Barrett D.J., Byrnes R.G., Silverman R. — Linux Security Cookbook :: Электронная библиотека попечительского совета мехмата МГУ

Главная Ex Libris Книги Журналы Статьи Серии Каталог Wanted Загрузка ХудЛит Справка Поиск по индексам Поиск Форум

Авторизация

Поиск по указателям

Barrett D.J., Byrnes R.G., Silverman R. — Linux Security Cookbook

Обсудите книгу на научном форуме

Нашли опечатку?
Выделите ее мышкой и нажмите Ctrl+Enter

Название: Linux Security Cookbook

Авторы: Barrett D.J., Byrnes R.G., Silverman R.

Аннотация:

The Linux Security Cookbook includes real solutions to a wide range of targeted problems, such as sending encrypted email within Emacs, restricting access to network services at particular times of day, firewalling a webserver, preventing IP spoofing, setting up key-based SSH authentication, and much more. With over 150 ready-to-use scripts and configuration files, this unique book helps administrators secure their systems without having to look up specific syntax.

Язык:

Рубрика: Руководства по программному обеспечению/

Статус предметного указателя: Готов указатель с номерами страниц

ed2k: ed2k stats

Год издания: 2003

Количество страниц: 332

Добавлена в каталог: 02.08.2006

Операции: Положить на полку | Скопировать ссылку для форума | Скопировать ID

Предметный указатель

colons (:), referring to current working directory
combining log files
command name (lsof -c)
command-line arguments
commands invoked by
Common Log Format (CLF) for URLs
Common Name
Common Name for certificate subjects
components of certificate subject name
composing encrypted mail
compromised systems, analyzing
Computer Emergency Response Team (CERT)
Computer Incident Advisory Capability (CIAC) Network Monitoring Tools page
computer security incident response team (CSIRT)
Configuration
configuration files for services
configuring telnetd to require strong authentication
confirming location of its includedir
connecting to mail server over SSL
connecting via ssh with Kerberos authentication
connection problems, server-side debugging
connections to another socket
controlling access by
controlling access by (instead of IP source address)
controlling access by MAC address
controlling imapd password validation
controlling incoming access by particular hosts or domains
controlling network interfaces
controlling remote access by MAC address
conversion of IP addresses to hostnames
conversion of port numbers to by netstat and lsof
conversion of SSH2 private key into OpenSSH private key with -i (import) option
conversion to hostnames by netstat and lsof commands
conversion to IP addresses by netstat and lsof commands
converting certificates from DER to PEM
converting DER format to
converting from DER to PEM
converting to PEM
copying files
copying files remotely
CoronerOs Toolkit (TCT)
cps keyword (xinetd)
Crack utility (Alec Muffet)
cracking passwords
CrackLib
CrackLib program, using      2nd
CrackLib, using
CrackLib, using with module
CRAM-MD5 authentication (SMTP)
Creating
creating bootable CD-ROM securely
creating PAM-aware application
creating self-signed certificate
creating with twinstall.sh script
credentials, Kerberos
cron facility in system messages
cron utility
crypt++ (Emacs package)
cryptographic authentication
cryptographic hardware
cryptographic, for hosts
csh shell, terminating SSH agent on logout
CSR (certificate signing request)
Current directory
customizing number and ranges of ports scanned
customizing shosts.equiv file to restrict hostbased authentication
CyberTrust SafeKeyper (cryptographic hardware)
daemons
daemons (visible), security risks with
dangling network connections, avoiding
data view window
Database
database for
database, creating for KDC
databases from several systems, merging
date command
DATE environment variable
datestamps, handling by logwatch
Debian Linux, debsums tool
debug facility, system messages
Debugging
debugging SSL connections
decisions based on source addresses, testing with nmap
Decoding
decoding alert messages
decoding SSL certificates
decrypting file encrypted with GnuPG
decrypting files encrypted with
decrypting files encrypted with GNUPG
dedicated server, protecting with firewall
default dummy keypairs and certificates for imapd and pop3d
default key for GnuPG operations
default policies
default secret key, designating for
default, for ipchains and iptables
default, IMAP and POP over SSL
Defining
deleting
deleting firewall rules
deleting service configuration file
denial-of-service (DoS) attacks
denial-of-service attacks, preventing
DENY
DENY and REJECT. DROP, refusing packets with
DER (binary format for certificates)
DES-based crypt( ) hashes in passwd file
designing for Linux host, philosophies for
destination name for remote file copying
detached digital signature (GnuPG)
detecting
detecting intrusions
detecting intrusions with
detecting use of insecure protocols
detection with ngrep
devfs
device special files
device special files, potential security risks
device special files, searching for
DHCP, initialization scripts
dictionaries for
dictionary attacks against terminals
dictionary attacks on terminals
diff command, using for integrity checks
differing locations for binaries and configuration files in distributions
DIGEST-MD5 authentication (SMTP)
Digital signatures
direct support by ELMME+ mailer
directing messages to different log files by facility and priority
directing system messages to log files
directories
directories in search path
disabling allocation of for authorized keys
disabling for authorized keys
disabling for secure integrity checks
disabling port scanning with -sP options
disabling reverse DNS lookups (-n option)
disabling TCP service invocation by remote request
disabling X forwarding for authorized keys
disabling/enabling invocation by xinetd
disallowed connections      [See hosts.deny file]
DISPLAY environment variable (X windows)      2nd
display expressions
display filter expressions
display name, Linux system record of
display-filters for email (PinePGP)
displaying
displaying all executed commands
displaying executed commands
displaying information about with nmap -sR
displaying policy and configuration

displaying registrations with lsof +M
Distinguished Encoding Rules      [See DER]
distributing
distributing for revoked key
DNS
dormant accounts
DOS      [See denial-of-service attacks]
download site
download site for latest version
download site for OpenSSH
download sites
downloading and installing
Drop
DROP and REJECT, refusing packets with
DROP and, refusing packets (iptables)
DROP vs. REJECT
DROP, problems with
dsniff program
dsniff, for switched networks
dsniff, proof of concept with
dsniff, using to simulate
dual-ported disk array
dual-ported disk array, using
dummy certificates for imapd and pop3d
dummy keypairs for imapd and pop3d
dump-acct command
dumping statistics to the system logger
editing encrypted files      2nd
editing with visudo program
elapsed time (displayed in ticks)
elm mailer
ELMME+
EMACS
Email
email messages, verifying with mc-verify function
empty passphrase in plaintext key
empty quotes ("")
Enabling
enabling for specific interfaces with ifconfig
enabling IMAP daemon within
enabling IMAP daemon within xinetd or inetd
enabling in kernel
enabling load commands for firewall
enabling or tuning
enabling POP daemon within xinetd or inetd
enabling promiscuous mode for specific interfaces
enabling source address verification
enabling unconfigured interface
enabling unconfigured network interfaces with ifconfig
enabling with accton command
enabling within xinetd or inetd
enabling X forwarding with ssh -X
enabling/disabling a service
enabling/disabling service invocation by inetd
enabling/disabling TCP service invocation by
enabling/disabling, levels of control
encouraging use of encryption
encrypted backups, creating with gpg
encrypted email messages, checking with mc-verify
encrypted email with
encrypted files
encrypted files, maintaining with
encrypted mail with Mail & Newsgroups
encrypted mail with Mozilla
encrypted, maintaining with Emacs
encrypting all files in directory
encrypting backups
encrypting directories
encrypting entire directory tree
encrypting files for others
encrypting files for others with GnuPG
encrypting files with
encrypting with password
Encryption
encryption software
encryption software included with
encryption, using
enforcing password strength
enforcing strength with PAM
Enigmail (Mozilla)
Enigmail (Mozilla), using for encryption support
entire directory tree
env program
Environment variables
Equifax (Certifying Authority)
error messages (system), including in syslog      2nd
error packets, tailoring
Errors
escaping for shells
Ethereal (network sniffing GUI)
Ethereal, use of
Ethereal, using with
Evolution mailer
Evolution mailer, using with
Evolution, testing of pre-installed trusted SSL certificates
examining carefully for security
examining network state on your machines
Exclamation point      [See ! under
excluding commands in sudoers file
excluding files from
executable
executables
execute permission, controlling directory access
executed command, monitoring
executed commands      [See process accounting]
expiration for GnuPG keys
expiration for keys
exporting PGP key into file
extended regular expressions, matching with ngrep
extracting passwords by patterns
extracting passwords with grep patterns
facilities, system messages
facility local7, use for boot messages
factors in
FascistCheck function (CrackLib)
Fetchmail
fetchmail, use of
fgrep command
fgrep command and
file attributes, preserving in remote file copying
file command
file encryption with gpg -c
file permissions      [See permissions]
filenames, handling carefully
Files      [See also files protecting]
files encrypted with GnuPG, decrypting
files encrypted with, editing with vim
Files, protecting      [See also Gnu Privacy Guard]2nd
files, searching effectively      [See find command]
filesnarf command
filesystems
filter, defining
filtered email messages (PineGPG)
Filters
find command
find method, use by
finding accounts with no password
finding all accounts on system
finding and interactively fixing
finding superuser accounts
finding with Perl script
finding writable files
finger connections
fingerprints
fingerprints, creating in secure integrity checks
firewall design
firewall design, philosophies for
firewall for
firewall rules, building
firewall rules, saving and restoring

1 2 3 4 5 6 7

О проекте