Security Guide Red Hat Enterprise Linux 6 En US
Red_Hat_Enterprise_Linux-6-Security_Guide-en-US
User Manual: Pdf
Open the PDF directly: View PDF
Page Count: 243 [warning: Documents this large are best viewed by clicking the View PDF Link!]
- Table of Contents
- CHAPTER 1. SECURITY OVERVIEW
- CHAPTER 2. SECURING YOUR NETWORK
- 2.1. WORKSTATION SECURITY
- 2.1.1. Evaluating Workstation Security
- 2.1.2. BIOS and Boot Loader Security
- 2.1.3. Password Security
- 2.1.4. Creating User Passwords Within an Organization
- 2.1.5. Locking Inactive Accounts
- 2.1.6. Customizing Access Control
- 2.1.7. Time-based Restriction of Access
- 2.1.8. Applying Account Limits
- 2.1.9. Administrative Controls
- 2.1.10. Session Locking
- 2.1.11. Available Network Services
- 2.1.12. Personal Firewalls
- 2.1.13. Security Enhanced Communication Tools
- 2.1.14. Enforcing Read-Only Mounting of Removable Media
- 2.2. SERVER SECURITY
- 2.2.1. Securing Services With TCP Wrappers and xinetd
- 2.2.2. Securing Portmap
- 2.2.3. Securing NIS
- 2.2.4. Securing NFS
- 2.2.5. Securing the Apache HTTP Server
- 2.2.6. Securing FTP
- 2.2.7. Securing Postfix
- 2.2.8. Securing Sendmail
- 2.2.9. Verifying Which Ports Are Listening
- 2.2.10. Disable Source Routing
- 2.2.11. Reverse Path Forwarding
- 2.3. SINGLE SIGN-ON (SSO)
- 2.4. PLUGGABLE AUTHENTICATION MODULES (PAM)
- 2.5. KERBEROS
- 2.6. TCP WRAPPERS AND XINETD
- 2.7. SECURING VIRTUAL PRIVATE NETWORKS (VPNS)
- 2.7.1. IPsec VPN Using Libreswan
- 2.7.2. VPN Configurations Using Libreswan
- 2.7.3. Host-To-Host VPN Using Libreswan
- 2.7.4. Site-to-Site VPN Using Libreswan
- 2.7.5. Site-to-Site Single Tunnel VPN Using Libreswan
- 2.7.6. Subnet Extrusion Using Libreswan
- 2.7.7. Road Warrior Access VPN Using Libreswan
- 2.7.8. Road Warrior Access VPN Using Libreswan and XAUTH with X.509
- 2.7.9. Additional Resources
- 2.8. FIREWALLS
- 2.1. WORKSTATION SECURITY
- CHAPTER 3. ENCRYPTION
- 3.1. DATA AT REST
- 3.1.1. Full Disk Encryption
- 3.1.2. File-Based Encryption
- 3.1.3. LUKS Disk Encryption
- Overview of LUKS
- 3.1.3.1. LUKS Implementation in Red Hat Enterprise Linux
- 3.1.3.2. Manually Encrypting Directories
- 3.1.3.3. Adding a New Passphrase to an Existing Device
- 3.1.3.4. Removing a Passphrase from an Existing Device
- 3.1.3.5. Creating Encrypted Block Devices in Anaconda
- 3.1.3.6. Additional Resources
- 3.2. DATA IN MOTION
- 3.3. OPENSSL INTEL AES-NI ENGINE
- 3.4. USING THE RANDOM NUMBER GENERATOR
- 3.5. GNU PRIVACY GUARD (GPG)
- 3.6. USING STUNNEL
- 3.7. HARDENING TLS CONFIGURATION
- 3.1. DATA AT REST
- CHAPTER 4. GENERAL PRINCIPLES OF INFORMATION SECURITY
- CHAPTER 5. SECURE INSTALLATION
- CHAPTER 6. SOFTWARE MAINTENANCE
- CHAPTER 7. SYSTEM AUDITING
- Use Cases
- 7.1. AUDIT SYSTEM ARCHITECTURE
- 7.2. INSTALLING THE AUDIT PACKAGES
- 7.3. CONFIGURING THE AUDIT SERVICE
- 7.4. STARTING THE AUDIT SERVICE
- 7.5. DEFINING AUDIT RULES
- 7.5.1. Defining Audit Rules with the auditctl Utility
- Defining Control Rules
- Defining File System Rules
- Defining System Call Rules
- 7.5.2. Defining Persistent Audit Rules and Controls in the /etc/audit/audit.rules File
- Defining Control Rules
- Defining File System and System Call Rules
- Preconfigured Rules Files
- 7.6. UNDERSTANDING AUDIT LOG FILES
- 7.7. SEARCHING THE AUDIT LOG FILES
- 7.8. CREATING AUDIT REPORTS
- 7.9. CONFIGURING PAM FOR AUDITING
- 7.10. ADDITIONAL RESOURCES
- CHAPTER 8. COMPLIANCE AND VULNERABILITY SCANNING WITH OPENSCAP
- CHAPTER 9. CHECKING INTEGRITY WITH AIDE
- CHAPTER 10. FEDERAL STANDARDS AND REGULATIONS
- CHAPTER 11. REFERENCES
- APPENDIX A. ENCRYPTION STANDARDS
- APPENDIX B. AUDIT SYSTEM REFERENCE
- APPENDIX C. REVISION HISTORY