hack proofing linux a Guide to Open Source Security phần 2 docx

... Changes 138 _linux_ 02 6 /20 /01 9:34 AM Page 72 44 Chapter 2 • Hardening the Operating System Administrators must also regularly test their systems using security analyzer software. Security analyzer software scans ... Bastille is written specifically to Red Hat Linux and Mandrake Linux. The specific Red Hat/Mandrake content has been generalized, and hard-code filenames are now rep...

Ngày tải lên: 08/08/2014, 21:23

... to Open Source Security ™ 1 YEAR UPGRADE BUYER PROTECTION PLAN Linux: A Guide to Open Source Security The Only Way to Stop a Hacker Is to Think Like One James Stanger Patrick T. Lane 138 _linux_ FM ... such as IBM, Compaq, and Intel. 138 _linux_ FM 6 /20 /01 9 :29 AM Page viii 14 Chapter 1 • Introduction to Open Source Security Packetstorm Packetstorm is spe...

Ngày tải lên: 08/08/2014, 21:23

... Snort’s analysis feature is able to read the contents of the captured packets and then inform you about any attacks waged against your network. ; Snort is able to automatically detect attacks based ... keep appearing in reports unless you update your database. Database update mode allows you to update the database so that it no www.syngress.com 138 _linux_ 04 6 /20 /01 9:38 AM Page 25...

Ngày tải lên: 08/08/2014, 21:23

... following if Apache is installed: apache-manual-1.3. 12- 25 apache-1.3. 12- 25 apache-devel-1.3. 12- 25 www.syngress.com 138 _linux_ 08 6 /20 /01 9:46 AM Page 421 440 Chapter 8 • Creating Virtual Private Networks because ... FreeS/WAN. If you completed a “Custom” Red Hat Linux installation with “everything” installed, you can skip this warning—all of the required Red Hat Package Manager...

Ngày tải lên: 08/08/2014, 21:23

... rules database One of the common moves by a hacker is to alter the rules database in subtle ways that make it easier for the hacker to gain access to the network. Check your rules and compare them ... problems, because it will require you to ensure that this daemon is not sub- ject to bugs that can cause a security problem. Any daemon, such as Cron, that acts automatically can...

Ngày tải lên: 08/08/2014, 21:23

... may wish to use Nmap in a network that uses a well-configured firewall or an IDS). If so, you may want to conduct scans that cannot be easily detected, or are actually able to traverse a firewall ... zombie www.syngress.com 138 _linux_ 03 6 /20 /01 9:35 AM Page 124 1 52 Chapter 3 • System Scanning and Probing ■ The ability to add an entire IP network or DNS domain to the map, a...

Ngày tải lên: 08/08/2014, 21:23

... creates its database, it is said to enter database initialization mode. 5. You can then set Tripwire to rescan these files and compare their signa- tures to the signatures stored in the database.This ... generally extends your logging capability by placing additional information into a log file or into a database. Alerting An IDS often has the ability to send alert messages to...

Ngày tải lên: 08/08/2014, 21:23

... and /var/kerberos/krb5kdc/kdc.acl files to reflect your Kerberos realm and DNS domain names.You must then add an administrative user, as well as additional principals, to the database. Using kadmin.local Because ... a Kerberos administrator uses the kadmin pro- gram to add a principal to the database. Note that the ticket does not actually contain the password. It is only signed by...

Ngày tải lên: 08/08/2014, 21:23

... Iptables package. ; Ipchains and Iptables also allow you to configure your Linux router to masquerade traffic (i.e., to rewrite IP headers so that a packet appears to originate from a certain host), and/or ... own dynamic database. If this database senses a number of ports that have been scanned in a row, the firewall can take action. Some actions the firewall can take may inclu...

Ngày tải lên: 08/08/2014, 21:23

... rules, 22 7 configuring to block users, 22 2 22 3, 22 5 important files, 22 1 22 2 installing, 22 2, 22 4 optimizing to sense attack types, 22 3 22 4, 22 6 22 7 running external commands with, 22 7 22 8 troubleshooting, ... that all Application layer data is encrypted. No passwords, usernames, or usable data www.syngress.com Chapter 7 Continued 138 _linux_ AppB 6 /20 /01 9:55 AM...

Ngày tải lên: 08/08/2014, 21:23