Security Guide Red Hat Enterprise Linux 7 En US
User Manual:
Open the PDF directly: View PDF
Page Count: 261 [warning: Documents this large are best viewed by clicking the View PDF Link!]
- Table of Contents
- CHAPTER 1. OVERVIEW OF SECURITY TOPICS
- CHAPTER 2. SECURITY TIPS FOR INSTALLATION
- CHAPTER 3. KEEPING YOUR SYSTEM UP-TO-DATE
- CHAPTER 4. HARDENING YOUR SYSTEM WITH TOOLS AND SERVICES
- 4.1. DESKTOP SECURITY
- 4.2. CONTROLLING ROOT ACCESS
- 4.3. SECURING SERVICES
- 4.3.1. Risks To Services
- 4.3.2. Identifying and Configuring Services
- 4.3.3. Insecure Services
- 4.3.4. Securing rpcbind
- 4.3.5. Securing rpc.mountd
- 4.3.6. Securing NIS
- 4.3.7. Securing NFS
- 4.3.8. Securing HTTP Servers
- 4.3.9. Securing FTP
- 4.3.10. Securing Postfix
- 4.3.11. Securing SSH
- 4.3.12. Securing PostgreSQL
- 4.3.13. Securing Docker
- 4.4. SECURING NETWORK ACCESS
- 4.5. SECURING DNS TRAFFIC WITH DNSSEC
- 4.5.1. Introduction to DNSSEC
- 4.5.2. Understanding DNSSEC
- 4.5.3. Understanding Dnssec-trigger
- 4.5.4. VPN Supplied Domains and Name Servers
- 4.5.5. Recommended Naming Practices
- 4.5.6. Understanding Trust Anchors
- 4.5.7. Installing DNSSEC
- 4.5.8. Using Dnssec-trigger
- 4.5.9. Using dig With DNSSEC
- 4.5.10. Setting up Hotspot Detection Infrastructure for Dnssec-trigger
- 4.5.11. Configuring DNSSEC Validation for Connection Supplied Domains
- 4.5.12. Additional Resources
- 4.6. SECURING VIRTUAL PRIVATE NETWORKS (VPNS) USING LIBRESWAN
- 4.6.1. Installing Libreswan
- 4.6.2. Creating VPN Configurations Using Libreswan
- 4.6.3. Creating Host-To-Host VPN Using Libreswan
- 4.6.4. Configuring Site-to-Site VPN Using Libreswan
- 4.6.5. Configuring Site-to-Site Single Tunnel VPN Using Libreswan
- 4.6.6. Configuring Subnet Extrusion Using Libreswan
- 4.6.7. Configuring IKEv2 Remote Access VPN Libreswan
- 4.6.8. Configuring IKEv1 Remote Access VPN Libreswan and XAUTH with X.509
- 4.6.9. Using the Protection against Quantum Computers
- 4.6.10. Additional Resources
- 4.7. USING OPENSSL
- 4.8. USING STUNNEL
- 4.9. ENCRYPTION
- 4.10. USING NETWORK-BOUND DISK ENCRYPTION
- 4.10.1. Deploying a Tang server
- 4.10.2. Deploying an Encryption Client
- 4.10.3. Configuring Manual Enrollment of Root Volumes
- 4.10.4. Configuring Automated Enrollment Using Kickstart
- 4.10.5. Configuring Automated Unlocking of Removable Storage Devices
- 4.10.6. Configuring Automated Unlocking of Non-root Volumes at Boot Time
- 4.10.7. Deploying Virtual Machines in a NBDE Network
- 4.10.8. Building Automatically-enrollable VM Images for Cloud Environments
- 4.10.9. Additional Resources
- 4.11. CHECKING INTEGRITY WITH AIDE
- 4.12. USING USBGUARD
- 4.13. HARDENING TLS CONFIGURATION
- 4.14. USING SHARED SYSTEM CERTIFICATES
- 4.15. USING MACSEC
- 4.16. REMOVING DATA SECURELY USING SCRUB
- CHAPTER 5. USING FIREWALLS
- 5.1. GETTING STARTED WITH FIREWALLD
- 5.2. INSTALLING THE FIREWALL-CONFIG GUI CONFIGURATION TOOL
- 5.3. VIEWING THE CURRENT STATUS AND SETTINGS OF FIREWALLD
- 5.4. STARTING FIREWALLD
- 5.5. STOPPING FIREWALLD
- 5.6. CONTROLLING TRAFFIC
- 5.6.1. Predefined Services
- 5.6.2. Disabling All Traffic in Case of Emergency using CLI
- 5.6.3. Controlling Traffic with Predefined Services using CLI
- 5.6.4. Controlling Traffic with Predefined Services using GUI
- 5.6.5. Adding New Services
- 5.6.6. Controlling Ports using CLI
- 5.6.7. Opening Ports using GUI
- 5.6.8. Controlling Traffic with Protocols using GUI
- 5.6.9. Opening Source Ports using GUI
- 5.7. WORKING WITH ZONES
- 5.7.1. Listing Zones
- 5.7.2. Modifying firewalld Settings for a Certain Zone
- 5.7.3. Changing the Default Zone
- 5.7.4. Assigning a Network Interface to a Zone
- 5.7.5. Assigning a Default Zone to a Network Connection
- 5.7.6. Creating a New Zone
- 5.7.7. Creating a New Zone using a Configuration File
- 5.7.8. Using Zone Targets to Set Default Behavior for Incoming Traffic
- 5.8. USING ZONES TO MANAGE INCOMING TRAFFIC DEPENDING ON SOURCE
- 5.9. PORT FORWARDING
- 5.10. CONFIGURING IP ADDRESS MASQUERADING
- 5.11. MANAGING ICMP REQUESTS
- 5.12. SETTING AND CONTROLLING IP SETS USING FIREWALLD
- 5.13. SETTING AND CONTROLLING IP SETS USING IPTABLES
- 5.14. USING THE DIRECT INTERFACE
- 5.15. CONFIGURING COMPLEX FIREWALL RULES WITH THE "RICH LANGUAGE" SYNTAX
- 5.15.1. Formatting of the Rich Language Commands
- 5.15.2. Understanding the Rich Rule Structure
- 5.15.3. Understanding the Rich Rule Command Options
- 5.15.4. Using the Rich Rule Log Command
- 5.15.4.1. Using the Rich Rule Log Command Example 1
- 5.15.4.2. Using the Rich Rule Log Command Example 2
- 5.15.4.3. Using the Rich Rule Log Command Example 3
- 5.15.4.4. Using the Rich Rule Log Command Example 4
- 5.15.4.5. Using the Rich Rule Log Command Example 5
- 5.15.4.6. Using the Rich Rule Log Command Example 6
- 5.16. CONFIGURING FIREWALL LOCKDOWN
- 5.17. CONFIGURING LOGGING FOR DENIED PACKETS
- 5.18. ADDITIONAL RESOURCES
- CHAPTER 6. SYSTEM AUDITING
- Use Cases
- 6.1. AUDIT SYSTEM ARCHITECTURE
- 6.2. INSTALLING THE AUDIT PACKAGES
- 6.3. CONFIGURING THE AUDIT SERVICE
- 6.4. STARTING THE AUDIT SERVICE
- 6.5. DEFINING AUDIT RULES
- 6.5.1. Defining Audit Rules with auditctl
- Defining Control Rules
- Defining File System Rules
- Defining System Call Rules
- 6.5.2. Defining Executable File Rules
- 6.5.3. Defining Persistent Audit Rules and Controls in the /etc/audit/audit.rules File
- Defining Control Rules
- Defining File System and System Call Rules
- Preconfigured Rules Files
- Using augenrules to Define Persistent Rules
- 6.6. UNDERSTANDING AUDIT LOG FILES
- 6.7. SEARCHING THE AUDIT LOG FILES
- 6.8. CREATING AUDIT REPORTS
- 6.9. ADDITIONAL RESOURCES
- CHAPTER 7. COMPLIANCE AND VULNERABILITY SCANNING WITH OPENSCAP
- 7.1. SECURITY COMPLIANCE IN RED HAT ENTERPRISE LINUX
- 7.2. DEFINING COMPLIANCE POLICY
- 7.3. USING SCAP WORKBENCH
- 7.4. USING OSCAP
- 7.5. USING OPENSCAP WITH DOCKER
- 7.6. USING OPENSCAP WITH THE ATOMIC SCAN COMMAND
- 7.7. USING OPENSCAP WITH ANSIBLE
- 7.8. USING OPENSCAP WITH RED HAT SATELLITE
- 7.9. PRACTICAL EXAMPLES
- 7.10. ADDITIONAL RESOURCES
- CHAPTER 8. FEDERAL STANDARDS AND REGULATIONS
- APPENDIX A. ENCRYPTION STANDARDS
- APPENDIX B. AUDIT SYSTEM REFERENCE
- APPENDIX C. REVISION HISTORY