Table of Contents

Part I: SUSE Server Installation and Configuration

CHAPTER 1: Installing SUSE LINUX Enterprise Server

Installation Methods and Overview

CD-ROM–Based Installation

VNC-Based Installation

Network-Based Installation

AutoYaST-Based Installation

Pre-Installation Planning

Ten Easy Steps to SLES 9 Installation

Selecting an Installation Method

Selecting the Language

Choosing Installation Settings

Preparing the Hard Disks

Configuring the System

Specifying Network Settings

Applying Online Updates

Configuring Services

Configuring User Information

Configuring Hardware

Troubleshooting

Summary

CHAPTER 2: Updating the Server

Maintaining Your System Configuration

SuSEconfig

YaST (Yet another Setup Tool)

Adding and Removing Packages

Installing a Package

Removing a Package or Subcomponents

Adding and Removing Hardware

Preparations

Adding a Disk

Changing Network Configuration

Network Parameters

Using YaST to Manage the Network Configuration

Summary

CHAPTER 3: Booting and Shutting Down the Server

Boot Loaders

LILO

Grub

Kernel Boot

init and Understanding Runlevels

System Shutdown

Emergency Boot and Recovery

Summary

Part II: User Access and Security Management

CHAPTER 4: User and Group Administration

User and Group IDs

User and Group Data Files

The /etc/passwd File

The /etc/shadow File

The /etc/group File

User Account and Group Management Applications

Creating and Editing User Accounts

Setting Default User Account Properties

Creating and Editing Groups

Security Considerations

Using Strong Passwords

Auditing Default Accounts

The Root Account

User in Too Many Groups?

Summary

CHAPTER 5: User Environment Management and Security

Account Auditing

Configuring the User Environment

Default Shell

Login Scripts and Environment Variables

User Resource Management

Authentication Using PAM

PAM Module Configuration

Resource Management

Access Time Management

Quota Management

su or sudo

Summary

CHAPTER 6: Filesystem Security

A Review of File and Directory Permissions

Changing Permissions

Changing User and Group Ownership

Security Considerations

Default Access Permissions

Special File Permissions

Security Implications of SUID/SGID

SGID and File Sharing

A SUID Sample Program

Securing Against SUID Programs

Sticky Business

Extended Attributes

Data and Filesystem Encryption

Secure File Deletion

Journaled Filesystems

Summary

CHAPTER 7: System Management and Monitoring

Common Linux Commands

Basic Commands

Additional Tools

The root Filesystem

Health Checks and System Monitoring

Machine Uptime

Log Review

Top Consumers

Application Check

System Resource Check

User Login Activity

System Tuning

Tuning Kernel Parameters

Tuning Filesystem Access

Summary

Part III: Data Backup and Disaster Recovery

CHAPTER 8: Network Services

Angels and Daemons

Configuring xinetd

The /etc/xinetd.conf File

Applying Access Control

Security Considerations

Network Time Services

Configuring the NTP Client

Troubleshooting Tips

Email Services

File Transfer Services

Using Pure-FTPd

Using vsftpd

Using the Standard TFTP Server

Network File-Sharing Services

Setting Up an NFS Server

Setting Up an Samba Server

Remote Management Services

Telnet

ssh

VNC and XDMCP

Securing System Management Conversations

Restricting Connections by IP Address

A Secure System Management Environment

Network Name Services

Samba

Service Location Protocol (SLP)

Domain Name Service (DNS)

Dynamic Host Configuration Protocol (DHCP)

DNS and DHCP

Web Services

Authentication Services

Network Information Services (NIS)

Samba Domains

Lightweight Directory Access Protocol (LDAP)

Kerberos

Summary

CHAPTER 9: Printing Services

Printer Configuration

Local Printers

Network Printers

Adding a Local Printer

Adding a Network Printer

Print Job Lifecycle

Job Spooling

Applying Filters

Printing the Information

Queue Management

YaST Queue Configuration

Command-Line Queue Configuration

Printer Queue Basics

The CUPS Web Interface

Summary

CHAPTER 10: Data Backup and Disaster Recovery

A Look at Backup Strategies

Implementing a Backup Strategy

Grandfather-Father-Son Rotation Method

Tower of Hanoi Rotation Method

Some Tips and Tricks

Database Backups: Cold or Hot?

Backup and Restore Tools

Making Tarballs

Archiving Data with cpio

Converting and Copying Data Using dd

Using dump and restore

Data Mirroring Using rsync

YaST’s System Backup and Restore Modules

Getting to Know AMANDA

Scheduling Backups

Commercial Backup Products

SLES Boot and Rescue Disks

Summary

Part IV: Securing Your SUSE Server

CHAPTER 11: Network Security Concepts

Corporate Security Policies

Physical Security

User Accounts

Strong Passwords

Remote Access

Firewalls

Acceptable Use Policy

Information Protection

Incident Response

Summary

CHAPTER 12: Intrusion Detection

Defining Intrusions

Reducing Your Target Size

Vulnerability Assessments

nmap

Nessus

Detecting a Network-based Intrusion

Know Your Traffic, Tune Your Firewall

Network Intrusion Detection Systems

Snort

Analysis Console for Intrusion Databases

Detecting a Host Intrusion

Log Files

chkrootkit

Advanced Intrusion Detection Environment (AIDE)

Additional Tools

Scan Detection Tools

MRTG and Cacti

Ethereal

Summary

CHAPTER 13: System Security

System Hardening Principles

Using a Central syslog Server

Hardening the Central Syslog Host

A Stealth Logging Host

Avoid Logging in As Root

Securing Network Services

Hardening Remote Services

Limiting Rights of Services

Using chroot Jails and User Mode Linux

Packet Filtering Using iptables

Hardening Your Physical Network Infrastructure

Wireless Security

System Hardening Packages

Automating SLES Hardening

Learning More About Threats

Summary

Part V: Appendixes

APPENDIXES A: Security Certifications

APPENDIXES B: Resources

Linux Editors

Website Resources

Security and Linux-Related Websites

SUSE-Specific Newsgroups and Websites

Index