Your Guide to O.S.S
• Step-by-Step Instructions for Deploying Open Source Security Tools
• Hundreds of Tools & Traps and Damage & Defense Sidebars, Security Alerts, and Exercises!
• Bonus Wallet CD with Configuration Examples, Packet Captures and Programs
James Stanger, Ph.D.
Patrick T. Lane
Edgar Danielyan Technical Editor
Patrick T. Lane
Edgar Danielyan Technical Editor
 |
| Hack Proofing Linux |
We would like to acknowledge the following people for their kindness and support
in making this book possible.
Richard Kristof and Duncan Anderson of Global Knowledge, for their generous
access to the IT industry’s best courses, instructors, and training facilities.
Ralph Troupe, Rhonda St. John, and the team at Callisma for their invaluable insight
into the challenges of designing, deploying and supporting world-class enterprise networks.
Karen Cross, Lance Tilford,Meaghan Cunningham, Kim Wylie, Harry Kirchner, Bill
Richter, Kevin Votel, and Kent Anderson of Publishers Group West for sharing their
incredible marketing experience and expertise.
Mary Ging, Caroline Hird, Simon Beale, Caroline Wheeler,Victoria Fuller, Jonathan
Bunkell, and Klaus Beran of Harcourt International for making certain that our
vision remains worldwide in scope.
Anneke Baeten, Annabel Dent, and Laurie Giles of Harcourt Australia for all their help.
David Buckland,Wendi Wong, Daniel Loh, Marie Chieng, Lucy Chong, Leslie Lim,
Audrey Gan, Charlotte Chan, and Joseph Chan of Transquest Publishers for the
enthusiasm with which they receive our books.
Kwon Sung June at Acorn Publishing for his support.
Ethan Atkin at Cranbury International for his help in expanding the Syngress program.
Joe Pisco, Helen Moyer, Paul Zanoli, Alan Steele, and the great folks at InterCity
Press for all their help.
Philip Allen at Brewer & Lord LLC for all his work and generosity.
Technical Editors
Edgar Danielyan (CCNA) is a self-employed developer specializing in
GCC, X Window,Tcl/Tk, logic programming, Internet security, and
TCP/IP; as well as having with BSD, SVR4.2, FreeBSD, SCO, Solaris, and
UnixWare. He has a diploma in company law from the British Institute of
Legal Executives as well as a paralegal certificate from the University of
Southern Colorado. He is currently working as the Network
Administrator and Manager of a top-level Armenian domain. He has also
worked for the United Nations, the Ministry of Defense of the Republic
of Armenia, and Armenian national telephone companies and financial
institutions. Edgar speaks four languages, and is a member of ACM, IEEE
CS, USENIX, CIPS, ISOC, and IPG.
Larry Karnis (RHCE, Master ACE, CITP), is a Senior Consultant for
Application Enhancements, a Unix, Linux, and Internet consulting firm
located in Toronto, Canada. His first exposure to Unix was over 20 years
ago where he used Unix Version 6 while completing a bachelor’s degree
in computer science and mathematics. Larry deploys and manages Linuxbased
solutions such as Web and file and print servers, and Linux firewalls.
Introduction
In spite of the ups and downs of the dot-com industry, open source software has
become a viable alternative to commercial companies such as Microsoft, Sun, and
IBM.Although open source software has its quirks and its problems, the open
source movement has made its niche in the networking market. As a networking
professional, it is in your best interest to understand some of the more important
security applications and services that are available.
This book is designed to provide experienced systems administrators with
open source security tools. Although we have made every effort to include as
many people and as many skill sets as possible, this book assumes a fundamental
knowledge of Linux.This book focuses on open source Linux applications, daemons,
and system fixes. In the book’s first chapters, you will learn how to lock
down your network. Chapter 2 discusses ways to secure and monitor the operating
system, and ways to scan local and remote networks for weaknesses.You will
receive detailed information on how to ensure that your system’s services and the
root account are as secure as possible.
In Chapter 3, you will learn how to deploy antivirus and scanning programs
for your local system. By using these scanning programs, you will be able to mitigate
risk and learn more about the nature of services on your network. Scanners
such as nmap and nessus will help you learn about the open ports on your network,
and how these open ports might pose a threat to your system. Chapter 3
gives you detailed information about practical ways to implement intrusion
detection on your local system and on your network. Using applications such as
Tripwire, Portsentry, and Snort, you will be able to precisely identify system
anomalies and detect inappropriate logins. Chapter 5 shows how you can use
open source tools such as tcpdump, Ethereal, EtherApe, and Ntop to inspect and
gauge traffic on the network.
The second part of the book focuses on ways to enhance authentication using
open source software. In Chapter 6, you will learn about One Time Passwords
(OTP) and Kerberos as ways to ensure that malicious users won’t be able to obtain
your passwords as they cross the network. Chapter 7 discusses ways to use Secure
Shell (SSH) and Secure Sockets Layer (SSL), which are ways to enable on-the-fly
encryption to protect data. In Chapter 8, you will learn about how to enable
IPSec on a Linux system so that you can implement a virtual private network
(VPN).As you learn more about the primary VPN product called Free Secure
Wide Area Network (FreeS/WAN), you will see how it is possible to protect network
traffic as it passes through your own network, and over the Internet.
The final part of the book focuses on ways to create an effective network
perimeter. Chapter 9, shows how to install and configure Ipchains and Iptables on
a Linux system. Kernels earlier than 2.3 can use Ipchains, whereas kernel versions
2.3 and later use Iptables. Regardless of the way you do it, you will learn to filter
traffic with these two packet filtering tools.
In Chapter 10, you will learn how a proxy server can further enhance your
control over your network perimeter. Specifically, you will use the Squid proxy
server to control client access to the Internet.You will also learn how to configure
Linux clients to access the proxy server. Finally, Chapter 11, shows how to
troubleshoot and counteract problems with your network perimeter.You will
learn how to maintain, test, and log the firewall so that you have a functional barrier
between you and the outside world.
It is our intention to create a book that gives you practical information and
advice about the most common open source security tools.
The Tools Used in This Book
This book was written using version 7.0 of the Red Hat Linux operating system.
Although it may not be the “best” Linux distribution (there are at least 100 versions
in the world), it is the most popular.We have tried to ensure that the skills
and tools you obtain in this book will be portable to other Linux versions, and
even other open source operating systems such as FreeBSD (www.freebsd.org).
However, each Linux flavor has its own quirks, and you may find it necessary to
deviate from some of the instructions in this book.
Screenshot
Purchase Now !
Just with Paypal
Just with Paypal
Product details
Price
|
|
|---|---|
File Size
| 12,098 KB |
Pages
|
705 p |
File Type
|
PDF format |
ISBN
| 1-928994-34-2 |
Copyright
| 2001 by Syngress Publishing |
Contents
Foreword xxvii
Chapter 1 Introduction to Open Source Security
Introduction 2
The Tools Used in This Book 3
Using the GNU General Public License 3
Fee-Based GPL Software 5
Can I Use GPL Software in My Company? 5
Soft Skills: Coping with Open Source Quirks 6
General Lack of Installation and Configuration
Support 6
Infrequent or Irregular Update Schedules 6
Command-Line Dominance 6
Lack of Backward Compatibility and No
Regular Distribution Body 7
Inconvenient Upgrade Paths 7
Conflicts in Supporting Libraries and Limited
Platform Support 7
Interface Changes 8
Partially Developed Solutions 8
Should I Use an RPM or Tarballs? 10
Tarball 10
Red Hat Package Manager 11
Debian 11
Obtaining Open Source Software 12
SourceForge 12
Freshmeat 13
Packetstorm 14
SecurityFocus 15
Is That Download Safe? 16
A Brief Encryption Review 16
Symmetric Key Encryption 17
Asymmetric Key Encryption 18
Public Key and Trust Relationships 19
One-Way Encryption 20
GNU Privacy Guard 21
Deploying GNU Privacy Guard 21
Skipping Public Key Verification 29
Using GPG to Verify Signatures on
Tarball Packages 30
Using Md5sum 30
Auditing Procedures 31
Locking Down Your Network Hosts 31
Securing Data across the Network 32
Protecting the Network Perimeter 33
Summary 35
Solutions Fast Track 35
Frequently Asked Questions 38
Chapter 2 Hardening the Operating System
Introduction 42
Updating the Operating System 42
Red Hat Linux Errata and Update Service
Packages 42
Handling Maintenance Issues 43
Red Hat Linux Errata: Fixes and Advisories 44
Bug Fix Case Study 46
Manually Disabling Unnecessary Services
and Ports 47
Services to Disable 47
The xinetd.conf File 48
Locking Down Ports 50
Well-Known and Registered Ports 50
Determining Ports to Block 52
Blocking Ports 53
Xinetd Services 53
Stand-Alone Services 54
Hardening the System with Bastille 55
Bastille Functions 55
Bastille Versions 63
Implementing Bastille 64
Undoing Bastille Changes 74
Controlling and Auditing Root Access with Sudo 77
System Requirements 79
The Sudo Command 79
Downloading Sudo 80
Installing Sudo 82
Configuring Sudo 86
Running Sudo 90
No Password 92
Sudo Logging 93
Managing Your Log Files 96
Using Logging Enhancers 97
SWATCH 97
Scanlogd 100
Syslogd-ng 101
Summary 103
Solutions Fast Track 104
Frequently Asked Questions 107
Chapter 3 System Scanning and Probing
Introduction 110
Scanning for Viruses Using the AntiVir Antiviru
Application 110
Understanding Linux Viruses 110
Using AntiVir 112
Key Mode and Non-Key Mode 114
Licensing AntiVir 114
Exercise: Updating AntiVir 114
Using TkAntivir 116
Required Libraries and Settings 117
Scanning Systems for Boot Sector and
E-Mail Viruses 117
Additional Information 120
Exercise: Using TkAntivir 120
Scanning Systems for DDoS Attack Software
Using a Zombie Zapper 123
How Zombies Work and How to Stop Them 124
When Should I Use a Zombie Zapper? 125
What Zombie Zapper Should I Use? 125
What Does Zombie Zapper Require
to Compile? 127
Exercise: Using Zombie Zapper 127
Scanning System Ports Using the Gnome Service
Scan Port Scanner 129
Required Libraries 130
Why Use a Port Scanner? 131
Exercise: Using Gnome Service Scanner 131
Using Nmap 133
Isn’t Nmap Just Another Port Scanner? 134
Acquiring and Installing Nmap 136
Common Nmap Options 136
Applied Examples 137
Scanning Entire Networks and Subnets 138
Selective Scanning 139
Adding More Stealth 139
Saving to Text and Reading from Text 140
Testing Firewalls and Intrusion Detection
Systems 141
Example: Spoofing the Source Address
of a Scan 142
Timing Your Scan Speeds 142
Example: Conducting a Paranoid Scan 143
Exercise: Using Nmap 143
Using Nmap in Interactive Mode 144
Exercise: Using Nmap in Interactive
Mode 144
Using NmapFE as a Graphical Front End 146
Exercise: Using NmapFE 147
Using Remote Nmap (Rnmap) as a Central
Scanning Device 147
Exercise: Scanning Systems with Rnmap 148
Deploying Cheops to Monitor Your Network 151
How Cheops Works 153
Obtaining Cheops 154
Required Libraries 154
The Cheops Interface 155
Mapping Relations between Computers 157
Cheops Monitoring Methods 157
Connectivity Features 159
Exercise: Installing and Configuring
Cheops 160
Deploying Nessus to Test Daemon Security 165
The Nessus Client/Server Relationship 167
Windows Nessus Clients 169
Required Libraries 169
Order of Installation 170
Configuring Plug-Ins 173
Creating a New Nessus User 174
The Rules Database 174
Exercise: Installing Nessus and
Conducting a Vulnerability Scan 175
Updating Nessus 179
Understanding Differential, Detached,
and Continuous Scans 180
Exercise: Conducting Detached
and Differential Scans with Nessus 182
Summary 185
Solutions Fast Track 185
Frequently Asked Questions 189
Chapter 4 Implementing an Intrusion Detection System
Introduction 192
Understanding IDS Strategies and Types 194
IDS Types 195
Host-Based IDS Applications 196
Network-Based IDS Applications 196
IDS Applications and Fault Tolerance 197
What Can an IDS Do for Me? 200
Which IDS Strategy Is Best? 203
Network-Based IDS Applications and
Firewalls 203
IDS Applications 204
Installing Tripwire to Detect File Changes on
Your Operating System 206
Tripwire Dependencies 207
Availability 208
Deploying Tripwire 208
Tripwire Files 208
Tripwire Installation Steps 209
Configuring the Tripwire Policy File 209
Creating the Tripwire Policy File 212
Database Initialization Mode 212
Testing E-Mail Capability 214
Integrity Checking Mode 214
Specifying a Different Database 215
Reading Reports 215
Updating Tripwire to Account for Legitimate
Changes in the OS 215
Updating the Policy 216
What Do I Do if I Find a Discrepancy? 217
Configuring Tripwire to Inform You Concerning
Changes 217
Exercise: Installing Tripwire 217
Exercise: Securing the Tripwire Database 219
Exercise: Using Cron to Run Tripwire
Automatically 220
Deploying PortSentry to Act as a
Host-Based IDS 220
Important PortSentry Files 221
Installing PortSentry 222
Configuring PortSentry to Block Users 222
Optimizing PortSentry to Sense Attack Types 223
Exercise: Installing and Configuring
PortSentry 224
Exercise: Clearing Ipchains Rules 227
Exercise: Running an External Command
Using PortSentry 227
Installing and Configuring Snort 229
Availability 229
Supporting Libraries 229
Understanding Snort Rules 230
Snort Variables 230
Snort Files and Directories 231
Snort Plug-Ins 232
Starting Snort 233
Logging Snort Entries 236
Running Snort as a Network-Based IDS 236
Ignoring Hosts 237
Additional Logging Options:Text
files,Tcpdump, and Databases 237
Configuring Snort to Log to a Database 238
Controlling Logging and Alerts 239
Getting Information 240
Exercise: Installing Snort 240
Exercise: Using Snort as an IDS
Application 241
Exercise: Configuring Snort to Log to
a Database 243
Exercise: Querying a Snort Database
from a Remote Host 251
Identifying Snort Add-Ons 251
SnortSnarf 252
Exercise: Using SnortSnarf to Read
Snort Logs 252
Analysis Console for Intrusion Databases 252
Summary 254
Solutions Fast Track 254
Frequently Asked Questions 258
Chapter 5 Troubleshooting the Network with Sniffers
Introduction 262
Understanding Packet Analysis and TCP
Handshakes 264
TCP Handshakes 265
Establishing a TCP Connection 265
Terminating a TCP Connection 266
Creating Filters Using Tcpdump 268
Tcpdump Options 268
Tcpdump Expressions 271
Boolean Operators 275
Installing and Using Tcpdump 276
Configuring Ethereal to Capture Network
Packets 279
Ethereal Options 281
Ethereal Filters 283
Configuring Ethereal and Capturing Packets 283
Viewing Network Traffic between Hosts Using
EtherApe 288
Configuring EtherApe and Viewing Network
Traffic 289
Summary 293
Solutions Fast Track 294
Frequently Asked Questions 296
Chapter 6 Network Authentication and Encryption
Introduction 300
Understanding Network Authentication 300
Attacking Encrypted Protocols 301
Creating Authentication and Encryption
Solutions 303
Implementing One-Time Passwords
(OTP and OPIE) 305
What Files Does OPIE Replace? 305
How Does OPIE Work? 305
OPIE Files and Applications 306
opiepasswd 307
Password Format 308
Using opiekey 309
Using opieinfo and opiekey to Generate
a List 310
Installing OPIE 310
Configuration Options 310
Installation Options 311
Uninstalling OPIE 312
Exercise: Installing OPIE 312
Exercise: Installing the OPIE Client
on a Remote Server 315
Exercise: Using opie-tk and Allowing
Windows Users to Deploy OPIE. 316
Exercise: Installing opieftpd 318
Implementing Kerberos Version 5 319
Why Is Kerberos Such a Big Deal? 320
Kerberos Terms 321
Kerberos Principals 322
The Kerberos Authentication Process 323
How Information Traverses the Network 324
Creating the Kerberos Database 325
Using kadmin.local 325
Using kadmin 326
Using kadmin on the Client 328
Using kadmin and Creating Kerberos Client
Passwords 329
Setting Policies 330
Using Kinit 330
The kinit Command and Time Limits 332
Managing Kerberos Client Credentials 333
The kdestroy Command 333
Exercise: Configuring a KDC 334
Establishing Kerberos Client Trust Relationships
with kadmin 337
Additional Daemon Principal Names 339
Logging On to a Kerberos Host Daemon 340
Common Kerberos Client Troubleshooting
Issues and Solutions 340
Kerberos Client Applications 341
Kerberos Authentication and klogin 342
Exercise: Configuring a Kerberos Client 342
Summary 345
Solutions Fast Track 345
Frequently Asked Questions 348
Chapter 7 Avoiding Sniffing Attacks through Encryption
Introduction 354
Understanding Network Encryption 354
Capturing and Analyzing Unencrypted
Network Traffic 355
Using OpenSSH to Encrypt Network Traffic
between Two Hosts 361
The OpenSSH Suite 362
Installing OpenSSH 364
Configuring SSH 367
How SSH Works 368
Insecure r-command Authentication 368
Secure SSH Authentication 371
Implementing SSH to Secure Data Transmissions
over an Insecure Network 373
Distributing the Public Key 376
Capturing and Analyzing Encyrpted Network
Traffic 381
Summary 385
Solutions Fast Track 386
Frequently Asked Questions 388
Chapter 8 Creating Virtual Private Networks
Introduction 392
Secure Tunneling with VPNs 392
Telecommuter VPN Solution 392
Router-to-Router VPN Solution 394
Host-to-Host VPN Solution 395
Tunneling Protocols 395
Explaining the IP Security Architecture 396
Using IPSec with a VPN Tunneling Protocol 400
Internet Key Exchange Protocol 401
Creating a VPN by Using FreeS/WAN 402
Downloading and Unpacking FreeS/WAN 404
Compiling the Kernel to Run FreeS/WAN 407
Recompiling FreeS/WAN into the New
Kernel 417
Configuring FreeS/WAN 420
Testing IP Networking 420
Configuring Public Key Encryption for
Secure Authentication of VPN
Endpoints 424
Starting the Tunnel 434
Capturing VPN Tunnel Traffic 436
Closing the VPN Tunnel 438
Summary 439
Solutions Fast Track 440
Frequently Asked Questions 441
Chapter 9 Implementing a Firewall with Ipchains and Iptables
Introduction 446
Understanding the Need for a Firewall 447
Building a Personal Firewall 449
Understanding Packet Filtering
Terminology 450
Choosing a Linux Firewall Machine 452
Protecting the Firewall 452
Deploying IP Forwarding and Masquerading 453
Masquerading 456
Configuring Your Firewall to Filter Network
Packets 458
Configuring the Kernel 460
Packet Accounting 460
Understanding Tables and Chains in a Linux
Firewall 461
Built-In Targets and User-Defined Chains 462
Specifying Interfaces 463
Setting Policies 464
Using Ipchains to Masquerade Connections 467
Iptables Masquerading Modules 468
Using Iptables to Masquerade Connections 468
Iptables Modules 470
Exercise: Masquerading Connections
Using Ipchains or Iptables 471
Logging Packets at the Firewall 471
Setting Log Limits 472
Adding and Removing Packet Filtering Rules 472
ICMP Types 473
Exercise: Creating a Personal Firewall
and Creating a User-Defined Chain 475
Redirecting Ports in Ipchains and Iptables 477
Configuring a Firewall 478
Setting a Proper Foundation 478
Creating Anti-Spoofing Rules 479
Counting Bandwidth Usage 483
Listing and Resetting Counters 484
Setting Type of Service (ToS) in a Linux
Router 484
Setting ToS Values in Ipchains and Iptables 486
Using and Obtaining Automated Firewall Scripts
and Graphical Firewall Utilities 488
Firewall Works in Progress 490
Exercise: Using Firestarter to Create a
Personal Firewall 490
Exercise: Using Advanced Firestarter
Features 498
Summary 500
Solutions Fast Track 500
Frequently Asked Questions 505
Chapter 10 Deploying the Squid Web Proxy Cache Server
Introduction 508
Benefits of Proxy Server Implementation 508
Proxy Caching 508
Network Address Translation 510
Differentiating between a Packet Filter and
a Proxy Server 512
Implementing the Squid Web Proxy
Cache Server 513
System Requirements Specific to Proxy
Caching 516
Installing Squid 517
Configuring Squid 520
The http_port Tag 522
The Cache_dir Tag 523
The acl Tag 525
The http_access Tag 526
Starting and Testing Squid 528
Configuring Proxy Clients 529
Configuring Netscape Navigator and Lynx 530
Configuring Netscape Navigator 530
Configuring Lynx 532
Configuring Internet Explorer (Optional) 533
Summary 535
Solutions Fast Track 536
Frequently Asked Questions 538
Chapter 11 Maintaining Firewalls
Introduction 544
Testing Firewalls 544
IP Spoofing 546
Open Ports/Daemons 546
Monitoring System Hard Drives, RAM,
and Processors 547
Suspicious Users, Logins, and Login
Times 547
Check the Rules Database 548
Verify Connectivity with Company
Management and End Users 548
Remain Informed Concerning the
Operating System 549
Port Scans 549
Using Telnet, Ipchains, Netcat, and SendIP to
Probe Your Firewall 550
Ipchains 551
Telnet 551
Using Multiple Terminals 552
Netcat 552
Sample Netcat Commands 554
Additional Netcat Commands 555
Exercise: Using Netcat 557
SendIP:The Packet Forger 558
SendIP Syntax 558
Exercise: Using SendIP to Probe a
Firewall 560
Understanding Firewall Logging, Blocking, and
Alert Options 563
Firewall Log Daemon 563
Obtaining Firelogd 563
Syntax and Configuration Options 563
Message Format 564
Customizing Messages 566
Reading Log Files Generated by Other
Firewalls 568
Exercise: Configuring and Compiling
Firelogd 568
Fwlogwatch 569
Fwlogwatch Modes 570
Fwlogwatch Options and Generating
Reports 572
Exercise: Generating an HTML-Based
Firewall Log with Fwlogwatch 575
Automating Fwlogwatch 575
The Fwlogwatch Configuration File 576
Notification Options 579
Response Options 581
Exercise: Configuring Fwlogwatch to
Send Automatic Alerts and Block Users 583
Using Fwlogwatch with CGI Scripts 584
Obtaining More Information 586
Viewing the Results 587
Exercise: Using Cron and Fwlogwatch
CGI Scripts to Generate an Automatic
HTML Report 588
Additional Fwlog Features 590
Obtaining Additional Firewall Logging Tools 590
Summary 593
Solutions Fast Track 593
Frequently Asked Questions 597
Appendix A Bastille Log 599
Appendix B Hack Proofing
Linux Fast Track 605
Index 637
●▬▬▬▬▬❂❂❂▬▬▬▬▬●
●▬▬❂❂▬▬●
●▬❂▬●
●❂●
═════● ●═════
