Cover image for Linux Security Cookbook

Book description

Computer security is an ongoing process, a relentless contest between system administrators and intruders. A good administrator needs to stay one step ahead of any adversaries, which often involves a continuing process of education. If you're grounded in the basics of security, however, you won't necessarily want a complete treatise on the subject each time you pick up a book. Sometimes you want to get straight to the point. That's exactly what the new Linux Security Cookbook does. Rather than provide a total security solution for Linux computers, the authors present a series of easy-to-follow recipes--short, focused pieces of code that administrators can use to improve security and perform common tasks securely. The Linux Security Cookbook includes real solutions to a wide range of targeted problems, such as sending encrypted email within Emacs, restricting access to network services at particular times of day, firewalling a webserver, preventing IP spoofing, setting up key-based SSH authentication, and much more. With over 150 ready-to-use scripts and configuration files, this unique book helps administrators secure their systems without having to look up specific syntax. The book begins with recipes devised to establish a secure system, then moves on to secure day-to-day practices, and concludes with techniques to help your system stay secure. Some of the "recipes" you'll find in this book are:

  • Controlling access to your system from firewalls down to individual services, using iptables, ipchains, xinetd, inetd, and more

  • Monitoring your network with tcpdump, dsniff, netstat, and other tools

  • Protecting network connections with Secure Shell (SSH) and stunnel

  • Safeguarding email sessions with Secure Sockets Layer (SSL)

  • Encrypting files and email messages with GnuPG

  • Probing your own security with password crackers, nmap, and handy scripts

This cookbook's proven techniques are derived from hard-won experience. Whether you're responsible for security on a home Linux system or for a large corporation, or somewhere in between, you'll find valuable, to-the-point, practical recipes for dealing with everyday security issues. This book is a system saver.

Table of Contents

  1. Linux Security Cookbook
  2. Preface
    1. A Cookbook About Security?!?
    2. Intended Audience
    3. Roadmap of the Book
    4. Our Security Philosophy
    5. Supported Linux Distributions
    6. Trying the Recipes
    7. Conventions Used in This Book
    8. We'd Like to Hear from You
    9. Acknowledgments
  3. 1. System Snapshots with Tripwire
    1. 1.1. Setting Up Tripwire
      1. 1.1.1. Problem
      2. 1.1.2. Solution
      3. 1.1.3. Discussion
      4. 1.1.4. See Also
    2. 1.2. Displaying the Policy and Configuration
      1. 1.2.1. Problem
      2. 1.2.2. Solution
      3. 1.2.3. Discussion
      4. 1.2.4. See Also
    3. 1.3. Modifying the Policy and Configuration
      1. 1.3.1. Problem
      2. 1.3.2. Solution
      3. 1.3.3. Discussion
      4. 1.3.4. See Also
    4. 1.4. Basic Integrity Checking
      1. 1.4.1. Problem
      2. 1.4.2. Solution
      3. 1.4.3. Discussion
      4. 1.4.4. See Also
    5. 1.5. Read-Only Integrity Checking
      1. 1.5.1. Problem
      2. 1.5.2. Solution
      3. 1.5.3. Discussion
      4. 1.5.4. See Also
    6. 1.6. Remote Integrity Checking
      1. 1.6.1. Problem
      2. 1.6.2. Solution
      3. 1.6.3. Discussion
      4. 1.6.4. See Also
    7. 1.7. Ultra-Paranoid Integrity Checking
      1. 1.7.1. Problem
      2. 1.7.2. Solution
      3. 1.7.3. Discussion
      4. 1.7.4. See Also
    8. 1.8. Expensive, Ultra-Paranoid Security Checking
      1. 1.8.1. Problem
      2. 1.8.2. Solution
      3. 1.8.3. Discussion
    9. 1.9. Automated Integrity Checking
      1. 1.9.1. Problem
      2. 1.9.2. Solution
      3. 1.9.3. Discussion
      4. 1.9.4. See Also
    10. 1.10. Printing the Latest Tripwire Report
      1. 1.10.1. Problem
      2. 1.10.2. Solution
      3. 1.10.3. Discussion
      4. 1.10.4. See Also
    11. 1.11. Updating the Database
      1. 1.11.1. Problem
      2. 1.11.2. Solution
      3. 1.11.3. Discussion
      4. 1.11.4. See Also
    12. 1.12. Adding Files to the Database
      1. 1.12.1. Problem
      2. 1.12.2. Solution
      3. 1.12.3. Discussion
      4. 1.12.4. See Also
    13. 1.13. Excluding Files from the Database
      1. 1.13.1. Problem
      2. 1.13.2. Solution
      3. 1.13.3. Discussion
      4. 1.13.4. See Also
    14. 1.14. Checking Windows VFAT Filesystems
      1. 1.14.1. Problem
      2. 1.14.2. Solution
      3. 1.14.3. Discussion
      4. 1.14.4. See Also
    15. 1.15. Verifying RPM-Installed Files
      1. 1.15.1. Problem
      2. 1.15.2. Solution
      3. 1.15.3. Discussion
      4. 1.15.4. See Also
    16. 1.16. Integrity Checking with rsync
      1. 1.16.1. Problem
      2. 1.16.2. Solution
      3. 1.16.3. Discussion
      4. 1.16.4. See Also
    17. 1.17. Integrity Checking Manually
      1. 1.17.1. Problem
      2. 1.17.2. Solution
      3. 1.17.3. Discussion
      4. 1.17.4. See Also
  4. 2. Firewalls with iptables and ipchains
    1. 2.1. Enabling Source Address Verification
      1. 2.1.1. Problem
      2. 2.1.2. Solution
      3. 2.1.3. Discussion
      4. 2.1.4. See Also
    2. 2.2. Blocking Spoofed Addresses
      1. 2.2.1. Problem
      2. 2.2.2. Solution
      3. 2.2.3. Discussion
      4. 2.2.4. See Also
    3. 2.3. Blocking All Network Traffic
      1. 2.3.1. Problem
      2. 2.3.2. Solution
      3. 2.3.3. Discussion
      4. 2.3.4. See Also
    4. 2.4. Blocking Incoming Traffic
      1. 2.4.1. Problem
      2. 2.4.2. Solution
      3. 2.4.3. Discussion
      4. 2.4.4. See Also
    5. 2.5. Blocking Outgoing Traffic
      1. 2.5.1. Problem
      2. 2.5.2. Solution
      3. 2.5.3. Discussion
      4. 2.5.4. See Also
    6. 2.6. Blocking Incoming Service Requests
      1. 2.6.1. Problem
      2. 2.6.2. Solution
      3. 2.6.3. Discussion
      4. 2.6.4. See Also
    7. 2.7. Blocking Access from a Remote Host
      1. 2.7.1. Problem
      2. 2.7.2. Solution
      3. 2.7.3. Discussion
      4. 2.7.4. See Also
    8. 2.8. Blocking Access to a Remote Host
      1. 2.8.1. Problem
      2. 2.8.2. Solution
      3. 2.8.3. Discussion
      4. 2.8.4. See Also
    9. 2.9. Blocking Outgoing Access to All Web Servers on a Network
      1. 2.9.1. Problem
      2. 2.9.2. Solution
      3. 2.9.3. Discussion
      4. 2.9.4. See Also
    10. 2.10. Blocking Remote Access, but Permitting Local
      1. 2.10.1. Problem
      2. 2.10.2. Solution
      3. 2.10.3. Discussion
      4. 2.10.4. See Also
    11. 2.11. Controlling Access by MAC Address
      1. 2.11.1. Problem
      2. 2.11.2. Solution
      3. 2.11.3. Discussion
      4. 2.11.4. See Also
    12. 2.12. Permitting SSH Access Only
      1. 2.12.1. Problem
      2. 2.12.2. Solution
      3. 2.12.3. Discussion
      4. 2.12.4. See Also
    13. 2.13. Prohibiting Outgoing Telnet Connections
      1. 2.13.1. Problem
      2. 2.13.2. Solution
      3. 2.13.3. Discussion
      4. 2.13.4. See Also
    14. 2.14. Protecting a Dedicated Server
      1. 2.14.1. Problem
      2. 2.14.2. Solution
      3. 2.14.3. Discussion
      4. 2.14.4. See Also
    15. 2.15. Preventing pings
      1. 2.15.1. Problem
      2. 2.15.2. Solution
      3. 2.15.3. Discussion
      4. 2.15.4. See Also
    16. 2.16. Listing Your Firewall Rules
      1. 2.16.1. Problem
      2. 2.16.2. Solution
      3. 2.16.3. Discussion
      4. 2.16.4. See Also
    17. 2.17. Deleting Firewall Rules
      1. 2.17.1. Problem
      2. 2.17.2. Solution
      3. 2.17.3. Discussion
      4. 2.17.4. See Also
    18. 2.18. Inserting Firewall Rules
      1. 2.18.1. Problem
      2. 2.18.2. Solution
      3. 2.18.3. Discussion
      4. 2.18.4. See Also
    19. 2.19. Saving a Firewall Configuration
      1. 2.19.1. Problem
      2. 2.19.2. Solution
      3. 2.19.3. Discussion
      4. 2.19.4. See Also
    20. 2.20. Loading a Firewall Configuration
      1. 2.20.1. Problem
      2. 2.20.2. Solution
      3. 2.20.3. Discussion
      4. 2.20.4. See Also
    21. 2.21. Testing a Firewall Configuration
      1. 2.21.1. Problem
      2. 2.21.2. Solution
      3. 2.21.3. Discussion
      4. 2.21.4. See Also
    22. 2.22. Building Complex Rule Trees
      1. 2.22.1. Problem
      2. 2.22.2. Solution
      3. 2.22.3. Discussion
      4. 2.22.4. See Also
    23. 2.23. Logging Simplified
      1. 2.23.1. Problem
      2. 2.23.2. Solution
      3. 2.23.3. Discussion
      4. 2.23.4. See Also
  5. 3. Network Access Control
    1. 3.1. Listing Your Network Interfaces
      1. 3.1.1. Problem
      2. 3.1.2. Solution
      3. 3.1.3. Discussion
      4. 3.1.4. See Also
    2. 3.2. Starting and Stopping the Network Interface
      1. 3.2.1. Problem
      2. 3.2.2. Solution
      3. 3.2.3. Discussion
      4. 3.2.4. See Also
    3. 3.3. Enabling/Disabling a Service (xinetd)
      1. 3.3.1. Problem
      2. 3.3.2. Solution
      3. 3.3.3. Discussion
      4. 3.3.4. See Also
    4. 3.4. Enabling/Disabling a Service (inetd)
      1. 3.4.1. Problem
      2. 3.4.2. Solution
      3. 3.4.3. Discussion
      4. 3.4.4. See Also
    5. 3.5. Adding a New Service (xinetd)
      1. 3.5.1. Problem
      2. 3.5.2. Solution
      3. 3.5.3. Discussion
      4. 3.5.4. See Also
    6. 3.6. Adding a New Service (inetd)
      1. 3.6.1. Problem
      2. 3.6.2. Solution
      3. 3.6.3. Discussion
      4. 3.6.4. See Also
    7. 3.7. Restricting Access by Remote Users
      1. 3.7.1. Problem
      2. 3.7.2. Solution
      3. 3.7.3. Discussion
      4. 3.7.4. See Also
    8. 3.8. Restricting Access by Remote Hosts (xinetd)
      1. 3.8.1. Problem
      2. 3.8.2. Solution
      3. 3.8.3. Discussion
      4. 3.8.4. See Also
    9. 3.9. Restricting Access by Remote Hosts (xinetd with libwrap)
      1. 3.9.1. Problem
      2. 3.9.2. Solution
      3. 3.9.3. Discussion
      4. 3.9.4. See Also
    10. 3.10. Restricting Access by Remote Hosts (xinetd with tcpd)
      1. 3.10.1. Problem
      2. 3.10.2. Solution
      3. 3.10.3. Discussion
      4. 3.10.4. See Also
    11. 3.11. Restricting Access by Remote Hosts (inetd)
      1. 3.11.1. Problem
      2. 3.11.2. Solution
      3. 3.11.3. Discussion
      4. 3.11.4. See Also
    12. 3.12. Restricting Access by Time of Day
      1. 3.12.1. Problem
      2. 3.12.2. Solution
      3. 3.12.3. Discussion
      4. 3.12.4. See Also
    13. 3.13. Restricting Access to an SSH Server by Host
      1. 3.13.1. Problem
      2. 3.13.2. Solution
      3. 3.13.3. Discussion
      4. 3.13.4. See Also
    14. 3.14. Restricting Access to an SSH Server by Account
      1. 3.14.1. Problem
      2. 3.14.2. Solution
      3. 3.14.3. Discussion
      4. 3.14.4. See Also
    15. 3.15. Restricting Services to Specific Filesystem Directories
      1. 3.15.1. Problem
      2. 3.15.2. Solution
      3. 3.15.3. Discussion
      4. 3.15.4. See Also
    16. 3.16. Preventing Denial of Service Attacks
      1. 3.16.1. Problem
      2. 3.16.2. Solution
      3. 3.16.3. Discussion
      4. 3.16.4. See Also
    17. 3.17. Redirecting to Another Socket
      1. 3.17.1. Problem
      2. 3.17.2. Solution
      3. 3.17.3. Discussion
      4. 3.17.4. See Also
    18. 3.18. Logging Access to Your Services
      1. 3.18.1. Problem
      2. 3.18.2. Solution
      3. 3.18.3. Discussion
      4. 3.18.4. See Also
    19. 3.19. Prohibiting root Logins on Terminal Devices
      1. 3.19.1. Problem
      2. 3.19.2. Solution
      3. 3.19.3. Discussion
      4. 3.19.4. See Also
  6. 4. Authentication Techniques and Infrastructures
    1. 4.1. Creating a PAM-Aware Application
      1. 4.1.1. Problem
      2. 4.1.2. Solution
      3. 4.1.3. Discussion
      4. 4.1.4. See Also
    2. 4.2. Enforcing Password Strength with PAM
      1. 4.2.1. Problem
      2. 4.2.2. Solution
      3. 4.2.3. Discussion
      4. 4.2.4. See Also
    3. 4.3. Creating Access Control Lists with PAM
      1. 4.3.1. Problem
      2. 4.3.2. Solution
      3. 4.3.3. Discussion
      4. 4.3.4. See Also
    4. 4.4. Validating an SSL Certificate
      1. 4.4.1. Problem
      2. 4.4.2. Solution
      3. 4.4.3. Discussion
      4. 4.4.4. See Also
    5. 4.5. Decoding an SSL Certificate
      1. 4.5.1. Problem
      2. 4.5.2. Solution
      3. 4.5.3. Discussion
      4. 4.5.4. See Also
    6. 4.6. Installing a New SSL Certificate
      1. 4.6.1. Problem
      2. 4.6.2. Solution
      3. 4.6.3. Discussion
      4. 4.6.4. See Also
    7. 4.7. Generating an SSL Certificate Signing Request (CSR)
      1. 4.7.1. Problem
      2. 4.7.2. Solution
      3. 4.7.3. Discussion
      4. 4.7.4. See Also
    8. 4.8. Creating a Self-Signed SSL Certificate
      1. 4.8.1. Problem
      2. 4.8.2. Solution
      3. 4.8.3. Discussion
      4. 4.8.4. See Also
    9. 4.9. Setting Up a Certifying Authority
      1. 4.9.1. Problem
      2. 4.9.2. Solution
      3. 4.9.3. Discussion
      4. 4.9.4. See Also
    10. 4.10. Converting SSL Certificates from DER to PEM
      1. 4.10.1. Problem
      2. 4.10.2. Solution
      3. 4.10.3. Discussion
      4. 4.10.4. See Also
    11. 4.11. Getting Started with Kerberos
      1. 4.11.1. Problem
      2. 4.11.2. Solution
      3. 4.11.3. Discussion
      4. 4.11.4. See Also
    12. 4.12. Adding Users to a Kerberos Realm
      1. 4.12.1. Problem
      2. 4.12.2. Solution
      3. 4.12.3. Discussion
      4. 4.12.4. See Also
    13. 4.13. Adding Hosts to a Kerberos Realm
      1. 4.13.1. Problem
      2. 4.13.2. Solution
      3. 4.13.3. Discussion
      4. 4.13.4. See Also
    14. 4.14. Using Kerberos with SSH
      1. 4.14.1. Problem
      2. 4.14.2. Solution
      3. 4.14.3. Discussion
      4. 4.14.4. See Also
    15. 4.15. Using Kerberos with Telnet
      1. 4.15.1. Problem
      2. 4.15.2. Solution
      3. 4.15.3. Discussion
      4. 4.15.4. See Also
    16. 4.16. Securing IMAP with Kerberos
      1. 4.16.1. Problem
      2. 4.16.2. Solution
      3. 4.16.3. Discussion
      4. 4.16.4. See Also
    17. 4.17. Using Kerberos with PAM for System-Wide Authentication
      1. 4.17.1. Problem
      2. 4.17.2. Solution
      3. 4.17.3. Discussion
      4. 4.17.4. See Also
  7. 5. Authorization Controls
    1. 5.1. Running a root Login Shell
      1. 5.1.1. Problem
      2. 5.1.2. Solution
      3. 5.1.3. Discussion
      4. 5.1.4. See Also
    2. 5.2. Running X Programs as root
      1. 5.2.1. Problem
      2. 5.2.2. Solution
      3. 5.2.3. Discussion
      4. 5.2.4. See Also
    3. 5.3. Running Commands as Another User via sudo
      1. 5.3.1. Problem
      2. 5.3.2. Solution
      3. 5.3.3. Discussion
      4. 5.3.4. See Also
    4. 5.4. Bypassing Password Authentication in sudo
      1. 5.4.1. Problem
      2. 5.4.2. Solution
      3. 5.4.3. Discussion
      4. 5.4.4. See Also
    5. 5.5. Forcing Password Authentication in sudo
      1. 5.5.1. Problem
      2. 5.5.2. Solution
      3. 5.5.3. Discussion
      4. 5.5.4. See Also
    6. 5.6. Authorizing per Host in sudo
      1. 5.6.1. Problem
      2. 5.6.2. Solution
      3. 5.6.3. Discussion
      4. 5.6.4. See Also
    7. 5.7. Granting Privileges to a Group via sudo
      1. 5.7.1. Problem
      2. 5.7.2. Solution
      3. 5.7.3. See Also
    8. 5.8. Running Any Program in a Directory via sudo
      1. 5.8.1. Problem
      2. 5.8.2. Solution
      3. 5.8.3. See Also
    9. 5.9. Prohibiting Command Arguments with sudo
      1. 5.9.1. Problem
      2. 5.9.2. Solution
      3. 5.9.3. Discussion
      4. 5.9.4. See Also
    10. 5.10. Sharing Files Using Groups
      1. 5.10.1. Problem
      2. 5.10.2. Solution
      3. 5.10.3. Discussion
      4. 5.10.4. See Also
    11. 5.11. Permitting Read-Only Access to a Shared File via sudo
      1. 5.11.1. Problem
      2. 5.11.2. Solution
      3. 5.11.3. Discussion
      4. 5.11.4. See Also
    12. 5.12. Authorizing Password Changes via sudo
      1. 5.12.1. Problem
      2. 5.12.2. Solution
      3. 5.12.3. Discussion
      4. 5.12.4. See Also
    13. 5.13. Starting/Stopping Daemons via sudo
      1. 5.13.1. Problem
      2. 5.13.2. Solution
      3. 5.13.3. Discussion
      4. 5.13.4. See Also
    14. 5.14. Restricting root's Abilities via sudo
      1. 5.14.1. Problem
      2. 5.14.2. Solution
      3. 5.14.3. Discussion
      4. 5.14.4. See Also
    15. 5.15. Killing Processes via sudo
      1. 5.15.1. Problem
      2. 5.15.2. Solution
      3. 5.15.3. Discussion
      4. 5.15.4. See Also
    16. 5.16. Listing sudo Invocations
      1. 5.16.1. Problem
      2. 5.16.2. Solution
      3. 5.16.3. Discussion
      4. 5.16.4. See Also
    17. 5.17. Logging sudo Remotely
      1. 5.17.1. Problem
      2. 5.17.2. Solution
      3. 5.17.3. Discussion
      4. 5.17.4. See Also
    18. 5.18. Sharing root Privileges via SSH
      1. 5.18.1. Problem
      2. 5.18.2. Solution
      3. 5.18.3. Discussion
      4. 5.18.4. See Also
    19. 5.19. Running root Commands via SSH
      1. 5.19.1. Problem
      2. 5.19.2. Solution
      3. 5.19.3. Discussion
      4. 5.19.4. See Also
    20. 5.20. Sharing root Privileges via Kerberos su
      1. 5.20.1. Problem
      2. 5.20.2. Solution
      3. 5.20.3. Discussion
        1. 5.20.3.1. Authentication
        2. 5.20.3.2. Authorization
      4. 5.20.4. See Also
  8. 6. Protecting Outgoing Network Connections
    1. 6.1. Logging into a Remote Host
      1. 6.1.1. Problem
      2. 6.1.2. Solution
      3. 6.1.3. Discussion
      4. 6.1.4. See Also
    2. 6.2. Invoking Remote Programs
      1. 6.2.1. Problem
      2. 6.2.2. Solution
      3. 6.2.3. Discussion
      4. 6.2.4. See Also
    3. 6.3. Copying Files Remotely
      1. 6.3.1. Problem
      2. 6.3.2. Solution
      3. 6.3.3. Discussion
      4. 6.3.4. See Also
    4. 6.4. Authenticating by Public Key (OpenSSH)
      1. 6.4.1. Problem
      2. 6.4.2. Solution
      3. 6.4.3. Discussion
      4. 6.4.4. See Also
    5. 6.5. Authenticating by Public Key (OpenSSH Client, SSH2 Server, OpenSSH Key)
      1. 6.5.1. Problem
      2. 6.5.2. Solution
      3. 6.5.3. Discussion
      4. 6.5.4. See Also
    6. 6.6. Authenticating by Public Key (OpenSSH Client, SSH2 Server, SSH2 Key)
      1. 6.6.1. Problem
      2. 6.6.2. Solution
      3. 6.6.3. Discussion
      4. 6.6.4. See Also
    7. 6.7. Authenticating by Public Key (SSH2 Client, OpenSSH Server)
      1. 6.7.1. Problem
      2. 6.7.2. Solution
      3. 6.7.3. Description
      4. 6.7.4. See Also
    8. 6.8. Authenticating by Trusted Host
      1. 6.8.1. Problem
      2. 6.8.2. Solution
      3. 6.8.3. Discussion
      4. 6.8.4. See Also
    9. 6.9. Authenticating Without a Password (Interactively)
      1. 6.9.1. Problem
      2. 6.9.2. Solution
      3. 6.9.3. Discussion
      4. 6.9.4. See Also
    10. 6.10. Authenticating in cron Jobs
      1. 6.10.1. Problem
      2. 6.10.2. Solution
      3. 6.10.3. Discussion
      4. 6.10.4. See Also
    11. 6.11. Terminating an SSH Agent on Logout
      1. 6.11.1. Problem
      2. 6.11.2. Solution
      3. 6.11.3. Discussion
      4. 6.11.4. See Also
    12. 6.12. Tailoring SSH per Host
      1. 6.12.1. Problem
      2. 6.12.2. Solution
      3. 6.12.3. Discussion
      4. 6.12.4. See Also
    13. 6.13. Changing SSH Client Defaults
      1. 6.13.1. Problem
      2. 6.13.2. Solution
      3. 6.13.3. Discussion
      4. 6.13.4. See Also
    14. 6.14. Tunneling Another TCP Session Through SSH
      1. 6.14.1. Problem
      2. 6.14.2. Solution
      3. 6.14.3. Discussion
      4. 6.14.4. See Also
    15. 6.15. Keeping Track of Passwords
      1. 6.15.1. Problem
      2. 6.15.2. Solution
      3. 6.15.3. Discussion
      4. 6.15.4. See Also
  9. 7. Protecting Files
    1. 7.1. Using File Permissions
      1. 7.1.1. Problem
      2. 7.1.2. Solution
      3. 7.1.3. Discussion
      4. 7.1.4. See Also
    2. 7.2. Securing a Shared Directory
      1. 7.2.1. Problem
      2. 7.2.2. Solution
      3. 7.2.3. Discussion
      4. 7.2.4. See Also
    3. 7.3. Prohibiting Directory Listings
      1. 7.3.1. Problem
      2. 7.3.2. Solution
      3. 7.3.3. Discussion
      4. 7.3.4. See Also
    4. 7.4. Encrypting Files with a Password
      1. 7.4.1. Problem
      2. 7.4.2. Solution
      3. 7.4.3. Discussion
      4. 7.4.4. See Also
    5. 7.5. Decrypting Files
      1. 7.5.1. Problem
      2. 7.5.2. Solution
      3. 7.5.3. Discussion
      4. 7.5.4. See Also
    6. 7.6. Setting Up GnuPG for Public-Key Encryption
      1. 7.6.1. Problem
      2. 7.6.2. Solution
      3. 7.6.3. Discussion
      4. 7.6.4. See Also
    7. 7.7. Listing Your Keyring
      1. 7.7.1. Problem
      2. 7.7.2. Solution
      3. 7.7.3. Discussion
      4. 7.7.4. See Also
    8. 7.8. Setting a Default Key
      1. 7.8.1. Problem
      2. 7.8.2. Solution
      3. 7.8.3. Discussion
      4. 7.8.4. See Also
    9. 7.9. Sharing Public Keys
      1. 7.9.1. Problem
      2. 7.9.2. Solution
      3. 7.9.3. Discussion
      4. 7.9.4. See Also
    10. 7.10. Adding Keys to Your Keyring
      1. 7.10.1. Problem
      2. 7.10.2. Solution
      3. 7.10.3. Discussion
      4. 7.10.4. See Also
    11. 7.11. Encrypting Files for Others
      1. 7.11.1. Problem
      2. 7.11.2. Solution
      3. 7.11.3. Discussion
      4. 7.11.4. See Also
    12. 7.12. Signing a Text File
      1. 7.12.1. Problem
      2. 7.12.2. Solution
      3. 7.12.3. Discussion
      4. 7.12.4. See Also
    13. 7.13. Signing and Encrypting Files
      1. 7.13.1. Problem
      2. 7.13.2. Solution
      3. 7.13.3. Discussion
      4. 7.13.4. See Also
    14. 7.14. Creating a Detached Signature File
      1. 7.14.1. Problem
      2. 7.14.2. Solution
      3. 7.14.3. Discussion
      4. 7.14.4. See Also
    15. 7.15. Checking a Signature
      1. 7.15.1. Problem
      2. 7.15.2. Solution
      3. 7.15.3. Discussion
      4. 7.15.4. See Also
    16. 7.16. Printing Public Keys
      1. 7.16.1. Problem
      2. 7.16.2. Solution
      3. 7.16.3. Discussion
      4. 7.16.4. See Also
    17. 7.17. Backing Up a Private Key
      1. 7.17.1. Problem
      2. 7.17.2. Solution
      3. 7.17.3. Discussion
      4. 7.17.4. See Also
    18. 7.18. Encrypting Directories
      1. 7.18.1. Problem
      2. 7.18.2. Solution
      3. 7.18.3. Discussion
      4. 7.18.4. See Also
    19. 7.19. Adding Your Key to a Keyserver
      1. 7.19.1. Problem
      2. 7.19.2. Solution
      3. 7.19.3. Discussion
      4. 7.19.4. See Also
    20. 7.20. Uploading New Signatures to a Keyserver
      1. 7.20.1. Problem
      2. 7.20.2. Solution
    21. 7.21. Obtaining Keys from a Keyserver
      1. 7.21.1. Problem
      2. 7.21.2. Solution
      3. 7.21.3. Discussion
      4. 7.21.4. See Also
    22. 7.22. Revoking a Key
      1. 7.22.1. Problem
      2. 7.22.2. Solution
      3. 7.22.3. Discussion
      4. 7.22.4. See Also
    23. 7.23. Maintaining Encrypted Files with Emacs
      1. 7.23.1. Problem
      2. 7.23.2. Solution
      3. 7.23.3. Discussion
      4. 7.23.4. See Also
    24. 7.24. Maintaining Encrypted Files with vim
      1. 7.24.1. Problem
      2. 7.24.2. Solution
      3. 7.24.3. Discussion
      4. 7.24.4. See Also
    25. 7.25. Encrypting Backups
      1. 7.25.1. Problem
      2. 7.25.2. Solution
      3. 7.25.3. Discussion
      4. 7.25.4. See Also
    26. 7.26. Using PGP Keys with GnuPG
      1. 7.26.1. Problem
      2. 7.26.2. Solution
      3. 7.26.3. Discussion
      4. 7.26.4. See Also
  10. 8. Protecting Email
    1. 8.1. Encrypted Mail with Emacs
      1. 8.1.1. Problem
      2. 8.1.2. Solution
      3. 8.1.3. Discussion
      4. 8.1.4. See Also
    2. 8.2. Encrypted Mail with vim
      1. 8.2.1. Problem
      2. 8.2.2. Solution
      3. 8.2.3. Discussion
      4. 8.2.4. See Also
    3. 8.3. Encrypted Mail with Pine
      1. 8.3.1. Problem
      2. 8.3.2. Solution
      3. 8.3.3. Description
      4. 8.3.4. See Also
    4. 8.4. Encrypted Mail with Mozilla
      1. 8.4.1. Problem
      2. 8.4.2. Solution
      3. 8.4.3. Discussion
      4. 8.4.4. See Also
    5. 8.5. Encrypted Mail with Evolution
      1. 8.5.1. Problem
      2. 8.5.2. Solution
      3. 8.5.3. Discussion
      4. 8.5.4. See Also
    6. 8.6. Encrypted Mail with mutt
      1. 8.6.1. Problem
      2. 8.6.2. Solution
      3. 8.6.3. Discussion
      4. 8.6.4. See Also
    7. 8.7. Encrypted Mail with elm
      1. 8.7.1. Problem
      2. 8.7.2. Solution
      3. 8.7.3. Discussion
      4. 8.7.4. See Also
    8. 8.8. Encrypted Mail with MH
      1. 8.8.1. Problem
      2. 8.8.2. Solution
      3. 8.8.3. Discussion
      4. 8.8.4. See Also
    9. 8.9. Running a POP/IMAP Mail Server with SSL
      1. 8.9.1. Problem
      2. 8.9.2. Solution
      3. 8.9.3. Discussion
      4. 8.9.4. See Also
    10. 8.10. Testing an SSL Mail Connection
      1. 8.10.1. Problem
      2. 8.10.2. Solution
      3. 8.10.3. Discussion
      4. 8.10.4. See Also
    11. 8.11. Securing POP/IMAP with SSL and Pine
      1. 8.11.1. Problem
      2. 8.11.2. Solution
      3. 8.11.3. Discussion
      4. 8.11.4. See Also
    12. 8.12. Securing POP/IMAP with SSL and mutt
      1. 8.12.1. Problem
      2. 8.12.2. Solution
      3. 8.12.3. Discussion
      4. 8.12.4. See Also
    13. 8.13. Securing POP/IMAP with SSL and Evolution
      1. 8.13.1. Problem
      2. 8.13.2. Solution
      3. 8.13.3. Discussion
      4. 8.13.4. See Also
    14. 8.14. Securing POP/IMAP with stunnel and SSL
      1. 8.14.1. Problem
      2. 8.14.2. Solution
      3. 8.14.3. Discussion
      4. 8.14.4. See Also
    15. 8.15. Securing POP/IMAP with SSH
      1. 8.15.1. Problem
      2. 8.15.2. Solution
      3. 8.15.3. Discussion
      4. 8.15.4. See Also
    16. 8.16. Securing POP/IMAP with SSH and Pine
      1. 8.16.1. Problem
      2. 8.16.2. Solution
      3. 8.16.3. Discussion
      4. 8.16.4. See Also
    17. 8.17. Receiving Mail Without a Visible Server
      1. 8.17.1. Problem
      2. 8.17.2. Solution
      3. 8.17.3. Discussion
      4. 8.17.4. See Also
    18. 8.18. Using an SMTP Server from Arbitrary Clients
      1. 8.18.1. Problem
      2. 8.18.2. Solution
      3. 8.18.3. Discussion
      4. 8.18.4. See Also
  11. 9. Testing and Monitoring
    1. 9.1. Testing Login Passwords (John the Ripper)
      1. 9.1.1. Problem
      2. 9.1.2. Solution
      3. 9.1.3. Discussion
      4. 9.1.4. See Also
    2. 9.2. Testing Login Passwords (CrackLib)
      1. 9.2.1. Problem
      2. 9.2.2. Solution
      3. 9.2.3. Discussion
      4. 9.2.4. See Also
    3. 9.3. Finding Accounts with No Password
      1. 9.3.1. Problem
      2. 9.3.2. Solution
      3. 9.3.3. Discussion
      4. 9.3.4. See Also
    4. 9.4. Finding Superuser Accounts
      1. 9.4.1. Problem
      2. 9.4.2. Solution
      3. 9.4.3. Discussion
      4. 9.4.4. See Also
    5. 9.5. Checking for Suspicious Account Use
      1. 9.5.1. Problem
      2. 9.5.2. Solution
      3. 9.5.3. Discussion
      4. 9.5.4. See Also
    6. 9.6. Checking for Suspicious Account Use, Multiple Systems
      1. 9.6.1. Problem
      2. 9.6.2. Solution
      3. 9.6.3. Discussion
      4. 9.6.4. See Also
    7. 9.7. Testing Your Search Path
      1. 9.7.1. Problem
      2. 9.7.2. Solution
      3. 9.7.3. Discussion
      4. 9.7.4. See Also
    8. 9.8. Searching Filesystems Effectively
      1. 9.8.1. Problem
      2. 9.8.2. Solution
      3. 9.8.3. Discussion
      4. 9.8.4. See Also
    9. 9.9. Finding setuid (or setgid) Programs
      1. 9.9.1. Problem
      2. 9.9.2. Solution
      3. 9.9.3. Discussion
      4. 9.9.4. See Also
    10. 9.10. Securing Device Special Files
      1. 9.10.1. Problem
      2. 9.10.2. Solution
      3. 9.10.3. Discussion
      4. 9.10.4. See Also
    11. 9.11. Finding Writable Files
      1. 9.11.1. Problem
      2. 9.11.2. Solution
      3. 9.11.3. Discussion
      4. 9.11.4. See Also
    12. 9.12. Looking for Rootkits
      1. 9.12.1. Problem
      2. 9.12.2. Solution
      3. 9.12.3. Discussion
      4. 9.12.4. See Also
    13. 9.13. Testing for Open Ports
      1. 9.13.1. Problem
      2. 9.13.2. Solution
      3. 9.13.3. Discussion
      4. 9.13.4. See Also
    14. 9.14. Examining Local Network Activities
      1. 9.14.1. Problem
      2. 9.14.2. Solution
      3. 9.14.3. Discussion
      4. 9.14.4. See Also
    15. 9.15. Tracing Processes
      1. 9.15.1. Problem
      2. 9.15.2. Solution
      3. 9.15.3. Discussion
      4. 9.15.4. See Also
    16. 9.16. Observing Network Traffic
      1. 9.16.1. Problem
      2. 9.16.2. Solution
      3. 9.16.3. Discussion
      4. 9.16.4. See Also
    17. 9.17. Observing Network Traffic (GUI)
      1. 9.17.1. Problem
      2. 9.17.2. Solution
      3. 9.17.3. Discussion
      4. 9.17.4. See Also
    18. 9.18. Searching for Strings in Network Traffic
      1. 9.18.1. Problem
      2. 9.18.2. Solution
      3. 9.18.3. Discussion
      4. 9.18.4. See Also
    19. 9.19. Detecting Insecure Network Protocols
      1. 9.19.1. Problem
      2. 9.19.2. Solution
      3. 9.19.3. Discussion
      4. 9.19.4. See Also
    20. 9.20. Getting Started with Snort
      1. 9.20.1. Problem
      2. 9.20.2. Solution
      3. 9.20.3. Discussion
      4. 9.20.4. See Also
    21. 9.21. Packet Sniffing with Snort
      1. 9.21.1. Problem
      2. 9.21.2. Solution
      3. 9.21.3. Discussion
      4. 9.21.4. See Also
    22. 9.22. Detecting Intrusions with Snort
      1. 9.22.1. Problem
      2. 9.22.2. Solution
      3. 9.22.3. Discussion
      4. 9.22.4. See Also
    23. 9.23. Decoding Snort Alert Messages
      1. 9.23.1. Problem
      2. 9.23.2. Solution
      3. 9.23.3. Discussion
      4. 9.23.4. See Also
    24. 9.24. Logging with Snort
      1. 9.24.1. Problem
      2. 9.24.2. Solution
      3. 9.24.3. Discussion
      4. 9.24.4. See Also
    25. 9.25. Partitioning Snort Logs Into Separate Files
      1. 9.25.1. Problem
      2. 9.25.2. Solution
      3. 9.25.3. Discussion
      4. 9.25.4. See Also
    26. 9.26. Upgrading and Tuning Snort's Ruleset
      1. 9.26.1. Problem
      2. 9.26.2. Solution
      3. 9.26.3. Discussion
      4. 9.26.4. See Also
    27. 9.27. Directing System Messages to Log Files (syslog)
      1. 9.27.1. Problem
      2. 9.27.2. Solution
      3. 9.27.3. Discussion
      4. 9.27.4. See Also
    28. 9.28. Testing a syslog Configuration
      1. 9.28.1. Problem
      2. 9.28.2. Solution
      3. 9.28.3. Discussion
      4. 9.28.4. See Also
    29. 9.29. Logging Remotely
      1. 9.29.1. Problem
      2. 9.29.2. Solution
      3. 9.29.3. Discussion
      4. 9.29.4. See Also
    30. 9.30. Rotating Log Files
      1. 9.30.1. Problem
      2. 9.30.2. Solution
      3. 9.30.3. Discussion
      4. 9.30.4. See Also
    31. 9.31. Sending Messages to the System Logger
      1. 9.31.1. Problem
      2. 9.31.2. Solution
      3. 9.31.3. Discussion
      4. 9.31.4. See Also
    32. 9.32. Writing Log Entries via Shell Scripts
      1. 9.32.1. Problem
      2. 9.32.2. Solution
      3. 9.32.3. Discussion
      4. 9.32.4. See Also
    33. 9.33. Writing Log Entries via Perl
      1. 9.33.1. Problem
      2. 9.33.2. Solution
      3. 9.33.3. Discussion
      4. 9.33.4. See Also
    34. 9.34. Writing Log Entries via C
      1. 9.34.1. Problem
      2. 9.34.2. Solution
      3. 9.34.3. Discussion
      4. 9.34.4. See Also
    35. 9.35. Combining Log Files
      1. 9.35.1. Problem
      2. 9.35.2. Solution
      3. 9.35.3. Discussion
      4. 9.35.4. See Also
    36. 9.36. Summarizing Your Logs with logwatch
      1. 9.36.1. Problem
      2. 9.36.2. Solution
      3. 9.36.3. Discussion
      4. 9.36.4. See Also
    37. 9.37. Defining a logwatch Filter
      1. 9.37.1. Problem
      2. 9.37.2. Solution
      3. 9.37.3. Discussion
      4. 9.37.4. See Also
    38. 9.38. Monitoring All Executed Commands
      1. 9.38.1. Problem
      2. 9.38.2. Solution
      3. 9.38.3. Discussion
      4. 9.38.4. See Also
    39. 9.39. Displaying All Executed Commands
      1. 9.39.1. Problem
      2. 9.39.2. Solution
      3. 9.39.3. Discussion
      4. 9.39.4. See Also
    40. 9.40. Parsing the Process Accounting Log
      1. 9.40.1. Problem
      2. 9.40.2. Solution
      3. 9.40.3. Discussion
      4. 9.40.4. See Also
    41. 9.41. Recovering from a Hack
      1. 9.41.1. Problem
      2. 9.41.2. Solution
      3. 9.41.3. Discussion
      4. 9.41.4. See Also
    42. 9.42. Filing an Incident Report
      1. 9.42.1. Problem
      2. 9.42.2. Solution
      3. 9.42.3. Discussion
      4. 9.42.4. See Also
  12. Index
  13. About the Authors
  14. Colophon
  15. Copyright