Linux Server Security, Second Edition
作者:Michael D. Bauer
出版日期:January 2005
页数:542
ISBN:Michael D. Bauer
本书永久链接:http://www.ppurl.com/2009/12/linux-server-security-second-edition.html
共享用户信息
 |
|
书籍简介
Linux consistently appears high up in the list of popular Internet servers, whether it’s for the Web, anonymous FTP, or general services such as DNS and delivering mail. But security is the foremost concern of anyone providing such a service. Any server experiences casual probe attempts dozens of time a day, and serious break-in attempts with some frequency as well. This highly regarded book, originally titled Building Secure Servers with Linux, combines practical advice with a firm knowledge of the technical tools needed to ensure security. The book focuses on the most common use of Linux–as a hub offering services to an organization or the Internet–and shows readers how to harden their hosts against attacks. An all-inclusive resource for Linux users who wish to harden their systems, Linux Server Security covers general security such as intrusion detection and firewalling a hub, as well as key services such as DNS, the Apache Web server, mail, and secure shell. Author Michael D. Bauer, a security consultant, network architect, and lead author of the popular Paranoid Penguin column in the Linux Journal, carefully outlines the security risks, defines precautions that can minimize those risks, and offers recipes for robust security. He is joined on several chapters by administrator and developer Bill Lubanovic. A number of new security topics have been added for this edition, including:
- Database security, with a focus on MySQL
- Using OpenLDAP for authentication
- An introduction to email encryption
- The Cyrus IMAP service, a popular mail delivery agent
- The vsftpd FTP server
Geared toward Linux users with little security expertise, the author explains security concepts and techniques in clear language, beginning with the fundamentals. Linux Server Security with Linux provides a unique balance of “big picture” principles that transcend specific software packages and version numbers, and very clear procedures on securing some of those software packages on several popular distributions. With this book in hand, you’ll have both the expertise and the tools to comprehensively secure your Linux system.
+ 展开目录dedication Dedication
Preface
What This Book Is About
The Paranoid Penguin Connection
The Second Edition
Audience
What This Book Doesn't Cover
Assumptions This Book Makes
Organization of This Book
Conventions Used in This Book
Safari® Enabled
How to Contact Us
Using Code Examples
Acknowledgments
Chapter 1. Threat Modeling and Risk Management
Section 1.1. Components of Risk
Section 1.2. Simple Risk Analysis: ALEs
Section 1.3. An Alternative: Attack Trees
Section 1.4. Defenses
Section 1.5. Conclusion
Section 1.6. Resources
Chapter 2. Designing Perimeter Networks
Section 2.1. Some Terminology
Section 2.2. Types of Firewall and DMZ Architectures
Section 2.3. Deciding What Should Reside on the DMZ
Section 2.4. Allocating Resources in the DMZ
Section 2.5. The Firewall
Chapter 3. Hardening Linux and Using iptables
Section 3.1. OS Hardening Principles
Section 3.2. Automated Hardening with Bastille Linux
Chapter 4. Secure Remote Administration
Section 4.1. Why It's Time to Retire Cleartext Admin Tools
Section 4.2. Secure Shell Background and Basic Use
Section 4.3. Intermediate and Advanced SSH
Chapter 5. OpenSSL and Stunnel
Section 5.1. Stunnel and OpenSSL: Concepts
Chapter 6. Securing Domain Name Services (DNS)
Section 6.1. DNS Basics
Section 6.2. DNS Security Principles
Section 6.3. Selecting a DNS Software Package
Section 6.4. Securing BIND
Section 6.5. djbdns
Section 6.6. Resources
Chapter 7. Using LDAP for Authentication
Section 7.1. LDAP Basics
Section 7.2. Setting Up the Server
Section 7.3. LDAP Database Management
Section 7.4. Conclusions
Section 7.5. Resources
Chapter 8. Database Security
Section 8.1. Types of Security Problems
Section 8.2. Server Location
Section 8.3. Server Installation
Section 8.4. Database Operation
Section 8.5. Resources
Chapter 9. Securing Internet Email
Section 9.1. Background: MTA and SMTP Security
Section 9.2. Using SMTP Commands to Troubleshootand Test SMTP Servers
Section 9.3. Securing Your MTA
Section 9.4. Sendmail
Section 9.5. Postfix
Section 9.6. Mail Delivery Agents
Section 9.7. A Brief Introduction to Email Encryption
Section 9.8. Resources
Chapter 10. Securing Web Servers
Section 10.1. Web Security
Section 10.2. The Web Server
Section 10.3. Web Content
Section 10.4. Web Applications
Section 10.5. Layers of Defense
Section 10.6. Resources
Chapter 11. Securing File Services
Section 11.1. FTP Security
Section 11.2. Other File-Sharing Methods
Section 11.3. Resources
Chapter 12. System Log Management and Monitoring
Section 12.1. syslog
Section 12.2. Syslog-ng
Section 12.3. Testing System Logging with logger
Section 12.4. Managing System Logfiles with logrotate
Section 12.5. Using Swatch for Automated Log Monitoring
Section 12.6. Some Simple Log-Reporting Tools
Section 12.7. Resources
Chapter 13. Simple Intrusion Detection Techniques
Section 13.1. Principles of Intrusion Detection Systems
Section 13.2. Using Tripwire
Section 13.3. Other Integrity Checkers
Section 13.4. Snort
Section 13.5. Resources
Appendix A. Two Complete iptables Startup Scripts
Colophon
Index
