Practical Linux Security Cookbook

Table of Contents

Practical Linux Security Cookbook

Credits

About the Author

About the Reviewer

www.PacktPub.com

eBooks, discount offers, and more

Why Subscribe?

Preface

What this book covers

What you need for this book

Who this book is for

Sections

Getting ready

How to do it…

How it works…

There's more…

See also

Conventions

Reader feedback

Customer support

Downloading the example code

Downloading the color images of this book

Errata

Piracy

Questions

1. Linux Security Problems

Introduction

The security policy of Linux

Developing a security policy

Configuring password protection

How to do it…

How it works…

Configuring server security

How to do it…

How it works…

There's more…

Security controls

Conducting integrity checks of the installation medium using checksum

Getting ready

How to do it…

How it works…

See also

Using the LUKS disk encryption

Getting ready

How to do it…

How it works…

Making use of sudoers – configuring sudo access

Getting ready

How to do it…

How it works…

There's more…

Vulnerability assessment

Scanning hosts with Nmap

Getting ready

How to do it…

How it works…

See also

Gaining a root on a vulnerable Linux system

Getting ready

How to do it…

How it works

There's more…

Null or default passwords

IP spoofing

Eavesdropping

Service vulnerabilities

Denial of Service (DoS) attack

2. Configuring a Secure and Optimized Kernel

Introduction

Requirements for building and using a kernel

Creating a USB boot media

Getting ready

How to do it…

How it works…

Retrieving a kernel source

Getting ready

How to do it…

How it works…

Configuring and building a kernel

Getting ready

How to do it…

How it works…

Installing and booting from a kernel

Getting ready

How to do it…

How it works…

Testing and debugging a kernel

Configuring a console for debugging using Netconsole

Getting ready

How to do it…

How it works

There's more…

Debugging a kernel on boot

How to do it…

3. Local Filesystem Security

Viewing file and directory details using the ls command

Getting ready

How to do it…

How it works…

Changing the file permissions using the chmod command

Getting ready

How to do it…

How it works…

There's more...

Implementing access control list (ACL)

Getting ready

How to do it…

There's more…

File handling using the mv command (moving and renaming)

Getting ready…

How it works…

There's more…

Install and configure a basic LDAP server on Ubuntu

Getting ready

How to do it…

How it works…

4. Local Authentication in Linux

User authentication and logging

Getting Started

How to do it...

How it works...

Limiting the login capabilities of users

Getting ready

How to do it...

How it works...

Monitoring user activity using acct

Getting started

How to do it?

How it works...

Login authentication using a USB device and PAM

Getting ready

How to do it…

How it works...

There's more...

Defining user authorization controls

Getting started...

How to do it...

How it works...

5. Remote Authentication

Remote server/host access using SSH

Getting ready

How to do it…

How it works…

Disabling or enabling SSH root login

Getting ready

How to do it…

How it works…

There's more…

Restricting remote access with key-based login into SSH

Getting ready

How to do it...

How it works...

Copying files remotely

Getting ready

How to do it...

How it works...

Setting up a Kerberos server with Ubuntu

Getting ready

How to do it...

How it works...

6. Network Security

Managing the TCP/IP network

Getting ready

How to do it...

How it works...

Using Iptables to configure a firewall

Getting Ready

How to do it...

How it works...

Blocking spoofed addresses

Getting Ready

How to do it...

How it works...

Blocking incoming traffic

Getting Ready

How to do it...

How it works...

Configuring and using the TCP Wrapper

Getting Ready

How to do it?

How it works...

7. Security Tools

Linux sXID

Getting Ready

How to do it...

How it works...

PortSentry

Getting Ready

How to do it?

How it works...

Using Squid proxy

Getting Ready

How to do it...

How it works...

OpenSSL Server

Getting Ready

How to do it...

How it works...

Tripwire

Getting Ready

How to do it...

How it works...

Shorewall

Getting ready

How to do it...

How it works...

8. Linux Security Distros

Kali Linux

Getting ready

How to do it...

How it works...

pfSense

Getting ready

How to do it...

How it works...

DEFT – Digital Evidence and Forensic Toolkit

Getting ready

How to do it...

How it works...

NST – Network Security Toolkit

Getting ready

How to do it...

How it works...

Helix

Getting ready

How to do it?

How it works...

9. Patching a Bash Vulnerability

Understanding the bash vulnerability through Shellshock

Getting Ready

How to do it…

How it works…

Shellshock's security issues

Getting Ready

How to do it…

How it works…

The patch management system

Getting ready

How to do it…

How it works…

Applying patches on the Linux systems

Getting ready

How to do it...

How it works...

10. Security Monitoring and Logging

Viewing and managing log files using Logcheck

Getting ready

How to do it…

How it works…

Monitoring a network using Nmap

Getting ready

How to do it…

How it works…

Using glances for system monitoring

Getting ready

How to do it…

How it works…

Monitoring logs using MultiTail

Getting ready

How to do it…

How it works…

Using system tools – Whowatch

Getting ready

How to do it…

How it works

Using system tools – stat

Getting ready

How to do it…

How it works

Using system tools – lsof

Getting ready

How to do it…

How it works

Using system tools – strace

Getting ready

How to do it…

How it works

Using Lynis

Getting ready

How to do it…

How it works

Index

Practical Linux Security Cookbook

Practical Linux Security Cookbook

Copyright © 2016 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

First published: April 2016

Production reference: 1260416

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham B3 2PB, UK.

ISBN 978-1-78528-642-1

www.packtpub.com

Credits

Author

Tajinder Kalsi

Reviewer

Nick Glynn

Commissioning Editor

Veena Pagare

Acquisition Editor

Divya Poojari

Content Development Editor

Mehvash Fatima

Technical Editors

Gebin George

Anushree Arun Tendulkar

Copy Editors

Sonia Cheema

Safis Editing

Project Coordinator

Shweta H Birwatkar

Proofreader

Safis Editing

Indexer

Rekha Nair

Production Coordinator

Aparna Bhagat

Cover Work

Aparna Bhagat

About the Author

Tajinder Kalsi is an innovative professional with more than 9 years of progressive experience within the information security industry. He has a good amount of knowledge and experience in web application testing, vulnerability assessment, network penetration testing, and risk assessment.

At present, he is working as an independent information security consultant. He started his career with Wipro as a technical associate, and later on he became an ISMS consultant cum technical evangelist. In his free time, he conducts seminars in colleges all across India on various topics, and he has covered more than 125 colleges and spoken to 10,000+ students.

In the past, he has reviewed books such as Web Application Penetration Testing with Kali Linux, Mastering Kali Linux for Advanced Penetration Testing, and Advanced Wireless Penetration Testing for Highly-Secured Environments.

You can find him on Facebook at www.facebook.com/tajinder.kalsi.tj, or contact him on his website at www.tajinderkalsi.com.

About the Reviewer

Nick Glynn is a senior software/API engineer working for freelancer.com, where he provides backend and platform support across the stack using the latest technologies.

Drawing on his broad range of experience from Board Bring up, Linux driver development and systems development through to full stack deployments, web app development and security hardening for both the Linux and Android platforms, Nick continues his independent efforts as a training instructor and consultant, delivering courses and expertise on Go, Python, and secure Linux development across the globe through his company Curiola (www.curiola.com).

I would like to thank my family for their love and my beautiful daughter, Inara, for always being there to brighten my day.

www.PacktPub.com

eBooks, discount offers, and more

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at for more details.

At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.

https://www2.packtpub.com/books/subscription/packtlib

Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can search, access, and read Packt's entire library of books.

Why Subscribe?

Fully searchable across every book published by Packt

Copy and paste, print, and bookmark content

On demand and accessible via a web browser

Preface

When setting up a Linux system, security is supposed to be an important part of all stages. A good knowledge of the fundamentals of Linux is essential to implementing a good security policy on the machine.

Linux, as it ships, is not completely secure, and it is the responsibility of the administrator to configure the machine in a way such that it becomes more secure.

Practical Linux Security Cookbook will work as a practical guide for administrators and help them configure a more secure machine.

If you want to learn about Kernel configuration, filesystem security, secure authentication, network security, and various security tools for Linux, this book is for you.

Linux security is a massive subject and not everything can be covered in just one book. Still, Practical Linux Security Cookbook will give you a lot of recipes for securing your machine.

What this book covers

Chapter 1, Linux Security Problems, covers various vulnerabilities and exploits in relation to Linux. It also discusses the kinds of security that can be implemented for these exploits. Topics include preparing security policies and security controls for password protection and server security and performing vulnerability assessments of the Linux system. It also covers the configuration of sudo access.

Chapter 2, Configuring a Secure and Optimized Kernel, focuses on the process of configuring and building the Linux kernel and its testing. Topics covered include requirements for building a kernel, configuring a kernel, kernel installation, customization, and kernel debugging. The chapter also discusses configuring a console using Netconsole.

Chapter 3, Local Filesystem Security, looks at Linux file structures and permissions. It covers topics such as viewing file and directory details, handling files and file permissions using chmod, and the implementation of an access control list. The chapter also gives readers an introduction to the configuration of LDAP.

Chapter 4, Local Authentication in Linux, explores user authentication on a local system while maintaining security. Topics covered in this chapter include user authentication logging, limiting user login capabilities, monitoring user activity, authentication control definition, and also how to use PAM.

Chapter 5, Remote Authentication, talks about authenticating users remotely on a Linux system. The topics included in this chapter are remote server access using SSH, disabling and enabling root login, restricting remote access when using SSH, copying files remotely over SSH, and setting up Kerberos.

Chapter 6, Network Security, provides information about network attacks and security. It covers managing the TCP/IP network, configuring a firewall using Iptables, blocking spoofed addresses, and unwanted incoming traffic. The chapter also gives readers an introduction to configuring and using TCP Wrapper.

Chapter 7, Security Tools, targets various security tools or software that can be used for security on a Linux system. Tools covered in this chapter include sXID, PortSentry, Squid proxy, OpenSSL server, Tripwire, and Shorewall.

Chapter 8, Linux Security Distros, introduces the readers to some of the famous distributions of Linux/Unix that have been developed in relation to security and penetration testing. The distros covered in this chapter include Kali Linux, pfSense, DEFT, NST, and Helix.

Chapter 9, Patching a Bash Vulnerability, explores the most famous vulnerability of Bash shell, which is known as Shellshock. It gives readers an understanding of Shellshock vulnerability and the security issues that can arise with its presence. The chapter also tells the reader how to use the Linux Patch Management system to secure their machine and also gives them an understanding of how patches are applied in a Linux system.

Chapter 10, Security Monitoring and Logging, provides information on monitoring logs in Linux, on a local system as well as a network. Topics discussed in this chapter include monitoring logs using Logcheck, using Nmap for network monitoring, system monitoring using Glances, and using MultiTail to monitor logs. A few other tools are also discussed, which include Whowatch, stat, lsof, strace, and Lynis.

What you need for this book

To get the most out of this book, readers should have a basic understanding of the Linux filesystem and administration. They should be aware of the basic commands