Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Mastering Linux Security and Hardening
  • Table Of Contents Toc
  • Feedback & Rating feedback
Mastering Linux Security and Hardening

Mastering Linux Security and Hardening

By : Donald A. Tevault
3.9 (7)
Buy this Book
close
close
Mastering Linux Security and Hardening

Mastering Linux Security and Hardening

3.9 (7)
By: Donald A. Tevault
Buy this Book

Overview of this book

This book has extensive coverage of techniques that will help prevent attackers from breaching your system, by building a much more secure Linux environment. You will learn various security techniques such as SSH hardening, network service detection, setting up firewalls, encrypting file systems, protecting user accounts, authentication processes, and so on. Moving forward, you will also develop hands-on skills with advanced Linux permissions, access control, special modes, and more. Lastly, this book will also cover best practices and troubleshooting techniques to get your work done efficiently. By the end of this book, you will be confident in delivering a system that will be much harder to compromise.
Table of Contents (12 chapters)
close
close
close
Preface
chevron up
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Get in touch
Free Chapter
1
Running Linux in a Virtual Environment
Icon
Running Linux in a Virtual Environment
Icon
The threat landscape
Icon
Keeping up with security news
Icon
Introduction to VirtualBox and Cygwin
Icon
Using Cygwin to connect to your virtual machines
Icon
Summary
2
Securing User Accounts
Icon
Securing User Accounts
Icon
The dangers of logging in as the root user
Icon
The advantages of using sudo
Icon
Setting up sudo privileges for full administrative users
Icon
Setting up sudo for users with only certain delegated privileges
Icon
Advanced tips and tricks for using sudo
Icon
Locking down users' home directories the Red Hat or CentOS way
Icon
Locking down users' home directories the Debian/Ubuntu way
Icon
Enforcing strong password criteria
Icon
Setting and enforcing password and account expiration
Icon
Preventing brute-force password attacks
Icon
Locking user accounts
Icon
Setting up security banners
Icon
Summary
3
Securing Your Server with a Firewall
Icon
Securing Your Server with a Firewall
Icon
An overview of iptables
Icon
Uncomplicated Firewall for Ubuntu systems
Icon
firewalld for Red Hat systems
Icon
nftables – a more universal type of firewall system
Icon
Summary
4
Encrypting and SSH Hardening
Icon
Encrypting and SSH Hardening
Icon
GNU Privacy Guard
Icon
Encrypting partitions with Linux Unified Key Setup – LUKS
Icon
Encrypting directories with eCryptfs
Icon
Using VeraCrypt for cross-platform sharing of encrypted containers
Icon
Ensuring that SSH protocol 1 is disabled
Icon
Creating and managing keys for password-less logins
Icon
Disabling root user login
Icon
Disabling username/password logins
Icon
Setting up a chroot environment for SFTP users
Icon
Summary
5
Mastering Discretionary Access Control
Icon
Mastering Discretionary Access Control
Icon
Using chown to change ownership of files and directories
Icon
Using chmod to set permissions values on files and directories
Icon
Using SUID and SGID on regular files
Icon
The security implications of the SUID and SGID permissions
Icon
Using extended file attributes to protect sensitive files
Icon
Summary
6
Access Control Lists and Shared Directory Management
Icon
Access Control Lists and Shared Directory Management
Icon
Creating an access control list for either a user or a group
Icon
Creating an inherited access control list for a directory
Icon
Removing a specific permission by using an ACL mask
Icon
Using the tar --acls option to prevent the loss of ACLs during a backup
Icon
Creating a user group and adding members to it
Icon
Creating a shared directory
Icon
Setting the SGID bit and the sticky bit on the shared directory
Icon
Using ACLs to access files in the shared directory
Icon
Summary
7
Implementing Mandatory Access Control with SELinux and AppArmor
Icon
Implementing Mandatory Access Control with SELinux and AppArmor
Icon
How SELinux can benefit a systems administrator
Icon
Setting security contexts for files and directories
Icon
Troubleshooting with setroubleshoot
Icon
Working with SELinux policies
Icon
How AppArmor can benefit a systems administrator
Icon
Looking at AppArmor profiles
Icon
Working with AppArmor command-line utilities
Icon
Troubleshooting AppArmor problems
Icon
Summary
8
Scanning, Auditing, and Hardening
Icon
Scanning, Auditing, and Hardening
Icon
Installing and updating ClamAV and maldet
Icon
Scanning with ClamAV and maldet
Icon
SELinux considerations
Icon
Scanning for rootkits with Rootkit Hunter
Icon
Controlling the auditd daemon
Icon
Creating audit rules
Icon
Using ausearch and aureport
Icon
Applying OpenSCAP policies with oscap
Icon
Using SCAP Workbench
Icon
More about OpenSCAP profiles
Icon
Applying an OpenSCAP profile during system installation
Icon
Summary
9
Vulnerability Scanning and Intrusion Detection
Icon
Vulnerability Scanning and Intrusion Detection
Icon
Looking at Snort and Security Onion
Icon
Scanning and hardening with Lynis
Icon
Finding vulnerabilities with OpenVAS
Icon
Web server scanning with Nikto
Icon
Summary
10
Security Tips and Tricks for the Busy Bee
Icon
Security Tips and Tricks for the Busy Bee
Icon
Auditing system services
Icon
Password-protecting the GRUB 2 bootloader
Icon
Securely configuring BIOS/UEFI
Icon
Using a security checklist for system setup
Icon
Summary
11
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Leave a review – let other readers know what you think

What this book covers

Chapter 1, Running Linux in a Virtual Environment, gives an overview of the IT security landscape, and will inform the reader of why learning Linux security would be a good career move. We'll also cover how to set up a lab environment for performing hands-on exercises. We'll also show how to set up a virtualized lab environment for performing the hands-on labs.

Chapter 2, Securing User Accounts, covers the dangers of always using the root user account, and will introduce the benefits of using sudo, instead. We'll then cover how to lock down normal user accounts, and ensure that the users use good-quality passwords.

Chapter 3, Securing Your Server with a Firewall, involves working with the various types of firewall utilities.

Chapter 4, Encrypting and SSH Hardening, makes sure that important information—both at rest and in transit—are safeguarded with proper encryption. For data-in-transit, the default Secure Shell configuration is anything but secure, and could lead to a security breach if left as is. This chapter shows how to fix that.

Chapter 5, Mastering Discretionary Access Control, covers how to set ownership and permissions on files and directories. We'll also cover what SUID and SGID can do for us, and the security implications of using them. We'll wrap things up by covering Extended File Attributes.

Chapter 6, Access Control Lists and Shared Directory Management, explains that normal Linux file and directory permissions settings aren't very granular. With Access Control Lists, we can allow only a certain person to access a file, or we can allow multiple people to access a file with different permissions for each person. We're also going to put what we've learned together in order to manage a shared directory for a group.

Chapter 7, Implementing Mandatory Access Control with SELinux and AppArmor, talks about SELinux, which is a Mandatory Access Control technology that is included with Red Hat-type Linux distros. We'll give a brief introduction here about how to use SELinux to prevent intruders from compromising a system. AppArmor is another Mandatory Access Control technology that is included with Ubuntu and Suse-type Linux distros. We'll give a brief introduction here about how to use AppArmor to prevent intruders from compromising a system.

Chapter 8, Scanning, Auditing, and Hardening, discusses that viruses aren't yet a huge problem for Linux users, but they are for Windows users. If your organization has Windows clients that access Linux fileservers, then this chapter is for you. You can use auditd to audit, which accesses either files, directories, or system calls. It won't prevent security breaches, but it will let you know if some unauthorized person is trying to access a sensitive resource. SCAP, the Security Content Application Protocol, is a compliance framework that's promulgated by the National Institute of Standards and Technology. OpenSCAP, the open source implementation, can be used to apply a hardening policy to a Linux computer.

Chapter 9, Vulnerability Scanning and Intrusion Detection, explains how to scan our systems to see if we've missed anything since we've already learned how to configure our systems for best security. We'll also take a quick look at an intrusion detection system.

Chapter 10, Security Tips and Tricks for the Busy Bee, explains that since you're dealing with security, we know that you're a busy bee. So, the chapter introduces you to some quick tips and tricks to help make the job easier.

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
Start a 7-day FREE trial
Next Section

Create a Note

Modal Close icon
You need to login to use this feature.
notes
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Delete Note

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Edit Note

Modal Close icon
Write a note (max 255 characters)
Cancel
Update Note

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY