Synopses & Reviews
Linux consistently appears high up in the list of popular Internet servers, whether it's for the Web, anonymous FTP, or general services such as DNS and delivering mail. But security is the foremost concern of anyone providing such a service. Any server experiences casual probe attempts dozens of time a day, and serious break-in attempts with some frequency as well.This highly regarded book, originally titled Building Secure Servers with Linux, combines practical advice with a firm knowledge of the technical tools needed to ensure security. The book focuses on the most common use of Linux--as a hub offering services to an organization or the Internet--and shows readers how to harden their hosts against attacks. An all-inclusive resource for Linux users who wish to harden their systems, Linux Server Security covers general security such as intrusion detection and firewalling a hub, as well as key services such as DNS, the Apache Web server, mail, and secure shell.Author Michael D. Bauer, a security consultant, network architect, and lead author of the popular Paranoid Penguin column in the Linux Journal, carefully outlines the security risks, defines precautions that can minimize those risks, and offers recipes for robust security. He is joined on several chapters by administrator and developer Bill Lubanovic.A number of new security topics have been added for this edition, including:
- Database security, with a focus on MySQL
- Using OpenLDAP for authentication
- An introduction to email encryption
- The Cyrus IMAP service, a popular mail delivery agent
- The vsftpd FTP server
Geared toward Linux users with little security expertise, the author explains security concepts and techniques in clear language, beginning with the fundamentals. Linux Server Security
with Linux provides a unique balance of "big picture" principles that transcend specific software packages and version numbers, and very clear procedures on securing some of those software packages on several popular distributions. With this book in hand, you'll have both the expertise and the tools to comprehensively secure your Linux system.
Now the preferred alternative to the Unix and Microsoft Windows operating systems, Linux is being used increasingly in corporate settings to run servers on complex enterprise networks. In fact, more companies then ever before are using Linux to provide Internet services such as HTTP and Anonymous FTP to the world at large. As a result of Linux's widespread growth, more and more network administrators and developers are counting on its security and reliability. And Linux Server Security, 2nd Edition is the one book they can turn to for all of their Linux server security questions. The book expertly conveys to new users what experienced Linux gurus already know--the tricks of the trade that help them avoid serious security breaches. Thoroughly updated and refreshed, this must-have book lets the good guys stay one step ahead of potential adversaries. Packed with examples and contextual background, Linux Server Security, 2nd Edition helps administrators, developers, and other Linux users understand all the complex issues involved. It also covers both background theory and practical step-by-step instructions for protecting a server that runs Linux. This includes the following important services: firewallingDNSmailApacheremote administration other common servicesThis intelligently revised second edition also features coverage of LDAP, MySQL, POstgreSQL, and Mail Delivery Agents. Written by Linux security expert Michael Bauer, Linux Server Security, 2nd Edition provides users with all the hands-on knowledge they need to create a safer, more secure system.
About the Author
Michael D. (Mick) Bauer, CISSP, is Network Security Architect for alarge financial services provider. He is also Security Editor forLinux Journal Magazine, and author of its monthly "Paranoid Penguin" security column. Mick's areas of expertise include Linux security and general Unix security, network (TCP/IP) security, security assessment, and the development of security policies and awareness programs.
Table of Contents
Copyright; Dedication; Preface; What This Book Is About; The Paranoid Penguin Connection; The Second Edition; Audience; What This Book Doesn't Cover; Assumptions This Book Makes; Organization of This Book; Conventions Used in This Book; Safari® Enabled; How to Contact Us; Using Code Examples; Acknowledgments; Chapter 1: Threat Modeling and Risk Management; 1.1 Components of Risk; 1.2 Simple Risk Analysis: ALEs; 1.3 An Alternative: Attack Trees; 1.4 Defenses; 1.5 Conclusion; 1.6 Resources; Chapter 2: Designing Perimeter Networks; 2.1 Some Terminology; 2.2 Types of Firewall and DMZ Architectures; 2.3 Deciding What Should Reside on the DMZ; 2.4 Allocating Resources in the DMZ; 2.5 The Firewall; Chapter 3: Hardening Linux and Using iptables; 3.1 OS Hardening Principles; 3.2 Automated Hardening with Bastille Linux; Chapter 4: Secure Remote Administration; 4.1 Why It's Time to Retire Cleartext Admin Tools; 4.2 Secure Shell Background and Basic Use; 4.3 Intermediate and Advanced SSH; Chapter 5: OpenSSL and Stunnel; 5.1 Stunnel and OpenSSL: Concepts; Chapter 6: Securing Domain Name Services (DNS); 6.1 DNS Basics; 6.2 DNS Security Principles; 6.3 Selecting a DNS Software Package; 6.4 Securing BIND; 6.5 djbdns; 6.6 Resources; Chapter 7: Using LDAP for Authentication; 7.1 LDAP Basics; 7.2 Setting Up the Server; 7.3 LDAP Database Management; 7.4 Conclusions; 7.5 Resources; Chapter 8: Database Security; 8.1 Types of Security Problems; 8.2 Server Location; 8.3 Server Installation; 8.4 Database Operation; 8.5 Resources; Chapter 9: Securing Internet Email; 9.1 Background: MTA and SMTP Security; 9.2 Using SMTP Commands to Troubleshootand Test SMTP Servers; 9.3 Securing Your MTA; 9.4 Sendmail; 9.5 Postfix; 9.6 Mail Delivery Agents; 9.7 A Brief Introduction to Email Encryption; 9.8 Resources; Chapter 10: Securing Web Servers; 10.1 Web Security; 10.2 The Web Server; 10.3 Web Content; 10.4 Web Applications; 10.5 Layers of Defense; 10.6 Resources; Chapter 11: Securing File Services; 11.1 FTP Security; 11.2 Other File-Sharing Methods; 11.3 Resources; Chapter 12: System Log Management and Monitoring; 12.1 syslog; 12.2 Syslog-ng; 12.3 Testing System Logging with logger; 12.4 Managing System Logfiles with logrotate; 12.5 Using Swatch for Automated Log Monitoring; 12.6 Some Simple Log-Reporting Tools; 12.7 Resources; Chapter 13: Simple Intrusion Detection Techniques; 13.1 Principles of Intrusion Detection Systems; 13.2 Using Tripwire; 13.3 Other Integrity Checkers; 13.4 Snort; 13.5 Resources; Appendix A: Two Complete iptables Startup Scripts; Colophon;