Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Practical Linux Security Cookbook
Practical Linux Security Cookbook

Practical Linux Security Cookbook: Secure your Linux environment from modern-day attacks with practical recipes , Second Edition

eBook
€8.99 €29.99
Paperback
€36.99
Subscription
Free Trial
Renews at €18.99p/m

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
OR
Modal Close icon
Payment Processing...
tick Completed

Billing Address

Table of content icon View table of contents Preview book icon Preview Book

Practical Linux Security Cookbook

Configuring a Secure and Optimized Kernel

The kernel is the core of any operating system, be it Windows or Linux. Linux is technically the kernel and not the complete operating system. Being the core of any operating system, the kernel is installed first and usually requires no manual configuration. Even if there are some kernel level updates to be installed, on a Linux system, it can be installed as a regular application. However, in some situations, compiling the kernel from source with some specific changes might be needed.

However, there might be a few situations where you need to compile the kernel yourself, from the source. These situations include:

  • Enabling experimental features in the kernel
  • Enabling new hardware support
  • Debugging the kernel
  • Exploring the kernel source code

Before you can start building the Linux kernel, you must ensure that a working boot media exists...

Creating USB boot media

A USB boot media can be created on any USB media device that is formatted as ext2, ext3, or VFAT format. Also, ensure that enough free space is available on the device, varying from 4 GB for transferring a distribution DVD image, 700 MB in case of a distribution CD image, or just 10 MB to transfer a minimal boot media image. Learning how to create a boot media will be beneficial for readers who are not very experienced with Linux.

Getting ready

Before starting the steps, you need to have an image file of a Linux installation disk, which you can name as boot.iso, and a USB storage device, as specified before.

...

Retrieving the kernel source

Most of the Linux distributions include the kernel sources in them. However, these sources may tend to be a bit out of date. Because of this, you may need to get the latest sources when building or customizing the kernel.

Getting ready

Most of the Linux kernel developer community uses the Git tool for source code management. Even Ubuntu has integrated Git for its own Linux kernel source code, hence enabling the kernel developers to interact better with the community. You can install the Git package using the following command:

sudo apt-get install git

How to do it...

...

Configuring and building kernel

The need to configure the kernel could arise for many reasons. You may want to resize the kernel to run only the necessary services or you may have to patch it to support new hardware not supported earlier by the kernel. It could be a daunting task for any system administrator and in this section, you will see how you can configure and build the kernel.

Getting ready

It is always recommended you have ample space for kernels in the boot partition in any system. You should either choose the whole disk install option or set aside a minimum of 3 GB disk space for boot partition. Once you are done with the installation of your Linux distribution and have configured the required development packages...

Installing and booting from a kernel

After having spent a lot of time configuring and compiling the kernel, you can now start the process of installing the kernel to the local system.

Getting ready

Before starting with the installation of the kernel, make sure you back up all your important data on the system. Also make a copy of /boot/ onto external, storage which is formatted in the FAT32 filesystem. This will help repair the system if the installation process fails for any reason.

How to do it...

Once the kernel is compiled, you can start following the commands...

Kernel testing and debugging

An important part of any open or closed software development cycle is testing and debugging. And the same applies to the Linux kernel. The end goal of testing and debugging is to ensure that the kernel is working in the same way as earlier, even after installing a new kernel source code.

Configuring console for debugging using netconsole

One of the biggest issues with the Linux kernel is kernel panic. It is similar to the Blue Screen of Death for Microsoft Windows operating systems. If the kernel panics, it will dump a lot of information on the screen and just stay there. It is very difficult to trace a kernel panic if the system is rebooted as no logs are created for it. To solve this issue...

Debugging kernel boot

Sometimes your system might fail to boot due to changes within the kernel. Hence it is important that when creating reports about these failures, all the appropriate information about debugging is included. This will be useful for the kernel team in resolving the issue.

How to do it...

If you are trying to capture error messages that appear during boot, then it is better to boot the kernel with the quiet and splash options removed. This helps you see the messages, if any, that appear on the screen.

To edit boot option parameters, do the following:

  1. Boot the machine.
  2. During the BIOS screen, press the Shift key and hold it down. You should see the GRUB menu after the BIOS loads...

Kernel errors

Kernel panic or kernel error is a term used when a Linux system has come to halt and seems unresponsive. When the kernel detects an abnormal situation, it voluntarily halts the system activity. When the Linux system detects an internal fatal error from which it cannot recover safely, it generates a kernel panic.

Causes of kernel errors

In Linux, a kernel error can be caused due to various reasons. Here we will discuss a few of the reasons:

  • Hardware – Machine Check Exceptions: This type of kernel error is caused when a component failure is detected and reported by the hardware through an exception. This typically looks like this:
System hangs or kernel panics with MCE (Machine Check Exception) in /var...

Checking kernel parameters using Lynis

Any operating system is as strong as its weakest link. In the case of Linux, any weakness in its kernel would imply a total compromise of the system. Hence it is necessary to check the security configuration of the Linux kernel.

In this topic, we will see how to use Lynis to check for kernel parameters automatically. Lynis has several predefined key pairs to look for in kernel configuration and accordingly provide advice.

Getting ready

To view or edit any security related parameter of Linux kernel, there is the /etc/sysctl.conf file. All the parameters are stored in this file and this is read during boot time. If you wish to see the available kernel parameters in this file, you can do...

Left arrow icon Right arrow icon
Download code icon Download Code

Key benefits

  • Hands-on recipes to create and administer a secure Linux system
  • Enhance file system security and local and remote user authentication
  • Use various security tools and different versions of Linux for different tasks

Description

Over the last few years, system security has gained a lot of momentum and software professionals are focusing heavily on it. Linux is often treated as a highly secure operating system. However, the reality is that Linux has its share of security ?aws, and these security ?aws allow attackers to get into your system and modify or even destroy your important data. But there’s no need to panic, since there are various mechanisms by which these ?aws can be removed, and this book will help you learn about different types of Linux security to create a more secure Linux system. With a step-by-step recipe approach, the book starts by introducing you to various threats to Linux systems. Then, this book will walk you through customizing the Linux kernel and securing local files. Next, you will move on to managing user authentication both locally and remotely and mitigating network attacks. Later, you will learn about application security and kernel vulnerabilities. You will also learn about patching Bash vulnerability, packet filtering, handling incidents, and monitoring system logs. Finally, you will learn about auditing using system services and performing vulnerability scanning on Linux. By the end of this book, you will be able to secure your Linux systems and create a robust environment.

Who is this book for?

This book is intended for all those Linux users who already have knowledge of Linux file systems and administration. You should be familiar with basic Linux commands. Understanding information security and its risks to a Linux system is also helpful in understanding the recipes more easily.

What you will learn

  • Learn about vulnerabilities and exploits in relation to Linux systems
  • Configure and build a secure kernel and test it
  • Learn about file permissions and how to securely modify files
  • Authenticate users remotely and securely copy files on remote systems
  • Review different network security methods and tools
  • Perform vulnerability scanning on Linux machines using tools
  • Learn about malware scanning and read through logs

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Aug 31, 2018
Length: 482 pages
Edition : 2nd
Language : English
ISBN-13 : 9781789136005
Category :
Tools :

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
OR
Modal Close icon
Payment Processing...
tick Completed

Billing Address

Product Details

Publication date : Aug 31, 2018
Length: 482 pages
Edition : 2nd
Language : English
ISBN-13 : 9781789136005
Category :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
€18.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
€189.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts
€264.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total 131.97
Kali Linux Web Penetration Testing Cookbook
€41.99
Practical Linux Security Cookbook
€36.99
Mastering Linux Security and Hardening
€52.99
Total 131.97 Stars icon
Banner background image

Table of Contents

14 Chapters
Linux Security Problem Chevron down icon Chevron up icon
Configuring a Secure and Optimized Kernel Chevron down icon Chevron up icon
Local Filesystem Security Chevron down icon Chevron up icon
Local Authentication in Linux Chevron down icon Chevron up icon
Remote Authentication Chevron down icon Chevron up icon
Network Security Chevron down icon Chevron up icon
Security Tools Chevron down icon Chevron up icon
Linux Security Distros Chevron down icon Chevron up icon
Bash Vulnerability Patching Chevron down icon Chevron up icon
Security Monitoring and Logging Chevron down icon Chevron up icon
Understanding Linux Service Security Chevron down icon Chevron up icon
Scanning and Auditing Linux Chevron down icon Chevron up icon
Vulnerability Scanning and Intrusion Detection Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon

Customer reviews

Rating distribution
Full star icon Full star icon Full star icon Half star icon Empty star icon 3.7
(3 Ratings)
5 star 66.7%
4 star 0%
3 star 0%
2 star 0%
1 star 33.3%
DealzLab.de Feb 03, 2019
Full star icon Full star icon Full star icon Full star icon Full star icon 5
This book is great! You will find a sorted and well-structured list of measurements to protect your server against malicious attacks from outside. It guides you step by step to create a secure system. With this book, you will have the know-how of many different server security measurements. It describes each aspect in a quick and easy to understand manner.Some small critics I need to add also:The very important topic "Server Backup" should be described more into detail so that one can make remote hard drive backups. Because that's what most people need to do. Few tools are also not mentioned there which I considder as to be very important for a server administrator like WinSCP and the command screen as an example. Also, the very important aspect of monitoring file changes on the server could be described a bit more into detail.Overall it is very good and easy to understand the book. Some very important aspects could be described more into detail but that's only my point of view.
Amazon Verified review Amazon
Lorraine Oct 31, 2019
Full star icon Full star icon Full star icon Full star icon Full star icon 5
This book is quick because the Author runs three a lot of quick examples. Which then gives you ideas for more complicated uses of the same features/services the book walks the reader through.
Amazon Verified review Amazon
Koen Vervloesem Aug 25, 2019
Full star icon Empty star icon Empty star icon Empty star icon Empty star icon 1
If you want to know how to install various Linux security programs, this book is definitely for you. The author is even kind enough to include lots of screenshots of apt-get output and for some programs he even provides alternate installation methods like compiling the software yourself if you're for some reason unable to install it with apt-get. As a bonus, you even get a lot of installation instructions for non-security related programs for free.For everyone who wants to learn more about *using* these programs, don't buy this book. This is the first time ever I made the effort to write an Amazon review, just because I have too many issues with the book:- As I already wrote in the beginning, half of the book's pages are wasted with installation instructions, complete with half a page of output for every apt-get install. The author also spends a lot of time about basic Linux commands that have nothing to do with security.- Most of the cookbook tips of the more complex programs end with a variation of "Now that we have installed and configured X, we can do Y", and Y is where the fun actually begins, Y is what I wanted to learn to begin with, Y is the reason I bought this book.- The content is very shallow. For instance, apparently the author thinks securing an email server is done by disabling the vrfy command. Relay restrictions? Authentication and encryption? SPF, DKIM, DMARC? You won't find anything about these topics in this book.- There's no focus. Many times the author shows an obscure option or program behaviour that just isn't relevant, and then forgets to talk about the really interesting stuff (such as the email example in my previous point). Or he shows pages and pages of screenshots of the GNOME interface of Kali Linux and then just goes on to the next topic.- There are big holes in the topics: nothing about DNS security and nothing about OpenVPN, for instance.- Some things are just wrong. For instance, the author talks about an iptables 'table' when he means a 'chain'. He doesn't even explain the concepts of tables and chains.- There are a lot of bad security practices in this book, such as logging in as root, running a clearly EOL Ubuntu server in the screenshots with hundreds of security updates waiting to be installed, telling readers to disable SELinux when a program doesn't work to see whether SELinux is the problem (duh! I want to know why it doesn't work then, but I won't learn in this book which SELinux rules are the culprit), telling readers to "just ignore the warning" when you're connecting to a web server with a self-signed certificate in your browser, and so on.- The book could also use some better copy-editing.I expected better from a book called "Practical Linux Security Cookbook". Shame on you, Packt, for publishing this.I will send this book back for a refund, and that's another first.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

How do I buy and download an eBook? Chevron down icon Chevron up icon

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Please Note: Packt eBooks are non-returnable and non-refundable.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

  • You may make copies of your eBook for your own use onto any machine
  • You may not pass copies of the eBook on to anyone else
How can I make a purchase on your website? Chevron down icon Chevron up icon

If you want to purchase a video course, eBook or Bundle (Print+eBook) please follow below steps:

  1. Register on our website using your email address and the password.
  2. Search for the title by name or ISBN using the search option.
  3. Select the title you want to purchase.
  4. Choose the format you wish to purchase the title in; if you order the Print Book, you get a free eBook copy of the same title. 
  5. Proceed with the checkout process (payment to be made using Credit Card, Debit Cart, or PayPal)
Where can I access support around an eBook? Chevron down icon Chevron up icon
  • If you experience a problem with using or installing Adobe Reader, the contact Adobe directly.
  • To view the errata for the book, see www.packtpub.com/support and view the pages for the title you have.
  • To view your account details or to download a new copy of the book go to www.packtpub.com/account
  • To contact us directly if a problem is not resolved, use www.packtpub.com/contact-us
What eBook formats do Packt support? Chevron down icon Chevron up icon

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

You will need to use Adobe Reader v9 or later in order to read Packt's PDF eBooks.

What are the benefits of eBooks? Chevron down icon Chevron up icon
  • You can get the information you need immediately
  • You can easily take them with you on a laptop
  • You can download them an unlimited number of times
  • You can print them out
  • They are copy-paste enabled
  • They are searchable
  • There is no password protection
  • They are lower price than print
  • They save resources and space
What is an eBook? Chevron down icon Chevron up icon

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

When you have purchased an eBook, simply login to your account and click on the link in Your Download Area. We recommend you saving the file to your hard drive before opening it.

For optimal viewing of our eBooks, we recommend you download and install the free Adobe Reader version 9.