Subscription

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Conferences

Free Learning

You're reading from Mastering Linux Security and Hardening Protect your Linux systems from intruders, malware attacks, and other cyber threats

Product type Paperback

Published in Feb 2020

Publisher

ISBN-13 9781838981778

Length 666 pages

Edition 2nd Edition

Tools

Linux

Concepts

Cloud Computing

Author (1):

Donald A. Tevault

View More author details

Table of Contents (20) Chapters

Preface

1. Section 1: Setting up a Secure Linux System

2. Running Linux in a Virtual Environment FREE CHAPTER

3. Securing User Accounts

4. Securing Your Server with a Firewall - Part 1

5. Securing Your Server with a Firewall - Part 2

6. Encryption Technologies

7. SSH Hardening

8. Section 2: Mastering File and Directory Access Control (DAC)

9. Mastering Discretionary Access Control

10. Access Control Lists and Shared Directory Management

11. Section 3: Advanced System Hardening Techniques

12. Implementing Mandatory Access Control with SELinux and AppArmor

13. Kernel Hardening and Process Isolation

14. Scanning, Auditing, and Hardening

15. Logging and Log Security

16. Vulnerability Scanning and Intrusion Detection

17. Security Tips and Tricks for the Busy Bee

18. Assessments

19. Other Books You May Enjoy

Leave a review – let other readers know what you think

Setting system-wide encryption policies on RHEL 8/CentOS 8

In Chapter 5, Encryption Technologies, we briefly looked at how to set system-wide encryption policies on CentOS 8. With this brand-new feature, you no longer have to configure crypto policies for each individual daemon. Instead, you just run a couple of simple commands, and the policy is instantly changed for multiple daemons. To see which daemons are covered, look in the /etc/crypto-policies/back-ends/ directory. Here's a partial view of what's there:

[donnie@localhost back-ends]$ ls -l
total 0
. . .
. . .
lrwxrwxrwx. 1 root root 46 Sep 24 18:17 openssh.config -> /usr/share/crypto-policies/DEFAULT/openssh.txt

lrwxrwxrwx. 1 root root 52 Sep 24 18:17 opensshserver.config -> /usr/share/crypto-policies/DEFAULT/opensshserver.txt

lrwxrwxrwx. 1 root root 49 Sep 24 18:17 opensslcnf.config -> /usr/share/crypto-policies...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at €18.99/month. Cancel anytime

Authors (1)

Donald A. Tevault

Donald A. Tevault - but you can call him Donnie - got involved with Linux way back in 2006, and has been working with it ever since. He holds the Linux Professional Institute Level 3-Security certification, and the GIAC Incident Handler certification. Donnie is a professional Linux trainer, and thanks to the magic of the internet, teaches Linux classes literally the world over from the comfort of his living room. He's also a Linux security researcher for an IoT security company.

See other products by Donald A. Tevault