Linux Essentials for Cybersecurity

ALL YOU NEED TO KNOW TO SECURE LINUX SYSTEMS, NETWORKS, APPLICATIONS, AND DATA–IN ONE BOOK From the basics to advanced techniques: no Linux security experience necessary Realistic examples & step-by-step activities: practice hands-on without costly equipment The perfect introduction to Linux-based security for all students and IT professionals Linux distributions are widely used to support mission-critical applications and manage crucial data. But safeguarding modern Linux systems is complex, and many Linux books have inadequate or outdated security coverage. Linux Essentials for Cybersecurity is your complete solution. Leading Linux certification and security experts William “Bo” Rothwell and Dr. Denise Kinsey introduce Linux with the primary goal of enforcing and troubleshooting security. Their practical approach will help you protect systems, even if one or more layers are penetrated. First, you’ll learn how to install Linux to achieve optimal security upfront, even if you have no Linux experience. Next, you’ll master best practices for securely administering accounts, devices, services, processes, data, and networks. Then, you’ll master powerful tools and automated scripting techniques for footprinting, penetration testing, threat detection, logging, auditing, software management, and more. To help you earn certification and demonstrate skills, this guide covers many key topics on CompTIA Linux+ and LPIC-1 exams. Everything is organized clearly and logically for easy understanding, effective classroom use, and rapid on-the-job training. LEARN HOW TO: Review Linux operating system components from the standpoint of security Master key commands, tools, and skills for securing Linux systems Troubleshoot common Linux security problems, one step at a time Protect user and group accounts with Pluggable Authentication Modules (PAM), SELinux, passwords, and policies Safeguard files and directories with permissions and attributes Create, manage, and protect storage devices: both local and networked Automate system security 24/7 by writing and scheduling scripts Maintain network services, encrypt network connections, and secure network-accessible processes Examine which processes are running–and which may represent a threat Use system logs to pinpoint potential vulnerabilities Keep Linux up-to-date with Red Hat or Debian software management tools Modify boot processes to harden security Master advanced techniques for gathering system information

Table of Contents:
Introduction xxix Part I: Introducing Linux 2 Chapter 1 Distributions and Key Components 4     Introducing Linux 4     Linux Distributions 5         Shells 6         GUI Software 7     Installing Linux 7         Which Distro? 8         Native or Virtual Machine? 9         Installing a Distro 10     Summary 12         Key Terms 12         Review Questions 12 Chapter 2 Working on the Command Line 14     File Management 14         The Linux Filesystem 14         Command Execution 16         The pwd Command 16         The cd Command 16         The ls Command 17         File Globbing 18         The file Command 19         The less Command 19         The head Command 19         The tail Command 20         The mdkir Command 20         The cp Command 20         The mv Command 21         The rm Command 21         The rmdir Command 22         The touch Command 22     Shell Features 22         Shell Variables 22         Initialization Files 27         Alias 28         Command History 29         Redirecting Input and Output 30     Advanced Commands 33         The find Command 33         Regular Expressions 35         The grep Command 36         The sed Command 37         Compression Commands 38     Summary 40         Key Terms 40         Review Questions 41 Chapter 3 Getting Help 42     Man Pages 42         Man Page Components 42         Man Page Sections 43         Man Page Locations 46     Command Help Options 46     The help Command 46     The info Command 47     The /usr/share/doc Directory 48     Internet Resources 49     Summary 50         Key terms 50         Review Questions 51 Chapter 4 Editing Files 52     The vi Editor 52         What Is vim? 53         Essential vi Commands 54         Use Basic vi Modes 54         Entering the Insert Mode 55         Movement Commands 56         Repeater Modifiers 57         Undoing 57         Copying, Deleting, and Pasting 58         Finding Text 59         Find and Replace 60         Saving and Quitting 61         Expand Your vi Knowledge 62     Additional Editors 63         Emacs 63         gedit and kwrite 65         nano and joe 65         lime and bluefish 65     Summary 66         Key Terms 66         Review Questions 66 Chapter 5 When Things Go Wrong 68     The Science of Troubleshooting 68         Step 1: Gathering Information 69         Step 2: Determine the Likely Cause 70         Step 3: Document Your Plan of Attack (POA) 71         Step 4: Perform the Actions 71         Steps 5 and 6: Is the Problem Solved? 71         Step 7: Are There Other Problems? 71         Step 8: Store the Documentation 72         Step 9: Prevent Future Problems 72     Notifying Users 72         Pre- and Post-login Messages 72         Broadcasting Messages 77     Summary 79         Review Questions 79 Part II: User and Group Accounts 80 Chapter 6 Managing Group Accounts 82     What Are Groups Used For? 82         Primary versus Secondary Groups 82         The /etc/group File 84         Special Groups 85         User Private Groups 86         The /etc/gshadow File 88     Managing Groups 90         Creating Groups 90         Modifying Groups 91         Deleting Groups 91         Adding Users to Groups 92         Group Administrators 93     Summary 93         Key Terms 93         Review Questions 94 Chapter 7 Managing User Accounts 96     The Importance of User Accounts 96         User Account Information 96         The /etc/passwd File 97         Special Users 98         The /etc/shadow File 99     Managing Users 102         Creating Users 102         Modifying Users 105         Managing GECOS 105         Deleting Users 107         Restricted Shell Accounts 107     Network-Based User Accounts 108     Using su and sudo 108     Restricting User Accounts 111     Summary 116         Key Terms 116         Review Questions 117 Chapter 8 Develop an Account Security Policy 118     Introducing Kali Linux 118     Security Principles 119     Creating a Security Policy 120     Securing Accounts 120         Physical Security 120         Educating Users 121         Account Security 121     Security Tools 124         The john and Johnny Tools 124         The hydra tool 125     Summary 126         Review Questions 126 Part III File and Data Storage 128 Chapter 9 File Permissions 130     Standard Permissions 130         Viewing Permissions 130         Files Versus Directories 131         Changing Permissions 131     Default Permissions 132     Special Permissions 134         SUID 134         SGID 136         Sticky Bit 138     Access Control Lists (ACLs) 139         The mask Value 141         Default ACLs 141     Changing Ownership 143         chown 143         chgrp 144     File Attributes 145     Introduction to SELinux 146         Users Create Security Holes 146         Daemon Processes Create Security Holes 146         SELinux Essentials 147     Summary 149         Key Terms 150         Review Questions 150 Chapter 10 Manage Local Storage: Essentials 152     Filesystem Essentials 152         Partitions 152         Filesystems 153         Why So Many Partitions/Filesystems? 154         Which Partitions/Filesystems Should Be Created? 155     Filesystem Types 155         Managing Partitions 156         Ext-Based Filesystem Tools 161         Xfs-Based Filesystem Tools 166     Additional Filesystem Tools 170         du 170         df 170     Mounting Filesystems 170         The umount Command 171         The mount Command 171         Mounting Filesystems Manually 173         Problems Unmounting Filesystems 174         Mounting Filesystems Automatically 175         Device Descriptors 176         Mount Options 177         Mounting Removable Media 179         Swap Space 179         Creating Swap Devices 180     Summary 181         Key Terms 181         Review Questions 181 Chapter 11 Manage Local Storage: Advanced Features 184     Encrypted Filesystems 184     Managing autofs 186     Logical Volume Manager 189         Logical Volume Manager Concepts 190         LVM Essentials 192         Using Logical Volumes and Additional LVM Commands 197         Resizing Logical Volumes 201         LVM Snapshots 204     Disk Quotas 206         Setting Up a Disk Quota for a Filesystem 207         Editing, Checking, and Generating User Quota Reports 207     Hard and Soft Links 210         Why Use Links? 211         Creating Links 211         Displaying Linked Files 212     Summary 212         Key Terms 212         Review Questions 212 Chapter 12 Manage Network Storage 214     Samba 214         SAMBA Configuration 215         SAMBA Server 218         SAMBA Accounts 220         Accessing SAMBA Servers 221     Network File System 223         Configuring an NFS Server 224         Configuring an NFS Client 229         iSCSI 230     Summary 236         Key Terms 236         Review Questions 236 Chapter 13 Develop a Storage Security Policy 240     Developing the Plan 240     Backing Up Data 241         Creating a Backup Strategy 241         Standard Backup Utilities 246         Third-party Backup Utilities 250     Summary 250         Key Terms 251         Review Questions 251 Part IV: Automation 252 Chapter 14 crontab and at 254     Using crontab 254         Configure User Access to the cron Service 256         /etc/crontab 258         /etc/anacrontab 260     Using at 261         atq 261         atrm 262         Configure User Access to at Services 262     Summary 263         Key Terms 263         Review Questions 263 Chapter 15 Scripting 264     Linux Programming 264         BASH Shell Scripting 265         Perl Scripting 265         Python Scripting 266     Basics of BASH Scripting 268         Conditional Expressions 269     Flow Control Statements 271         The while Loop 272         The for Loop 272         Loop Control 272         The case Statement 272     User Interaction 273     Using Command Substitution 274     Additional Information 274     Summary 274         Key Terms 274         Review Questions 275 Chapter 16 Common Automation Tasks 276     Exploring Scripts that Already Exist on Your System 276         The /etc/cron.* Directories 276         Repositories 279     Creating Your Own Automation Scripts 280     Summary 281         Key Terms 281         Review Questions 281 Chapter 17 Develop an Automation Security Policy 282     Securing crontab and at 282     Securing BASH Scripts 283         Access to Scripts 283         Script Contents 284         Dealing with Data 284         Shell Settings 284         Shell Style 285     Summary 285         Review Questions 285 Part V: Networking 286 Chapter 18 Networking Basics 288     Network Terminology 288     IPv4 Versus IPv6 290     IPv4 Addresses 292         Determining a Network Address from an IP Address and Subnet 293         Private IP Addresses 294     Common Protocol Suites 294     Network Ports 295     Summary 297         Key Terms 297         Review Questions 297 Chapter 19 Network Configuration 298     Ethernet Network Interfaces 298         Displaying Ethernet Port Configurations 299         Changing Ethernet Port Settings 300         Network Configuration Tools 301         The arp Command 302         The route Command 303         The ip Command 304         The hostname Command 305         The host Command 305         The dig Command 306         The netstat Command 307     Persistent Network Configurations 307         The /etc/hostname File (Universal) 307         The /etc/hosts File (Universal) 307         The /etc/resolv.conf File (Universal) 308         The /etc/nsswitch.conf File (Universal) 308         The /etc/sysctl.conf File (Universal) 309         The /etc/sysconfig/network File (Red Hat) 310         The /etc/sysconfig/network-scripts/ifcfg-interface-name Files (Red Hat) 310         The /etc/network/interfaces File (Debian) 311     Network Troubleshooting Commands 311         The ping Command 311         The traceroute Command 312         The netcat Command 313     Access to Wireless Networks 314         The iwconfig Command 314         The iwlist Command 315     Summary 316         Key Terms 316         Review Questions 317 Chapter 20 Network Service Configuration: Essential Services 318     DNS Servers 318         Essential Terms 319         How Name Resolution Works 320         Basic BIND Configuration 322     Zone Files 326         Zone File Basics 326         Zone File Entries in the /etc/named.conf File 327         Zone File Syntax 328         Zone Record Types 329         Putting It All Together 333         Slave BIND Servers 335         Testing the DNS Server 336         The dig Command 336     Securing BIND 337         Sending BIND to Jail 337         Split BIND Configuration 340         Transaction Signatures 341     DHCP Server 343         DHCP Configuration Basics 344         Configuring Static Hosts 346         DHCP Log Files 347     Email Servers 347         SMTP Basics 348         Configuring Postfix 349     Managing Local Email Delivery 353         procmail Basics 354         procmail Rules 355         procmail Examples 357         mbox and Maildir Formats 357     Remote Email Delivery 358         IMAP and POP Essentials 358         The Dovecot Server 359     Summary 362         Key Terms 362         Review Questions 362 Chapter 21 Network Service Configuration: Web Services 364     Apache Web Server 364     Basic Apache Web Server Configuration 365         Starting the Apache Web Server 366         Apache Web Server Log Files 367         Enable Scripting 367     Apache Web Server Security 370         Essential Settings 370         User Authentication 372     Virtual Hosts 372         Configuring IP-Based Virtual Hosts 373         Configuring Name-Based Virtual Hosts 373     HTTPS 374         SSL Essentials 375         SSL Issues 375         Self-Signing 376     SSL and Apache 376         SSL Server Certificate 377         Apache SSL Directives 381     Proxy Servers 382         Tunneling Proxy 383         Forward Proxy 383         Reverse Proxy 383         Squid Basics 384         Nginx Configuration 387         Client Configuration 389     Summary 391         Key Terms 391         Review Questions 391 Chapter 22 Connecting to Remote Systems 394     LDAP 394         Key LDAP Terms 395         The slapd.conf File 397         Starting the LDAP Server 399         OpenLDAP Objects 401         OpenLDAP Schemas 401         OpenLDAP Database Changes 402         Using the ldapdelete Command 404         Using the ldapsearch Command 405         Using the ldappasswd Command 407         Connecting to an LDAP Server 408     FTP Servers 408         Configuring vsftpd 409         Connecting to an FTP server 412     Secure Shell 415         Configuring the Secure Shell Server 416         Secure Shell Client Commands 418         Advanced SSH Features 421     Summary 423         Key Terms 423         Review Questions 423 Chapter 23 Develop a Network Security Policy 426     Kernel Parameters 426         The /etc/sysctl.conf File 426         Ignoring ping Requests 427         Ignoring Broadcast Requests 428         Enabling TCP SYN Protection 428         Disabling IP Source Routing 428     TCP Wrappers 428     Network Time Protocol 430         Setting the System Clock Manually 430         Setting the System Time Zone Manually 432         Setting the System Date Using NTP 434     Summary 436         Key Terms 436         Review Questions 436 Part VI: Process and Log Administration 438 Chapter 24 Process Control 440     Viewing Processes 440         The ps Command 440         The pgrep Command 442         The top Command 442         The uptime Command 444         The free Command 445     Running Processes 445         Pausing and Restarting Processes 446     Killing Processes 447         The kill Command 447         The pkill Command 448         The killall Command 448         The xkill Command 449     The nohup Command 450     Process Priority 450         The nice Command 450         The renice Command 450     Summary 451         Key Terms 451         Review Questions 451 Chapter 25 System Logging 452     Syslog 452         The syslogd Daemon 452         The /var/log Directory 453         The /etc/syslog.conf File 454         Creating Your Own /etc/syslog.conf Entry 457     The logrotate Command 458         The /etc/logrotate.conf File 458     The journalctl Command 459         The /etc/systemd/journald.conf file 460     Summary 461         Key Terms 461         Review Questions 461 Part VII: Software Management 462 Chapter 26 Red Hat—Based Software Management 464     Red Hat Packages 464         How to Obtain Packages 465         The /var/lib/rpm Directory 465     Using the rpm Command 466         Listing rpm Information 466         Installing Packages with rpm 472         Removing Packages with rpm 474         rpm2cpio 475     The yum Command 475         Repositories 475         Using the yum Command 477     Additional Tools 484     Summary 484         Key Terms 485         Review Questions 485 Chapter 27 Debian-Based Software Management 486     Managing Packages with dpkg 486         Listing Package Information with dpkg 486         Installing Software with dpkg 489         Reconfiguring Software with dpkg 490         Extracting Files from a Debian Package 490         Removing Packages with the dpkg Command 491     Managing Packages with APT 492         APT Repositories 492         Creating a Source Repository 494     Listing Package Information with APT Commands 494         Installing Packages with APT Commands 496         Removing Packages with APT Commands 499         Additional APT Features 500     Summary 500         Key Terms 500         Review Questions 500 Chapter 28 System Booting 502     Phases of the Boot Process 502         The BIOS/UEFI Phase 502         The Bootloader Phase 503         The Kernel Phase 503         The Post-Kernel Phase 504     GRUB 504         Legacy GRUB Configuration 504         GRUB 2 Configuration 512     Kernel Components 517         Kernel Documentation 517         Tweaking the Kernel 517         Kernel Images 518         Kernel Modules 519         The /proc/sys Filesystem 526     The init Phase 528         Configuring Systemd 528     Summary 531         Key Terms 531         Review Questions 532 Chapter 29 Develop a Software Management Security Policy 534     Ensuring Software Security 534         Keep Packages Up to Date 534         Consider Removing Unnecessary Packages 535         Ensure You Install from Trusted Sources 536         CVE 537         Distribution-Specific Security Alerts 538     xinetd 539     Summary 540         Key Terms 540         Review Questions 541 Part VIII: Security Tasks 542 Chapter 30 Footprinting 544     Understanding Footprinting 544     Common Footprinting Tools 545         The nmap Command 545         The netstat Command 548         The lsof Command 551         The nc Command 552         The tcpdump Command 554         Additional Utilities 555     Kali Linux Utilities 555         Essential Information Gathering 555         DNS Analysis Tools 556         Host Identification Tools 557         OSINT Tools 557         Route Analysis Tools 558     Summary 559         Key Terms 559         Review Questions 559 Chapter 31 Firewalls 560     Introduction to Firewalls 560     Essentials of the iptables Command 560         Overview of Filtering Packets 561         Important Terms 563     Using iptables to Filter Incoming Packets 564         Filtering by Protocol 566         Multiple Criteria 567         Filtering Based on Destination 567         Changing the Default Policy 568         Revisiting the Original Rules 569         Saving the Rules 569     Using iptables to Filter Outgoing Packets 569     Implementing NAT 570     Summary 571         Key Terms 571         Review Questions 571 Chapter 32 Intrusion Detection 572     Introduction to Intrusion Detection Tools 572         Determining If a Security Breach Has Occurred 572         Taking Action 573     Intrusion Detection Network Tools 573         The netstat Command 573         The nmap Command 574         The tcpdump Command 575     Intrusion Detection File Tools 575         Modifying the /etc/passwd and /etc/shadow Files to Create a Backdoor 575         Creating an SUID Program to Create a Backdoor 576         Incorporating File-Change Tools in the Intrusion Detection Plan 577     Additional Intrusion Detection Tools 577     Summary 579         Key Terms 579         Review Questions 579 Chapter 33 Additional Security Tasks 580     The fail2ban Service 580     OpenVPN 581         Configuring the Certificate Authority 582         Generating the VPN Server Certificate 583         Generating the VPN Client Certificate 585         Setting Up the Basic Server 586         Setting Up the Basic Client 587     gpg 589     Security Alert Services 591     Summary 591         Key Terms 591         Review Questions 592 Appendix A Answers to Review Questions 594 Appendix B Resource Guide 604 Glossary 612 9780789759351, TOC, 6/22/2018