Linux system security : an administrator's guide to open source security tools

1. Vulnerability Survey. What Happened? Other Cracker Activities. So, Are You Going to Show Us How to Break into Systems? A Survey of Vulnerabilities and Attacks. Technical. Social. Physical. Summary. For Further Reading. Books. Interesting Cracker Tales. Web Sites. Full-Disclosure Resources.2. Security Policies. What Is Computer and Network Security? Elements of a Computing Environment. Risk Analysis. The Security Policy. Securing Computers and Networks. User Privacy and Administrator Ethics. Summary. For Further Reading. Books. Web Resources. Other Resources.3. Background Information. BIOS Passwords. Linux Installation and LILO. A Note about LILO. Recovering a Corrupt System. Installation and LILO Resources. Start-Up Scripts. Red Hat Package Manager. Verifying Packages with RPM. Checking PGP Signatures with RPM. RPM Resources. RPM Mailing List. TCP/IP Networking Overview. The TCP/IP Model Layers. Remote Procedure Call Applications. Trusted Host Files and Related Commands. Some Major Applications. Network Monitoring. General TCP/IP Networking Resources. NFS, Samba, NIS, and DNS Resources. Request for Comment. Cryptography. The Purpose of Cryptography. Algorithm Types. Hash Functions and Digital Signatures. Passwords Aren't Encrypted, They're Hashed! An Overview of PGP. Cryptography References. Testing and Production Environments. Security Archives. Software Testing. Source Code Auditing. Pristine Backups. Security Resources. Licenses.4. Users, Permissions, and Filesystems. User Account Management. Good Passwords. All Accounts Must Have Passwords!Or Be Locked! Password Aging and the Shadow File. Restricted Accounts. Shell History. The Root Account. Using the Root Account. Multiple Root Users. Minimizing the Impact of Root Compromise. Configuring /etc/securetty. Group Account Management. File and Directory Permissions. User File and Directory Permissions. System File and Directory Permissions. SUID and SGID. File Attributes. Using xlock and xscreensaver. Filesystem Restrictions. Summary. For Further Reading. System Administration. System Security.5. Pluggable Authentication Modules. PAM Overview. PAM Configuration. PAM Administration. PAM and Passwords. PAM and Passwords Summary. PAM and login. Time and Resource Limits. Access Control with pam_listfile. PAM and su. Using pam_access. Using pam_lastlog. Using pam_rhosts_auth. One-Time Password Support. PAM and the other Configuration File. Additional PAM Options. PAM Logs. Available PAM Modules. PAM-Aware Applications. Important Notes about Configuring PAM. The Future of PAM. Summary. For Further Reading. On-Line Documentation.6. One-Time Passwords. The Purpose of One-Time Passwords. S/Key. S/Key OTP Overview. S/Key Version 1.1b. S/Key Version. OPIE. Obtaining and Installing OPIE. Implementing and Using OPIE. OPIE and PAM. Obtaining and Installing pam_opie. Obtaining and Installing pam_if. Implementing pam_opie and pam_if. Which OTP System Should I Use? Advantages and Disadvantages of S/Key. Advantages and Disadvantages of OPIE. S/Key and OPIE Vulnerabilities. Summary. For Further Reading. Programming. E-Mail Lists.7. System Accounting. General System Accounting. Connection Accounting. The last Command. The who Command. One Other Command. Process Accounting. The sa Command. The lastcomm Command. Accounting Files. Summary. For Further Reading. Books. On-Line Documentation.8. System Logging. The syslog System Logging Utility. Overview. The /etc/syslog.conf File. Invoking the syslogd Daemon. Configuring /etc/syslog.conf. The klogd Daemon. Other Logs. Alternatives to syslog. The auditd Utility. Summary. For Further Reading. General System Logging. Intrusion Detection.9. Superuser Do (sudo). What Is sudo? Obtaining and Implementing sudo. Features of Version 1.5.9p. Implementing Version 1.5.9p. Using sudo. The Functionality of sudo. The /etc/sudoers File. General Syntax of /etc/sudoers. The visudo Command. Options to the sudo Command. A More Sophisticated Example. Setting Up sudo Logging. Reading sudo Logs. PAM and sudo. Disabling root Access. Vulnerabilities of sudo. Summary. For Further Reading. Reference Books. E-Mail Lists. Web Sites. On-Line Documentation. Kerberos Resources. FWTK Resources.10. Securing Network Services: TCP_wrappers, portmap,and xinetd. TCP_Wrappers. Building TCP_Wrappers. Access Control with TCP_Wrappers. TCP_Wrappers Utility Programs. TCP_Wrappers Vulnerabilities. The Portmapper. Building the Portmapper. Implementing Portmapper Access Control. The portmap Log Entries. Gracefully Terminating and Recovering the Portmapper. Portmapper Vulnerabilities. Unwrapped Services. Replacing inetd with xinetd. Advantages of xinetd. Disadvantages of xinetd. Obtaining xinetd. Building xinetd. The xinetd Configuration File. The xinetd Daemon. Which One Should I Use? Summary. For Further Reading. Resources for TCP_Wrappers. Resources for the Portmapper. Resources for xinetd. Internet Services Resources.11. The Secure Shell. Overview of SSH. Host-Based Authentication Using RSA. Authenticating the User. Available Versions of SSH. Obtaining and Installing SSH. Compiling SSH. Configuring the Secure Shell. Configuring the Server Side. Configuring the Client Side. Using SSH. Configuring SSH Authentication Behavior. sshd Missing in Action. Authentication Flow of Events. Nonpassword Authentication. Password-Based Authentication. Exploring ssh Functionality. ssh Examples. scp Examples. Port Forwarding and Application Proxying. Secure Shell Alternatives. Summary. For Further Reading.12. Crack. Obtaining Crack. Major Components of Crack. Crack Overview. Building Crack. Modifying Crack for Linux. Modifying Crack for MD. Modifying Crack for Bigcrypt. Preparing Crack for crypt(3). Compiling and Linking Crack. Compiling Crack Itself. Crack Dictionaries. Obtaining Other Crack Dictionaries. Using Crack. Running Crack. Running Crack over the Network. Crack. Crack Rules. What Do We Do about Cracked Passwords? The White Hat Use of Crack. Effectively Using Crack. Summary. For Further Reading.13. Auditing Your System with tiger. Overview of tiger. Obtaining tiger. Major Components of tiger. Overview of tiger Configuration. Overview of Run-Time Operation. tiger Scripts. Installing tiger to Run through cron. Which Scripts Should I Run? cronrc for a Development Machine. Running Crack from Tiger. Deciphering tiger Output. Troubleshooting tiger. Modifying Tiger. Modifying Scripts. Adding New Checks. Signatures. Recommendations. Summary. For Further Reading. Mailing List for tiger. sendmail Resources.14. Tripwire. Tripwire Overview. Obtaining and Installing Tripwire. Tripwire Version. The Tripwire Configuration File. Extending the Configuration File. Effectively Building the Tripwire Configuration File. Example Configuration File for Red Hat Linux. The tripwire Command. Tripwire Initialize Mode. Effective Tripwire Initialization. Storing the Database. Routine Tripwire Runs? Compare Mode. A Note on Performance. Tripwire Update Mode. Summary. For Further Reading. On-Line Documentation. Web Site.15. The Cryptographic and Transparent Cryptographic Filesystems. Overview of the Cryptographic File System. CFS Flow of Events. Obtaining and Installing CFS. CFS Administrative Tasks. Using CFS. Creating and Attaching CFS Directories. The CFS Commands and Daemon Detailed. Using CFS over NFS. Vulnerabilities of CFS. Overview of TCFS. Obtaining and Installing TCFS. The TCFS Client Side. The TCFS Server Side. Using TCFS. Configuring TCFS for Use with PAM. TCFS Administrative Tasks. Extended Attributes for TCFS. Setting up the Encrypted Directory. TCFS Groups. TCFS Key Management. Vulnerabilities of TCFS. CFS and TCFS Comparison. Securely Deleting Files. Alternatives to CFS and TCFS. Summary. For Further Reading. Papers. E-Mail Lists.16. Packet Filtering with ipchains. Packet Filtering. Configuring the Kernel for ipchains. ipchains Overview. Behavior of a Chain. Malformed Packets. Analysis of an Inbound Packet. Analysis of an Outbound Packet. The Loopback Interface. Custom Chains. Introduction to Using ipchains. The ipchains Command. Some Simple Examples. Packet Fragments. IP Masquerading. Adding Custom Chains. ICMP Rules in a Custom Chain. Antispoofing Rules. Rule Ordering Is Important! Saving and Restoring Rules. Rule Writing and Logging Tips. Changing Rules. ipchains Start-up Scripts. Building Your Firewall. Simple Internal Network. Simple Internal Network Using DHCP. ipchains Isn't Just for Firewalls! One More Thing. Supplementary Utilities. Other Examples. Port Forwarding. The fwconfig GUI. Mason. The Network Mapper (nmap). Additional Firewall Software. Virtual Private Networks and Encrypted Tunnels. The Next Generation. Summary. For Further Reading. ipchains Documentation. Masquerading Documentation. ISP Connectivity-Related Resources. General Firewall References. DMZ Resources. ICMP-Related References. A Special Acknowledgment.17. Log File Management. General Log File Management. logrotate. Obtaining and Installing logrotate. Configuring logrotate. Pulling It All Together. swatch. Obtaining swatch. Installing swatch. Configuring and Running swatch. logcheck. Obtaining logcheck. Major Components of logcheck. Configuring and Installing logcheck. logcheck Output. Troubleshooting logcheck. Summary.18. Implementing and Managing Security. So, Where Do I Start? Hardening Linux. Selecting the Right Tools. Reducing the Workload. What if My Systems Are Already in the Production Environment? The Internal Network. Critical Internal Servers. Internal Maintenance. Firewalls and the DMZ. External Maintenance. Break-in Recovery. Adding New Software. Only through Knowledge.Appendix A: Keeping Up to Date. Appendix B: Tools Not Covered. Glossary. Index.