TY - BOOK AU - Hontanol, Ramon J. ; TI - Linux security SN - 078212741X U1 - 005.43 PY - 2001/// CY - New Delhi PB - BPB Publications KW - Computer security. KW - Linux. KW - Linux (Computer file) N1 - Included Index; Part 1 System Security 1 -- Chapter 1 Understanding Linux Security 3 -- An Information Security Primer 4 -- Process of Information Security 8 -- Goals of Information Security 13 -- Data Confidentiality 13 -- Data Integrity 14 -- User Authentication and Access Control 15 -- Data and Service Availability 16 -- Linux Security 17 -- Types of Attackers 17 -- Common Attacks against Linux Servers 18 -- Layered Approach to Information Security 25 -- Physical Security 26 -- System Security 27 -- Network Security 27 -- Application Security 27 -- Perimeter Security 27 -- Remote Access and Authentication 28 -- Human Security 28 -- Chapter 2 System Installation and Setup 31 -- Choosing a Linux Distribution 32 -- Red Hat 33 -- Caldera 33 -- SuSE 34 -- Turbolinux 35 -- Debian 36 -- And the Winner Is ... 37 -- Building a Secure Kernel 38 -- User Account Security 41 -- Good Passwords 44 -- Shadow Passwords 45 -- Sudo Utility 47 -- File and Directory Permissions 50 -- suid and sgid 51 -- Umask setting 53 -- Limiting Core Dump Size 54 -- syslog Security 55 -- Filesystem Encryption 55 -- Cryptographic File System 56 -- Practical Privacy Disk Driver 58 -- Chapter 3 System Monitoring and Auditing 63 -- System Logging with syslog 64 -- syslog.conf File 65 -- syslog Server Security 68 -- System Log Monitoring 68 -- swatch 68 -- logcheck 73 -- swatch vs. logcheck 78 -- File Integrity Auditing 78 -- tripwire 79 -- Password Auditing 87 -- John the Ripper 88 -- Part 2 Network Security 93 -- Chapter 4 Network Services Configuration 95 -- Securing Network Services 96 -- Spawning Internet Daemons with inetd 96 -- Configuring inetd with /etc/inetd.conf 97 -- inetd Configuration Examples 99 -- xinetd: The Next Generation inetd 100 -- Installing xinetd 100 -- Configuring xineted with /etc/xinetd.conf 100 -- xinetd Configuration Examples 103 -- Starting Network Services from /etc/rc.d 105 -- Additional Network Security Considerations 111 -- Disabling rhosts authentication 111 -- Portmap Daemon and RPC Services 111 -- Running Network Services as chroot 112 -- TCP Wrappers 113 -- Installing TCP Wrappers 113 -- Configuring TCP Wrappers 114 -- TCP Wrapper Configuration Examples 116 -- Testing Your TCP Wrappers Configuration 117 -- TCP Wrappers Event Logging 119 -- /Etc/services File 120 -- Netstat Command 121 -- Chapter 5 Network Auditing and Monitoring 125 -- Network Auditing 125 -- Network-Based Auditing Tools 126 -- Host-Based Auditing Tools 143 -- TARA 144 -- Network Monitoring 148 -- PortSentry 149 -- Ethereal 152 -- Part 3 Application Security 155 -- Chapter 6 Electronic Mail 157 -- Sendmail 158 -- Secure Mail Relaying via SMTP Authentication 158 -- SMTP over TLS 160 -- Using STARTTLS 163 -- Qmail 164 -- Postfix 166 -- Post Office Protocol (POP) V.3 167 -- APOP 167 -- Installing the Qpopper Software 169 -- Configuring the Qpopper Software 169 -- Using the Qpopper Software 171 -- IMAP 171 -- Installing the IMAP Server Software 172 -- Configuring the Secure IMAP Server 172 -- Using the Secure IMAP Server 174 -- PGP and GnuPG 177 -- Installing GnuPG 178 -- Configuring GnuPG 178 -- Using GnuPG 180 -- Chapter 7 HTTP Services 185 -- Apache HTTP Server 186 -- Configuring Apache Security 187 -- Hardening the Apache Server 202 -- Application Logs 204 -- mod_ssl 205 -- Installing mod_ssl 206 -- Configuring mod_ssl 207 -- Apache-SSL 215 -- Chapter 8 Samba Security 219 -- Samba Server 220 -- Installing Samba 223 -- Samba Administration with SWAT 224 -- Securing Samba 227 -- Using Samba as a Windows NT Primary Domain Controller 240 -- Part 4 Perimeter Security 245 -- Chapter 9 Network Layer Firewalls 247 -- Firewalls: An Overview 247 -- Linux as a Firewall Platform 249 -- Packet Filtering 251 -- Legacy: ipfwadm and ipchains 251 -- Using ipchains 252 -- Ipchains Examples 255 -- Present: Netfilter 257 -- Configuring Netfilter 258 -- iptables 259 -- Sample Firewall Scenarios 268 -- Single-Homed Dial-up Server 268 -- Dual-Homed Firewall: Public and Private Addresses 269 -- Triple-Homed Firewall with a Demilitarized Zone 272 -- Protecting against Well-Known Attacks 275 -- Network Address Translation 277 -- Configuring NAT Using iptables 278 -- Chapter 10 Transport Layer Firewalls 281 -- Proxy Servers 282 -- SOCKS Protocol 283 -- SOCKS4 vs. SOCKS5 283 -- Do You Need SOCKS? 284 -- NEC SOCKS5 Proxy Server 284 -- Installing SOCKS5 with RPM 285 -- Compiling the Latest SOCKS5 Release 286 -- Configuring the SOCKS5 Server 296 -- SOCKS5 Password File 305 -- Starting and Stopping the SOCKS5 Server 306 -- Runsocks Script 309 -- SOCKS5 Shared Library Configuration 310 -- Configuring Windows SOCKS5 Clients 311 -- SOCKS5 IPv4-to-IPv6 Translator 314 -- Chapter 11 Application Layer Firewalls 317 -- FWTK: The TIS Firewall Toolkit 318 -- Installing the FWTK Firewall Toolkit 319 -- FWTK Architectures 324 -- Configuring the FWTK Firewall Toolkit 326 -- NetACL Rules 327 -- Gateway Rules 328 -- Using Strong Authentication with FWTK 338 -- authsrv 338 -- Part 5 Remote Access and Authentnication 345 -- Chapter 12 Virtual Private Networking 347 -- A VPN Primer 348 -- IP Security Protocol (IPsec) 350 -- IP Authentication Header 351 -- IP Encapsulating Security Payload (ESP) 352 -- FreeS/WAN 354 -- Obtaining FreeS/WAN 355 -- Installing FreeS/WAN 357 -- Configuring FreeS/WAN 358 -- Editing the ipsec.secrets File 359 -- Editing the ipsec.conf File 363 -- Testing the Configuration 367 -- Point-to-Point Tunneling Protocol (PPTP) 367 -- PopTop 369 -- Downloading PopTop 369 -- Configuring PopTop 370 -- Running PopTop 371 -- Secure Shell (SSH) 373 -- How SSH Works 374 -- OpenSSH 374 -- Chapter 13 Strong User Authentication 387 -- Kerberos 388 -- Configuring the Kerberos Domain Controller (KDC) 391 -- Managing Kerberos Credentials 406 -- Using Kerberos-Enabled Applications 409 -- S/Key and OPIE 415 -- Installing OPIE 416 -- Configuring OPIE 416 -- Using OPIE 418 -- Pluggable Authentication Modules (PAMs) 420 -- Installing PAM 422 -- Configuring PAM 422 -- PAM Examples 423 -- Appendix B PAM Module Reference 435 -- Pam_access Module 437 -- Pam_cracklib Module 438 -- Pam_deny Module 441 -- Pam_group Module 442 -- Pam_limits Module 443 -- Pam_pwdb Module 445 -- Pam_rootok Module 447 -- Pam_securetty Module 447 -- Pam_unix Module 448 ER -