<HTML ><HEAD ><TITLE >Linux Security HOWTO</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK REL="NEXT" TITLE="Introduction" HREF="x21.html"></HEAD ><BODY CLASS="article" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV CLASS="ARTICLE" ><DIV CLASS="TITLEPAGE" ><H1 CLASS="title" ><A NAME="AEN2" ></A >Linux Security HOWTO</H1 ><H3 CLASS="author" ><A NAME="AEN4" >Kevin Fenzi</A ></H3 ><DIV CLASS="affiliation" ><SPAN CLASS="orgname" >tummy.com, ltd.<BR></SPAN ><DIV CLASS="address" ><P CLASS="address" ><TT CLASS="email" ><<A HREF="mailto:kevin-securityhowto@tummy.com" >kevin-securityhowto@tummy.com</A >></TT ></P ></DIV ></DIV ><H3 CLASS="author" ><A NAME="AEN11" >Dave Wreski</A ></H3 ><DIV CLASS="affiliation" ><SPAN CLASS="orgname" >linuxsecurity.com<BR></SPAN ><DIV CLASS="address" ><P CLASS="address" ><TT CLASS="email" ><<A HREF="mailto:dave@linuxsecurity.com" >dave@linuxsecurity.com</A >></TT ></P ></DIV ></DIV ><P CLASS="pubdate" >v2.3, 22 January 2004<BR></P ><DIV ><DIV CLASS="abstract" ><A NAME="AEN19" ></A ><P ></P ><P > This document is a general overview of security issues that face the administrator of Linux systems. It covers general security philosophy and a number of specific examples of how to better secure your Linux system from intruders. Also included are pointers to security-related material and programs. Improvements, constructive criticism, additions and corrections are gratefully accepted. Please mail your feedback to both authors, with "Security HOWTO" in the subject. </P ><P ></P ></DIV ></DIV ><HR></DIV ><DIV CLASS="TOC" ><DL ><DT ><B >Table of Contents</B ></DT ><DT >1. <A HREF="x21.html" >Introduction</A ></DT ><DD ><DL ><DT >1.1. <A HREF="x21.html#AEN27" >New Versions of this Document</A ></DT ><DT >1.2. <A HREF="x21.html#AEN49" >Feedback</A ></DT ><DT >1.3. <A HREF="x21.html#AEN62" >Disclaimer</A ></DT ><DT >1.4. <A HREF="x21.html#AEN68" >Copyright Information</A ></DT ></DL ></DD ><DT >2. <A HREF="x82.html" >Overview</A ></DT ><DD ><DL ><DT >2.1. <A HREF="x82.html#AEN85" >Why Do We Need Security?</A ></DT ><DT >2.2. <A HREF="x82.html#AEN89" >How Secure Is Secure?</A ></DT ><DT >2.3. <A HREF="x82.html#AEN95" >What Are You Trying to Protect?</A ></DT ><DT >2.4. <A HREF="x82.html#AEN133" >Developing A Security Policy</A ></DT ><DT >2.5. <A HREF="x82.html#AEN147" >Means of Securing Your Site</A ></DT ><DT >2.6. <A HREF="x82.html#AEN162" >Organization of This Document</A ></DT ></DL ></DD ><DT >3. <A HREF="physical-security.html" >Physical Security</A ></DT ><DD ><DL ><DT >3.1. <A HREF="physical-security.html#AEN190" >Computer locks</A ></DT ><DT >3.2. <A HREF="physical-security.html#AEN195" >BIOS Security</A ></DT ><DT >3.3. <A HREF="physical-security.html#AEN206" >Boot Loader Security</A ></DT ><DT >3.4. <A HREF="physical-security.html#AEN234" >xlock and vlock</A ></DT ><DT >3.5. <A HREF="physical-security.html#AEN247" >Security of local devices</A ></DT ><DT >3.6. <A HREF="physical-security.html#AEN250" >Detecting Physical Security Compromises</A ></DT ></DL ></DD ><DT >4. <A HREF="local-security.html" >Local Security</A ></DT ><DD ><DL ><DT >4.1. <A HREF="local-security.html#AEN281" >Creating New Accounts</A ></DT ><DT >4.2. <A HREF="local-security.html#root-security" >Root Security</A ></DT ></DL ></DD ><DT >5. <A HREF="file-security.html" >Files and File system Security</A ></DT ><DD ><DL ><DT >5.1. <A HREF="file-security.html#umask" >Umask Settings</A ></DT ><DT >5.2. <A HREF="file-security.html#AEN432" >File Permissions</A ></DT ><DT >5.3. <A HREF="file-security.html#AEN513" >Integrity Checking</A ></DT ><DT >5.4. <A HREF="file-security.html#AEN533" >Trojan Horses</A ></DT ></DL ></DD ><DT >6. <A HREF="password-security.html" >Password Security and Encryption</A ></DT ><DD ><DL ><DT >6.1. <A HREF="password-security.html#AEN553" >PGP and Public-Key Cryptography</A ></DT ><DT >6.2. <A HREF="password-security.html#AEN571" >SSL, S-HTTP and S/MIME</A ></DT ><DT >6.3. <A HREF="password-security.html#AEN588" >Linux IPSEC Implementations</A ></DT ><DT >6.4. <A HREF="password-security.html#ssh" ><TT CLASS="literal" >ssh</TT > (Secure Shell) and <TT CLASS="literal" >stelnet</TT ></A ></DT ><DT >6.5. <A HREF="password-security.html#AEN631" >PAM - Pluggable Authentication Modules</A ></DT ><DT >6.6. <A HREF="password-security.html#AEN650" >Cryptographic IP Encapsulation (CIPE)</A ></DT ><DT >6.7. <A HREF="password-security.html#AEN662" >Kerberos</A ></DT ><DT >6.8. <A HREF="password-security.html#AEN674" >Shadow Passwords.</A ></DT ><DT >6.9. <A HREF="password-security.html#crack" >"Crack" and "John the Ripper"</A ></DT ><DT >6.10. <A HREF="password-security.html#AEN690" >CFS - Cryptographic File System and TCFS - Transparent Cryptographic File System</A ></DT ><DT >6.11. <A HREF="password-security.html#AEN698" >X11, SVGA and display security</A ></DT ></DL ></DD ><DT >7. <A HREF="kernel-security.html" >Kernel Security</A ></DT ><DD ><DL ><DT >7.1. <A HREF="kernel-security.html#AEN735" >2.0 Kernel Compile Options</A ></DT ><DT >7.2. <A HREF="kernel-security.html#AEN783" >2.2 Kernel Compile Options</A ></DT ><DT >7.3. <A HREF="kernel-security.html#AEN806" >Kernel Devices</A ></DT ></DL ></DD ><DT >8. <A HREF="network-security.html" >Network Security</A ></DT ><DD ><DL ><DT >8.1. <A HREF="network-security.html#AEN835" >Packet Sniffers</A ></DT ><DT >8.2. <A HREF="network-security.html#AEN847" >System services and tcp_wrappers</A ></DT ><DT >8.3. <A HREF="network-security.html#AEN914" >Verify Your DNS Information</A ></DT ><DT >8.4. <A HREF="network-security.html#AEN917" >identd</A ></DT ><DT >8.5. <A HREF="network-security.html#AEN935" >Configuring and Securing the Postfix MTA</A ></DT ><DT >8.6. <A HREF="network-security.html#AEN941" >SATAN, ISS, and Other Network Scanners</A ></DT ><DT >8.7. <A HREF="network-security.html#AEN961" >sendmail, qmail and MTA's</A ></DT ><DT >8.8. <A HREF="network-security.html#AEN976" >Denial of Service Attacks</A ></DT ><DT >8.9. <A HREF="network-security.html#AEN1003" >NFS (Network File System) Security.</A ></DT ><DT >8.10. <A HREF="network-security.html#AEN1019" >NIS (Network Information Service) (formerly YP).</A ></DT ><DT >8.11. <A HREF="network-security.html#AEN1026" >Firewalls</A ></DT ><DT >8.12. <A HREF="network-security.html#AEN1054" >IP Chains - Linux Kernel 2.2.x Firewalling</A ></DT ><DT >8.13. <A HREF="network-security.html#AEN1076" >Netfilter - Linux Kernel 2.4.x Firewalling</A ></DT ><DT >8.14. <A HREF="network-security.html#AEN1104" >VPNs - Virtual Private Networks</A ></DT ></DL ></DD ><DT >9. <A HREF="secure-prep.html" >Security Preparation (before you go on-line)</A ></DT ><DD ><DL ><DT >9.1. <A HREF="secure-prep.html#AEN1129" >Make a Full Backup of Your Machine</A ></DT ><DT >9.2. <A HREF="secure-prep.html#AEN1133" >Choosing a Good Backup Schedule</A ></DT ><DT >9.3. <A HREF="secure-prep.html#AEN1136" >Testing your backups</A ></DT ><DT >9.4. <A HREF="secure-prep.html#AEN1139" >Backup Your RPM or Debian File Database</A ></DT ><DT >9.5. <A HREF="secure-prep.html#logs" >Keep Track of Your System Accounting Data</A ></DT ><DT >9.6. <A HREF="secure-prep.html#AEN1183" >Apply All New System Updates.</A ></DT ></DL ></DD ><DT >10. <A HREF="after-breakin.html" >What To Do During and After a Breakin</A ></DT ><DD ><DL ><DT >10.1. <A HREF="after-breakin.html#AEN1189" >Security Compromise Underway.</A ></DT ><DT >10.2. <A HREF="after-breakin.html#AEN1202" >Security Compromise has already happened</A ></DT ></DL ></DD ><DT >11. <A HREF="sources.html" >Security Sources</A ></DT ><DD ><DL ><DT >11.1. <A HREF="sources.html#linuxsecurity" >LinuxSecurity.com References</A ></DT ><DT >11.2. <A HREF="sources.html#ftpsites" >FTP Sites</A ></DT ><DT >11.3. <A HREF="sources.html#websites" >Web Sites</A ></DT ><DT >11.4. <A HREF="sources.html#AEN1324" >Mailing Lists</A ></DT ><DT >11.5. <A HREF="sources.html#AEN1332" >Books - Printed Reading Material</A ></DT ></DL ></DD ><DT >12. <A HREF="x1357.html" >Glossary</A ></DT ><DT >13. <A HREF="q-and-a.html" >Frequently Asked Questions</A ></DT ><DT >14. <A HREF="conclusion.html" >Conclusion</A ></DT ><DT >15. <A HREF="x1505.html" >Acknowledgments</A ></DT ></DL ></DIV ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE SUMMARY="Footer navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" > </TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" > </TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="x21.html" ACCESSKEY="N" >Next</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" > </TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" > </TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >Introduction</TD ></TR ></TABLE ></DIV ></BODY ></HTML >