وبلاگ بلیان

امنیت و بهینه‌سازی لینوکس رد هت هوس‌زده‌ها = امنیت و بهینه‌سازی لینوکس رد هت

RED HAT LINUX SECURITY AND OPTIMIZATION HUNGRY MINDS =Red Hat Linux Security And Optimization

معرفی کتاب «امنیت و بهینه‌سازی لینوکس رد هت هوس‌زده‌ها = امنیت و بهینه‌سازی لینوکس رد هت» (با عنوان لاتین RED HAT LINUX SECURITY AND OPTIMIZATION HUNGRY MINDS =Red Hat Linux Security And Optimization) نوشتهٔ Mohammed J. Kabir، منتشرشده توسط نشر *Red Hat در سال 2001. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.

RED HAT LINUX is a great operating system for extracting the last bit of performance from your computer system, whether it's a desktop unit or a massive corporate network. Red Hat® Linux® Security and Optimization 1 Table of Contents 14 Front of Book Information 2 Credits 4 About the Author 4 Preface 7 How This Book is Organized 7 Part I: System Performance 7 Part II: Network and Service Performance 7 Part III: System Security 7 Part IV: Network Service Security 7 Part V: Firewalls 8 Appendixes 8 Conventions of This Book 8 Tell Us What You Think of This Book 9 Acknowledgments 10 Contents at a Glance 12 Part I: System Performance 24 Chapter 1 26 Performance Basics 26 Measuring System Performance 27 Monitoring system performance with ps 27 Tracking system activity with top 29 Checking memory and I/O with vmstat 31 Running Vtad to analyze your system 32 Summary 33 Chapter 2 34 Kernel Tuning 34 Compiling and Installing a Custom Kernel 34 Downloading kernel source code ( latest distribution) 34 Creating the /usr/src/linux symbolic link 35 Selecting a kernel-configuration method 36 Using menuconfig 37 Compiling the kernel 54 Booting the new kernel 55 Running Demanding Applications 58 Summary 60 Chapter 3 62 Filesystem Tuning 62 Tuning your hard disks 62 Tuning ext2 Filesystem 67 Changing the block size of the ext2 filesystem 67 Using e2fsprogs to tune ext2 filesystem 68 Using a Journaling Filesystem 71 Compiling and installing ReiserFS 73 Using ReiserFS 74 Benchmarking ReiserFS 74 Managing Logical Volumes 77 Compiling and installing the LVM module for kernel 77 Creating a logical volume 79 Adding a new disk or partition to a logical volume 85 Removing a disk or partition from a volume group 88 Using RAID, SAN, or Storage Appliances 89 Using Linux Software RAID 89 Using Hardware RAID 90 Using Storage-Area Networks (SANs) 90 Using Storage Appliances 90 Using a RAM-Based Filesystem 91 Summary 94 Part II: Network and Service Performance 96 Chapter 4 98 Network Performance 98 Tuning an Ethernet LAN or WAN 98 Using network segmentation technique for performance 100 Using switches in place of hubs 103 Using fast Ethernet 104 Using a network backbone 105 Understanding and controlling network traffic flow 106 Balancing the traffic load using the DNS server 108 IP Accounting 108 IP accounting on a Linux network gateway 109 Summary 110 Chapter 5 112 Web Server Performance 112 Compiling a Lean and Mean Apache 112 Tuning Apache Configuration 118 Controlling Apache processes 119 Controlling system resources 123 Using dynamic modules 126 Speeding Up Static Web Pages 126 Reducing disk I/O for faster static page delivery 127 Using Kernel HTTP daemon 128 Speeding Up Web Applications 128 Using mod_perl 129 Using FastCGI 137 Installing and configuring FastCGI module for Apache 138 Using Java servlets 140 Using Squid proxy-caching server 141 Summary 146 Chapter 6 148 E-Mail Server Performance 148 Choosing Your MTA 148 Tuning Sendmail 149 Controlling the maximum size of messages 150 Caching Connections 150 Controlling simultaneous connections 153 Limiting the load placed by Sendmail 154 Saving memory when processing the mail queue 154 Controlling number of messages in a queue run 155 Handling the full queue situation 155 Tuning Postfix 156 Installing Postfix 156 Limiting number of processes used 157 Limiting maximum message size 158 Limiting number of messages in queue 158 Limiting number of simultaneous delivery to a single site 158 Controlling queue full situation 158 Controlling the length a message stays in the queue 159 Controlling the frequency of the queue 159 Using PowerMTA for High-Volume Outbound Mail 159 Using multiple spool directories for speed 160 Setting the maximum number of file descriptors 160 Setting a maximum number of user processes 161 Setting maximum concurrent SMTP connections 161 Monitoring performance 162 Summary 163 Chapter 7 164 NFS and Samba Server Performance 164 Tuning Samba Server 165 Controlling TCP socket options 165 Tuning Samba Client 168 Tuning NFS Server 168 Optimizing read/write block size 169 Setting the appropriate Maximum Transmission Unit 172 Running optimal number of NFS daemons 172 Monitoring packet fragments 173 Summary 174 Part III: System Security 176 Chapter 8 178 Kernel Security 178 Using Linux Intrusion Detection System ( LIDS) 178 Building a LIDS-based Linux system 179 Administering LIDS 186 Using libsafe to Protect Program Stacks 196 Compiling and installing libsafe 198 libsafe in action 201 Summary 201 Chapter 9 202 Securing Files and Filesystems 202 Managing Files, Directories, and User Group Permissions 202 Understanding file ownership & permissions 203 Changing ownership of files and directories using chown 204 Changing group ownership of files and directories with chgrp 205 Using octal numbers to set file and directory permissions 205 Using permission strings to set access permissions 208 Changing access privileges of files and directories using chmod 208 Managing symbolic links 209 Managing user group permission 211 Checking Consistency of Users and Groups 213 Securing Files and Directories 221 Understanding filesystem hierarchy structure 221 Setting system-wide default permission model using umask 224 Dealing with world-accessible files 226 Dealing with set-UID and set-GID programs 227 Using ext2 Filesystem Security Features 231 Using chattr 232 Using lsattr 233 Using a File Integrity Checker 233 Using a home-grown file integrity checker 233 Using Tripwire Open Source, Linux Edition 238 Setting up Integrity-Checkers 253 Setting up AIDE 253 Setting up ICU 254 Creating a Permission Policy 262 Setting configuration file permissions for users 262 Setting default file permissions for users 263 Setting executable file permissions 263 Summary 263 Chapter 10 264 PAM 264 What is PAM? 264 Working with a PAM configuration file 266 Establishing a PAM-aware Application 268 Using Various PAM Modules to Enhance Security 271 Controlling access by time 278 Restricting access to everyone but root 280 Managing system resources among users 281 Securing console access using mod_console 283 Summary 284 Chapter 11 286 OpenSSL 286 Understanding How SSL Works 286 Symmetric encryption 287 Asymmetric encryption 287 SSL as a protocol for data encryption 287 Understanding OpenSSL 289 Uses of OpenSSL 289 Getting OpenSSL 290 Installing and Configuring OpenSSL 290 OpenSSL prerequisites 290 Compiling and installing OpenSSL 291 Understanding Server Certificates 293 What is a certificate? 293 What is a Certificate Authority (CA)? 294 Commercial CA 295 Self-certified, private CA 295 Getting a Server Certificate from a Commercial CA 296 Creating a Private Certificate Authority 298 Summary 299 Chapter 12 300 Shadow Passwords and OpenSSH 300 Understanding User Account Risks 301 Securing User Accounts 302 Using shadow passwords and groups 303 Checking password consistency 305 Eliminating risky shell services 306 Using OpenSSH for Secured Remote Access 308 Getting and installing OpenSSH 308 Configuring OpenSSH service 309 Connecting to an OpenSSH server 316 Managing the root Account 321 Limiting root access 322 Using su to become root or another user 323 Using sudo to delegate root access 325 Monitoring Users 330 Finding who is on the system 331 Finding who was on the system 332 Creating a User-Access Security Policy 332 Creating a User-Termination Security Policy 333 Summary 334 Chapter 13 336 Secure Remote Passwords 336 Setting Up Secure Remote Password Support 336 Establishing Exponential Password System ( EPS) 337 Using the EPS PAM module for password authentication 338 Converting standard passwords to EPS format 339 Using SRP-Enabled Telnet Service 340 Using SRP-enabled Telnet clients from non- Linux platforms 342 Using SRP-Enabled FTP Service 342 Using SRP-enabled FTP clients from non- Linux platforms 345 Summary 345 Chapter 14 346 xinetd 346 What Is xinetd? 346 Setting Up xinetd 348 Getting xinetd 348 Compiling and installing xinetd 348 Configuring xinetd for services 352 Starting, Reloading, and Stopping xinetd 356 Strengthening the Defaults in / etc/ xinetd. conf 357 Running an Internet Daemon Using xinetd 358 Controlling Access by Name or IP Address 360 Controlling Access by Time of Day 361 Reducing Risks of Denial- of- Service Attacks 361 Limiting the number of servers 361 Limiting log file size 362 Limiting load 362 Limiting the rate of connections 363 Creating an Access- Discriminative Service 364 Redirecting and Forwarding Clients 365 Using TCP Wrapper with xinetd 368 Running sshd as xinetd 368 Using xadmin 369 Summary 371 Part IV: Network Service Security 372 Chapter 15 374 Web Server Security 374 Understanding Web Risks 374 Configuring Sensible Security for Apache 375 Using a dedicated user and group for Apache 375 Using a safe directory structure 375 Using appropriate file and directory permissions 377 Using directory index file 379 Disabling default access 381 Disabling user overrides 381 Using Paranoid Configuration 382 Reducing CGI Risks 383 Information leaks 383 Consumption of system resources 383 Spoofing of system commands via CGI scripts 384 Keeping user input from making system calls unsafe 384 User modification of hidden data in HTML pages 389 Wrapping CGI Scripts 395 suEXEC 395 CGIWrap 398 Hide clues about your CGI scripts 400 Reducing SSI Risks 401 Logging Everything 402 Restricting Access to Sensitive Contents 405 Using IP or hostname 405 Using an HTTP authentication scheme 408 Controlling Web Robots 413 Content Publishing Guidelines 415 Using Apache-SSL 417 Compiling and installing Apache-SSL patches 417 Creating a certificate for your Apache-SSL server 418 Configuring Apache for SSL 419 Testing the SSL connection 421 Summary 421 Chapter 16 422 DNS Server Security 422 Understanding DNS Spoofing 422 Checking DNS Configuring Using Dlint 423 Getting Dlint 424 Installing Dlint 424 Running Dlint 425 Securing BIND 428 Using Transaction Signatures (TSIG) for zone transfers 428 Running BIND as a non-root user 432 Hiding the BIND version number 432 Limiting Queries 433 Turning off glue fetching 434 chrooting the DNS server 435 Using DNSSEC (signed zones) 435 Summary 437 Chapter 17 438 E-Mail Server Security 438 What Is Open Mail Relay? 438 Is My Mail Server Vulnerable? 440 Securing Sendmail 442 Controlling mail relay 445 Enabling MAPS Realtime Blackhole List ( RBL) support 448 Sanitizing incoming e-mail using procmail 452 Outbound-only Sendmail 460 Running Sendmail without root privileges 461 Securing Postfix 463 Keeping out spam 463 Hiding internal e-mail addresses by masquerading 465 Summary 465 Chapter 18 466 FTP Server Security 466 Securing WU-FTPD 466 Restricting FTP access by username 468 Setting default file permissions for FTP 470 Using a chroot jail for FTP sessions 471 Securing WU-FTPD using options in /etc/ftpaccess 475 Using ProFTPD 478 Downloading, compiling, and installing ProFTPD 479 Configuring ProFTPD 479 Monitoring ProFTPD 485 Securing ProFTPD 485 Summary 494 Chapter 19 496 Samba and NFS Server Security 496 Securing Samba Server 496 Choosing an appropriate security level 496 Avoiding plain-text passwords 499 Allowing access to users from trusted domains 500 Controlling Samba access by network interface 500 Controlling Samba access by hostname or IP addresses 501 Using pam_smb to authenticate all users via a Windows NT server 502 Using OpenSSL with Samba 504 Securing NFS Server 506 Using Cryptographic Filesystems 510 Summary 510 Part V: Firewalls 512 Chapter 20 514 Firewalls, VPNs, and SSL Tunnels 514 Packet-Filtering Firewalls 514 Enabling netfilter in the kernel 519 Creating Packet-Filtering Rules with iptables 521 Creating a default policy 521 Appending a rule 521 Listing the rules 522 Deleting a rule 523 Inserting a new rule within a chain 523 Replacing a rule within a chain 523 Creating SOHO Packet-Filtering Firewalls 524 Allowing users at private network access to external Web servers 527 Allowing external Web browsers access to a Web server on your firewall 528 DNS client and cache-only services 529 SMTP client service 531 POP3 client service 531 Passive-mode FTP client service 532 SSH client service 533 Other new client service 533 Creating a Simple Firewall 534 Creating Transparent, proxy- arp Firewalls 535 Creating Corporate Firewalls 537 Purpose of the internal firewall 538 Purpose of the primary firewall 538 Setting up the internal firewall 539 Setting up the primary firewall 541 Secure Virtual Private Network 551 Compiling and installing FreeS/WAN 552 Creating a VPN 553 Stunnel: A Universal SSL Wrapper 559 Compiling and installing Stunnel 559 Securing IMAP 559 Securing POP3 561 Securing SMTP for special scenarios 562 Summary 562 Chapter 21 564 Firewall Security Tools 564 Using Security Assessment ( Audit) Tools 564 Using SAINT to Perform a Security Audit 564 SARA 572 VetesCan 573 Using Port Scanners 573 Performing Footprint Analysis Using nmap 573 Using PortSentry to Monitor Connections 575 Using Nessus Security Scanner 581 Using Strobe 584 Using Log Monitoring and Analysis Tools 585 Using logcheck for detecting unusual log entries 585 Swatch 588 IPTraf 588 Using CGI Scanners 589 Using cgichk.pl 589 Using Whisker 591 Using Malice 592 Using Password Crackers 592 John The Ripper 593 Crack 594 Using Intrusion Detection Tools 594 Tripwire 594 LIDS 594 Using Packet Filters and Sniffers 595 Snort 595 GShield 598 Useful Utilities for Security Administrators 598 Using Netcat 598 Tcpdump 603 LSOF 604 Ngrep 609 Summary 610 Appendix A 612 IP Network Address Classification 612 Class A IP network addresses 612 Class B IP network addresses 613 Class C IP network addresses 613 Subnetting IP networks 613 Appendix B 616 Common Linux Commands 616 Basics of wildcards 616 Basics of regular expressions 618 How to Use Online man Pages 619 General File and Directory Commands 621 cat 621 chmod 622 chown 622 clear 623 cmp 623 cp 624 cut 624 diff 625 du 627 emacs 628 fgrep 629 file 630 find 630 grep 631 head 631 ln 632 locate 632 ls 632 mkdir 633 mv 633 pico 634 pwd 634 rm 634 sort 635 stat 636 strings 637 tail 637 touch 637 umask 638 uniq 638 vi 639 wc 640 whatis 641 whereis 641 which 641 File Compression and Archive- Specific Commands 642 compress 642 gunzip 643 gzip 643 rpm 643 tar 645 uncompress 646 unzip 646 uudecode 646 uuencode 647 zip 647 File Systems Û Specific Commands 647 dd 647 df 648 edquota 649 fdformat 649 fdisk 649 mkfs 649 mount 650 quota 650 quotaon 650 swapoff 650 swapon 651 umount 651 DOS-Compatible Commands 651 mcopy 652 mdel 652 mdir 652 mformat 652 mlabel 653 System Status Û Specific Commands 653 dmesg 653 free 653 shutdown 653 uname 654 uptime 655 User Administration Commands 655 chfn 655 chsh 655 groupadd 655 groupmod 655 groups 655 last 656 passwd 656 su 656 useradd 657 userdel 657 usermod 657 who 657 whoami 657 User Commands for Accessing Network Services 657 finger 658 ftp 658 lynx 658 mail 659 pine 660 rlogin 660 talk 661 telnet 661 wall 661 Network Administrator’s Commands 662 host 662 hostname 662 ifconfig 662 netcfg 663 netstat 663 nslookup 664 ping 665 route 666 tcpdump 667 traceroute 668 Process Management Commands 669 bg 669 fg 670 jobs 670 Task Automation Commands 670 Productivity Commands 670 bc 670 cal 671 ispell 672 mesg 672 write 672 Shell Commands 673 alias 673 history 673 set 674 source 674 unalias 675 Printing-Specific Commands 675 lpq 675 lpr 675 lprm 676 Appendix C 678 Internet Resources 678 Usenet Newsgroups 678 The comp.os.linux hierarchy 678 Miscellaneous Linux newsgroups 680 Unix security newsgroups 681 Mailing Lists 681 General lists 681 Security alert lists 682 Special lists 682 Web Sites 682 General resources 682 Publications 683 Software stores 683 Security resources 683 User Groups 683 Appendix D 684 Dealing with Compromised Systems 684 Unplug the system’s network cable 684 Notify Appropriate Authorities 684 Create a Backup Copy of Everything 685 Analyze the Compromised System Data 685 Restoring the system 686 Appendix E 688 What’s On the CD-ROM? 688 Book Chapters in Searchable PDF Format 688 Sample Book Scripts in Text Format 688 Troubleshooting 691 Index 692 A 692 B - C 693 D 695 E 696 F 697 G 698 H - I 699 J - L 700 M 701 N 703 O - P 704 Q - R 706 S 707 T 710 U 711 V - W 712 X - Z 713 GNU General Public License 714 Preamble 714 Terms and Conditions for Copying, Distribution, and Modification 715 No Warranty 719 Red Hat Certified Engineer 720 Red HatTM Press 721 Red Hat® Linux® Security and Optimization Red Hat Linux Security and Optimization is a reference for power-users and administrators covering all security issues, including Filesystems Security, Securing root accounts and Firewalls. Other Security books talk about how to apply certain patches to fix a security problem. This book shows the reader how to secure all applications so that the chances for a security breach are automatically minimized. Application performance benchmarking will also be covered. The reference introduces the reader to many application specific performance and benchmarking techniques and shows readers how to tune their computer as well as their networks. This book will cover all the primary Red Hat Linux Applications such as Apache Web Server, WuFTP, FTP server, BIND DNS server, Sendmail SMTP server and focus on how to enhance security for each of them. It will also show the reader how to secure NFS and Samba Server, and well as the Apache Web Server.

About the CD-ROM
The CD-ROM will include 50 security tools, code listings from the book, and a number of tuning and benchmarking tools.

Red Hat Linux Security and Optimization is a reference for power-users and administrators covering all security issues, including Filesystems Security, Securing root accounts and Firewalls. Other Security books talk about how to apply certain patches to fix a security problem -- but this book shows you how to secure all applications so that the chances for a security breach are automatically minimized. Application performance benchmarking will also be covered. This book introduces you to many application-specific performance and benchmarking techniques and shows you how to tune your computer as well as your networks. This book covers all the primary Red Hat Linux Applications such as Apache Web Server, WuFTP, FTP server, BIND DNS server, Sendmail SMTP server and focuses on how to enhance security for each of them. It also shows you how to secure NFS and Samba Server, as well as the Apache Web Server.
دانلود کتاب امنیت و بهینه‌سازی لینوکس رد هت هوس‌زده‌ها = امنیت و بهینه‌سازی لینوکس رد هت