Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Practical Linux Security Cookbook
Practical Linux Security Cookbook

Practical Linux Security Cookbook: Secure your Linux machines and keep them secured with the help of exciting recipes

Arrow left icon
Profile Icon Michael A Lindner Profile Icon Kalsi
Arrow right icon
$19.99 per month
Full star icon Full star icon Full star icon Full star icon Empty star icon 4 (1 Ratings)
Paperback Apr 2016 276 pages 1st Edition
eBook
$27.98 $39.99
Paperback
$48.99
Subscription
Free Trial
Renews at $19.99p/m
Arrow left icon
Profile Icon Michael A Lindner Profile Icon Kalsi
Arrow right icon
$19.99 per month
Full star icon Full star icon Full star icon Full star icon Empty star icon 4 (1 Ratings)
Paperback Apr 2016 276 pages 1st Edition
eBook
$27.98 $39.99
Paperback
$48.99
Subscription
Free Trial
Renews at $19.99p/m
eBook
$27.98 $39.99
Paperback
$48.99
Subscription
Free Trial
Renews at $19.99p/m

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing
Table of content icon View table of contents Preview book icon Preview Book

Practical Linux Security Cookbook

Chapter 2. Configuring a Secure and Optimized Kernel

In this chapter, we will discuss the following:

  • Requirements for building and using a kernel
  • Creating a USB boot media
  • Retrieving a kernel source
  • Configuring and building a kernel
  • Installing and booting from a kernel
  • Testing and debugging a kernel
  • Configuring a console for debugging using Netconsole
  • Debugging a kernel on boot

Introduction

For all Linux distributions, including Ubuntu, CentOS, and Fedora, a kernel is vital. It is by default installed for most Linux versions when the OS is installed, hence we generally don't have to compile the kernel. Even when there is a critical update to be installed in the kernel, it can be done using apt-get or yum on the Linux system.

However, there might be few situations where we have to compile the kernel from a source ourselves. A few of these situations are as follows:

  • Enabling experimental features in the kernel
  • Enabling new hardware support
  • Debugging the kernel
  • Exploring the kernel source code

Requirements for building and using a kernel

Before we can start building the Linux kernel, we must ensure that a working boot media exists for the Linux system. This can be used to boot into the Linux system if the boot loader is not configured properly. You will learn how to create a USB boot media, retrieve a kernel source, configure and build a kernel, and perform installation and booting from a kernel.

Creating a USB boot media

A USB boot media can be created on any USB media device that is formatted as ext2, ext3, or VFAT. Also, ensure that enough free space is available on the device, varying from 4 GB required for the transfer of a distribution DVD image, 700 MB in the case of a distribution CD image, or just 10 MB to transfer a minimal boot media image.

Getting ready

Before carrying out the steps, we need to have an image file of the Linux installation disk, which we can name boot.iso, and a USB storage device, as specified previously.

How to do it…

To create the USB boot media, we need to perform these commands as the root:

  1. Firstly, we need to install the syslinux boot loader by executing the following command on the USB storage device:
    syslinux /dev/sdb1
    
  2. Now, create mount points each for the boot.iso file and the USB storage device by executing the following command:
    mkdir /mnt/isoboot /mnt/diskboot
    
  3. Next, mount the boot.iso file on the mount point created for it:
    mount –o...

Retrieving a kernel source

Most Linux distributions include kernel sources in them. However, these sources may tend to be a bit out of date. Due to this, we may need to get the latest sources when building or customizing the kernel.

Getting ready

Most of the Linux kernel developer community uses the Git tool to manage source code. Even Ubuntu has integrated Git for its own Linux kernel source code, hence enabling kernel developers to interact better with the community.

We can install the git package using this command:

sudo apt-get install git

How to do it…

The Linux kernel source code can be downloaded from various sources, and we will discuss the methods used to download from these sources:

  • We can find the Linux source code in the form of a complete tarball and also as an incremental patch on the official web page of Linux kernel at http://www.kernel.org.
  • It is always recommended that you use the latest version unless you have a specific reason to work with an older version.
  • Ubuntu&apos...

Configuring and building a kernel

The need to configure the kernel could arise due to many reasons. We may want to resize the kernel to run only the necessary services, or we may have to patch it to support new hardware that was not supported earlier by the kernel. This could be a daunting task for any system administrator, and in this section, we take a look at how we can configure and build the kernel.

Getting ready

It is always recommended that you have ample space for kernels in the boot partition of any system. We can either choose the whole disk install option or set aside a minimum of 3 GB of disk space for the boot partition.

After installing the Linux distribution and configuring development packages on the system, enable the root account as well as sudo for our user account.

Now, before we start with the installation of any packages, run the following command to update the system:

sudo apt-get update && sudo apt-get upgrade

After this, check whether the build-essential package...

Installing and booting from a kernel

After having spent a lot of time configuring and compiling the kernel, we can now start the process of installing the kernel on the local system.

Getting ready

Before starting the installation of the kernel, make sure to back up all your important data on the system. Also, make a copy of /boot/ on an external storage that is formatted in the FAT32 filesystem. This will help with repairing the system if the installation process fails for any reason.

How to do it…

After completing the compilation of the kernel, we can then start following the commands required to proceed with the installation of the kernel.

  1. Install drivers by running the following command:
    How to do it…

    The preceding command will copy the modules to a subdirectory of/lib/modules.

  2. Now, run the following command to install the actual kernel:
    make install
    
    How to do it…
  3. This command executes /sbin/installkernel.
  4. The new kernel will be installed in /boot/vmlinuz-{version}.

    If a symbolic link already exists for /boot/vmlinuz...

Introduction


For all Linux distributions, including Ubuntu, CentOS, and Fedora, a kernel is vital. It is by default installed for most Linux versions when the OS is installed, hence we generally don't have to compile the kernel. Even when there is a critical update to be installed in the kernel, it can be done using apt-get or yum on the Linux system.

However, there might be few situations where we have to compile the kernel from a source ourselves. A few of these situations are as follows:

  • Enabling experimental features in the kernel

  • Enabling new hardware support

  • Debugging the kernel

  • Exploring the kernel source code

Requirements for building and using a kernel


Before we can start building the Linux kernel, we must ensure that a working boot media exists for the Linux system. This can be used to boot into the Linux system if the boot loader is not configured properly. You will learn how to create a USB boot media, retrieve a kernel source, configure and build a kernel, and perform installation and booting from a kernel.

Creating a USB boot media


A USB boot media can be created on any USB media device that is formatted as ext2, ext3, or VFAT. Also, ensure that enough free space is available on the device, varying from 4 GB required for the transfer of a distribution DVD image, 700 MB in the case of a distribution CD image, or just 10 MB to transfer a minimal boot media image.

Getting ready

Before carrying out the steps, we need to have an image file of the Linux installation disk, which we can name boot.iso, and a USB storage device, as specified previously.

How to do it…

To create the USB boot media, we need to perform these commands as the root:

  1. Firstly, we need to install the syslinux boot loader by executing the following command on the USB storage device:

    syslinux /dev/sdb1
    
  2. Now, create mount points each for the boot.iso file and the USB storage device by executing the following command:

    mkdir /mnt/isoboot /mnt/diskboot
    
  3. Next, mount the boot.iso file on the mount point created for it:

    mount –o loop boot.iso ...
Left arrow icon Right arrow icon
Download code icon Download Code

Key benefits

  • This book provides code-intensive discussions with detailed recipes that help you understand better and learn faster.
  • More than 50 hands-on recipes to create and administer a secure Linux system locally as well as on a network
  • Enhance file system security and local and remote user authentication by using various security tools and different versions of Linux for different tasks

Description

With the growing popularity of Linux, more and more administrators have started moving to the system to create networks or servers for any task. This also makes Linux the first choice for any attacker now. Due to the lack of information about security-related attacks, administrators now face issues in dealing with these attackers as quickly as possible. Learning about the different types of Linux security will help create a more secure Linux system. Whether you are new to Linux administration or experienced, this book will provide you with the skills to make systems more secure. With lots of step-by-step recipes, the book starts by introducing you to various threats to Linux systems. You then get to walk through customizing the Linux kernel and securing local files. Next you will move on to manage user authentication locally and remotely and also mitigate network attacks. Finally, you will learn to patch bash vulnerability and monitor system logs for security. With several screenshots in each example, the book will supply a great learning experience and help you create more secure Linux systems.

Who is this book for?

Practical Linux Security Cookbook is intended for all those Linux users who already have knowledge of Linux File systems and administration. You should be familiar with basic Linux commands. Understanding Information security and its risks to a Linux system is also helpful in understanding the recipes more easily. However, even if you are unfamiliar with Information security, you will be able to easily follow and understand the recipes discussed. Since Linux Security Cookbook follows a practical approach, following the steps is very easy.

What you will learn

  • Learn about various vulnerabilities and exploits in relation to Linux systems
  • Configure and build a secure kernel and test it
  • Learn about file permissions and security and how to securely modify files
  • Explore various ways to authenticate local users while monitoring their activities.
  • Authenticate users remotely and securely copy files on remote systems
  • Review various network security methods including firewalls using iptables and TCP Wrapper
  • Explore various security tools including Port Sentry, Squid Proxy, Shorewall, and many more
  • Understand Bash vulnerability/security and patch management

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Apr 29, 2016
Length: 276 pages
Edition : 1st
Language : English
ISBN-13 : 9781785286421
Tools :

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing

Product Details

Publication date : Apr 29, 2016
Length: 276 pages
Edition : 1st
Language : English
ISBN-13 : 9781785286421
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total $ 152.97
Learning Linux Binary Analysis
$48.99
Mastering Linux Network Administration
$54.99
Practical Linux Security Cookbook
$48.99
Total $ 152.97 Stars icon
Banner background image

Table of Contents

11 Chapters
1. Linux Security Problems Chevron down icon Chevron up icon
2. Configuring a Secure and Optimized Kernel Chevron down icon Chevron up icon
3. Local Filesystem Security Chevron down icon Chevron up icon
4. Local Authentication in Linux Chevron down icon Chevron up icon
5. Remote Authentication Chevron down icon Chevron up icon
6. Network Security Chevron down icon Chevron up icon
7. Security Tools Chevron down icon Chevron up icon
8. Linux Security Distros Chevron down icon Chevron up icon
9. Patching a Bash Vulnerability Chevron down icon Chevron up icon
10. Security Monitoring and Logging Chevron down icon Chevron up icon
Index Chevron down icon Chevron up icon

Customer reviews

Rating distribution
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
(1 Ratings)
5 star 0%
4 star 100%
3 star 0%
2 star 0%
1 star 0%
Happy Feb 16, 2018
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
Good security references.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is included in a Packt subscription? Chevron down icon Chevron up icon

A subscription provides you with full access to view all Packt and licnesed content online, this includes exclusive access to Early Access titles. Depending on the tier chosen you can also earn credits and discounts to use for owning content

How can I cancel my subscription? Chevron down icon Chevron up icon

To cancel your subscription with us simply go to the account page - found in the top right of the page or at https://subscription.packtpub.com/my-account/subscription - From here you will see the ‘cancel subscription’ button in the grey box with your subscription information in.

What are credits? Chevron down icon Chevron up icon

Credits can be earned from reading 40 section of any title within the payment cycle - a month starting from the day of subscription payment. You also earn a Credit every month if you subscribe to our annual or 18 month plans. Credits can be used to buy books DRM free, the same way that you would pay for a book. Your credits can be found in the subscription homepage - subscription.packtpub.com - clicking on ‘the my’ library dropdown and selecting ‘credits’.

What happens if an Early Access Course is cancelled? Chevron down icon Chevron up icon

Projects are rarely cancelled, but sometimes it's unavoidable. If an Early Access course is cancelled or excessively delayed, you can exchange your purchase for another course. For further details, please contact us here.

Where can I send feedback about an Early Access title? Chevron down icon Chevron up icon

If you have any feedback about the product you're reading, or Early Access in general, then please fill out a contact form here and we'll make sure the feedback gets to the right team. 

Can I download the code files for Early Access titles? Chevron down icon Chevron up icon

We try to ensure that all books in Early Access have code available to use, download, and fork on GitHub. This helps us be more agile in the development of the book, and helps keep the often changing code base of new versions and new technologies as up to date as possible. Unfortunately, however, there will be rare cases when it is not possible for us to have downloadable code samples available until publication.

When we publish the book, the code files will also be available to download from the Packt website.

How accurate is the publication date? Chevron down icon Chevron up icon

The publication date is as accurate as we can be at any point in the project. Unfortunately, delays can happen. Often those delays are out of our control, such as changes to the technology code base or delays in the tech release. We do our best to give you an accurate estimate of the publication date at any given time, and as more chapters are delivered, the more accurate the delivery date will become.

How will I know when new chapters are ready? Chevron down icon Chevron up icon

We'll let you know every time there has been an update to a course that you've bought in Early Access. You'll get an email to let you know there has been a new chapter, or a change to a previous chapter. The new chapters are automatically added to your account, so you can also check back there any time you're ready and download or read them online.

I am a Packt subscriber, do I get Early Access? Chevron down icon Chevron up icon

Yes, all Early Access content is fully available through your subscription. You will need to have a paid for or active trial subscription in order to access all titles.

How is Early Access delivered? Chevron down icon Chevron up icon

Early Access is currently only available as a PDF or through our online reader. As we make changes or add new chapters, the files in your Packt account will be updated so you can download them again or view them online immediately.

How do I buy Early Access content? Chevron down icon Chevron up icon

Early Access is a way of us getting our content to you quicker, but the method of buying the Early Access course is still the same. Just find the course you want to buy, go through the check-out steps, and you’ll get a confirmation email from us with information and a link to the relevant Early Access courses.

What is Early Access? Chevron down icon Chevron up icon

Keeping up to date with the latest technology is difficult; new versions, new frameworks, new techniques. This feature gives you a head-start to our content, as it's being created. With Early Access you'll receive each chapter as it's written, and get regular updates throughout the product's development, as well as the final course as soon as it's ready.We created Early Access as a means of giving you the information you need, as soon as it's available. As we go through the process of developing a course, 99% of it can be ready but we can't publish until that last 1% falls in to place. Early Access helps to unlock the potential of our content early, to help you start your learning when you need it most. You not only get access to every chapter as it's delivered, edited, and updated, but you'll also get the finalized, DRM-free product to download in any format you want when it's published. As a member of Packt, you'll also be eligible for our exclusive offers, including a free course every day, and discounts on new and popular titles.