with any name of your choice in the preceding command.

  2. Now, using the passwd command, set a password for the new user account.

  3. Edit the /etc/sudoers file by running visudo. The policies applied when using the sudo command are defined by the /etc/sudoers file.

  4. Once the file is open in the editor, search for the following lines, which allow sudo access to the users in the test group:

  5. We can enable the given configuration by deleting the comment character (#) at the beginning of the second line. Once the changes are made, save the file and exit from the editor. Now, using the usermod command, add the previously created user to the test group.

  6. We need to check whether the configuration shown in the preceding screenshot allows the new user account to run commands using sudo.

  7. To switch to the newly created user account, use the su option.

  8. Now, use the groups command to confirm the presence of the user account in the test group.

    Finally, run the whoami command with sudo from the new account. As we have executed a command that uses sudo for the first time, using this new user account, the default banner message will be displayed for the sudo command. The screen will also ask for the user account password to be entered.

  9. The last line of the preceding output is the username returned by the whoami command. If sudo is configured correctly, this value will be root.

You have successfully configured a user with sudo access. You can now log in to this user account and use sudo to run commands the same way as you would from the root user.

How it works…

When we create a new account, it does not have permission to run administrator commands. However, after editing the /etc/sudoers file and making an appropriate entry to grant sudo access to the new user account, we can start using the new user account to run all the administrator commands.

There's more…

Here is an extra measure that you can take to ensure total security.

Vulnerability assessment

A vulnerability assessment is the process of auditing our network and system security through which we can know about the confidentiality, integrity, and availability of our network. The first phase in the vulnerability assessment is reconnaissance, and this further leads to the phase of system readiness in which we mainly check for all known vulnerabilities in the target. The next phase is reporting, where we group all the vulnerabilities found into categories of low, medium, and high risk.

Previous Section
End of Section 9
Next Section