Book Image

Practical Linux Security Cookbook - Second Edition

By : Tajinder Kalsi
Book Image

Practical Linux Security Cookbook - Second Edition

By: Tajinder Kalsi

Overview of this book

Over the last few years, system security has gained a lot of momentum and software professionals are focusing heavily on it. Linux is often treated as a highly secure operating system. However, the reality is that Linux has its share of security ?aws, and these security ?aws allow attackers to get into your system and modify or even destroy your important data. But there’s no need to panic, since there are various mechanisms by which these ?aws can be removed, and this book will help you learn about different types of Linux security to create a more secure Linux system. With a step-by-step recipe approach, the book starts by introducing you to various threats to Linux systems. Then, this book will walk you through customizing the Linux kernel and securing local files. Next, you will move on to managing user authentication both locally and remotely and mitigating network attacks. Later, you will learn about application security and kernel vulnerabilities. You will also learn about patching Bash vulnerability, packet filtering, handling incidents, and monitoring system logs. Finally, you will learn about auditing using system services and performing vulnerability scanning on Linux. By the end of this book, you will be able to secure your Linux systems and create a robust environment.

Related Content you might be interested in

Current Title:

Small book image
Practical Linux Security Cookbook - Second Edition
Tajinder Kalsi
Aug, 2018 | 482 pages
Small book image
Mastering Linux Security and Hardening
Donald A Tevault
Jan, 2018 | 376 pages
Small book image
Mastering Linux Security and Hardening
Donald A Tevault
Feb, 2020 | 666 pages
Small book image
Mastering Linux Security and Hardening
Donald A Tevault
Feb, 2023 | 618 pages
Table of Contents (20 chapters)
Title Page
Title Page
Copyright and Credits
Copyright and Credits
Contributors
Contributors
Packt Upsell
Packt Upsell
Preface
Preface
Free Chapter
1
Linux Security Problem
Linux Security Problem
Security policy
Configuring server security
Security policy – server security
Defining security controls
Checking the integrity of installation medium by using checksum
Using LUKS disk encryption
Make use of sudoers – configuring sudo access
Scanning hosts with Nmap
Gaining root on a vulnerable Linux system
Missing backup plans
2
Configuring a Secure and Optimized Kernel
Configuring a Secure and Optimized Kernel
Creating USB boot media
Retrieving the kernel source
Configuring and building kernel
Installing and booting from a kernel
Kernel testing and debugging
Debugging kernel boot
Kernel errors
Checking kernel parameters using Lynis
3
Local Filesystem Security
Local Filesystem Security
Viewing files and directory details using ls
Using chmod to set permissions on files and directories
Using chown to change ownership of files and directories
Using ACLs to access files
File handling using the mv command (moving and renaming)
Implementing Mandatory Access Control with SELinux
Using extended file attributes to protect sensitive files
Installing and configuring a basic LDAP server on Ubuntu
4
Local Authentication in Linux
Local Authentication in Linux
User authentication and logging
Limiting login capabilities of users
Disabling username/password logins
Monitoring user activity using acct
Login authentication using a USB device and PAM
Defining user authorization controls
Access Management using IDAM
5
Remote Authentication
Remote Authentication
Remote server/host access using SSH
Enabling and disabling root login over SSH
Key-based login into SSH for restricting remote access
Copying files remotely
Setting up a Kerberos server with Ubuntu
Using LDAP for user authentication and management
6
Network Security
Network Security
Managing TCP/IP networks
Using a packet sniffer to monitor network traffic
Using IP tables for configuring a firewall
Blocking spoofed addresses
Blocking incoming traffic
Configuring and using TCP Wrappers
Blocking country-specific traffic using mod_security
Securing network traffic using SSL
7
Security Tools
Security Tools
Linux sXID
Port Sentry
Using Squid proxy
Open SSL server
Tripwire
Shorewall
OSSEC
Snort
Rsync and Grsync – backup tool
8
Linux Security Distros
Linux Security Distros
Kali Linux
pfSense
Digital Evidence and Forensic Toolkit  (DEFT)
Network Security Toolkit (NST)
Security Onion
Tails OS
Qubes OS
9
Bash Vulnerability Patching
Bash Vulnerability Patching
Understanding the Bash vulnerability – Shellshock
Security issues – Shellshock
Linux patch management system
Applying patches in Linux
Other well-known Linux vulnerabilities
10
Security Monitoring and Logging
Security Monitoring and Logging
Viewing and managing log files using Logcheck
Monitoring the network using Nmap
Using Glances for system monitoring
Monitoring logs using MultiTail
Using system tools – whowatch
Using system tools – stat
Using System tools – lsof
Using System tools – strace
Real time IP LAN monitoring using IPTraf
Network security monitoring using Suricata
Network monitoring using OpenNMS
11
Understanding Linux Service Security
Understanding Linux Service Security
Web server – HTTPD
Remote service login – Telnet
Secure remote login – SSH
File transfer security – FTP
Securing Mail Transfer – SMTP
12
Scanning and Auditing Linux
Scanning and Auditing Linux
Installing an antivirus on Linux
Scanning with ClamAV
Finding rootkits
Using the auditd daemon
Using ausearch and aureport to read logs
Auditing system services with systemctl
13
Vulnerability Scanning and Intrusion Detection
Vulnerability Scanning and Intrusion Detection
Network security monitoring using Security Onion
Finding vulnerabilities with OpenVAS
Using Nikto for web server scanning
Hardening using Lynis
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think
Index
Index

Configuring server security

Once a Linux server is created, the immediate next step is to implement security procedures to make sure that any kind of threat should not cause the system to be compromised. A major reason for malicious attacks on Linux servers have been poorly implemented security or existing vulnerabilities. When configuring a server, the security policies need to be implemented properly to create a secure environment that will help prevent your business from getting hacked.

How to do it...

Let us have a look for each and every configuration.

User management

Follow these steps to configure server security:

  1. When a Linux server is created, the first user created by default is always the root user. This root user should be used for initial configuration only.
  2. Once initial configuration is done, this root user should be disabled via SSH. This will make it difficult for any hacker to gain access to your Linux machine.
  3. Further, a secondary user should be created to log in and administer the machine. This user can be allowed sudo permissions if administrative actions need to be performed.

Password policy

Follow these steps to configure server security:

  1. When creating user accounts, ensure the use of strong passwords. If allowed, keep the length of the password to between 12 to 14 characters.
  2. If possible, generate passwords randomly, and include lowercase and uppercase letters, numbers, and symbols.
  3. Avoid using password combinations that could be easily guessed, such as dictionary words, keyboard patterns, usernames, ID numbers, and so on.
  4. Avoid using the same password twice.

Configuration policy

Follow these steps to configure server security:

  1. The operating system on the server should be configured in accordance with the guidelines approved for InfoSec.
  2. Any service or application not being used should be disabled, wherever possible.
  3. Every access to the services and applications on the server should be monitored and logged. It should also be protected through access-control methods. An example of this will be covered in Chapter 3, Local Filesystem Security.
  4. The system should be kept updated and any recent security patches, if available, should be installed as soon as possible
  5. Avoid using the root account as much as possible. It is better to use the security principles that require least access to perform a function.
  1. Any kind of privileged access must be performed over a secure channel connection (SSH) wherever possible.
  2. Access to the server should be in a controlled environment.

Monitoring policy

  1. All security-related actions on server systems must be logged and audit reports should be saved as follows:
  • For a period of one month, all security-related logs should be kept online
  • For a period of one month, the daily backups, as well as the weekly backups should be retained
  • For a minimum of two years, the monthly full backups should be retained
  1. Any event related to security being compromised should be reported to the InfoSec team. They shall then review the logs and report the incident to the IT department.
  2. Some examples of security-related events are as follows:
  • Port-scanning-related attacks
  • Access to privileged accounts without authorization
  • Unusual occurrences due to a particular application on the host

How it works...

Following the policies as given here helps in the base configuration of the internal server that is owned or operated by the organization. Implementing the policy effectively will minimize unauthorized access to any sensitive and proprietary information.

Previous Section
End of Section 3
Next Section