ورود به حساب

نام کاربری گذرواژه

گذرواژه را فراموش کردید؟ کلیک کنید

حساب کاربری ندارید؟ ساخت حساب

ساخت حساب کاربری

نام نام کاربری ایمیل شماره موبایل گذرواژه

برای ارتباط با ما می توانید از طریق شماره موبایل زیر از طریق تماس و پیامک با ما در ارتباط باشید


09117307688
09117179751

در صورت عدم پاسخ گویی از طریق پیامک با پشتیبان در ارتباط باشید

دسترسی نامحدود

برای کاربرانی که ثبت نام کرده اند

ضمانت بازگشت وجه

درصورت عدم همخوانی توضیحات با کتاب

پشتیبانی

از ساعت 7 صبح تا 10 شب

دانلود کتاب Mastering Linux Security And Hardening: Protect Your Linux Systems From Intruders, Malware Attacks, And Other Cyber Threats

دانلود کتاب تسلط بر امنیت و سخت‌سازی لینوکس: از سیستم‌های لینوکس خود در برابر نفوذگران، حملات بدافزار و سایر تهدیدات سایبری محافظت کنید.

Mastering Linux Security And Hardening: Protect Your Linux Systems From Intruders, Malware Attacks, And Other Cyber Threats

مشخصات کتاب

Mastering Linux Security And Hardening: Protect Your Linux Systems From Intruders, Malware Attacks, And Other Cyber Threats

ویرایش: 2nd Edition 
نویسندگان:   
سری:  
ISBN (شابک) : 1838981772, 9781838981778 
ناشر: Packtpub 
سال نشر: 2020 
تعداد صفحات: 652 
زبان: English 
فرمت فایل : PDF (درصورت درخواست کاربر به PDF، EPUB یا AZW3 تبدیل می شود) 
حجم فایل: 18 مگابایت 

قیمت کتاب (تومان) : 29,000



ثبت امتیاز به این کتاب

میانگین امتیاز به این کتاب :
       تعداد امتیاز دهندگان : 10


در صورت تبدیل فایل کتاب Mastering Linux Security And Hardening: Protect Your Linux Systems From Intruders, Malware Attacks, And Other Cyber Threats به فرمت های PDF، EPUB، AZW3، MOBI و یا DJVU می توانید به پشتیبان اطلاع دهید تا فایل مورد نظر را تبدیل نمایند.

توجه داشته باشید کتاب تسلط بر امنیت و سخت‌سازی لینوکس: از سیستم‌های لینوکس خود در برابر نفوذگران، حملات بدافزار و سایر تهدیدات سایبری محافظت کنید. نسخه زبان اصلی می باشد و کتاب ترجمه شده به فارسی نمی باشد. وبسایت اینترنشنال لایبرری ارائه دهنده کتاب های زبان اصلی می باشد و هیچ گونه کتاب ترجمه شده یا نوشته شده به فارسی را ارائه نمی دهد.


توضیحاتی در مورد کتاب تسلط بر امنیت و سخت‌سازی لینوکس: از سیستم‌های لینوکس خود در برابر نفوذگران، حملات بدافزار و سایر تهدیدات سایبری محافظت کنید.


توضیحاتی درمورد کتاب به خارجی

From creating networks and servers to automating the entire working environment, Linux has been extremely popular with system administrators for the last couple of decades. However, security has always been a major concern. With limited resources available in the Linux security domain, this book will be an invaluable guide in helping you get your Linux systems properly secured. Complete with in-depth explanations of essential concepts, practical examples, and self-assessment questions, this book begins by helping you set up a practice lab environment and takes you through the core functionalities of securing Linux. You'll practice various Linux hardening techniques and advance to setting up a locked-down Linux server. As you progress, you will also learn how to create user accounts with appropriate privilege levels, protect sensitive data by setting permissions and encryption, and configure a firewall. The book will help you set up mandatory access control, system auditing, security profiles, and kernel hardening, and finally cover best practices and troubleshooting techniques to secure your Linux environment efficiently. By the end of this Linux security book, you will be able to confidently set up a Linux server that will be much harder for malicious actors to compromise. Source Code: https://www.packtpub.com/codedownloaderrata



فهرست مطالب

Cover......Page 1
Title Page......Page 2
Copyright and Credits......Page 3
About Packt......Page 4
Contributors......Page 5
Table of Contents......Page 7
Preface......Page 17
Section 1: Setting up a Secure Linux System......Page 23
Chapter 1: Running Linux in a Virtual Environment......Page 24
Looking at the threat landscape......Page 25
Keeping up with security news......Page 26
Differences between physical, virtual, and cloud setups......Page 27
Introducing VirtualBox and Cygwin......Page 28
Installing a virtual machine in VirtualBox......Page 29
Installing the EPEL repository on the CentOS 7 virtual machine......Page 33
Installing the EPEL repository on the CentOS 8 virtual machine......Page 34
Configuring a network for VirtualBox virtual machines......Page 35
Creating a virtual machine snapshot with VirtualBox......Page 36
Using Cygwin to connect to your virtual machines......Page 37
Installing Cygwin on your Windows host......Page 38
Using Windows 10 Pro Bash shell to interface with Linux virtual machines......Page 39
Cygwin versus Windows Bash shell......Page 41
Keeping the Linux systems updated......Page 42
Configuring auto updates for Ubuntu......Page 43
Updating Red Hat 7-based systems......Page 46
Updating Red Hat 8-based systems......Page 50
Managing updates in an enterprise......Page 52
Questions......Page 53
Further reading......Page 54
Chapter 2: Securing User Accounts......Page 55
The dangers of logging in as the root user......Page 56
The advantages of using sudo......Page 57
Adding users to a predefined admin group......Page 58
Creating an entry in the sudo policy file......Page 61
Setting up sudo for users with only certain delegated privileges......Page 62
Hands-on lab for assigning limited sudo privileges......Page 66
Advanced tips and tricks for using sudo......Page 67
View your sudo privileges......Page 68
Hands-on lab for disabling the sudo timer......Page 69
Preventing users from having root shell access......Page 70
Preventing users from using shell escapes......Page 71
Limiting the user\'s actions with commands......Page 72
Letting users run as other users......Page 73
Preventing abuse via user\'s shell scripts......Page 74
Detecting and deleting default user accounts......Page 76
Locking down users\' home directories the Red Hat or CentOS way......Page 77
useradd on Debian/Ubuntu......Page 78
adduser on Debian/Ubuntu......Page 80
Hands-on lab for configuring adduser......Page 81
Enforcing strong password criteria......Page 82
Installing and configuring pwquality......Page 83
Hands-on lab for setting password complexity criteria......Page 86
Setting and enforcing password and account expiration......Page 87
Configuring default expiry data for useradd for Red Hat or CentOS only......Page 89
Setting expiry data on a per-account basis with useradd and usermod......Page 90
Setting expiry data on a per-account basis with chage......Page 92
Hands-on lab for setting account and password expiry data......Page 94
Configuring the pam_tally2 PAM ......Page 95
Hands-on lab for configuring pam_tally2......Page 97
Using usermod to lock a user account......Page 98
Using passwd to lock user accounts......Page 99
Locking the root user account......Page 100
Using the motd file......Page 101
Using the issue file......Page 103
Detecting compromised passwords......Page 104
Hands-on lab for detecting compromised passwords......Page 107
Microsoft Active Directory......Page 109
FreeIPA/Identity Management on RHEL/CentOS......Page 110
Questions......Page 112
Further reading......Page 115
Chapter 3: Securing Your Server with a Firewall - Part 1......Page 116
An overview of firewalld......Page 117
An overview of iptables......Page 118
Mastering the basics of iptables......Page 119
Blocking ICMP with iptables......Page 123
Blocking everything that isn\'t allowed with iptables......Page 126
Hands-on lab for basic iptables usage......Page 129
Blocking invalid packets with iptables......Page 130
Hands-on lab for blocking invalid IPv4 packets......Page 137
Protecting IPv6......Page 139
Hands-on lab for ip6tables......Page 143
Uncomplicated firewall for Ubuntu systems......Page 144
Configuring ufw......Page 145
Working with the ufw configuration files......Page 146
Hands-on lab for basic ufw usage......Page 150
Summary......Page 151
Questions......Page 152
Further reading......Page 153
Technical requirements......Page 154
nftables – a more universal type of firewall system......Page 155
Configuring nftables on Ubuntu 16.04......Page 156
Configuring nftables on Ubuntu 18.04......Page 157
Using nft commands......Page 161
Hands-on lab for nftables on Ubuntu......Page 167
firewalld for Red Hat systems......Page 169
Working with firewalld zones......Page 170
Adding services to a firewalld zone......Page 174
Adding ports to a firewalld zone......Page 179
Blocking ICMP......Page 180
Using panic mode......Page 183
Logging dropped packets......Page 184
Using firewalld rich language rules......Page 186
Looking at iptables rules in RHEL/CentOS 7 firewalld......Page 188
Creating direct rules in RHEL/CentOS 7 firewalld......Page 190
Looking at nftables rules in RHEL/CentOS 8 firewalld......Page 193
Hands-on lab for firewalld commands......Page 194
Summary......Page 197
Questions......Page 198
Further reading......Page 199
Chapter 5: Encryption Technologies......Page 200
GNU Privacy Guard (GPG)......Page 201
Hands-on lab – creating your GPG keys......Page 202
Hands-on lab – symmetrically encrypting your own files......Page 205
Hands-on lab – encrypting files with public keys......Page 208
Hands-on lab – signing a file without encryption......Page 212
Encrypting partitions with Linux Unified Key Setup (LUKS)......Page 213
Disk encryption during operating system installation......Page 214
Hands-on lab – adding an encrypted partition with LUKS......Page 216
Configuring the LUKS partition to mount automatically......Page 220
Hands-on lab – configuring the LUKS partition to mount automatically......Page 221
Home directory and disk encryption during Ubuntu installation......Page 223
Creating a private directory within an existing home directory......Page 226
Hands-on lab – encrypting other directories with eCryptfs......Page 228
Using VeraCrypt for cross-platform sharing of encrypted containers......Page 231
Hands-on lab – getting and installing VeraCrypt......Page 232
Hands-on lab – creating and mounting a VeraCrypt volume in console mode......Page 233
Using VeraCrypt in GUI mode......Page 235
OpenSSL and the public key infrastructure......Page 236
Commercial certificate authorities......Page 237
Creating a self-signed certificate with an RSA key......Page 241
Creating an RSA key and a Certificate Signing Request......Page 243
Creating an EC key and a CSR......Page 245
Hands-on lab – setting up a Dogtag CA......Page 247
Hands-on lab – exporting and importing the Dogtag CA certificate......Page 252
OpenSSL and the Apache web server......Page 254
Hardening Apache SSL/TLS on Ubuntu......Page 255
Hardening Apache SSL/TLS on RHEL 8/CentOS 8......Page 256
Hardening Apache SSL/TLS on RHEL 7/CentOS 7......Page 259
Summary......Page 260
Questions......Page 261
Further reading......Page 262
Chapter 6: SSH Hardening......Page 264
Ensuring that SSH protocol 1 is disabled......Page 265
Creating a user\'s SSH key set......Page 266
Transferring the public key to the remote server......Page 270
Hands-on lab – creating and transferring SSH keys......Page 272
Disabling root user login......Page 273
Disabling username/password logins......Page 274
Hands-on lab – disabling root login and password authentication......Page 275
Configuring Secure Shell with strong encryption algorithms......Page 276
Understanding SSH encryption algorithms......Page 277
Scanning for enabled SSH algorithms......Page 279
Hands-on lab – installing and using ssh_scan......Page 280
Disabling weak SSH encryption algorithms......Page 282
Hands-on lab – disabling weak SSH encryption algorithms – Ubuntu 18.04......Page 283
Hands-on lab – disabling weak SSH encryption algorithms – CentOS 7......Page 284
Setting system-wide encryption policies on RHEL 8/CentOS 8......Page 286
Hands-on lab – setting encryption policies on CentOS 8......Page 287
Configuring more detailed logging......Page 289
Hands-on lab – configuring more verbose SSH logging......Page 290
Configuring access control with whitelists and TCP Wrappers......Page 291
Hands-on lab – configuring whitelists within sshd_config......Page 292
Configuring whitelists with TCP Wrappers......Page 294
Configuring automatic logout for both local and remote users......Page 295
Creating a pre-login security banner......Page 296
Configuring other miscellaneous security settings......Page 297
Disabling SSH tunneling......Page 298
Changing the default SSH port......Page 299
Managing SSH keys......Page 300
Creating different configurations for different hosts......Page 304
Setting up a chroot environment for SFTP users......Page 305
Creating a group and configuring the sshd_config file......Page 306
Hands-on lab – setting up a chroot directory for the sftpusers group......Page 307
Hands-on lab – sharing a directory with SSHFS......Page 309
Remotely connecting from Windows desktops......Page 311
Summary......Page 314
Questions......Page 315
Further reading......Page 317
Section 2: Mastering File and Directory Access Control (DAC)......Page 319
Chapter 7: Mastering Discretionary Access Control......Page 320
Using chown to change ownership of files and directories......Page 321
Using chmod to set permissions on files and directories......Page 323
Setting permissions with the numerical method......Page 324
Using SUID and SGID on regular files......Page 326
Finding spurious SUID or SGID files......Page 328
Hands-on lab – searching for SUID and SGID files......Page 330
Using extended file attributes to protect sensitive files......Page 331
Setting the a attribute......Page 333
Setting the i attribute......Page 334
Hands-on lab – setting security-related extended file attributes......Page 335
Securing system configuration files......Page 336
Questions......Page 339
Further reading......Page 342
Chapter 8: Access Control Lists and Shared Directory Management......Page 343
Creating an ACL for either a user or a group......Page 344
Creating an inherited ACL for a directory......Page 347
Removing a specific permission by using an ACL mask......Page 349
Using the tar --acls option to prevent the loss of ACLs during a backup......Page 350
Creating a user group and adding members to it......Page 352
Using usermod to add an existing user to a group......Page 353
Adding users to a group by editing the /etc/group file......Page 354
Creating a shared directory......Page 355
Setting the SGID bit and the sticky bit on the shared directory......Page 356
Setting the permissions and creating the ACL......Page 359
Hands-on lab – creating a shared group directory......Page 361
Summary......Page 362
Questions......Page 363
Further reading......Page 365
Section 3: Advanced System Hardening Techniques......Page 366
Chapter 9: Implementing Mandatory Access Control with SELinux and AppArmor......Page 367
How SELinux can benefit a systems administrator......Page 368
Setting security contexts for files and directories......Page 369
Installing the SELinux tools......Page 371
Creating web content files with SELinux enabled......Page 372
Using chcon......Page 375
Using restorecon......Page 376
Using semanage......Page 377
Hands-on lab – SELinux type enforcement......Page 379
Troubleshooting with setroubleshoot......Page 380
Viewing setroubleshoot messages......Page 381
Using the graphical setroubleshoot utility......Page 382
Troubleshooting in permissive mode......Page 384
Viewing Booleans......Page 387
Configuring the Booleans......Page 389
Protecting your web server......Page 390
Protecting network ports......Page 391
Creating custom policy modules......Page 394
Hands-on lab – SELinux Booleans and ports......Page 396
How AppArmor can benefit a systems administrator......Page 397
Looking at AppArmor profiles......Page 398
Working with AppArmor command-line utilities......Page 401
Troubleshooting an AppArmor profile – Ubuntu 16.04......Page 405
Troubleshooting an AppArmor profile – Ubuntu 18.04......Page 408
Hands-on lab – Troubleshooting an AppArmor profile......Page 409
Exploiting a system with an evil Docker container......Page 410
Hands-on lab – Creating an evil Docker container......Page 411
Summary......Page 413
Questions......Page 414
Further reading......Page 416
Chapter 10: Kernel Hardening and Process Isolation......Page 417
Looking at user-mode processes......Page 418
Looking at kernel information......Page 420
Setting kernel parameters with sysctl......Page 422
Configuring sysctl.conf – Ubuntu......Page 424
Configuring sysctl.conf – CentOS......Page 427
Setting additional kernel-hardening parameters......Page 428
Hands-on lab – scanning kernel parameters with Lynis......Page 429
Preventing users from seeing each others\' processes......Page 432
Understanding process isolation......Page 433
Understanding Control Groups (cgroups)......Page 434
Understanding namespace isolation......Page 438
Understanding kernel capabilities......Page 439
Hands-on lab – setting a kernel capability......Page 443
Understanding SECCOMP and system calls......Page 445
Using process isolation with Docker containers......Page 446
Sandboxing with Firejail......Page 447
Hands-on lab – using Firejail......Page 450
Sandboxing with Snappy......Page 451
Sandboxing with Flatpak......Page 456
Questions......Page 459
Answers......Page 461
Further reading......Page 462
Chapter 11: Scanning, Auditing, and Hardening......Page 464
Installing and updating ClamAV and maldet......Page 465
Hands-on lab – installing ClamAV and maldet......Page 466
Hands-on lab – configuring maldet......Page 468
Updating ClamAV and maldet......Page 470
Scanning with ClamAV and maldet......Page 472
Scanning for rootkits with Rootkit Hunter......Page 473
Hands-on lab – installing and updating Rootkit Hunter......Page 474
Scanning for rootkits......Page 475
Analyze a file with strings......Page 476
Scanning the malware with VirusTotal......Page 478
Understanding the auditd daemon......Page 479
Auditing a file for changes......Page 480
Auditing a directory......Page 483
Auditing system calls......Page 484
Searching for file change alerts......Page 485
Searching for directory access rule violations......Page 488
Searching for system call rule violations......Page 493
Generating authentication reports......Page 495
Using predefined rulesets......Page 496
Hands-on lab – using auditd......Page 498
Installing OpenSCAP......Page 500
Viewing the profile files......Page 501
Scanning the system......Page 503
Remediating the system......Page 505
Using SCAP Workbench......Page 507
Using the OpenSCAP daemon on Ubuntu 18.04......Page 511
Choosing an OpenSCAP profile......Page 515
Applying an OpenSCAP profile during system installation......Page 516
Questions......Page 519
Further reading......Page 521
Chapter 12: Logging and Log Security......Page 522
Understanding the Linux system log files......Page 523
The system log and the authentication log......Page 524
The utmp, wtmp, btmp, and lastlog files......Page 527
Understanding rsyslog......Page 529
Understanding rsyslog logging rules......Page 530
Understanding journald......Page 532
Hands-on lab – installing Logwatch......Page 535
Hands-on lab – setting up a basic log server......Page 537
Creating a stunnel connection on CentOS 8 – server side ......Page 539
Creating an stunnel connection on CentOS 8 – client side......Page 541
Creating a stunnel connection on Ubuntu – server side......Page 542
Creating a stunnel connection on Ubuntu – client side......Page 543
Separating client messages into their own files......Page 544
Summary......Page 545
Questions......Page 546
Further reading......Page 547
Chapter 13: Vulnerability Scanning and Intrusion Detection......Page 549
Obtaining and installing Snort......Page 550
Hands-on lab – installing Snort on CentOS 7......Page 551
Graphical interfaces for Snort......Page 553
Using Security Onion......Page 554
Hands-on lab – installing Security Onion......Page 555
IPFire and its built-in Intrusion Prevention System (IPS)......Page 562
Hands-on lab – creating an IPFire virtual machine......Page 563
Installing Lynis on Ubuntu......Page 569
Scanning with Lynis......Page 570
Finding vulnerabilities with OpenVAS......Page 575
Nikto in Kali Linux......Page 584
Scanning a web server with Nikto......Page 586
Questions......Page 589
Further reading......Page 591
Chapter 14: Security Tips and Tricks for the Busy Bee......Page 592
Auditing system services with systemctl......Page 593
Auditing network services with netstat......Page 594
Hands-on lab – viewing network services with netstat......Page 600
Auditing network services with Nmap......Page 601
Port states......Page 602
Scan types......Page 603
Hands-on lab – scanning with Nmap......Page 607
Password protecting the GRUB 2 bootloader......Page 608
Hands-on lab – resetting the password for Red Hat/CentOS......Page 610
Hands-on lab – resetting the password for Ubuntu......Page 613
Preventing kernel parameter edits on Red Hat/CentOS......Page 614
Preventing kernel parameter edits on Ubuntu......Page 615
Disabling the submenu for Ubuntu......Page 618
Password protecting boot option steps for both Ubuntu and Red Hat......Page 619
Securely configuring BIOS/UEFI......Page 623
Using a security checklist for system setup......Page 626
Questions......Page 629
Further reading......Page 631
Assessments......Page 632
Other Books You May Enjoy......Page 638
Index......Page 641




نظرات کاربران