Hack Proofing Linux : A Guide to Open Source Security
Format: PDF / Kindle (mobi) / ePub
From the authors of the bestselling E-Mail Virus Protection Handbook!
The Linux operating system continues to gain market share based largely on its reputation as being the most secure operating system available. The challenge faced by system administrators installing Linux is that it is secure only if installed and configured properly, constantly and meticulously updated, and carefully integrated with a wide variety of Open Source security tools. The fact that Linux source code is readily available to every hacker means that system administrators must continually learn security and anti-hacker techniques.
Hack Proofing Linux will provide system administrators with all of the techniques necessary to properly configure and maintain Linux systems and counter malicious attacks.
* Linux operating systems and Open Source security tools are incredibly powerful, complex, and notoriously under-documented - this book addresses a real need
* Uses forensics-based analysis to give the reader an insight to the mind of a hacker
practical knowledge of the open source community, and how it can help you with your security concerns.You learned about several key open source sites, how the open source movement protects software instead of individuals and corporations, and you reviewed your knowledge of encryption. You learned how to verify the integrity of the files you download from people you don’t know. Using GPG (and, if you wish, PGP), you can verify RPM and tarball packages. This book is designed to deploy open source
often unnecessary Used to manage network devices Potential security risk and often unnecessary Used by sendmail servers Often unnecessary Network File System (NFS) and Samba Atd PCMCIA services Dynamic Host Configuration Protocol (DHCP) daemon News server daemon Routing daemon Network Information System (NIS) server and client programs Simple Network Management Protocol (SNMP) daemon Sendmail daemon mode Potential security risk Potential security risk Often unnecessary Often unnecessary ■
throughout the operating system. Instead, administrators answer a series of “Yes” and “No” questions through an interactive text-based interface.The program automatically implements the administrators’ preferences based on the answers to the questions. Superuser Do (sudo) is an open source security tool that allows an administrator to give specific users or groups the ability to run certain commands as root or as another user.The program can also log commands and arguments entered by specified
138_linux_03 118 6/20/01 9:35 AM Page 118 Chapter 3 • System Scanning and Probing record and symbolic links, which helps the scan finish faster, because it won’t have to scan the same file repeatedly.This section also allows you to specify whether you want to search for compressed files (e.g., files compressed by zip or gzip).Verbose scan mode allows you to receive more information in your log file. Figure 3.2 The TkAntivir Interface The Repair options section allows you to determine what
create another plug-in option by entering the following command: %x -t 'SNMPWALK of %h' -e sh -c 'snmpwalk %i publicname |less && read a' 32. This command has the program named snmpwalk query the system using the public name of “publicname.” Any system that has SNMP installed, and uses the public name of “publicname” will respond.You should, of course, change the public name to the one used on your systems and routers. 33. Consider additional plug-ins.You can configure plug-ins to use commands