Part 4
|
System Security
|
|
|
|
23
|
General Thoughts on Security
|
|
24
|
Host Security
|
|
24.1
|
Security Policies
|
|
24.1.1
|
Passwords
|
|
24.1.2
|
Password Aging
|
|
24.1.3
|
Permissions
|
|
24.1.4
|
Confidentiality
|
|
24.1.5
|
Privacy
|
|
24.1.6
|
Awareness
|
|
24.2
|
Administrative Tasks to Ensure Host Security
|
|
24.2.1
|
Preparing a Backup Strategy
|
|
24.2.2
|
Setting the Default umask
|
|
24.2.3
|
Sorting Users into Groups
|
|
24.2.4
|
Keeping Track of File Permissions
|
|
24.2.5
|
Monitoring the System
|
|
24.3
|
Tripwire
|
|
24.3.1
|
Configuration
|
|
24.3.2
|
Generating the Database
|
|
24.3.3
|
Using Tripwire to monitor the system
|
|
24.3.4
|
Maintaining the Database
|
|
25
|
PAM - Pluggable Authentication Modules
|
|
25.1
|
The PAM configuration scheme
|
|
25.2
|
The configuration file syntax
|
|
25.2.1
|
Module Type
|
|
25.2.2
|
Control Flag
|
|
25.2.3
|
Module path and arguments
|
|
25.3
|
PAM modules
|
|
25.3.1
|
Set/unset environment variables: pam_env.so
|
|
25.3.2
|
Anonymous access module: pam_ftp.so
|
|
25.3.3
|
The resource limits module: pam_limits.so
|
|
25.3.4
|
The list-file module: pam_listfile.so
|
|
25.3.5
|
The mail module: pam_mail.so
|
|
25.3.6
|
The no-login module: pam_nologin.so
|
|
25.3.7
|
The promiscuous module: pam_permit.so
|
|
25.3.8
|
The rhosts module: pam_rhosts_auth.so
|
|
25.3.9
|
The root access module: pam_rootok.so
|
|
25.3.10
|
The securetty module: pam_securetty.so
|
|
25.3.11
|
The login shell module: pam_shells.so
|
|
25.3.12
|
General authentification module: pam_unix.so
|
|
25.3.13
|
Warning logger module: pam_warn.so
|
|
25.4
|
Some examples
|
|
25.4.1
|
Logging into the system
|
|
25.4.2
|
Changing the password
|
|
25.4.3
|
Run a command with substitute user and group ID
|
|
26
|
Network Security
|
|
26.1
|
Network Setup
|
|
26.1.1
|
Firewalls
|
|
26.1.2
|
Publicly Accessible Servers
|
|
26.1.3
|
Local Server
|
|
26.1.4
|
Workstations
|
|
26.2
|
The TCP Wrapper
|
|
26.2.1
|
Enabling tcpd
|
|
26.2.2
|
Configuring tcpd
|
|
27
|
The Secure Shell Client
|
|
27.1
|
Cryptography in ssh
|
|
27.2
|
Creating the public and private keys
|
|
27.3
|
Copying the public key to the server machine
|
|
27.4
|
Using ssh
|
|
27.5
|
Ssh-agent as Repository for the Passphrase
|
|
28
|
Packet Filtering with IP-Chains
|
|
29
|
The SuSE packet filter
|
|
29.1
|
Expectations from the packet filter
|
|
29.2
|
The firewall script
|
|
29.3
|
Configuration of the Packet Filter
|
|
29.3.1
|
Interface settings
|
|
29.3.2
|
Allow Routing
|
|
29.3.3
|
Outbound traffic
|
|
29.3.4
|
Inbound traffic
|