Linux Server Security, 2/e

Michael D. Bauer

  • 出版商: O'Reilly
  • 出版日期: 2005-02-08
  • 售價: $1,430
  • 貴賓價: 9.5$1,359
  • 語言: 英文
  • 頁數: 544
  • 裝訂: Paperback
  • ISBN: 0596006705
  • ISBN-13: 9780596006709
  • 相關分類: Linux資訊安全






Linux consistently appears high up in the list of popular Internet servers, whether it's for the Web, anonymous FTP, or general services such as DNS and delivering mail. But security is the foremost concern of anyone providing such a service. Any server experiences casual probe attempts dozens of time a day, and serious break-in attempts with some frequency as well.

This highly regarded book, originally titled Building Secure Servers with Linux, combines practical advice with a firm knowledge of the technical tools needed to ensure security. The book focuses on the most common use of Linux--as a hub offering services to an organization or the Internet--and shows readers how to harden their hosts against attacks. An all-inclusive resource for Linux users who wish to harden their systems, Linux Server Security covers general security such as intrusion detection and firewalling a hub, as well as key services such as DNS, the Apache Web server, mail, and secure shell.

Author Michael D. Bauer, a security consultant, network architect, and lead author of the popular Paranoid Penguin column in the Linux Journal, carefully outlines the security risks, defines precautions that can minimize those risks, and offers recipes for robust security. He is joined on several chapters by administrator and developer Bill Lubanovic.

A number of new security topics have been added for this edition, including:

  • Database security, with a focus on MySQL
  • Using OpenLDAP for authentication
  • An introduction to email encryption
  • The Cyrus IMAP service, a popular mail delivery agent
  • The vsftpd FTP server

Geared toward Linux users with little security expertise, the author explains security concepts and techniques in clear language, beginning with the fundamentals. Linux Server Security with Linux provides a unique balance of "big picture" principles that transcend specific software packages and version numbers, and very clear procedures on securing some of those software packages on several popular distributions. With this book in hand, you'll have both the expertise and the tools to comprehensively secure your Linux system.


Table of Contents:


1. Threat Modeling and Risk Management

     Components of Risk

     Simple Risk Analysis: ALEs

     An Alternative: Attack Trees




2. Designing Perimeter Networks

     Some Terminology

     Types of Firewall and DMZ Architectures

     Deciding What Should Reside on the DMZ

     Allocating Resources in the DMZ

     The Firewall

3. Hardening Linux and Using iptables

     OS Hardening Principles

     Automated Hardening with Bastille Linux

4. Secure Remote Administration

     Why It's Time to Retire Cleartext Admin Tools

     Secure Shell Background and Basic Use

     Intermediate and Advanced SSH

5. OpenSSL and Stunnel

     Stunnel and OpenSSL: Concepts

6. Securing Domain Name Services (DNS)

     DNS Basics

     DNS Security Principles

     Selecting a DNS Software Package

     Securing BIND



7. Using LDAP for Authentication

     LDAP Basics

     Setting Up the Server

     LDAP Database Management



8. Database Security

     Types of Security Problems

     Server Location

     Server Installation

     Database Operation


9. Securing Internet Email

     Background: MTA and SMTP Security

     Using SMTP Commands to Troubleshoot and Test SMTP Servers

     Securing Your MTA



     Mail Delivery Agents

     A Brief Introduction to Email Encryption


10. Securing Web Servers

     Web Security

     The Web Server

     Web Content

     Web Applications

     Layers of Defense


11. Securing File Services

     FTP Security

     Other File-Sharing Methods


12. System Log Management and Monitoring



     Testing System Logging with logger

     Managing System Logfiles with logrotate

     Using Swatch for Automated Log Monitoring

     Some Simple Log-Reporting Tools


13. Simple Intrusion Detection Techniques

     Principles of Intrusion Detection Systems

     Using Tripwire

     Other Integrity Checkers



Appendix:. Two Complete iptables Startup Scripts