Securing & Optimizing Linux: The Hacking Solution
Format: PDF / Kindle (mobi) / ePub
This 3rd edition of the very popular title "Securing & Optimizing Linux" looks for security measures that go beyond firewalls and intrusion detection systems to anticipate and protect against upcoming threats. Securing & Optimizing Linux: The Hacking Solution: A hacker's guide to protect your Linux server designed for system administrators, managers, or Linux users who wish to protect their Linux systems from unauthorized intrusions and other external attacks. This new edition contains many tips and useful information related to security and optimization to help you get complete control of what could happen on your Linux server and network.
The book provides through its 47 chapters, a comprehensive collection of Linux security products and explains in the most simple and structured manner how to safely and easily configure and run many popular Linux-based applications and services, including Exim, Qmail, Apache 2, DHCP, Anti-Virus, Anti-Spam, Anti-Relaying, ProFTPD, and many others. The author of the book relentlessy searches and document new hacking solutions to bring you in this manual the most up-to-date security developments.
hidden directory or file in a user's account with an unusual name, something like '...' or '.. ' (dot dot space) or '..^G' (dot dot control-G). The find program can be used to look for hidden files. • To look for hidden files, use the following commands: [root@deep /]# find / -name ".. " -print -xdev [root@deep /]# find / -name ".*" -print -xdev | cat –v /etc/skel/.bash_logout /etc/skel/.bash_profile /etc/skel/.bashrc /etc/.pwd.lock /root/.bash_logout /root/.Xresources /root/.bash_profile
Multi-device support (RAID and LVM) * Multiple devices driver support (RAID and LVM) (CONFIG_MD) [N/y/?] Press Enter This option is required only for RAID and logical volume management (LVM). If you use them, then change the default value of N to become Y. * * Networking options * Packet socket (CONFIG_PACKET) [Y/n/?] Press Enter This option allows you to enable applications, which communicate directly with network devices without an intermediate network protocol implemented in the kernel like
option allows us to enable PPP support under Linux. PPP (Point to Point Protocol) is the protocol used by modern modems to establish a remote connection with your ISP. If you have a modem card installed on your system to make a remote connection with your ISP, then you need to answer Y to this question. If you don't use PPP to connect on the Internet, then you can safety say N here. In our example, we assume that you use another method, like a network interface, to connect to the Internet and say
system. Here we have to enter a GID number as the value, the default value is 1004 and we can keep it by pressing the [Enter] key. It is important to note that this GID should be added to any user for which the feature should be activated. See the next chapter of this book for more information about the procedures to follow. At this time you only need to accept the default value. 179 Kernel Security & Optimization 0 CHAPTER 6 Deny client sockets to group (CONFIG_GRKERNSEC_SOCKET_CLIENT)
the following command: [root@deep /]# fdformat /dev/fd0H1440 Double-sided, 80 tracks, 18 sec/track. Total capacity 1440 kB. Formatting ... done Verifying ... done Step 2 Copy the actual file “vmlinuz” from the /boot directory to the floppy disk: [root@deep /]# cp /boot/vmlinuz /dev/fd0H1440 cp: overwrite `/dev/fd0H1440'? y NOTE: The vmlinuz file is a symbolic link that points to the real Linux kernel. Step 3 Determine the kernel’s root device with the following command: [root@deep /]# rdev