Always Learning

Advanced Search

Linux Essentials for Cybersecurity

Linux Essentials for Cybersecurity

William Rothwell, Denise Kinsey

Nov 2018, Paperback, 704 pages
ISBN13: 9780789759351
ISBN10: 0789759357
Special online offer - Save 30%
Was 58.99, Now 41.29Save: 17.70
  • Print pagePrint page
  • Email this pageEmail page
  • Share

ALL YOU NEED TO KNOW TO SECURE LINUX SYSTEMS, NETWORKS, APPLICATIONS, AND DATA–IN ONE BOOK


From the basics to advanced techniques: no Linux security experience necessary
Realistic examples & step-by-step activities: practice hands-on without costly equipment
The perfect introduction to Linux-based security for all students and IT professionals


Linux distributions are widely used to support mission-critical applications and manage crucial data. But safeguarding modern Linux systems is complex, and many Linux books have inadequate or outdated security coverage.


Linux Essentials for Cybersecurity is your complete solution. Leading Linux certification and security experts William “Bo” Rothwell and Dr. Denise Kinsey introduce Linux with the primary goal of enforcing and troubleshooting security. Their practical approach will help you protect systems, even if one or more layers are penetrated.


First, you’ll learn how to install Linux to achieve optimal security upfront, even if you have no Linux experience. Next, you’ll master best practices for securely administering accounts, devices, services, processes, data, and networks. Then, you’ll master powerful tools and automated scripting techniques for footprinting, penetration testing, threat detection, logging, auditing, software management, and more.


To help you earn certification and demonstrate skills, this guide covers many key topics on CompTIA Linux+ and LPIC-1 exams. Everything is organized clearly and logically for easy understanding, effective classroom use, and rapid on-the-job training.


LEARN HOW TO:


  • Review Linux operating system components from the standpoint of security
  • Master key commands, tools, and skills for securing Linux systems
  • Troubleshoot common Linux security problems, one step at a time
  • Protect user and group accounts with Pluggable Authentication
  • Modules (PAM), SELinux, passwords, and policies
  • Safeguard files and directories with permissions and attributes
  • Create, manage, and protect storage devices: both local and networked
  • Automate system security 24/7 by writing and scheduling scripts
  • Maintain network services, encrypt network connections, and secure network-accessible processes
  • Examine which processes are running–and which may represent a threat
  • Use system logs to pinpoint potential vulnerabilities
  • Keep Linux up-to-date with Red Hat or Debian software management tools
  • Modify boot processes to harden security
  • Master advanced techniques for gathering system information

Introduction xxix
Part I: Introducing Linux 2
Chapter 1 Distributions and Key Components 4
Introducing Linux 4
Linux Distributions 5
Shells 6
GUI Software 7
Installing Linux 7
Which Distro? 8
Native or Virtual Machine? 9
Installing a Distro 10
Summary 12
Key Terms 12
Review Questions 12
Chapter 2 Working on the Command Line 14
File Management 14
The Linux Filesystem 14
Command Execution 16
The pwd Command 16
The cd Command 16
The ls Command 17
File Globbing 18
The file Command 19
The less Command 19
The head Command 19
The tail Command 20
The mdkir Command 20
The cp Command 20
The mv Command 21
The rm Command 21
The rmdir Command 22
The touch Command 22
Shell Features 22
Shell Variables 22
Initialization Files 27
Alias 28
Command History 29
Redirecting Input and Output 30
Advanced Commands 33
The find Command 33
Regular Expressions 35
The grep Command 36
The sed Command 37
Compression Commands 38
Summary 40
Key Terms 40
Review Questions 41
Chapter 3 Getting Help 42
Man Pages 42
Man Page Components 42
Man Page Sections 43
Man Page Locations 46
Command Help Options 46
The help Command 46
The info Command 47
The /usr/share/doc Directory 48
Internet Resources 49
Summary 50
Key terms 50
Review Questions 51
Chapter 4 Editing Files 52
The vi Editor 52
What Is vim? 53
Essential vi Commands 54
Use Basic vi Modes 54
Entering the Insert Mode 55
Movement Commands 56
Repeater Modifiers 57
Undoing 57
Copying, Deleting, and Pasting 58
Finding Text 59
Find and Replace 60
Saving and Quitting 61
Expand Your vi Knowledge 62
Additional Editors 63
Emacs 63
gedit and kwrite 65
nano and joe 65
lime and bluefish 65
Summary 66
Key Terms 66
Review Questions 66
Chapter 5 When Things Go Wrong 68
The Science of Troubleshooting 68
Step 1: Gathering Information 69
Step 2: Determine the Likely Cause 70
Step 3: Document Your Plan of Attack (POA) 71
Step 4: Perform the Actions 71
Steps 5 and 6: Is the Problem Solved? 71
Step 7: Are There Other Problems? 71
Step 8: Store the Documentation 72
Step 9: Prevent Future Problems 72
Notifying Users 72
Pre- and Post-login Messages 72
Broadcasting Messages 77
Summary 79
Review Questions 79
Part II: User and Group Accounts 80
Chapter 6 Managing Group Accounts 82
What Are Groups Used For? 82
Primary versus Secondary Groups 82
The /etc/group File 84
Special Groups 85
User Private Groups 86
The /etc/gshadow File 88
Managing Groups 90
Creating Groups 90
Modifying Groups 91
Deleting Groups 91
Adding Users to Groups 92
Group Administrators 93
Summary 93
Key Terms 93
Review Questions 94
Chapter 7 Managing User Accounts 96
The Importance of User Accounts 96
User Account Information 96
The /etc/passwd File 97
Special Users 98
The /etc/shadow File 99
Managing Users 102
Creating Users 102
Modifying Users 105
Managing GECOS 105
Deleting Users 107
Restricted Shell Accounts 107
Network-Based User Accounts 108
Using su and sudo 108
Restricting User Accounts 111
Summary 116
Key Terms 116
Review Questions 117
Chapter 8 Develop an Account Security Policy 118
Introducing Kali Linux 118
Security Principles 119
Creating a Security Policy 120
Securing Accounts 120
Physical Security 120
Educating Users 121
Account Security 121
Security Tools 124
The john and Johnny Tools 124
The hydra tool 125
Summary 126
Review Questions 126
Part III File and Data Storage 128
Chapter 9 File Permissions 130
Standard Permissions 130
Viewing Permissions 130
Files Versus Directories 131
Changing Permissions 131
Default Permissions 132
Special Permissions 134
SUID 134
SGID 136
Sticky Bit 138
Access Control Lists (ACLs) 139
The mask Value 141
Default ACLs 141
Changing Ownership 143
chown 143
chgrp 144
File Attributes 145
Introduction to SELinux 146
Users Create Security Holes 146
Daemon Processes Create Security Holes 146
SELinux Essentials 147
Summary 149
Key Terms 150
Review Questions 150
Chapter 10 Manage Local Storage: Essentials 152
Filesystem Essentials 152
Partitions 152
Filesystems 153
Why So Many Partitions/Filesystems? 154
Which Partitions/Filesystems Should Be Created? 155
Filesystem Types 155
Managing Partitions 156
Ext-Based Filesystem Tools 161
Xfs-Based Filesystem Tools 166
Additional Filesystem Tools 170
du 170
df 170
Mounting Filesystems 170
The umount Command 171
The mount Command 171
Mounting Filesystems Manually 173
Problems Unmounting Filesystems 174
Mounting Filesystems Automatically 175
Device Descriptors 176
Mount Options 177
Mounting Removable Media 179
Swap Space 179
Creating Swap Devices 180
Summary 181
Key Terms 181
Review Questions 181
Chapter 11 Manage Local Storage: Advanced Features 184
Encrypted Filesystems 184
Managing autofs 186
Logical Volume Manager 189
Logical Volume Manager Concepts 190
LVM Essentials 192
Using Logical Volumes and Additional LVM Commands 197
Resizing Logical Volumes 201
LVM Snapshots 204
Disk Quotas 206
Setting Up a Disk Quota for a Filesystem 207
Editing, Checking, and Generating User Quota Reports 207
Hard and Soft Links 210
Why Use Links? 211
Creating Links 211
Displaying Linked Files 212
Summary 212
Key Terms 212
Review Questions 212
Chapter 12 Manage Network Storage 214
Samba 214
SAMBA Configuration 215
SAMBA Server 218
SAMBA Accounts 220
Accessing SAMBA Servers 221
Network File System 223
Configuring an NFS Server 224
Configuring an NFS Client 229
iSCSI 230
Summary 236
Key Terms 236
Review Questions 236
Chapter 13 Develop a Storage Security Policy 240
Developing the Plan 240
Backing Up Data 241
Creating a Backup Strategy 241
Standard Backup Utilities 246
Third-party Backup Utilities 250
Summary 250
Key Terms 251
Review Questions 251
Part IV: Automation 252
Chapter 14 crontab and at 254
Using crontab 254
Configure User Access to the cron Service 256
/etc/crontab 258
/etc/anacrontab 260
Using at 261
atq 261
atrm 262
Configure User Access to at Services 262
Summary 263
Key Terms 263
Review Questions 263
Chapter 15 Scripting 264
Linux Programming 264
BASH Shell Scripting 265
Perl Scripting 265
Python Scripting 266
Basics of BASH Scripting 268
Conditional Expressions 269
Flow Control Statements 271
The while Loop 272
The for Loop 272
Loop Control 272
The case Statement 272
User Interaction 273
Using Command Substitution 274
Additional Information 274
Summary 274
Key Terms 274
Review Questions 275
Chapter 16 Common Automation Tasks 276
Exploring Scripts that Already Exist on Your System 276
The /etc/cron.* Directories 276
Repositories 279
Creating Your Own Automation Scripts 280
Summary 281
Key Terms 281
Review Questions 281
Chapter 17 Develop an Automation Security Policy 282
Securing crontab and at 282
Securing BASH Scripts 283
Access to Scripts 283
Script Contents 284
Dealing with Data 284
Shell Settings 284
Shell Style 285
Summary 285
Review Questions 285
Part V: Networking 286
Chapter 18 Networking Basics 288
Network Terminology 288
IPv4 Versus IPv6 290
IPv4 Addresses 292
Determining a Network Address from an IP Address and Subnet 293
Private IP Addresses 294
Common Protocol Suites 294
Network Ports 295
Summary 297
Key Terms 297
Review Questions 297
Chapter 19 Network Configuration 298
Ethernet Network Interfaces 298
Displaying Ethernet Port Configurations 299
Changing Ethernet Port Settings 300
Network Configuration Tools 301
The arp Command 302
The route Command 303
The ip Command 304
The hostname Command 305
The host Command 305
The dig Command 306
The netstat Command 307
Persistent Network Configurations 307
The /etc/hostname File (Universal) 307
The /etc/hosts File (Universal) 307
The /etc/resolv.conf File (Universal) 308
The /etc/nsswitch.conf File (Universal) 308
The /etc/sysctl.conf File (Universal) 309
The /etc/sysconfig/network File (Red Hat) 310
The /etc/sysconfig/network-scripts/ifcfg-interface-name Files (Red Hat) 310
The /etc/network/interfaces File (Debian) 311
Network Troubleshooting Commands 311
The ping Command 311
The traceroute Command 312
The netcat Command 313
Access to Wireless Networks 314
The iwconfig Command 314
The iwlist Command 315
Summary 316
Key Terms 316
Review Questions 317
Chapter 20 Network Service Configuration: Essential Services 318
DNS Servers 318
Essential Terms 319
How Name Resolution Works 320
Basic BIND Configuration 322
Zone Files 326
Zone File Basics 326
Zone File Entries in the /etc/named.conf File 327
Zone File Syntax 328
Zone Record Types 329
Putting It All Together 333
Slave BIND Servers 335
Testing the DNS Server 336
The dig Command 336
Securing BIND 337
Sending BIND to Jail 337
Split BIND Configuration 340
Transaction Signatures 341
DHCP Server 343
DHCP Configuration Basics 344
Configuring Static Hosts 346
DHCP Log Files 347
Email Servers 347
SMTP Basics 348
Configuring Postfix 349
Managing Local Email Delivery 353
procmail Basics 354
procmail Rules 355
procmail Examples 357
mbox and Maildir Formats 357
Remote Email Delivery 358
IMAP and POP Essentials 358
The Dovecot Server 359
Summary 362
Key Terms 362
Review Questions 362
Chapter 21 Network Service Configuration: Web Services 364
Apache Web Server 364
Basic Apache Web Server Configuration 365
Starting the Apache Web Server 366
Apache Web Server Log Files 367
Enable Scripting 367
Apache Web Server Security 370
Essential Settings 370
User Authentication 372
Virtual Hosts 372
Configuring IP-Based Virtual Hosts 373
Configuring Name-Based Virtual Hosts 373
HTTPS 374
SSL Essentials 375
SSL Issues 375
Self-Signing 376
SSL and Apache 376
SSL Server Certificate 377
Apache SSL Directives 381
Proxy Servers 382
Tunneling Proxy 383
Forward Proxy 383
Reverse Proxy 383
Squid Basics 384
Nginx Configuration 387
Client Configuration 389
Summary 391
Key Terms 391
Review Questions 391
Chapter 22 Connecting to Remote Systems 394
LDAP 394
Key LDAP Terms 395
The slapd.conf File 397
Starting the LDAP Server 399
OpenLDAP Objects 401
OpenLDAP Schemas 401
OpenLDAP Database Changes 402
Using the ldapdelete Command 404
Using the ldapsearch Command 405
Using the ldappasswd Command 407
Connecting to an LDAP Server 408
FTP Servers 408
Configuring vsftpd 409
Connecting to an FTP server 412
Secure Shell 415
Configuring the Secure Shell Server 416
Secure Shell Client Commands 418
Advanced SSH Features 421
Summary 423
Key Terms 423
Review Questions 423
Chapter 23 Develop a Network Security Policy 426
Kernel Parameters 426
The /etc/sysctl.conf File 426
Ignoring ping Requests 427
Ignoring Broadcast Requests 428
Enabling TCP SYN Protection 428
Disabling IP Source Routing 428
TCP Wrappers 428
Network Time Protocol 430
Setting the System Clock Manually 430
Setting the System Time Zone Manually 432
Setting the System Date Using NTP 434
Summary 436
Key Terms 436
Review Questions 436
Part VI: Process and Log Administration 438
Chapter 24 Process Control 440
Viewing Processes 440
The ps Command 440
The pgrep Command 442
The top Command 442
The uptime Command 444
The free Command 445
Running Processes 445
Pausing and Restarting Processes 446
Killing Processes 447
The kill Command 447
The pkill Command 448
The killall Command 448
The xkill Command 449
The nohup Command 450
Process Priority 450
The nice Command 450
The renice Command 450
Summary 451
Key Terms 451
Review Questions 451
Chapter 25 System Logging 452
Syslog 452
The syslogd Daemon 452
The /var/log Directory 453
The /etc/syslog.conf File 454
Creating Your Own /etc/syslog.conf Entry 457
The logrotate Command 458
The /etc/logrotate.conf File 458
The journalctl Command 459
The /etc/systemd/journald.conf file 460
Summary 461
Key Terms 461
Review Questions 461
Part VII: Software Management 462
Chapter 26 Red Hat—Based Software Management 464
Red Hat Packages 464
How to Obtain Packages 465
The /var/lib/rpm Directory 465
Using the rpm Command 466
Listing rpm Information 466
Installing Packages with rpm 472
Removing Packages with rpm 474
rpm2cpio 475
The yum Command 475
Repositories 475
Using the yum Command 477
Additional Tools 484
Summary 484
Key Terms 485
Review Questions 485
Chapter 27 Debian-Based Software Management 486
Managing Packages with dpkg 486
Listing Package Information with dpkg 486
Installing Software with dpkg 489
Reconfiguring Software with dpkg 490
Extracting Files from a Debian Package 490
Removing Packages with the dpkg Command 491
Managing Packages with APT 492
APT Repositories 492
Creating a Source Repository 494
Listing Package Information with APT Commands 494
Installing Packages with APT Commands 496
Removing Packages with APT Commands 499
Additional APT Features 500
Summary 500
Key Terms 500
Review Questions 500
Chapter 28 System Booting 502
Phases of the Boot Process 502
The BIOS/UEFI Phase 502
The Bootloader Phase 503
The Kernel Phase 503
The Post-Kernel Phase 504
GRUB 504
Legacy GRUB Configuration 504
GRUB 2 Configuration 512
Kernel Components 517
Kernel Documentation 517
Tweaking the Kernel 517
Kernel Images 518
Kernel Modules 519
The /proc/sys Filesystem 526
The init Phase 528
Configuring Systemd 528
Summary 531
Key Terms 531
Review Questions 532
Chapter 29 Develop a Software Management Security Policy 534
Ensuring Software Security 534
Keep Packages Up to Date 534
Consider Removing Unnecessary Packages 535
Ensure You Install from Trusted Sources 536
CVE 537
Distribution-Specific Security Alerts 538
xinetd 539
Summary 540
Key Terms 540
Review Questions 541
Part VIII: Security Tasks 542
Chapter 30 Footprinting 544
Understanding Footprinting 544
Common Footprinting Tools 545
The nmap Command 545
The netstat Command 548
The lsof Command 551
The nc Command 552
The tcpdump Command 554
Additional Utilities 555
Kali Linux Utilities 555
Essential Information Gathering 555
DNS Analysis Tools 556
Host Identification Tools 557
OSINT Tools 557
Route Analysis Tools 558
Summary 559
Key Terms 559
Review Questions 559
Chapter 31 Firewalls 560
Introduction to Firewalls 560
Essentials of the iptables Command 560
Overview of Filtering Packets 561
Important Terms 563
Using iptables to Filter Incoming Packets 564
Filtering by Protocol 566
Multiple Criteria 567
Filtering Based on Destination 567
Changing the Default Policy 568
Revisiting the Original Rules 569
Saving the Rules 569
Using iptables to Filter Outgoing Packets 569
Implementing NAT 570
Summary 571
Key Terms 571
Review Questions 571
Chapter 32 Intrusion Detection 572
Introduction to Intrusion Detection Tools 572
Determining If a Security Breach Has Occurred 572
Taking Action 573
Intrusion Detection Network Tools 573
The netstat Command 573
The nmap Command 574
The tcpdump Command 575
Intrusion Detection File Tools 575
Modifying the /etc/passwd and /etc/shadow Files to Create a Backdoor 575
Creating an SUID Program to Create a Backdoor 576
Incorporating File-Change Tools in the Intrusion Detection Plan 577
Additional Intrusion Detection Tools 577
Summary 579
Key Terms 579
Review Questions 579
Chapter 33 Additional Security Tasks 580
The fail2ban Service 580
OpenVPN 581
Configuring the Certificate Authority 582
Generating the VPN Server Certificate 583
Generating the VPN Client Certificate 585
Setting Up the Basic Server 586
Setting Up the Basic Client 587
gpg 589
Security Alert Services 591
Summary 591
Key Terms 591
Review Questions 592
Appendix A Answers to Review Questions 594
Appendix B Resource Guide 604
Glossary 612
9780789759351, TOC, 6/22/2018

  • All students need to secure Linux systems, from the absolute basics to advanced hands-on techniques
  • Real-world examples and hands-on activities don’t require separate labs or expensive equipment
  • Organized for easy use in the classroom and for on-the-job security planning
  • Designed to fit especially well within Pearson’s IT Cybersecurity Curriculum

William “Bo” Rothwell At the impressionable age of 14, William “Bo” Rothwell crossed paths with a TRS-80 Micro Computer System (affectionately known as a “Trash 80”). Soon after the adults responsible for Bo made the mistake of leaving him alone with the TRS-80, he immediately dismantled it and held his first computer class, showing his friends what made this “computer thing” work.


Since this experience, Bo’s passion for understanding how computers work and sharing this knowledge with others has resulted in a rewarding career in IT training. His experience includes Linux, Unix, and programming languages such as Perl, Python, Tcl, and BASH. He is the founder and president of One Course Source, an IT training organization.


Denise Kinsey, Ph.D, CISSP, CISCO Dr. Denise Kinsey served as a Unix administrator (HP-UX) in the late 1990s and realized the power and flexibility of the operating system. This appreciation led to her home installation of different flavors of Linux and creation of several academic courses in Linux. With a strong background in cybersecurity, she works to share and implement best practices with her customers and students. Dr. Kinsey is an assistant professor at the University of Houston.