Security Guide Red Hat Enterprise Linux 7
Red%20Hat%20Enterprise%20Linux%207%20Security%20Guide
User Manual:
Open the PDF directly: View PDF
Page Count: 238 [warning: Documents this large are best viewed by clicking the View PDF Link!]
- Table of Contents
- Chapter 1. Overview of Security Topics
- Chapter 2. Security Tips for Installation
- Chapter 3. Keeping Your System Up-to-Date
- Chapter 4. Hardening Your System with Tools and Services
- 4.1. Desktop Security
- 4.2. Controlling Root Access
- 4.3. Securing Services
- 4.3.1. Risks To Services
- 4.3.2. Identifying and Configuring Services
- 4.3.3. Insecure Services
- 4.3.4. Securing rpcbind
- 4.3.5. Securing rpc.mountd
- 4.3.6. Securing NIS
- 4.3.7. Securing NFS
- 4.3.8. Securing the Apache HTTP Server
- 4.3.9. Securing FTP
- 4.3.10. Securing Postfix
- 4.3.11. Securing SSH
- 4.3.12. Securing PostgreSQL
- 4.3.13. Securing Docker
- 4.4. Securing Network Access
- 4.5. Using Firewalls
- 4.5.1. Introduction to firewalld
- 4.5.2. Installing firewalld
- 4.5.3. Configuring firewalld
- 4.5.3.1. Configuring firewalld Using The Graphical User Interface
- 4.5.3.2. Configuring the Firewall Using the firewall-cmd Command-Line Tool
- 4.5.3.3. Viewing the Firewall Settings Using the Command-Line Interface (CLI)
- 4.5.3.4. Changing the Firewall Settings Using the Command-Line Interface (CLI)
- 4.5.3.5. Configuring the Firewall Using XML Files
- 4.5.3.6. Using the Direct Interface
- 4.5.3.7. Configuring Complex Firewall Rules with the "Rich Language" Syntax
- 4.5.3.8. Firewall Lockdown
- 4.5.3.9. Configuring Logging for Denied Packets
- 4.5.4. Using the iptables Service
- 4.5.5. Additional Resources
- 4.6. Securing DNS Traffic with DNSSEC
- 4.6.1. Introduction to DNSSEC
- 4.6.2. Understanding DNSSEC
- 4.6.3. Understanding Dnssec-trigger
- 4.6.4. VPN Supplied Domains and Name Servers
- 4.6.5. Recommended Naming Practices
- 4.6.6. Understanding Trust Anchors
- 4.6.7. Installing DNSSEC
- 4.6.8. Using Dnssec-trigger
- 4.6.9. Using dig With DNSSEC
- 4.6.10. Setting up Hotspot Detection Infrastructure for Dnssec-trigger
- 4.6.11. Configuring DNSSEC Validation for Connection Supplied Domains
- 4.6.12. Additional Resources
- 4.7. Securing Virtual Private Networks (VPNs)
- 4.7.1. IPsec VPN Using Libreswan
- 4.7.2. VPN Configurations Using Libreswan
- 4.7.3. Host-To-Host VPN Using Libreswan
- 4.7.4. Site-to-Site VPN Using Libreswan
- 4.7.5. Site-to-Site Single Tunnel VPN Using Libreswan
- 4.7.6. Subnet Extrusion Using Libreswan
- 4.7.7. Road Warrior Application Using Libreswan
- 4.7.8. Road Warrior Application Using Libreswan and XAUTH with X.509
- 4.7.9. Additional Resources
- 4.8. Using OpenSSL
- 4.8.1. Creating and Managing Encryption Keys
- 4.8.2. Generating Certificates
- 4.8.3. Verifying Certificates
- 4.8.4. Encrypting and Decrypting a File
- 4.8.5. Generating Message Digests
- 4.8.6. Generating Password Hashes
- 4.8.7. Generating Random Data
- 4.8.8. Benchmarking Your System
- 4.8.9. Configuring OpenSSL
- 4.9. Using stunnel
- 4.10. Encryption
- 4.10.1. Using LUKS Disk Encryption
- Overview of LUKS
- 4.10.1.1. LUKS Implementation in Red Hat Enterprise Linux
- 4.10.1.2. Manually Encrypting Directories
- 4.10.1.3. Add a New Passphrase to an Existing Device
- 4.10.1.4. Remove a Passphrase from an Existing Device
- 4.10.1.5. Creating Encrypted Block Devices in Anaconda
- 4.10.1.6. Additional Resources
- 4.10.2. Creating GPG Keys
- 4.10.3. Using openCryptoki for Public-Key Cryptography
- 4.10.4. Using Smart Cards to Supply Credentials to OpenSSH
- 4.10.5. Trusted and Encrypted Keys
- 4.10.6. Using the Random Number Generator
- 4.10.1. Using LUKS Disk Encryption
- 4.11. Hardening TLS Configuration
- 4.12. Using MACsec (IEEE 802.1AE)
- Chapter 5. System Auditing
- Use Cases
- 5.1. Audit System Architecture
- 5.2. Installing the audit Packages
- 5.3. Configuring the audit Service
- 5.4. Starting the audit Service
- 5.5. Defining Audit Rules
- 5.5.1. Defining Audit Rules with auditctl
- Defining Control Rules
- Defining File System Rules
- Defining System Call Rules
- 5.5.2. Defining Executable File Rules
- 5.5.3. Defining Persistent Audit Rules and Controls in the /etc/audit/audit.rules File
- Defining Control Rules
- Defining File System and System Call Rules
- Preconfigured Rules Files
- 5.6. Understanding Audit Log Files
- 5.7. Searching the Audit Log Files
- 5.8. Creating Audit Reports
- 5.9. Additional Resources
- Chapter 6. Compliance and Vulnerability Scanning with OpenSCAP
- 6.1. Security Compliance in Red Hat Enterprise Linux
- 6.2. Defining Compliance Policy
- 6.3. Using SCAP Workbench
- 6.4. Using oscap
- 6.5. Using OpenSCAP with Docker
- 6.6. Using OpenSCAP with Atomic
- 6.7. Using OpenSCAP with Red Hat Satellite
- 6.8. Practical Examples
- 6.9. Additional Resources
- Chapter 7. Federal Standards and Regulations
- Appendix A. Encryption Standards
- Appendix B. Audit System Reference
- Appendix C. Revision History