Hardening Linux by James Turnbull belongs on the shelf of anyone who installs and maintains Linux servers.-- Ray Lodato, Slashdot ContributorHardening is the process of protecting a system and its applications against unknown threats. Hardening Linux identifies many of the risks of running Linux hosts and applications and provides practical examples and methods to minimize those risks. The book is written for Linux/UNIX administrators who do not necessarily have in-depth knowledge of security but need to know how to secure their networks.

In this book, you'll learn how to secure: The base operating system and firewall with iptablesConnections to your hostsFie systems and filesEmail serversIMAP and POP serversFTP servers

A quick reference of the procedures discussed in each chapter are summarized in Appendix C.

Intended for Linux administrators, this guide shows how to protect Linux hosts, the base Linux operating system, and some of the common applications run on Linux hosts. Turnball, who is a security consultant for the Commonwealth Bank of Australia, identifies the risks associated with running Linux and provides configurations and examples for securing firewalls, connections, file systems, e-mail servers, remote access to e-mail, FTP servers, and DNS services.
Annotation ©2004 Book News, Inc., Portland, OR (booknews.com)

Hardening Linux by James Turnbull belongs on the shelf of anyone who installs and maintains Linux servers. — Ray Lodato, Slashdot Contributor

I felt like I learned more about Linux reading this book than I've learned during the last year at work. — Lasse Koskela, JavaRanch Sheriff

I think Hardening Linux may be the best example I've seen of a practical book on the subject. — Anomaly - G. Wade Johnson

I was a bit surprised when I scanned the table of contents. The first thought in my head was, 'hey, this has everything in it.' And it does. — Joe Topjian, Adminspotting.net

Hardening is the process of protecting a system and its applications against unknown threats. Hardening Linux identifies many of the risks of running Linux hosts and applications and provides practical examples and methods to minimize those risks. The book is written for Linux/UNIX administrators who do not necessarily have in-depth knowledge of security but need to know how to secure their networks.

In this book, you'll learn how to secure: The base operating system and firewall with iptables Connections to your hosts Fie systems and files Email servers IMAP and POP servers FTP servers

A quick reference of the procedures discussed in each chapter are summarized in Appendix C.

"Hardening" is the process of protecting a system and its applications against unknown threats. And Hardening Linux will explain the main steps that any Network or Systems Administrator needs to take, to protect his computers that run on Linux. This book discusses security of mail servers, web servers, and file servers, as well as hardening IP tables and remote access functionality.

Written in a similar manner to Hardening Windows and Hardening Apache, complete with checklists and reference-style chapters, Hardeing Linux shows Apress¿ commitment to publishing books that appeal to the security professional.

Introduction

Who should buy this book?

Why buy this book?

Security Fundamentals

Risk Assessment ¿ Who is going to attack me?

Types of attackers

Internal versus External attacks

Mitigating Risk

Security Doctrine

Patch now, patch often

Minimalism is good

Keeping informed

Logging is your friend

 

Installing Linux securely

Installing Linux securely

Step-by-step example

Finalising your installation

Keeping your installation up-to-date

Operating system security

Boot security

Grub

Boot password security

Booting file systems securely

Kernel security

Compiling your own kernel

Sysctl

Flags

Users and Groups

Logins and Passwords

Sudo

Chroot

Components of a chroot jail

Using the jail

Development Tools

Preparation

How to compile packages

Securing the tools

 

Firewalling

Firewall basics

Network architecture & design

The DMZ

Iptables

Configuring

Testing your configuration

Some firewalling examples

Mail server

Web server

MySQL server

Firewall logging & analysis

Securing connections

SSH

Stunnel

Inetd/xinetd

tcpwrappers

PAM

Kerberos

Radius and FreeRadius

Securing files and file systems

File & directory level security

Permissions

Ownership

ACLs

File Integrity

PGP and signatures

MD5 sums

Tripwire

NFS and why not to use it

Alternatives to NFS

Logging

Why log?

What do you need to know?

Syslog

Syslog-ng

Log Rotation

Centralised logging

Logging securely using SSL?

Log analysis ¿ SEC, Swatch, Logwatch and Logcheck

Where do I learn more about logging?

Testing your security

Testing internal security

CIS Scan

Testing external security

Nmap

Nessus

Mail Transfer Agents

What is a mail server?

Why would I install a mail server?

Where do I put my mail server?

Choosing the right mail server for you

Sendmail

Postfix

Other flavours

Introduction to Postfix

Getting Postfix

Compiling & Installing Postfix

Configuring Postfix

Logging for Postfix

Where do I learn more about Postfix?

Apache Web Server

What is a web server?

Why would I install a web server?

Where do I put my web server?

Apache (2.0.x)

Getting Apache

Compiling & Installing Apache

Configuring Apache

Httpd.conf

.htaccess

Chrooting Apache

Using Apache with SSL

Logging for Apache

httpd logging

Syslog logging

Statistics logging (Webalizer)

Where do I learn more about Apache?

FTP Server

What is a FTP server?

Why would I install a FTP server?

Where do I put my FTP server?

Getting ftpd

Compiling & Installing ftpd

Configuring ftpd

Logging for ftpd

Where do I learn more about ftpd?

Squid Proxy Server

What is a proxy server?

Introduction to proxies and caching

Why would I install a proxy server?

Squid

Getting Squid

Compiling & Installing Squid

Configuring Squid

Chrooting squid

Sizing your proxy cache

ACLs

Logging for Squid

Where do I learn more about Squid?

DNS / Bind

What is Bind?

Introduction to DNS

Why would I install a Bind server?

Where do I put my Bind server?

Choosing the right Bind server for you

ISC Bind

djbdns

Other flavours

Introduction to ISC Bind

Getting ISC Bind

Compiling & Installing ISC Bind

Configuring ISC Bind

Chroot

Views

Administering ISC Bind

Rndc

Other tools

Logging for ISC Bind

Where do I learn more about ISC Bind?

IMAP

What is IMAP?

Why would I need IMAP?

Choosing the right IMAP server for you

UW IMAP

Cyrus IMAP

Courier

Other flavours

Introduction to Courier-IMAP

Getting Courier-IMAP

Compiling & Installing Courier-IMAP

Configuring Courier-IMAP

Authdaemon

Courier-IMAP with SSL

Logging for Courier-IMAP

Where do I learn more about Courier-IMAP?

 

Webmail

What is Webmail?

Why would I need Webmail?

Choosing the right Webmail product for you

IMP

Courier sqwebmail

Squirrelmail

Other flavours

Introduction to Squirrelmail

Getting Squirrelmail

Compiling & Installing Squirrelmail

PHP?

Configuring Squirrelmail

Authdaemon

Using Squirrelmail with SIMAP

Using Squirrelmail with SSL

Logging for Squirrelmail

Where do I learn more about Squirrelmail

Samba

What is Samba?

Why would I need Samba?

Introduction to Samba

Getting Samba

Compiling & Installing Samba

Configuring Samba

Starting and stopping Samba

Initial configuration

Samba File serving

Samba Printing

Connecting to an existing Windows network

Samba as a Windows PDC

Logging for Samba

Where do I learn more about Samba?

MySQL

What is MySQL?

Why would I need MySQL?

Getting MySQL

Compiling & Installing MySQL

Configuring MySQL

Starting and stopping MySQL

Setting up users and passwords

Securing your MySQL connections

Backing up your MySQL data

Logging for MySQL

Where do I learn more about MySQL?

Glossary

Index