Linux security

Hontanol, Ramon J. ;

Linux security - New Delhi : BPB Publications, ©2001. - xxvii, 482 p. :

Included Index.

Part 1 System Security 1 --
Chapter 1 Understanding Linux Security 3 --
An Information Security Primer 4 --
Process of Information Security 8 --
Goals of Information Security 13 --
Data Confidentiality 13 --
Data Integrity 14 --
User Authentication and Access Control 15 --
Data and Service Availability 16 --
Linux Security 17 --
Types of Attackers 17 --
Common Attacks against Linux Servers 18 --
Layered Approach to Information Security 25 --
Physical Security 26 --
System Security 27 --
Network Security 27 --
Application Security 27 --
Perimeter Security 27 --
Remote Access and Authentication 28 --
Human Security 28 --
Chapter 2 System Installation and Setup 31 --
Choosing a Linux Distribution 32 --
Red Hat 33 --
Caldera 33 --
SuSE 34 --
Turbolinux 35 --
Debian 36 --
And the Winner Is ... 37 --
Building a Secure Kernel 38 --
User Account Security 41 --
Good Passwords 44 --
Shadow Passwords 45 --
Sudo Utility 47 --
File and Directory Permissions 50 --
suid and sgid 51 --
Umask setting 53 --
Limiting Core Dump Size 54 --
syslog Security 55 --
Filesystem Encryption 55 --
Cryptographic File System 56 --
Practical Privacy Disk Driver 58 --
Chapter 3 System Monitoring and Auditing 63 --
System Logging with syslog 64 --
syslog.conf File 65 --
syslog Server Security 68 --
System Log Monitoring 68 --
swatch 68 --
logcheck 73 --
swatch vs. logcheck 78 --
File Integrity Auditing 78 --
tripwire 79 --
Password Auditing 87 --
John the Ripper 88 --
Part 2 Network Security 93 --
Chapter 4 Network Services Configuration 95 --
Securing Network Services 96 --
Spawning Internet Daemons with inetd 96 --
Configuring inetd with /etc/inetd.conf 97 --
inetd Configuration Examples 99 --
xinetd: The Next Generation inetd 100 --
Installing xinetd 100 --
Configuring xineted with /etc/xinetd.conf 100 --
xinetd Configuration Examples 103 --
Starting Network Services from /etc/rc.d 105 --
Additional Network Security Considerations 111 --
Disabling rhosts authentication 111 --
Portmap Daemon and RPC Services 111 --
Running Network Services as chroot 112 --
TCP Wrappers 113 --
Installing TCP Wrappers 113 --
Configuring TCP Wrappers 114 --
TCP Wrapper Configuration Examples 116 --
Testing Your TCP Wrappers Configuration 117 --
TCP Wrappers Event Logging 119 --
/Etc/services File 120 --
Netstat Command 121 --
Chapter 5 Network Auditing and Monitoring 125 --
Network Auditing 125 --
Network-Based Auditing Tools 126 --
Host-Based Auditing Tools 143 --
TARA 144 --
Network Monitoring 148 --
PortSentry 149 --
Ethereal 152 --
Part 3 Application Security 155 --
Chapter 6 Electronic Mail 157 --
Sendmail 158 --
Secure Mail Relaying via SMTP Authentication 158 --
SMTP over TLS 160 --
Using STARTTLS 163 --
Qmail 164 --
Postfix 166 --
Post Office Protocol (POP) V.3 167 --
APOP 167 --
Installing the Qpopper Software 169 --
Configuring the Qpopper Software 169 --
Using the Qpopper Software 171 --
IMAP 171 --
Installing the IMAP Server Software 172 --
Configuring the Secure IMAP Server 172 --
Using the Secure IMAP Server 174 --
PGP and GnuPG 177 --
Installing GnuPG 178 --
Configuring GnuPG 178 --
Using GnuPG 180 --
Chapter 7 HTTP Services 185 --
Apache HTTP Server 186 --
Configuring Apache Security 187 --
Hardening the Apache Server 202 --
Application Logs 204 --
mod_ssl 205 --
Installing mod_ssl 206 --
Configuring mod_ssl 207 --
Apache-SSL 215 --
Chapter 8 Samba Security 219 --
Samba Server 220 --
Installing Samba 223 --
Samba Administration with SWAT 224 --
Securing Samba 227 --
Using Samba as a Windows NT Primary Domain Controller 240 --
Part 4 Perimeter Security 245 --
Chapter 9 Network Layer Firewalls 247 --
Firewalls: An Overview 247 --
Linux as a Firewall Platform 249 --
Packet Filtering 251 --
Legacy: ipfwadm and ipchains 251 --
Using ipchains 252 --
Ipchains Examples 255 --
Present: Netfilter 257 --
Configuring Netfilter 258 --
iptables 259 --
Sample Firewall Scenarios 268 --
Single-Homed Dial-up Server 268 --
Dual-Homed Firewall: Public and Private Addresses 269 --
Triple-Homed Firewall with a Demilitarized Zone 272 --
Protecting against Well-Known Attacks 275 --
Network Address Translation 277 --
Configuring NAT Using iptables 278 --
Chapter 10 Transport Layer Firewalls 281 --
Proxy Servers 282 --
SOCKS Protocol 283 --
SOCKS4 vs. SOCKS5 283 --
Do You Need SOCKS? 284 --
NEC SOCKS5 Proxy Server 284 --
Installing SOCKS5 with RPM 285 --
Compiling the Latest SOCKS5 Release 286 --
Configuring the SOCKS5 Server 296 --
SOCKS5 Password File 305 --
Starting and Stopping the SOCKS5 Server 306 --
Runsocks Script 309 --
SOCKS5 Shared Library Configuration 310 --
Configuring Windows SOCKS5 Clients 311 --
SOCKS5 IPv4-to-IPv6 Translator 314 --
Chapter 11 Application Layer Firewalls 317 --
FWTK: The TIS Firewall Toolkit 318 --
Installing the FWTK Firewall Toolkit 319 --
FWTK Architectures 324 --
Configuring the FWTK Firewall Toolkit 326 --
NetACL Rules 327 --
Gateway Rules 328 --
Using Strong Authentication with FWTK 338 --
authsrv 338 --
Part 5 Remote Access and Authentnication 345 --
Chapter 12 Virtual Private Networking 347 --
A VPN Primer 348 --
IP Security Protocol (IPsec) 350 --
IP Authentication Header 351 --
IP Encapsulating Security Payload (ESP) 352 --
FreeS/WAN 354 --
Obtaining FreeS/WAN 355 --
Installing FreeS/WAN 357 --
Configuring FreeS/WAN 358 --
Editing the ipsec.secrets File 359 --
Editing the ipsec.conf File 363 --
Testing the Configuration 367 --
Point-to-Point Tunneling Protocol (PPTP) 367 --
PopTop 369 --
Downloading PopTop 369 --
Configuring PopTop 370 --
Running PopTop 371 --
Secure Shell (SSH) 373 --
How SSH Works 374 --
OpenSSH 374 --
Chapter 13 Strong User Authentication 387 --
Kerberos 388 --
Configuring the Kerberos Domain Controller (KDC) 391 --
Managing Kerberos Credentials 406 --
Using Kerberos-Enabled Applications 409 --
S/Key and OPIE 415 --
Installing OPIE 416 --
Configuring OPIE 416 --
Using OPIE 418 --
Pluggable Authentication Modules (PAMs) 420 --
Installing PAM 422 --
Configuring PAM 422 --
PAM Examples 423 --
Appendix B PAM Module Reference 435 --
Pam_access Module 437 --
Pam_cracklib Module 438 --
Pam_deny Module 441 --
Pam_group Module 442 --
Pam_limits Module 443 --
Pam_pwdb Module 445 --
Pam_rootok Module 447 --
Pam_securetty Module 447 --
Pam_unix Module 448.

078212741X 9780782127416 8176564575 9788176564571


Computer security.
Linux.
Linux (Computer file)

005.43 / HON

© University of Vavuniya

------