Mastering linux security and hardening a practical guide to protecting your linux system from cyber attacks
The third edition of Mastering Linux Security and Hardening is an updated, comprehensive introduction to implementing the latest Linux security measures, using the latest versions of Ubuntu and AlmaLinux. In this new edition, you will learn how to set up a practice lab, create user accounts with app...
| Otros Autores: | |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Birmingham, England ; Mumbai :
Packt Publishing
[2023]
|
| Edición: | 3rd ed |
| Colección: | Expert insight.
|
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009726540006719 |
Tabla de Contenidos:
- Cover
- CopyRight
- Contributors
- Table of Contents
- Preface
- Section I: Setting up a Secure Linux System
- Chapter 1: Running Linux in a Virtual Environment
- Looking at the threat landscape
- Why do security breaches happen?
- Keeping up with security news
- Differences between physical, virtual, and cloud setups
- Introducing VirtualBox and Cygwin
- Installing a virtual machine in VirtualBox
- Installing the EPEL repository on the CentOS 7 virtual machine
- Installing the EPEL repository on the AlmaLinux 8/9 virtual machines
- Configuring a network for VirtualBox virtual machines
- Creating a virtual machine snapshot with VirtualBox
- Using Cygwin to connect to your virtual machines
- Installing Cygwin on your Windows host
- Using the Windows 10 SSH client to interface with Linux virtual machines
- Using the Windows 11 SSH client to interface with Linux virtual machines
- Cygwin versus the Windows shell
- Keeping the Linux systems updated
- Updating Debian-based systems
- Configuring auto updates for Ubuntu
- Updating Red Hat 7-based systems
- Updating Red Hat 8/9-based systems
- Managing updates in an enterprise
- Summary
- Questions
- Further reading
- Answers
- Chapter 2: Securing Administrative User Accounts
- The dangers of logging in as the root user
- The advantages of using sudo
- Setting up sudo privileges for full administrative users
- Adding users to a predefined admin group
- Creating an entry in the sudo policy file
- Setting up sudo for users with only certain delegated privileges
- Hands-on lab for assigning limited sudo privileges
- Advanced tips and tricks for using sudo
- The sudo timer
- View your sudo privileges
- Hands-on lab for disabling the sudo timer
- Preventing users from having root shell access
- Preventing users from using shell escapes.
- Preventing users from using other dangerous programs
- Limiting the user's actions with commands
- Letting users run as other users
- Preventing abuse via a user's shell scripts
- Detecting and deleting default user accounts
- New sudo features
- Special sudo considerations for SUSE and OpenSUSE
- Summary
- Questions
- Further reading
- Answers
- Chapter 3: Securing Normal User Accounts
- Locking down users' home directories the Red Hat way
- Locking down users' home directories the Debian/Ubuntu way
- useradd on Debian/Ubuntu
- adduser on Debian/Ubuntu
- Hands-on lab for creating an encrypted home directory with adduser
- Enforcing strong password criteria
- Installing and configuring pwquality
- Hands-on lab for setting password complexity criteria
- Setting and enforcing password and account expiration
- Configuring default expiry data for useradd for Red Hat-type systems only
- Setting expiry data on a per-account basis with useradd and usermod
- Setting expiry data on a per-account basis with chage
- Hands-on lab for setting account and password expiry data
- Preventing brute-force password attacks
- Configuring the pam_tally2 PAM module on CentOS 7
- Hands-on lab for configuring pam_tally2 on CentOS 7
- Configuring pam_faillock on AlmaLinux 8/9
- Hands-on lab for configuring pam_faillock on AlmaLinux 8 or AlmaLinux 9
- Configuring pam_faillock on Ubuntu 20.04 and Ubuntu 22.04
- Hands-on lab for configuring pam_faillock on Ubuntu 20.04 and Ubuntu 22.04
- Locking user accounts
- Using usermod to lock a user account
- Using passwd to lock user accounts
- Locking the root user account
- Setting up security banners
- Using the motd file
- Using the issue file
- Using the issue.net file
- Detecting compromised passwords
- Hands-on lab for detecting compromised passwords.
- Understanding centralized user management
- Microsoft Active Directory
- Samba on Linux
- FreeIPA/Identity Management on RHEL-type distros
- Summary
- Questions
- Further reading
- Answers
- Chapter 4: Securing Your Server with a Firewall - Part 1
- Technical requirements
- An overview of the Linux firewall
- An overview of iptables
- Mastering the basics of iptables
- Blocking ICMP with iptables
- Blocking everything that isn't allowed with iptables
- Hands-on lab for basic iptables usage
- Blocking invalid packets with iptables
- Restoring the deleted rules
- Hands-on lab for blocking invalid IPv4 packets
- Protecting IPv6
- Hands-on lab for ip6tables
- nftables - a more universal type of firewall system
- Learning about nftables tables and chains
- Getting started with nftables
- Configuring nftables on Ubuntu
- Using nft commands
- Hands-on lab for nftables on Ubuntu
- Summary
- Questions
- Further reading
- Answers
- Chapter 5: Securing Your Server with a Firewall - Part 2
- Technical requirements
- The Uncomplicated Firewall for Ubuntu systems
- Configuring ufw
- Working with the ufw configuration files
- Hands-on lab for basic ufw usage
- firewalld for Red Hat systems
- Verifying the status of firewalld
- Working with firewalld zones
- Adding services to a firewalld zone
- Adding ports to a firewalld zone
- Blocking ICMP
- Using panic mode
- Logging dropped packets
- Using firewalld rich language rules
- Looking at iptables rules in RHEL/CentOS 7 firewalld
- Creating direct rules in RHEL/CentOS 7 firewalld
- Looking at nftables rules in RHEL/AlmaLinux 8 and 9 firewalld
- Creating direct rules in RHEL/AlmaLinux firewalld
- Hands-on lab for firewalld commands
- Summary
- Questions
- Further reading
- Answers
- Chapter 6: Encryption Technologies
- GNU Privacy Guard (GPG).
- Hands-on lab - creating your GPG keys
- Hands-on lab - symmetrically encrypting your own files
- Hands-on lab - encrypting files with public keys
- Hands-on lab - signing a file without encryption
- Encrypting partitions with Linux Unified Key Setup (LUKS)
- Disk encryption during operating system installation
- Hands-on lab - adding an encrypted partition with LUKS
- Configuring the LUKS partition to mount automatically
- Hands-on lab - configuring the LUKS partition to mount automatically
- Encrypting directories with eCryptfs
- Hands-on lab - encrypting a home directory for a new user account
- Creating a private directory within an existing home directory
- Hands-on lab - encrypting other directories with eCryptfs
- Encrypting the swap partition with eCryptfs
- Using VeraCrypt for cross-platform sharing of encrypted containers
- Hands-on lab - getting and installing VeraCrypt
- Hands-on lab - creating and mounting a VeraCrypt volume in console mode
- Using VeraCrypt in GUI mode
- OpenSSL and the Public Key Infrastructure
- Commercial certificate authorities
- Creating keys, certificate signing requests, and certificates
- Creating a self-signed certificate with an RSA key
- Creating a self-signed certificate with an Elliptic Curve key
- Creating an RSA key and a Certificate Signing Request
- Creating an EC key and a CSR
- Creating an on-premises CA
- Hands-on lab - setting up a Dogtag CA
- Adding a CA to an operating system
- Hands-on lab - exporting and importing the Dogtag CA certificate
- Importing the CA into Windows
- OpenSSL and the Apache webserver
- Hardening Apache SSL/TLS on Ubuntu
- Hardening Apache SSL/TLS on RHEL 9/AlmaLinux 9
- Setting FIPS mode on RHEL 9/AlmaLinux 9
- Hardening Apache SSL/TLS on RHEL 7/CentOS 7
- Setting up mutual authentication.
- Introducing quantum-resistant encryption algorithms
- Summary
- Questions
- Further reading
- Answers
- Chapter 7: SSH Hardening
- Ensuring that SSH protocol 1 is disabled
- Creating and managing keys for passwordless logins
- Creating a user's SSH key set
- Transferring the public key to the remote server
- Hands-on lab - creating and transferring SSH keys
- Disabling root user login
- Disabling username/password logins
- Hands-on lab - Disabling root login and password authentication
- Enabling two-factor authentication
- Hands-on lab - Setting up two-factor authentication on Ubuntu 22.04
- Hands-on lab - Using Google Authenticator with key exchange on Ubuntu
- Hands-on lab - Setting up two-factor authentication on AlmaLinux 8
- Hand-on lab - Using Google Authenticator with key exchange on AlmaLinux 8
- Configuring Secure Shell with strong encryption algorithms
- Understanding SSH encryption algorithms
- Scanning for enabled SSH algorithms
- Hands-on lab - Scanning with Nmap
- Disabling weak SSH encryption algorithms
- Hands-on lab - disabling weak SSH encryption algorithms - Ubuntu 22.04
- Hands-on lab - disabling weak SSH encryption algorithms - CentOS 7
- Setting system-wide encryption policies on RHEL 8/9 and AlmaLinux 8/9
- Hands-on lab - setting encryption policies on AlmaLinux 9
- Configuring more detailed logging
- Hands-on lab - configuring more verbose SSH logging
- Configuring access control with whitelists and TCP Wrappers
- Configuring whitelists within sshd_config
- Hands-on lab - configuring whitelists within sshd_config
- Configuring whitelists with TCP Wrappers
- Configuring automatic logouts and security banners
- Configuring automatic logout for both local and remote users
- Configuring automatic logout in sshd_config
- Creating a pre-login security banner.
- Configuring other miscellaneous security settings.
