没有合适的资源?快使用搜索试试~ 我知道了~
资源推荐
资源详情
资源评论
Red Hat Enterprise Linux 6
Security Guide
A Guide to Securing Red Hat Enterprise Linux
Security Guide
Red Hat Enterprise Linux 6 Security Guide
A Guide to Securing Red Hat Enterprise Linux
Edition 1.5
Author
Copyright © 2010 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons
Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available
at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this
document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert,
Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity
Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States
and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other
countries.
All other trademarks are the property of their respective owners.
1801 Varsity Drive
Raleigh, NC 27606-2072 USA
Phone: +1 919 754 3700
Phone: 888 733 4281
Fax: +1 919 754 3701
The Red Hat Enterprise Linux Security Guide is designed to assist users and administrators in
learning the processes and practices of securing workstations and servers against local and remote
intrusion, exploitation and malicious activity.
Focused on Red Hat Enterprise Linux but detailing concepts and techniques valid for all Linux
systems, this guide details the planning and the tools involved in creating a secured computing
environment for the data center, workplace, and home.
With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully
functional and secured from most common intrusion and exploit methods.
iii
Preface vii
1. Document Conventions .................................................................................................. vii
1.1. Typographic Conventions .................................................................................... vii
1.2. Pull-quote Conventions ....................................................................................... viii
1.3. Notes and Warnings ............................................................................................ ix
2. We Need Feedback! ....................................................................................................... ix
1. Security Overview 1
1.1. Introduction to Security ................................................................................................. 1
1.1.1. What is Computer Security? ............................................................................... 1
1.1.2. SELinux ............................................................................................................ 3
1.1.3. Security Controls ............................................................................................... 3
1.1.4. Conclusion ........................................................................................................ 4
1.2. Vulnerability Assessment .............................................................................................. 5
1.2.1. Thinking Like the Enemy ................................................................................... 5
1.2.2. Defining Assessment and Testing ....................................................................... 6
1.2.3. Evaluating the Tools .......................................................................................... 7
1.3. Attackers and Vulnerabilities ......................................................................................... 9
1.3.1. A Quick History of Hackers ................................................................................ 9
1.3.2. Threats to Network Security ............................................................................. 10
1.3.3. Threats to Server Security ............................................................................... 10
1.3.4. Threats to Workstation and Home PC Security .................................................. 12
1.4. Common Exploits and Attacks ..................................................................................... 12
1.5. Security Updates ........................................................................................................ 15
1.5.1. Updating Packages .......................................................................................... 15
1.5.2. Verifying Signed Packages ............................................................................... 16
1.5.3. Installing Signed Packages .............................................................................. 16
1.5.4. Applying the Changes ...................................................................................... 17
2. Securing Your Network 21
2.1. Workstation Security ................................................................................................... 21
2.1.1. Evaluating Workstation Security ........................................................................ 21
2.1.2. BIOS and Boot Loader Security ........................................................................ 21
2.1.3. Password Security ........................................................................................... 23
2.1.4. Administrative Controls .................................................................................... 28
2.1.5. Available Network Services .............................................................................. 34
2.1.6. Personal Firewalls ........................................................................................... 37
2.1.7. Security Enhanced Communication Tools .......................................................... 38
2.2. Server Security .......................................................................................................... 38
2.2.1. Securing Services With TCP Wrappers and xinetd ............................................. 39
2.2.2. Securing Portmap ............................................................................................ 42
2.2.3. Securing NIS ................................................................................................... 42
2.2.4. Securing NFS .................................................................................................. 45
2.2.5. Securing the Apache HTTP Server ................................................................... 46
2.2.6. Securing FTP .................................................................................................. 47
2.2.7. Securing Sendmail ........................................................................................... 49
2.2.8. Verifying Which Ports Are Listening .................................................................. 50
2.3. TCP Wrappers and xinetd ........................................................................................... 51
2.3.1. TCP Wrappers ................................................................................................. 52
2.3.2. TCP Wrappers Configuration Files .................................................................... 53
2.3.3. xinetd .............................................................................................................. 60
2.3.4. xinetd Configuration Files ................................................................................. 60
2.3.5. Additional Resources ....................................................................................... 65
2.4. Virtual Private Networks (VPNs) .................................................................................. 66
2.4.1. How Does a VPN Work? ................................................................................. 67
Security Guide
iv
2.4.2. Openswan ....................................................................................................... 67
2.5. Firewalls .................................................................................................................... 69
2.5.1. Netfilter and IPTables ....................................................................................... 71
2.5.2. Basic Firewall Configuration ............................................................................. 71
2.5.3. Using IPTables ................................................................................................ 74
2.5.4. Common IPTables Filtering .............................................................................. 75
2.5.5. FORWARD and NAT Rules ................................................................................. 76
2.5.6. Malicious Software and Spoofed IP Addresses .................................................. 79
2.5.7. IPTables and Connection Tracking .................................................................... 79
2.5.8. IPv6 ................................................................................................................ 80
2.5.9. Additional Resources ....................................................................................... 80
2.6. IPTables ..................................................................................................................... 81
2.6.1. Packet Filtering ................................................................................................ 81
2.6.2. Command Options for IPTables ........................................................................ 83
2.6.3. Saving IPTables Rules ..................................................................................... 91
2.6.4. IPTables Control Scripts ................................................................................... 92
2.6.5. IPTables and IPv6 ........................................................................................... 94
2.6.6. Additional Resources ....................................................................................... 94
3. Encryption 95
3.1. Data at Rest .............................................................................................................. 95
3.2. Full Disk Encryption .................................................................................................... 95
3.3. File Based Encryption ................................................................................................. 95
3.4. Data in Motion ........................................................................................................... 95
3.5. Virtual Private Networks .............................................................................................. 96
3.6. Secure Shell .............................................................................................................. 96
3.7. OpenSSL PadLock Engine .......................................................................................... 96
3.8. LUKS Disk Encryption ................................................................................................ 97
3.8.1. LUKS Implementation in Red Hat Enterprise Linux ............................................ 97
3.8.2. Manually Encrypting Directories ........................................................................ 98
3.8.3. Step-by-Step Instructions ................................................................................. 98
3.8.4. What you have just accomplished. .................................................................... 99
3.8.5. Links of Interest ............................................................................................... 99
3.9. Using GNU Privacy Guard (GnuPG) ............................................................................ 99
3.9.1. Creating GPG Keys in GNOME ........................................................................ 99
3.9.2. Creating GPG Keys in KDE ............................................................................. 99
3.9.3. Creating GPG Keys Using the Command Line ................................................. 100
3.9.4. About Public Key Encryption .......................................................................... 101
4. General Principles of Information Security 103
4.1. Tips, Guides, and Tools ............................................................................................ 103
5. Secure Installation 105
5.1. Disk Partitions .......................................................................................................... 105
5.2. Utilize LUKS Partition Encryption ............................................................................... 105
6. Software Maintenance 107
6.1. Install Minimal Software ............................................................................................ 107
6.2. Plan and Configure Security Updates ........................................................................ 107
6.3. Adjusting Automatic Updates ..................................................................................... 107
6.4. Install Signed Packages from Well Known Repositories .............................................. 107
7. Federal Standards and Regulations 109
7.1. Introduction .............................................................................................................. 109
7.2. Federal Information Processing Standard (FIPS) ........................................................ 109
7.3. National Industrial Security Program Operating Manual (NISPOM) ............................... 110
v
7.4. Payment Card Industry Data Security Standard (PCI DSS) .......................................... 110
7.5. Security Technical Implementation Guide ................................................................... 110
8. References 111
A. Encryption Standards 113
A.1. Synchronous Encryption ........................................................................................... 113
A.1.1. Advanced Encryption Standard - AES ............................................................. 113
A.1.2. Data Encryption Standard - DES .................................................................... 113
A.2. Public-key Encryption ............................................................................................... 114
A.2.1. Diffie-Hellman ................................................................................................ 114
A.2.2. RSA .............................................................................................................. 115
A.2.3. DSA .............................................................................................................. 115
A.2.4. SSL/TLS ....................................................................................................... 115
A.2.5. Cramer-Shoup Cryptosystem ......................................................................... 115
A.2.6. ElGamal Encryption ....................................................................................... 116
B. Revision History 117
剩余127页未读,继续阅读
资源评论
fendoubest279
- 粉丝: 3
- 资源: 2
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功