Red Hat Enterprise Linux 4

Security Guide

For Red Hat Enterprise Linux 4

Edition 2

Copyright © 2008 Red Hat, Inc

Legal Notice

Copyright © 2008 Red Hat, Inc.
This document is licensed by Red Hat under the Creative Commons Attribution-ShareAlike 3.0 Unported License. If you distribute this document, or a modified version of it, you must provide attribution to Red Hat, Inc. and provide a link to the original. If the document is modified, all Red Hat trademarks must be removed.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat Software Collections is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack Logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.

Abstract

This book assists users and administrators in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation and malicious activity. Focused on Red Hat Enterprise Linux but detailing concepts and techniques valid for all Linux systems, this guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods.
Introduction
1. Document Conventions
1.1. Typographic Conventions
1.2. Pull-quote Conventions
1.3. Notes and Warnings
2. More to Come
2.1. Send in Your Feedback
I. A General Introduction to Security
1. Security Overview
1.1. What is Computer Security?
1.1.1. How did Computer Security Come about?
1.1.2. Computer Security Timeline
1.1.3. Security Today
1.1.4. Standardizing Security
1.2. Security Controls
1.2.1. Physical Controls
1.2.2. Technical Controls
1.2.3. Administrative Controls
1.3. Conclusion
2. Attackers and Vulnerabilities
2.1. A Quick History of Hackers
2.1.1. Shades of Grey
2.2. Threats to Network Security
2.2.1. Insecure Architectures
2.3. Threats to Server Security
2.3.1. Unused Services and Open Ports
2.3.2. Unpatched Services
2.3.3. Inattentive Administration
2.3.4. Inherently Insecure Services
2.4. Threats to Workstation and Home PC Security
2.4.1. Bad Passwords
2.4.2. Vulnerable Client Applications
II. Configuring Red Hat Enterprise Linux for Security
3. Security Updates
3.1. Updating Packages
3.1.1. Using Red Hat Network
3.1.2. Using the Red Hat Errata Website
3.1.3. Verifying Signed Packages
3.1.4. Installing Signed Packages
3.1.5. Applying the Changes
4. Workstation Security
4.1. Evaluating Workstation Security
4.2. BIOS and Boot Loader Security
4.2.1. BIOS Passwords
4.2.2. Boot Loader Passwords
4.3. Password Security
4.3.1. Creating Strong Passwords
4.3.2. Creating User Passwords Within an Organization
4.4. Administrative Controls
4.4.1. Allowing Root Access
4.4.2. Disallowing Root Access
4.4.3. Limiting Root Access
4.5. Available Network Services
4.5.1. Risks To Services
4.5.2. Identifying and Configuring Services
4.5.3. Insecure Services
4.6. Personal Firewalls
4.7. Security Enhanced Communication Tools
5. Server Security
5.1. Securing Services With TCP Wrappers and xinetd
5.1.1. Enhancing Security With TCP Wrappers
5.1.2. Enhancing Security With xinetd
5.2. Securing Portmap
5.2.1. Protect portmap With TCP Wrappers
5.2.2. Protect portmap With IPTables
5.3. Securing NIS
5.3.1. Carefully Plan the Network
5.3.2. Use a Password-like NIS Domain Name and Hostname
5.3.3. Edit the /var/yp/securenets File
5.3.4. Assign Static Ports and Use IPTables Rules
5.3.5. Use Kerberos Authentication
5.4. Securing NFS
5.4.1. Carefully Plan the Network
5.4.2. Beware of Syntax Errors
5.4.3. Do Not Use the no_root_squash Option
5.5. Securing the Apache HTTP Server
5.5.1. FollowSymLinks
5.5.2. The Indexes Directive
5.5.3. The UserDir Directive
5.5.4. Do Not Remove the IncludesNoExec Directive
5.5.5. Restrict Permissions for Executable Directories
5.6. Securing FTP
5.6.1. FTP Greeting Banner
5.6.2. Anonymous Access
5.6.3. User Accounts
5.6.4. Use TCP Wrappers To Control Access
5.7. Securing Sendmail
5.7.1. Limiting a Denial of Service Attack
5.7.2. NFS and Sendmail
5.7.3. Mail-only Users
5.8. Verifying Which Ports Are Listening
6. Virtual Private Networks
6.1. VPNs and Red Hat Enterprise Linux
6.2. IPsec
6.3. IPsec Installation
6.4. IPsec Host-to-Host Configuration
6.5. IPsec Network-to-Network configuration
7. Firewalls
7.1. Netfilter and iptables
7.1.1. iptables Overview
7.2. Using iptables
7.2.1. Basic Firewall Policies
7.2.2. Saving and Restoring iptables Rules
7.3. Common iptables Filtering
7.4. FORWARD and NAT Rules
7.4.1. DMZs and iptables
7.5. Viruses and Spoofed IP Addresses
7.6. iptables and Connection Tracking
7.7. ip6tables
7.8. Additional Resources
7.8.1. Installed Documentation
7.8.2. Useful Websites
7.8.3. Related Documentation
III. Assessing Your Security
8. Vulnerability Assessment
8.1. Thinking Like the Enemy
8.2. Defining Assessment and Testing
8.2.1. Establishing a Methodology
8.3. Evaluating the Tools
8.3.1. Scanning Hosts with Nmap
8.3.2. Nessus
8.3.3. Nikto
8.3.4. VLAD the Scanner
8.3.5. Anticipating Your Future Needs
IV. Intrusions and Incident Response
9. Intrusion Detection
9.1. Defining Intrusion Detection Systems
9.1.1. IDS Types
9.2. Host-based IDS
9.2.1. Tripwire
9.2.2. RPM as an IDS
9.2.3. Other Host-based IDSes
9.3. Network-based IDS
9.3.1. Snort
10. Incident Response
10.1. Defining Incident Response
10.2. Creating an Incident Response Plan
10.2.1. The Computer Emergency Response Team (CERT)
10.2.2. Legal Considerations
10.3. Implementing the Incident Response Plan
10.4. Investigating the Incident
10.4.1. Collecting an Evidential Image
10.4.2. Gathering Post-Breach Information
10.5. Restoring and Recovering Resources
10.5.1. Reinstalling the System
10.5.2. Patching the System
10.6. Reporting the Incident
V. Appendixes
A. Hardware and Network Protection
A.1. Secure Network Topologies
A.1.1. Physical Topologies
A.1.2. Transmission Considerations
A.1.3. Wireless Networks
A.1.4. Network Segmentation and DMZs
A.2. Hardware Security
B. Common Exploits and Attacks
C. Common Ports
D. Revision History
Index