E-Book
34,79 €

Practical Linux Security Cookbook E-Book

Tajinder Kalsi

0,0

34,79 €

Sammeln Sie Punkte in unserem Gutscheinprogramm und kaufen Sie E-Books und Hörbücher mit bis zu 100% Rabatt.

Mehr erfahren.

Herausgeber: Packt Publishing
Kategorie: Fachliteratur
Sprache: Englisch

Beschreibung

Over the last few years, system security has gained a lot of momentum and software professionals are focusing heavily on it. Linux is often treated as a highly secure operating system. However, the reality is that Linux has its share of security ?aws, and these security ?aws allow attackers to get into your system and modify or even destroy your important data. But there’s no need to panic, since there are various mechanisms by which these ?aws can be removed, and this book will help you learn about different types of Linux security to create a more secure Linux system.
With a step-by-step recipe approach, the book starts by introducing you to various threats to Linux systems. Then, this book will walk you through customizing the Linux kernel and securing local files. Next, you will move on to managing user authentication both locally and remotely and mitigating network attacks. Later, you will learn about application security and kernel vulnerabilities. You will also learn about patching Bash vulnerability, packet filtering, handling incidents, and monitoring system logs. Finally, you will learn about auditing using system services and performing vulnerability scanning on Linux.
By the end of this book, you will be able to secure your Linux systems and create a robust environment.

Details

Das E-Book können Sie in Legimi-Apps oder einer beliebigen App lesen, die das folgende Format unterstützen:

EPUB

Seitenzahl: 296

Veröffentlichungsjahr: 2018

Bewertungen

0,0

Rezensionen(0 Rezensionen)

Ähnliche

Der Weg zum erfolgreichen Unternehmer

Stefan Merath

Der Weg zum erfolgreichen Unternehmer

Stefan Merath

Denke (nach) und werde reich

Napoleon Hill

30 Minuten Resilienz

Ulrich Siegrist

Krebszellen mögen keine Himbeeren - Der große Bestseller - Vollständig überarbeitet und aktualisiert

Richard Béliveau

Die Hormonrevolution

Michael E Platt

Der Crash ist die Lösung

Matthias Weik

Günter, der innere Schweinehund, lernt verkaufen

Stefan Frädrich

Mission erfüllt

Owen Mark

Die Leber wächst mit ihren Aufgaben

Dr. med. Eckart von Hirschhausen

Macht, was ihr liebt!

Anja Förster

Der größte Raubzug der Geschichte

Matthias Weik

Unsere Hunde - gesund durch Homöopathie

Hans Günter Wolff

Die Jahrhundertlüge, die nur Insider kennen

Heiko Schrang

Organisation für Komplexität

Niels Pfläging

Radikal führen

Reinhard K. Sprenger

30 Minuten Sympathisch und souverän: So geht Vortragen!

Thomas Lorenz

BLACKOUT - Morgen ist es zu spät

Marc Elsberg

The Truth About Employee Engagement

Practical Linux Security CookbookSecond Edition

Secure your Linux environment from modern-day attacks with practical recipes

Tajinder Kalsi

BIRMINGHAM - MUMBAI

Practical Linux Security Cookbook Second Edition

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author(s), nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Commissioning Editor: Vijin BorichaAcquisition Editor: Shrilekha InaniContent Development Editor: Sharon RajTechnical Editor: Prashant Chaudhari, Mohit HassijaCopy Editor: Safis EditingProject Coordinator: Drashti PanchalProofreader: Safis EditingIndexer: Pratik ShirodkarGraphics: Tom ScariaProduction Coordinator: Arvindkumar Gupta

First published: April 2016 Second edition: August 2018

Production reference: 1300818

Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK.

ISBN 978-1-78913-839-9

www.packtpub.com

Contributors

About the author

Tajinder Kalsi has more than 9 years of working experience in the field of IT. He has conducted seminars all across India, on topics such as information security and Android application development at more than 120 colleges, teaching more than 10,000 students. Apart from training, he has also worked on VAPT projects for various clients. When talking about certifications, Tajinder is an ISO 2700 LA and also IBM certified analyst.

Prior to this course, Tajinder authored Practical Linux Security Cookbook, published by Packt Publishing. He has also authored three video courses with Packt: Getting Started with Pentensing, Finding and Exploiting Hidden Vulnerabilities, and Pentesting Web Applications.

I have to start by thanking God, for giving me this life and my mother for bringing me into this world. A special thanks to the special one in my life. Your support keeps me going. Thank you so much, dear. Next I would like to thank everyone I have had the opportunity to work with. Each one of you taught me something. I would also like to thank the team of Packt, without whom this book would not exist. And special thanks to Sharon, for keeping patience while working with me. You helped me bring this book to fruition and I am grateful to you.

About the reviewer

Vinod Gupta is a Cyber Security Consultant with over 9 years of experience with multiple verticals of the industry. He is the CEO of Indicrypt Systems, a Cybersecurity firm that he founded in 2012. Nurtured by the principles of ideating while working with IBM, he believes in continuous innovation through learning and research. Continuous research in the fields of cybersecurity, cloud computing, big data, Internet of Things, machine learning, and more has helped him succeed as a consultant as well as a training instructor. He also mentors students to conceive new ideas and to incubate them to develop entrepreneurial skills.

Packt is searching for authors like you

If you're interested in becoming an author for Packt, please visit authors.packtpub.com and apply today. We have worked with thousands of developers and tech professionals, just like you, to help them share their insight with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea.

mapt.io

Mapt is an online digital library that gives you full access to over 5,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career. For more information, please visit our website.

Why subscribe?

Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals

Improve your learning with Skill Plans built especially for you

Get a free eBook or video every month

Mapt is fully searchable

Copy and paste, print, and bookmark content

PacktPub.com

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details.

At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks.

Title Page

Practical Linux Security Cookbook Second Edition

Contributors

About the author

About the reviewer

Packt is searching for authors like you

Packt Upsell

Why subscribe?

PacktPub.com

Preface

Who this book is for

What this book covers

To get the most out of this book

Conventions used

Sections

Getting ready

How to do it...

How it works...

There's more...

Preface

When setting up a Linux system, security is supposed to be an important part of all stages. A good knowledge of the fundamentals of Linux is essential to implementing a good security policy on the machine.

Linux, as it ships, is not completely secure, and it is the responsibility of the administrator to configure the machine in a way such that it becomes more secure. Practical Linux Security Cookbook will work as a practical guide for administrators and help them configure a more secure machine.

If you want to learn about Kernel configuration, filesystem security, secure authentication, network security, and various security tools for Linux, this book is for you.

Linux security is a massive subject and not everything can be covered in just one book. Still, Practical Linux Security Cookbook will give you a lot of recipes to help you secure your machine.

Who this book is for

Practical Linux Security Cookbook is intended for all those Linux users who already have knowledge of Linux filesystems and administration. You should be familiar with basic Linux commands. Understanding information security and its risks to a Linux system is also help you in understand the recipes more easily.

However, even if you are unfamiliar with information security, you will be able to easily follow and understand the recipes discussed.

Since Practical Linux Security Cookbook follows a practical approach, following the steps is very easy.

What this book covers

Chapter 1, Linux Security Problem, discusses the kinds of security that can be implemented for these exploits. Topics include preparing security policies and security controls for password protection and server security and performing vulnerability assessments of the Linux system. It also covers the configuration of sudo access.

Chapter 2, Configuring a Secure and Optimized Kernel, focuses on the process of configuring and building the Linux kernel and testing it. Topics covered include requirements for building a kernel, configuring a kernel, kernel installation, customization, and kernel debugging. The chapter also discusses configuring a console using Netconsole.

Chapter 3, Local Filesystem Security, looks at Linux file structures and permissions. It covers topics such as viewing file and directory details, handling files and file permissions using chmod, and the implementation of an access control list. The chapter also gives readers an introduction to the configuration of LDAP.

Chapter 4, Local Authentication in Linux, explores user authentication on a local system while maintaining security. Topics covered in this chapter include user authentication logging, limiting user login capabilities, monitoring user activity, authentication control definition, and also how to use PAM.

Chapter 5, Remote Authentication, talks about authenticating users remotely on a Linux system. The topics included in this chapter are remote server access using SSH, disabling and enabling root login, restricting remote access when using SSH, copying files remotely over SSH, and setting up Kerberos.

Chapter 6, Network Security, provides information about network attacks and security. It covers managing the TCP/IP network, configuring a firewall using IPtables, blocking spoofed addresses, and unwanted incoming traffic. The chapter also gives readers an introduction to configuring and using TCP Wrapper.

Chapter 7, Security Tools, targets various security tools or software that can be used for security on a Linux system. Tools covered in this chapter include sXID, Portsentry, Squid proxy, OpenSSL server, Tripwire, Shorewall, OSSEC, Snort, and Rsync/Grsync.

Chapter 8, Linux Security Distros, introduces the readers to some of the famous Linux/Unix distributions of that have been developed in relation to security and penetration testing. The distros covered in this chapter include Kali Linux, PfSense, DEFT, NST, Security Onion, Tails, and Qubes.

Chapter 9, Bash Vulnerability Patching, explores the most famous vulnerability of the Bash shell, which is known as Shellshock. It gives readers an understanding of Shellshock's vulnerability and the security issues that can arise with its presence. The chapter also tells the reader how to use the Linux Patch Management system to secure their machine and also gives them an understanding of how patches are applied in a Linux system. It also gives an insight into other known Linux vulnerabilities.

Chapter 10, Security Monitoring and Logging, provides information on monitoring logs in Linux, on a local system as well as a network. Topics discussed in this chapter include monitoring logs using Logcheck, using Nmap for network monitoring, system monitoring using Glances, and using MultiTail to monitor logs. A few other tools are also discussed, which include Whowatch, stat, lsof, and strace. Readers also learn about network monitoring using IPTraf, Suricata and OpenNMS.

Chapter 11, Understanding Linux Service Security, helps the reader understand the commonly used services on Linux systems and the security concern related to each of these services. Services such as HTTPD, Telnet, and FTP, have been in use since long time and still, many administrators are not aware of the security concerns that each of them can cause, if not configured properly.

Chapter 12, Scanning and Auditing Linux, provides information about performing malware scan on Linux systems so as to find all malwares including rootkits. It also gives an insight into auditing using system services such as auditd and tools like ausearch and aureport. This chapter will help readers understand how to read through logs to learn what the system services are doing.

Chapter 13, Vulnerability Scanning and Intrusion Detection, will help readers perform vulnerability assessment on Linux machine using various tools and Linux distros like Security Onion, OpenVAS, and Nikto. Learn about network and server category vulnerabilities and also web based vulnerabilities. The chapter also helps readers to harden Linux systems using Lynis.

To get the most out of this book

To get the most out of this book, readers should have a basic understanding of the Linux filesystem and administration. They should be aware of the basic commands of Linux, and knowledge about information security would be an added advantage.

This book will include practical examples on Linux security using inbuilt Linux tools as well as other available open source tools. As per the recipe, readers will have to install these tools if they are not already installed in Linux.

Conventions used

There are a number of text conventions used throughout this book.

CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "Mount the downloaded WebStorm-10*.dmg disk image file as another disk in your system."

Any command-line input or output is written as follows:

$ mkdir css

$ cd css

Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "Select System info from the Administration panel."

Warnings or important notes appear like this.

Tips and tricks appear like this.

Sections

In this book, you will find several headings that appear frequently (Getting ready, How to do it..., How it works..., There's more..., and See also).

To give clear instructions on how to complete a recipe, use these sections as follows:

Getting ready

This section tells you what to expect in the recipe and describes how to set up any software or any preliminary settings required for the recipe.

How to do it...

This section contains the steps required to follow the recipe.

How it works...

This section usually consists of a detailed explanation of what happened in the previous section.

There's more...

This section consists of additional information about the recipe in order to make you more knowledgeable about the recipe.

Get in touch

Feedback from our readers is always welcome.

General feedback: Email [email protected] and mention the book title in the subject of your message. If you have questions about any aspect of this book, please email us at [email protected].

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.

Piracy: If you come across any illegal copies of our works in any form on the internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Reviews

Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions, we at Packt can understand what you think about our products, and our authors can see your feedback on their book. Thank you!

For more information about Packt, please visit packtpub.com.

Linux Security Problem

A Linux machine is only as secure as the administrator configures it to be. Once we have installed the Linux distribution of our choice and have removed all the unnecessary packages post installation, we can start working on the security aspect of the system by fine-tuning the installed software and services.

In this chapter, we will discuss the following topics:

Configuring server security

Security policy—server security

Defining security controls

Missing backup plans

The following recipes will be covered in the chapter:

Checking the integrity of installation medium using checksum

Using LUKS disk encryption

Making use of

sudoers

—configuring

sudo

access

Scanning hosts with Nmap

Gaining root on a vulnerable Linux system

Missing backup plans

Security policy

A security policy is a definition that outlines the rules and practices to be followed for computer network security in an organization. How the organization should manage, protect, and distribute sensitive data is defined in the security policy.

Developing a security policy

When creating a security policy you should keep in mind that it should be simple and easy for all the users to follow. The objective of the policy should be to protect the data while keeping the privacy of the users.

It should be developed around these points:

Accessibility to the system

Software installation rights on the system

Data permission

Recovery from failure

When developing a security policy, a user should be using only those services for which permission has been granted. Anything that is not permitted should be restricted in the policy. Let's look at some common Linux security myths.

Linux security myths

You might feel nervous while planning to use Linux-based systems in your business. This may be due to some false rumors about security in Linux that the systems might have fallen prey to any of the myths out there.

Myth – as Linux is open source, it is considered to be insecure

Linux, being a free and open source operating system, has its own advantages. It includes a large base of developers who constantly audit the source code for any possible security risks; the Linux community can provide fast support and fixes for any potential security problem. Patches are released quickly for testing by the community so they don't have to deal with the clumsy administration that other Unix vendors may have to deal with.

Due to the massive worldwide user base, Linux's security gets tested across huge range of computing environments, thus making it one of the most stable and secure operating systems. As Linux is open to scrutiny by developers across the world, it helps Linux derive superior security in the ways the privileges are assigned. The way in which these privileges are assigned in a Linux system is also a security feature derived from the open source code of the system.

Myth – Linux is an experts-only system, and only they know how to configure their systems in terms of security

Assuming that Linux is for experts who know how to deal with viruses is a misconception. Linux has evolved to become one of the friendliest OSes that can be used by anyone, whether novice or experts.

Linux is secure because of its strong architecture. Regular users on a Linux system possess low-privileged accounts rather than having root privileges.

Myth – Linux is virus free

Due to its strong architecture, even if a Linux system gets compromised, viruses would not have root access and thus will not be able to cause any major damage to the system.

Even on Linux servers, several levels of security are implemented and they are updated more often, again helping to secure the servers from viruses.

There are still a number of viruses that target Linux, thus making it not completely virus free. But most of the viruses that exist for Linux are non-destructive in nature.

Configuring server security

Once a Linux server is created, the immediate next step is to implement security procedures to make sure that any kind of threat should not cause the system to be compromised. A major reason for malicious attacks on Linux servers have been poorly implemented security or existing vulnerabilities. When configuring a server, the security policies need to be implemented properly to create a secure environment that will help prevent your business from getting hacked.

How to do it...

Let us have a look for each and every configuration.

User management

Follow these steps to configure server security:

When a Linux server is created, the first user created by default is always the root user. This root user should be used for initial configuration only.

Once initial configuration is done, this root user should be disabled via SSH. This will make it difficult for any hacker to gain access to your Linux machine.

Further, a secondary user should be created to log in and administer the machine. This user can be allowed sudo permissions if administrative actions need to be performed.

Password policy

Follow these steps to configure server security:

When creating user accounts, ensure the use of strong passwords. If allowed, keep the length of the password to between 12 to 14 characters.

If possible, generate passwords randomly, and include lowercase and uppercase letters, numbers, and symbols.

Avoid using password combinations that could be easily guessed, such as dictionary words, keyboard patterns, usernames, ID numbers, and so on.

Avoid using the same password twice.

Configuration policy

Follow these steps to configure server security:

The operating system on the server should be configured in accordance with the guidelines approved for InfoSec.

Any service or application not being used should be disabled, wherever possible.

Every access to the services and applications on the server should be monitored and logged. It should also be protected through access-control methods. An example of this will be covered in

Chapter 3

Local Filesystem Security

The system should be kept updated and any recent security patches, if available, should be installed as soon as possible

Avoid using the root account as much as possible. It is better to use the security principles that require least access to perform a function.

Any kind of privileged access must be performed over a secure channel connection (SSH) wherever possible.

Access to the server should be in a controlled environment.

Monitoring policy

All security-related actions on server systems must be logged and audit reports should be saved as follows:

For a period of one month, all security-related logs should be kept online

For a period of one month, the daily backups, as well as the weekly backups should be retained

For a minimum of two years, the monthly full backups should be retained

Any event related to security being compromised should be reported to the InfoSec team. They shall then review the logs and report the incident to the IT department.

Some examples of security-related events are as follows:

Port-scanning-related attacks

Access to privileged accounts without authorization

Unusual occurrences due to a particular application on the host

How it works...

Following the policies as given here helps in the base configuration of the internal server that is owned or operated by the organization. Implementing the policy effectively will minimize unauthorized access to any sensitive and proprietary information.

Security policy – server security

A major reason for malicious attacks on Linux servers has been poorly implemented security or existing vulnerabilities. When configuring a server, the security policies need to be implemented properly and ownership needs to be taken for proper customization of the server.

How to do it…

Let's have a look and various security policies

General policy

Let's discuss the various security policies:

The administration of all the internal servers in an organization is the responsibility of a dedicated team that should also keep watch for any kind of compliance issues. If a compliance issues occurs, the team should immediately review and implement an updated security policy.

When configuring internal servers, they must be registered in such a way that the identification of the servers can be done on the basis of the following information:

Location of the server

Operating system version and hardware configuration

Services and applications running on the server

Any kind of information in the organization's management system must always be kept up to date.

Configuration policy

Let's discuss the various security policies:

The operating system on the server should be configured in accordance with the guidelines approved for InfoSec.

Any service or application not being used should be disabled, wherever possible.

Every access to the services and applications on the server should be monitored and logged. It should also be protected through access-control methods. An example of this will be covered in

Chapter 3

Local FileSystem Security.

The system should be kept updated and any recent security patches, if available, should be installed as soon as possible

Avoid using the root account as much as possible. It is better to use security principles that require least access to perform a function.

Any kind of privileged access must be performed over a secure channel connection (SSH), wherever possible.

Access to the server should be in a controlled environment.

Monitoring policy

Let's discuss the various security policies:

All security-related actions on server systems must be logged and audit reports should be saved as follows:

For a period of one month, all the security-related logs should be kept online

For a period of one month, the daily backups, as well as the weekly backups, should be retained

For a minimum of two years, the monthly full backups should be retained

Tausende von E-Books und Hörbücher

Ihre Zahl wächst ständig und Sie haben eine Fixpreisgarantie.

Sie haben über uns geschrieben:

Practical Linux Security Cookbook E-Book

Tajinder Kalsi

Practical Linux Security Cookbook Second Edition

Contributors

About the author

About the reviewer

Packt is searching for authors like you

Why subscribe?

PacktPub.com

Table of Contents

Preface

Who this book is for

What this book covers

To get the most out of this book

Conventions used

Sections

Getting ready

How to do it...

How it works...

There's more...

See also

Get in touch

Reviews

Linux Security Problem

Security policy

Developing a security policy

Linux security myths

Myth – as Linux is open source, it is considered to be insecure

Myth – Linux is an experts-only system, and only they know how to configure their systems in terms of security

Myth – Linux is virus free

Configuring server security

How to do it...

User management

Password policy

Configuration policy

Monitoring policy

How it works...

Security policy – server security

How to do it…

General policy

Configuration policy

Monitoring policy