Главная    Ex Libris    Книги    Журналы    Статьи    Серии    Каталог    Wanted    Загрузка    ХудЛит    Справка    Поиск по индексам    Поиск    Форум   

Поиск по указателям

Barrett D.J., Byrnes R.G., Silverman R. — Linux Security Cookbook
Barrett D.J., Byrnes R.G., Silverman R. — Linux Security Cookbook

Обсудите книгу на научном форуме

Нашли опечатку?
Выделите ее мышкой и нажмите Ctrl+Enter

Название: Linux Security Cookbook

Авторы: Barrett D.J., Byrnes R.G., Silverman R.


The Linux Security Cookbook includes real solutions to a wide range of targeted problems, such as sending encrypted email within Emacs, restricting access to network services at particular times of day, firewalling a webserver, preventing IP spoofing, setting up key-based SSH authentication, and much more. With over 150 ready-to-use scripts and configuration files, this unique book helps administrators secure their systems without having to look up specific syntax.

Язык: en

Рубрика: Руководства по программному обеспечению/

Статус предметного указателя: Готов указатель с номерами страниц

ed2k: ed2k stats

Год издания: 2003

Количество страниц: 332

Добавлена в каталог: 02.08.2006

Операции: Положить на полку | Скопировать ссылку для форума | Скопировать ID
Предметный указатель
! (exclamation point)      
"" (quotes, double), empty
"any" interface
"ring buffer" mode (for tethereal)
$! variable (Perl), for system error messages      
%m format specifier to syslog to include system error messages      2nd
+M option, (for processes using RPC services)      
--all option      
--inet option (printing active connections)      
--listening option      
--progress option      
--syn flag to process TCP packets      
-a option (information about all network interfaces and loaded drivers)      
-A option, printing extra packets for trailing context      
-c option (command name for processes)      
-e option (adding username)      
-exec option (one file at a time)      
-f option (forwardable credentials)      
-i any options, using ifconfig before      
-i option (for network connections)      
-i option (to listen on a specific interface)      
-m option (matching protocols used on nonstandard ports)      
-n 1 option (one file at a time)      
-n option (not copying files)      
-o nodev (prohibiting device special files)      
-O option for operating system fingerprints      
-p option (process ID and command name for each socket)      
-p option (selecting processes by ID)      
-perm (permissions) option      
-print0 option      
-prune option      
-r flag to receive remote messages      
-R option, preventing denial-of-service attacks      2nd
-r option, reading/displaying network trace data      
-r option, sequential port scan      
-sU options (for UDP ports)      
-t option (for pseudo-tty)      
-T option (relative times between packets)      
-t option (timestamps)      
-u option (for UDP ports)      
-u option (username for processes)      
-v option, capturing only unencrypted messages      
-w option (saving packets to file)      
-X option (for X forwarding)      
-X option (searching for binary data)      
-xdev option, preventing crossing filesystem boundaries      
-z (reading/writing data) and -Z (writing filenames)      2nd
-z option for null filename separators      
. (period) in      
. (period), in search path      
.gpg suffix (binary encrypted files)      
.shosts file      
/ (slash), beginning absolute directory names      
/bin/login, changes since last Tripwire check      
/dev directory      
/dev/null, redirecting standard input from      
/proc files      
/proc files and      
/proc files, reading      
/proc filesystem      
/proc/<pid> directories
/proc/net/tcp and /proc/net/upd files      
/tmp/ls (malicious program)      
/usr/share/ssl/cert.pem file      
0 (zero) option, for null-terminated filenames      
: (colons), current directory in empty search path element      
@ character, redirecting log messages to another machine      
@otherhost syntax, syslog.conf      
absolute directory names      
absorbing incoming packets (ipchains) with no response      
accepting mail from other hosts      
Access control      [See also firewalls]
access control for remote hosts      
access control list (ACL) for server, creating with PAM      
access control lists (ACLs), creating      2nd
access control lists (ACLs), creating with PAM      
access to services      
access_times attribute      
access_times attribute (xinetd)      
account use      
accounting      [See process accounting]
acct RPM      
accton command (for process accounting)      
ACL file entries      
adding a new service (inetd)      
adding a new service (xinetd)      
adding another Kerberos principal to your ~/.k5login file      
adding another principal to your ~/.k5login file      
adding files to      
adding hosts to existing realm      
adding Kerberos principals to IMAP mail server      
adding key to      
adding keys to      
adding keys to keyring      
adding new certificate      
adding new network service      
adding new network service controlled by      
adding new principal for      
adding new SSL certificate to      
adding new with ank command      
adding to existing realm      
adding to GnuPG keyring      
adding to IMAP service on server host      
adding to system log messages      
adding users to existing realm      
addpol command (Kerberos)      
administration of their own machines      
administrative privileges, Kerberos user      
administrative system, Kerberos      [See kadmin utility]
agents      [See ssh-agent]
agents, ssh      [See also ssh-agent]
Aide (integrity checker)      
alert messages produced by      
alerts, intrusion detection      [See Snort]
ALL keyword      
all open files (and network connections) for all processes      
all open files for specific      
allowing one account to access another with ksu      
allowing user authorization privileges per host      
AllowUsers keyword      
AllowUsers keyword (sshd)      
Andrew Filesystem kaserver      
ank command (adding new Kerberos principal)      
anti-NIDS attacks      
apache (/etc/init.d startup file)      
append-only directories      
apply keyword (PAM, listfile module)      
argument lists for each command, specifying meticulously      
ASCII-format detached signature, creating in GnuPG      
assigned to RPC services      
assigning privileges via ssh without disclosing root password      
asymmetric      [See public-key encryption]
Asymmetric encryption      2nd
at the mail server      
attacks against      
attacks on, detection by Snort preprocessors      
attributes (file), preserving in remote file copying      
auditing use of      
authconfig utility      
AUTHENTICATE command (IMAP)      
authenticating between client/server by trusted host      
authenticating between SSH2 client and OpenSSH server      
authenticating between SSH2 client/OpenSSH server      
authenticating between SSH2 server and OpenSSH client with OpenSSH key      
authenticating between SSH2 server and OpenSSH client with SSH2 key      
authenticating by public key      
authenticating by public key in OpenSSH      
authenticating by trusted host      
authenticating in cron jobs      
authenticating in jobs      
authenticating interactively without password      
authentication keys for Kerberos users and hosts      
authentication mechanisms accepted as trusted      
authentication methods and policies (authconfig)      
authentication via Kerberos      
authorized_keys file (~/.ssh directory)      
authorizing changes via sudo      
authorizing to restart sshd      
authorizing users to kill via sudo command      
authorizing users to restart      
authpriv facility (system messages)      
automatic authentication (without password)      
avoiding long      
backing up for GnuPG private keys      
backing up GnuPG private key      
backing up private key      
backups, encrypting      
bash shell      
benefits of computer security, tradeoffs with risks and costs      
Berkeley database library, requirement of      
Berkeley database library, use by dsniff      
between mail client and mail server      
between OpenSSH client and SSH2 server, using OpenSSH key      
between OpenSSH client and SSH2 server, using SSH2 key      
between SSH2 client/OpenSSH server      
Binary data      
binary files      
binary format (DER), certificates      
binary-format detached signature (GnuPG)      
binary-format detached signature (GnuPG), creating      
bit length of keys      
blocking access for particular remote host for a particular service      
blocking access for some but not others      
blocking access for some remote hosts but not others      
blocking access from      
blocking access from a remote host      
blocking access from particular remote host      
blocking access to a remote host      
blocking access to particular host      
blocking all access by particular remote host      
blocking all incoming HTTP traffic      
blocking all incoming service requests      
blocking all network traffic      
blocking all outgoing connections      
blocking incoming HTTP traffic while permitting local HTTP traffic      
blocking incoming network traffic      
blocking incoming packet and sending error message      
blocking incoming service requests      
blocking incoming TCP port for service      
blocking messages      
blocking outgoing access to all web servers on a network      
blocking outgoing network traffic      
blocking outgoing Telnet connections      
blocking outgoing traffic      
blocking outgoing traffic to particular remote host      
blocking packets on privileged ports      
blocking redirects      
blocking remote access while permitting local      
blocking remote access, while permitting local      
blocking requests for mail service from a remote host      
blocking some messages      
blocking spoofed addresses      
bootable CD-ROM, creating securely      
bringing up      
Broadcast packets      
btmp file, processing with Sys::Utmp module      
Buffer overflow      
buffer overflow attacks      
bugs in latest version      
building chain structures      
building complex rule trees      
bundling files into single file and encrypting the tarball      
by ID (lsof -p)      
by trusted host      [See trusted-host authentication]
by trusted hosts      [See trusted-host authentication]
by username (lsof -u)      
bypassing password authentication      
C programs      
CA (Certifying Authority)      
CA.pl (Perl script)      
CA.pl, Perl script creating Certifying Authority      
caching SSH private keys to avoid typing      
cage, chroot (restricting a service to a particular directory)      
canonical hostname for SSH client      
canonical hostname for SSH client, finding      
canonical hostname, finding for client      
capture and display filter expressions      
capture expressions      
capture filter expressions      
captured from FTP and Telnet sessions      
capturing and recording URLs from traffic with urlsnarf      
capturing messages from with dsniff mailsnarf command      
capturing messages from with dsniff program mailsnarf      
capturing stdout/stderr from programs not using system logger      
careful practices for using      
CERT Coordination Center (CERT/CC), incident reporting form      
cert.pem file      
certificate storage      
Certifying Authority      [See CA]
challenge password for certificates      
changes after running su      
changes since last Tripwire check      
changing client defaults      
changing SSH client defaults      
checking for dormant accounts      
checking for file alteration since last snapshot      
checking for keys imported from keyserver      
checking for with chkrootkit      
checking IP addresses      
checking on multiple systems      
checking Windows VFAT filesystems      
checking with TCP-wrappers      
checksums (MD5), verifying for RPM-installed files      
chkconfig command      
chkrootkit program      
chmod (change mode) command      2nd
choosing name for      2nd
chroot program, restricting services to particular directories      
CIAC (Computer Incident Advisory Capability), Network Monitoring Tools page      
Classless InterDomain Routing (CIDR) mask format      
client authentication      [See Kerberos PAM SSH SSL trusted-host authentication]
client configuration keywords      
client configurations in ~/.ssh/config      
client programs, OpenSSH      
closed ports, detecting with messages      
Closelog function      
collecting filename arguments to avoid long command lines      
collection of messages from by system logger      
colons (:) referring to      
1 2 3 4 5 6 7
       © Электронная библиотека попечительского совета мехмата МГУ, 2004-2020
Электронная библиотека мехмата МГУ | Valid HTML 4.01! | Valid CSS! О проекте