Securing and Optimizing Linux: The Ultimate Solution/Open Network Architecture.pdf

Taken from Author note: According to some surveys on the Internet, Linux will be the number one operating system for a server platform in year 2003. Presently it is number two and no one at one time thought that it would be in this second place. Many organizations, companies, universities, governments, and the military, etc, kept quiet about it. Crackers use it as the operating system by excellence to crack computers around the world. Why do so many people use it instead of other well know operating systems? The answer is simple, Linux is free and the most powerful, reliable, and secure operating system in the world, providing it is well configured. Millions of programmers, home users, hackers, developers, etc work to develop, on a voluntary basis, different programs related to security, services, and share their work with other people to improve it without expecting anything in return. This is the revolution of the Open Source movement that we see and hear about so often on the Internet and in the media.

If crackers can use Linux to penetrate servers, security specialists can use the same means to protect servers (to win a war, you should at least have equivalent weapons to what your enemy may be using). When security holes are encountered, Linux is the one operating system that has a solution and that is not by chance. Now someone may say: with all these beautiful features why is Linux not as popular as other well know operating system? There are many reasons and different answers on the Internet. I would just say that like everything else in life, anything that we are to expect the most of, is more difficult to get than the average and easier to acquire. Linux and *NIX are more difficult to learn than any other operating system. It is only for those who want to know computers in depth and know what they doing. People prefer to use other OS’s, which are easy to operate but hard to understand what is happening in the background since they only have to click on a button without really knowing what their actions imply. Every UNIX operating system like Linux will lead you unconsciously to know exactly what you are doing because if you pursue without understanding what is happening by the decision you made, then nothing will surely work as expected. This is why with Linux, you will know the real meaning of a computer and especially a server environment where every decision warrants an action which will closely impact on the security of your organization and employees.

This ebook is divided into several parts:

• Part I Installation Related Reference
• Part II Security and Optimization Related Reference
• Part III Networking Related Reference
• Part IV Cryptography & Authentication Related Reference
• Part V Monitoring & System Integrity Related Reference
• Part VI Management & Limitation Related Reference
• Part VII Domain Name System Related Reference
• Part VIII Mail Transfer Agent Related Reference
• Part IX Internet Message Access Protocol Related Reference
• Part X Database Server Related Reference
• Part XI Gateway Server Related Reference
• Part XII Other Server Related Reference
• Part XIII Backup Related Reference

Contents:

• Organization of the Book [ Steps of installation ~ Author note ~ Audience ~ These installation instructions assume ~ About products mentioned in this book ~ Obtaining the example configuration files ~ Problem with Securing & Optimizing Linux ~ Acknowledgments ]
• 1 Installation – Introduction [ What is Linux? ~ Some good reasons to use Linux ~ Let's dispel some of the fear, uncertainty, and doubt about Linux ~ Why choose Pristine source? ~ Compiling software on your system ~ Build & install software on your system ~ Editing files with the vi editor tool ~ Recommended software to include in each type of servers ~ Some last comments ]
• 2 Installation – Installing a Linux Server [ Know your Hardware! ~ Creating the Linux Boot Disk ~ Beginning the installation of Linux ~ Installation Class and Method (Install Options) ~ Partition your system for Linux ~ Disk Partition (Manual Partitioning) ~ Selecting Package Groups ~ How to use RPM Commands ~ Starting and stopping daemon services ~ Software that must be uninstalled after installation of the server ~ Remove unnecessary documentation files ~ Remove unnecessary/empty files and directories ~ Software that must be installed after installation of the server ~ Verifying installed programs on your Server ~ Update of the latest software ]
• 3 Security and Optimization – General System Security [ BIOS ~ Unplug your server from the network ~ Security as a policy ~ Choose a right password ~ The root account ~ Set login time out for the root account ~ The /etc/exports file ~ The single-user login mode of Linux ~ The LILO and /etc/lilo.conf file ~ Disabling Ctrl-Alt-Delete keyboard shutdown command ~ The /etc/services file ~ The /etc/securetty file ~ Special accounts ~ Control mounting a file system ~ Mounting the /boot directory of Linux as read-only ~ Conceal binary RPM ~ Shell logging ~ Physical hard copies of all-important logs ~ Tighten scripts under /etc/rc.d/init.d/ ~ The /etc/rc.local file ~ Bits from root-owned programs ~ Finding all files with the SUID/SGID bit enabled ~ Don’t let internal machines tell the server what their MAC address is ~ Unusual or hidden files ~ Finding Group and World Writable files and directories ~ Unowned files ~ Finding .rhosts files ~ System is compromised! ]
• 4 Security and Optimization – Pluggable Authentication Modules [ The password length ~ Disabling console program access ~ Disabling all console access ~ The Login access control table ~ Tighten console permissions for privileged users ~ Putting limits on resource ~ Controlling access time to services ~ Blocking; su to root, by one and sundry ]
• 5 Security and Optimization – General System Optimization [ Static vs. shared libraries ~ The Glibc 2.2 library of Linux ~ Why Linux programs are distributed as source ~ Some misunderstanding in the compiler flags options ~ The gcc 2.96 specs file ~ Tuning IDE Hard Disk Performance ]
• 6 Security and Optimization – Kernel Security & Optimization [ Making an emergency boot floppy ~ Checking the /boot partition of Linux ~ Tuning the Kernel ~ Applying the Openwall kernel patch ~ Cleaning up the Kernel ~ Configuring the Kernel ~ Compiling the Kernel ~ Installing the Kernel ~ Reconfiguring /etc/modules.conf file ~ Delete programs, edit files pertaining to modules ~ Remounting the /boot partition of Linux as read-only ~ Rebooting your system to load the new kernel ~ Making a new rescue floppy for Modularized Kernel ~ Making a emergency boot floppy disk for Monolithic Kernel ~ Optimizing Kernel ]
• 7 Networking – TCP/IP Network Management [ TCP/IP security problem overview ~ Installing more than one Ethernet Card per Machine ~ Files-Networking Functionality ~ Securing TCP/IP Networking ~ Optimizing TCP/IP Networking ~ Testing TCP/IP Networking ~ The last checkup ]
• 8 Networking – Firewall IPTABLES Packet Filter [ What is a Network Firewall Security Policy? ~ The Demilitarized Zone ~ What is Packet Filtering? ~ The topology ~ Building a kernel with IPTABLES Firewall support ~ Rules used in the firewall script files ~ /etc/rc.d/init.d/iptables: The Web Server File ~ /etc/rc.d/init.d/iptables: The Mail Server File ~ /etc/rc.d/init.d/iptables: The Primary Domain Name Server File ~ /etc/rc.d/init.d/iptables: The Secondary Domain Name Server File ]
• 9 Networking – Firewall Masquerading & Forwarding [ Recommended RPM packages to be installed for a Gateway Server ~ Building a kernel with Firewall Masquerading & Forwarding support ~ /etc/rc.d/init.d/iptables: The Gateway Server File ~ Deny access to some address ~ IPTABLES Administrative Tools ]
• 10 Cryptography & Authentication – GnuPG [ Compiling - Optimizing & Installing GnuPG ~ GnuPG Administrative Tools ]
• 11 Cryptography & Authentication – OPENSSL [ Compiling - Optimizing & Installing OpenSSL ~ Configuring OpenSSL ~ OpenSSL Administrative Tools ~ Securing OpenSSL ]
• 12 Cryptography & Authentication – OpenSSH [ Compiling - Optimizing & Installing OpenSSH ~ Configuring OpenSSH ~ OpenSSH Per-User Configuration ~ OpenSSH Users Tools ]
• 13 Monitoring & System Integrity – sXid [ Compiling - Optimizing & Installing sXid ~ Configuring sXid ~ sXid Administrative Tools ]
• 14 Monitoring & System Integrity – Logcheck [ Compiling - Optimizing & Installing Logcheck ~ Configuring Logcheck ]
• 15 Monitoring & System Integrity – PortSentry [ Compiling - Optimizing & Installing PortSentry ~ Configuring PortSentry ]
• 16 Monitoring & System Integrity – Tripwire [ Compiling - Optimizing & Installing Tripwire ~ Configuring Tripwire ~ Securing Tripwire ~ Tripwire Administrative Tools ]
• 17 Monitoring & System Integrity – Xinetd [ Compiling - Optimizing & Installing Xinetd ~ Configuring Xinetd ~ Securing Xinetd ]
• 18 Management & Limitation – Quota [ Build a kernel with Quota support enable ~ Modifying the /etc/fstab file ~ Creating the quota.user and quota.group files ~ Assigning Quota for Users and Groups ~ Quota Administrative Tools ]
• 19 Domain Name System – ISC BIND/DNS [ Recommended RPM packages to be installed for a DNS Server ~ Compiling - Optimizing & Installing ISC BIND & DNS ~ Configuring ISC BIND & DNS ~ Caching-Only Name Server ~ Primary Master Name Server ~ Secondary Slave Name Server ~ Running ISC BIND & DNS in a chroot jail ~ Securing ISC BIND & DNS ~ Optimizing ISC BIND & DNS ~ ISC BIND & DNS Administrative Tools ~ ISC BIND & DNS Users Tools ]
• 20 Mail Transfer Agent – Sendmail [ Recommended RPM packages to be installed for a Mail Server ~ Compiling - Optimizing & Installing Sendmail ~ Configuring Sendmail ~ Running Sendmail with SSL support ~ Securing Sendmail ~ Sendmail Administrative Tools ~ Sendmail Users Tools ]
• 21 Mail Transfer Agent – qmail [ Recommended RPM packages to be installed for a Mail Server ~ Verifying & installing all the prerequisites to run qmail ~ Compiling, Optimizing & Installing ucspi-tcp ~ Compiling, Optimizing & Installing checkpassword ~ Compiling, Optimizing & Installing qmail ~ Configuring qmail ~ Running qmail as a standalone null client ~ Running qmail with SSL support ~ Securing qmail ~ qmail Administrative Tools ~ qmail Users Tools ]
• 22 Internet Message Access Protocol – UW IMAP [ Compiling - Optimizing & Installing UW IMAP ~ Configuring UW IMAP ~ Enable IMAP or POP services via Xinetd ~ Securing UW IMAP ~ Running UW IMAP with SSL support ]
• 23 Database Server – MySQL [ Recommended RPM packages to be installed for a SQL Server ~ Compiling - Optimizing & Installing MySQL ~ Configuring MySQL ~ Securing MySQL ~ Optimizing MySQL ~ MySQL Administrative Tools ]
• 24 Database Server – PostgreSQL [ Recommended RPM packages to be installed for a SQL Server ~ Compiling - Optimizing & Installing PostgreSQL ~ Configuring PostgreSQL ~ Running PostgreSQL with SSL support ~ Securing PostgreSQL ~ Optimizing PostgreSQL ~ PostgreSQL Administrative Tools ]
• 25 Database Server – OpenLDAP [ Recommended RPM packages to be installed for a LDAP Server ~ Compiling - Optimizing & Installing OpenLDAP ~ Configuring OpenLDAP ~ Running OpenLDAP in a chroot jail ~ Running OpenLDAP with TLS/SSL support ~ Securing OpenLDAP ~ Optimizing OpenLDAP ~ OpenLDAP Administrative Tools ~ OpenLDAP Users Tools ]
• 26 Gateway Server – Squid Proxy Server [ Recommended RPM packages to be installed for a Proxy Server ~ Compiling - Optimizing & Installing Squid ~ Using GNU malloc library to improve cache performance of Squid ~ Configuring Squid ~ Securing Squid ~ Optimizing Squid ~ The cachemgr.cgi program utility of Squid ]
• 27 Gateway Server – FreeS/WAN VPN Server [ Recommended RPM packages to be installed for a VPN Server ~ Compiling - Optimizing & Installing FreeS/WAN ~ Configuring RSA private keys secrets ~ Requiring network setup for IPSec ~ Testing the FreeS/WAN installation ]
• 28 Other Server – Wu-ftpd FTP Server [ Recommended RPM packages to be installed for a FTP Server ~ Compiling - Optimizing & Installing Wu-ftpd ~ Running Wu-ftpd in a chroot jail ~ Configuring Wu-ftpd ~ Securing Wu-ftpd ~ Setup an Anonymous FTP server ~ Wu-ftpd Administrative Tools ]
• 29 Other Server – Apache Web Server [ Compiling - Optimizing & Installing MM VINI ~ Some statistics about Apache and Linux ~ Recommended RPM packages to be installed for a Web Server ~ Compiling - Optimizing & Installing Apache ~ Configuring Apache ~ Enable PHP4 server-side scripting language with the Web Server ~ Securing Apache ~ Optimizing Apache ~ Running Apache in a chroot jail ]
• 30 Other Server – Samba File Sharing Server [ Recommended RPM packages to be installed for a Samba Server ~ Compiling - Optimizing & Installing Samba ~ Configuring Samba ~ Running Samba with SSL support ~ Securing Samba ~ Optimizing Samba ~ Samba Administrative Tools ~ Samba Users Tools ]
• 31 Backup – Tar & Dump [ Recommended RPM packages to be installed for a Backup Server ~ The tar backup program ~ Making backups with tar ~ Automating tasks of backups made with tar ~ Restoring files with tar ~ The dump backup program ~ Making backups with dump ~ Restoring files with dump ~ Backing up and restoring over the network ]

Comments

• Disclaimer

  We are neither affiliated with authors and brands nor responsible for its content and change of content. Products, names and brands mentioned are the property of their respective owners. Onlinefreeebooks.net are NOT affiliated with the products and/or names mentioned in this site. This site consists of a compilation of public information available on the internet. Please read our disclaimer first!

• Manuals/ Guides

  • Appliances
    • Cooking
    • Household
    • Kitchen
    • Laundry
  • Autos
    • ATV
    • Auto Accessories
    • Auto Tools
    • Car
    • Car Audio Video
    • Motorcycle
    • Navigation
    • Scooter
  • Cameras
    • Camera
    • Camera/Video Accessories
    • Video
  • Electronics
    • Audio Video
    • Communication Device
    • Gaming Equipment
    • Portable Media
  • Manufacturing
    • Material Transport
    • Metalworking
    • Power Source
    • PowerTools & HandTools
    • Small Engine
    • Textile
    • Woodworking
  • Music
    • Mixer & Recording Equipment
    • Music Accessories
    • Musical Instrument
  • Office
    • Computer
    • Internet
    • Networking
    • Office Equipment
  • Outdoor
    • Lawn & Garden
    • Marine Equipment
    • Navigation
    • Outdoor Living
    • Pool & Spa
  • Sports, Fitness & Recreational
    • Fitness Equipment
    • Bicycle & Accessories

• Ebooks

  • Aviation Ebooks
    • Aircraft & Helicopter Technical
    • Military Aircraft
    • Regulation, Safety and Training
  • Business Ebooks
    • Business Ethics
    • Finance
    • Insurance
    • Job, Career & Employment
    • Management
    • Marketing
    • Online Earning
    • Trading
  • Engineering Ebooks
    • Agricultural Engineering
    • Chemical Engineering
    • Civil & Architectural Engineering
    • Electrical Engineering
    • Engineering Geology
    • Engineering Physic
    • Environmental Engineering
    • Geodetic Engineering
    • Geographical Engineering
    • Mechanical & Industrial Engineering
    • Mining Engineering
    • Telecommunication Engineering
  • Health & Medical Ebooks
    • Addiction
    • AIDS
    • Allergy, Asthma & Immunology
    • Alternative Medicine
    • Cardiovascular Disease
    • Health & Safety at Work
    • Health Treatment
    • Infectious Diseases
    • Medical Textbook
    • Nutritional and Metabolic Diseases
    • Psychological Disorder
    • Reproduction
    • Syndrome
    • Traumatology
  • Hobbies Ebooks
    • Blocks-Bricks and Sets
    • Console and Game
    • Gardening
    • Origami
    • Photography
    • Practical Electronics
    • Remote Controlled Toys
    • Sewing & Knitting
  • Home & Family
    • Emergency Response
    • Home Improvement
    • Mom & Kids
  • Math & Science Ebooks
    • Biology
    • Brain & Cognitives Science
    • Chemistry
    • Math
    • Oceanography
    • Physics
  • Military, Human Resource & Self Improvement Ebooks
    • Human Resource Management
    • Military
    • Self Improvement
  • Programming, Technology Ebooks
    • Artificial Intelligence
    • Blog & Related
    • Database
    • dotNET-C-C#
    • Flash
    • Geographical Technology
    • Hacking Related
    • Image & Video Editing
    • Java, J2ME, J2EE
    • Javascript
    • Matlab
    • Network & Network Programming
    • Office Related
    • Operating System
    • Other Open Source
    • Other Programming Ebooks
    • Pascal
    • Python
    • Robotics & Automation
    • SEO
    • System Administration
    • Video, Audio, 3D & Technical Drawing
    • Web & Web Programming Related
  • Recreational, Sport & Martial Art Ebooks
    • Chess & Cards
    • Martial Arts
    • Traveling
  • Social & Culture ebooks
    • Law
    • Social Economic
    • Society