Mastering Linux Security and Hardening - Second Edition
- FREE Subscription Access now
- $44.99 Print + eBook Buy
- eBook + Subscription Buy
-
What do you get with a Packt Subscription?
- Instant access to this title and 7,500+ eBooks & Videos
- Constantly updated with 100+ new titles each month
- Breadth and depth in over 1,000+ technologies
-
Section 1: Setting up a Secure Linux System
-
Running Linux in a Virtual Environment
-
Securing User Accounts
- Securing User Accounts
- The dangers of logging in as the root user
- The advantages of using sudo
- Setting up sudo privileges for full administrative users
- Setting up sudo for users with only certain delegated privileges
- Advanced tips and tricks for using sudo
- Locking down users' home directories the Red Hat or CentOS way
- Locking down users' home directories the Debian/Ubuntu way
- Enforcing strong password criteria
- Setting and enforcing password and account expiration
- Configuring default expiry data for useradd for Red Hat or CentOS only
- Setting expiry data on a per-account basis with useradd and usermod
- Setting expiry data on a per-account basis with chage
- Preventing brute-force password attacks
- Locking user accounts
- Locking the root user account
- Setting up security banners
- Detecting compromised passwords
- Understanding centralized user management
- Summary
- Questions
- Further reading
-
Securing Your Server with a Firewall - Part 1
-
Securing Your Server with a Firewall - Part 2
-
Encryption Technologies
-
SSH Hardening
- SSH Hardening
- Ensuring that SSH protocol 1 is disabled
- Creating and managing keys for passwordless logins
- Disabling root user login
- Disabling username/password logins
- Configuring Secure Shell with strong encryption algorithms
- Setting system-wide encryption policies on RHEL 8/CentOS 8
- Configuring more detailed logging
- Configuring access control with whitelists and TCP Wrappers
- Configuring automatic logouts and security banners
- Configuring other miscellaneous security settings
- Setting up a chroot environment for SFTP users
- Sharing a directory with SSHFS
- Remotely connecting from Windows desktops
- Summary
- Questions
- Further reading
-
Section 2: Mastering File and Directory Access Control (DAC)
-
Mastering Discretionary Access Control
- Mastering Discretionary Access Control
- Using chown to change ownership of files and directories
- Using chmod to set permissions on files and directories
- Using SUID and SGID on regular files
- The security implications of the SUID and SGID permissions
- Using extended file attributes to protect sensitive files
- Securing system configuration files
- Summary
- Questions
- Further reading
-
Access Control Lists and Shared Directory Management
- Access Control Lists and Shared Directory Management
- Creating an ACL for either a user or a group
- Creating an inherited ACL for a directory
- Removing a specific permission by using an ACL mask
- Using the tar --acls option to prevent the loss of ACLs during a backup
- Creating a user group and adding members to it
- Creating a shared directory
- Setting the SGID bit and the sticky bit on the shared directory
- Using ACLs to access files in the shared directory
- Summary
- Questions
- Further reading
-
Section 3: Advanced System Hardening Techniques
-
Implementing Mandatory Access Control with SELinux and AppArmor
- Implementing Mandatory Access Control with SELinux and AppArmor
- How SELinux can benefit a systems administrator
- Setting security contexts for files and directories
- Troubleshooting with setroubleshoot
- Working with SELinux policies
- How AppArmor can benefit a systems administrator
- Looking at AppArmor profiles
- Working with AppArmor command-line utilities
- Troubleshooting AppArmor problems
- Exploiting a system with an evil Docker container
- Summary
- Questions
- Further reading
-
Kernel Hardening and Process Isolation
-
Scanning, Auditing, and Hardening
- Scanning, Auditing, and Hardening
- Technical requirements
- Installing and updating ClamAV and maldet
- Scanning with ClamAV and maldet
- Scanning for rootkits with Rootkit Hunter
- Performing a quick malware analysis with strings and VirusTotal
- Understanding the auditd daemon
- Using ausearch and aureport
- Applying OpenSCAP policies with oscap
- Summary
- Questions
- Further reading
-
Logging and Log Security
-
Vulnerability Scanning and Intrusion Detection
-
Security Tips and Tricks for the Busy Bee
-
Assessments
-
Other Books You May Enjoy
About this book
From creating networks and servers to automating the entire working environment, Linux has been extremely popular with system administrators for the last couple of decades. However, security has always been a major concern. With limited resources available in the Linux security domain, this book will be an invaluable guide in helping you get your Linux systems properly secured.
Complete with in-depth explanations of essential concepts, practical examples, and self-assessment questions, this book begins by helping you set up a practice lab environment and takes you through the core functionalities of securing Linux. You'll practice various Linux hardening techniques and advance to setting up a locked-down Linux server. As you progress, you will also learn how to create user accounts with appropriate privilege levels, protect sensitive data by setting permissions and encryption, and configure a firewall. The book will help you set up mandatory access control, system auditing, security profiles, and kernel hardening, and finally cover best practices and troubleshooting techniques to secure your Linux environment efficiently.
By the end of this Linux security book, you will be able to confidently set up a Linux server that will be much harder for malicious actors to compromise.
- Publication date:
- February 2020
- Publisher
- Packt
- Pages
- 666
- ISBN
- 9781838981778