Mastering Linux Security and Hardening

封面

Title Page

Copyright and Credits

Mastering Linux Security and Hardening Second Edition

About Packt

Why subscribe?

Contributors

About the author

About the reviewers

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the example code files

Download the color images

Conventions used

Get in touch

Reviews

Section 1: Setting up a Secure Linux System

Running Linux in a Virtual Environment

Looking at the threat landscape

Why do security breaches happen?

Keeping up with security news

Differences between physical virtual and cloud setups

Introducing VirtualBox and Cygwin

Installing a virtual machine in VirtualBox

Installing the EPEL repository on the CentOS 7 virtual machine

Installing the EPEL repository on the CentOS 8 virtual machine

Configuring a network for VirtualBox virtual machines

Creating a virtual machine snapshot with VirtualBox

Using Cygwin to connect to your virtual machines

Installing Cygwin on your Windows host

Using Windows 10 Pro Bash shell to interface with Linux virtual machines

Cygwin versus Windows Bash shell

Keeping the Linux systems updated

Updating Debian-based systems

Configuring auto updates for Ubuntu

Updating Red Hat 7-based systems

Updating Red Hat 8-based systems

Managing updates in an enterprise

Summary

Questions

Further reading

Securing User Accounts

The dangers of logging in as the root user

The advantages of using sudo

Setting up sudo privileges for full administrative users

Adding users to a predefined admin group

Creating an entry in the sudo policy file

Setting up sudo for users with only certain delegated privileges

Hands-on lab for assigning limited sudo privileges

Advanced tips and tricks for using sudo

The sudo timer

View your sudo privileges

Hands-on lab for disabling the sudo timer

Preventing users from having root shell access

Preventing users from using shell escapes

Preventing users from using other dangerous programs

Limiting the user's actions with commands

Letting users run as other users

Preventing abuse via user's shell scripts

Detecting and deleting default user accounts

Locking down users' home directories the Red Hat or CentOS way

Locking down users' home directories the Debian/Ubuntu way

useradd on Debian/Ubuntu

adduser on Debian/Ubuntu

Hands-on lab for configuring adduser

Enforcing strong password criteria

Installing and configuring pwquality

Hands-on lab for setting password complexity criteria

Setting and enforcing password and account expiration

Configuring default expiry data for useradd for Red Hat or CentOS only

Setting expiry data on a per-account basis with useradd and usermod

Setting expiry data on a per-account basis with chage

Hands-on lab for setting account and password expiry data

Preventing brute-force password attacks

Configuring the pam_tally2 PAM

Hands-on lab for configuring pam_tally2

Locking user accounts

Using usermod to lock a user account

Using passwd to lock user accounts

Locking the root user account

Setting up security banners

Using the motd file

Using the issue file

Using the issue.net file

Detecting compromised passwords

Hands-on lab for detecting compromised passwords

Understanding centralized user management

Microsoft Active Directory

Samba on Linux

FreeIPA/Identity Management on RHEL/CentOS

Summary

Questions

Further reading

Securing Your Server with a Firewall - Part 1

Technical requirements

An overview of firewalld

An overview of iptables