Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases now! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Mastering Linux Security and Hardening
Mastering Linux Security and Hardening

Mastering Linux Security and Hardening: A practical guide to protecting your Linux system from cyber attacks , Third Edition

eBook
€20.98 €29.99
Paperback
€37.99
Subscription
Free Trial
Renews at €18.99p/m

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
Table of content icon View table of contents Preview book icon Preview Book

Mastering Linux Security and Hardening

Running Linux in a Virtual Environment

So, you may be asking yourself: Why do I need to study Linux security? Isn’t Linux already secure? After all, it’s not Windows. But the fact is, there are many reasons.

It’s true that Linux has certain advantages over Windows when it comes to security. These include the following:

  • Unlike Windows, Linux was designed from the ground up as a multiuser operating system. So, user security tends to be a bit better on a Linux system.
  • Linux offers a better separation between administrative users and unprivileged users. This makes it a bit harder for intruders, and it also makes it a bit harder for a user to accidentally infect a Linux machine with something nasty.
  • Linux is much more resistant to viruses and malware infections than Windows is. Certain Linux distributions come with built-in mechanisms, such as SELinux in Red Hat and its free-of-charge clones, and AppArmor in Ubuntu and SUSE, that help prevent intruders from taking control of a system.
  • Linux is free and open source software. This allows anyone who has the skill to audit Linux code to hunt for bugs or backdoors.

But even with those advantages, Linux is just like everything else that’s been created by mankind. That is, it isn’t perfect.

Here are the topics that we’ll cover in this chapter:

  • Looking at the threat landscape
  • Why every Linux administrator needs to learn about Linux security
  • A bit about the threat landscape, with some examples of how attackers have, at times, been able to breach Linux systems
  • Resources for keeping up with IT security news
  • Differences between physical, virtual, and cloud setups
  • Setting up Ubuntu Server and Red Hat-type virtual machines with VirtualBox, and installing the Extra Packages for Enterprise Linux (EPEL) repository in the Red Hat-type virtual machines
  • Creating virtual machine snapshots
  • Installing Cygwin on a Windows host so that Windows users can connect to a virtual machine from their Windows hosts
  • Using the Windows 10/11 Bash shell to access Linux systems
  • How to keep your Linux systems updated

Let’s begin by talking about threats.

Looking at the threat landscape

If you’ve kept up with IT technology news over the past few years, you’ll likely have seen at least a few articles about how attackers have compromised Linux servers. For example, while it’s true that Linux isn’t really susceptible to virus infections, there have been several cases where attackers have planted other types of malware on Linux servers. Here are some examples:

  • Botnet malware: This causes a server to join a botnet that is controlled by a remote attacker. One of the more famous cases involved joining Linux servers to a botnet that launched denial-of-service (DoS) attacks against other networks.
  • Ransomware: This is designed to encrypt user data until the server owner pays a ransom fee. But even after paying the fee, there’s no guarantee that the data can be recovered.
  • Cryptocoin mining software: This causes the CPUs of the server on which it’s planted to work extra hard and consume more energy. Cryptocoins that get mined go to the accounts of the attackers who planted the software.

And, of course, there have been plenty of breaches that don’t involve malware, such as where attackers have found a way to steal user credentials, credit card data, or other sensitive information.

Some security breaches come about because of plain carelessness. Here’s an example of where a careless Adobe administrator placed the company’s private security key on a public security blog: https://arstechnica.com/information-technology/2017/09/in-spectacular-fail-adobe-security-team-posts-private-pgp-key-on-blog/.

Now, let’s talk a bit more about security breaches.

Why do security breaches happen?

Regardless of whether you’re running Linux, Windows, or whatever else, the reasons for security breaches are usually the same. They could be security bugs in the operating system or security bugs in an application that’s running on that operating system. Often, a bug-related security breach could have been prevented had the administrators applied security updates in a timely manner.

Another big issue is poorly configured servers. A standard, out-of-the-box configuration of a Linux server is actually quite insecure and can cause a whole ton of problems. One cause of poorly configured servers is simply the lack of properly trained personnel to securely administer Linux servers. (Of course, that’s great news for the readers of this book, because—trust me—there’s no lack of well-paying IT security jobs.)

And now, in addition to Linux on servers and desktops, we have Linux on devices that are part of the Internet of Things (IoT). There have been many security problems with these devices, in large part because people just don’t know how to configure them securely.

As we journey through this book, we’ll see how to do business the right way, to make our servers as secure as possible. One thing we can do is to keep up with security-related news.

Keeping up with security news

If you’re in the IT business, even if you’re not a security administrator, you’ll want to keep up with the latest security news. In the age of the Internet, that’s easy to do.

First, there are quite a few websites that specialize in network security news. Examples include Packet Storm Security and The Hacker News. Regular tech news sites and Linux news websites, such as Ars Technica, Fudzilla, The Register, ZDNet, and LXer, also carry reports about network security breaches. And, if you’d rather watch videos than read, you’ll find plenty of good YouTube channels, such as BeginLinux Guru.

Finally, regardless of which Linux distro you’re using, be sure to keep up with the news and current documentation for your Linux distro. Distro maintainers should have a way of letting you know if a security problem crops up in their products.

Here are some links to some good security-related websites:

Here are some links to more generalized tech websites:

You can check out some general Linux learning resources as well as Linux news sites:

(Full disclosure: I am the world-famous BeginLinux Guru.)

One thing to always remember as you go through this book is that the only operating system you’ll ever see that’s totally 100% secure will be installed on a computer that never gets turned on.

Left arrow icon Right arrow icon
Download code icon Download Code

Key benefits

  • Discover security techniques to prevent malware from infecting a Linux system, and detect it
  • Prevent unauthorized people from breaking into a Linux system
  • Protect important and sensitive data from being revealed to unauthorized persons

Description

The third edition of Mastering Linux Security and Hardening is an updated, comprehensive introduction to implementing the latest Linux security measures, using the latest versions of Ubuntu and AlmaLinux. In this new edition, you will learn how to set up a practice lab, create user accounts with appropriate privilege levels, protect sensitive data with permissions settings and encryption, and configure a firewall with the newest firewall technologies. You’ll also explore how to use sudo to set up administrative accounts with only the privileges required to do a specific job, and you’ll get a peek at the new sudo features that have been added over the past couple of years. You’ll also see updated information on how to set up a local certificate authority for both Ubuntu and AlmaLinux, as well as how to automate system auditing. Other important skills that you’ll learn include how to automatically harden systems with OpenSCAP, audit systems with auditd, harden the Linux kernel configuration, protect your systems from malware, and perform vulnerability scans of your systems. As a bonus, you’ll see how to use Security Onion to set up an Intrusion Detection System. By the end of this new edition, you will confidently be able to set up a Linux server that will be secure and harder for malicious actors to compromise.

Who is this book for?

This book is for Linux administrators, system administrators, and network engineers interested in securing moderate to complex Linux environments. Security consultants looking to enhance their Linux security skills will also find this book useful. Working experience with the Linux command line and package management is necessary to understand the concepts covered in this book.

What you will learn

  • Prevent malicious actors from compromising a production Linux system
  • Leverage additional features and capabilities of Linux in this new version
  • Use locked-down home directories and strong passwords to create user accounts
  • Prevent unauthorized people from breaking into a Linux system
  • Configure file and directory permissions to protect sensitive data
  • Harden the Secure Shell service in order to prevent break-ins and data loss
  • Apply security templates and set up auditing

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Feb 28, 2023
Length: 618 pages
Edition : 3rd
Language : English
ISBN-13 : 9781837632626
Vendor :
Linux Foundation
Category :
Languages :
Tools :

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning

Product Details

Publication date : Feb 28, 2023
Length: 618 pages
Edition : 3rd
Language : English
ISBN-13 : 9781837632626
Vendor :
Linux Foundation
Category :
Languages :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
€18.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
€189.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts
€264.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total 105.97 113.97 8.00 saved
The Ultimate Docker Container Book
€37.99
Mastering Linux Security and Hardening
€37.99
50 Algorithms Every Programmer Should Know
€29.99 €37.99
Total 105.97 113.97 8.00 saved Stars icon

Table of Contents

21 Chapters
Section 1: Setting up a Secure Linux System Chevron down icon Chevron up icon
Running Linux in a Virtual Environment Chevron down icon Chevron up icon
Securing Administrative User Accounts Chevron down icon Chevron up icon
Securing Normal User Accounts Chevron down icon Chevron up icon
Securing Your Server with a Firewall – Part 1 Chevron down icon Chevron up icon
Securing Your Server with a Firewall — Part 2 Chevron down icon Chevron up icon
Encryption Technologies Chevron down icon Chevron up icon
SSH Hardening Chevron down icon Chevron up icon
Section 2: Mastering File and Directory Access Control (DAC) Chevron down icon Chevron up icon
Mastering Discretionary Access Control Chevron down icon Chevron up icon
Access Control Lists and Shared Directory Management Chevron down icon Chevron up icon
Section 3: Advanced System Hardening Techniques Chevron down icon Chevron up icon
Implementing Mandatory Access Control with SELinux and AppArmor Chevron down icon Chevron up icon
Kernel Hardening and Process Isolation Chevron down icon Chevron up icon
Scanning, Auditing, and Hardening Chevron down icon Chevron up icon
Logging and Log Security Chevron down icon Chevron up icon
Vulnerability Scanning and Intrusion Detection Chevron down icon Chevron up icon
Prevent Unwanted Programs from Running Chevron down icon Chevron up icon
Security Tips and Tricks for the Busy Bee Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon
Index Chevron down icon Chevron up icon

Customer reviews

Most Recent
Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.6
(34 Ratings)
5 star 82.4%
4 star 8.8%
3 star 2.9%
2 star 2.9%
1 star 2.9%
Filter icon Filter
Most Recent

Filter reviews by




AB12 Sep 05, 2024
Full star icon Full star icon Full star icon Empty star icon Empty star icon 3
I'm sure it was an innocent mistake but ecryptfs is deprecated...
Amazon Verified review Amazon
Ilia Semichastnov Sep 02, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
A great book with a lot of general overviews and practical tips on hardening both debian and rhel family linux machines.Absolutely worth the price.
Amazon Verified review Amazon
Darryl L. Rowe Aug 25, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Excellent material, good coverage and understandable. Just what I needed to get up to speed and set up an rsyslogserver.
Amazon Verified review Amazon
Robert J. Nagel Apr 30, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Our company makes us take the Security+ exam which is a total joke. Would be much better to just have everyone read this book. One of the two or three best Linux books out there. Well written and full of very useful information.
Amazon Verified review Amazon
Jeff Childers Mar 11, 2024
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
Information about Secure Boot keys and signing your bootloaders is missing from this book. Other than that it is very educational.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

How do I buy and download an eBook? Chevron down icon Chevron up icon

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Please Note: Packt eBooks are non-returnable and non-refundable.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

  • You may make copies of your eBook for your own use onto any machine
  • You may not pass copies of the eBook on to anyone else
How can I make a purchase on your website? Chevron down icon Chevron up icon

If you want to purchase a video course, eBook or Bundle (Print+eBook) please follow below steps:

  1. Register on our website using your email address and the password.
  2. Search for the title by name or ISBN using the search option.
  3. Select the title you want to purchase.
  4. Choose the format you wish to purchase the title in; if you order the Print Book, you get a free eBook copy of the same title. 
  5. Proceed with the checkout process (payment to be made using Credit Card, Debit Cart, or PayPal)
Where can I access support around an eBook? Chevron down icon Chevron up icon
  • If you experience a problem with using or installing Adobe Reader, the contact Adobe directly.
  • To view the errata for the book, see www.packtpub.com/support and view the pages for the title you have.
  • To view your account details or to download a new copy of the book go to www.packtpub.com/account
  • To contact us directly if a problem is not resolved, use www.packtpub.com/contact-us
What eBook formats do Packt support? Chevron down icon Chevron up icon

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

You will need to use Adobe Reader v9 or later in order to read Packt's PDF eBooks.

What are the benefits of eBooks? Chevron down icon Chevron up icon
  • You can get the information you need immediately
  • You can easily take them with you on a laptop
  • You can download them an unlimited number of times
  • You can print them out
  • They are copy-paste enabled
  • They are searchable
  • There is no password protection
  • They are lower price than print
  • They save resources and space
What is an eBook? Chevron down icon Chevron up icon

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

When you have purchased an eBook, simply login to your account and click on the link in Your Download Area. We recommend you saving the file to your hard drive before opening it.

For optimal viewing of our eBooks, we recommend you download and install the free Adobe Reader version 9.