Linux Essentials for Cybersecurity

ALL YOU NEED TO KNOW TO SECURE LINUX SYSTEMS, NETWORKS, APPLICATIONS, AND DATA–IN ONE BOOK From the basics to advanced techniques: no Linux security experience necessary Realistic examples & step-by-step activities: practice hands-on without costly equipment The perfect introduction to Linux-based security for all students and IT professionals Linux distributions are widely used to support mission-critical applications and manage crucial data. But safeguarding modern Linux systems is complex, and many Linux books have inadequate or outdated security coverage. Linux Essentials for Cybersecurity is your complete solution. Leading Linux certification and security experts William “Bo” Rothwell and Dr. Denise Kinsey introduce Linux with the primary goal of enforcing and troubleshooting security. Their practical approach will help you protect systems, even if one or more layers are penetrated. First, you’ll learn how to install Linux to achieve optimal security upfront, even if you have no Linux experience. Next, you’ll master best practices for securely administering accounts, devices, services, processes, data, and networks. Then, you’ll master powerful tools and automated scripting techniques for footprinting, penetration testing, threat detection, logging, auditing, software management, and more. To help you earn certification and demonstrate skills, this guide covers many key topics on CompTIA Linux+ and LPIC-1 exams. Everything is organized clearly and logically for easy understanding, effective classroom use, and rapid on-the-job training. LEARN HOW TO: Review Linux operating system components from the standpoint of security Master key commands, tools, and skills for securing Linux systems Troubleshoot common Linux security problems, one step at a time Protect user and group accounts with Pluggable Authentication Modules (PAM), SELinux, passwords, and policies Safeguard files and directories with permissions and attributes Create, manage, and protect storage devices: both local and networked Automate system security 24/7 by writing and scheduling scripts Maintain network services, encrypt network connections, and secure network-accessible processes Examine which processes are running–and which may represent a threat Use system logs to pinpoint potential vulnerabilities Keep Linux up-to-date with Red Hat or Debian software management tools Modify boot processes to harden security Master advanced techniques for gathering system information

Table of Contents:
Introduction xxix Part I: Introducing Linux 2 Chapter 1 Distributions and Key Components 4 Introducing Linux 4 Linux Distributions 5 Shells 6 GUI Software 7 Installing Linux 7 Which Distro? 8 Native or Virtual Machine? 9 Installing a Distro 10 Summary 12 Key Terms 12 Review Questions 12 Chapter 2 Working on the Command Line 14 File Management 14 The Linux Filesystem 14 Command Execution 16 The pwd Command 16 The cd Command 16 The ls Command 17 File Globbing 18 The file Command 19 The less Command 19 The head Command 19 The tail Command 20 The mdkir Command 20 The cp Command 20 The mv Command 21 The rm Command 21 The rmdir Command 22 The touch Command 22 Shell Features 22 Shell Variables 22 Initialization Files 27 Alias 28 Command History 29 Redirecting Input and Output 30 Advanced Commands 33 The find Command 33 Regular Expressions 35 The grep Command 36 The sed Command 37 Compression Commands 38 Summary 40 Key Terms 40 Review Questions 41 Chapter 3 Getting Help 42 Man Pages 42 Man Page Components 42 Man Page Sections 43 Man Page Locations 46 Command Help Options 46 The help Command 46 The info Command 47 The /usr/share/doc Directory 48 Internet Resources 49 Summary 50 Key terms 50 Review Questions 51 Chapter 4 Editing Files 52 The vi Editor 52 What Is vim? 53 Essential vi Commands 54 Use Basic vi Modes 54 Entering the Insert Mode 55 Movement Commands 56 Repeater Modifiers 57 Undoing 57 Copying, Deleting, and Pasting 58 Finding Text 59 Find and Replace 60 Saving and Quitting 61 Expand Your vi Knowledge 62 Additional Editors 63 Emacs 63 gedit and kwrite 65 nano and joe 65 lime and bluefish 65 Summary 66 Key Terms 66 Review Questions 66 Chapter 5 When Things Go Wrong 68 The Science of Troubleshooting 68 Step 1: Gathering Information 69 Step 2: Determine the Likely Cause 70 Step 3: Document Your Plan of Attack (POA) 71 Step 4: Perform the Actions 71 Steps 5 and 6: Is the Problem Solved? 71 Step 7: Are There Other Problems? 71 Step 8: Store the Documentation 72 Step 9: Prevent Future Problems 72 Notifying Users 72 Pre- and Post-login Messages 72 Broadcasting Messages 77 Summary 79 Review Questions 79 Part II: User and Group Accounts 80 Chapter 6 Managing Group Accounts 82 What Are Groups Used For? 82 Primary versus Secondary Groups 82 The /etc/group File 84 Special Groups 85 User Private Groups 86 The /etc/gshadow File 88 Managing Groups 90 Creating Groups 90 Modifying Groups 91 Deleting Groups 91 Adding Users to Groups 92 Group Administrators 93 Summary 93 Key Terms 93 Review Questions 94 Chapter 7 Managing User Accounts 96 The Importance of User Accounts 96 User Account Information 96 The /etc/passwd File 97 Special Users 98 The /etc/shadow File 99 Managing Users 102 Creating Users 102 Modifying Users 105 Managing GECOS 105 Deleting Users 107 Restricted Shell Accounts 107 Network-Based User Accounts 108 Using su and sudo 108 Restricting User Accounts 111 Summary 116 Key Terms 116 Review Questions 117 Chapter 8 Develop an Account Security Policy 118 Introducing Kali Linux 118 Security Principles 119 Creating a Security Policy 120 Securing Accounts 120 Physical Security 120 Educating Users 121 Account Security 121 Security Tools 124 The john and Johnny Tools 124 The hydra tool 125 Summary 126 Review Questions 126 Part III File and Data Storage 128 Chapter 9 File Permissions 130 Standard Permissions 130 Viewing Permissions 130 Files Versus Directories 131 Changing Permissions 131 Default Permissions 132 Special Permissions 134 SUID 134 SGID 136 Sticky Bit 138 Access Control Lists (ACLs) 139 The mask Value 141 Default ACLs 141 Changing Ownership 143 chown 143 chgrp 144 File Attributes 145 Introduction to SELinux 146 Users Create Security Holes 146 Daemon Processes Create Security Holes 146 SELinux Essentials 147 Summary 149 Key Terms 150 Review Questions 150 Chapter 10 Manage Local Storage: Essentials 152 Filesystem Essentials 152 Partitions 152 Filesystems 153 Why So Many Partitions/Filesystems? 154 Which Partitions/Filesystems Should Be Created? 155 Filesystem Types 155 Managing Partitions 156 Ext-Based Filesystem Tools 161 Xfs-Based Filesystem Tools 166 Additional Filesystem Tools 170 du 170 df 170 Mounting Filesystems 170 The umount Command 171 The mount Command 171 Mounting Filesystems Manually 173 Problems Unmounting Filesystems 174 Mounting Filesystems Automatically 175 Device Descriptors 176 Mount Options 177 Mounting Removable Media 179 Swap Space 179 Creating Swap Devices 180 Summary 181 Key Terms 181 Review Questions 181 Chapter 11 Manage Local Storage: Advanced Features 184 Encrypted Filesystems 184 Managing autofs 186 Logical Volume Manager 189 Logical Volume Manager Concepts 190 LVM Essentials 192 Using Logical Volumes and Additional LVM Commands 197 Resizing Logical Volumes 201 LVM Snapshots 204 Disk Quotas 206 Setting Up a Disk Quota for a Filesystem 207 Editing, Checking, and Generating User Quota Reports 207 Hard and Soft Links 210 Why Use Links? 211 Creating Links 211 Displaying Linked Files 212 Summary 212 Key Terms 212 Review Questions 212 Chapter 12 Manage Network Storage 214 Samba 214 SAMBA Configuration 215 SAMBA Server 218 SAMBA Accounts 220 Accessing SAMBA Servers 221 Network File System 223 Configuring an NFS Server 224 Configuring an NFS Client 229 iSCSI 230 Summary 236 Key Terms 236 Review Questions 236 Chapter 13 Develop a Storage Security Policy 240 Developing the Plan 240 Backing Up Data 241 Creating a Backup Strategy 241 Standard Backup Utilities 246 Third-party Backup Utilities 250 Summary 250 Key Terms 251 Review Questions 251 Part IV: Automation 252 Chapter 14 crontab and at 254 Using crontab 254 Configure User Access to the cron Service 256 /etc/crontab 258 /etc/anacrontab 260 Using at 261 atq 261 atrm 262 Configure User Access to at Services 262 Summary 263 Key Terms 263 Review Questions 263 Chapter 15 Scripting 264 Linux Programming 264 BASH Shell Scripting 265 Perl Scripting 265 Python Scripting 266 Basics of BASH Scripting 268 Conditional Expressions 269 Flow Control Statements 271 The while Loop 272 The for Loop 272 Loop Control 272 The case Statement 272 User Interaction 273 Using Command Substitution 274 Additional Information 274 Summary 274 Key Terms 274 Review Questions 275 Chapter 16 Common Automation Tasks 276 Exploring Scripts that Already Exist on Your System 276 The /etc/cron.* Directories 276 Repositories 279 Creating Your Own Automation Scripts 280 Summary 281 Key Terms 281 Review Questions 281 Chapter 17 Develop an Automation Security Policy 282 Securing crontab and at 282 Securing BASH Scripts 283 Access to Scripts 283 Script Contents 284 Dealing with Data 284 Shell Settings 284 Shell Style 285 Summary 285 Review Questions 285 Part V: Networking 286 Chapter 18 Networking Basics 288 Network Terminology 288 IPv4 Versus IPv6 290 IPv4 Addresses 292 Determining a Network Address from an IP Address and Subnet 293 Private IP Addresses 294 Common Protocol Suites 294 Network Ports 295 Summary 297 Key Terms 297 Review Questions 297 Chapter 19 Network Configuration 298 Ethernet Network Interfaces 298 Displaying Ethernet Port Configurations 299 Changing Ethernet Port Settings 300 Network Configuration Tools 301 The arp Command 302 The route Command 303 The ip Command 304 The hostname Command 305 The host Command 305 The dig Command 306 The netstat Command 307 Persistent Network Configurations 307 The /etc/hostname File (Universal) 307 The /etc/hosts File (Universal) 307 The /etc/resolv.conf File (Universal) 308 The /etc/nsswitch.conf File (Universal) 308 The /etc/sysctl.conf File (Universal) 309 The /etc/sysconfig/network File (Red Hat) 310 The /etc/sysconfig/network-scripts/ifcfg-interface-name Files (Red Hat) 310 The /etc/network/interfaces File (Debian) 311 Network Troubleshooting Commands 311 The ping Command 311 The traceroute Command 312 The netcat Command 313 Access to Wireless Networks 314 The iwconfig Command 314 The iwlist Command 315 Summary 316 Key Terms 316 Review Questions 317 Chapter 20 Network Service Configuration: Essential Services 318 DNS Servers 318 Essential Terms 319 How Name Resolution Works 320 Basic BIND Configuration 322 Zone Files 326 Zone File Basics 326 Zone File Entries in the /etc/named.conf File 327 Zone File Syntax 328 Zone Record Types 329 Putting It All Together 333 Slave BIND Servers 335 Testing the DNS Server 336 The dig Command 336 Securing BIND 337 Sending BIND to Jail 337 Split BIND Configuration 340 Transaction Signatures 341 DHCP Server 343 DHCP Configuration Basics 344 Configuring Static Hosts 346 DHCP Log Files 347 Email Servers 347 SMTP Basics 348 Configuring Postfix 349 Managing Local Email Delivery 353 procmail Basics 354 procmail Rules 355 procmail Examples 357 mbox and Maildir Formats 357 Remote Email Delivery 358 IMAP and POP Essentials 358 The Dovecot Server 359 Summary 362 Key Terms 362 Review Questions 362 Chapter 21 Network Service Configuration: Web Services 364 Apache Web Server 364 Basic Apache Web Server Configuration 365 Starting the Apache Web Server 366 Apache Web Server Log Files 367 Enable Scripting 367 Apache Web Server Security 370 Essential Settings 370 User Authentication 372 Virtual Hosts 372 Configuring IP-Based Virtual Hosts 373 Configuring Name-Based Virtual Hosts 373 HTTPS 374 SSL Essentials 375 SSL Issues 375 Self-Signing 376 SSL and Apache 376 SSL Server Certificate 377 Apache SSL Directives 381 Proxy Servers 382 Tunneling Proxy 383 Forward Proxy 383 Reverse Proxy 383 Squid Basics 384 Nginx Configuration 387 Client Configuration 389 Summary 391 Key Terms 391 Review Questions 391 Chapter 22 Connecting to Remote Systems 394 LDAP 394 Key LDAP Terms 395 The slapd.conf File 397 Starting the LDAP Server 399 OpenLDAP Objects 401 OpenLDAP Schemas 401 OpenLDAP Database Changes 402 Using the ldapdelete Command 404 Using the ldapsearch Command 405 Using the ldappasswd Command 407 Connecting to an LDAP Server 408 FTP Servers 408 Configuring vsftpd 409 Connecting to an FTP server 412 Secure Shell 415 Configuring the Secure Shell Server 416 Secure Shell Client Commands 418 Advanced SSH Features 421 Summary 423 Key Terms 423 Review Questions 423 Chapter 23 Develop a Network Security Policy 426 Kernel Parameters 426 The /etc/sysctl.conf File 426 Ignoring ping Requests 427 Ignoring Broadcast Requests 428 Enabling TCP SYN Protection 428 Disabling IP Source Routing 428 TCP Wrappers 428 Network Time Protocol 430 Setting the System Clock Manually 430 Setting the System Time Zone Manually 432 Setting the System Date Using NTP 434 Summary 436 Key Terms 436 Review Questions 436 Part VI: Process and Log Administration 438 Chapter 24 Process Control 440 Viewing Processes 440 The ps Command 440 The pgrep Command 442 The top Command 442 The uptime Command 444 The free Command 445 Running Processes 445 Pausing and Restarting Processes 446 Killing Processes 447 The kill Command 447 The pkill Command 448 The killall Command 448 The xkill Command 449 The nohup Command 450 Process Priority 450 The nice Command 450 The renice Command 450 Summary 451 Key Terms 451 Review Questions 451 Chapter 25 System Logging 452 Syslog 452 The syslogd Daemon 452 The /var/log Directory 453 The /etc/syslog.conf File 454 Creating Your Own /etc/syslog.conf Entry 457 The logrotate Command 458 The /etc/logrotate.conf File 458 The journalctl Command 459 The /etc/systemd/journald.conf file 460 Summary 461 Key Terms 461 Review Questions 461 Part VII: Software Management 462 Chapter 26 Red Hat—Based Software Management 464 Red Hat Packages 464 How to Obtain Packages 465 The /var/lib/rpm Directory 465 Using the rpm Command 466 Listing rpm Information 466 Installing Packages with rpm 472 Removing Packages with rpm 474 rpm2cpio 475 The yum Command 475 Repositories 475 Using the yum Command 477 Additional Tools 484 Summary 484 Key Terms 485 Review Questions 485 Chapter 27 Debian-Based Software Management 486 Managing Packages with dpkg 486 Listing Package Information with dpkg 486 Installing Software with dpkg 489 Reconfiguring Software with dpkg 490 Extracting Files from a Debian Package 490 Removing Packages with the dpkg Command 491 Managing Packages with APT 492 APT Repositories 492 Creating a Source Repository 494 Listing Package Information with APT Commands 494 Installing Packages with APT Commands 496 Removing Packages with APT Commands 499 Additional APT Features 500 Summary 500 Key Terms 500 Review Questions 500 Chapter 28 System Booting 502 Phases of the Boot Process 502 The BIOS/UEFI Phase 502 The Bootloader Phase 503 The Kernel Phase 503 The Post-Kernel Phase 504 GRUB 504 Legacy GRUB Configuration 504 GRUB 2 Configuration 512 Kernel Components 517 Kernel Documentation 517 Tweaking the Kernel 517 Kernel Images 518 Kernel Modules 519 The /proc/sys Filesystem 526 The init Phase 528 Configuring Systemd 528 Summary 531 Key Terms 531 Review Questions 532 Chapter 29 Develop a Software Management Security Policy 534 Ensuring Software Security 534 Keep Packages Up to Date 534 Consider Removing Unnecessary Packages 535 Ensure You Install from Trusted Sources 536 CVE 537 Distribution-Specific Security Alerts 538 xinetd 539 Summary 540 Key Terms 540 Review Questions 541 Part VIII: Security