Index_S


S

Samba, 27, 137
Samba-3, 86
Sarbanes-Oxley (SOX) Act, 368
scanlogd, 266
scp, 221-222
script command, 89
security
acceptable use provisions, 377
advice for home use, 384
campaign, 374-386
computer-based training, 376
contests, 376
demonstrating user support, 384
determining return on investment (ROI), 365-381
e-mail provision, 377
evaluating and testing security program, 385
fact finding, 365-369
finalizing the policy, 380
forum, 382, 383
goals, 374-375
identifying what is needed, 375-376
industry standards, 371
industry statistics, 369-370
information classification, 377
information security standards, 374-375
involving management, 372
Linux Standards Base implications, 136-137
lunch presentations, 376
maintaining security program, 385-386
management support for, 356-357
newsletters, 376
password and antivirus provision, 377
permissions, 130-133
policies, 376-382
policy overview, 379
POSIX access control lists, 130-137
posters , 375-376
remote access, 377
reviewing policies, 380-382
risk assessment, 357-364
sample policy, 381
scope of policy, 378-379
screensavers, 376
trinkets, 376
user acceptance and support, 382-384
websites , 375
writing the policy, 379-380
See also protocols
servers
centralized authentication servers, 172
documenting changes, 107
returning to the network, 46
setting up centralized servers, 275-285
taking off the network, 18-19
service command, 44
serviceconf tool, 36-38, 2 : 25
checking configuration for unnecessary services, 44
services
adding, 38-39
additional, 22-27
checking configuration for necessary services, 45-46
determining dependencies, 27-32
determining required services, 20-27
disabling unnecessary services, 17-46
installing to the chroot directory, 198-205
looking for in memory, 45-46
preventing from running, 32-43
probing, 45
purposes of, 23-27
Red Hat Enterprise Linux AS 3.0 services baseline, 20-21
removing, 39
SLES8 services baseline, 21-22
table of dependencies, 29-32
turning off unnecessary services from the command line, 40-43
See also necessary services; unnecessary services
sftp, 221
SGID files, 139-140
shred command, 146-147
shutdown command, 287
Single Loss Expectancy, 362-363
SLE, 362-363
SLES8
creating the network installation shared directory tree, 115-118
enabling firewall rules, 50
service pack 3, 117-118
services baseline, 21-22
startup scripts, 42
snapshot reports , 11
sndme process, 8
sniffers, 241
Ethereal, 252-255
ngrep, 241-244
tcpdump, 240, 245-252
Snort, 256
add-ons, 265
directories, 262
NIDS mode, 261-265
packet capture mode, 258-261
sniffing mode, 256-258
soft links, 42-43
software
determining dependencies, 86-89
identifying required software, 80-86
installing from source, 101-102
installing securely, 90-102
installing with Red Hat-specific tools, 93-94
installing with RPM, 100-101
installing with SUSE-specific tools, 91-93
monitoring systems, 102-103
removing or restricting unneeded software, 89-90
reputable sources of packages, 95
sample software list, 86
trusted, 91-94
using GPG to determine package integrity, 98-100
using MD5 to determine package integrity, 96-97
spec files, 199-201
example, 201-204
file instructions, 202
macro definitions, 202
tags, 201
SSH, 213
automating ssh-agent use, 220
initialization, 215
key fingerprint , 215
in lieu of unencrypted protocols, 214-216
port forwarding, 222-224
replacing r services and FTP with SSH equivalents, 220-222
secure automatic logins, 216-219
securing X connections, 224-225
ssh-agent, 216-220, 224
ssh-keygen, 214
virtual private networks, 225-228
warning message, 216
stability, checking, 11-13
startup scripts
altering, 33-40
turning on and off system services from, 42-43
stateful firewalls, 59-60
stateless firewalls, 59
status field, 10
sticky bit, 138-139
strace command, 190-192
stunnel , 277
checking for activity on the server, 281-283
copying certificates to /etc/stunnel, 279
creating stunnel configuration on the client, 280
creating stunnel configuration on the server, 279
starting manually, 281
SUID files, 139-140
SUSE
firewall configuration, 62-65
installing software with SUSE-specific tools, 91-93
package manager, 82, 92
stunnel, 277
updating and patching, 296-303
using YaST2 with, 34-36
swatch, 291
modifying to detect an Apache exploit, 292-293
modifying to detect an attack on the SSH daemon, 293-294
sync command, 43
sysctl interface, 135
syslog
activity component, 273-274
configuring the daemon, 271-274
priorities, 271, 272
priority modifiers, 271-273
selector component, 271-273
setting up centralized servers, 275-276
using logger command to send messages directly to the daemon, 283
syslog-ng , 277-278
checking for activity on the server, 281-283
creating syslog-ng configuration on the client, 280
creating syslog-ng configuration on the server, 280
starting manually, 281
Sys:Syslog, 284
system files, checking for potential damage, 9-11
System V Init type programs, 38-40



Hardening Linux
Hardening Linux
ISBN: 0072254971
EAN: 2147483647
Year: 2004
Pages: 113

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net