Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Practical Linux Security Cookbook
Practical Linux Security Cookbook

Practical Linux Security Cookbook: Secure your Linux environment from modern-day attacks with practical recipes , Second Edition

Arrow left icon
Profile Icon Kalsi
Arrow right icon
Can$34.98 Can$49.99
Full star icon Full star icon Full star icon Half star icon Empty star icon 3.7 (3 Ratings)
eBook Aug 2018 482 pages 2nd Edition
eBook
Can$34.98 Can$49.99
Paperback
Can$61.99
Subscription
Free Trial
Arrow left icon
Profile Icon Kalsi
Arrow right icon
Can$34.98 Can$49.99
Full star icon Full star icon Full star icon Half star icon Empty star icon 3.7 (3 Ratings)
eBook Aug 2018 482 pages 2nd Edition
eBook
Can$34.98 Can$49.99
Paperback
Can$61.99
Subscription
Free Trial
eBook
Can$34.98 Can$49.99
Paperback
Can$61.99
Subscription
Free Trial

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
OR
Modal Close icon
Payment Processing...
tick Completed

Billing Address

Table of content icon View table of contents Preview book icon Preview Book

Practical Linux Security Cookbook

Linux Security Problem

A Linux machine is only as secure as the administrator configures it to be. Once we have installed the Linux distribution of our choice and have removed all the unnecessary packages post installation, we can start working on the security aspect of the system by fine-tuning the installed software and services.

In this chapter, we will discuss the following topics:

  • Configuring server security
  • Security policy—server security
  • Defining security controls
  • Missing backup plans

The following recipes will be covered in the chapter:

  • Checking the integrity of installation medium using checksum
  • Using LUKS disk encryption
  • Making use of sudoers—configuring sudo access
  • Scanning hosts with Nmap
  • Gaining root on a vulnerable Linux system
  • Missing backup plans

Security policy

A security policy is a definition that outlines the rules and practices to be followed for computer network security in an organization. How the organization should manage, protect, and distribute sensitive data is defined in the security policy.

Developing a security policy

When creating a security policy you should keep in mind that it should be simple and easy for all the users to follow. The objective of the policy should be to protect the data while keeping the privacy of the users.

It should be developed around these points:

  • Accessibility to the system
  • Software installation rights on the system
  • Data permission
  • Recovery from failure

When developing a security policy, a user should be using only those services for which permission has been granted. Anything that is not permitted should be restricted in the policy. Let's look at some common Linux security myths.

Linux security myths

You might feel nervous while planning to use Linux-based systems in your business. This may be due to some false rumors about security in Linux that the systems might have fallen prey to any of the myths out there.

Myth – as Linux is open source, it is considered to be insecure

Linux, being a free and open source operating system, has its own advantages. It includes a large base of developers who constantly audit the source code for any possible security risks; the Linux community can provide fast support and fixes for any potential security problem. Patches are released quickly for testing by the community so they don't have to deal with the clumsy administration that other Unix vendors may have to deal with.

Due to the massive worldwide user base, Linux's security gets tested across huge range of computing environments, thus making it one of the most stable and secure operating systems. As Linux is open to scrutiny by developers across the world, it helps Linux derive superior security in the ways the privileges are assigned. The way in which these privileges are assigned in a Linux system is also a security feature derived from the open source code of the system.

Myth – Linux is an experts-only system, and only they know how to configure their systems in terms of security

Assuming that Linux is for experts who know how to deal with viruses is a misconception. Linux has evolved to become one of the friendliest OSes that can be used by anyone, whether novice or experts.

Linux is secure because of its strong architecture. Regular users on a Linux system possess low-privileged accounts rather than having root privileges.

Myth – Linux is virus free

Due to its strong architecture, even if a Linux system gets compromised, viruses would not have root access and thus will not be able to cause any major damage to the system.

Even on Linux servers, several levels of security are implemented and they are updated more often, again helping to secure the servers from viruses.

There are still a number of viruses that target Linux, thus making it not completely virus free. But most of the viruses that exist for Linux are non-destructive in nature.

Configuring server security

Once a Linux server is created, the immediate next step is to implement security procedures to make sure that any kind of threat should not cause the system to be compromised. A major reason for malicious attacks on Linux servers have been poorly implemented security or existing vulnerabilities. When configuring a server, the security policies need to be implemented properly to create a secure environment that will help prevent your business from getting hacked.

How to do it...

Let us have a look for each and every configuration.

User management

Follow these steps to configure server security:

  1. When a Linux server is created, the first user created by default is always the root user. This root user should be used for initial configuration only.
  2. Once initial configuration is done, this root user should be disabled via SSH. This will make it difficult for any hacker to gain access to your Linux machine.
  3. Further, a secondary user should be created to log in and administer the machine. This user can be allowed sudo permissions if administrative actions need to be performed.

Password policy

Follow these steps to configure server security:

  1. When creating user accounts, ensure the use of strong passwords. If allowed, keep the length of the password to between 12 to 14 characters.
  2. If possible, generate passwords randomly, and include lowercase and uppercase letters, numbers, and symbols.
  3. Avoid using password combinations that could be easily guessed, such as dictionary words, keyboard patterns, usernames, ID numbers, and so on.
  4. Avoid using the same password twice.

Configuration policy

Follow these steps to configure server security:

  1. The operating system on the server should be configured in accordance with the guidelines approved for InfoSec.
  2. Any service or application not being used should be disabled, wherever possible.
  3. Every access to the services and applications on the server should be monitored and logged. It should also be protected through access-control methods. An example of this will be covered in Chapter 3, Local Filesystem Security.
  4. The system should be kept updated and any recent security patches, if available, should be installed as soon as possible
  5. Avoid using the root account as much as possible. It is better to use the security principles that require least access to perform a function.
  1. Any kind of privileged access must be performed over a secure channel connection (SSH) wherever possible.
  2. Access to the server should be in a controlled environment.

Monitoring policy

  1. All security-related actions on server systems must be logged and audit reports should be saved as follows:
  • For a period of one month, all security-related logs should be kept online
  • For a period of one month, the daily backups, as well as the weekly backups should be retained
  • For a minimum of two years, the monthly full backups should be retained
  1. Any event related to security being compromised should be reported to the InfoSec team. They shall then review the logs and report the incident to the IT department.
  2. Some examples of security-related events are as follows:
  • Port-scanning-related attacks
  • Access to privileged accounts without authorization
  • Unusual occurrences due to a particular application on the host

How it works...

Following the policies as given here helps in the base configuration of the internal server that is owned or operated by the organization. Implementing the policy effectively will minimize unauthorized access to any sensitive and proprietary information.

Security policy – server security

A major reason for malicious attacks on Linux servers has been poorly implemented security or existing vulnerabilities. When configuring a server, the security policies need to be implemented properly and ownership needs to be taken for proper customization of the server.

How to do it…

Let's have a look and various security policies

General policy

Let's discuss the various security policies:

  1. The administration of all the internal servers in an organization is the responsibility of a dedicated team that should also keep watch for any kind of compliance issues. If a compliance issues occurs, the team should immediately review and implement an updated security policy.
  2. When configuring internal servers, they must be registered in such a way that the identification of the servers can be done on the basis of the following information:
    • Location of the server
    • Operating system version and hardware configuration
    • Services and applications running on the server
  3. Any kind of information in the organization's management system must always be kept up to date.

Configuration policy

Let's discuss the various security policies:

  1. The operating system on the server should be configured in accordance with the guidelines approved for InfoSec.
  2. Any service or application not being used should be disabled, wherever possible.
  3. Every access to the services and applications on the server should be monitored and logged. It should also be protected through access-control methods. An example of this will be covered in Chapter 3, Local FileSystem Security.
  4. The system should be kept updated and any recent security patches, if available, should be installed as soon as possible
  5. Avoid using the root account as much as possible. It is better to use security principles that require least access to perform a function.
  6. Any kind of privileged access must be performed over a secure channel connection (SSH), wherever possible.
  7. Access to the server should be in a controlled environment.

Monitoring policy

Let's discuss the various security policies:

  1. All security-related actions on server systems must be logged and audit reports should be saved as follows:
    • For a period of one month, all the security-related logs should be kept online
    • For a period of one month, the daily backups, as well as the weekly backups, should be retained
    • For a minimum of two years, the monthly full backups should be retained
  2. Any event related to security being compromised should be reported to the InfoSec team. They shall then review the logs and report the incident to the IT department.
  3. Some examples of security related events are as follows:
    • Port-scanning-related attacks
    • Access to privileged accounts without authorization
    • Unusual occurrences due to a particular application on the host

How it works…

Following the policies as given here helps the base configuration of the internal server that is owned or operated by the organization. Implementing the policy effectively will minimize unauthorized access to any sensitive and proprietary information.

Defining security controls

Securing a Linux server starts with the process of hardening the system, and to do this it's important to define a list of security controls. A security controls list (or security checklist) confirms that proper security controls have been implemented.

How to do it...

Let's have a look at various security control checklists.

Installation

Now we will look into each security control checklist:

  • Installation media such as CD-ROM/DVD/ISO should be checked by using checksum
  • A minimal base installation should be done when creating the server
  • It is good practice to create separate filesystems for /home, and /tmp
  • It is good practice to install minimum software on the server to minimize the chances of vulnerability
  • Always keep the Linux kernel and software up to date

Boot and disk

Now we will look into each security control checklist:

  • Encrypt partitions using disk encryption methods such as LUKS.
  • Limit access to BIOS by configuring a BIOS password.
  • Limit bootable devices and allow only devices such as disk to be booted.
  • Configure a password to access the single user mode boot loader.

Network and services

Now we will look into each security control checklist:

  • Determine the services running by checking the open network ports.
  • Use a firewall such as iptables/nftables to limit access to the services as per need.
  • Encrypt all data transmitted over the network.
  • Avoid using services such as FTP, Telnet, and Rlogin/Rsh.
  • Any unwanted services should be disabled.
  • A centralized authentication service should be used.

Intrusion detection and Denial of Service (DoS)

Now we will look into each security control checklist:

  • File integrity tools such as AIDE, Samhain, and AFICK should be installed and configured for monitoring important files.
  • Use a malware scanner such as CalmAV to protect against malicious scripts.
  • Configure system logging to a remote machine for the purpose of detection, forensics, and archiving.
  • Deter brute-force attacks by using anti brute-force tools for authentication attempts.

Auditing and availability

Now we will look into each security control checklist:

  • Read through logs to monitor for suspicious activity.
  • Configure auditd configuration to perform system accounting.
  • Ensure backup is working, and also check restores.

How it works...

Implementing these security controls minimizes the security risk to your Linux server. This helps protect your data from the hands of hackers.

Checking the integrity of installation medium by using checksum

Whenever you download an image file of any Linux distribution, it should always be checked for correctness and safety. This can be done by generating an MD5 hash after downloading the image file and then comparing the generated hash with the hash generated by the organization supplying the image file.

This helps in checking the integrity of the downloaded file. If the original file was tampered with it can be detected using the MD5 hash comparison. The larger the file size, the higher the possibility of changes in the file. It is always recommended you do an MD5 hash comparison for files such as the operating system installation CD.

Getting ready

md5sum is normally installed in most Linux distributions, so installation is not required.

How to do it…

Perform the following steps:

  1. Open the Linux Terminal and then change the directory to the folder containing the downloaded ISO file.
Because Linux is case sensitive, type the correct spelling for the folder name. Downloads are not the same as downloads in Linux.
  1. After changing to the download directory, type the following command:
md5sum ubuntu-filename.iso

md5sum will then print the calculated hash in a single line as shown here:

8044d756b7f00b695ab8dce07dce43e5 ubuntu-filename.iso

Now we can compare the hash calculated by this command with the hash on the UbuntuHashes page (https://help.ubuntu.com/community/UbuntuHashes). After opening the UbuntuHashes page, we just need to copy this previously calculated hash, in the Find box of the browser (by pressing Ctrl + F).

How it works…

If the calculated hash and the hash on the UbuntuHashes page match, then the downloaded file is not damaged. In case the hashes don't match, then there is a possibility that the file might be tampered or is damaged. Try downloading the file again. If the issue still persists, it is recommended you report the issue to the administrator of the server.

See also

Here’s something extra in case you want to go the extra mile: the GUI checksum calculator available for Ubuntu.

Sometimes, it’s really inconvenient to use the Terminal for doing checksums. You need to know the right folder of the downloaded file and also the exact filename. This makes it difficult to remember the exact commands.

As a solution, there is the very small and simple software – GtkHash.

You can download the tool here: http://gtkhash.sourceforge.net/.

Or you can install it by using the following command:

sudo apt-get install gtkhash 

Using LUKS disk encryption

In enterprises, small business, and government offices, the users may have to secure their systems in order to protect their private data, which includes customers details, important files, contact details, and so on. To help with this, Linux provides a good number of cryptographic techniques that can be used to protect data on physical devices such as hard disk or removable media. One such cryptographic technique is using Linux Unified Key Setup (LUKS)-on-disk-format. This technique allows the encryption of Linux partitions.

This is what LUKS does:

  • The entire block device can be encrypted using LUKS; it's well suited for protecting the data on removable storage media or the laptop disk drives
  • LUKS uses the existing device mapper kernel subsystem
  • It also provides passphrase strengthening, which helps protect against dictionary attacks

Getting ready

For the following process to work, it is necessary that a separate partition is also created while installing Linux, which will be encrypted using LUKS.

Configuring LUKS using the steps given will remove all data on the partition being encrypted. So, before starting the process of using LUKS, make sure you take a backup of the data to some external source.

How to do it...

To begin with manually encrypting directories, perform the following steps:

  1. Install cryptsetup as shown here, which is a utility used for setting up encrypted filesystems:
apt-get install cryptsetup

The preceding command generates the following output:

  1. Encrypt your /dev/sdb1 partition, which is a removable device. To encrypt the partition, type the following command:
cryptsetup -y -v luksFormat /dev/sdb1

The preceding command generates the following output:

This command initializes the partition and also sets a passphrase. Make sure you note the passphrase for further use.

  1. Now open the newly created encrypted device by creating a mapping:
  2. Check to confirm that the device is present:
ls -l /dev/mapper/backup2

The preceding command generates the following output:

  1. Check the status of the mapping using the following command:
  2. Dump LUKS headers using the following command:
  3. Next, write zeros to /dev/mapper/backup2 encrypted device:

As the dd command may take hours to complete, we use the pv command to monitor the progress.

  1. Now create a filesystem:
mkfs.ext4 /dev/mapper/backup2

The preceding command generates the following output:

  1. Then mount the new filesystem and confirm the filesystem is visible:

Congratulations! You have successfully created an encrypted partition. Now, you can keep all your data safe, even when the computer is off.

There's more...

Perform the following commands to unmount and secure the data on the partition:

umount /backup2
cryptsetup luksClose backup

To remount the encrypted partition, perform the following steps:

cryptsetup luksOpen /dev/xvdc backup2
mount /dev/mapper/backup2 /backup2
df -H
mount

Make use of sudoers – configuring sudo access

Sudoer is the functionality of the Linux system that can be used by an administrator to provide administrative access to a trusted regular user, without actually sharing the root user's password. The administrator simply needs to add the regular user in the sudoers list.

Once a user has been added to the sudoers list, they can execute any administrative command by preceding it with sudo. Then the user would be asked to enter their own password. After this, the administrative command would be executed the same way as by the root user.

Getting ready

As the file for the configuration is pre-defined and the commands used are inbuilt, nothing extra is needed to be configured before starting the steps.

How to do it…

Perform the following steps:

  1. You will first create a normal account and then give it sudo access. Once done, you will be able to use the sudo command from the new account and then execute the administrative commands. Follow the steps given to configure sudo access. First, use the root account to log in to the system then create a user account using the useradd command, as shown. Replace USERNAME in the command with any name of your choice:
  1. Now, using the passwd command set a password for the new user account, as shown:
  1. Now edit the /etc/sudoers file by running the visudo as shown. The policies applied when using the sudo command, are defined by the /etc/sudoers file:
  1. Once the file is open in the editor, search for the following lines which allow sudo access to the users in the test group:
  1. You can enable the given configuration by deleting the comment character (#) at the beginning of the second line. Once the changes are done, save the file and exit from the editor. Now using the usermod command, add the previously created user to the test group:
  1. Now you need to check whether the configuration created now allows the new user account to run commands using sudo.
  1. To switch to the newly created user account, use the su option:
  1. Now use the groups command to confirm the presence of the user account in the test group:

Finally, run the whoami command with sudo from the new account. As you have executed a command using sudo for the first time using this new user account, the default banner message will be displayed for the sudo command. The screen will also ask for the user account password to be entered:

  1. The last line of the output shown is the username returned by the whoami command. If sudo is configured correctly this value will be root.

You have successfully configured a user with sudo access. You can now log in to this user account and use sudo to run commands the same way as you would from the root user.

How it works…

When you create a new account, it does not have the permission to run administrator commands. However, after editing the /etc/sudoers file, and making appropriate entry to grant sudo access to the new user account, you can start using the new user account to run all administrator commands.

There’s more…

Here are some extra measures that you can take to ensure total security.

Vulnerability assessment

A vulnerability assessment is the process of auditing your network and system security, through which you can come to know about the confidentiality, integrity, and availability of your network. The first phase in vulnerability assessment is reconnaissance, and this further leads to the phase of system readiness, in which we mainly check for all known vulnerabilities in the target. Next follows the phase of reporting in which we group all the vulnerabilities found into categories of low, medium, and high risk.

Scanning hosts with Nmap

Nmap, which can be used for scanning a network, is one of the most popular tools included in Linux. It has been in existence for many years, and is currently one of the preferred tools for gathering information about a network. Nmap can be used by administrators on their networks to find any open ports and the host systems. When performing vulnerability assessments, Nmap is surely a tool not to be missed.

Getting ready

Most Linux versions come with Nmap installed. The first step is to check whether you already have it by using the following command:

    nmap --version

If Nmap exists, you should see output similar to this:

If Nmap is not already installed, you can download and install it from this link: https://nmap.org/download.html.

The following command will quickly install Nmap on your system:

sudo apt-get install nmap

How to do it...

Follow these steps for scanning hosts with Nmap:

  1. The most common use of Nmap is to find all the hosts online within a given IP range. The default command used takes some time to scan the complete network, depending on the number of hosts in the network.
  2. The following screenshot shows an example:
  1. To perform a SYN scan on a particular IP from a subnet, use the following command:
  2. If SYN scan does not work properly, you can also use Stealth scan:
  1. To detect the version number of the services running on the remote host, you can perform Service Version Detection scan as follows:
  2. If you want to detect the operating system running on the remote host, run the following command:
nmap -O 192.168.1.102
  1. The output here has been truncated:
  2. If you wish to scan only for a particular port, such as 80, run the command:

How it works...

Nmap checks for the services that are listening by testing the most common network communication ports. This information helps the network administrator to close all unwanted or unused ports and services. The previous examples show how to use port scanning and Nmap as a powerful tool to study the network around us.

See also

Nmap also has scripting features that we can use to write custom scripts. These scripts can be used with Nmap to automate and extend the scanning capabilities of Nmap.

You can find more information about using Nmap at its official homepage:
https://nmap.org/
.

Gaining root on a vulnerable Linux system

When trying to learn how to scan and exploit a Linux machine, one major problem we encounter is where to try. For this purpose, the Metasploit team has developed and released a virtual machine called Metasploitable. This machine has been made vulnerable purposefully, having many services running unpatched. Due to this, it has become a great platform for practicing or developing penetration testing skills. In this section, we will learn how to scan a Linux system and then, using the scanning result, how to find a service that is vulnerable. Using that vulnerable service, we shall gain root access to the system.

Getting ready

How to do it...

The Metasploit Framework is an open source tool used by security professionals globally to perform penetration tests by executing exploit code on target systems from within the framework. It comes pre-installed with Kali Linux (the preferred choice of distribution for security professionals).

Follow these steps to gain root access to a vulnerable Linux system:

  1. First open the Metasploit console on the Kali system by running the following command:
service postgresql start
msfconsole
  1. At the bottom of the screen, you should get the Metasploit framework prompt denoted by msf>.
  2. Next, we need to scan the target, which is 192.168.0.102 in this example, using Nmap:

The following screenshot shows the output of the command:

  1. In the previous command, you can see there are many services running on different ports. Among them you can see FTP is also running on port 21.
  2. We will focus on the FTP service for now. From the output shown, you can see that the FTP service is provided by the vsftpd application version 2.3.4.
  3. Now lets try to find an exploit for vsftpd within the Metasploit framework by simply executing the command search vsftpd. Here is the output:

  1. The search results are showing a module, VSFTPD Backdoor Command Execution, with an excellent rating, which means that this exploit will work perfectly fine.
  1. Now run the following commands to use the exploit and check its options:
  1. As you can see from the screenshot, you need to set the value of RHOST, which is 192.168.1.102 in our case.
  2. Set the value for RHOST and then run the exploit as shown here:
  1. Once the exploit runs successfully, you will get root access, as shown in the preceding screenshot.

How it works...

We first did an Nmap scan to check for running services and open ports and found the FTP service running. Then we tried to find the version of the FTP service. Once we got the information, we searched for any exploit available for VSFTPD. The VSFTPD backdoor module that was found in the search result is actually a code that is being sent to the target machine by the Metasploit framework. The code gets executed on the target machine due to a module of the VSFTPD being improperly programmed. Once the code gets executed, we get a root shell access on our Kali machine

Using the exploit found for VSFTPD, we tried to attack the target system and got the root shell on it.

There's more...

Let's learn about a few more exploits and attacks that are common in Linux.

Missing backup plans

In this era of malicious attacks and dangerous cyberattacks, your data is never safe. Your data needs something more than just protection. Its needs insurance in the form of backups. At any point of time, if your data is lost, having data backups ensures that your business can be up and running in no time.

Getting ready

When we talk about data backup in Linux, choosing the best backup tool that matches your business needs is essential. Everyone needs to have a data backup tool that is dependable, but it's not necessary to spend too much to get a tool that has features that meets your needs. The backup tool should allow you to have local backups, remote backups, one-time backups, scheduled backups, and many other features.

How to do it...

Let's look at a few outstanding backup tools for Linux.

fwbackups

This is the easiest of all Linux backup tools. fwbackups has a user-friendly interface and it can be used for single backups and also for recurring scheduled backups.

Local as well as remote backups can be done in various formats, such as tar, tar.gz, tar.bz, or rsync format. A single file or an entire computer can be backed up using this tool.

Using this tool, backup and restoring can be done easily. Incremental or differential backups can be done to speed the process.

rsync

This is one of the most widely used backup solutions for Linux. It can be used for incremental backups, whether local or remote.

rsync can be used to update directory trees and filesystems while preserving links, ownerships, permissions, and privileges.

Being a command-line tool, rsync is perfect for creating simple scripts to use in conjunction with cron, so as to create automated backups.

Amanda (Advanced Maryland Automatic Network Disk Archiver)

This is a free and open source tool developed for "moderately sized computer centers". It is designed for performing the backup of multiple machines over the network to tape drives, disks, or optical disks.

Amanda can be used to backup about everything on a diverse network, using a combination of a master backup server and Linux or Windows.

LVM snapshots and hardware snapshots can also be handled using this tool.

Simple Backup Solution (SBS)

Primarily targeted at desktop backup, SBS can be used to backup files and directories. It also allows regular expressions to be used for exclusion purposes.

It includes pre-defined backup configurations that can be used to back up directories such as /var/, /etc/, /usr/local.

SBS can be used for custom backups, manual backups and scheduled backups, and is not limited to just pre-defined backups.

Bacula

Bacula is a free and open source tool and requires client programs to be installed on each system targeted for backup. All these systems are controlled using a server that centrally handles the backup rules.

Bacula has its own file format, which is not proprietary as the tool is open source.

Routine full and incremental backups can be done using the tool and it offers better support for setups if multiple servers are being used with their own tape drives.

Encryption and RAID is supported by Bacula. Scripting language for customizing your backup jobs is also offered by Bacula, which can be used to incorporate encryption.

How it works...

A backup tool is necessary for anyone in the IT industry or a computer power user. The backup tool should be capable of scheduled backups, one-time backups, local backups, remote backups, and many other features.

Left arrow icon Right arrow icon
Download code icon Download Code

Key benefits

  • Hands-on recipes to create and administer a secure Linux system
  • Enhance file system security and local and remote user authentication
  • Use various security tools and different versions of Linux for different tasks

Description

Over the last few years, system security has gained a lot of momentum and software professionals are focusing heavily on it. Linux is often treated as a highly secure operating system. However, the reality is that Linux has its share of security ?aws, and these security ?aws allow attackers to get into your system and modify or even destroy your important data. But there’s no need to panic, since there are various mechanisms by which these ?aws can be removed, and this book will help you learn about different types of Linux security to create a more secure Linux system. With a step-by-step recipe approach, the book starts by introducing you to various threats to Linux systems. Then, this book will walk you through customizing the Linux kernel and securing local files. Next, you will move on to managing user authentication both locally and remotely and mitigating network attacks. Later, you will learn about application security and kernel vulnerabilities. You will also learn about patching Bash vulnerability, packet filtering, handling incidents, and monitoring system logs. Finally, you will learn about auditing using system services and performing vulnerability scanning on Linux. By the end of this book, you will be able to secure your Linux systems and create a robust environment.

Who is this book for?

This book is intended for all those Linux users who already have knowledge of Linux file systems and administration. You should be familiar with basic Linux commands. Understanding information security and its risks to a Linux system is also helpful in understanding the recipes more easily.

What you will learn

  • Learn about vulnerabilities and exploits in relation to Linux systems
  • Configure and build a secure kernel and test it
  • Learn about file permissions and how to securely modify files
  • Authenticate users remotely and securely copy files on remote systems
  • Review different network security methods and tools
  • Perform vulnerability scanning on Linux machines using tools
  • Learn about malware scanning and read through logs

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Aug 31, 2018
Length: 482 pages
Edition : 2nd
Language : English
ISBN-13 : 9781789136005
Category :
Tools :

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
OR
Modal Close icon
Payment Processing...
tick Completed

Billing Address

Product Details

Publication date : Aug 31, 2018
Length: 482 pages
Edition : 2nd
Language : English
ISBN-13 : 9781789136005
Category :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just Can$6 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just Can$6 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total Can$ 220.97
Kali Linux Web Penetration Testing Cookbook
Can$69.99
Practical Linux Security Cookbook
Can$61.99
Mastering Linux Security and Hardening
Can$88.99
Total Can$ 220.97 Stars icon
Banner background image

Table of Contents

14 Chapters
Linux Security Problem Chevron down icon Chevron up icon
Configuring a Secure and Optimized Kernel Chevron down icon Chevron up icon
Local Filesystem Security Chevron down icon Chevron up icon
Local Authentication in Linux Chevron down icon Chevron up icon
Remote Authentication Chevron down icon Chevron up icon
Network Security Chevron down icon Chevron up icon
Security Tools Chevron down icon Chevron up icon
Linux Security Distros Chevron down icon Chevron up icon
Bash Vulnerability Patching Chevron down icon Chevron up icon
Security Monitoring and Logging Chevron down icon Chevron up icon
Understanding Linux Service Security Chevron down icon Chevron up icon
Scanning and Auditing Linux Chevron down icon Chevron up icon
Vulnerability Scanning and Intrusion Detection Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon

Customer reviews

Rating distribution
Full star icon Full star icon Full star icon Half star icon Empty star icon 3.7
(3 Ratings)
5 star 66.7%
4 star 0%
3 star 0%
2 star 0%
1 star 33.3%
DealzLab.de Feb 03, 2019
Full star icon Full star icon Full star icon Full star icon Full star icon 5
This book is great! You will find a sorted and well-structured list of measurements to protect your server against malicious attacks from outside. It guides you step by step to create a secure system. With this book, you will have the know-how of many different server security measurements. It describes each aspect in a quick and easy to understand manner.Some small critics I need to add also:The very important topic "Server Backup" should be described more into detail so that one can make remote hard drive backups. Because that's what most people need to do. Few tools are also not mentioned there which I considder as to be very important for a server administrator like WinSCP and the command screen as an example. Also, the very important aspect of monitoring file changes on the server could be described a bit more into detail.Overall it is very good and easy to understand the book. Some very important aspects could be described more into detail but that's only my point of view.
Amazon Verified review Amazon
Lorraine Oct 31, 2019
Full star icon Full star icon Full star icon Full star icon Full star icon 5
This book is quick because the Author runs three a lot of quick examples. Which then gives you ideas for more complicated uses of the same features/services the book walks the reader through.
Amazon Verified review Amazon
Koen Vervloesem Aug 25, 2019
Full star icon Empty star icon Empty star icon Empty star icon Empty star icon 1
If you want to know how to install various Linux security programs, this book is definitely for you. The author is even kind enough to include lots of screenshots of apt-get output and for some programs he even provides alternate installation methods like compiling the software yourself if you're for some reason unable to install it with apt-get. As a bonus, you even get a lot of installation instructions for non-security related programs for free.For everyone who wants to learn more about *using* these programs, don't buy this book. This is the first time ever I made the effort to write an Amazon review, just because I have too many issues with the book:- As I already wrote in the beginning, half of the book's pages are wasted with installation instructions, complete with half a page of output for every apt-get install. The author also spends a lot of time about basic Linux commands that have nothing to do with security.- Most of the cookbook tips of the more complex programs end with a variation of "Now that we have installed and configured X, we can do Y", and Y is where the fun actually begins, Y is what I wanted to learn to begin with, Y is the reason I bought this book.- The content is very shallow. For instance, apparently the author thinks securing an email server is done by disabling the vrfy command. Relay restrictions? Authentication and encryption? SPF, DKIM, DMARC? You won't find anything about these topics in this book.- There's no focus. Many times the author shows an obscure option or program behaviour that just isn't relevant, and then forgets to talk about the really interesting stuff (such as the email example in my previous point). Or he shows pages and pages of screenshots of the GNOME interface of Kali Linux and then just goes on to the next topic.- There are big holes in the topics: nothing about DNS security and nothing about OpenVPN, for instance.- Some things are just wrong. For instance, the author talks about an iptables 'table' when he means a 'chain'. He doesn't even explain the concepts of tables and chains.- There are a lot of bad security practices in this book, such as logging in as root, running a clearly EOL Ubuntu server in the screenshots with hundreds of security updates waiting to be installed, telling readers to disable SELinux when a program doesn't work to see whether SELinux is the problem (duh! I want to know why it doesn't work then, but I won't learn in this book which SELinux rules are the culprit), telling readers to "just ignore the warning" when you're connecting to a web server with a self-signed certificate in your browser, and so on.- The book could also use some better copy-editing.I expected better from a book called "Practical Linux Security Cookbook". Shame on you, Packt, for publishing this.I will send this book back for a refund, and that's another first.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

How do I buy and download an eBook? Chevron down icon Chevron up icon

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Please Note: Packt eBooks are non-returnable and non-refundable.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

  • You may make copies of your eBook for your own use onto any machine
  • You may not pass copies of the eBook on to anyone else
How can I make a purchase on your website? Chevron down icon Chevron up icon

If you want to purchase a video course, eBook or Bundle (Print+eBook) please follow below steps:

  1. Register on our website using your email address and the password.
  2. Search for the title by name or ISBN using the search option.
  3. Select the title you want to purchase.
  4. Choose the format you wish to purchase the title in; if you order the Print Book, you get a free eBook copy of the same title. 
  5. Proceed with the checkout process (payment to be made using Credit Card, Debit Cart, or PayPal)
Where can I access support around an eBook? Chevron down icon Chevron up icon
  • If you experience a problem with using or installing Adobe Reader, the contact Adobe directly.
  • To view the errata for the book, see www.packtpub.com/support and view the pages for the title you have.
  • To view your account details or to download a new copy of the book go to www.packtpub.com/account
  • To contact us directly if a problem is not resolved, use www.packtpub.com/contact-us
What eBook formats do Packt support? Chevron down icon Chevron up icon

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

You will need to use Adobe Reader v9 or later in order to read Packt's PDF eBooks.

What are the benefits of eBooks? Chevron down icon Chevron up icon
  • You can get the information you need immediately
  • You can easily take them with you on a laptop
  • You can download them an unlimited number of times
  • You can print them out
  • They are copy-paste enabled
  • They are searchable
  • There is no password protection
  • They are lower price than print
  • They save resources and space
What is an eBook? Chevron down icon Chevron up icon

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

When you have purchased an eBook, simply login to your account and click on the link in Your Download Area. We recommend you saving the file to your hard drive before opening it.

For optimal viewing of our eBooks, we recommend you download and install the free Adobe Reader version 9.