更新时间:2021-07-02 19:20:00
封面
版权信息
Packt Upsell
Why subscribe?
PacktPub.com
Contributors
About the author
About the reviewer
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Reviews
Running Linux in a Virtual Environment
The threat landscape
So how does this happen?
Keeping up with security news
Introduction to VirtualBox and Cygwin
Installing a virtual machine in VirtualBox
The EPEL repository on the CentOS virtual machine
Configuring a network for VirtualBox virtual machines
Creating a virtual machine snapshot with VirtualBox
Using Cygwin to connect to your virtual machines
Installing Cygwin on your Windows host
Summary
Securing User Accounts
The dangers of logging in as the root user
The advantages of using sudo
Setting up sudo privileges for full administrative users
Method 1 – adding users to a predefined admin group
Method 2 – creating an entry in the sudo policy file
Setting up sudo for users with only certain delegated privileges
Hands-on lab for assigning limited sudo privileges
Advanced tips and tricks for using sudo
The sudo timer
Hands-on lab for disabling the sudo timer
Preventing users from having root shell access
Preventing users from using shell escapes
Preventing users from using other dangerous programs
Limiting the user's actions with commands
Letting users run as other users
Locking down users' home directories the Red Hat or CentOS way
Locking down users' home directories the Debian/Ubuntu way
useradd on Debian/Ubuntu
adduser on Debian/Ubuntu
Hands-on lab for configuring adduser
Enforcing strong password criteria
Installing and configuring pwquality
Hands-on lab for setting password complexity criteria
Setting and enforcing password and account expiration
Configuring default expiry data for useradd – for Red Hat or CentOS only
Setting expiry data on a per-account basis with useradd and usermod
Setting expiry data on a per-account basis with chage
Hands-on lab for setting account and password expiry data
Preventing brute-force password attacks
Configuring the pam_tally2 PAM module
Hands-on lab for configuring pam_tally2
Locking user accounts
Using usermod to lock a user account
Using passwd to lock user accounts
Locking the root user account
Setting up security banners
Using the motd file
Using the issue file
Using the issue.net file
Securing Your Server with a Firewall
An overview of iptables
Basic usage of iptables
Hands-on lab for basic iptables usage
Uncomplicated Firewall for Ubuntu systems
Basic usage of ufw
Hands-on lab for basic ufw usage
firewalld for Red Hat systems
Verifying the status of firewalld
firewalld zones
firewalld services
Adding ports to a firewalld zone
firewalld rich language rules
Hands-on lab for firewalld commands
nftables – a more universal type of firewall system
nftables tables and chains
Getting started with nftables
Using nft commands
Hands-on lab for nftables on Ubuntu
Encrypting and SSH Hardening
GNU Privacy Guard
Creating your GPG keys
Symmetrically encrypting your own files
Hands-on lab – combining gpg and tar for encrypted backups
Using private and public keys for asymmetric encryption and signing
Signing a file without encryption
Encrypting partitions with Linux Unified Key Setup – LUKS
Disk encryption during operating system installation
Adding an encrypted partition with LUKS
