RedHatEnterprise_Linu-6-SecurityGuide资源-CSDN文库

需积分: 9 76 浏览量 2011-03-11 10:41:07 上传评论收藏 1.02MB PDF 举报

资源推荐

资源详情

资源评论

Red Hat Enterprise Linux 6

Security Guide

A Guide to Securing Red Hat Enterprise Linux

Security Guide

Red Hat Enterprise Linux 6 Security Guide

A Guide to Securing Red Hat Enterprise Linux

Edition 1.5

Author

The text of and illustrations in this document are licensed by Red Hat under a Creative Commons

Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available

at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this

document or an adaptation of it, you must provide the URL for the original version.

Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert,

Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.

Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity

Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.

Linux® is the registered trademark of Linus Torvalds in the United States and other countries.

Java® is a registered trademark of Oracle and/or its affiliates.

XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States

and/or other countries.

MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other

countries.

All other trademarks are the property of their respective owners.

1801 Varsity Drive

Raleigh, NC 27606-2072 USA

Phone: +1 919 754 3700

Phone: 888 733 4281

Fax: +1 919 754 3701

The Red Hat Enterprise Linux Security Guide is designed to assist users and administrators in

learning the processes and practices of securing workstations and servers against local and remote

intrusion, exploitation and malicious activity.

Focused on Red Hat Enterprise Linux but detailing concepts and techniques valid for all Linux

systems, this guide details the planning and the tools involved in creating a secured computing

environment for the data center, workplace, and home.

With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully

functional and secured from most common intrusion and exploit methods.

iii

Preface vii

1. Document Conventions .................................................................................................. vii

1.1. Typographic Conventions .................................................................................... vii

1.2. Pull-quote Conventions ....................................................................................... viii

1.3. Notes and Warnings ............................................................................................ ix

2. We Need Feedback! ....................................................................................................... ix

1. Security Overview 1

1.1. Introduction to Security ................................................................................................. 1

1.1.1. What is Computer Security? ............................................................................... 1

1.1.2. SELinux ............................................................................................................ 3

1.1.3. Security Controls ............................................................................................... 3

1.1.4. Conclusion ........................................................................................................ 4

1.2. Vulnerability Assessment .............................................................................................. 5

1.2.1. Thinking Like the Enemy ................................................................................... 5

1.2.2. Defining Assessment and Testing ....................................................................... 6

1.2.3. Evaluating the Tools .......................................................................................... 7

1.3. Attackers and Vulnerabilities ......................................................................................... 9

1.3.1. A Quick History of Hackers ................................................................................ 9

1.3.2. Threats to Network Security ............................................................................. 10

1.3.3. Threats to Server Security ............................................................................... 10

1.3.4. Threats to Workstation and Home PC Security .................................................. 12

1.4. Common Exploits and Attacks ..................................................................................... 12

1.5. Security Updates ........................................................................................................ 15

1.5.1. Updating Packages .......................................................................................... 15

1.5.2. Verifying Signed Packages ............................................................................... 16

1.5.3. Installing Signed Packages .............................................................................. 16

1.5.4. Applying the Changes ...................................................................................... 17

2. Securing Your Network 21

2.1. Workstation Security ................................................................................................... 21

2.1.1. Evaluating Workstation Security ........................................................................ 21

2.1.2. BIOS and Boot Loader Security ........................................................................ 21

2.1.3. Password Security ........................................................................................... 23

2.1.4. Administrative Controls .................................................................................... 28

2.1.5. Available Network Services .............................................................................. 34

2.1.6. Personal Firewalls ........................................................................................... 37

2.1.7. Security Enhanced Communication Tools .......................................................... 38

2.2. Server Security .......................................................................................................... 38

2.2.1. Securing Services With TCP Wrappers and xinetd ............................................. 39

2.2.2. Securing Portmap ............................................................................................ 42

2.2.3. Securing NIS ................................................................................................... 42

2.2.4. Securing NFS .................................................................................................. 45

2.2.5. Securing the Apache HTTP Server ................................................................... 46

2.2.6. Securing FTP .................................................................................................. 47

2.2.7. Securing Sendmail ........................................................................................... 49

2.2.8. Verifying Which Ports Are Listening .................................................................. 50

2.3. TCP Wrappers and xinetd ........................................................................................... 51

2.3.1. TCP Wrappers ................................................................................................. 52

2.3.2. TCP Wrappers Configuration Files .................................................................... 53

2.3.3. xinetd .............................................................................................................. 60

2.3.4. xinetd Configuration Files ................................................................................. 60

2.3.5. Additional Resources ....................................................................................... 65

2.4. Virtual Private Networks (VPNs) .................................................................................. 66

2.4.1. How Does a VPN Work? ................................................................................. 67

Security Guide

2.4.2. Openswan ....................................................................................................... 67

2.5. Firewalls .................................................................................................................... 69

2.5.1. Netfilter and IPTables ....................................................................................... 71

2.5.2. Basic Firewall Configuration ............................................................................. 71

2.5.3. Using IPTables ................................................................................................ 74

2.5.4. Common IPTables Filtering .............................................................................. 75

2.5.5. FORWARD and NAT Rules ................................................................................. 76

2.5.6. Malicious Software and Spoofed IP Addresses .................................................. 79

2.5.7. IPTables and Connection Tracking .................................................................... 79

2.5.8. IPv6 ................................................................................................................ 80

2.5.9. Additional Resources ....................................................................................... 80

2.6. IPTables ..................................................................................................................... 81

2.6.1. Packet Filtering ................................................................................................ 81

2.6.2. Command Options for IPTables ........................................................................ 83

2.6.3. Saving IPTables Rules ..................................................................................... 91

2.6.4. IPTables Control Scripts ................................................................................... 92

2.6.5. IPTables and IPv6 ........................................................................................... 94

2.6.6. Additional Resources ....................................................................................... 94

3. Encryption 95

3.1. Data at Rest .............................................................................................................. 95

3.2. Full Disk Encryption .................................................................................................... 95

3.3. File Based Encryption ................................................................................................. 95

3.4. Data in Motion ........................................................................................................... 95

3.5. Virtual Private Networks .............................................................................................. 96

3.6. Secure Shell .............................................................................................................. 96

3.7. OpenSSL PadLock Engine .......................................................................................... 96

3.8. LUKS Disk Encryption ................................................................................................ 97

3.8.1. LUKS Implementation in Red Hat Enterprise Linux ............................................ 97

3.8.2. Manually Encrypting Directories ........................................................................ 98

3.8.3. Step-by-Step Instructions ................................................................................. 98

3.8.4. What you have just accomplished. .................................................................... 99

3.8.5. Links of Interest ............................................................................................... 99

3.9. Using GNU Privacy Guard (GnuPG) ............................................................................ 99

3.9.1. Creating GPG Keys in GNOME ........................................................................ 99

3.9.2. Creating GPG Keys in KDE ............................................................................. 99

3.9.3. Creating GPG Keys Using the Command Line ................................................. 100

3.9.4. About Public Key Encryption .......................................................................... 101

4. General Principles of Information Security 103

4.1. Tips, Guides, and Tools ............................................................................................ 103

5. Secure Installation 105

5.1. Disk Partitions .......................................................................................................... 105

5.2. Utilize LUKS Partition Encryption ............................................................................... 105

6. Software Maintenance 107

6.1. Install Minimal Software ............................................................................................ 107

6.2. Plan and Configure Security Updates ........................................................................ 107

6.3. Adjusting Automatic Updates ..................................................................................... 107

6.4. Install Signed Packages from Well Known Repositories .............................................. 107

7. Federal Standards and Regulations 109

7.1. Introduction .............................................................................................................. 109

7.2. Federal Information Processing Standard (FIPS) ........................................................ 109

7.3. National Industrial Security Program Operating Manual (NISPOM) ............................... 110

剩余127页未读，继续阅读

评论收藏

内容反馈

fendoubest279

粉丝: 3
资源: 2

RedHatEnterprise_Linu-6-SecurityGuide

evince-2.28.2-14.el6_0.1.i686.rpm

RedHatEnterprise6.4配置CentOS6.4软件源借鉴.pdf

Linux实用教程之RedHatEnterprise版.ppt

RedHatEnterprise50之双机热备.pdf

RedHatEnterprise6.1(64位)部署Oracle11R数据库系统说明[汇编].pdf

RedHatEnterPrise5 下安裝Oracle10g

redhatenterprise操作系统原理最新教材

给虚拟机VMWare下的Red_Hat_Enterprise_5根分区扩容

oracle_redhat.rar_oracle

如何破解RedHatEnterprise4的root密码(救援没有密码).pdf

RedHatEnterPrise5安装和配置(字符模式)[汇编].pdf

如何破解RedHatEnterprise4的root密码(救援没有密码)汇编.pdf

Redhat Enterprise 5.5下安装Oracle9i

RedHat 7.9安装MySQL 8.0 MGR

RedHat 6.4 & oracle 11.2.0.4.0（本地安装）手册

Red Hat Enterprise Linux 5 主机安装实施方案 计算机专业电子书

linux aarch64架构libreoffice安装包

RocketMQ 可视化工具 Dashboard下载

openssh-server离线安装包

Linux系统下Qt5.12.10.run安装包

VisualGDB 5.6 R9//支持VS2008-VS2022

WPS、迅雷等软件的arm64 linux版本deb

tongweb7.0，windows和linux安装包

微信（Universal） Linux 版

银河麒麟系统硬盘分区挂载

JDK1.8安装包Linux可用（jdk-8u391-linux-aarch64.tar）

Linux Centos7 升级最新版OpenSSH-9.6p1 有脚本（支持离线）

最新资源

Red Hat Enterprise Linux 5 主机安装实施方案计算机专业电子书