“Hardening” is the process of protecting a system and its applications against unknown threats. Hardening Linux identifies many of the risks of running Linux hosts and applications and provides practical examples and methods to minimize those risks. The book is written for Linux/UNIX administrators who do not necessarily have in-depth knowledge of security but need to know how to secure their networks.

“Hardening” is the process of protecting a system and its applications against unknown threats.Hardening Linux identifies many of the risks of running Linux hosts and applications and provides practical examples and methods to minimize those risks. The book is written for Linux/UNIX administrators who do not necessarily have in-depth knowledge of security but need to know how to secure their networks.

Introduction Who should buy this book? Why buy this book? Security Fundamentals Risk Assessment – Who is going to attack me? Types of attackers Internal versus External attacks Mitigating Risk Security Doctrine Patch now, patch often Minimalism is good Keeping informed Logging is your friend Installing Linux securely Installing Linux securely Step-by-step example Finalising your installation Keeping your installation up-to-date Operating system security Boot security Grub Boot password security Booting file systems securely Kernel security Compiling your own kernel Sysctl Flags Users and Groups Logins and Passwords Sudo Chroot Components of a chroot jail Using the jail Development Tools Preparation How to compile packages Securing the tools Firewalling Firewall basics Network architecture & design The DMZ Iptables Configuring Testing your configuration Some firewalling examples Mail server Web server MySQL server Firewall logging & analysis Securing connections SSH Stunnel Inetd/xinetd tcpwrappers PAM Kerberos Radius and FreeRadius Securing files and file systems File & directory level security Permissions Ownership ACLs File Integrity PGP and signatures MD5 sums Tripwire NFS and why not to use it Alternatives to NFS Logging Why log? What do you need to know? Syslog Syslog-ng Log Rotation Centralised logging Logging securely using SSL? Log analysis – SEC, Swatch, Logwatch and Logcheck Where do I learn more about logging? Testing your security Testing internal security CIS Scan Testing external security Nmap Nessus Mail Transfer Agents What is a mail server? Why would I install a mail server? Where do I put my mail server? Choosing the right mail server for you SendmailPostfix Other flavours Introduction to Postfix Getting Postfix Compiling & Installing Postfix Configuring Postfix Logging for Postfix Where do I learn more about Postfix? Apache Web Server What is a web server? Why would I install a web server? Where do I put my web server? Apache (2.0.x) Getting Apache Compiling & Installing Apache Configuring Apache Httpd.conf .htaccess Chrooting Apache Using Apache with SSL Logging for Apache httpd logging Syslog logging Statistics logging (Webaliz

“Hardening” is the process of protecting a system and its applications against unknown threats.Hardening Linux identifies many of the risks of running Linux hosts and applications and provides practical examples and methods to minimize those risks. The book is written for Linux/UNIX administrators who do not necessarily have in-depth knowledge of security but need to know how to secure their networks.