Linux Essentials for Cybersecurity

<p>Introduction xxix<br>Part I: Introducing Linux 2<br>Chapter 1 Distributions and Key Components 4<br> Introducing Linux 4<br> Linux Distributions 5<br> Shells 6<br> GUI Software 7<br> Installing Linux 7<br> Which Distro? 8<br> Native or Virtual Machine? 9<br> Installing a Distro 10<br> Summary 12<br> Key Terms 12<br> Review Questions 12<br>Chapter 2 Working on the Command Line 14<br> File Management 14<br> The Linux Filesystem 14<br> Command Execution 16<br> The pwd Command 16<br> The cd Command 16<br> The ls Command 17<br> File Globbing 18<br> The file Command 19<br> The less Command 19<br> The head Command 19<br> The tail Command 20<br> The mdkir Command 20<br> The cp Command 20<br> The mv Command 21<br> The rm Command 21<br> The rmdir Command 22<br> The touch Command 22<br> Shell Features 22<br> Shell Variables 22<br> Initialization Files 27<br> Alias 28<br> Command History 29<br> Redirecting Input and Output 30<br> Advanced Commands 33<br> The find Command 33<br> Regular Expressions 35<br> The grep Command 36<br> The sed Command 37<br> Compression Commands 38<br> Summary 40<br> Key Terms 40<br> Review Questions 41<br>Chapter 3 Getting Help 42<br> Man Pages 42<br> Man Page Components 42<br> Man Page Sections 43<br> Man Page Locations 46<br> Command Help Options 46<br> The help Command 46<br> The info Command 47<br> The /usr/share/doc Directory 48<br> Internet Resources 49<br> Summary 50<br> Key terms 50<br> Review Questions 51<br>Chapter 4 Editing Files 52<br> The vi Editor 52<br> What Is vim? 53<br> Essential vi Commands 54<br> Use Basic vi Modes 54<br> Entering the Insert Mode 55<br> Movement Commands 56<br> Repeater Modifiers 57<br> Undoing 57<br> Copying, Deleting, and Pasting 58<br> Finding Text 59<br> Find and Replace 60<br> Saving and Quitting 61<br> Expand Your vi Knowledge 62<br> Additional Editors 63<br> Emacs 63<br> gedit and kwrite 65<br> nano and joe 65<br> lime and bluefish 65<br> Summary 66<br> Key Terms 66<br> Review Questions 66<br>Chapter 5 When Things Go Wrong 68<br> The Science of Troubleshooting 68<br> Step 1: Gathering Information 69<br> Step 2: Determine the Likely Cause 70<br> Step 3: Document Your Plan of Attack (POA) 71<br> Step 4: Perform the Actions 71<br> Steps 5 and 6: Is the Problem Solved? 71<br> Step 7: Are There Other Problems? 71<br> Step 8: Store the Documentation 72<br> Step 9: Prevent Future Problems 72<br> Notifying Users 72<br> Pre- and Post-login Messages 72<br> Broadcasting Messages 77<br> Summary 79<br> Review Questions 79<br>Part II: User and Group Accounts 80<br>Chapter 6 Managing Group Accounts 82<br> What Are Groups Used For? 82<br> Primary versus Secondary Groups 82<br> The /etc/group File 84<br> Special Groups 85<br> User Private Groups 86<br> The /etc/gshadow File 88<br> Managing Groups 90<br> Creating Groups 90<br> Modifying Groups 91<br> Deleting Groups 91<br> Adding Users to Groups 92<br> Group Administrators 93<br> Summary 93<br> Key Terms 93<br> Review Questions 94<br>Chapter 7 Managing User Accounts 96<br> The Importance of User Accounts 96<br> User Account Information 96<br> The /etc/passwd File 97<br> Special Users 98<br> The /etc/shadow File 99<br> Managing Users 102<br> Creating Users 102<br> Modifying Users 105<br> Managing GECOS 105<br> Deleting Users 107<br> Restricted Shell Accounts 107<br> Network-Based User Accounts 108<br> Using su and sudo 108<br> Restricting User Accounts 111<br> Summary 116<br> Key Terms 116<br> Review Questions 117<br>Chapter 8 Develop an Account Security Policy 118<br> Introducing Kali Linux 118<br> Security Principles 119<br> Creating a Security Policy 120<br> Securing Accounts 120<br> Physical Security 120<br> Educating Users 121<br> Account Security 121<br> Security Tools 124<br> The john and Johnny Tools 124<br> The hydra tool 125<br> Summary 126<br> Review Questions 126<br>Part III File and Data Storage 128<br>Chapter 9 File Permissions 130<br> Standard Permissions 130<br> Viewing Permissions 130<br> Files Versus Directories 131<br> Changing Permissions 131<br> Default Permissions 132<br> Special Permissions 134<br> SUID 134<br> SGID 136<br> Sticky Bit 138<br> Access Control Lists (ACLs) 139<br> The mask Value 141<br> Default ACLs 141<br> Changing Ownership 143<br> chown 143<br> chgrp 144<br> File Attributes 145<br> Introduction to SELinux 146<br> Users Create Security Holes 146<br> Daemon Processes Create Security Holes 146<br> SELinux Essentials 147<br> Summary 149<br> Key Terms 150<br> Review Questions 150<br>Chapter 10 Manage Local Storage: Essentials 152<br> Filesystem Essentials 152<br> Partitions 152<br> Filesystems 153<br> Why So Many Partitions/Filesystems? 154<br> Which Partitions/Filesystems Should Be Created? 155<br> Filesystem Types 155<br> Managing Partitions 156<br> Ext-Based Filesystem Tools 161<br> Xfs-Based Filesystem Tools 166<br> Additional Filesystem Tools 170<br> du 170<br> df 170<br> Mounting Filesystems 170<br> The umount Command 171<br> The mount Command 171<br> Mounting Filesystems Manually 173<br> Problems Unmounting Filesystems 174<br> Mounting Filesystems Automatically 175<br> Device Descriptors 176<br> Mount Options 177<br> Mounting Removable Media 179<br> Swap Space 179<br> Creating Swap Devices 180<br> Summary 181<br> Key Terms 181<br> Review Questions 181<br>Chapter 11 Manage Local Storage: Advanced Features 184<br> Encrypted Filesystems 184<br> Managing autofs 186<br> Logical Volume Manager 189<br> Logical Volume Manager Concepts 190<br> LVM Essentials 192<br> Using Logical Volumes and Additional LVM Commands 197<br> Resizing Logical Volumes 201<br> LVM Snapshots 204<br> Disk Quotas 206<br> Setting Up a Disk Quota for a Filesystem 207<br> Editing, Checking, and Generating User Quota Reports 207<br> Hard and Soft Links 210<br> Why Use Links? 211<br> Creating Links 211<br> Displaying Linked Files 212<br> Summary 212<br> Key Terms 212<br> Review Questions 212<br>Chapter 12 Manage Network Storage 214<br> Samba 214<br> SAMBA Configuration 215<br> SAMBA Server 218<br> SAMBA Accounts 220<br> Accessing SAMBA Servers 221<br> Network File System 223<br> Configuring an NFS Server 224<br> Configuring an NFS Client 229<br> iSCSI 230<br> Summary 236<br> Key Terms 236<br> Review Questions 236<br>Chapter 13 Develop a Storage Security Policy 240<br> Developing the Plan 240<br> Backing Up Data 241<br> Creating a Backup Strategy 241<br> Standard Backup Utilities 246<br> Third-party Backup Utilities 250<br> Summary 250<br> Key Terms 251<br> Review Questions 251<br>Part IV: Automation 252<br>Chapter 14 crontab and at 254<br> Using crontab 254<br> Configure User Access to the cron Service 256<br> /etc/crontab 258<br> /etc/anacrontab 260<br> Using at 261<br> atq 261<br> atrm 262<br> Configure User Access to at Services 262<br> Summary 263<br> Key Terms 263<br> Review Questions 263<br>Chapter 15 Scripting 264<br> Linux Programming 264<br> BASH Shell Scripting 265<br> Perl Scripting 265<br> Python Scripting 266<br> Basics of BASH Scripting 268<br> Conditional Expressions 269<br> Flow Control Statements 271<br> The while Loop 272<br> The for Loop 272<br> Loop Control 272<br> The case Statement 272<br> User Interaction 273<br> Using Command Substitution 274<br> Additional Information 274<br> Summary 274<br> Key Terms 274<br> Review Questions 275<br>Chapter 16 Common Automation Tasks 276<br> Exploring Scripts that Already Exist on Your System 276<br> The /etc/cron.* Directories 276<br> Repositories 279<br> Creating Your Own Automation Scripts 280<br> Summary 281<br> Key Terms 281<br> Review Questions 281<br>Chapter 17 Develop an Automation Security Policy 282<br> Securing crontab and at 282<br> Securing BASH Scripts 283<br> Access to Scripts 283<br> Script Contents 284<br> Dealing with Data 284<br> Shell Settings 284<br> Shell Style 285<br> Summary 285<br> Review Questions 285<br>Part V: Networking 286<br>Chapter 18 Networking Basics 288<br> Network Terminology 288<br> IPv4 Versus IPv6 290<br> IPv4 Addresses 292<br> Determining a Network Address from an IP Address and Subnet 293<br> Private IP Addresses 294<br> Common Protocol Suites 294<br> Network Ports 295<br> Summary 297<br> Key Terms 297<br> Review Questions 297<br>Chapter 19 Network Configuration 298<br> Ethernet Network Interfaces 298<br> Displaying Ethernet Port Configurations 299<br> Changing Ethernet Port Settings 300<br> Network Configuration Tools 301<br> The arp Command 302<br> The route Command 303<br> The ip Command 304<br> The hostname Command 305<br> The host Command 305<br> The dig Command 306<br> The netstat Command 307<br> Persistent Network Configurations 307<br> The /etc/hostname File (Universal) 307<br> The /etc/hosts File (Universal) 307<br> The /etc/resolv.conf File (Universal) 308<br> The /etc/nsswitch.conf File (Universal) 308<br> The /etc/sysctl.conf File (Universal) 309<br> The /etc/sysconfig/network File (Red Hat) 310<br> The /etc/sysconfig/network-scripts/ifcfg-interface-name Files (Red Hat) 310<br> The /etc/network/interfaces File (Debian) 311<br> Network Troubleshooting Commands 311<br> The ping Command 311<br> The traceroute Command 312<br> The netcat Command 313<br> Access to Wireless Networks 314<br> The iwconfig Command 314<br> The iwlist Command 315<br> Summary 316<br> Key Terms 316<br> Review Questions 317<br>Chapter 20 Network Service Configuration: Essential Services 318<br> DNS Servers 318<br> Essential Terms 319<br> How Name Resolution Works 320<br> Basic BIND Configuration 322<br> Zone Files 326<br> Zone File Basics 326<br> Zone File Entries in the /etc/named.conf File 327<br> Zone File Syntax 328<br> Zone Record Types 329<br> Putting It All Together 333<br> Slave BIND Servers 335<br> Testing the DNS Server 336<br> The dig Command 336<br> Securing BIND 337<br> Sending BIND to Jail 337<br> Split BIND Configuration 340<br> Transaction Signatures 341<br> DHCP Server 343<br> DHCP Configuration Basics 344<br> Configuring Static Hosts 346<br> DHCP Log Files 347<br> Email Servers 347<br> SMTP Basics 348<br> Configuring Postfix 349<br> Managing Local Email Delivery 353<br> procmail Basics 354<br> procmail Rules 355<br> procmail Examples 357<br> mbox and Maildir Formats 357<br> Remote Email Delivery 358<br> IMAP and POP Essentials 358<br> The Dovecot Server 359<br> Summary 362<br> Key Terms 362<br> Review Questions 362<br>Chapter 21 Network Service Configuration: Web Services 364<br> Apache Web Server 364<br> Basic Apache Web Server Configuration 365<br> Starting the Apache Web Server 366<br> Apache Web Server Log Files 367<br> Enable Scripting 367<br> Apache Web Server Security 370<br> Essential Settings 370<br> User Authentication 372<br> Virtual Hosts 372<br> Configuring IP-Based Virtual Hosts 373<br> Configuring Name-Based Virtual Hosts 373<br> HTTPS 374<br> SSL Essentials 375<br> SSL Issues 375<br> Self-Signing 376<br> SSL and Apache 376<br> SSL Server Certificate 377<br> Apache SSL Directives 381<br> Proxy Servers 382<br> Tunneling Proxy 383<br> Forward Proxy 383<br> Reverse Proxy 383<br> Squid Basics 384<br> Nginx Configuration 387<br> Client Configuration 389<br> Summary 391<br> Key Terms 391<br> Review Questions 391<br>Chapter 22 Connecting to Remote Systems 394<br> LDAP 394<br> Key LDAP Terms 395<br> The slapd.conf File 397<br> Starting the LDAP Server 399<br> OpenLDAP Objects 401<br> OpenLDAP Schemas 401<br> OpenLDAP Database Changes 402<br> Using the ldapdelete Command 404<br> Using the ldapsearch Command 405<br> Using the ldappasswd Command 407<br> Connecting to an LDAP Server 408<br> FTP Servers 408<br> Configuring vsftpd 409<br> Connecting to an FTP server 412<br> Secure Shell 415<br> Configuring the Secure Shell Server 416<br> Secure Shell Client Commands 418<br> Advanced SSH Features 421<br> Summary 423<br> Key Terms 423<br> Review Questions 423<br>Chapter 23 Develop a Network Security Policy 426<br> Kernel Parameters 426<br> The /etc/sysctl.conf File 426<br> Ignoring ping Requests 427<br> Ignoring Broadcast Requests 428<br> Enabling TCP SYN Protection 428<br> Disabling IP Source Routing 428<br> TCP Wrappers 428<br> Network Time Protocol 430<br> Setting the System Clock Manually 430<br> Setting the System Time Zone Manually 432<br> Setting the System Date Using NTP 434<br> Summary 436<br> Key Terms 436<br> Review Questions 436<br>Part VI: Process and Log Administration 438<br>Chapter 24 Process Control 440<br> Viewing Processes 440<br> The ps Command 440<br> The pgrep Command 442<br> The top Command 442<br> The uptime Command 444<br> The free Command 445<br> Running Processes 445<br> Pausing and Restarting Processes 446<br> Killing Processes 447<br> The kill Command 447<br> The pkill Command 448<br> The killall Command 448<br> The xkill Command 449<br> The nohup Command 450<br> Process Priority 450<br> The nice Command 450<br> The renice Command 450<br> Summary 451<br> Key Terms 451<br> Review Questions 451<br>Chapter 25 System Logging 452<br> Syslog 452<br> The syslogd Daemon 452<br> The /var/log Directory 453<br> The /etc/syslog.conf File 454<br> Creating Your Own /etc/syslog.conf Entry 457<br> The logrotate Command 458<br> The /etc/logrotate.conf File 458<br> The journalctl Command 459<br> The /etc/systemd/journald.conf file 460<br> Summary 461<br> Key Terms 461<br> Review Questions 461<br>Part VII: Software Management 462<br>Chapter 26 Red Hat—Based Software Management 464<br> Red Hat Packages 464<br> How to Obtain Packages 465<br> The /var/lib/rpm Directory 465<br> Using the rpm Command 466<br> Listing rpm Information 466<br> Installing Packages with rpm 472<br> Removing Packages with rpm 474<br> rpm2cpio 475<br> The yum Command 475<br> Repositories 475<br> Using the yum Command 477<br> Additional Tools 484<br> Summary 484<br> Key Terms 485<br> Review Questions 485<br>Chapter 27 Debian-Based Software Management 486<br> Managing Packages with dpkg 486<br> Listing Package Information with dpkg 486<br> Installing Software with dpkg 489<br> Reconfiguring Software with dpkg 490<br> Extracting Files from a Debian Package 490<br> Removing Packages with the dpkg Command 491<br> Managing Packages with APT 492<br> APT Repositories 492<br> Creating a Source Repository 494<br> Listing Package Information with APT Commands 494<br> Installing Packages with APT Commands 496<br> Removing Packages with APT Commands 499<br> Additional APT Features 500<br> Summary 500<br> Key Terms 500<br> Review Questions 500<br>Chapter 28 System Booting 502<br> Phases of the Boot Process 502<br> The BIOS/UEFI Phase 502<br> The Bootloader Phase 503<br> The Kernel Phase 503<br> The Post-Kernel Phase 504<br> GRUB 504<br> Legacy GRUB Configuration 504<br> GRUB 2 Configuration 512<br> Kernel Components 517<br> Kernel Documentation 517<br> Tweaking the Kernel 517<br> Kernel Images 518<br> Kernel Modules 519<br> The /proc/sys Filesystem 526<br> The init Phase 528<br> Configuring Systemd 528<br> Summary 531<br> Key Terms 531<br> Review Questions 532<br>Chapter 29 Develop a Software Management Security Policy 534<br> Ensuring Software Security 534<br> Keep Packages Up to Date 534<br> Consider Removing Unnecessary Packages 535<br> Ensure You Install from Trusted Sources 536<br> CVE 537<br> Distribution-Specific Security Alerts 538<br> xinetd 539<br> Summary 540<br> Key Terms 540<br> Review Questions 541<br>Part VIII: Security</p>