Linux Security Howto (en)
Source: http://tldp.org/HOWTO/html_single/Security-HOWTO/
- Linux Security HOWTO**
- Authors:** Kevin Fenzi, tummy.com, ltd., <kevin-securityhowto@tummy.com>; Dave Wreski, linuxsecurity.com, <dave@linuxsecurity.com>
- Version:** 2.3, January 22, 2004
- Abstract:**
This document provides a comprehensive overview of security issues relevant to Linux system administrators. It discusses the fundamental principles of security and offers specific guidance on how to enhance the security of Linux systems against unauthorized access. Additionally, it includes references to security-related resources and tools. Feedback, including improvements, constructive criticism, and corrections, is encouraged and can be sent to both authors with "Security HOWTO" as the email subject.
- Table of Contents:**
1. **Introduction**
- 1.1. New Versions of this Document - 1.2. Feedback - 1.3. Disclaimer - 1.4. Copyright Information
2. **Overview**
- 2.1. Why Do We Need Security? - 2.2. How Secure Is Secure? - 2.3. What Are You Trying to Protect? - 2.4. Developing A Security Policy - 2.5. Means of Securing Your Site - 2.6. Organization of This Document
3. **Physical Security**
- 3.1. Computer Locks - 3.2. BIOS Security - 3.3. Boot Loader Security - 3.4. xlock and vlock - 3.5. Security of Local Devices - 3.6. Detecting Physical Security Compromises
4. **Local Security**
- 4.1. Creating New Accounts - 4.2. Root Security
5. **Files and File System Security**
- 5.1. Umask Settings - 5.2. File Permissions - 5.3. Integrity Checking - 5.4. Trojan Horses
6. **Password Security and Encryption**
- 6.1. PGP and Public-Key Cryptography - 6.2. SSL, S-HTTP and S/MIME - 6.3. Linux IPSEC Implementations - 6.4. ssh (Secure Shell) and stelnet - 6.5. PAM - Pluggable Authentication Modules - 6.6. Cryptographic IP Encapsulation (CIPE) - 6.7. Kerberos - 6.8. Shadow Passwords - 6.9. "Crack" and "John the Ripper" - 6.10. CFS - Cryptographic File System and TCFS - Transparent Cryptographic File System - 6.11. X11, SVGA and Display Security
7. **Kernel Security**
- 7.1. 2.0 Kernel Compile Options - 7.2. 2.2 Kernel Compile Options - 7.3. Kernel Devices
8. **Network Security**
- 8.1. Packet Sniffers - 8.2. System Services and tcp_wrappers - 8.3. Verify Your DNS Information - 8.4. identd - 8.5. Configuring and Securing the Postfix MTA - 8.6. SATAN, ISS, and Other Network Scanners - 8.7. Sendmail, qmail and MTA's - 8.8. Denial of Service Attacks - 8.9. NFS (Network File System) Security - 8.10. NIS (Network Information Service) (formerly YP) - 8.11. Firewalls - 8.12. IP Chains - Linux Kernel 2.2.x Firewalling - 8.13. Netfilter - Linux Kernel 2.4.x Firewalling - 8.14. VPNs - Virtual Private Networks
9. **Security Preparation (before you go on-line)**
- 9.1. Make a Full Backup of Your Machine - 9.2. Choosing a Good Backup Schedule - 9.3. Testing Your Backups - 9.4. Backup Your RPM or Debian File Database - 9.5. Keep Track of Your System Accounting Data - 9.6. Apply All New System Updates
10. **What To Do During and After a Break-in**
- 10.1. Security Compromise Underway - 10.2. Security Compromise Has Already Happened
11. **Security Sources**
- 11.1. LinuxSecurity.com References - 11.2. FTP Sites - 11.3. Web Sites - 11.4. Mailing Lists - 11.5. Books - Printed Reading Material
12. **Glossary** 13. **Frequently Asked Questions** 14. **Conclusion** 15. **Acknowledgments**