Book Image

Mastering Linux Security and Hardening - Third Edition

By : Donald A. Tevault
3.7 (7)
Book Image

Mastering Linux Security and Hardening - Third Edition

3.7 (7)
By: Donald A. Tevault

Overview of this book

The third edition of Mastering Linux Security and Hardening is an updated, comprehensive introduction to implementing the latest Linux security measures, using the latest versions of Ubuntu and AlmaLinux. In this new edition, you will learn how to set up a practice lab, create user accounts with appropriate privilege levels, protect sensitive data with permissions settings and encryption, and configure a firewall with the newest firewall technologies. You’ll also explore how to use sudo to set up administrative accounts with only the privileges required to do a specific job, and you’ll get a peek at the new sudo features that have been added over the past couple of years. You’ll also see updated information on how to set up a local certificate authority for both Ubuntu and AlmaLinux, as well as how to automate system auditing. Other important skills that you’ll learn include how to automatically harden systems with OpenSCAP, audit systems with auditd, harden the Linux kernel configuration, protect your systems from malware, and perform vulnerability scans of your systems. As a bonus, you’ll see how to use Security Onion to set up an Intrusion Detection System. By the end of this new edition, you will confidently be able to set up a Linux server that will be secure and harder for malicious actors to compromise.
Table of Contents (22 chapters)
1
Section 1: Setting up a Secure Linux System
9
Section 2: Mastering File and Directory Access Control (DAC)
12
Section 3: Advanced System Hardening Techniques
20
Other Books You May Enjoy
21
Index

Creating different configurations for different hosts

For a change of pace, let’s look at the client’s end now. This time, we’ll look at a handy trick to help ease the pain of logging into different servers that require different keys or SSH options. This also allows you to access servers via easy-to-remember names, rather than having to remember multiple server IP addresses. All you have to do is go into the .ssh directory in your own home directory and create a config file. To demonstrate this, let’s create a configuration that allows us to easily access server1. In the ~/.ssh/config file, we can add a stanza that looks something like this:

Host server1
 Hostname 192.168.0.8
 User donnie
 IdentityFile ~/.ssh/server1_id_rsa
 IdentitiesOnly yes
 ForwardX11 yes
 Cipher [email protected]

Here’s the breakdown:

  • Host: This is the common name that you can use in your login command.
  • Hostname: For this, use either the IP address...