w opeb01 - Securing & Optimizing Linux - The Hacking Solution (v.3.0), Książki IT

[ Pobierz całość w formacie PDF ]
This book is dedicated to OpenNA staff. Thanks, guys (no-gender)!!
--Gerhard Mourani
This book is printed on acid-free paper with 85% recycled content, 15% post-consumer waste.
Open Network Architecture is commited to using paper with the highest recycled content
available consistent with high quality.
Copyright © 2002 by Gerhard Mourani and Open Network Architecture, Inc.
All rights reserved. No part of this publication may be reproduced, stored in a retrieval system or
transmitted in any form or by any means, electronic, mechanical, photocopying, recording,
scanning or otherwise, except as permitted by Canada Copyright Act, without either the prior
written permission of the Publisher, or authorization through payment of the appropriate per-copy
fee to the copyright holders Gerhard Mourani and Open Network Architecture, Inc. 11090
Drouart, Montreal, PQ H3M 2S3, (514) 978-6183, fax (514) 333-0236. Requests to the Publisher
for permission should be addressed to the Publishing Manager, at Open Network Architecture,
Inc., E-mail:
books@openna.com
This publication is designed to provide accurate and authoritative information in regard to the
subject matter covered. It is sold with the understanding that some grammatical mistakes could
have occurred but this won’t jeopardize the content or the issue raised herewith.
Title:
Securing and Optimizing Linux: The Hacking Solution
Page Count:
1208
Version:
3.0
Last Revised:
2002-06-26
Publisher:
Open Network Architecture, Inc.
Editor:
Ted Nackad
Text Design & Drawings (Graphics):
Bruno Mourani
Printing History:
June 2000: First Publication.
Author's:
Gerhard Mourani
Mail:
gmourani@openna.com
Website:
http://www.openna.com/
National Library Act.
R.S., c. N-11, s. 1.
Legal Deposit, 2002
Securing and Optimizing Linux: The Hacking Solution / Open Network Architecture, Inc.
Published by Open Network Architecture, Inc., 11090 Drouart, Montreal, H3M 2S3, Canada.
Includes Index.
ISBN 0-9688793-1-4
Printed in Canada
1
Overview
Part I Installation Security
Chapter 1
Introduction
Chapter 2
Installation Issues
Part II System Security & Optimization
Chapter 3
General Security
Chapter 4
Pluggable Authentication Modules
Chapter 5
General Optimization
Chapter 6
Kernel Security & Optimization
Chapter 7
Process File System Management
Part III Network Security
Chapter 8
TCP/IP Network Management
Chapter 9
Firewall Basic Concept
Chapter 10
GIPTables Firewall
Chapter 11
Squid Proxy Server
Chapter 12
SquidGuard Filter
Chapter 13
FreeS/WAN VPN
Part IV Cryptography & Authentication
Chapter 14
GnuPG
Chapter 15
OpenSSL
Chapter 16
OpenSSH
Chapter 17
Sudo
Part V Monitoring & System Integrity
Chapter 18
sXid
Chapter 19
LogSentry
Chapter 20
HostSentry
Chapter 21
PortSentry
Chapter 22
Snort
Chapter 23
Tripwire
Part VI Super-Server
Chapter 24
UCSPI-TCP
Chapter 25
Xinetd
Part VII Management & Limitation
Chapter 26
NTP
Chapter 27
Quota
Part VIII Domain Name System & Dynamic Host Protocol
Chapter 28
ISC BIND & DNS
Chapter 29
ISC DHCP
Part IX Mail Transfer Agent Protocol
Chapter 30
Exim
Chapter 31
Qmail
2
Part X Internet Message Access Protocol
Chapter 32
tpop3d
Chapter 33
UW IMAP
Chapter 34
Qpopper
Part XI Anti-Spam & Anti-Virus
Chapter 35
SpamAssassin
Chapter 36
Sophos
Chapter 37
AMaViS
Part XII Database Server
Chapter 38
MySQL
Chapter 39
PostgreSQL
Chapter 40
OpenLDAP
Part XIII File Transfer Protocol
Chapter 41
ProFTPD
Chapter 42
vsFTPD
Part XIV Hypertext Transfer Protocol
Chapter 43
Apache
Chapter 44
PHP
Chapter 45
Mod_Perl
Part XV NetBios Protocol
Chapter 46
Samba
Part XVI Backup
Chapter 47
Tar & Dump
Part XVII Appendixes
Appendix A
Tweaks, Tips and Administration Tasks
Appendix B
Port list
3
Contents
13
Steps of installation
13
Author note
14
Audience
15
These installation instructions assume
15
Obtaining the example configuration files
15
Problem with Securing & Optimizing Linux
15
Acknowledgments
19
Introduction
21
What is Linux?
21
Some good reasons to use Linux
21
Let's dispel some of the fear, uncertainty, and doubt about Linux
22
Why choose pristine source?
22
Compiling software on your system
23
Build & install software on your system
24
Editing files with the
vi
editor tool
25
Recommended software to include in each type of servers
29
Installation Issues
31
Know your Hardware!
31
Creating the Linux Boot Disk
33
Beginning the installation of Linux
34
Installation Class and Method (Install Options)
35
Partition your system for Linux
39
Disk Partition (Manual Partitioning)
50
Selecting Package Groups
53
Boot Disk Creation
53
How to use
RPM
Commands
56
Starting and stopping daemon services
57
Software that must be uninstalled after installation of the server
65
Remove unnecessary documentation files
66
Remove unnecessary/empty files and directories
66
Software that must be installed after installation of the server
General Security 73
BIOS
75
75
Unplug your server from the network
76
Security as a policy
76
Choose a right password
77
The root account
77
Set login time out for the root account
78
Shell logging
79
The single-user login mode of Linux
79
Disabling
Ctrl-Alt-Delete
keyboard shutdown command
80
Limiting the default number of started
ttys
on the server
80
The
LILO
and
/etc/lilo.conf
file
82
The
GRUB
and
/boot/grub/grub.conf
file
84
The
/etc/services
file
4
85
The
/etc/securetty
file
85
Special accounts
88
Control mounting a file system
89
Mounting the
/usr
directory of Linux as read-only
91
Tighten scripts under
/etc/init.d
91
Tighten scripts under
/etc/cron.daily/
91
Bits from root-owned programs
93
Don’t let internal machines tell the server what their
MAC
address is
94
Unusual or hidden files
95
Finding Group and World Writable files and directories
96
Unowned files
96
Finding
.rhosts
files
97
Physical hard copies of all-important logs
99
Getting some more security by removing manual pages
100
System is compromised!
101
Pluggable Authentication Modules
103
The password length
105
Disabling console program access
105
Disabling all console access
106
The Login access control table
107
Tighten console permissions for privileged users
109
Putting limits on resource
111
Controlling access time to services
112
Blocking;
su
to root, by one and sundry
113
Using
sudo
instead of
su
for logging as super-user
116
General Optimization
118
Static vs. shared libraries
119
The
Glibc
2.2
library of Linux
120
Why Linux programs are distributed as source
121
Some misunderstanding in the compiler flags options
122
The
gcc
specs
file
127
Striping all binaries and libraries files
128
Tuning
IDE
Hard Disk Performance
Kernel Security & Optimization 133
Difference between a Modularized Kernel and a Monolithic Kernel
135
138
Making an emergency boot floppy
139
Preparing the Kernel for the installation
141
Applying the
Grsecurity
kernel patch
141
Obtaining and Installing
Grsecurity
142
Tuning the Kernel
143
Cleaning up the Kernel
145
Configuring the Kernel
190
Compiling the Kernel
190
Installing the Kernel
192
Verifying or upgrading your boot loader
194
Reconfiguring
/etc/modules.conf
file
195
Rebooting your system to load the new kernel
195
Delete programs, edit files pertaining to modules
5
[ Pobierz całość w formacie PDF ]