Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword or section
Like this
2Activity

Table Of Contents

CHAPTER 1
CHAPTER 2
CHAPTER 3
Chapter 1
Measuring System Performance
Monitoring system performance with ps
Checking memory and I/O with vmstat
Running Vtad to analyze your system
Chapter 2
Compiling and Installing a Custom Kernel
Downloading kernel source code (latestdistribution)
Creating the /usr/src/linux symbolic link
Selecting a kernel-configuration method
Using menuconfig
Tuning your hard disks
Tuning ext2 Filesystem
Changing the block size of the ext2 filesystem
Using e2fsprogs to tune ext2 filesystem
Using a Journaling Filesystem
Compiling and installing ReiserFS
Using ReiserFS
Benchmarking ReiserFS
Managing Logical Volumes
Compiling and installing the LVM module for kernel
Creating a logical volume
Adding a new disk or partition to a logical volume
Removing a disk or partition from a volume group
Using RAID, SAN, or Storage Appliances
Using Linux Software RAID
Using Hardware RAID
Using Storage-Area Networks (SANs)
Using Storage Appliances
Using a RAM-Based Filesystem
Tuning an Ethernet LAN or WAN
Using network segmentation technique forperformance
Using switches in place of hubs
Using fast Ethernet
Using a network backbone
Understanding and controlling network traffic flow
Balancing the traffic load using the DNS server
IP Accounting
IP accounting on a Linux network gateway
Compiling a Lean and Mean Apache
Tuning Apache Configuration
Controlling Apache processes
Controlling system resources
Using dynamic modules
Speeding Up Static Web Pages
Reducing disk I/O for faster static page delivery
Using Kernel HTTP daemon
Speeding Up Web Applications
Using mod_perl
Using FastCGI
Installing and configuring FastCGI module for Apache
Using Java servlets
Using Squid proxy-caching server
Choosing Your MTA
Tuning Sendmail
Controlling the maximum size of messages
Caching Connections
Controlling simultaneous connections
Limiting the load placed by Sendmail
Saving memory when processing the mail queue
Controlling number of messages in a queue run
Handling the full queue situation
Tuning Postfix
Installing Postfix
Limiting number of processes used
Limiting maximum message size
Limiting number of messages in queue
Limiting number of simultaneous delivery to a single site
Controlling queue full situation
Controlling the length a message stays in the queue
Controlling the frequency of the queue
Using PowerMTA for High-Volume Outbound Mail
Using multiple spool directories for speed
Setting the maximum number of file descriptors
Setting a maximum number of user processes
Setting maximum concurrent SMTP connections
Monitoring performance
Tuning Samba Server
Controlling TCP socket options
Tuning Samba Client
Tuning NFS Server
Optimizing read/write block size
Setting the appropriate Maximum TransmissionUnit
Running optimal number of NFS daemons
Monitoring packet fragments
NUsing Linux Intrusion Detection System (LIDS)
Using Linux Intrusion Detection System (LIDS)
Building a LIDS-based Linux system
Administering LIDS
Using libsafe to Protect ProgramStacks
Compiling and installing libsafe
Checking Consistency of Users andGroups
Securing Files and Directories
Understanding filesystem hierarchy structure
Setting system-wide default permission modelusing umask
Dealing with world-accessible files
Dealing with set-UID and set-GID programs
Using ext2 Filesystem SecurityFeatures
Using chattr
Using lsattr
Using a File Integrity Checker
Using a home-grown file integrity checker
Using Tripwire Open Source, Linux Edition
Setting up Integrity-Checkers
Setting up AIDE
Setting up ICU
Creating a Permission Policy
Setting configuration file permissions for users
Setting default file permissions for users
Setting executable file permissions
NWhat is PAM?
What is PAM?
Working with a PAM configuration file
Establishing a PAM-aware Application
Using Various PAM Modules toEnhance Security
Controlling access by time
Restricting access to everyone but root
Managing system resources among users
Securing console access using mod_console
NUnderstanding how SSL works
Understanding How SSL Works
Symmetric encryption
Asymmetric encryption
SSL as a protocol for data encryption
Understanding OpenSSL
Uses of OpenSSL
Getting OpenSSL
Installing and Configuring OpenSSL
OpenSSL prerequisites
Compiling and installing OpenSSL
Understanding Server Certificates
What is a certificate?
What is a Certificate Authority (CA)?
NCommercial CA
NSelf-certified private CA
Commercial CA
Self-certified, private CA
Getting a Server Certificate fromaCommercial CA
Creating a Private Certificate Authority
Understanding User Account Risks
Securing User Accounts
Using shadow passwords and groups
Checking password consistency
Eliminating risky shell services
Using OpenSSH for Secured RemoteAccess
Getting and installing OpenSSH
Configuring OpenSSH service
Connecting to an OpenSSH server
Managing the root Account
Limiting root access
Using su to become root or another user
Establishing Exponential PasswordSystem (EPS)
Converting standard passwords to EPS format
Using SRP-Enabled Telnet Service
Using SRP-Enabled FTP Service
NWhat is xinetd?
What Is xinetd?
Setting Up xinetd
Getting xinetd
Compiling and installing xinetd
Redirecting and Forwarding Clients
Using TCP Wrapper with xinetd
Running sshd as xinetd
Using xadmin
NUnderstanding Web Risks
Understanding Web Risks
Using a dedicated user and group for Apache
Using a safe directory structure
Using appropriate file and directory permissions
Using directory index file
Disabling default access
Disabling user overrides
Using Paranoid Configuration
Reducing CGI Risks
Information leaks
Consumption of system resources
Spoofing of system commands via CGI scripts
Keeping user input from making systemcallsunsafe
User modification of hidden data in HTML pages
Wrapping CGI Scripts
suEXEC
CGIWrap
Hide clues about your CGI scripts
Reducing SSI Risks
Logging Everything
Restricting Access to SensitiveContents
Using IP or hostname
Using an HTTP authentication scheme
Controlling Web Robots
Content Publishing Guidelines
Using Apache-SSL
Compiling and installing Apache-SSL patches
Creating a certificate for your Apache-SSL server
Configuring Apache for SSL
Testing the SSL connection
Understanding DNS Spoofing
Getting Dlint
Installing Dlint
Running Dlint
Securing BIND
Using Transaction Signatures (TSIG) forzonetransfers
Running BIND as a non-root user
Hiding the BIND version number
Limiting Queries
Turning off glue fetching
chrooting the DNS server
Using DNSSEC (signed zones)
What Is Open Mail Relay?
Is My Mail Server Vulnerable?
Securing Sendmail
Controlling mail relay
Enabling MAPS Realtime Blackhole List(RBL)support
Sanitizing incoming e-mail using procmail
Outbound-only Sendmail
Running Sendmail without root privileges
Securing Postfix
Keeping out spam
Hiding internal e-mail addresses by masquerading
NSecuring WU-FTPD
Securing WU-FTPD
Restricting FTP access by username
Setting default file permissions for FTP
Using a chroot jail for FTP sessions
Securing WU-FTPD using options in /etc/ftpaccess
Using ProFTPD
Downloading, compiling, and installing ProFTPD
Configuring ProFTPD
Monitoring ProFTPD
Securing ProFTPD
NSecuring Samba Server
Securing Samba Server
Choosing an appropriate security level
Avoiding plain-text passwords
Allowing access to users from trusted domains
Controlling Samba access by network interface
Controlling Samba access by hostnameorIPaddresses
Using OpenSSL with Samba
Securing NFS Server
Using Cryptographic Filesystems
NUsing a packet-filtering firewall
Packet-Filtering Firewalls
Enabling netfilter in the kernel
Creating a default policy
Appending a rule
Listing the rules
Deleting a rule
Inserting a new rule within a chain
Replacing a rule within a chain
Creating SOHO Packet-Filtering Firewalls
DNS client and cache-only services
SMTP client service
POP3 client service
Passive-mode FTP client service
SSH client service
Other new client service
Creating a Simple Firewall
Creating Transparent, proxy-arp Firewalls
Creating Corporate Firewalls
Purpose of the internal firewall
Purpose of the primary firewall
Setting up the internal firewall
Setting up the primary firewall
Secure Virtual Private Network
Compiling and installing FreeS/WAN
Creating a VPN
Stunnel: A Universal SSL Wrapper
Compiling and installing Stunnel
Securing IMAP
Securing POP3
Securing SMTP for special scenarios
Using Security Assessment (Audit)Tools
Using SAINT to Perform a Security Audit
SARA
VetesCan
Using Port Scanners
Performing Footprint Analysis Using nmap
Using PortSentry to Monitor Connections
Using Nessus Security Scanner
Using Strobe
Using Log Monitoring and AnalysisTools
Using logcheck for detecting unusual log entries
Swatch
IPTraf
Using CGI Scanners
Using cgichk.pl
Using Whisker
Using Malice
Using Password Crackers
John The Ripper
Crack
Using Intrusion Detection Tools
Tripwire
LIDS
Using Packet Filters and Sniffers
Snort
GShield
Useful Utilities for Security Administrators
Using Netcat
Tcpdump
LSOF
Ngrep
Index
0 of .
Results for:
No results containing your search query
P. 1
Red Hat Linux Security and Optimization

Red Hat Linux Security and Optimization

Ratings:

4.0

(1)
|Views: 145 |Likes:

More info:

Published by: Fliiby : file library on Jul 25, 2008
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

10/15/2011

pdf

text

original

You're Reading a Free Preview
Pages 15 to 48 are not shown in this preview.
You're Reading a Free Preview
Pages 63 to 199 are not shown in this preview.
You're Reading a Free Preview
Pages 214 to 323 are not shown in this preview.
You're Reading a Free Preview
Pages 338 to 351 are not shown in this preview.
You're Reading a Free Preview
Pages 366 to 721 are not shown in this preview.

Activity (2)

You've already reviewed this. Edit your review.
1 thousand reads
1 hundred reads

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->