Linux_Administrator_Security_Guide.pdf

Linux Administrator’s Security Guide

LASG - 0.1.7

Available at: https://www.seifried.org/lasg/ or http://www.seifried.org/lasg/.

This document is free for most non commercial uses, the license follows the table of contents,

please read it if you have any concerns. If you have any questions email seifried@seifried.org.

A mailing list is available, send an email to Majordomo@lists.seifried.org, with "subscribe

lasg-announce" in the body (no quotes) and you will be automatically added.

Table of contents

License

Preface

Forward by the author

Contributing

What this guide is and isn't

How to determine what to secure and how to secure it

Safe installation of Linux

Choosing your install media

It ain't over 'til...

General concepts, server versus workstations, etc

Physical / Boot security

Physical access

The computer BIOS

LILO

The Linux kernel

Upgrading and compiling the kernel

Kernel versions

Administrative tools

Access

Local

Telnet

SSH

LSH

REXEC

NSH

Slush

SSL Telnet

Fsh

secsh

YaST

sudo

Super

runas

Remote

Webmin

Linuxconf

COAS

PAM

System Files

/etc/passwd

/etc/shadow

/etc/groups

/etc/gshadow

/etc/login.defs

/etc/shells

/etc/securetty

Log files and other forms of monitoring

General log security

sysklogd / klogd

secure-syslog

next generation syslog

Nsyslogd

Log monitoring

Psionic Logcheck

colorlogs

WOTS

swatch

Kernel logging

auditd

Shell logging

bash

Password security

Cracking passwords

John the ripper

Crack

Saltine cracker

VCU

Software Management

RPM

dpkg

tarballs / tgz

Checking file integrity

RPM

dpkg

PGP

MD5

Automatic updates

RPM

AutoRPM

rhlupdate

RpmWatch

dpkg

apt

tarballs / tgz

Tracking changes

installwatch

instmon

Converting formats

alien

slurp

File / Filesystem security

Secure file deletion

wipe (durakb@crit2.univ-montp2.fr)

wipe (thomassr@erols.com)

Access control lists (ACL’s)

Linux trustees (ACL) project

User security and limitation

PAM

Bash

Quota

ttysnoop

TCP-IP and network security

IPSec

IPv6

TCP-IP attack programs

HUNT Project

Monitoring users

UserIPAcct

PPP security

IP Security (IPSec)

IPSec network setup

Manual connection keying

Automatic connection keying

Commercial IPSec products

Routing

routed

gated

zebra

Basic network service security

What is running and who is it talking to?

PS Output

Netstat Output

lsof

Basic network services config files

inetd.conf

TCP_WRAPPERS

Network services

Telnetd

SSHD

Fresh Free FiSSH

Tera Term

putty

mindterm

LSH

Secure CRT

RSH, REXEC, RCP

Webmin

FTP

WU-FTPD

ProFTPD

NcFTPD

HTTP / HTTPS

Apache / Apache-SSL

Red Hat Secure Server

Roxen

AOL Server

SQUID

squidGuard

DeleGate

SMTP

Sendmail

Qmail

Postfix

Zmailer

DMail

POPD

WU IMAPD (stock popd)

Cyrus

IDS POP

Qpopper

IMAPD

WU IMAPD (stock imapd)

Cyrus

WWW based email readers

Non Commercial

IMP

AtDot

acmemail

IMHO

Commercial

DmailWeb

WebImap

Coconut WebMail Pro

DNS

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: