Mastering Linux Security and Hardening

A comprehensive guide to mastering the art of preventing your Linux system from getting compromised.
Preview in Mapt
Code Files

Mastering Linux Security and Hardening

Donald A. Tevault

A comprehensive guide to mastering the art of preventing your Linux system from getting compromised.

Quick links: > What will you learn?> Table of content

Mapt Subscription
FREE
$29.99/m after trial
eBook
$25.20
RRP $35.99
Save 29%
Print + eBook
$44.99
RRP $44.99
What do I get with a Mapt Pro subscription?
  • Unlimited access to all Packt’s 5,000+ eBooks and Videos
  • Early Access content, Progress Tracking, and Assessments
  • 1 Free eBook or Video to download and keep every month after trial
What do I get with an eBook?
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
What do I get with Print & eBook?
  • Get a paperback copy of the book delivered to you
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
What do I get with a Video?
  • Download this Video course in MP4 format
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
$0.00
$25.20
$44.99
$29.99 p/m after trial
RRP $35.99
RRP $44.99
Subscription
eBook
Print + eBook
Start 14 Day Trial

Frequently bought together


Mastering Linux Security and Hardening Book Cover
Mastering Linux Security and Hardening
$ 35.99
$ 25.20
Implementing and Integrating PowerShell DSC [Video] Book Cover
Implementing and Integrating PowerShell DSC [Video]
$ 124.99
$ 106.25
Buy 2 for $35.00
Save $125.98
Add to Cart

Book Details

ISBN 139781788620307
Paperback376 pages

Book Description

This book has extensive coverage of techniques that will help prevent attackers from breaching your system, by building a much more secure Linux environment. You will learn various security techniques such as SSH hardening, network service detection, setting up firewalls, encrypting file systems, protecting user accounts, authentication processes, and so on. Moving forward, you will also develop hands-on skills with advanced Linux permissions, access control, special modes, and more. Lastly, this book will also cover best practices and troubleshooting techniques to get your work done efficiently.

By the end of this book, you will be confident in delivering a system that will be much harder to compromise.

Table of Contents

Chapter 1: Running Linux in a Virtual Environment
The threat landscape
Keeping up with security news
Introduction to VirtualBox and Cygwin
Using Cygwin to connect to your virtual machines
Summary
Chapter 2: Securing User Accounts
The dangers of logging in as the root user
The advantages of using sudo
Setting up sudo privileges for full administrative users
Setting up sudo for users with only certain delegated privileges
Advanced tips and tricks for using sudo
Locking down users' home directories the Red Hat or CentOS way
Locking down users' home directories the Debian/Ubuntu way
Enforcing strong password criteria
Setting and enforcing password and account expiration
Preventing brute-force password attacks
Locking user accounts
Setting up security banners
Summary
Chapter 3: Securing Your Server with a Firewall
An overview of iptables
Uncomplicated Firewall for Ubuntu systems
firewalld for Red Hat systems
nftables – a more universal type of firewall system
Summary
Chapter 4: Encrypting and SSH Hardening
GNU Privacy Guard
Encrypting partitions with Linux Unified Key Setup – LUKS
Encrypting directories with eCryptfs
Using VeraCrypt for cross-platform sharing of encrypted containers
Ensuring that SSH protocol 1 is disabled
Creating and managing keys for password-less logins
Disabling root user login
Disabling username/password logins
Setting up a chroot environment for SFTP users
Summary
Chapter 5: Mastering Discretionary Access Control
Using chown to change ownership of files and directories
Using chmod to set permissions values on files and directories
Using SUID and SGID on regular files
The security implications of the SUID and SGID permissions
Using extended file attributes to protect sensitive files
Summary
Chapter 6: Access Control Lists and Shared Directory Management
Creating an access control list for either a user or a group
Creating an inherited access control list for a directory
Removing a specific permission by using an ACL mask
Using the tar --acls option to prevent the loss of ACLs during a backup
Creating a user group and adding members to it
Creating a shared directory
Setting the SGID bit and the sticky bit on the shared directory
Using ACLs to access files in the shared directory
Summary
Chapter 7: Implementing Mandatory Access Control with SELinux and AppArmor
How SELinux can benefit a systems administrator
Setting security contexts for files and directories
Troubleshooting with setroubleshoot
Working with SELinux policies
How AppArmor can benefit a systems administrator
Looking at AppArmor profiles
Working with AppArmor command-line utilities
Troubleshooting AppArmor problems
Summary
Chapter 8: Scanning, Auditing, and Hardening
Installing and updating ClamAV and maldet
Scanning with ClamAV and maldet
SELinux considerations
Scanning for rootkits with Rootkit Hunter
Controlling the auditd daemon
Creating audit rules
Using ausearch and aureport
Applying OpenSCAP policies with oscap
Using SCAP Workbench
More about OpenSCAP profiles
Applying an OpenSCAP profile during system installation
Summary
Chapter 9: Vulnerability Scanning and Intrusion Detection
Looking at Snort and Security Onion
Scanning and hardening with Lynis
Finding vulnerabilities with OpenVAS
Web server scanning with Nikto
Summary
Chapter 10: Security Tips and Tricks for the Busy Bee
Auditing system services
Password-protecting the GRUB 2 bootloader
Securely configuring BIOS/UEFI
Using a security checklist for system setup
Summary

What You Will Learn

  • Use various techniques to prevent intruders from accessing sensitive data
  • Prevent intruders from planting malware, and detect whether malware has been planted
  • Prevent insiders from accessing data that they aren’t authorized to access
  • Do quick checks to see whether a computer is running network services that it doesn’t need to run
  • Learn security techniques that are common to all Linux distros, and some that are distro-specific

Authors

Table of Contents

Chapter 1: Running Linux in a Virtual Environment
The threat landscape
Keeping up with security news
Introduction to VirtualBox and Cygwin
Using Cygwin to connect to your virtual machines
Summary
Chapter 2: Securing User Accounts
The dangers of logging in as the root user
The advantages of using sudo
Setting up sudo privileges for full administrative users
Setting up sudo for users with only certain delegated privileges
Advanced tips and tricks for using sudo
Locking down users' home directories the Red Hat or CentOS way
Locking down users' home directories the Debian/Ubuntu way
Enforcing strong password criteria
Setting and enforcing password and account expiration
Preventing brute-force password attacks
Locking user accounts
Setting up security banners
Summary
Chapter 3: Securing Your Server with a Firewall
An overview of iptables
Uncomplicated Firewall for Ubuntu systems
firewalld for Red Hat systems
nftables – a more universal type of firewall system
Summary
Chapter 4: Encrypting and SSH Hardening
GNU Privacy Guard
Encrypting partitions with Linux Unified Key Setup – LUKS
Encrypting directories with eCryptfs
Using VeraCrypt for cross-platform sharing of encrypted containers
Ensuring that SSH protocol 1 is disabled
Creating and managing keys for password-less logins
Disabling root user login
Disabling username/password logins
Setting up a chroot environment for SFTP users
Summary
Chapter 5: Mastering Discretionary Access Control
Using chown to change ownership of files and directories
Using chmod to set permissions values on files and directories
Using SUID and SGID on regular files
The security implications of the SUID and SGID permissions
Using extended file attributes to protect sensitive files
Summary
Chapter 6: Access Control Lists and Shared Directory Management
Creating an access control list for either a user or a group
Creating an inherited access control list for a directory
Removing a specific permission by using an ACL mask
Using the tar --acls option to prevent the loss of ACLs during a backup
Creating a user group and adding members to it
Creating a shared directory
Setting the SGID bit and the sticky bit on the shared directory
Using ACLs to access files in the shared directory
Summary
Chapter 7: Implementing Mandatory Access Control with SELinux and AppArmor
How SELinux can benefit a systems administrator
Setting security contexts for files and directories
Troubleshooting with setroubleshoot
Working with SELinux policies
How AppArmor can benefit a systems administrator
Looking at AppArmor profiles
Working with AppArmor command-line utilities
Troubleshooting AppArmor problems
Summary
Chapter 8: Scanning, Auditing, and Hardening
Installing and updating ClamAV and maldet
Scanning with ClamAV and maldet
SELinux considerations
Scanning for rootkits with Rootkit Hunter
Controlling the auditd daemon
Creating audit rules
Using ausearch and aureport
Applying OpenSCAP policies with oscap
Using SCAP Workbench
More about OpenSCAP profiles
Applying an OpenSCAP profile during system installation
Summary
Chapter 9: Vulnerability Scanning and Intrusion Detection
Looking at Snort and Security Onion
Scanning and hardening with Lynis
Finding vulnerabilities with OpenVAS
Web server scanning with Nikto
Summary
Chapter 10: Security Tips and Tricks for the Busy Bee
Auditing system services
Password-protecting the GRUB 2 bootloader
Securely configuring BIOS/UEFI
Using a security checklist for system setup
Summary

Book Details

ISBN 139781788620307
Paperback376 pages
Read More

Read More Reviews

Recommended for You

Implementing and Integrating PowerShell DSC [Video] Book Cover
Implementing and Integrating PowerShell DSC [Video]
$ 124.99
$ 106.25
Practical Reinforcement Learning - Agents and Environments [Video] Book Cover
Practical Reinforcement Learning - Agents and Environments [Video]
$ 124.99
$ 106.25
Building Apps Using Amazon's Alexa and Lex Book Cover
Building Apps Using Amazon's Alexa and Lex
$ 19.99
$ 17.00
Using Elasticsearch and Kibana [Video] Book Cover
Using Elasticsearch and Kibana [Video]
$ 19.99
$ 17.00
TensorFlow and the Google Cloud ML Engine for Deep Learning [Video] Book Cover
TensorFlow and the Google Cloud ML Engine for Deep Learning [Video]
$ 19.99
$ 17.00
WinOps - DevOps on the Microsoft Azure Stack: VSTS and TFS 2018 [Video] Book Cover
WinOps - DevOps on the Microsoft Azure Stack: VSTS and TFS 2018 [Video]
$ 124.99
$ 106.25