Table of Contents Practical Linux Security Cookbook Credits About the Author About the Reviewer www.PacktPub.com eBooks, discount offers, and more Why Subscribe? Preface What this book covers What you need for this book Who this book is for Sections Getting ready How to it… How it works… There's more… See also Conventions Reader feedback Customer support Downloading the example code Downloading the color images of this book Errata Piracy Questions Linux Security Problems Introduction The security policy of Linux Developing a security policy Configuring password protection How to it… How it works… Configuring server security How to it… How it works… There's more… Security controls Conducting integrity checks of the installation medium using checksum Getting ready How to it… How it works… See also Using the LUKS disk encryption Getting ready How to it… How it works… Making use of sudoers – configuring sudo access Getting ready How to it… How it works… There's more… Vulnerability assessment Scanning hosts with Nmap Getting ready How to it… How it works… See also Gaining a root on a vulnerable Linux system Getting ready How to it… How it works There's more… Null or default passwords IP spoofing Eavesdropping Service vulnerabilities Denial of Service (DoS) attack Configuring a Secure and Optimized Kernel Introduction Requirements for building and using a kernel Creating a USB boot media Getting ready How to it… How it works… Retrieving a kernel source Getting ready How to it… How it works… Configuring and building a kernel Getting ready How to it… How it works… Installing and booting from a kernel Getting ready How to it… How it works… Testing and debugging a kernel Configuring a console for debugging using Netconsole Getting ready How to it… How it works There's more… Debugging a kernel on boot How to it… Local Filesystem Security Viewing file and directory details using the ls command Getting ready How to it… How it works… Changing the file permissions using the chmod command Getting ready How to it… How it works… There's more Implementing access control list (ACL) Getting ready How to it… There's more… File handling using the mv command (moving and renaming) Getting ready… How it works… There's more… Install and configure a basic LDAP server on Ubuntu Getting ready How to it… How it works… Local Authentication in Linux User authentication and logging Getting Started How to it How it works Limiting the login capabilities of users Getting ready How to it How it works Monitoring user activity using acct Getting started How to it? How it works Login authentication using a USB device and PAM Getting ready How to it… How it works There's more Defining user authorization controls Getting started How to it How it works Remote Authentication Remote server/host access using SSH Getting ready How to it… How it works… Disabling or enabling SSH root login Getting ready How to it… How it works… There's more… Restricting remote access with key-based login into SSH Getting ready How to it How it works Copying files remotely Getting ready How to it How it works Setting up a Kerberos server with Ubuntu Getting ready How to it How it works Network Security Managing the TCP/IP network Getting ready How to it How it works Using Iptables to configure a firewall Getting Ready How to it How it works Blocking spoofed addresses Getting Ready How to it How it works Blocking incoming traffic Getting Ready How to it How it works Configuring and using the TCP Wrapper Getting Ready How to it? How it works Security Tools Linux sXID Getting Ready How to it How it works PortSentry Getting Ready How to it? How it works Using Squid proxy Getting Ready How to it How it works OpenSSL Server Getting Ready How to it How it works Tripwire Getting Ready How to it How it works Shorewall Getting ready How to it How it works Linux Security Distros Kali Linux Getting ready How to it How it works pfSense Getting ready How to it How it works DEFT – Digital Evidence and Forensic Toolkit Getting ready How to it How it works NST – Network Security Toolkit Getting ready How to it How it works Helix Getting ready How to it? How it works Patching a Bash Vulnerability Understanding the bash vulnerability through Shellshock Getting Ready How to it… How it works… Shellshock's security issues Getting Ready How to it… How it works… The patch management system Getting ready How to it… How it works… Applying patches on the Linux systems Getting ready How to it How it works 10 Security Monitoring and Logging Viewing and managing log files using Logcheck Getting ready How to it… How it works… Monitoring a network using Nmap Getting ready How to it… How it works… Using glances for system monitoring Getting ready How to it… How it works… Monitoring logs using MultiTail Getting ready How to it… How it works… Using system tools – Whowatch Getting ready How to it… How it works Using system tools – stat Getting ready How to it… How it works Using system tools – lsof Getting ready How to it… How it works Using system tools – strace Getting ready How to it… How it works Using Lynis Getting ready How to it… How it works Index Practical Linux Security Cookbook Practical Linux Security Cookbook Copyright © 2016 Packt Publishing All rights reserved No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews Every effort has been made in the preparation of this book to ensure the accuracy of the information presented However, the information contained in this book is sold without warranty, either express or implied Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals However, Packt Publishing cannot guarantee the accuracy of this information First published: April 2016 Production reference: 1260416 Published by Packt Publishing Ltd Livery Place 35 Livery Street Birmingham B3 2PB, UK ISBN 978-1-78528-642-1 www.packtpub.com Using Lynis Monitoring log files on Linux manually is a very tedious task To make it easy, we can use auditing tools on our Linux system, which will be able to automatically scan the whole system for any kind of security issues Lynis is easy to use and we can get a security report in a faster duration of time This is helpful when scanning Linux systems for vulnerabilities and malwares Getting ready To use Lynis, it's not necessary to install it If you are using an Ubuntu system, you can use apt-get to install the Lynis package: apt-get install lynis When the preceding command is run, we get the following output: For other Linux distributions, simply download the package from https://cisofy.com/download/lynis/ After downloading it, you just need to use /lynis audit system and the scan will start How to it… Using Lynis is very simple Just start the scanning process and everything will be done automatically Let's explore the working of the tool now: To start the scan, just type this command: lynis -c When the preceding command is run, we get the following output: Once we run the preceding command, scanning will start and it will continue for some time, depending on the packages it finds on the system The scan includes different sections, such as system tools, kernel, filesystem, and many more Once the scan has been completed, we can see an overview of the details at the end of the output screen: After the scanning is done, a report is generated and saved in the /var/log/lynis.log file When we read the content of this file, we get an output similar to what is shown here: We can scroll through the log file and see which tests Lynis has performed In the preceding report, what needs our attention are the entries containing the word Warning Hence we can run the given command to find all the lines in the report that contain this word: grep Warning /var/log/lynis.log When the preceding command is run, we get the following output: As we have done for Warning, in the same way, we can find all the lists of all the Suggestion given by Lynis using this command: grep Suggestion /var/log/lynis.log When the preceding command is run, we get the following output: We can also check Warning and Suggestion by scrolling to the end of the report in the /var/log/lynis.log file We will see a result similar to what is shown here: How it works The Lynis scan can be started by executing the lynis -c command Nothing needs to be done while the scan is running After the completion of the scan, the report is saved in the /var/log/lynis.log file We find some lines in the report that contain the word Warning and Suggestion as these are lines that need our attention according to the requirements of Lynis Index A access control list (ACL) implementing / Implementing access control list (ACL), How to it…, There's more… acct used, for monitoring user activity / Monitoring user activity using acct, Getting started, How to it?, How it works reference link / Getting started Adepto / How to it? B bandwidthd / How to it bash vulnerability, through Shellshock exploring / Understanding the bash vulnerability through Shellshock, How to it… C Certificate Signing Request(CSR) / How to it Change Mode (chmod) command used, for changing file permissions / Changing the file permissions using the chmod command, How to it… Channel Connection (SSH) / How to it… checksum used, for conducting integrity checks of installation medium / Conducting integrity checks of the installation medium using checksum, How to it…, See also D Denial of Service (DoS) / Blocking spoofed addresses Destination Unreachable ICMP packets / How to it , How it works Digital Evidence and Forensic Toolkit (DEFT) about / DEFT – Digital Evidence and Forensic Toolkit download link / Getting ready using / How to it , How it works directory details viewing, with ls command / Getting ready, How to it…, How it works… disengage Network Manager / How to it E eavesdropping about / Eavesdropping service vulnerabilities / Service vulnerabilities Denial of Service (DoS) attack / Denial of Service (DoS) attack EchoICMP packets / How it works F file handling, with move (mv) command / File handling using the mv command (moving and renaming), How it works…, There's more… file details viewing, with ls command / Getting ready, How to it…, How it works… file permissions changing, with Change Mode (chmod) command / Changing the file permissions using the chmod command, How to it…, There's more files copying remotely / Copying files remotely, How to it , How it works firewall configuring, IP tables used / Using Iptables to configure a firewall, How to it G Git tool / Getting ready glance used, for system monitoring / Using glances for system monitoring, How to it… GtkHash about / See also reference link / See also H Helix about / Helix reference link / Getting ready using / How to it?, How it works hosts scanning, with Nmap / Scanning hosts with Nmap, How to it…, How it works… Host Unreachable ICMP packet / How to it I incoming traffic blocking / Blocking incoming traffic, How to it , How it works integrity checks, of installation medium conducting, checksum used / Conducting integrity checks of the installation medium using checksum, How to it… Intrusion Detection System (IDS) / Tripwire Iptables / Getting Ready IP tables used, for configuring firewall / Using Iptables to configure a firewall, How to it K Kali 2.0 download link / Getting ready Kali Linux about / Kali Linux using / How to it , How it works Kerberos server setting up, Ubuntu used / Setting up a Kerberos server with Ubuntu, How to it , How it works kernel using, requisites / Requirements for building and using a kernel building, requisites / Requirements for building and using a kernel configuring / Configuring and building a kernel, How to it…, How it works… building / Configuring and building a kernel, How to it…, How it works… installing / Installing and booting from a kernel, How to it…, How it works… booting from / Installing and booting from a kernel, How to it…, How it works… debugging / Testing and debugging a kernel testing / Testing and debugging a kernel kernel, on boot debugging / Debugging a kernel on boot, How to it… kernel source about / Retrieving a kernel source retrieving / Retrieving a kernel source, How to it…, How it works… key-based authentication into SSH used, for restricting remote access / Restricting remote access with key-based login into SSH, How to it L LDAP server installing, on Ubuntu / Install and configure a basic LDAP server on Ubuntu, How to it…, How it works… configuring, on Ubuntu / Install and configure a basic LDAP server on Ubuntu, How to it… Linux security policy / The security policy of Linux patches, applying on / Applying patches on the Linux systems Linux kernel URL / How to it… download, URL / How to it… Linux Unified Key Setup (LUKS) disk encryption about / Using the LUKS disk encryption functionalities / Using the LUKS disk encryption using / How to it…, How it works… Logcheck used, for viewing log files / Viewing and managing log files using Logcheck, How to it…, How it works… used, for managing log files / Viewing and managing log files using Logcheck, How to it…, How it works… about / Viewing and managing log files using Logcheck log files viewing, Logcheck used / Viewing and managing log files using Logcheck, How to it…, How it works… managing, Logcheck used / Viewing and managing log files using Logcheck, How to it…, How it works… login authentication PAM, using / Login authentication using a USB device and PAM, How to it…, There's more USB device, using / Login authentication using a USB device and PAM, How to it…, How it works , There's more login capabilities, of users limiting / Limiting the login capabilities of users, How to it , How it works Logs monitoring, with MultiTail / Monitoring logs using MultiTail, How to it…, How it works… ls command used, for viewing file details / Viewing file and directory details using the ls command, How to it…, How it works… used, for viewing directory details / Viewing file and directory details using the ls command, How to it…, How it works… lsof command using / Using system tools – lsof, How to it…, How it works about / Using system tools – lsof Lubuntu / DEFT – Digital Evidence and Forensic Toolkit Lynis using / Using Lynis, How to it…, How it works about / Using Lynis download link / Getting ready M Metasploitable about / Gaining a root on a vulnerable Linux system reference link / Getting ready move (mv) command used, for file handling / File handling using the mv command (moving and renaming), How it works…, There's more… MultiTail used, for monitoring Logs / Monitoring logs using MultiTail, Getting ready, How to it…, How it works… N Netcat URL / There's more… Netconsole used, for console configuration for debugging / Configuring a console for debugging using Netconsole, Getting ready, How to it…, There's more… network monitoring, Nmap used / Monitoring a network using Nmap, How to it…, How it works… Network Security Toolkit (NST) about / NST – Network Security Toolkit reference link / Getting ready using / How to it , How it works Nmap used, for scanning hosts / Scanning hosts with Nmap, How to it…, How it works… installation link / Getting ready reference link / See also used, for monitoring network / Monitoring a network using Nmap, How to it…, How it works… O Octal representation / There's more OpenSSH / How to it… OpenSSL Server about / OpenSSL Server using / Getting Ready, How to it , How it works P PAM used, for login authentication / Login authentication using a USB device and PAM, How to it…, How it works , There's more password protection configuring / Configuring password protection, How to it… creation policy / How to it… policy, steps / How to it… change policy / How to it… patches applying, on Linux system / Applying patches on the Linux systems, How to it , How it works patch management system about / The patch management system, How to it…, How it works… pfSense about / pfSense download link / Getting ready using / How to it , How it works Port Sentry about / PortSentry usage, implementing / Getting Ready, How to it?, How it works R remote access restricting, with key-based authentication into SSH / Restricting remote access with key-based login into SSH, How to it remote server/host access gaining, SSH used / Getting ready, How to it…, How it works… root account / Getting Ready S Secure File Transfer Protocol (SFTP) / How it works Secure Sockets Layer(SSL) / OpenSSL Server security controls about / Security controls security issues, Shellshock exploiting, through SSH / Shellshock's security issues, How to it…, How it works… security policy, Linux about / The security policy of Linux developing / Developing a security policy server security configuring / Configuring server security, How to it…, How it works… general policy / How to it… configuration policy / How to it… monitoring policy / How to it… Set Group ID up on execution (SGID) / Linux sXID Set owner User ID (SUID) / Linux sXID Shorewall about / Shorewall using / Getting ready, How to it working / How it works Software Development Cycle (SDC) / Testing and debugging a kernel spoofed addresses blocking / Blocking spoofed addresses, How to it , How it works Squid proxy about / Using Squid proxy using / Using Squid proxy, Getting Ready installing / How to it configuring / How to it working / How it works SSH used, for remote server/host access / Remote server/host access using SSH, How to it… SSH root login enabling / Disabling or enabling SSH root login, Getting ready, How to it…, How it works… disabling / Disabling or enabling SSH root login, How to it…, There's more… stat command using / Using system tools – stat, How to it…, How it works strace about / Using system tools – strace using / Getting ready, How to it…, How it works sudo access configuring / Making use of sudoers – configuring sudo access, How to it…, How it works… sudoers using / Making use of sudoers – configuring sudo access, How to it… vulnerability assessment / Vulnerability assessment sXid about / Linux sXID using / Getting Ready, How to it system monitoring glance, using / Using glances for system monitoring, How to it… system tools Whowatch, using / Using system tools – Whowatch stat command, using / Using system tools – stat strace / Using system tools – strace Lynis / Using Lynis T TCP/IP network managing / Managing the TCP/IP network, How to it , How it works TCP wrapper configuring / Configuring and using the TCP Wrapper, How to it?, How it works using / Configuring and using the TCP Wrapper, Getting Ready, How to it?, How it works Time Exceeded ICMP packets / How to it , How it works Transport Layer Security(TLS) / OpenSSL Server Tripwire about / Tripwire installing / How to it configuring / How to it U Ubuntu LDAP server, installing / Install and configure a basic LDAP server on Ubuntu, How to it…, How it works… LDAP server, configuring / Install and configure a basic LDAP server on Ubuntu, How to it…, How it works… installation link / Getting ready used, for setting up Kerberos server / Setting up a Kerberos server with Ubuntu, How to it UbuntuHashes reference link / How to it… USB boot media creating / Creating a USB boot media, How it works… USB device used, for login authentication / Login authentication using a USB device and PAM, How to it…, How it works , There's more user activity monitoring, acct used / Monitoring user activity using acct, Getting started, How to it?, How it works user authorization controls defining / Defining user authorization controls, How to it , How it works users authentication / User authentication and logging, How to it , How it works logging / User authentication and logging, How to it , How it works login capabilities, limiting / Limiting the login capabilities of users, How to it , How it works V vulnerable Linux system root, gaining / Gaining a root on a vulnerable Linux system, How to it…, How it works common exploits and attacks / There's more… null passwords / Null or default passwords default passwords / Null or default passwords IP spoofing / IP spoofing eavesdropping / Eavesdropping W Whowatch about / Using system tools – Whowatch using / Using system tools – Whowatch, How to it…, How it works ... packages after the installation has been completed, we can start working on the security aspect of the software and the services provided by the Linux machine The security policy of Linux A security. .. and the security issues that can arise with its presence The chapter also tells the reader how to use the Linux Patch Management system to secure their machine and also gives them an understanding... readers should have a basic understanding of the Linux filesystem and administration They should be aware of the basic commands of Linux, and knowledge about information security would be an added advantage