Practical Linux Security Cookbook
eBook - ePub

Practical Linux Security Cookbook

Secure your Linux environment from modern-day attacks with practical recipes, 2nd Edition

  1. 482 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Practical Linux Security Cookbook

Secure your Linux environment from modern-day attacks with practical recipes, 2nd Edition

Book details
Book preview
Table of contents
Citations

About This Book

Enhance file system security and learn about network attack, security tools and different versions of Linux build.

Key Features

  • Hands-on recipes to create and administer a secure Linux system
  • Enhance file system security and local and remote user authentication
  • Use various security tools and different versions of Linux for different tasks

Book Description

Over the last few years, system security has gained a lot of momentum and software professionals are focusing heavily on it. Linux is often treated as a highly secure operating system. However, the reality is that Linux has its share of security flaws, and these security flaws allow attackers to get into your system and modify or even destroy your important data. But there's no need to panic, since there are various mechanisms by which these flaws can be removed, and this book will help you learn about different types of Linux security to create a more secure Linux system.

With a step-by-step recipe approach, the book starts by introducing you to various threats to Linux systems. Then, this book will walk you through customizing the Linux kernel and securing local files. Next, you will move on to managing user authentication both locally and remotely and mitigating network attacks. Later, you will learn about application security and kernel vulnerabilities. You will also learn about patching Bash vulnerability, packet filtering, handling incidents, and monitoring system logs. Finally, you will learn about auditing using system services and performing vulnerability scanning on Linux.

By the end of this book, you will be able to secure your Linux systems and create a robust environment.

What you will learn

  • Learn about vulnerabilities and exploits in relation to Linux systems
  • Configure and build a secure kernel and test it
  • Learn about file permissions and how to securely modify files
  • Authenticate users remotely and securely copy files on remote systems
  • Review different network security methods and tools
  • Perform vulnerability scanning on Linux machines using tools
  • Learn about malware scanning and read through logs

Who this book is for

This book is intended for all those Linux users who already have knowledge of Linux file systems and administration. You should be familiar with basic Linux commands. Understanding information security and its risks to a Linux system is also helpful in understanding the recipes more easily.

Frequently asked questions

Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes, you can access Practical Linux Security Cookbook by Tajinder Kalsi in PDF and/or ePUB format, as well as other popular books in Computer Science & Cyber Security. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Packt Publishing
Year
2018
ISBN
9781789136005
Edition
2
Topic
Computer Science
Subtopic
Cyber Security
Index
Computer Science

Security Tools

In this chapter, we will discuss the following:
  • Linux sXID
  • Port Sentry
  • Using Squid Proxy
  • Open SSL Server
  • Trip Wire
  • Shorewall
  • OSSEC
  • Snort
  • Rsync and Grsync—backup tool

Linux sXID

In Linux, normally a file has permissions to read, write, and execute. Apart from these permissions, it can also have special permissions such as SUID (Set owner User ID) and SGID. Due to these permissions, it is possible for a user to log in from their account and still run a particular file/program with the permissions of the actual file owner (which can be root also). sXid is the tool for monitoring SUID/SGID on a regular basis. Using this tool, we can track changes in the SUID/SGID of files and folders.

Getting ready

To use this tool, we need to install the sXid package on our Linux system. We can either use the apt-get command to install the package, or we can download the package and manually configure and install it.To install the sXid package, we run the following command:
 apt-get install sxid

How to do it...

To start monitoring the suid/sgid of files and folders, we configure the tool as follows:
  1. Once the installation completes, we start editing the /etc/sxid.conf file to use the tool as we require. Open the file in the editor of your choice:
 nano /etc/sxid.conf
  1. In the configuration file, look for the following line:
Change the value for EMAIL to any other email ID, if you wish to have the output of changes whenever sxid is run sent to your email ID.
  1. Next, look for the line that reads KEEP_LOGS and change the value to a numerical value of your choice. This number defines how many log files to keep:
  1. If you wish to get the logs even when sXid finds no changes, then change the value for ALWAYS_NOTIFY to yes:
  1. We can define a list of directories, separated with spaces, for the SEARCH option, for sXID to use as a starting point for its search. However, if we wish to exclude any directory from the search, we can specify it under the EXCLUDE option:
Suppose we have a directory, /usr/local/share, to be searched, and the /usr/local directory has been mentioned in the exclude list; it will still be searched. This becomes useful for excluding a main directory, and only specifying one.
  1. There are many more options in /etc/sxid.conf, which can be configured as per our requirements. Once we are done with editing the file, save and close the file.
  1. Now, if we want to run sxid manually for spot-checking, we use the following command:
 sxid -c /etc/sxid.conf -k
Here, the -c option helps to define the path of the config file, if it is not automatically picked up by the command. The -k option runs the tool.

How it works...

We first install the sxid package and then we configure it by editing the /etc/sxid.conf file as per our requirements. Once the configuration has been done, we run sXid manually to perform spot-checking. We can even add an entry in crontab to run sXid automatically at a defined interval, if we wish to.

Port Sentry

As a system administrator, one major concern would be to protect the system from network intrusions. This is where PortSentry comes into the picture. It has the ability to detect scans on a host system, and react to those scans in a way we choose.

Getting ready

To demonstrate the implementation and use of PortSentry, we need two systems on the same network, which can ping each other. Also, we need the Nmap package on one system, which ...

Table of contents

  1. Title Page
  2. Copyright and Credits
  3. Contributors
  4. Packt Upsell
  5. Preface
  6. Linux Security Problem
  7. Configuring a Secure and Optimized Kernel
  8. Local Filesystem Security
  9. Local Authentication in Linux
  10. Remote Authentication
  11. Network Security
  12. Security Tools
  13. Linux Security Distros
  14. Bash Vulnerability Patching
  15. Security Monitoring and Logging
  16. Understanding Linux Service Security
  17. Scanning and Auditing Linux
  18. Vulnerability Scanning and Intrusion Detection
  19. Other Books You May Enjoy