John Terpstra, Paul Love,
Ronald P. Reck, Timothy Scanlon
New York Chicago San Francisco
Lisbon London Madrid Mexico City Milan
New Delhi San Juan Seoul Singapore Sydney Toronto
2100 Powell Street, 10th Floor
Emeryville, California 94608
To arrange bulk purchase discounts for sales promotions, premiums, or fund-raisers, please contact McGraw-Hill/ Osborne at the above address. For information on translations or book distributors outside the U.S.A., please see the International Contact Information page immediately following the index of this book.
Copyright 2004 by The McGraw-Hill Companies. All rights reserved. Printed in the United States of America. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication.
1234567890 CUS CUS 01987654
Publisher: Brandon A. Nordin
Vice President & Associate Publisher: Scott Rogers
Editorial Director: Tracy Dunkelberger
Project Editor: Julie M. Smith
Acquisitions Coordinator: Athena Honore
Technical Editor: Makan Pourzandi
Copy Editor: Lunaea Weatherstone
Proofreader: Linda Medoff
Indexer: Claire Splan
Composition: Apollo Publishing Services
Illustrators: Melinda Lytle, Kathleen Edwards
Series Design: Kelly Stanton-Scott, Peter F. Hancik
Cover Series Design: Theresa Havener
This book was composed with Corel VENTURA Publisher.
Information has been obtained by McGraw-Hill /Osborne from sources believed to be reliable. However, because of the possibility of human or mechanical error by our sources, McGraw-Hill /Osborne, or others, McGraw-Hill /Osborne does not guarantee the accuracy, adequacy, or completeness of any information and is not responsible for any errors or omissions or the results obtained from the use of such information.
This book is dedicated to the army of skilled people who have a vision for a world in which ideas may be freely communicated and where the application of those ideas can benefit all of society. The Linux operating system platform is one of the fruits of the exchange of such ideas, their implementation and ultimately their use the world over.This book can not cover everything that is to be known about securing Linux, but without input from many generous folks who gave their time and who continue to take great care and have pride in their efforts this book could not be a powerful tool in helping you to secure your Linux servers.
For my wife, my children, and John and Bill.
Your presence in my life has been my inspiration.
I would like to dedicate my work to my wife and best friend
Olga M. Lorincz-Reck, and to my mother Dr. Ruth A Reck.
Ronald P. Reck
I would like to dedicate my work to my parents
and siblings. You guys are the best.
About the Authors
John Terpstra is the CTO/President of PrimaStasys, Inc., a company that mentors information technology companies and facilitates profitable change in business practices. He is a member of the formation committee of the Desktop Linux Consortium, a long term member of the Samba Team (a major Open Source project), and a well known contributor and visionary in the open source community with a very active commercial focus. He is a member of the Open Source Software Institute Advisory Board. He has worked with the Linux Standard Base, Li18nux (now OpenI18N.Org), the Linux Professional Institute, and is a best selling author of The Official Samba-3 HOWTO and Reference Guide, and Samba-3 by Example: Practical Exercises to Successful Deployment by Prentice Hall.
John has worked with The SCO Group (previously Caldera Inc.) and Turbolinux Inc. in VP level positions . Prior to moving to the USA in 1999, John founded Aquasoft Pty Ltd (Aust.) and managed the group for 10 years . He has a Graduate Diploma in Marketing (with Credit), UTS Aust. and an Applied Science Certificate in Chemistry, QUT (Aust.).
Paul Love , CISSP, CISA, CISM, Security+, has been in the IT field for 15 years. Paul holds a Master of Science degree in Network Security and a Bachelor's degree in Information Systems. He has been the technical editor for over 10 best selling Linux and Unix books, and ran a successful Linux portal site during the dot com era. Paul is currently a Security Manager at a large utilities service provider.
Ronald P. Reck was raised and educated in the Detroit Metropolitan area and on occasion has enough time to miss the friends and culture of the place he still calls home. He is formally trained in theoretical syntax and remains fascinated by language and what it reveals about being human. A passion for linguistics and intensity with computers afford him gainful employment using Perl, XML, and Semantic Web technologies running, of course, under *nix. He prides himself on developing scalable, open source architectural strategies for difficult problems. He resides near our nation's capital with his lovely wife Olga and two cats.
Timothy Scanlon is an IT industry veteran who has worked in the US and internationally on a variety of IT and security projects. He has done work in the public and private sectors for a number of Fortune 500 firms, as well as startups like UUNet. In the public sector he has worked as a civilian contractor at various R&D facilities, departments, and branches. His professional interests include cryptography, application & infrastructure design, security, games theory, and simulation and modeling. He thinks that Linux has come a long way from the days when it would all fit on a few floppies.
About the Contributors
Mike Shema is Director of Research and Development at NT Objectives, where he focuses on assessment and mitigation strategies for web application security. During Mike's previous work as a consultant he performed network penetration tests, Web Application security assessments, and wireless network security audits . His experience with Web application security led to co-authoring Hacking Exposed: Web Applications and authoring Hack Notes: Web Application Security. He also co- authored The Anti-Hacker Toolkit, now in its second edition. He also finds enough time to squeeze in a role-playing game or board game every now and then.
Paul Robertson has been in information technology and security over 20 years; highlights include being stationed at the White House while in the United States Army and putting USA Today s website on the Internet. Paul currently helps manage risk for hundreds of corporate clients at TruSecure , and he participates in computer forensics, advocating www.personalfirewallday.org and moderating the Firewall-Wizards Mailing List.
About the Technical Editor
Makan Pourzandi received his Ph. D. degree on parallel and distributed computing in 1995 from the University of Lyon, France. He works for Ericsson Research Canada in the Open Systems Lab Department. He has more than 25 publications in technical reviews and scientific conferences. He first began working with Linux 9 years ago and is involved in several Open Source projects. He was the editor for security requirements for Carrier-Grade Linux Server (CGL) 2.0 and is member of the working group for security requirements for CGL 3.0 from Open Source Development Lab (OSDL).
About the Series Editor
Roberta Bragg (Grain Valley, MO), CISSP, MCSE:Security, MVP, Security+, ETI -Client Server, Certified Technical Trainer, IBM Certified Trainer, DB2-UDB, Citrix Certified Administrator, has been a Security Advisor columnist for MCP magazine for six years, is a Security Expert for searchWin2000.com, and writes for the Security Watch newsletter, which has over 55,000 subscribers. Roberta designed, planned, produced, and participated in the first Windows Security Summit, held in Seattle, WA in 2002. Roberta is the author and presenter of the Windows Security Academy, a three-day hands-on secure network-building workshop. She has taught for SANS and MIS. She was selected by Microsoft to present the IT Professional advanced track for their 2004 Security Summits. Roberta is a Security Evangelist, traveling all over the world consulting, assessing, and training in network and Windows security issues. She is featured in the Cool Careers for Girls book series by Ceel Pasternak and Linda Thornburg. Roberta has served as adjunct faculty member at Seattle Pacific University and the Johnson County Community College, teaching courses on Windows 2000 Security Design and Network Security Design. Roberta is the author of the MCSE Self-Paced Training Kit (Exam 70-298): Designing Security for a Microsoft Windows Server 2003 Network . Roberta is the lead author of McGraw-Hill/Osborne s Network Security: The Complete Reference . She has written on SQL Server 2000, CISSP, and Windows Security for QUE and New Riders.