Red Hat ENTERPRISE LINUX 4 - SECURITY GUIDE Manual Manual pdf 96 page image
Manuals database logo
manualsdatabase
Your AI-powered manual search engine

Red Hat ENTERPRISE LINUX 4 - SECURITY GUIDE Manual

Also see for ENTERPRISE LINUX 4 - DEVELOPER TOOLS GUIDE: Installation guideInstallation guideTuning guideInstallation guideManual

Page 1 previewPage 2 previewPage 3 previewPage 4 previewPage 5 previewPage 6 previewPage 7 previewPage 8 previewPage 9 previewPage 10 previewPage 11 previewPage 12 previewPage 13 previewPage 14 previewPage 15 previewPage 16 previewPage 17 previewPage 18 previewPage 19 previewPage 20 previewPage 21 previewPage 22 previewPage 23 previewPage 24 previewPage 25 previewPage 26 previewPage 27 previewPage 28 previewPage 29 previewPage 30 previewPage 31 previewPage 32 previewPage 33 previewPage 34 previewPage 35 previewPage 36 previewPage 37 previewPage 38 previewPage 39 previewPage 40 previewPage 41 previewPage 42 previewPage 43 previewPage 44 previewPage 45 previewPage 46 previewPage 47 previewPage 48 previewPage 49 previewPage 50 previewPage 51 previewPage 52 previewPage 53 previewPage 54 previewPage 55 previewPage 56 previewPage 57 previewPage 58 previewPage 59 previewPage 60 previewPage 61 previewPage 62 previewPage 63 previewPage 64 previewPage 65 previewPage 66 previewPage 67 previewPage 68 previewPage 69 previewPage 70 previewPage 71 previewPage 72 previewPage 73 previewPage 74 previewPage 75 previewPage 76 previewPage 77 previewPage 78 previewPage 79 previewPage 80 previewPage 81 previewPage 82 previewPage 83 previewPage 84 previewPage 85 previewPage 86 previewPage 87 previewPage 88 previewPage 89 previewPage 90 previewPage 91 previewPage 92 previewPage 93 previewPage 94 previewPage 95 previewPage 96 previewPage 97 previewPage 98 previewPage 99 previewPage 100 previewPage 101 previewPage 102 previewPage 103 previewPage 104 previewPage 105 previewPage 106 previewPage 107 previewPage 108 previewPage 109 previewPage 110 previewPage 111 previewPage 112 previewPage 113 previewPage 114 previewPage 115 previewPage 116 previewPage 117 previewPage 118 previewPage 119 previewPage 120 previewPage 121 previewPage 122 previewPage 123 previewPage 124 previewPage 125 previewPage 126 previewPage 127 previewPage 128 previewPage 129 previewPage 130 previewPage 131 previewPage 132 previewPage 133 previewPage 134 previewPage 135 previewPage 136 preview
Contents
  1. red hat enterprise linux
  2. Table Of Contents
  3. Table Of Contents
  4. Table Of Contents
  5. Table Of Contents
  6. document conventions
  7. I. A General Introduction to Security
  8. Security Overview
  9. Computer Security Timeline
  10. Security Today
  11. Standardizing Security
  12. Technical Controls
  13. Attackers and Vulnerabilities
  14. Threats to Network Security
  15. Unpatched Services
  16. Threats to Workstation and Home PC Security
  17. II. Configuring Red Hat Enterprise Linux for Security
  18. Security Updates
  19. Using the Red Hat Errata Website
  20. Installing Signed Packages
  21. Applying the Changes
  22. Workstation Security
  23. Boot Loader Passwords
  24. Password Security
  25. Creating Strong Passwords
  26. Creating User Passwords Within an Organization
  27. password aging
  28. Administrative Controls
  29. Allowing Root Access
  30. Limiting Root Access
  31. Available Network Services
  32. Risks To Services
  33. Insecure Services
  34. Personal Firewalls
  35. Security Enhanced Communication Tools
  36. Enhancing Security With TCP Wrappers
  37. Enhancing Security With xinetd
  38. Securing Portmap
  39. Securing NIS
  40. Edit the /var/yp/securenets File
  41. Use Kerberos Authentication
  42. Do Not Use the no_root_squash Option
  43. Do Not Remove the IncludesNoExec Directive
  44. Anonymous Access
  45. User Accounts
  46. Limiting a Denial of Service Attack
  47. vpns and red hat enterprise linux
  48. IPsec Installation
  49. IPsec Network-to-Network configuration
  50. Netfilter and iptables
  51. Basic Firewall Policies
  52. Saving and Restoring iptables Rules
  53. FORWARD and NAT Rules
  54. DMZs and iptables
  55. iptables and Connection Tracking
  56. Additional Resources
  57. vulnerability assessment
  58. Defining Assessment and Testing
  59. Establishing a Methodology
  60. Nessus
  61. Nikto
  62. IDS Types
  63. Host-based IDS
  64. Other Host-based IDSes
  65. Snort
  66. Creating an Incident Response Plan
  67. The Computer Emergency Response Team (CERT)
  68. Implementing the Incident Response Plan
  69. Collecting an Evidential Image
  70. Restoring and Recovering Resources
  71. V. Appendixes
  72. A. Hardware and Network Protection
  73. A.1.2. Transmission Considerations
  74. A.1.4. Network Segmentation and DMZs
  75. B. Common Exploits and Attacks
  76. C. Common Ports
  77. D. Revision History
  78. Index
Red Hat ENTERPRISE LINUX 4 - SECURITY GUIDE Manual Manual pdf 96 page image
Chapter 9. Intrusion Detection849.2. Host-based IDSA host-based IDS analyzes several areas to determine misuse (malicious or abusive activity insidethe network) or intrusion (breaches from the outside). Host-based IDSes consult several types oflog files (kernel, system, server, network, firewall, and more), and compare the logs against aninternal database of common signatures for known attacks. UNIX and Linux host-based IDSes makeheavy use of syslog and its ability to separate logged events by their severity (for example, minorprinter messages versus major kernel warnings). The syslog command is available when installingthe sysklogd package, which is included with Red Hat Enterprise Linux. This package providessystem logging and kernel message trapping. The host-based IDS filters logs (which, in the case ofsome network and kernel event logs, can be quite verbose), analyzes them, re-tags the anomalousmessages with its own system of severity rating, and collects them in its own specialized log foradministrator analysis.A host-based IDS can also verify the data integrity of important files and executables. It checks adatabase of sensitive files (and any files added by the administrator) and creates a checksum ofeach file with a message-file digest utility such as md5sum (128-bit algorithm) or sha1sum (160-bitalgorithm). The host-based IDS then stores the sums in a plain text file and periodically comparesthe file checksums against the values in the text file. If any of the file checksums do not match, theIDS alerts the administrator by email or cellular pager. This is the process used by Tripwire, which isdiscussed in Section 9.2.1, “Tripwire”.9.2.1. TripwireTripwire is the most popular host-based IDS for Linux. Tripwire, Inc., the developers of Tripwire,opened the software source code for the Linux version and licensed it under the terms of the GNUGeneral Public License. Tripwire is available from http://www.tripwire.org/.NoteTripwire is not included with Red Hat Enterprise Linux and is not supported. It has beenincluded in this document as a reference to users who may be interested in using thispopular application.9.2.2. RPM as an IDSThe RPM Package Manager (RPM) is another program that can be used as a host-based IDS. RPMcontains various options for querying packages and their contents. These verification options canbe invaluable to an administrator who suspects that critical system files and executables have beenmodified.The following list details some RPM options that can verify file integrity on a Red Hat Enterprise Linuxsystem. Refer to the System Administrators Guide for complete information about using RPM.ImportantSome of the commands in the following list require the importation of the Red Hat GPGpublic key into the system's RPM keyring. This key verifies that packages installed onthe system contain an Red Hat package signature, which ensures that the packagesoriginated from Red Hat. The key can be imported by issuing the following command asroot (substituting with the version of RPM installed on the system):
/ 136
Related manuals for Red Hat ENTERPRISE LINUX 4 - DEVELOPER TOOLS GUIDE
Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE Manual first page preview
Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE Manual
Red Hat ENTERPRISE LINUX 4 - SELINUX GUIDE Manual first page preview
Red Hat ENTERPRISE LINUX 4 - SELINUX GUIDE Manual
Red Hat ENTERPRISE LINUX 4 - STEP BY STEP GUIDE Manual first page preview
Red Hat ENTERPRISE LINUX 4 - STEP BY STEP GUIDE Manual
Red Hat ENTERPRISE LINUX 4 Manual first page preview
Red Hat ENTERPRISE LINUX 4 Manual
Red Hat ENTERPRISE LINUX 4 Manual first page preview
Red Hat ENTERPRISE LINUX 4 Manual
Red Hat ENTERPRISE LINUX 3 - STEP BY STEP GUIDE Manual first page preview
Red Hat ENTERPRISE LINUX 3 - STEP BY STEP GUIDE Manual
Red Hat ENTERPRISE LINUX 4 - DEVELOPER TOOLS GUIDE Manual first page preview
Red Hat ENTERPRISE LINUX 4 - DEVELOPER TOOLS GUIDE Manual
Red Hat CERTIFICATE SYSTEM ENTERPRISE - SECURITY GUIDE Manual first page preview
Red Hat CERTIFICATE SYSTEM ENTERPRISE - SECURITY GUIDE Manual
Red Hat ENTERPRISE LINUX 5.5 - ONLINE STORAGE GUIDE Manual first page preview
Red Hat ENTERPRISE LINUX 5.5 - ONLINE STORAGE GUIDE Manual
Red Hat ENTERPRISE LINUX 4 - USING AS Using Manual first page preview
Red Hat ENTERPRISE LINUX 4 - USING AS Using Manual
This manual is suitable for:
ENTERPRISE LINUX 4 - DEVELOPER TOOLS GUIDE
Manuals database logo
manualsdatabase
Your AI-powered manual search engine