You are previewing Security Strategies in Linux Platforms and Applications.
O'Reilly logo
Security Strategies in Linux Platforms and Applications

Book Description

PART OF THE NEW JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES! Security Strategies in Linux Platforms and Applications covers every major aspect of security on a Linux system. Written by an industry expert, this book is divided into three natural parts to illustrate key concepts in the field. It opens with a discussion on the risks, threats, and vulnerabilities associated with Linux as an operating system using examples from Red Hat Enterprise Linux and Ubuntu. Part 2 discusses how to take advantage of the layers of security available to Linux—user and group options, filesystems, and security options for important services, as well as the security modules associated with AppArmor and SELinux. The book closes with a look at the use of both open source and proprietary tools when building a layered security strategy for Linux operating system environments. Using real-world examples and exercises, this useful resource incorporates hands-on activities to walk students through the fundamentals of security strategies related to the Linux system.

Table of Contents

  1. Copyright
  2. Preface
    1. Purpose of This Book
    2. Learning Features
    3. Audience
  3. Acknowledgments
  4. About the Author
  5. ONE. Is Linux Really Secure?
    1. 1. Security Threats to Linux
      1. The Fundamentals of Linux Information Security
      2. Security As a Process in the Open Source World
      3. Laws and Regulatory Requirements in Information Security
      4. Measuring Information Security
        1. Confidentiality
        2. Possession or Control
        3. Integrity
        4. Authenticity
        5. Availability
        6. Utility
      5. The Open Source Security Testing Methodology Manual
        1. Measures of OSSTMM Compliance
        2. OSSTMM Channels
        3. OSSTMM Test Methodologies
          1. Regulatory Phase
          2. Definitions Phase
          3. Information Phase
          4. Interactive Controls Phase
          5. Alert and Log Review Phase
        4. OSSTMM Certifications
      6. Linux and the Seven Domains of a Typical IT Infrastructure
        1. Linux in the User Domain
        2. Linux in the Workstation Domain
        3. Linux in the LAN Domain
        4. Linux in the LAN-to-WAN Domain
        5. Linux in the System/Application Domain
        6. Linux in the Remote Access Domain
        7. Linux in the WAN Domain
      7. Attacks on Open Source Software
      8. Security in an Open Source World
      9. Costs and Benefits of Linux Security Measures
        1. The Costs of Security
        2. The Benefits of Security
        3. The Effects of Virtualization
      10. CHAPTER SUMMARY
      11. KEY CONCEPTS AND TERMS
      12. CHAPTER 1 ASSESSMENT
    2. 2. Basic Components of Linux Security
      1. Linux Security Starts with the Kernel
        1. The Basic Linux Kernel Philosophy
        2. Basic Linux Kernels
        3. Distribution-Specific Linux Kernels
        4. Custom Linux Kernels
        5. Linux Kernel Security Options
      2. Security in the Boot Process
        1. Physical Security
        2. The Threat of the Live CD
        3. Boot Process Security
        4. More Boot Process Issues
        5. Virtual Physical Security
      3. Linux Security Issues Beyond the Basic Operating System
        1. Service Process Security
        2. Security Issues with the GUI
      4. The User Authentication Databases
      5. File Ownership, Permissions, and Access Controls
      6. Firewalls and Mandatory Access Controls
        1. Firewall Support Options
        2. Mandatory Access Control Support
      7. Networks and Encrypted Communication
      8. The Latest Linux Security Updates
        1. Linux Security Updates for Regular Users
        2. Linux Security Updates for Home Hobbyists
        3. Linux Security Updates for Power Users
        4. Security Updates for Linux Administrators
        5. Linux Security Update Administration
      9. Continuity and Resiliency with Virtualization
      10. Variations Between Distributions
        1. A Basic Comparison: Red Hat and Ubuntu
        2. More Diversity in Services
      11. CHAPTER SUMMARY
      12. KEY CONCEPTS AND TERMS
      13. CHAPTER 2 ASSESSMENT
  6. TWO. Layered Security and Linux
    1. 3. Basic Security: Facilities Through the Boot Process
      1. Security in the Server Room and the Physical Server
        1. Physical and Environmental Security Factors
        2. Security and Form Factors
        3. Physical Access Ports
        4. Security Beyond the Server
      2. Open Source Trusted Platform Modules and Open Trusted Computing
        1. The Basics of Trusted Computing
          1. Measurements
          2. Roots of Trust
          3. Chain of Trust
        2. Objections to TPM
        3. TPM in an Open Source World
          1. TPM Packages
        4. Configure TPM on a Linux System
      3. Security on Virtual Hosts and Guests
        1. Security on Virtual Hosts
          1. Security with Virtual Applications
          2. Security with Platform Virtual Machines
          3. Security with Paravirtualization
          4. Security with Hardware Virtual Machines
          5. Security with Bare Metal Virtualization
        2. Security on Virtual Guests
      4. Locking Down Boot Hardware
      5. Locking Down Boot Loaders
        1. Back Up the Current Boot Loader
        2. Securing LILO
        3. Security and Traditional GRUB
        4. Security and GRUB 2.0
        5. Configure TrustedGRUB
      6. Challenges with a Standard Supported Kernel
        1. Questions with Standard Kernels
        2. Standard Virtual Machine Kernels
        3. Limits on Standard Kernels
      7. The Costs and Benefits of Obscurity
        1. Obscurity in the Boot Menus
        2. Obscurity in the Linux Boot Loader
        3. Obscurity in Other Linux Boot Configuration Files
        4. Obscurity in Services
      8. Basic Security and the Five Process Controls
        1. Nonrepudiation
        2. Confidentiality
        3. Privacy
        4. Integrity
        5. Alarm
      9. Best Practices: Basic Security
      10. CHAPTER SUMMARY
      11. KEY CONCEPTS AND TERMS
      12. CHAPTER 3 ASSESSMENT
    2. 4. User Privileges and Permissions
      1. The Shadow Password Suite
        1. /etc/passwd
        2. /etc/group
        3. /etc/shadow
        4. /etc/gshadow
        5. Defaults for the Shadow Password Suite
        6. Shadow Password Suite Commands
      2. A Variety of Choices with User Privileges
      3. Securing Groups of Users
        1. User Private Group Scheme
        2. Create a Special Group
      4. A Hierarchy of Administrative Privileges
        1. Administrative Privileges in Services
        2. The su and sg Commands
        3. Options with sudo and /etc/sudoers
          1. Basic Options in /etc/sudoers
          2. More Detailed Options with /etc/sudoers
          3. Use the sudo Command
      5. Regular and Special Permissions
        1. The Set User ID Bit
        2. The Set Group ID Bit
        3. The Sticky Bit
      6. Tracking Access Through Logs
        1. Authorization Log Options
        2. Authorization Log Files
      7. Pluggable Authentication Modules
        1. The Structure of a PAM Configuration File
        2. PAM Configuration for Users
      8. Authorizing Access with the PolicyKit
        1. How the PolicyKit Works
        2. PolicyKit Concepts
        3. More on the PolicyKit Configuration
        4. The PolicyKit and Local Authority
          1. The ck-history Command
          2. The ck-list-sessions Command
          3. The ck-launch-session Command
      9. Network User Verification Tools
        1. NIS If You Must
        2. LDAP Shares Authentication
      10. Best Practices: User Privileges and Permissions
      11. CHAPTER SUMMARY
      12. KEY CONCEPTS AND TERMS
      13. CHAPTER 4 ASSESSMENT
    3. 5. Filesystems, Volumes, and Encryption
      1. Filesystem Organization
        1. Filesystem Basics
        2. The Filesystem Hierarchy Standard (FHS)
        3. Good Volume Organization Can Help Secure a System
          1. The /boot/ Filesystem
          2. The /home/ Filesystem
          3. The /opt/ Filesystem
          4. The /srv/ Filesystem
          5. The /tmp/ Filesystem
          6. The /var/ Filesystem
        4. Read-Only Filesystems
      2. Journals, Formats, and File Sizes
        1. Partition Types
        2. The Right Format Choice
        3. Available Format Tools
      3. Using Encryption
        1. Encryption Tools
        2. Encrypted Files
          1. Encryption With a Passphrase
          2. Encryption with a Public/Private Key Pair
        3. Encrypted Directories
        4. Encrypted Partitions and Volumes
      4. Local File and Folder Permissions
        1. Basic File Ownership Concepts
        2. Basic File-Permission Concepts
        3. Changing File Permissions
      5. Networked File and Folder Permissions
        1. NFS Issues
          1. Basic NFS Security Issues
          2. NFS Permissions and Authentication
        2. Samba/CIFS Network Permissions
        3. Network Permissions for the vsFTP Daemon
      6. Filesystems and Quotas
        1. The Quota Configuration Process
        2. Quota Management
        3. Quota Reports
      7. Filesystems and Access Control Lists
        1. Configure a Filesystem for ACLs
        2. ACL Commands
        3. Configure Files and Directories with ACLs
      8. Best Practices: Filesystems, Volumes, and Encryption
      9. CHAPTER SUMMARY
      10. KEY CONCEPTS AND TERMS
      11. CHAPTER 5 ASSESSMENT
    4. 6. Every Service Is a Potential Risk
      1. Basic Bastion Hardening
        1. A Minimal Ubuntu Installation
        2. A Minimal Red Hat Installation
        3. Service Reviews
        4. Package Reviews
          1. The Dynamic Host Configuration Protocol Server Issue
          2. Installation and Removal on Red Hat Systems
          3. Installation and Removal on Ubuntu Systems
      2. Bastions in a Virtualized Environment
        1. Systems Customized for a Virtual Machine
        2. Virtual Machine Networks
      3. The Risks of Source Code and Development Tools
        1. Development Tools
        2. Build Packages
      4. Uninstalling Default Services
        1. Uninstall When Possible
        2. Deactivate if Still in Work
          1. Stop a Service
          2. Change the Service Defaults
          3. The update-rc.d Command
          4. The chkconfig Command
        3. Services in Question
      5. Managing Super Servers and Deactivating Service Scripts
        1. The Original Super Server
        2. The Extended Internet Super Server
        3. Regular Service Scripts
      6. Isolate with chroot Jails
      7. Avoid X Servers and X Clients Where Possible
        1. If You Must Have a GUI
        2. The Surprising Generic Text Tool
        3. Test with Text Tools
      8. The Risks of Productivity Tools
        1. Browsers
        2. Office Suites
        3. E-mail
      9. Best Practices: Service Deployment
      10. CHAPTER SUMMARY
      11. KEY CONCEPTS AND TERMS
      12. CHAPTER 6 ASSESSMENT
    5. 7. Networks, Firewalls, and More
      1. Services on Every TCP/IP Port
        1. Protocols and Numbers in /etc/services
        2. Protection by the Protocol and Number
      2. Obscurity and the Open Port Problem
        1. Obscure Ports
        2. Opening Obscure Open Ports
        3. Obscurity by Other Means
      3. Protect with TCP Wrappers
        1. What Services Are TCP Wrapped?
        2. Configure TCP Wrapper Protection
      4. Packet Filtering Firewalls
        1. Basic Firewall Commands
          1. The iptables Table Option
          2. Options and Directions for the iptables Command
          3. Packets and Patterns for the iptables Command
          4. Actions for the iptables Command
          5. Sample iptables Commands
          6. Additional iptables Rules
            1. Denial of Service Rules.
            2. Change Default Rules.
            3. Restrict the ping and Related Messages.
            4. Block Information from Suspicious IP Addresses.
            5. Slow attacks on SSH Services.
          7. The iptables Service
          8. Examples of Firewall-Management Tools
        2. A Firewall for the Demilitarized Zone (DMZ)
        3. A Firewall for the Internal Network
      5. Alternate Attack Vectors—Modems and More
        1. Attacks Through Nonstandard Connections
          1. The Telephone Modem and Related Devices
          2. Serial Ports
          3. Tracking Other Electromagnetic Output
        2. Attacks on Nonstandard Services
          1. The cron Service
          2. The at Service
      6. Wireless-Network Issues
        1. The OSSTMM Wireless Security Expert
        2. Default Wireless Hardware
        3. Linux and Wireless Hardware
        4. Cracks in Wireless Security
        5. Bluetooth Connections
      7. Security-Enhanced Linux (SELinux)
        1. The Power of SELinux
        2. Basic SELinux Configuration
        3. Configuration from the Command Line
        4. The SELinux Administration Tool
        5. The SELinux Troubleshooter
        6. SELinux Boolean Settings
          1. Admin
          2. Compatibility
          3. Cron
          4. CVS
          5. Databases
          6. FTP
          7. Games
          8. HTTPD Service
          9. Kerberos
          10. Memory Protection
          11. Mount
          12. Name Service
          13. NFS
          14. NIS
          15. Polyinstatiation
          16. pppd
          17. Printing
          18. rsync
          19. Samba
          20. SASL Authentication Server
          21. SELinux Service Protection
          22. SpamAssassin
          23. Squid
          24. SSH
          25. Universal SSL Tunnel
          26. User Privs
          27. Web Applications
          28. X Server
          29. Zebra
      8. Setting Up AppArmor Profiles
        1. Basic AppArmor Configuration
        2. AppArmor Configuration Files
          1. logprof.conf
            1. The [settings] Stanza.
            2. The [qualifiers] Stanza.
          2. notify.conf
          3. severity.db
          4. subdomain.conf
        3. AppArmor Profiles
        4. AppArmor Access Modes
        5. Sample AppArmor Profiles
        6. AppArmor Configuration and Management Commands
        7. An AppArmor Configuration Tool
      9. Best Practices: Networks, Firewalls, and TCP/IP Communications
      10. CHAPTER SUMMARY
      11. KEY CONCEPTS AND TERMS
      12. CHAPTER 7 ASSESSMENT
    6. 8. Networked Filesystems and Remote Access
      1. One System, One Shared Network Service
        1. Configure an NTP Server
        2. Install and Configure a Kerberos Server
        3. Basic Kerberos Configuration
        4. Additional Kerberos Configuration Options
      2. Secure NFS as if It Were Local
        1. Configure NFS Kerberos Tickets
        2. Configure NFS Shares for Kerberos
      3. Keeping vsFTP Very Secure
        1. Configuration Options for vsFTP
        2. Additional vsFTP Configuration Files
      4. Linux as a More Secure Windows Server
        1. Samba Global Options
          1. Network-Related Options
          2. Logging Options
          3. Standalone Server Options
          4. Domain Members Options
          5. Domain Controller Options
          6. Browser Control Options
          7. Name Resolution
          8. Printing Options
        2. Samba as a Primary Domain Controller (PDC)
      5. Make Sure SSH Stays Secure
        1. The Secure Shell Server
        2. The Secure Shell Client
          1. SSH Logins
          2. Secure SSH Copying
        3. Create a Secure Shell Passphrase
      6. Networks and Encryption
        1. Host-to-Host IPSec on Red Hat
        2. Host-to-Host IPSec on Ubuntu
        3. Network-to-Network IPSec on Red Hat
        4. Network-to-Network IPSec on Ubuntu
      7. When You "Must" Use Telnet
        1. Persuade Users to Convert to SSH
        2. Install More Secure Telnet Servers and Clients
      8. Remember the Modem
        1. The Basics of RADIUS
        2. RADIUS Configuration Files
      9. Moving Away from Clear-Text Access
        1. The Simple rsync Solution
        2. E-mail Clients
      10. Best Practices: Networked Filesystems and Remote Access
      11. CHAPTER SUMMARY
      12. KEY CONCEPTS AND TERMS
      13. CHAPTER 8 ASSESSMENT
    7. 9. Networked Application Security
      1. Web Services: Apache and Friends
        1. The LAMP Stack
          1. MySQL and Apache
          2. Apache and Scripting Languages
        2. Apache Modules
        3. Security-Related Apache Directives
          1. KeepAlive Directives
          2. Multi-Processing Modules (MPMs)
          3. An Apache User and Group
          4. Do Not Allow Overrides with .htaccess
          5. Do Not Allow Access to User Directories
          6. Minimize Available Options
        4. Configure Protection on a Web Site
        5. Configure a Secure Web site
        6. Configure a Certificate Authority
      2. Working with Squid
        1. Basic Squid Configuration
        2. Security-Related Squid Directives
        3. Limit Remote Access with Squid
      3. DNS: BIND and More
        1. The Basics of DNS on the Internet
        2. DNS Network Configuration
        3. Secure BIND Configuration
        4. A BIND Database
        5. DNS Targets to Protect
      4. Mail Transfer Agents: sendmail, Sendmail, Postfix, and More
        1. Open Source sendmail
        2. Commercial Sendmail
        3. The Postfix Alternative
        4. Dovecot for POP and IMAP
        5. More E-mail Services
      5. If You Asterisk
        1. Basic Asterisk Configuration
        2. Security Risks with Asterisk
          1. Denial of Service on Asterisk
          2. Asterisk Authentication
          3. More Asterisk Security Options
      6. Limit Those Printers
        1. Printer Administrators
        2. Shared Printers
        3. Remote Administration
        4. The CUPS Administrative Tool
      7. Protect Your Time Services
      8. Options for Obscurity: Different Ports, Alternative Services
      9. Best Practices: Networked Application Security
      10. CHAPTER SUMMARY
      11. KEY CONCEPTS AND TERMS
      12. CHAPTER 9 ASSESSMENT
    8. 10. Kernel Security Risk Mitigation
      1. Functional Kernels for Your Distribution
        1. Kernels by Architecture
        2. Kernels for Different Functions
      2. The Stock Kernel
        1. Kernel Numbering Systems
        2. Production Releases and More
        3. Download the Stock Kernel
      3. Stock Kernel Patches and Upgrades
      4. Security and Kernel Update Issues
        1. Stock Kernel Security Issues
        2. Distribution-Specific Kernel Security Issues
        3. Installing an Updated Kernel
      5. Kernel Development Software
        1. Red Hat Kernel Development Software
        2. Ubuntu Kernel Development Software
      6. Kernel Development Tools
        1. Before Customizing a Kernel
        2. Start the Kernel Customization Process
        3. Kernel Configuration Options
          1. General Setup
          2. Enable Loadable Module Support
          3. Enable the Block Layer
          4. Processor Type and Features
          5. Power Management and ACPI Options
          6. Bus Options
          7. Executable File Formats/Emulations
          8. Networking Support
          9. Device Drivers
          10. Firmware Drivers
          11. Filesystems
          12. Kernel Hacking
          13. Security Options
          14. Cryptographic API
          15. Virtualization
          16. Library Routines
      7. Build Your Own Secure Kernel
        1. Download Kernel Source Code
          1. Download Ubuntu Kernel Source Code
          2. Download Red Hat Kernel Source Code
        2. Install Required Development Tools
        3. Navigate to the Directory with the Source Code
        4. Open a Kernel Configuration Tool
        5. Compile the Kernel with the New Custom Configuration
          1. Compile a Kernel on Ubuntu Systems
          2. Compile a Kernel on Red Hat Systems
          3. Compile a Stock Kernel
        6. Install the New Kernel and More
        7. Check the Bootloader
        8. Test the Result
      8. Kernels and the /proc/ Filesystem
        1. Don't Reply to Broadcasts
        2. Protect from Bad ICMP Messages
        3. Protect from SYN Floods
        4. Activate Reverse Path Filtering
        5. Close Access to Routing Tables
        6. Avoid Source Routing
        7. Don't Pass Traffic Between Networks
        8. Log Spoofed, Source-Routed, and Redirected Packets
      9. Best Practices: Kernel Security Risk Mitigation
      10. CHAPTER SUMMARY
      11. KEY CONCEPTS AND TERMS
      12. CHAPTER 10 ASSESSMENT
  7. THREE. Building a Layered Linux Security Strategy
    1. 11. Managing Security Alerts and Updates
      1. Keep Up to Speed with Distribution Security
        1. Red Hat Alerts
          1. Red Hat Enterprise Linux
          2. CentOS Linux
          3. Fedora Linux
        2. Ubuntu Alerts
      2. Keep Up to Speed with Application Security
        1. User Applications
        2. The OpenOffice.org Suite
          1. Web Browsers
          2. Adobe Applications
        3. Service Applications
          1. The Apache Web Server
          2. The Samba File Server
          3. File Transfer Protocol Servers
      3. Linux Has Antivirus Systems Too
        1. The Clam AntiVirus System
        2. AVG Antivirus Option
        3. The Kaspersky Antivirus Alternative
        4. SpamAssassin
        5. Detecting Other Malware
      4. Get Into the Details with Bug Reports
        1. Ubuntu's Launchpad
        2. Red Hat's Bugzilla
        3. Application-Specific Bug Reports
          1. GNOME Project Bugs
          2. KDE Project Bugs
          3. Other Applications
        4. Service-Specific Bug Reports
          1. Apache
          2. Squid
          3. Samba
          4. vsFTP
      5. Security in an Open Source World
        1. The Institute for Security and Open Methodologies
        2. The National Security Agency
        3. The Free Software Foundation
        4. User Procedures
      6. Automated Updates or Analyzed Alerts
        1. Do You Trust Your Distribution?
        2. Do You Trust Application Developers?
        3. Do You Trust Service Developers?
      7. Linux Patch Management
        1. Standard yum Updates
          1. Updates on Fedora
          2. Updates on Red Hat Enterprise Linux
        2. Standard apt-* Updates
      8. Options for Update Managers
        1. How to Configure Automated Updates
          1. Automatic Ubuntu Updates
          2. Automatic Red Hat Updates
        2. Pushing or Pulling Updates
        3. Local or Remote Repositories
        4. Configure a Local Repository
      9. Commercial Update Managers
        1. The Red Hat Network
          1. Red Hat Satellite
          2. Red Hat Proxy
        2. Canonical Landscape
        3. Novell's ZENworks
      10. Open Source Update Managers
        1. Various apt-* Commands
        2. Various yum Commands
        3. Red Hat Spacewalk
      11. Best Practices: Security Operations Management
      12. CHAPTER SUMMARY
      13. KEY CONCEPTS AND TERMS
      14. CHAPTER 11 ASSESSMENT
    2. 12. Building and Maintaining a Security Baseline
      1. Configure a Simple Baseline
        1. A Minimal Red Hat Baseline
        2. A Minimal Ubuntu Baseline
      2. Read-Only or a Live Bootable Operating System
        1. Appropriate Read-Only Filesystems
        2. Live CDs and DVDs
      3. Update the Baseline
        1. A Gold Baseline
          1. Security Updates
          2. Functional Updates
        2. Baseline Backups
      4. Monitor Local Logs
        1. The System and Kernel Log Services
          1. The Ubuntu Log Configuration
          2. The Red Hat Log Configuration
        2. Logs from Individual Services
          1. CUPS Logs
          2. Apache Logs
          3. Samba Logs
      5. Consolidate and Secure Remote Logs
        1. Default RSyslog Configuration
        2. The Standard RSyslog Configuration File
          1. RSyslog Modules
          2. RSyslog Global Directives
          3. RSyslog Configuration Rules
          4. RSyslog Incorporates Syslog Configuration Rules
      6. Identify a Baseline System State
        1. Collect a List of Packages
        2. Compare Files, Permissions, and Ownership
        3. Define the Baseline Network Configuration
        4. Collect Runtime Information
      7. Check for Changes with Integrity Scanners
        1. Tripwire
        2. Advanced Intrusion Detection Environment (AIDE)
      8. Best Practices: Build and Maintain a Secure Baseline
      9. CHAPTER SUMMARY
      10. KEY CONCEPTS AND TERMS
      11. CHAPTER 12 ASSESSMENT
    3. 13. Testing and Reporting
      1. Test Every Component of a Layered Defense
        1. Test a Firewall
        2. Test Various Services
          1. Test TCP Wrappers Services
          2. Test Apache
          3. Test Samba
          4. Testing Other Services
          5. After Service Tests Are Complete
        3. Test Passwords
        4. Test Mandatory Access Control Systems
      2. Check for Open Network Ports
        1. The telnet Command
        2. The netstat Command
        3. The lsof Command
        4. The nmap Command
          1. Target Specification
          2. Host Discovery
          3. Scan Techniques
          4. Port Specification and Scan Order
          5. Service Version Detection
          6. Operating System Detection
            1. Authentication (auth).
            2. Default.
            3. Discovery.
            4. Denial of Service and exploit.
            5. External.
            6. Fuzzer.
            7. Intrusive.
            8. Malware.
            9. Safe.
            10. Version.
            11. Vulnerability (vuln).
      3. Run Integrity Checks of Installed Files and Executables
        1. Verify a Package
          1. Verifying Ubuntu/Debian Packages
          2. Verifying Red Hat Packages
        2. Perform a Tripwire Check
        3. Test with the Advanced Intrusion Detection Environment (AIDE)
          1. Ubuntu AIDE
          2. Red Hat AIDE
      4. Make Sure Security Does Not Prevent Legitimate Access
        1. Reasonable Password Policies
        2. Allow Access from Legitimate Systems
      5. Monitor That Virtualized Hardware
        1. Virtual Machine Hardware
        2. Virtual Machine Options
        3. Monitoring the Kernel-Based Virtual Machine (KVM)
      6. Standard Open Source Security Testing Tools
        1. Snort
          1. Sniffer Mode
          2. Packet Logger Mode
          3. Network IDS Mode
          4. Inline Mode
        2. Netcat and the nc Command
      7. Commercial Security Test Tools for Linux
        1. Nessus
        2. System Administrator's Integrated Network Tool (SAINT)
      8. The Right Place to Install Security Testing Tools
        1. Hint: Not Where Crackers Can Use Them Against You
        2. Some Tools Already Available on Live CDs
      9. Best Practices: Testing and Reporting
      10. CHAPTER SUMMARY
      11. KEY CONCEPTS AND TERMS
      12. CHAPTER 13 ASSESSMENT
    4. 14. Detecting and Responding to Security Breaches
      1. Regular Performance Audits
        1. The Basic Tools: ps and top
        2. The System Status Package
        3. For Additional Analysis
          1. Analyze Processes with lsof
          2. Identify Associated Libraries with ldd
          3. Trace System Calls with strace
      2. Make Sure Users Stay Within Secure Limits
        1. Appropriate Policies
        2. Education
        3. User Installation of Problematic Services
      3. Log Access into the Network
        1. Identify Users Who Have Logged In
        2. System Authentication Logs
      4. Monitor Account Behavior for Security Issues
        1. Downloaded Packages and Source Code
        2. Executable Files
      5. Create an Incident Response Plan
        1. Increased Vigilance
        2. Keep the System On (At Least for Now)
      6. Have Live Linux CDs Ready for Forensics Purposes
        1. Media to Recover Dynamic Data from Compromised Systems
          1. Helix Live Response
          2. The Sleuth Kit
          3. Master Key Linux
          4. Build Your Own Media
        2. Forensic Live Media
      7. When You Put Your Plan into Action
        1. Confirm the Breach
        2. Identify Compromised Systems
        3. Have Gold Replacement Systems in Place
      8. Backup and Recovery Tools
        1. Disk Images for Later Investigation
        2. The rsync Command
        3. Mount Encrypted Filesystems
      9. The Right Way to Save Compromised Data as Evidence
        1. Basic Principles for Evidence
        2. Remember the Dynamic Data
        3. Preserve the Hard Disks
      10. Disaster Recovery from a Security Breach
        1. Determine What Happened
        2. Prevention
        3. Replacement
      11. Open Source Security Works Only If Everyone Shares
        1. If the Security Issue Is Known
        2. If the Security Issue Has Not Been Reported
      12. Best Practices: Security Breach Detection and Response
      13. CHAPTER SUMMARY
      14. KEY CONCEPTS AND TERMS
      15. CHAPTER 14 ASSESSMENT
    5. 15. Best Practices and Emerging Technologies
      1. Maintain a Gold Baseline
        1. Monitor Security Reports
        2. Work Through Updates
        3. Recalibrate System Integrity
      2. Redundancy Can Help Ensure Availability
        1. A Gold Physical Baseline
        2. A Gold Virtual Baseline Host
          1. Hardware Requirements for a Gold Virtual Host
          2. A Gold Baseline Virtual Guest
        3. Service-Specific Gold Baseline Systems
      3. Trust But Verify Corporate Support
        1. Red Hat Support Options
        2. Canonical Support Options
        3. Open Source Community Support
      4. Check Conformance with Security Policies
        1. User Security
        2. Administrator Security
      5. Keep the Linux Operating System Up to Date
        1. Baseline Updates
        2. Functional Bugs
        3. New Releases
      6. Keep Distribution-Related Applications Up to Date
        1. Server Applications
          1. Install a New Distribution Release
          2. Install the New Release from Source Code
        2. Desktop Applications
      7. Manage Third-Party Applications Carefully
        1. Licensing Issues
          1. Non-Open Source Licenses
          2. Software with Different Legal Issues
        2. Support Issues
      8. When Possible, Share Problems and Solutions with the Community
        1. Which Community?
        2. Share with Developers
        3. Share on Mailing Lists
      9. Test New Components Before Putting Them into Production
        1. Test Updates
        2. Document Results
        3. Beta Testing
      10. Future Trends in Linux Security
        1. A New Firewall Command
        2. More Mandatory Access Controls
          1. Application Armor (AppArmor)
          2. Security Enhanced Linux (SELinux)
        3. Penetration Testing Tools
        4. Single Sign-On
      11. CHAPTER SUMMARY
      12. KEY CONCEPTS AND TERMS
      13. CHAPTER 15 ASSESSMENT
  8. A. Answer Key
  9. B. Standard Acronyms
  10. Glossary of Key Terms
  11. References