Linux Operating System Security

Links from the class materials and other supplemental information, grouped by chapter:

Chapter 1: Introduction

Chapter 2: General Security Issues

Links from the text:

• Least Privilege
• The Challenge of Least Privilege
• Secure programmer: Minimizing privileges Taking the fangs out of bugs
• Controlling access: Least privilege and compartmentalization by Gary McGraw and John Viega of IBM
• Wikipedia entry on Blue Pill
• Defense in Depth, by Todd McGuiness
• Defense in Depth, by Sean Barnum and Michael Gegick
• Bugtraq
• SANS
• CERT
• CERT Bulletins
• Red Hat mailing lists
• SUSE security alerts
• CentOS mailing lists
• Symantec Internet Security Threat Report, volume XIII
• XSSed archive

Additional links, not from the course text, or, software needed for the chapter:

Links to vendor security information:

• Apple
• Debian
• Red Hat
• Fedora Security Wiki
• Links to Fedora security information
• For Fedora, you can also go directly to SecurityFocus.com and search for your version of Fedora (e.g., "fedora core 4").
• SuSE

Chapter 3: Logging

Links from the text:

• swatch
• logsurfer
• logcheck
• logwatch
• logtool
• colorize
• mreport
• analog
• webalizer
• awstats

Additional links, not from the course text, or, software needed for the chapter:

Log file tools:

Chapter 4: Authentication

Links from the text:

• crack
• John the Ripper
• the RPM database
• For cracking MD5 passwords
• Red Hat has PAM documentation
• OpenWall project
• Additional PAM modules
• better password quality check
• additional information about password history
• Sudo main page
• Kerberos Overview
• Microsoft's Kerberos shuck and jive By Dominic Gates
• Microsoft Kerberos Specification..., by Nicolas Williams
• The Kerberos FAQ
• Red Hat's kerberos information
• NTP information
• Red Hat LDAP information
• Red Hat documentation about using LDAP for authentication
• LDAP Account Manager (LAM)
• luma
• PADL

Chapter 5: Local security issues

Links from the text:

• An overview of COPS
• Information on obtaining COPS

Additional links, not from the course text, or, software needed for the chapter:

Original COPS web page by Dan Farmer.
Another COPS web page, from Dan Anderson.

Chapter 6: nmap and network mapping

Links from the text:

• the official nmap distribution site
• Fresh RPMs

Chapter 7: Penetration testing

Links from the text:

• nessus web site
• Arirang
• Nikto
• SARA
• Core Impact
• SAINT
• ISS
• MBSA : Microsoft Baseline Security Analyzer
• Retina
• Canvas

Additional links, not from the course text, or, software needed for the chapter:

Nessus: To save the file, do a right click and choose "save target as..."

• nessus official site.
• Nessus-3.2.1-es5.i386.rpm
• NessusClient-3.2.1-es5.i386.rpm

Chapter 8: Network access control

Links from the text:

• An IP Tables HOWTO

Additional links, not from the course text, or, software needed for the chapter:

iptables file for the lab. I created it with iptables-save. Restore it to make it active.

Chapter 9: Intrusion Detection Overview

Chapter 10: Host-based Intrusion Detection Systems

Links from the text:

• The Aide source
• Aide documentation
• A good intro to tripwire
• The commercial version of Tripwire
• Source code and RPMs for an Open-Source version of tripwire
• portsentry
• SAMHAIN
• LIDS
• chrootkit
• pH
• H+BEDV Datentechnik GmbH make an anti-virus product for Linux
• Sana Security
• Cisco's IDS
• ISS IDS

Additional links, not from the course text, or, software needed for the chapter:

Tripwire:

• tripwire-2.4.0.1-x86-bin.tar.bz2
• tripwire-2.4.0.1-src.tar.bz2
• Commercial tripwire
• Open-source tripwire
• twpol.txt A tripwire policy file.

Portsentry:

• Portsentry and related tools official page
• portsentry-1.2.tar.gz Source
• portsentry-1.1-fr7.i386.rpm Local copy
• portsentry-1.1-fr7.src.rpm Local copy
• portsentry-1.1-fr8.i386.rpm Local copy
• portsentry-1.1-fr8.src.rpm Local copy

Chapter 11: Network Intrusion Detection Systems

Links from the text:

• snort and related utilities
• snort mailing list
• SnortSnarf
• BASE
• The Bro IDS

Additional links, not from the course text, or, software needed for the chapter:

Local copies of snort files:

• snort-2.8.3.2-1.RH5.i386.rpm
• snort-2.8.3.2.tar.gz
• snort-2.8.3.2.tar.gz.sig
• snortrules-snapshot-2.8.tar.gz

Bro web site

Chapter 12: SELinux

Links from the text:

• The NSA's SELinux page
• The SourceForge SELinux Project
• Red Hat's SELinux page
• Tresys' SELinux page
• Filesystem labeling in SELinux
• A collection of SELinux policy tools from Tresys
• Dan Walsh's blog discussing several of the file context tools
• Dan Walsh's blog discussing restorecond
• SETroubleShoot: A User Friendly Tool for Notification and Diagnosis of AVC Denials
• Dan Walsh's blog about setroubleshoot

Additional links, not from the course text, or, software needed for the chapter:

• NSA SELinux web site
• Fedora SELinux information
• Red Hat 4 SELinux documentation

Chapter 13: Cryptography Overview

Links from the text:

• Handbook of Applied Cryptography
• An excellent overview of cryptography
• The standards for the SHA series of hashes
• A program for finding collisions in MD5
• NIST and approved hash functions
• The American Bar Association Section of Science and Technology Information Security Committee Digital Signature Guidelines Tutorial
• Digital Signature Standard (DSS, also called DSA)
• using RSA for digital signatures
• 10 Risks of PKI
• the OpenSSL timing attack
• details about the WEP problems
• the TI transponder cracking
• OpenSSL timing attacks
• Why Cryptography Is Harder Than It Looks by Bruce Schneier
• Security Pitfalls in Cryptography by Bruce Schneier

Chapter 14: Cryptographic Tools

Links from the text:

• PGP key server
• PuTTY
• SecureCRT
• kernel package verification key

Additional links, not from the course text, or, software needed for the chapter:

Signing key for linux kernel

Kernel source 2.4.25
Signature for the kernel source 2.4.25

Chapter 15: SSL and TLS

Links from the text:

• ssldump
• Building a Secure RedHat Apache Server HOWTO
• stunnel

Chapter 16: IPsec

Links from the text:

• ipsec-tools
• FreeS/WAN
• OpenSwan
• StrongSwan
• OpenVPN
• VPN setup instructions

Additional links, not from the course text, or, software needed for the chapter:

• FreeS/WAN
• OpenS/WAN
• strongSwan

Chapter 17: Review of networking concepts

Chapter 18: Loop filesystem

Chapter 19: Security packages and distributions

Additional links, not from the course text, or, software needed for the chapter:

Bastille Linux:

• Main web site
• Bastille-3.0.9-1.0.noarch.rpm Local copy
• perl-Curses-1.06-219.i586.rpm Local copy for RH 9.0

LIDS:

• Main web site
• lids-1.1.1r2-2.4.18.tar.gz Local copy
• lids-1.1.2-2.4.20.tar.gz Local copy

Others:

• OpenWall
• Trustix
• Debian
• OpenBSD

Chapter 20: Kernel configuration options (optional)

Links from the text:

• lcap

Additional links, not from the course text, or, software needed for the chapter:

• lcap-0.0.6.tar.bz2 Local copy
• lcap_0.0.6.orig.tar.gz Local copy
• linux-2.4.25.tar.bz2 Local copy
• linux-2.4.25.tar.bz2.sign Local copy

Chapter 21: Network Configuration

Links from the text:

• More information about /etc/sysconfig
• More details about the network configuration in /etc/sysconfig
• Information about Ethernet auto-negotiation

Chapter 22: Network services

Links from the text:

• PuTTY
• SecureCRT
• More information about NFS configuration

SkillBridge Training

Examples from the class notes (or, all as one file).

Selected Solutions from the class notes (no looking until you have solved the problems!). Note that all solutions are in an appendix of your course book. All solutions in a compressed tar file.

Evaluation form (if needed)