Barrett D.J., Byrnes R.G., Silverman R. — Linux Security Cookbook :: Электронная библиотека попечительского совета мехмата МГУ

Главная Ex Libris Книги Журналы Статьи Серии Каталог Wanted Загрузка ХудЛит Справка Поиск по индексам Поиск Форум

Авторизация

Поиск по указателям

Barrett D.J., Byrnes R.G., Silverman R. — Linux Security Cookbook

Обсудите книгу на научном форуме

Нашли опечатку?
Выделите ее мышкой и нажмите Ctrl+Enter

Название: Linux Security Cookbook

Авторы: Barrett D.J., Byrnes R.G., Silverman R.

Аннотация:

The Linux Security Cookbook includes real solutions to a wide range of targeted problems, such as sending encrypted email within Emacs, restricting access to network services at particular times of day, firewalling a webserver, preventing IP spoofing, setting up key-based SSH authentication, and much more. With over 150 ready-to-use scripts and configuration files, this unique book helps administrators secure their systems without having to look up specific syntax.

Язык:

Рубрика: Руководства по программному обеспечению/

Статус предметного указателя: Готов указатель с номерами страниц

ed2k: ed2k stats

Год издания: 2003

Количество страниц: 332

Добавлена в каталог: 02.08.2006

Операции: Положить на полку | Скопировать ссылку для форума | Скопировать ID

Предметный указатель

! (exclamation point)
"" (quotes, double), empty
"any" interface
"ring buffer" mode (for tethereal)
$! variable (Perl), for system error messages
%m format specifier to syslog to include system error messages      2nd
+M option, (for processes using RPC services)
--all option
--inet option (printing active connections)
--listening option
--progress option
--syn flag to process TCP packets
-a option (information about all network interfaces and loaded drivers)
-A option, printing extra packets for trailing context
-c option (command name for processes)
-e option (adding username)
-exec option (one file at a time)
-f option (forwardable credentials)
-i any options, using ifconfig before
-i option (for network connections)
-i option (to listen on a specific interface)
-m option (matching protocols used on nonstandard ports)
-n 1 option (one file at a time)
-n option (not copying files)
-o nodev (prohibiting device special files)
-O option for operating system fingerprints
-p option (process ID and command name for each socket)
-p option (selecting processes by ID)
-perm (permissions) option
-print0 option
-prune option
-r flag to receive remote messages
-R option, preventing denial-of-service attacks      2nd
-r option, reading/displaying network trace data
-r option, sequential port scan
-sU options (for UDP ports)
-t option (for pseudo-tty)
-T option (relative times between packets)
-t option (timestamps)
-u option (for UDP ports)
-u option (username for processes)
-v option, capturing only unencrypted messages
-w option (saving packets to file)
-X option (for X forwarding)
-X option (searching for binary data)
-xdev option, preventing crossing filesystem boundaries
-z (reading/writing data) and -Z (writing filenames)      2nd
-z option for null filename separators
. (period) in
. (period), in search path
.gpg suffix (binary encrypted files)
.shosts file
/ (slash), beginning absolute directory names
/bin/login, changes since last Tripwire check
/dev directory
/dev/null, redirecting standard input from
/proc
/proc files
/proc files and
/proc files, reading
/proc filesystem
/proc/<pid> directories
/proc/net/tcp and /proc/net/upd files
/sbin/ifconfig
/sbin/ifdown
/sbin/ifup
/tmp/ls (malicious program)
/usr/share/ssl/cert.pem file
/var/account/pacct
/var/log/lastlog
/var/log/messages
/var/log/secure
/var/log/utmp
/var/log/wtmp
0 (zero) option, for null-terminated filenames
: (colons), current directory in empty search path element
@ character, redirecting log messages to another machine
@otherhost syntax, syslog.conf
absolute directory names
absorbing incoming packets (ipchains) with no response
accepting mail from other hosts
Access control      [See also firewalls]
access control for remote hosts
access control list (ACL) for server, creating with PAM
access control lists (ACLs), creating      2nd
access control lists (ACLs), creating with PAM
access to services
access_times attribute
access_times attribute (xinetd)
account use
accounting      [See process accounting]
acct RPM
accton command (for process accounting)
ACL file entries
adding a new service (inetd)
adding a new service (xinetd)
adding another Kerberos principal to your ~/.k5login file
adding another principal to your ~/.k5login file
adding files to
adding hosts to existing realm
adding Kerberos principals to IMAP mail server
adding key to
adding keys to
adding keys to keyring
adding new certificate
adding new network service
adding new network service controlled by
adding new principal for
adding new SSL certificate to
adding new with ank command
adding to existing realm
adding to GnuPG keyring
adding to IMAP service on server host
adding to system log messages
adding users to existing realm
addpol command (Kerberos)
administration of their own machines
administrative privileges, Kerberos user
administrative system, Kerberos      [See kadmin utility]
agents      [See ssh-agent]
agents, ssh      [See also ssh-agent]
Aide
Aide (integrity checker)
alert messages produced by
alerts, intrusion detection      [See Snort]
Aliases
ALL keyword
all open files (and network connections) for all processes
all open files for specific
allowing one account to access another with ksu
allowing user authorization privileges per host
AllowUsers keyword
AllowUsers keyword (sshd)
Andrew Filesystem kaserver
ank command (adding new Kerberos principal)
anti-NIDS attacks
apache (/etc/init.d startup file)
append-only directories
apply keyword (PAM, listfile module)
argument lists for each command, specifying meticulously
ASCII-format detached signature, creating in GnuPG
assigned to RPC services
assigning privileges via ssh without disclosing root password
asymmetric      [See public-key encryption]
Asymmetric encryption      2nd
at the mail server
Attacks
attacks against
attacks on, detection by Snort preprocessors
attributes (file), preserving in remote file copying

auditing use of
authconfig utility
AUTHENTICATE command (IMAP)
authenticating between client/server by trusted host
authenticating between SSH2 client and OpenSSH server
authenticating between SSH2 client/OpenSSH server
authenticating between SSH2 server and OpenSSH client with OpenSSH key
authenticating between SSH2 server and OpenSSH client with SSH2 key
authenticating by public key
authenticating by public key in OpenSSH
authenticating by trusted host
authenticating in cron jobs
authenticating in jobs
authenticating interactively without password
Authentication
authentication keys for Kerberos users and hosts
authentication mechanisms accepted as trusted
authentication methods and policies (authconfig)
authentication via Kerberos
Authorization
authorized_keys file (~/.ssh directory)
authorizing changes via sudo
authorizing to restart sshd
authorizing users to kill via sudo command
authorizing users to restart
authpriv facility (system messages)
Automated
automatic authentication (without password)
avoiding long
backing up for GnuPG private keys
backing up GnuPG private key
backing up private key
backups, encrypting
bash
bash shell
benefits of computer security, tradeoffs with risks and costs
Berkeley database library, requirement of
Berkeley database library, use by dsniff
between mail client and mail server
between OpenSSH client and SSH2 server, using OpenSSH key
between OpenSSH client and SSH2 server, using SSH2 key
between SSH2 client/OpenSSH server
Binary data
binary files
binary format (DER), certificates
binary-format detached signature (GnuPG)
binary-format detached signature (GnuPG), creating
bit length of keys
blocking access for particular remote host for a particular service
blocking access for some but not others
blocking access for some remote hosts but not others
blocking access from
blocking access from a remote host
blocking access from particular remote host
blocking access to a remote host
blocking access to particular host
blocking all access by particular remote host
blocking all incoming HTTP traffic
blocking all incoming service requests
blocking all network traffic
blocking all outgoing connections
blocking incoming HTTP traffic while permitting local HTTP traffic
blocking incoming network traffic
blocking incoming packet and sending error message
blocking incoming service requests
blocking incoming TCP port for service
blocking messages
blocking outgoing access to all web servers on a network
blocking outgoing network traffic
blocking outgoing Telnet connections
blocking outgoing traffic
blocking outgoing traffic to particular remote host
blocking packets on privileged ports
blocking redirects
blocking remote access while permitting local
blocking remote access, while permitting local
blocking requests for mail service from a remote host
blocking some messages
blocking spoofed addresses
bootable CD-ROM, creating securely
bringing up
Broadcast packets
btmp file, processing with Sys::Utmp module
Buffer overflow
buffer overflow attacks
bugs in latest version
building chain structures
building complex rule trees
bundling files into single file and encrypting the tarball
by ID (lsof -p)
by trusted host      [See trusted-host authentication]
by trusted hosts      [See trusted-host authentication]
by username (lsof -u)
bypassing password authentication
C programs
CA (Certifying Authority)
CA.pl
CA.pl (Perl script)
CA.pl, Perl script creating Certifying Authority
caching SSH private keys to avoid typing
cage, chroot (restricting a service to a particular directory)
canonical hostname for SSH client
canonical hostname for SSH client, finding
canonical hostname, finding for client
capture and display filter expressions
capture expressions
capture filter expressions
captured from FTP and Telnet sessions
capturing and recording URLs from traffic with urlsnarf
capturing messages from with dsniff mailsnarf command
capturing messages from with dsniff program mailsnarf
capturing stdout/stderr from programs not using system logger
careful practices for using
CERT Coordination Center (CERT/CC), incident reporting form
cert.pem file
certificate storage
certificates
Certifying Authority      [See CA]
certutil
challenge password for certificates
changes after running su
changes since last Tripwire check
changing
changing client defaults
changing SSH client defaults
checking for dormant accounts
checking for file alteration since last snapshot
checking for keys imported from keyserver
checking for with chkrootkit
checking IP addresses
checking on multiple systems
checking Windows VFAT filesystems
checking with TCP-wrappers
checksums (MD5), verifying for RPM-installed files
chkconfig command
chkrootkit program
chmod (change mode) command      2nd
choosing name for      2nd
chroot program, restricting services to particular directories
CIAC (Computer Incident Advisory Capability), Network Monitoring Tools page
Classless InterDomain Routing (CIDR) mask format
client authentication      [See Kerberos PAM SSH SSL trusted-host authentication]
client configuration keywords
client configurations in ~/.ssh/config
client programs, OpenSSH
closed ports, detecting with messages
Closelog function
collecting filename arguments to avoid long command lines
collection of messages from by system logger
colons (:) referring to

1 2 3 4 5 6 7

О проекте