Barrett D.J., Byrnes R.G., Silverman R. — Linux Security Cookbook :: Электронная библиотека попечительского совета мехмата МГУ

Главная Ex Libris Книги Журналы Статьи Серии Каталог Wanted Загрузка ХудЛит Справка Поиск по индексам Поиск Форум

Авторизация

Поиск по указателям

Barrett D.J., Byrnes R.G., Silverman R. — Linux Security Cookbook

Обсудите книгу на научном форуме

Нашли опечатку?
Выделите ее мышкой и нажмите Ctrl+Enter

Название: Linux Security Cookbook

Авторы: Barrett D.J., Byrnes R.G., Silverman R.

Аннотация:

The Linux Security Cookbook includes real solutions to a wide range of targeted problems, such as sending encrypted email within Emacs, restricting access to network services at particular times of day, firewalling a webserver, preventing IP spoofing, setting up key-based SSH authentication, and much more. With over 150 ready-to-use scripts and configuration files, this unique book helps administrators secure their systems without having to look up specific syntax.

Язык:

Рубрика: Руководства по программному обеспечению/

Статус предметного указателя: Готов указатель с номерами страниц

ed2k: ed2k stats

Год издания: 2003

Количество страниц: 332

Добавлена в каталог: 02.08.2006

Операции: Положить на полку | Скопировать ссылку для форума | Скопировать ID

Предметный указатель

PGP keys, using
PGP keys, using in GnuPG
PGP keys, using with GnuPG
PGP, exporting and using in GnuPG
PGP, importing into GnuPG
PID (process ID)
pidof command, killing all processes with given name
pidof command, using
Pine
PinePGP
PinePGP, sending/receiving encrypted email
pings
pings and
pings for host discovery, use by nmap
pings, blocking      2nd
pings, preventing
piping email through gpg command
piping show command through gpg command
plaintext key, using with
plaintext keys
planted in commonly-used software packages
Pluggable Authentication Modules      [See PAM]
policies
Policy
policy and configuration, modifying
pop
POP daemon, enabling
POP or IMAP connections for mutt client
POP, adding to
POP, enabling within xinetd or inetd
POP, using with
POP/IMAP security
POP/IMAP security with SSL      2nd
port forwarding
port numbers assigned to
port numbers, conversion to service names by netstat and lsof
port scanners, presence evidenced by SYN_RECV state
port scans
port scans with Nmap
portmapper access, reason to block
portmappers
Ports
preconfiguration to run tripwire nightly via cron
preprocessors, Snort
prerotate and postrotate scripts
Pretty Good Privacy      [See PGP]
preventing
preventing crossing filesystem boundaries (find -xdev)
preventing directory listings
preventing DOS attacks with cps, instances, max_load, and per_source keywords
preventing file inclusion in Tripwire database
preventing files from being world-writable
preventing from pretending to be local to network
preventing invocation of TCP service by
preventing only SSH connections from nonapproved hosts
preventing pings
preventing responses to
preventing service invocation by xinetd
preventing superuser (root) from logging in via
principals, Kerberos
printing dynamically assigned ports for
printing information about for each user
printing information about nmap port scan
printing latest
printing latest report
printing latest tripwire report
printing summary of network use
printing summary of use with netstat
printing your public key in ASCII
Priority
priority levels
Private keys      [See cryptographic authentication]2nd
privileges, dispensing
probing a single target
probing ports with
probing ports, difficulties of
problems with
problems with Kerberos on SSH
process accounting
process accounting packages, running at boot
process accounting records, reading and unpacking
process accounting RPM
process IDs
process information recorded on exit
process substitution
Processes
processes owned by others, examining
processes that use, examining with lsof +M
processing with Perl module Sys::Utmp
producing single encrypted files from all files in directory
programs not using
prohibiting command-line arguments for command run via
prohibiting directory listings
prohibiting entirely
prohibiting executables
prohibiting for command run via sudo
prohibiting root logins on terminal devices
promiscuous mode (for network interfaces)
promiscuous mode on network interfaces
promiscuous mode, setting
prosum (integrity checker)
protecting
protecting dedicated server
protecting dedicated server for smtp services
protecting dedicated server for ssh services
protecting files against attacks
protecting outgoing traffic
protecting shared directory
protection with SSH
protocol tree for selected packet (Ethereal)
Protocols
protocols matching filter expression, searching network traffic for
ps command, reading /proc files
psacct RPM      2nd
pseudo-ttys
PubkeyAuthentication (sshd_config)
public key, verifying for
Public keys
Public-key      [See public-key encryption]
public-key and ssh-agent, using with Pine
public-key authentication
public-key authentication between SSH2 client/OpenSSH server
public-key authentication without passphrase
Public-key encryption
public/private authentication keys
PublicAuthentication, permitting
querying from a different machine
queueing your mail on another ISP
quotation marks, empty double-quotes ("")
race conditions during snapshot generation
rapid development in
rate-limiting functions of Linux kernel
rc files OiptablesO and OipchainsO
rc files, storing load commands for firewall
read permission, preventing directory listing
read-only
read-only access to shared file
read-only access to shared file via sudo
read-only integrity checking
read-only integrity checks
read/write for files
realms, Kerberos
reassembling streams with libnids
reassembling TCP streams with
reboots, records of
receiving Internet email without visible server
recent logins to system accounts, checking
recent logins to system accounts, checking for
recipes in this book, trying
recorded by system logger for each message

records for users and hosts
recovering from a hack
recurse=n attribute (Tripwire)
recursion in PAM modules
recursive copying of remote directory
recursive remote copying with scp
Red Hat      [See Red Hat Linux]
Red Hat Linux
redirect keyword (xinetd)
redirecting
redirecting connections to another socket
redirecting connections with redirect keyword
redirecting to another machine
redirecting to another service
redirection of connections with SSH tunneling
refusal of connections by system logger
regular expressions (and pattern matching)
Reject
REJECT and, refusing packets (iptables)
REJECT vs. (firewalls)
rejecting TCP packets that initiate connections
relative directories in, dangers of
relative pathnames
relay server for non-local mail
Remote
remote copying of multiple files
remote filesystems, searching
remote hosts
remote integrity checking
remote integrity checks
remote logging host, protecting
remote logging of system messages
remote logging, configuring      2nd
remote polling of server by fetchmail
remote programs, invoking securely
remote user access by public key authentication
remote users, restricting access to network services
remotely
removing setgid/setuid bits from a file
removing setuid or setgid bits
renamed file, copying remotely with scp
reports
reports, Tripwire
requiring authentication by server before relaying mail
restricting a service to a particular directory
restricting access by (xinetd with libwrap)
restricting access by remote hosts
restricting access by remote hosts (inetd)
restricting access by remote hosts (xinetd with libwrap)
restricting access by remote hosts (xinetd with tcpd)
restricting access by remote hosts (xinetd)
restricting access by remote users
restricting access by time of day
restricting access from specific remote hosts
restricting access to server by account
restricting access to server by host
restricting access to service by time of day
restricting access to SSH server by
restricting access to SSH server by account
restricting access to SSH server by host
restricting access to TCP service
restricting for remote hosts (xinetd with libwrap)
restricting hostbased authentication to
restricting privileges via
restricting root privileges
restricting service access by time of day
restricting service access by time of day (with inetd)
restricting services to specific directories
restricting telnet service access by source address
restriction on accepting connections from only same host, changing
revocation certificate
revocation certificates for keys
revoking a key
revoking a public key
rhost item (PAM)
RhostsRSAAuthentication keyword (OpenSSH)
risk with self-signed certificates
rlogin session that used no password, detection with dsniff
Root
root login shell, running
root shell vs. root login shell
root user
rootkits
rotating log files
routers
RPC services
rpcinfo command      2nd
RPM-installed files, verifying
RPM-installed, verifying with Tripwire
RST packets for blocked ports, returned by firewall
rsync program, using
rsync tool, inability to check with
rsync utility
rsync, using for
rule chain for logging and dropping certain packets
Rules
ruleset, upgrading and tuning
runlevel changes, records of
runlevels (networking), loading firewall rules for
running any program in a directory
running as root
running commands as another user
running in background as daemon
running locally on its server
running mail server with SSL
running nmap as
running on new host
running programs as root
running root commands via
running root commands via SSH
running root login shell
running X programs as
running X programs as root (while logged in as normal user)
runtime integrity checkers
runtime kernel integrity checkers
runtime, for the kernel
S/MIME
sa -s command (truncating process accounting the log file)
Samhain
Samhain (integrity checker)
saving configuration
saving firewall configuration
scanning log files for messages of interest
scanning log files for problem reports
scanning range of addresses
scanning Snort logs and sending out alerts
scanning system log files for problem reports
scp (client program)
scp command
scp command and
scp program
script allowing users to start/stop daemons
script forcing sudo to prompt for password
scripts, enabling/disabling network interfaces
search path, testing
Searching
searching effectively
searching filesystems effectively
searching for security risks
searching for strings in
searching for strings in network traffic
searching for with ngrep -X option
searching network traffic for
searching network traffic for data matching extended regular expressions
searching system for
secret keys
secret passphrase for keys
secret, for GnuPG public keys
secret-key encryption
secure integrity checks

1 2 3 4 5 6 7

О проекте