Lesson 10

Date: 4/2/2014

Basics of Linux Security

Linux for Engineering and IT Applications

System Integrity Checkers

IDS: Host based (tripwire) and Network based (Snort).

Tripwire (System integrity scanner). Creates a chacksum of the system after fresh installation and verifies the it on a regular basis, running through cron.

GNUtar, tar -d (Check for system modifications)

For example,

tar -df DOC.tar DOC

shows how files in directory DOC are different from the archive:
Uid differs
Gid differs
Mod time differs
Size differs

Fundamentals of Linux security
How systems get compromised
Trojan script exercise
Stack overflow
Package upgrades and verification
Open Ports List exercise
Closing Ports
TCP Wrappers exercise
IP filtering firewalls (iptables)
Building iptables rules
Simple iptables script
NAT table
NAT script
Exercises with iptables
Port scanning exercises
GNU Privacy Guard
GPG exercises
Logs
System Integrity checks
GNUtar exercises
References
Take me to the Course Website