Chris Binnie - Linux Server Security

Linux Server Security: Hack and Defend

Published by

John Wiley & Sons, Inc.

10475 Crosspoint Boulevard

Indianapolis, IN 46256

www.wiley.com

Copyright 2016 by John Wiley & Sons, Inc., Indianapolis, Indiana

Published simultaneously in Canada

ISBN: 978-1-119-27765-1

ISBN: 978-1-119-27767-5 (ebk)

ISBN: 978-1-119-27764-4 (ebk)

No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.

Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or website may provide or recommendations it may make. Further, readers should be aware that Internet websites listed in this work may have changed or disappeared between when this work was written and when it is read.

For general information on our other products and services please contact our Customer Care Department within the United States at (877) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.

Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.

Library of Congress Control Number: 2016937233

Trademarks: Wiley and the Wiley logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. Linux is a registered trademark of Linus Torvalds. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.

I was terrible at school. I failed maths so many times, I can't even count.

Stewart Francis

Chris Binnie is a technical consultant who has worked online with Linux systems for almost two decades. During his career, he has deployed many servers in the cloud and on banking and government server estates. As well as building an autonomous system network in 2005 and serving HD video to 77 countries via a media streaming platform that he architected and built, he has written for Linux Magazine and ADMIN Magazine for a number of years. Outside of work, Chris enjoys the outdoors, watching Liverpool FC, and extolling the virtues of the unerring Ockham's razor.

Rob Shimonski (www.shimonski.com) is an experienced entrepreneur and an active participant in the business community. Rob is a best-selling author and editor with over 20 years' experience developing, producing, and distributing print media in the form of books, magazines, and periodicals. To date, Rob has successfully helped create over 100 books that are currently in circulation. Rob has worked for countless clients, including Wiley Publishing, Pearson Education, CompTIA, Entrepreneur magazine, Microsoft, McGraw-Hill Education, Cisco, and the National Security Agency. Rob is also an expert-level architect with deep technical experience in protocol capture and analysis, and the engineering of Windows and Unix systems.

1. Project Editor
2. Adaobi Obi Tulton
3. Technical Editor
4. Rob Shimonski
5. Production Editor
6. Dassi Zeidel
7. Copy Editor
8. Marylouise Wiack
9. Production Manager
10. Katie Wisor
11. Manager of Content Development and Assembly
12. Mary Beth Wakefield
13. Marketing Managers
14. Lorna Mein
15. Carrie Sherrill
16. Professional Technology & Strategy Director
17. Barry Pruett
18. Business Manager
19. Amy Knies
20. Executive Editor
21. Jim Minatel
22. Project Coordinator, Cover
23. Brent Savage
24. Proofreader
25. Kathy Pope, Word One New York
26. Indexer
27. Johnna VanHoose Dinse
28. Cover Designer
29. Wiley
30. Cover Image
31. TCmake/Getty Images, Inc.

There's little question that the knowledge required to secure systems and networks in an effective manner needs to be continually kept up to date. However, not all technical professionals want to become full-fledged security professionals; instead, they prefer to focus on other areas, despite their role demanding many of the required skills.

It seems like every other day the news reports another sensational attack and makes those working in the field count themselves lucky that their clients weren't the target. As our reliance on responsive connectivity and well-written software grows, so do the rewards for successfully compromising an online service.

The intention of this book is to offer a broad overview of both system and network threats. Rather than focus on one specific facet of online security, my aim is to examine a number of diverse areas, providing you, the reader, with enough knowledge so that you may pursue, in greater detail, those that interest you. Each of the chapters in this book explores aspects of security that I have found interesting on my journey as an Internet user, which, somewhat worryingly, now spans almost two decades.

The diversity of the subjects within this book will hopefully help you to secure your online services and also provide you the opportunity to experiment with common tools that hackers use. This is intended to benefit everyone, helping technical professionals to gain a better understanding of how attackers will identify and then try to exploit the vulnerabilities of a system or network. Elements of the knowledge contained in this book can be wielded to devastate online services, steal data, and reveal encrypted passwords. With great power