Red_Hat_Enterprise_Linux-7-Security_Guide-en-US.pdf

(6317 KB) Pobierz
Red Hat Enterprise Linux 7
Security Guide
A Guide to Securing Red Hat Enterprise Linux 7
Martin Prpič
Yoana Ruseva
Tomáš Čapek
Miroslav Svoboda
Stephen Wadeley
Robert Krátk�½
Red Hat Enterprise Linux 7 Security Guide
A Guide to Securing Red Hat Enterprise Linux 7
Martin Prpič
Red Hat Engineering Co ntent Services
mprpic@redhat.co m
To máš Čapek
Red Hat Engineering Co ntent Services
tcapek@redhat.co m
Stephen Wadeley
Red Hat Engineering Co ntent Services
swadeley@redhat.co m
Yo ana Ruseva
Red Hat Engineering Co ntent Services
yruseva@redhat.co m
Miro slav Svo bo da
Red Hat Engineering Co ntent Services
msvo bo da@redhat.co m
Ro bert Krátk�½
Red Hat Engineering Co ntent Services
rkratky@redhat.co m
Legal Notice
Copyright © 2013 Red Hat, Inc.
T his document is licensed by Red Hat under the
Creative Commons Attribution-ShareAlike 3.0 Unported
License.
If you distribute this document, or a modified version of it, you must provide attribution to Red
Hat, Inc. and provide a link to the original. If the document is modified, all Red Hat trademarks must be
removed.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section
4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity Logo,
and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux ® is the registered trademark of Linus T orvalds in the United States and other countries.
Java ® is a registered trademark of Oracle and/or its affiliates.
XFS ® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States
and/or other countries.
MySQL ® is a registered trademark of MySQL AB in the United States, the European Union and other
countries.
Node.js ® is an official trademark of Joyent. Red Hat Software Collections is not formally related to or
endorsed by the official Joyent Node.js open source or commercial project.
T he OpenStack ® Word Mark and OpenStack Logo are either registered trademarks/service marks or
trademarks/service marks of the OpenStack Foundation, in the United States and other countries and
are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or
sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.
Abstract
T his book assists users and administrators in learning the processes and practices of securing
workstations and servers against local and remote intrusion, exploitation, and malicious activity. Focused
on Red Hat Enterprise Linux but detailing concepts and techniques valid for all Linux systems, this guide
details the planning and the tools involved in creating a secured computing environment for the data
center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems
running Linux can be both fully functional and secured from most common intrusion and exploit methods.
Table of Contents
Table of Contents
C . . . . . . . Overview . . Security T . . . .
. .hapter. 1. . . . . . . . . . of . . . . . . . . . .opics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 . . . . . . . .
.
1.1. What is Computer Security?
3
1.2. Security Controls
4
1.3. Vulnerability Assessment
5
1.4. Security T hreats
8
1.5. Common Exploits and Attacks
11
C . . . . . . . Security T . . . . . . . . . . . . . .
. .hapter. 2. . . . . . . . . . .ips .for .Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 . . . . . . . .
..
2.1. Securing BIOS
15
2.2. Partitioning the Disk
15
2.3. Installing the Minimum Amount of Packages Required
16
2.4. Post-installation Procedures
16
2.5. Additional Resources
17
C . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. .hapter. 3. Keeping. Your .System. Up-to-Date . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 . . . . . . . .
..
3.1. Maintaining Installed Software
18
3.2. Using the Red Hat Customer Portal
22
3.3. Additional Resources
23
C . . . . . . Hardening . . . . . . . . . . . . . . T . . . . . . . . . . . . .
. .hapter. 4 . . . . . . . . . . . Your. System. with . .ools.and .Services. . . . . . . . . . . . . . . . . . . . . . . . . .24 . . . . . . . .
..
4 .1. Desktop Security
24
4 .2. Controlling Root Access
31
4 .3. Securing Services
37
4 .4. Securing Network Access
53
4 .5. Using Firewalls
57
4 .6. Securing DNS T raffic with DNSSEC
80
4 .7. Securing Virtual Private Networks (VPNs)
89
4 .8. Using OpenSSL
99
4 .9. Encryption
104
C . . . . . . . System Auditing
. .hapter. 5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .112 . . . . . . . .
...
Use Cases
112
5.1. Audit System Architecture
113
5.2. Installing the audit Packages
114
5.3. Configuring the audit Service
114
5.4. Starting the audit Service
115
5.5. Defining Audit Rules
116
5.6. Understanding Audit Log Files
121
5.7. Searching the Audit Log Files
125
5.8. Creating Audit Reports
126
5.9. Additional Resources
127
C . . . . . . . Compliance and . . . . . . . . . . . . . . . . . . .
. .hapter. 6. . . . . . . . . . . . . . . . Vulnerability. Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .129 . . . . . . . .
...
6.1. Security Compliance in Red Hat Enterprise Linux
129
6.2. Defining Compliance Policy
129
6.3. Using SCAP Workbench
137
6.4. Using oscap
144
6.5. Using OpenSCAP with Red Hat Satellite
150
6.6. Practical Examples
150
6.7. Additional Resources
151
C . . . . . . . Federal . . . . . . . . . . . . Regulations
. .hapter. 7. . . . . . . . .Standards .and . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153 . . . . . . . .
...
7.1. Federal Information Processing Standard (FIPS)
153
7.2. National Industrial Security Program Operating Manual (NISPOM)
155
7.3. Payment Card Industry Data Security Standard (PCI DSS)
155
7.4. Security T echnical Implementation Guide
155
1

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika:

Zgłoś jeśli naruszono regulamin