Search icon Close icon
Search icon
0
Cart icon
Close icon
You have no products in your basket yet
Arrow left icon
All Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletters
Free Learning
Arrow right icon
Practical Linux Security Cookbook. - Second Edition
Practical Linux Security Cookbook. - Second Edition

Practical Linux Security Cookbook.: Secure your Linux environment from modern-day attacks with practical recipes, Second Edition

By Tajinder Kalsi
NZ$‎57.99 NZ$‎39.99
Book Aug 2018 482 pages 2nd Edition
eBook
NZ$‎57.99 NZ$‎39.99
Print
NZ$‎71.99
Subscription
Free Trial
eBook
NZ$‎57.99 NZ$‎39.99
Print
NZ$‎71.99
Subscription
Free Trial

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Buy Now

Product Details

Publication date : Aug 31, 2018
Length 482 pages
Edition : 2nd Edition
Language : English
ISBN-13 : 9781789138399
Category :
Security
Concepts :
Information Security
Tools :
Linux (Intermediate)
Table of content icon View table of contents Preview book icon Preview Book

Practical Linux Security Cookbook. - Second Edition

Chapter 1. Linux Security Problem

A Linux machine is only as secure as the administrator configures it to be. Once we have installed the Linux distribution of our choice and have removed all the unnecessary packages post installation, we can start working on the security aspect of the system by fine-tuning the installed software and services.

In this chapter, we will discuss the following topics:

  • Configuring server security
  • Security policy—server security
  • Defining security controls
  • Missing backup plans

The following recipes will be covered in the chapter:

  • Checking the integrity of installation medium using checksum
  • Using LUKS disk encryption
  • Making use of sudoers—configuring sudo access
  • Scanning hosts with Nmap
  • Gaining root on a vulnerable Linux system
  • Missing backup plans

Security policy

A security policy is a definition that outlines the rules and practices to be followed for computer network security in an organization. How the organization should manage, protect, and distribute sensitive data is defined in the security policy.

 

Developing a security policy

When creating a security policy you should keep in mind that it should be simple and easy for all the users to follow. The objective of the policy should be to protect the data while keeping the privacy of the users.

It should be developed around these points:

  • Accessibility to the system
  • Software installation rights on the system
  • Data permission
  • Recovery from failure

When developing a security policy, a user should be using only those services for which permission has been granted. Anything that is not permitted should be restricted in the policy. Let's look at some common Linux security myths.

Linux security myths

You might feel nervous while planning to use Linux-based systems in your business. This may be due to some false rumors about security in Linux that the systems might have fallen prey to any of the myths out there.

Myth – as Linux is open source, it is considered to be insecure

Linux, being a free and open source operating system, has its own advantages. It includes a large base of developers who constantly audit the source code for any possible security risks; the Linux community can provide fast support and fixes for any potential security problem. Patches are released quickly for testing by the community so they don't have to deal with the clumsy administration that other Unix vendors may have to deal with.

Due to the massive worldwide user base, Linux's security gets tested across huge range of computing environments, thus making it one of the most stable and secure operating systems. As Linux is open to scrutiny by developers across the world, it helps Linux derive superior security in the ways the privileges are assigned. The way in which these privileges are assigned in a Linux system is also a security feature derived from the open source code of the system.

 

Myth – Linux is an experts-only system, and only they know how to configure their systems in terms of security

Assuming that Linux is for experts who know how to deal with viruses is a misconception. Linux has evolved to become one of the friendliest OSes that can be used by anyone, whether novice or experts.

Linux is secure because of its strong architecture. Regular users on a Linux system possess low-privileged accounts rather than having root privileges.

Myth – Linux is virus free

Due to its strong architecture, even if a Linux system gets compromised, viruses would not have root access and thus will not be able to cause any major damage to the system.

Even on Linux servers, several levels of security are implemented and they are updated more often, again helping to secure the servers from viruses.

There are still a number of viruses that target Linux, thus making it not completely virus free. But most of the viruses that exist for Linux are non-destructive in nature.

Configuring server security

Once a Linux server is created, the immediate next step is to implement security procedures to make sure that any kind of threat should not cause the system to be compromised. A major reason for malicious attacks on Linux servers have been poorly implemented security or existing vulnerabilities. When configuring a server, the security policies need to be implemented properly to create a secure environment that will help prevent your business from getting hacked.

How to do it...

Let us have a look for each and every configuration.

User management

Follow these steps to configure server security:

  1. When a Linux server is created, the first user created by default is always the root user. This root user should be used for initial configuration only.
  2. Once initial configuration is done, this root user should be disabled via SSH. This will make it difficult for any hacker to gain access to your Linux machine.
  3. Further, a secondary user should be created to log in and administer the machine. This user can be allowed sudo permissions if administrative actions need to be performed.

Password policy

Follow these steps to configure server security:

  1. When creating user accounts, ensure the use of strong passwords. If allowed, keep the length of the password to between 12 to 14 characters.
  2. If possible, generate passwords randomly, and include lowercase and uppercase letters, numbers, and symbols.
  3. Avoid using password combinations that could be easily guessed, such as dictionary words, keyboard patterns, usernames, ID numbers, and so on.
  4. Avoid using the same password twice.

Configuration policy

Follow these steps to configure server security:

  1. The operating system on the server should be configured in accordance with the guidelines approved for InfoSec.
  2. Any service or application not being used should be disabled, wherever possible.
  3. Every access to the services and applications on the server should be monitored and logged. It should also be protected through access-control methods. An example of this will be covered in Chapter 3, Local Filesystem Security.
  4. The system should be kept updated and any recent security patches, if available, should be installed as soon as possible
  5. Avoid using the root account as much as possible. It is better to use the security principles that require least access to perform a function.
  1. Any kind of privileged access must be performed over a secure channel connection (SSH) wherever possible.
  2. Access to the server should be in a controlled environment.

Monitoring policy

  1. All security-related actions on server systems must be logged and audit reports should be saved as follows:
  • For a period of one month, all security-related logs should be kept online
  • For a period of one month, the daily backups, as well as the weekly backups should be retained
  • For a minimum of two years, the monthly full backups should be retained
  1. Any event related to security being compromised should be reported to the InfoSec team. They shall then review the logs and report the incident to the IT department.
  2. Some examples of security-related events are as follows:
  • Port-scanning-related attacks
  • Access to privileged accounts without authorization
  • Unusual occurrences due to a particular application on the host

How it works...

Following the policies as given here helps in the base configuration of the internal server that is owned or operated by the organization. Implementing the policy effectively will minimize unauthorized access to any sensitive and proprietary information.

Security policy – server security

A major reason for malicious attacks on Linux servers has been poorly implemented security or existing vulnerabilities. When configuring a server, the security policies need to be implemented properly and ownership needs to be taken for proper customization of the server.

 

How to do it…

Let's have a look and various security policies

General policy

Let's discuss the various security policies:

  1. The administration of all the internal servers in an organization is the responsibility of a dedicated team that should also keep watch for any kind of compliance issues. If a compliance issues occurs, the team should immediately review and implement an updated security policy.
  2. When configuring internal servers, they must be registered in such a way that the identification of the servers can be done on the basis of the following information:
    • Location of the server
    • Operating system version and hardware configuration
    • Services and applications running on the server
  3. Any kind of information in the organization's management system must always be kept up to date.

Configuration policy

Let's discuss the various security policies:

  1. The operating system on the server should be configured in accordance with the guidelines approved for InfoSec.
  2. Any service or application not being used should be disabled, wherever possible.
  3. Every access to the services and applications on the server should be monitored and logged. It should also be protected through access-control methods. An example of this will be covered in Chapter 3, Local FileSystem Security.
  4. The system should be kept updated and any recent security patches, if available, should be installed as soon as possible
  5. Avoid using the root account as much as possible. It is better to use security principles that require least access to perform a function.
  6. Any kind of privileged access must be performed over a secure channel connection (SSH), wherever possible.
  7. Access to the server should be in a controlled environment.

 

Monitoring policy

Let's discuss the various security policies:

  1. All security-related actions on server systems must be logged and audit reports should be saved as follows:
    • For a period of one month, all the security-related logs should be kept online
    • For a period of one month, the daily backups, as well as the weekly backups, should be retained
    • For a minimum of two years, the monthly full backups should be retained
  2. Any event related to security being compromised should be reported to the InfoSec team. They shall then review the logs and report the incident to the IT department.
  3. Some examples of security related events are as follows:
    • Port-scanning-related attacks
    • Access to privileged accounts without authorization
    • Unusual occurrences due to a particular application on the host

How it works…

Following the policies as given here helps the base configuration of the internal server that is owned or operated by the organization. Implementing the policy effectively will minimize unauthorized access to any sensitive and proprietary information.

Defining security controls

Securing a Linux server starts with the process of hardening the system, and to do this it's important to define a list of security controls. A security controls list (or security checklist) confirms that proper security controls have been implemented.

How to do it...

Let's have a look at various security control checklists.

Installation

Now we will look into each security control checklist:

  • Installation media such as CD-ROM/DVD/ISO should be checked by using checksum
  • A minimal base installation should be done when creating the server
  • It is good practice to create separate filesystems for /home, and /tmp
  • It is good practice to install minimum software on the server to minimize the chances of vulnerability
  • Always keep the Linux kernel and software up to date

Boot and disk

Now we will look into each security control checklist:

  • Encrypt partitions using disk encryption methods such as LUKS.
  • Limit access to BIOS by configuring a BIOS password.
  • Limit bootable devices and allow only devices such as disk to be booted.
  • Configure a password to access the single user mode boot loader.

Network and services

Now we will look into each security control checklist:

  • Determine the services running by checking the open network ports.
  • Use a firewall such as iptables/nftables to limit access to the services as per need.
  • Encrypt all data transmitted over the network.
  • Avoid using services such as FTP, Telnet, and Rlogin/Rsh.
  • Any unwanted services should be disabled.
  • A centralized authentication service should be used.

Intrusion detection and Denial of Service (DoS)

Now we will look into each security control checklist:

  • File integrity tools such as AIDE, Samhain, and AFICK should be installed and configured for monitoring important files.
  • Use a malware scanner such as CalmAV to protect against malicious scripts.
  • Configure system logging to a remote machine for the purpose of detection, forensics, and archiving.
  • Deter brute-force attacks by using anti brute-force tools for authentication attempts.

Auditing and availability

Now we will look into each security control checklist:

  • Read through logs to monitor for suspicious activity.
  • Configure auditd configuration to perform system accounting.
  • Ensure backup is working, and also check restores.

How it works...

Implementing these security controls minimizes the security risk to your Linux server. This helps protect your data from the hands of hackers.

Checking the integrity of installation medium by using checksum

Whenever you download an image file of any Linux distribution, it should always be checked for correctness and safety. This can be done by generating an MD5 hash after downloading the image file and then comparing the generated hash with the hash generated by the organization supplying the image file.

This helps in checking the integrity of the downloaded file. If the original file was tampered with it can be detected using the MD5 hash comparison. The larger the file size, the higher the possibility of changes in the file. It is always recommended you do an MD5 hash comparison for files such as the operating system installation CD.

Getting ready

md5sum is normally installed in most Linux distributions, so installation is not required.

How to do it…

Perform the following steps:

  1. Open the Linux Terminal and then change the directory to the folder containing the downloaded ISO file.

Note

Because Linux is case sensitive, type the correct spelling for the folder name. Downloads are not the same as downloads in Linux.

  1. After changing to the download directory, type the following command:
md5sum ubuntu-filename.iso

md5sum will then print the calculated hash in a single line as shown here:

8044d756b7f00b695ab8dce07dce43e5 ubuntu-filename.iso

Now we can compare the hash calculated by this command with the hash on the UbuntuHashes page (https://help.ubuntu.com/community/UbuntuHashes). After opening the UbuntuHashes page, we just need to copy this previously calculated hash, in the Find box of the browser (by pressing Ctrl + F).

How it works…

If the calculated hash and the hash on the UbuntuHashes page match, then the downloaded file is not damaged. In case the hashes don't match, then there is a possibility that the file might be tampered or is damaged. Try downloading the file again. If the issue still persists, it is recommended you report the issue to the administrator of the server.

See also

Here’s something extra in case you want to go the extra mile: the GUI checksum calculator available for Ubuntu.

Sometimes, it’s really inconvenient to use the Terminal for doing checksums. You need to know the right folder of the downloaded file and also the exact filename. This makes it difficult to remember the exact commands.

As a solution, there is the very small and simple software – GtkHash.

You can download the tool here: http://gtkhash.sourceforge.net/.

Or you can install it by using the following command:

sudo apt-get install gtkhash

Using LUKS disk encryption

In enterprises, small business, and government offices, the users may have to secure their systems in order to protect their private data, which includes customers details, important files, contact details, and so on. To help with this, Linux provides a good number of cryptographic techniques that can be used to protect data on physical devices such as hard disk or removable media. One such cryptographic technique is using Linux Unified Key Setup (LUKS)-on-disk-format. This technique allows the encryption of Linux partitions.

This is what LUKS does:

  • The entire block device can be encrypted using LUKS; it's well suited for protecting the data on removable storage media or the laptop disk drives
  • LUKS uses the existing device mapper kernel subsystem
  • It also provides passphrase strengthening, which helps protect against dictionary attacks

Getting ready

For the following process to work, it is necessary that a separate partition is also created while installing Linux, which will be encrypted using LUKS.

Note

Configuring LUKS using the steps given will remove all data on the partition being encrypted. So, before starting the process of using LUKS, make sure you take a backup of the data to some external source.

How to do it...

To begin with manually encrypting directories, perform the following steps:

  1. Install cryptsetup as shown here, which is a utility used for setting up encrypted filesystems:
apt-get install cryptsetup

The preceding command generates the following output:

  1. Encrypt your /dev/sdb1 partition, which is a removable device. To encrypt the partition, type the following command:
cryptsetup -y -v luksFormat /dev/sdb1

The preceding command generates the following output:

This command initializes the partition and also sets a passphrase. Make sure you note the passphrase for further use.

  1. Now open the newly created encrypted device by creating a mapping:
  2. Check to confirm that the device is present:
ls -l /dev/mapper/backup2

The preceding command generates the following output:

  1. Check the status of the mapping using the following command:
  2. Dump LUKS headers using the following command:
  3. Next, write zeros to /dev/mapper/backup2 encrypted device:

As the dd command may take hours to complete, we use the pv command to monitor the progress.

  1. Now create a filesystem:
mkfs.ext4 /dev/mapper/backup2

The preceding command generates the following output:

  1. Then mount the new filesystem and confirm the filesystem is visible:

Congratulations! You have successfully created an encrypted partition. Now, you can keep all your data safe, even when the computer is off.

There's more...

Perform the following commands to unmount and secure the data on the partition:

umount /backup2
cryptsetup luksClose backup

To remount the encrypted partition, perform the following steps:

cryptsetup luksOpen /dev/xvdc backup2
mount /dev/mapper/backup2 /backup2
df -H
mount

Make use of sudoers – configuring sudo access

Sudoer is the functionality of the Linux system that can be used by an administrator to provide administrative access to a trusted regular user, without actually sharing the root user's password. The administrator simply needs to add the regular user in the sudoers list.

Once a user has been added to the sudoers list, they can execute any administrative command by preceding it with sudo. Then the user would be asked to enter their own password. After this, the administrative command would be executed the same way as by the root user.

Getting ready

As the file for the configuration is pre-defined and the commands used are inbuilt, nothing extra is needed to be configured before starting the steps.

How to do it…

Perform the following steps:

  1. You will first create a normal account and then give it sudo access. Once done, you will be able to use the sudo command from the new account and then execute the administrative commands. Follow the steps given to configure sudo access. First, use the root account to log in to the system then create a user account using the useradd command, as shown. ReplaceUSERNAMEin the command with any name of your choice:
  1. Now, using the passwd command set a password for the new user account, as shown:
  1. Now edit the /etc/sudoers file by running the visudo as shown. The policies applied when using the sudo command, are defined by the /etc/sudoers file:
  1. Once the file is open in the editor, search for the following lines which allow sudo access to the users in the test group:
  1. You can enable the given configuration by deleting the comment character (#) at the beginning of the second line. Once the changes are done, save the file and exit from the editor. Now using the usermod command, add the previously created user to the test group:
  1. Now you need to check whether the configuration created now allows the new user account to run commands using sudo.
  1. To switch to the newly created user account, use the su option:
  1. Now use the groups command to confirm the presence of the user account in the test group:

Finally, run the whoami command with sudo from the new account. As you have executed a command using sudo for the first time using this new user account, the default banner message will be displayed for the sudo command. The screen will also ask for the user account password to be entered:

  1. The last line of the output shown is the username returned by the whoami command. If sudo is configured correctly this value will be root.

You have successfully configured a user with sudo access. You can now log in to this user account and use sudo to run commands the same way as you would from the root user.

How it works…

When you create a new account, it does not have the permission to run administrator commands. However, after editing the /etc/sudoers file, and making appropriate entry to grant sudo access to the new user account, you can start using the new user account to run all administrator commands.

There’s more…

Here are some extra measures that you can take to ensure total security.

Vulnerability assessment

A vulnerability assessment is the process of auditing your network and system security, through which you can come to know about the confidentiality, integrity, and availability of your network. The first phase in vulnerability assessment is reconnaissance, and this further leads to the phase of system readiness, in which we mainly check for all known vulnerabilities in the target. Next follows the phase of reporting in which we group all the vulnerabilities found into categories of low, medium, and high risk.

Scanning hosts with Nmap

Nmap, which can be used for scanning a network, is one of the most popular tools included in Linux. It has been in existence for many years, and is currently one of the preferred tools for gathering information about a network. Nmap can be used by administrators on their networks to find any open ports and the host systems. When performing vulnerability assessments, Nmap is surely a tool not to be missed.

Getting ready

Most Linux versions come with Nmap installed. The first step is to check whether you already have it by using the following command:

nmap --version

If Nmap exists, you should see output similar to this:

If Nmap is not already installed, you can download and install it from this link: https://nmap.org/download.html.

The following command will quickly install Nmap on your system:

sudo apt-get install nmap

How to do it...

Follow these steps for scanning hosts with Nmap:

  1. The most common use of Nmap is to find all the hosts online within a given IP range. The default command used takes some time to scan the complete network, depending on the number of hosts in the network.
  2. The following screenshot shows an example:
  1. To perform a SYN scan on a particular IP from a subnet, use the following command:
  2. If SYN scan does not work properly, you can also use Stealth scan:
  1. To detect the version number of the services running on the remote host, you can perform Service Version Detection scan as follows:
  2. If you want to detect the operating system running on the remote host, run the following command:
nmap -O 192.168.1.102
  1. The output here has been truncated:
  2. If you wish to scan only for a particular port, such as 80, run the command:

How it works...

Nmap checks for the services that are listening by testing the most common network communication ports. This information helps the network administrator to close all unwanted or unused ports and services. The previous examples show how to use port scanning and Nmap as a powerful tool to study the network around us.

See also

Nmap also has scripting features that we can use to write custom scripts. These scripts can be used with Nmap to automate and extend the scanning capabilities of Nmap.

You can find more information about using Nmap at its official homepage:https://nmap.org/.https://nmap.org/

Gaining root on a vulnerable Linux system

When trying to learn how to scan and exploit a Linux machine, one major problem we encounter is where to try. For this purpose, the Metasploit team has developed and released a virtual machine called Metasploitable. This machine has been made vulnerable purposefully, having many services running unpatched. Due to this, it has become a great platform for practicing or developing penetration testing skills. In this section, we will learn how to scan a Linux system and then, using the scanning result, how to find a service that is vulnerable. Using that vulnerable service, we shall gain root access to the system.

Getting ready

Kali Linux and the Metasploitable VMware system will be used in this section. The image file of Metasploitable can be downloaded from these links:

How to do it...

The Metasploit Framework is an open source tool used by security professionals globally to perform penetration tests by executing exploit code on target systems from within the framework. It comes pre-installed with Kali Linux (the preferred choice of distribution for security professionals).

Follow these steps to gain root access to a vulnerable Linux system:

  1. First open the Metasploit console on the Kali system by running the following command:
service postgresql start
msfconsole
  1. At the bottom of the screen, you should get the Metasploit framework prompt denoted by msf>.
  2. Next, we need to scan the target, which is 192.168.0.102 in this example, using Nmap:

The following screenshot shows the output of the command:

  1. In the previous command, you can see there are many services running on different ports. Among them you can see FTP is also running on port 21.
  2. We will focus on the FTP service for now. From the output shown, you can see that the FTP service is provided by the vsftpd application version 2.3.4.
  3. Now lets try to find an exploit forvsftpdwithin the Metasploit framework by simply executing the command searchvsftpd. Here is the output:
  1. The search results are showing a module, VSFTPD Backdoor Command Execution, with an excellent rating, which means that this exploit will work perfectly fine.
  1. Now run the following commands to use the exploit and check its options:
  1. As you can see from the screenshot, you need to set the value of RHOST, which is 192.168.1.102 in our case.
  2. Set the value for RHOST and then run the exploit as shown here:
  1. Once the exploit runs successfully, you will get root access, as shown in the preceding screenshot.

How it works...

We first did an Nmap scan to check for running services and open ports and found the FTP service running. Then we tried to find the version of the FTP service. Once we got the information, we searched for any exploit available for VSFTPD. The VSFTPD backdoor module that was found in the search result is actually a code that is being sent to the target machine by the Metasploit framework. The code gets executed on the target machine due to a module of the VSFTPD being improperly programmed. Once the code gets executed, we get a root shell access on our Kali machine

Using the exploit found for VSFTPD, we tried to attack the target system and got the root shell on it.

There's more...

Let's learn about a few more exploits and attacks that are common in Linux.

Missing backup plans

In this era of malicious attacks and dangerous cyberattacks, your data is never safe. Your data needs something more than just protection. Its needs insurance in the form of backups. At any point of time, if your data is lost, having data backups ensures that your business can be up and running in no time.

Getting ready

When we talk about data backup in Linux, choosing the best backup tool that matches your business needs is essential. Everyone needs to have a data backup tool that is dependable, but it's not necessary to spend too much to get a tool that has features that meets your needs. The backup tool should allow you to have local backups, remote backups, one-time backups, scheduled backups, and many other features.

How to do it...

Let's look at a few outstanding backup tools for Linux.

fwbackups

This is the easiest of all Linux backup tools. fwbackups has a user-friendly interface and it can be used for single backups and also for recurring scheduled backups.

Local as well as remote backups can be done in various formats, such as tar, tar.gz, tar.bz, or rsync format. A single file or an entire computer can be backed up using this tool.

Using this tool, backup and restoring can be done easily. Incremental or differential backups can be done to speed the process.

rsync

This is one of the most widely used backup solutions for Linux. It can be used for incremental backups, whether local or remote.

rsync can be used to update directory trees and filesystems while preserving links, ownerships, permissions, and privileges.

Being a command-line tool, rsync is perfect for creating simple scripts to use in conjunction with cron, so as to create automated backups.

Amanda (Advanced Maryland Automatic Network Disk Archiver)

This is a free and open source tool developed for "moderately sized computer centers". It is designed for performing the backup of multiple machines over the network to tape drives, disks, or optical disks.

Amanda can be used to backup about everything on a diverse network, using a combination of a master backup server and Linux or Windows.

LVM snapshots and hardware snapshots can also be handled using this tool.

Simple Backup Solution (SBS)

Primarily targeted at desktop backup, SBS can be used to backup files and directories. It also allows regular expressions to be used for exclusion purposes.

It includes pre-defined backup configurations that can be used to back up directories such as /var/, /etc/, /usr/local.

SBS can be used for custom backups, manual backups and scheduled backups, and is not limited to just pre-defined backups.

Bacula

Bacula is a free and open source tool and requires client programs to be installed on each system targeted for backup. All these systems are controlled using a server that centrally handles the backup rules.

Bacula has its own file format, which is not proprietary as the tool is open source.

Routine full and incremental backups can be done using the tool and it offers better support for setups if multiple servers are being used with their own tape drives.

Encryption and RAID is supported by Bacula. Scripting language for customizing your backup jobs is also offered by Bacula, which can be used to incorporate encryption.

How it works...

A backup tool is necessary for anyone in the IT industry or a computer power user. The backup tool should be capable of scheduled backups, one-time backups, local backups, remote backups, and many other features.

Left arrow icon

Page 1 of 11

Right arrow icon
Download code icon Download Code

Key benefits

  • Hands-on recipes to create and administer a secure Linux system
  • Enhance file system security and local and remote user authentication
  • Use various security tools and different versions of Linux for different tasks

Description

Over the last few years, system security has gained a lot of momentum and software professionals are focusing heavily on it. Linux is often treated as a highly secure operating system. However, the reality is that Linux has its share of security ?aws, and these security ?aws allow attackers to get into your system and modify or even destroy your important data. But there’s no need to panic, since there are various mechanisms by which these ?aws can be removed, and this book will help you learn about different types of Linux security to create a more secure Linux system. With a step-by-step recipe approach, the book starts by introducing you to various threats to Linux systems. Then, this book will walk you through customizing the Linux kernel and securing local files. Next, you will move on to managing user authentication both locally and remotely and mitigating network attacks. Later, you will learn about application security and kernel vulnerabilities. You will also learn about patching Bash vulnerability, packet filtering, handling incidents, and monitoring system logs. Finally, you will learn about auditing using system services and performing vulnerability scanning on Linux. By the end of this book, you will be able to secure your Linux systems and create a robust environment.

What you will learn

Learn about vulnerabilities and exploits in relation to Linux systems Configure and build a secure kernel and test it Learn about file permissions and how to securely modify files Authenticate users remotely and securely copy files on remote systems Review different network security methods and tools Perform vulnerability scanning on Linux machines using tools Learn about malware scanning and read through logs

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Buy Now

Product Details

Publication date : Aug 31, 2018
Length 482 pages
Edition : 2nd Edition
Language : English
ISBN-13 : 9781789138399
Category :
Security
Concepts :
Information Security
Tools :
Linux (Intermediate)

Table of Contents

20 Chapters
Title Page Chevron down icon Chevron up icon
Title Page
Copyright and Credits Chevron down icon Chevron up icon
Copyright and Credits
Contributors Chevron down icon Chevron up icon
Contributors
Packt Upsell Chevron down icon Chevron up icon
Packt Upsell
Preface Chevron down icon Chevron up icon
Preface
Linux Security Problem Chevron down icon Chevron up icon
Linux Security Problem
Security policy
Configuring server security
Security policy – server security
Defining security controls
Checking the integrity of installation medium by using checksum
Using LUKS disk encryption
Make use of sudoers – configuring sudo access
Scanning hosts with Nmap
Gaining root on a vulnerable Linux system
Missing backup plans
Configuring a Secure and Optimized Kernel Chevron down icon Chevron up icon
Configuring a Secure and Optimized Kernel
Creating USB boot media
Retrieving the kernel source
Configuring and building kernel
Installing and booting from a kernel
Kernel testing and debugging
Debugging kernel boot
Kernel errors
Checking kernel parameters using Lynis
Local Filesystem Security Chevron down icon Chevron up icon
Local Filesystem Security
Viewing files and directory details using ls
Using chmod to set permissions on files and directories
Using chown to change ownership of files and directories
Using ACLs to access files
File handling using the mv command (moving and renaming)
Implementing Mandatory Access Control with SELinux
Using extended file attributes to protect sensitive files
Installing and configuring a basic LDAP server on Ubuntu
Local Authentication in Linux Chevron down icon Chevron up icon
Local Authentication in Linux
User authentication and logging
Limiting login capabilities of users
Disabling username/password logins
Monitoring user activity using acct
Login authentication using a USB device and PAM
Defining user authorization controls
Access Management using IDAM
Remote Authentication Chevron down icon Chevron up icon
Remote Authentication
Remote server/host access using SSH
Enabling and disabling root login over SSH
Key-based login into SSH for restricting remote access
Copying files remotely
Setting up a Kerberos server with Ubuntu
Using LDAP for user authentication and management
Network Security Chevron down icon Chevron up icon
Network Security
Managing TCP/IP networks
Using a packet sniffer to monitor network traffic
Using IP tables for configuring a firewall
Blocking spoofed addresses
Blocking incoming traffic
Configuring and using TCP Wrappers
Blocking country-specific traffic using mod_security
Securing network traffic using SSL
Security Tools Chevron down icon Chevron up icon
Security Tools
Linux sXID
Port Sentry
Using Squid proxy
Open SSL server
Tripwire
Shorewall
OSSEC
Snort
Rsync and Grsync – backup tool
Linux Security Distros Chevron down icon Chevron up icon
Linux Security Distros
Kali Linux
pfSense
Digital Evidence and Forensic Toolkit  (DEFT)
Network Security Toolkit (NST)
Security Onion
Tails OS
Qubes OS
Bash Vulnerability Patching Chevron down icon Chevron up icon
Bash Vulnerability Patching
Understanding the Bash vulnerability – Shellshock
Security issues – Shellshock
Linux patch management system
Applying patches in Linux
Other well-known Linux vulnerabilities
Security Monitoring and Logging Chevron down icon Chevron up icon
Security Monitoring and Logging
Viewing and managing log files using Logcheck
Monitoring the network using Nmap
Using Glances for system monitoring
Monitoring logs using MultiTail
Using system tools – whowatch
Using system tools – stat
Using System tools – lsof
Using System tools – strace
Real time IP LAN monitoring using IPTraf
Network security monitoring using Suricata
Network monitoring using OpenNMS
Understanding Linux Service Security Chevron down icon Chevron up icon
Understanding Linux Service Security
Web server – HTTPD
Remote service login – Telnet
Secure remote login – SSH
File transfer security – FTP
Securing Mail Transfer – SMTP
Scanning and Auditing Linux Chevron down icon Chevron up icon
Scanning and Auditing Linux
Installing an antivirus on Linux
Scanning with ClamAV
Finding rootkits
Using the auditd daemon
Using ausearch and aureport to read logs
Auditing system services with systemctl
Vulnerability Scanning and Intrusion Detection Chevron down icon Chevron up icon
Vulnerability Scanning and Intrusion Detection
Network security monitoring using Security Onion
Finding vulnerabilities with OpenVAS
Using Nikto for web server scanning
Hardening using Lynis
Other Books You May Enjoy Chevron down icon Chevron up icon
Other Books You May Enjoy
Leave a review - let other readers know what you think
Index Chevron down icon Chevron up icon
Index

Recommendations for you

Left arrow icon
Microsoft Defender for Endpoint in Depth: Take any organization's endpoint security to the next level
Microsoft Defender for Endpoint in Depth: Take any organization's endpoint security to the next level
Mar 2023 362
ebook
eBook
  • ebook eBook $27.98
  • print Print $49.99
$27.98 $39.99
$49.99
CompTIA Security+: SY0-601 Certification Guide: Complete coverage of the new CompTIA Security+ (SY0-601) exam to help you pass on the first attempt, Second Edition
CompTIA Security+: SY0-601 Certification Guide: Complete coverage of the new CompTIA Security+ (SY0-601) exam to help you pass on the first attempt, Second Edition
Dec 2020 550
ebook
eBook
  • ebook eBook $16.99
  • print Print $30.99
$16.99 $24.99
$30.99
Mastering Linux Security and Hardening: A practical guide to protecting your Linux system from cyber attacks, Third Edition
Mastering Linux Security and Hardening: A practical guide to protecting your Linux system from cyber attacks, Third Edition
Feb 2023 618
ebook
eBook
  • ebook eBook $27.98
  • print Print $49.99
$27.98 $39.99
$49.99
The Ultimate Kali Linux Book: Perform advanced penetration testing using Nmap, Metasploit, Aircrack-ng, and Empire, Second Edition
The Ultimate Kali Linux Book: Perform advanced penetration testing using Nmap, Metasploit, Aircrack-ng, and Empire, Second Edition
Feb 2022 742
ebook
eBook
  • ebook eBook $29.99
  • print Print $54.99
  • audiobook Audiobook $45.99
$29.99 $43.99
$54.99
$45.99
Effective Threat Investigation for SOC Analysts: The ultimate guide to examining various threats and attacker techniques using security logs
Effective Threat Investigation for SOC Analysts: The ultimate guide to examining various threats and attacker techniques using security logs
Aug 2023 314
ebook
eBook
  • ebook eBook $29.99
  • print Print $54.99
$29.99 $43.99
$54.99
Keycloak - Identity and Access Management for Modern Applications: Harness the power of Keycloak, OpenID Connect, and OAuth 2.0 to secure applications, Second Edition
Keycloak - Identity and Access Management for Modern Applications: Harness the power of Keycloak, OpenID Connect, and OAuth 2.0 to secure applications, Second Edition
Jul 2023 350
ebook
eBook
  • ebook eBook $29.99
  • print Print $54.99
$29.99 $43.99
$54.99
Practical Threat Detection Engineering: A hands-on guide to planning, developing, and validating detection capabilities
Practical Threat Detection Engineering: A hands-on guide to planning, developing, and validating detection capabilities
Jul 2023 328
ebook
eBook
  • ebook eBook $32.99
  • print Print $59.99
$32.99 $47.99
$59.99
Mastering Microsoft 365 Defender: Implement Microsoft Defender for Endpoint, Identity, Cloud Apps, and Office 365 and respond to threats
Mastering Microsoft 365 Defender: Implement Microsoft Defender for Endpoint, Identity, Cloud Apps, and Office 365 and respond to threats
Jul 2023 572
ebook
eBook
  • ebook eBook $27.98
  • print Print $49.99
$27.98 $39.99
$49.99
CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam
CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam
Mar 2022 654
ebook
eBook
  • ebook eBook $27.98
  • print Print $49.99
  • audiobook Audiobook $44.99
$27.98 $39.99
$49.99
$44.99
Mastering Windows Server 2022: Comprehensive administration of your Windows Server environment, Fourth Edition
Mastering Windows Server 2022: Comprehensive administration of your Windows Server environment, Fourth Edition
May 2023 720
ebook
eBook
  • ebook eBook $27.98
  • print Print $49.99
$27.98 $39.99
$49.99
Right arrow icon

Customer reviews

Filter icon Filter
Top Reviews
  • Top Reviews
  • Most Recent
Rating distribution
Empty star icon Empty star icon Empty star icon Empty star icon Empty star icon 0
(0 Ratings)
5 star 0%
4 star 0%
3 star 0%
2 star 0%
1 star 0%

Filter reviews by

No reviews found

People who bought this also bought

Left arrow icon
Privilege Escalation Techniques: Learn the art of exploiting Windows and Linux systems
Privilege Escalation Techniques: Learn the art of exploiting Windows and Linux systems
Nov 2021 340
ebook
eBook
  • ebook eBook $29.99
  • print Print $54.99
$29.99 $43.99
$54.99
The Ultimate Kali Linux Book: Perform advanced penetration testing using Nmap, Metasploit, Aircrack-ng, and Empire, Second Edition
The Ultimate Kali Linux Book: Perform advanced penetration testing using Nmap, Metasploit, Aircrack-ng, and Empire, Second Edition
Feb 2022 742
ebook
eBook
  • ebook eBook $29.99
  • print Print $54.99
  • audiobook Audiobook $45.99
$29.99 $43.99
$54.99
$45.99
Cybersecurity – Attack and Defense Strategies: Improve your security posture to mitigate risks and prevent attackers from infiltrating your system, Third Edition
Cybersecurity – Attack and Defense Strategies: Improve your security posture to mitigate risks and prevent attackers from infiltrating your system, Third Edition
Sep 2022 570
ebook
eBook
  • ebook eBook $22.99
  • print Print $41.99
$22.99 $33.99
$41.99
Mastering Windows Security and Hardening: Secure and protect your Windows environment from cyber threats using zero-trust security principles, Second Edition
Mastering Windows Security and Hardening: Secure and protect your Windows environment from cyber threats using zero-trust security principles, Second Edition
Aug 2022 816
ebook
eBook
  • ebook eBook $29.99
  • print Print $54.99
$29.99 $43.99
$54.99
Cybersecurity Career Master Plan: Proven techniques and effective tips to help you advance in your cybersecurity career
Cybersecurity Career Master Plan: Proven techniques and effective tips to help you advance in your cybersecurity career
Sep 2021 280
ebook
eBook
  • ebook eBook $27.98
  • print Print $49.99
  • audiobook Audiobook $32.99
$27.98 $39.99
$49.99
$32.99
Pentesting Web Applications: Testing real time web apps [Video]
Pentesting Web Applications: Testing real time web apps [Video]
Nov 2017
video
Video
  • video Video $130.99
$130.99
Right arrow icon

Authors (1)

Profile icon Tajinder Kalsi
Tajinder Kalsi is an innovative professional with more than 9 years' progressive experience within the information security industry. He has a good amount of knowledge and experience in web application testing, vulnerability assessment, network penetration testing, and risk assessment. At present, he is working as an information security consultant. He started his career with Wipro as a technical associate, and later on he became an ISMS consultant-cum-technical evangelist. In his free time, he conducts seminars in colleges all across India on various topics, in more than 125 colleges; he has spoken to 10,000+ students. Tajinder is a certified ISO 27001:2013 Auditor. Tajinder authored Practical Linux Security Cookbook published by Packt Publishing. He has also reviewed the following books: Web Application Penetration Testing with Kali Linux and Mastering Kali Linux for Advanced Penetration Testing. He has also authored three video courses with Packt: Getting Started with Pentensing, Finding and Exploiting Hidden Vulnerabilities, and Pentesting Web Applications. He is best described as dedicated, devoted, and determined and a person who strongly believes in making his dreams come true. He defines himself as a tireless worker, who loves to laugh and make others laugh. He is also very friendly and level-headed. https://www.linkedin.com/in/tajinderkalsi/.
Read more
See other products by Tajinder Kalsi
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

How do I buy and download an eBook? Chevron down icon Chevron up icon

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Please Note: Packt eBooks are non-returnable and non-refundable.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

  • You may make copies of your eBook for your own use onto any machine
  • You may not pass copies of the eBook on to anyone else
How can I make a purchase on your website? Chevron down icon Chevron up icon

If you want to purchase a video course, eBook or Bundle (Print+eBook) please follow below steps:

  1. Register on our website using your email address and the password.
  2. Search for the title by name or ISBN using the search option.
  3. Select the title you want to purchase.
  4. Choose the format you wish to purchase the title in; if you order the Print Book, you get a free eBook copy of the same title. 
  5. Proceed with the checkout process (payment to be made using Credit Card, Debit Cart, or PayPal)
Where can I access support around an eBook? Chevron down icon Chevron up icon
  • If you experience a problem with using or installing Adobe Reader, the contact Adobe directly.
  • To view the errata for the book, see www.packtpub.com/support and view the pages for the title you have.
  • To view your account details or to download a new copy of the book go to www.packtpub.com/account
  • To contact us directly if a problem is not resolved, use www.packtpub.com/contact-us
What eBook formats do Packt support? Chevron down icon Chevron up icon

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

You will need to use Adobe Reader v9 or later in order to read Packt's PDF eBooks.

What are the benefits of eBooks? Chevron down icon Chevron up icon
  • You can get the information you need immediately
  • You can easily take them with you on a laptop
  • You can download them an unlimited number of times
  • You can print them out
  • They are copy-paste enabled
  • They are searchable
  • There is no password protection
  • They are lower price than print
  • They save resources and space
What is an eBook? Chevron down icon Chevron up icon

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

When you have purchased an eBook, simply login to your account and click on the link in Your Download Area. We recommend you saving the file to your hard drive before opening it.

For optimal viewing of our eBooks, we recommend you download and install the free Adobe Reader version 9.