Barrett D.J., Byrnes R.G., Silverman R. — Linux Security Cookbook :: Электронная библиотека попечительского совета мехмата МГУ

Главная Ex Libris Книги Журналы Статьи Серии Каталог Wanted Загрузка ХудЛит Справка Поиск по индексам Поиск Форум

Авторизация

Поиск по указателям

Barrett D.J., Byrnes R.G., Silverman R. — Linux Security Cookbook

Обсудите книгу на научном форуме

Нашли опечатку?
Выделите ее мышкой и нажмите Ctrl+Enter

Название: Linux Security Cookbook

Авторы: Barrett D.J., Byrnes R.G., Silverman R.

Аннотация:

The Linux Security Cookbook includes real solutions to a wide range of targeted problems, such as sending encrypted email within Emacs, restricting access to network services at particular times of day, firewalling a webserver, preventing IP spoofing, setting up key-based SSH authentication, and much more. With over 150 ready-to-use scripts and configuration files, this unique book helps administrators secure their systems without having to look up specific syntax.

Язык:

Рубрика: Руководства по программному обеспечению/

Статус предметного указателя: Готов указатель с номерами страниц

ed2k: ed2k stats

Год издания: 2003

Количество страниц: 332

Добавлена в каталог: 02.08.2006

Операции: Положить на полку | Скопировать ссылку для форума | Скопировать ID

Предметный указатель

secure integrity checks, running
Secure Sockets Layer      [See SSL]
securely copying files between computers
securetty file, editing to prevent root logins via terminal devices
securing
securing email session with SSL and mutt
securing mail server with SSH
securing mail server with SSH and Pine
securing mail server with stunnel and SSL
securing POP/IMAP
securing POP/IMAP with SSH and Pine
securing POP/IMAP with SSL
securing POP/IMAP with SSL and
securing with SSL and pine
security checks
security considerations with
security incident report, filing
security policies      [See policies]
security risks of
security tests      [See monitoring systems for suspicious activity]
security tests on      [See monitoring systems for suspicious activity]
security tools (Insecure.org)
SEC_BIN global variable (Tripwire)
selecting specific packets
selecting specific packets with capture filter expression
self-signed
Self-signed certificates
self-signed certificates, risk of
sending messages to
sending messages to system logger
sending Tripwire reports by
sending-filters for email (PinePGP)
sending/receiving encrypted email
sending/receiving encrypted email with Pine
sendmail
sendmail, security risks with visibility of
sense keyword (PAM, listfile module)
sensitive information in messages
server arguments (inetd.conf file)
server authentication      [See Kerberos; PAM; SSH; SSL; trusted-host authentication]
server keyword
server keyword (xinetd)
server program, OpenSSH
server-side restrictions on public keys in authorized keys
service access via xinetd
service filter configuration file (logwatch)
service filter executable (logwatch)
service names
services deployed with dummy keys
services file, adding service names to inetd.conf
session protection for mail
set on world-writable directories
setgid bit
setgid bit on directories
setgid bit on directory
setgid/setuid programs
setgid/setuid programs, security checks
setlogsock (Sys::Syslog)
setting as group writable
setting for Snort
setting in mutt mailer headers
setting on world-writable directory
setting server to start at boot
setting sticky bit on world-writable directory
setting umasks as group writable
setting up
setting up CA and issuing certificates
setting up for local logging
setting up for public-key encryption
setting up MIT Kerberos-5 KDC
setting up with admin privileges and host principal for KDC host
setting up your own CA to issue certificates
setting up your own for self-signed certificates
setuid and setgid bits
setuid and setgid programs, insecure
setuid and setgid programs, protecting against misuse
setuid or setgid attributes for executables
setuid programs for hostbased authentication
setuid root for ssh-keysign program
setuid root on client
setuid root program hidden in filesystems
setuid root, ssh-keysign program
SFTP
shadow directive (/etc/pam.d/system-auth)
shadow password file      2nd
shared directory
shared, securing
sharing files
sharing files in
sharing files using groups
sharing privileges
sharing public keys
sharing public keys securely
sharing root password
sharing root privileges
sharing root privileges via
shell command substitution, exceeding command line maximum
shell item (PAM)
shell prompts, standards used
shell scripts
shell-style wildcard expansion
shells
shosts.equiv file
show command, decrypting email displayed with
shutdowns (system), records of
shutdowns, reboots, and runlevel changes in /var/log/wtmp
shutting down network interfaces
signaling changes in syslog.conf
signaling system logger about changes in
signaling to pick up changes in syslog.conf
signature ID (Snort alerts)
signed cryptographic keys
signed file, checking for alteration
signing a text file with GnuPG
signing and encrypting files
signing and encrypting files (to be not human-readable)
signing email messages with mc-sign function
signing files      [See digital signatures]
signing text file
signing with site key
simulated attacks with dsniff
simulating packet traversal through to verify firewall operation
single computer
single encrypted file containing all files in directory
single-threaded services (inetd.conf file)
site key (Tripwire)
size, file
skipping directories (find -prune)
skipping with find -prune command
SLAC (Stanford Linear Accelerator), Network Monitoring Tools page
slowing or killing connections, simulation with dsniff
SMTP      [See SMTP]
SMTP server, using from arbitrary clients
snapshot length
SNAPSHOTS      [See Tripwire]
snooping with filesnarf
Snort      2nd
Snort alerts
Snort detection of
Snort logging directory
Snort logging directory, creating in
Snort system
Snort, running as
Snort, starting at boot
Snort, starting automatically at boot
Snort, use by
Snort, using as
socket type (inetd.conf file)
software packages, risk of Trojan horses in
Sort command

sorting log files by
source address verification
source address verification, enabling
source addresses
source name for remote file copying
source quench, blocking
sources for system messages
specifying alternate username for remote file copying
specifying another directory for remote file copying
specifying targets for iptables
spoofed
spoofed addresses
SquirrelMail
SSH      [See SSH]
ssh (client program)
SSH (Secure Shell)      [See SSH]
SSH client defaults, changing
SSH client, obtaining for
SSH client, problems with canonical hostname
ssh command
ssh file
SSH port forwarding, use in
SSH, use of      2nd
SSH, using
SSH, using with
SSH-1 protocol
SSH-2 connections, trusted-host authentication
ssh-add
ssh-agent
ssh-agent, automatically run for logins
ssh-keygen
ssh-keysign
SSH2 server and OpenSSH client, authenticating between with OpenSSH key
SSH2 server and OpenSSH client, authenticating between with SSH2 key
sshd      [See sshd]
sshd, built-in support for
sshd_config file
ssh_config file
ssh_known_hosts file
SSL
SSL (Secure Sockets Layer)      [See SSL]
SSL Certificate Signing Request (CSR), sending to
SSL certificate, validating server with
SSL certificates
SSL connection problems from server-side
SSL, using to protect entire SMTP session
SSL, using with
SSL-port
SSL-port on mail servers
standard API, functions provided by
standard input from /dev/null
standard input, redirecting from /dev/null
Stanford Linear Accelerator (SLAC) Network Monitoring Tools page
starting network interfaces
starting/stopping daemons
starting/stopping network interface
starting/stopping via sudo
STARTTLS command
STARTTLS command (IMAP)
STARTTLS command (IMAP), negotiating protection for mail
startup scripts (bootable CD-ROM), disabling networking
stateful
stateful firewall, necessity for
stateless
stealth options, using to test logging and intrusion detection
Sticky bit
sticky bit set on
STLS command
STLS command (POP)      2nd
STLS command (POP), negotiating protection for email
stopping network device
storage of
strace command      2nd
strace command, using
stream reassembly with libnids
strings
strings command
strong authentication for email sessions
strong session protection for mail (by SSL)
strong trust of client host
stunnel messages
stunnel, securing POP/IMAP with SSL
stunnel, using
su -, running root login shell
su command
su configuration (PAM)
subject (certificates)
subversion of exec call to tripwire
sudo command
sudoers file
summary for networking on a machine
summary for, printing with netstat
superdaemons
Superuser      2nd
superuser, finding
superusers, authentication of
support by Evolution mailer
support for secure POP and IMAP using SSL
support for SSL
supported distributions for security recipes
SUSE      [See SuSE Linux]
SUSE Linux
suspicious use, checking for
switched networks
symbolic links
symmetric      [See symmetric encryption]
symmetric encryption
synchronizing files on two machines (rsync)
Syntax
SYN_RECV state, large numbers of network connections in
Sys::Lastlog and Sys::Utmp
Sys::Lastlog and Sys::Utmp modules (Perl)
Sys::Syslog
Sys::Syslog module
syslog configuration, testing
syslog function
syslog messages, logging remotely
syslog-ng (Onew generationO)
syslog.conf file
syslogd
system      [See system logger]
system accounts, login activity on      2nd
system calls, tracing on network
system hacked via the network
system logger
system-wide authentication (Kerberos with PAM)
systems
system_auth (/etc/pam.d startup file)
tailoring per host
tailoring SSH per host
tar utility
TCP
TCP and ICMP pings
TCP port, testing with telnet connection
TCP ports blocked by
TCP RST packets for blocked ports, returning
TCP RST packets returned by firewalls blocking ports
TCP services, access control
TCP session through SSH
TCP wrappers      2nd
TCP wrappers support
TCP-wrappers
TCP/IP connections
tcpd
tcpdump (packet sniffer)
tcpdump, using with
tcsh shell
TCT (The CoronerOs Toolkit)
tee command
Telnet

1 2 3 4 5 6 7

О проекте