Tevault - Mastering Linux Security and Hardening

Copyright 2018 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Commissioning Editor: Vijin Boricha
Acquisition Editor: Rohit Rajkumar
Content Development Editor: Devika Battike
Technical Editor: Mohd Riyan Khan
Copy Editors: Safis Editing , Dipti Mankame
Project Coordinator: Judie Jose
Proofreader: Safis Editing
Indexer: Pratik Shirodkar
Graphics: Tania Dutta
Production Coordinator: Deepika Naik

First published: January 2018

Production reference: 1090118

Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham
B3 2PB, UK.

ISBN 978-1-78862-030-7

www.packtpub.com

Mapt is an online digital library that gives you full access to over 5,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career. For more information, please visit our website.

• Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals

• Improve your learning with Skill Plans built especially for you

• Get a free eBook or video every month

• Mapt is fully searchable

• Copy and paste, print, and bookmark content

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at service@packtpub.com for more details.

At www.PacktPub.com , you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks.

Donald A. Tevaultbut you can call him Donniegot involved with Linux way back in 2006, and has been working with it ever since. He holds the Linux Professional Institute Level 3Security certification, and the GIAC Incident Handler certification. Donnie is a professional Linux trainer, and thanks to the magic of the internet, teaches Linux classes literally the world over from the comfort of his living room.

Salman Aftab has 10+ years of experience in Linux and 7+ years of experience in networks and security. He authored the book Linux Security and Unified Threat Management System.

Salman is an owner of the Linux Zero To Hero project, where he teaches Linux from very basic to advanced level free of cost. He is skilled in Linux, AWS, Networks and Security, and VOIP. He is RHCE trained and holds NCLA, SCNS, CEH, 3 X CCNA, CCNA Security, CCNA Voice, CCNP Security, CCNP, and OSCP is in progress.

If you're interested in becoming an author for Packt, please visit authors.packtpub.com and apply today. We have worked with thousands of developers and tech professionals, just like you, to help them share their insight with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea.

In this book, we'll cover security and hardening techniques that apply to any Linux-based server or workstation. Our goal is to make it harder for the bad guys to do nasty things to your systems.

We're aiming this book at Linux administrators in general, whether or not they specialize in Linux security. The techniques that we present can be used on either Linux servers or on Linux workstations.

We assume that our target audience has had some hands-on experience with the Linux command line, and has the basic knowledge of Linux Essentials.

, Running Linux in a Virtual Environment, gives an overview of the IT security landscape, and will inform the reader of why learning Linux security would be a good career move. We'll also cover how to set up a lab environment for performing hands-on exercises. We'll also show how to set up a virtualized lab environment for performing the hands-on labs.

, Securing User Accounts, covers the dangers of always using the root user account, and will introduce the benefits of using sudo, instead. We'll then cover how to lock down normal user accounts, and ensure that the users use good-quality passwords.

, Securing Your Server with a Firewall, involves working with the various types of firewall utilities.

, Encrypting and SSH Hardening, makes sure that important informationboth at rest and in transitare safeguarded with proper encryption. For data-in-transit, the default Secure Shell configuration is anything but secure, and could lead to a security breach if left as is. This chapter shows how to fix that.

, Mastering Discretionary Access Control, covers how to set ownership and permissions on files and directories. We'll also cover what SUID and SGID can do for us, and the security implications of using them. We'll wrap things up by covering Extended File Attributes.

, Access Control Lists and Shared Directory Management, explains that normal Linux file and directory permissions settings aren't very granular. With Access Control Lists, we can allow only a certain person to access a file, or we can allow multiple people to access a file with different permissions for each person. We're also going to put what we've learned together in order to manage a shared directory for a group.