O'Reilly - Building Secure Servers with Linux.pdf - LINUX - antonif

Building Secure Server s w it h Linux

By Michael D. Bauer

Printed in the United States of America.

Published by O'Reilly & Associates, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472.

O'Reilly & Associates books may be purchased for educational, business, or sales promotional use. Online

editions are also available for most titles ( http://safari.oreilly.com ). For more information contact our

corporate/institutional sales department: 800-998-9938 or corporate@oreilly.com .

Nutshell Handbook, the Nutshell Handbook logo, and the O'Reilly logo are registered trademarks of O'Reilly

& Associates, Inc. Many of the designations used by manufacturers and sellers to distinguish their products

are claimed as trademarks. Where those designations appear in this book, and O'Reilly & Associates, Inc.

was aware of a trademark claim, the designations have been printed in caps or initial caps. The association

between a caravan and the topic of building secure servers with Linux is a trademark of O'Reilly &

Associates, Inc.

While every precaution has been taken in the preparation of this book, the publisher and the author assume

no responsibility for errors or omissions, or for damages resulting from the use of the information contained

herein.

Preface

Computer security can be both discouraging and liberating. Once you get past the horror that comes with

fully grasping its futility (a feeling identical to the one that young French horn players get upon realizing no

matter how hard they practice, their instrument will continue to humiliate them periodically without

warning), you realize that there’s nowhere to go but up. But if you approach system security with:

· Enough curiosity to learn what the risks are

· Enough energy to identify and take the steps necessary to mitigate (and thus intelligently assume)

those risks

· Enough humility and vision to plan for the possible failure of even your most elaborate security

measures

you can greatly reduce your systems’ chances of being compromised. At least as importantly, you can

minimize the duration of and damage caused by any attacks that do succeed. This book can help, on both

counts.

What This Book Is About

Acknowledging that system security is, on some level, futile is my way of admitting that this book isn’t

really about "Building Secure Servers." [] Clearly, the only way to make a computer absolutely secure is to

disconnect it from the network, power it down, repeatedly degauss its hard drive and memory, and pulverize

the whole thing into dust. This book contains very little information on degaussing or pulverizing. However,

it contains a great deal of practical advice on the following:

[] My original title was Attempting to Enhance Certain Elements of Linux System Security in the

Face of Overwhelming Odds: Yo’ Arms Too Short to Box with God , but this was vetoed by my

editor (thanks, Andy!).

· How to think about threats, risks, and appropriate responses to them

· How to protect publicly accessible hosts via good network design

· How to "harden" a fresh installation of Linux and keep it patched against newly discovered

vulnerabilities with a minimum of ongoing effort

· How to make effective use of the security features of some particularly popular and securable

server applications

· How to implement some powerful security applications, including Nessus and Snort

In particular, this book is about "bastionizing" Linux servers. The term bastion host can legitimately be used

several ways, one of which is as a synonym for firewall. (This book is not about building Linux firewalls,

though much of what I cover can/should be done on firewalls.) My definition of bastion host is a carefully

configured, closely monitored host that provides restricted but publicly accessible services to nontrusted

users and systems. Since the biggest, most important, and least trustworthy public network is the Internet,

my focus is on creating Linux bastion hosts for Internet use.

I have several reasons for this seemingly-narrow focus. First, Linux has been particularly successful as a

server platform: even in organizations that otherwise rely heavily on commercial operating systems such as

Microsoft Windows, Linux is often deployed in "infrastructure" roles, such as SMTP gateway and DNS

server, due to its reliability, low cost, and the outstanding quality of its server applications.

Second, Linux and TCP/IP, the lingua franca of the Internet, go together. Anything that can be done on a

TCP/IP network can be done with Linux, and done extremely well, with very few exceptions. There are

many, many different kinds of TCP/IP applications, of which I can only cover a subset if I want to do so in

depth. Internet server applications are an important subset.

Third, this is my area of expertise. Since the mid-nineties my career has focused on network and system

security: I’ve spent a lot of time building Internet-worthy Unix and Linux systems. By reading this book you

will hopefully benefit from some of the experience I’ve gained along the way.

The Paranoid Penguin Connection

Another reason I wrote this book has to do with the fact that I write the monthly "Paranoid Penguin" security

column in Linux Journal Magazine . About a year and a half ago, I realized that all my pieces so far had

something in common: each was about a different aspect of building bastion hosts with Linux.

By then, the column had gained a certain amount of notoriety, and I realized that there was enough interest

in this subject to warrant an entire book on Linux bastion hosts. Linux Journal generously granted me

permission to adapt my columns for such a book, and under the foolish belief that writing one would amount

mainly to knitting the columns together, updating them, and adding one or two new topics, I proposed this

book to O’Reilly and they accepted.

My folly is your gain: while "Paranoid Penguin" readers may recognize certain diagrams and even

paragraphs from that material, I’ve spent a great deal of effort reresearching and expanding all of it,

including retesting all examples and procedures. I’ve added entire (lengthy) chapters on topics I haven’t

covered at all in the magazine, and I’ve more than doubled the size and scope of others. In short, I allowed

this to become The Book That Ate My Life in the hope of reducing the number of ugly security surprises in

yours.

Audience

Who needs to secure their Linux systems? Arguably, anybody who has one connected to a network. This

book should therefore be useful both for the Linux hobbyist with a web server in the basement and for the

consultant who audits large companies’ enterprise systems.

Obviously, the stakes and the scale differ greatly between those two types of users, but the problems, risks,

and threats they need to consider have more in common than not. The same buffer-overflow that can be used

to "root" a host running "Foo-daemon Version X.Y.Z" is just as much of a threat to a 1,000-host network

with 50 Foo-daemon servers as it is to a 5-host network with one.

This book is addressed, therefore, to all Linux system administrators — whether they administer 1 or 100

networked Linux servers, and whether they run Linux for love or for money.

What This Book Doesn’t Cover

This book covers general Linux system security, perimeter (Internet-accessible) network security, and

server-application security. Specific procedures, as well as tips for specific techniques and software tools,

are discussed throughout, and differences between the Red Hat 7, SuSE 7, and Debian 2.2 GNU/Linux

distributions are addressed in detail.

This book does not cover the following explicitly or in detail:

· Linux distributions besides Red Hat, SuSE, and Debian, although with application security (which

amounts to the better part of the book), this shouldnt be a problem for users of Slackware,

Turbolinux, etc.

· Other open source operating systems such as OpenBSD (again, much of what is covered should be

relevant, especially application security)

· Applications that are inappropriate for or otherwise unlikely to be found on publicly accessible

systems (e.g., SAMBA)

· Desktop (non-networked) applications

· Dedicated firewall systems (this book contains a subset of what is required to build a good firewall

system)

Assumptions This Book Makes

While security itself is too important to relegate to the list of "advanced topics" that youll get around to

addressing at a later date, this book does not assume that you are an absolute beginner at Linux or Unix. If it

did, it would be twice as long: for example, I cant give a very focused description of setting up syslog s

startup script if I also have to explain in detail how the System V init system works.

Therefore, you need to understand the basic configuration and operation of your Linux system before my

procedures and examples will make much sense. This doesnt mean you need to be a grizzled veteran of

Unix whos been running Linux since kernel Version 0.9 and who cant imagine listing a directorys contents

without piping it through impromptu awk and sed scripts. But you should have a working grasp of the

following:

· Basic use of your distributions package manager ( rpm , dselect , etc.)

· Linux directory system hierarchies (e.g., the difference between /etc and /var )

· How to manage files, directories, packages, user accounts, and archives from a command prompt

(i.e., without having to rely on X)

· How to compile and install software packages from source

· Basic installation and setup of your operating system and hardware

Notably absent from this list is any specific application expertise: most security applications discussed

herein (e.g., OpenSSH, Swatch, and Tripwire) are covered from the ground up.

I do assume, however, that with non-security-specific applications covered in this book, such as Apache and

BIND, you’re resourceful enough to get any information you need from other sources. In other words, new to

these applications, you shouldn’t have any trouble following my procedures on how to harden them. But

you’ll need to consult their respective manpages, HOWTOs, etc. to learn how to fully configure and maintain

them.

Conventions Used in This Book

I use the following font conventions in this book:

Italic

Indicates Unix pathnames, filenames, and program names; Internet addresses, such as domain

names and URLs; and new terms where they are defined

Boldface

Indicates names of GUI items, such as window names, buttons, menu choices, etc.

Constant width

Indicates command lines and options that should be typed verbatim; names and keywords in

system scripts, including commands, parameter names, and variable names; and XML element tags

This icon indicates a tip, suggestion, or general note.

This icon indicates a warning or caution.

Request for Comments

Please address comments and questions concerning this book to the publisher:

O’Reilly & Associates, Inc.

1005 Gravenstein Highway North

Sebastopol, CA 95472

(800) 998-9938 (in the United States or Canada)

(707) 829-0515 (international/local)

(707) 829-0104 (fax)

There is a web page for this book, which lists errata, examples, or any additional information. You can

access this page at:

http://www.oreilly.com/catalog/bssrvrlnx/

To comment or ask technical questions about this book, send email to:

bookquestions@oreilly.com

For more information about books, conferences, Resource Centers, and the O’Reilly Network, see the

O’Reilly web site at:

http://www.oreilly.com

Acknowledgments

For the most part, my writing career has centered on describing how to implement and use software that I

didn’t write. I am therefore much indebted to and even a little in awe of the hundreds of outstanding

programmers who create the operating systems and applications I use and write about. They are the

rhinoceroses whose backs I peck for insects.

As if I weren’t beholden to those programmers already, I routinely seek and receive first-hand advice and

information directly from them. Among these generous souls are Jay Beale of the Bastille Linux project, Ron

Forrester of Tripwire Open Source, Balazs "Bazsi" Scheidler of Syslog-ng and Zorp renown, and Renaud

Deraison of the Nessus project.

Special thanks go to Dr. Wietse Venema of the IBM T.J. Watson Research Center for reviewing and helping

me correct the SMTP chapter. Not to belabor the point, but I find it remarkable that people who already

volunteer so much time and energy to create outstanding free software also tend to be both patient and

generous in returning email from complete strangers.

Bill Lubanovic wrote the section on djbdns in Chapter 4 , and all of Chapter 6 , — brilliantly, in my humble

opinion. Bill has added a great deal of real-world experience, skill, and humor to those two chapters. I could

not have finished this book on schedule (and its web security chapter, in particular, would be less

convincing!) without Bills contributions.

I absolutely could not have survived juggling my day job, fatherly duties, magazine column, and resulting

sleep deprivation without an exceptionally patient and energetic wife. This book therefore owes its very

existence to Felice Amato Bauer. Im grateful to her for, among many other things, encouraging me to

pursue my book proposal and then for pulling a good deal of my parental weight in addition to her own after

the proposal was accepted and I was obliged to actually write the thing.

Linux Journal and its publisher, Specialized Systems Consultants Inc., very graciously allowed me to adapt a

number of my "Paranoid Penguin" columns for inclusion in this book: Chapter 1 through Chapter 5 , plus

Chapter 8 , Chapter 10 , and Chapter 11 contain (or are descended from) such material. It has been and

continues to be a pleasure to write for Linux Journal , and its safe to say that I wouldnt have had enough

credibility as a writer to get this book published had it not been for them.

My approach to security has been strongly influenced by two giants of the field whom I also want to thank:

Bruce Schneier, to whom we all owe a great debt for his ongoing contributions not only to security

technology but, even more importantly, to security thinking ; and Dr. Martin R. Carmichael, whose

irresistible passion for and unique outlook on what constitutes good security has had an immeasurable

impact on my work.

It should but wont go without saying that Im very grateful to Andy Oram and OReilly & Associates for this

opportunity and for their marvelous support, guidance, and patience. The impressions many people have of

OReilly as being stupendously savvy, well-organized, technologically superior, and in all ways hip are

completely accurate.

A number of technical reviewers also assisted in fact checking and otherwise keeping me honest. Rik

Farrow, Bradford Willke, and Joshua Ball, in particular, helped immensely to improve the books accuracy

and usefulness.

Finally, in the inevitable amorphous list, I want to thank the following valued friends and colleagues, all of

whom have aided, abetted, and encouraged me as both a writer and as a "netspook": Dr. Dennis R. Guster at

St. Cloud State University; KoniKaye and Jerry Jeschke at Upstream Solutions; Steve Rose at Vector

Internet Services (who hired me way before I knew anything useful); David W. Stacy of St. Jude Medical;

the entire SAE Design Team (you know who you are — or do you? ); Marty J. Wolf at Bemidji State

University; John B. Weaver (whom nobody initially believes can possibly be that cool, but they soon realize

he can `cause he is); the Reverend Gonzo at Musicscene.org; Richard Vernon and Don Marti at Linux

Journal ; Jay Gustafson of Ingenious Networks; Tim N. Shea (who, in my day job, had the thankless task of

standing in for me while I finished this book), and, of course, my dizzyingly adept pals Brian Gilbertson,

Paul Cole, Tony Stieber, and Jeffrey Dunitz.

O'Reilly - Building Secure Servers with Linux.pdf

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: