Part 4
System Security
23
General Thoughts on Security
24
Host Security
24.1
Security Policies
24.1.1
Passwords
24.1.2
Password Aging
24.1.3
Permissions
24.1.4
Confidentiality
24.1.5
Privacy
24.1.6
Awareness
24.2
Administrative Tasks to Ensure Host Security
24.2.1
Preparing a Backup Strategy
24.2.2
Setting the Default umask
24.2.3
Sorting Users into Groups
24.2.4
Keeping Track of File Permissions
24.2.5
Monitoring the System
24.3
Tripwire
24.3.1
Configuration
24.3.2
Generating the Database
24.3.3
Using Tripwire to monitor the system
24.3.4
Maintaining the Database
25
PAM - Pluggable Authentication Modules
25.1
The PAM configuration scheme
25.2
The configuration file syntax
25.2.1
Module Type
25.2.2
Control Flag
25.2.3
Module path and arguments
25.3
PAM modules
25.3.1
Set/unset environment variables: pam_env.so
25.3.2
Anonymous access module: pam_ftp.so
25.3.3
The resource limits module: pam_limits.so
25.3.4
The list-file module: pam_listfile.so
25.3.5
The mail module: pam_mail.so
25.3.6
The no-login module: pam_nologin.so
25.3.7
The promiscuous module: pam_permit.so
25.3.8
The rhosts module: pam_rhosts_auth.so
25.3.9
The root access module: pam_rootok.so
25.3.10
The securetty module: pam_securetty.so
25.3.11
The login shell module: pam_shells.so
25.3.12
General authentification module: pam_unix.so
25.3.13
Warning logger module: pam_warn.so
25.4
Some examples
25.4.1
Logging into the system
25.4.2
Changing the password
25.4.3
Run a command with substitute user and group ID
26
Network Security
26.1
Network Setup
26.1.1
Firewalls
26.1.2
Publicly Accessible Servers
26.1.3
Local Server
26.1.4
Workstations
26.2
The TCP Wrapper
26.2.1
Enabling tcpd
26.2.2
Configuring tcpd
27
The Secure Shell Client
27.1
Cryptography in ssh
27.2
Creating the public and private keys
27.3
Copying the public key to the server machine
27.4
Using ssh
27.5
Ssh-agent as Repository for the Passphrase
28
Packet Filtering with IP-Chains
29
The SuSE packet filter
29.1
Expectations from the packet filter
29.2
The firewall script
29.3
Configuration of the Packet Filter
29.3.1
Interface settings
29.3.2
Allow Routing
29.3.3
Outbound traffic
29.3.4
Inbound traffic
Copyright (c) 1999 by Terrehon Bowden and Bodo Bauer
To contact the author please sent mail to
bb@bb-zone.com