Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Look up keyword or section
Like this

Table Of Contents

Chapter 1
Measuring System Performance
Monitoring system performance with ps
Checking memory and I/O with vmstat
Running Vtad to analyze your system
Chapter 2
Compiling and Installing a Custom Kernel
Downloading kernel source code (latestdistribution)
Creating the /usr/src/linux symbolic link
Selecting a kernel-configuration method
Using menuconfig
Compiling the kernel
Booting the new kernel
Running Demanding Applications
NTuning your hard disks
Tuning your hard disks
Tuning ext2 Filesystem
Changing the block size of the ext2 filesystem
Using e2fsprogs to tune ext2 filesystem
Using a Journaling Filesystem
Compiling and installing ReiserFS
Using ReiserFS
Benchmarking ReiserFS
Managing Logical Volumes
Compiling and installing the LVM module for kernel
Creating a logical volume
Adding a new disk or partition to a logical volume
Removing a disk or partition from a volume group
Using RAID, SAN, or Storage Appliances
Using Linux Software RAID
Using Hardware RAID
Using Storage-Area Networks (SANs)
Using Storage Appliances
Using a RAM-Based Filesystem
Tuning an Ethernet LAN or WAN
Using network segmentation technique forperformance
Using switches in place of hubs
Using fast Ethernet
Using a network backbone
Understanding and controlling network traffic flow
Balancing the traffic load using the DNS server
IP Accounting
IP accounting on a Linux network gateway
Compiling a Lean and Mean Apache
Tuning Apache Configuration
Controlling Apache processes
Controlling system resources
Using dynamic modules
Speeding Up Static Web Pages
Reducing disk I/O for faster static page delivery
Using Kernel HTTP daemon
Speeding Up Web Applications
Using mod_perl
Using FastCGI
Installing and configuring FastCGI module for Apache
Using Java servlets
Using Squid proxy-caching server
Choosing Your MTA
Tuning Sendmail
Controlling the maximum size of messages
Caching Connections
Controlling simultaneous connections
Limiting the load placed by Sendmail
Saving memory when processing the mail queue
Controlling number of messages in a queue run
Handling the full queue situation
Tuning Postfix
Installing Postfix
Limiting number of processes used
Limiting maximum message size
Limiting number of messages in queue
Limiting number of simultaneous delivery to a single site
Controlling queue full situation
Controlling the length a message stays in the queue
Controlling the frequency of the queue
Using PowerMTA for High-Volume Outbound Mail
Using multiple spool directories for speed
Setting the maximum number of file descriptors
Setting a maximum number of user processes
Setting maximum concurrent SMTP connections
Monitoring performance
Tuning Samba Server
Controlling TCP socket options
Tuning Samba Client
Tuning NFS Server
Optimizing read/write block size
Setting the appropriate Maximum TransmissionUnit
Running optimal number of NFS daemons
Monitoring packet fragments
NUsing Linux Intrusion Detection System (LIDS)
Using Linux Intrusion Detection System (LIDS)
Building a LIDS-based Linux system
Administering LIDS
Using libsafe to Protect ProgramStacks
Compiling and installing libsafe
libsafe in action
Understanding file ownership & permissions
Changing ownership of files and directoriesusingchown
Using octal numbers to set file anddirectorypermissions
Using permission strings to set access permissions
Managing symbolic links
Managing user group permission
Checking Consistency of Users andGroups
Securing Files and Directories
Understanding filesystem hierarchy structure
Setting system-wide default permission modelusing umask
Dealing with world-accessible files
Dealing with set-UID and set-GID programs
Using ext2 Filesystem SecurityFeatures
Using chattr
Using lsattr
Using a File Integrity Checker
Using a home-grown file integrity checker
Using Tripwire Open Source, Linux Edition
Setting up Integrity-Checkers
Setting up AIDE
Setting up ICU
Creating a Permission Policy
Setting configuration file permissions for users
Setting default file permissions for users
Setting executable file permissions
NWhat is PAM?
What is PAM?
Working with a PAM configuration file
Establishing a PAM-aware Application
Using Various PAM Modules toEnhance Security
Controlling access by time
Restricting access to everyone but root
Managing system resources among users
Securing console access using mod_console
NUnderstanding how SSL works
Understanding How SSL Works
Symmetric encryption
Asymmetric encryption
SSL as a protocol for data encryption
Understanding OpenSSL
Uses of OpenSSL
Getting OpenSSL
Installing and Configuring OpenSSL
OpenSSL prerequisites
Compiling and installing OpenSSL
Understanding Server Certificates
What is a certificate?
What is a Certificate Authority (CA)?
NCommercial CA
NSelf-certified private CA
Commercial CA
Self-certified, private CA
Getting a Server Certificate fromaCommercial CA
Creating a Private Certificate Authority
Understanding User Account Risks
Securing User Accounts
Using shadow passwords and groups
Checking password consistency
Eliminating risky shell services
Using OpenSSH for Secured RemoteAccess
Getting and installing OpenSSH
Configuring OpenSSH service
Connecting to an OpenSSH server
Managing the root Account
Limiting root access
Using su to become root or another user
Using sudo to delegate root access
Monitoring Users
Finding who is on the system
Finding who was on the system
Creating a User-Access SecurityPolicy
Creating a User-Termination Security Policy
NSetting up Secure Remote Password (SRP)
Setting Up Secure Remote PasswordSupport
Establishing Exponential PasswordSystem (EPS)
Converting standard passwords to EPS format
Using SRP-Enabled Telnet Service
Using SRP-Enabled FTP Service
NWhat is xinetd?
What Is xinetd?
Setting Up xinetd
Getting xinetd
Compiling and installing xinetd
Configuring xinetd for services
Starting, Reloading, and Stoppingxinetd
Strengthening the Defaults in/etc/xinetd.conf
Running an Internet Daemon Usingxinetd
Controlling Access by Time of Day
Reducing Risks of Denial-of-Service Attacks
Limiting the number of servers
Limiting log file size
Limiting load
Limiting the rate of connections
Creating an Access-Discriminative Service
Redirecting and Forwarding Clients
Using TCP Wrapper with xinetd
Running sshd as xinetd
Using xadmin
NUnderstanding Web Risks
Understanding Web Risks
Using a dedicated user and group for Apache
Using a safe directory structure
Using appropriate file and directory permissions
Using directory index file
Disabling default access
Disabling user overrides
Using Paranoid Configuration
Reducing CGI Risks
Information leaks
Consumption of system resources
Spoofing of system commands via CGI scripts
Keeping user input from making systemcallsunsafe
User modification of hidden data in HTML pages
Wrapping CGI Scripts
Hide clues about your CGI scripts
Reducing SSI Risks
Logging Everything
Restricting Access to SensitiveContents
Using IP or hostname
Using an HTTP authentication scheme
Controlling Web Robots
Content Publishing Guidelines
Using Apache-SSL
Compiling and installing Apache-SSL patches
Creating a certificate for your Apache-SSL server
Configuring Apache for SSL
Testing the SSL connection
Understanding DNS Spoofing
Getting Dlint
Installing Dlint
Running Dlint
Securing BIND
Using Transaction Signatures (TSIG) forzonetransfers
Running BIND as a non-root user
Hiding the BIND version number
Limiting Queries
Turning off glue fetching
chrooting the DNS server
Using DNSSEC (signed zones)
What Is Open Mail Relay?
Is My Mail Server Vulnerable?
Securing Sendmail
Controlling mail relay
Enabling MAPS Realtime Blackhole List(RBL)support
Sanitizing incoming e-mail using procmail
Outbound-only Sendmail
Running Sendmail without root privileges
Securing Postfix
Keeping out spam
Hiding internal e-mail addresses by masquerading
NSecuring WU-FTPD
Securing WU-FTPD
Restricting FTP access by username
Setting default file permissions for FTP
Using a chroot jail for FTP sessions
Securing WU-FTPD using options in /etc/ftpaccess
Securing ProFTPD
NSecuring Samba Server
Securing Samba Server
Choosing an appropriate security level
Avoiding plain-text passwords
Allowing access to users from trusted domains
Controlling Samba access by network interface
Controlling Samba access by hostnameorIPaddresses
Using OpenSSL with Samba
Securing NFS Server
Using Cryptographic Filesystems
Creating Transparent, proxy-arp Firewalls
Creating Corporate Firewalls
Purpose of the internal firewall
Purpose of the primary firewall
Setting up the internal firewall
Setting up the primary firewall
Secure Virtual Private Network
Compiling and installing FreeS/WAN
Creating a VPN
Stunnel: A Universal SSL Wrapper
Compiling and installing Stunnel
Securing IMAP
Securing POP3
Securing SMTP for special scenarios
Using Security Assessment (Audit)Tools
Using SAINT to Perform a Security Audit
Using Port Scanners
Performing Footprint Analysis Using nmap
Using PortSentry to Monitor Connections
Using Nessus Security Scanner
Using Strobe
Using Log Monitoring and AnalysisTools
Using logcheck for detecting unusual log entries
Using CGI Scanners
Using cgichk.pl
Using Whisker
Using Malice
Using Password Crackers
John The Ripper
Using Intrusion Detection Tools
Using Packet Filters and Sniffers
Useful Utilities for Security Administrators
Using Netcat
0 of .
Results for:
No results containing your search query
P. 1
RedHat Press Red Hat Linux Security and Optimization

RedHat Press Red Hat Linux Security and Optimization

Ratings: (0)|Views: 39|Likes:
Published by sw0815

More info:

Published by: sw0815 on Dec 28, 2010
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





You're Reading a Free Preview
Pages 15 to 478 are not shown in this preview.
You're Reading a Free Preview
Pages 493 to 514 are not shown in this preview.
You're Reading a Free Preview
Pages 537 to 630 are not shown in this preview.
You're Reading a Free Preview
Pages 645 to 722 are not shown in this preview.

Activity (4)

You've already reviewed this. Edit your review.
1 hundred reads
Angelo liked this
marceloedy liked this
PATXITM liked this

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->