SUSE Linux Enterprise Server 11 SP1 May 11, it, security
[ Pobierz całość w formacie PDF ]
//-->SUSE Linux EnterpriseServer11 SP1May 11, 2010www.novell.comSecurity GuideSecurity GuideAll content is copyright © 2006–2010 Novell, Inc. All rights reserved.Legal NoticeThis manual is protected under Novell intellectual property rights. By reproducing, duplicating ordistributing this manual you explicitly agree to conform to the terms and conditions of this licenseagreement.This manual may be freely reproduced, duplicated and distributed either as such or as part of a bundledpackage in electronic and/or printed format, provided however that the following conditions are ful-filled:That this copyright notice and the names of authors and contributors appear clearly and distinctivelyon all reproduced, duplicated and distributed copies. That this manual, specifically for the printedformat, is reproduced and/or distributed for noncommercial use only. The express authorization ofNovell, Inc must be obtained prior to any other use of any manual or part thereof.For Novell trademarks, see the Novell Trademark and Service Mark list.com/company/legal/trademarks/tmlist.html.* Linux is a registered trademark ofLinus Torvalds. All other third party trademarks are the property of their respective owners. A trademarksymbol (®, ™ etc.) denotes a Novell trademark; an asterisk (*) denotes a third party trademark.All information found in this book has been compiled with utmost attention to detail. However, thisdoes not guarantee complete accuracy. Neither Novell, Inc., SUSE LINUX Products GmbH, the authors,nor the translators shall be held liable for possible errors or the consequences thereof.ContentsAbout This Guide1 Security and Confidentiality1.11.21.3Local Security and Network Security . . . . . . . . . . . . . . . . .Some General Security Tips and Tricks . . . . . . . . . . . . . . . .Using the Central Security Reporting Address . . . . . . . . . . . . .xi121013Part I Authentication2 Authentication with PAM2.12.22.32.42.52.6What is PAM? . . . . . . . . . .Structure of a PAM Configuration FileThe PAM Configuration of sshd . . .Configuration of PAM Modules . . .Configuring PAM Using pam-config .For More Information . . . . . . .................................................................................................15171718212325263 Using NIS3.13.2Configuring NIS Servers . . . . . . . . . . . . . . . . . . . . . .Configuring NIS Clients . . . . . . . . . . . . . . . . . . . . . .2929354 LDAP—A Directory Service4.14.24.34.4LDAP versus NIS . . . . . . . . .Structure of an LDAP Directory Tree .Configuring an LDAP Server with YaSTConfiguring an LDAP Client with YaST. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .37383942514.54.64.74.84.9Configuring LDAP Users and Groups in YaST .Browsing the LDAP Directory Tree . . . . .Manually Configuring an LDAP Server . . .Manually Administering LDAP Data . . . .For More Information . . . . . . . . . ..................................................................59616263675 Active Directory Support5.15.25.35.45.5Integrating Linux and AD Environments . . . .Background Information for Linux AD SupportConfiguring a Linux Client for Active DirectoryLogging In to an AD Domain . . . . . . . .Changing Passwords . . . . . . . . . . . .............................................................6969707679816 Network Authentication with Kerberos6.16.26.36.46.5Kerberos Terminology . . . . . . .How Kerberos Works . . . . . . .Users' View of Kerberos . . . . . .Installing and Administering KerberosFor More Information . . . . . . .................................................................8384858889110. . . . . . . . . . . . . . .7 Using the Fingerprint Reader7.17.2Supported Applications and Actions . . . . . . . . . . . . . . . .Managing Fingerprints with YaST . . . . . . . . . . . . . . . . . .111111112Part II Local Security8 Configuring Security Settings with YaST8.18.28.38.48.58.68.7Security Overview. . . . . . .Predefined Security ConfigurationsPassword Settings. . . . . . .Boot Settings . . . . . . . . .Login Settings . . . . . . . . .User Addition . . . . . . . . .Miscellaneous Settings . . . . ........................................................................................................................1151171171181191201201211219 PolicyKit9.19.29.3Available Policies and Supported Applications . . . . . . . . . . . .Authorization Types . . . . . . . . . . . . . . . . . . . . . . .Modifying and Setting Privileges . . . . . . . . . . . . . . . . . .1231231241261 0 Access Control Lists in Linux10.110.210.310.410.510.6Traditional File PermissionsAdvantages of ACLs . . .Definitions . . . . . . .Handling ACLs . . . . . .ACL Support in ApplicationsFor More Information . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .. . . .1351351371371381461471 1 Encrypting Partitions and Files11.111.211.3Setting Up an Encrypted File System with YaST . . . . . . . . . . . .Using Encrypted Home Directories . . . . . . . . . . . . . . . . .Using vi to Encrypt Single ASCII Text Files . . . . . . . . . . . . . .1491501531541 2 Certificate Store12.112.2Activating Certificate Store . . . . . . . . . . . . . . . . . . . .Importing Certificates . . . . . . . . . . . . . . . . . . . . . .1551551561 3 Intrusion Detection with AIDE13.113.213.313.413.5Why Using AIDE? . . . . .Setting Up an AIDE DatabaseLocal AIDE Checks . . . . .System Independent CheckingFor More Information . . ................................................................................................157157158160161163Part III Network Security1 4 SSH: Secure Network Operations14.114.214.314.414.514.614.714.8The OpenSSH Package . . . . . . . . . .The ssh Program . . . . . . . . . . . . .scp—Secure Copy . . . . . . . . . . . .sftp—Secure File Transfer . . . . . . . . .The SSH Daemon (sshd)—Server-Side . . . .SSH Authentication Mechanisms . . . . . .X, Authentication, and Forwarding MechanismsConfiguring An SSH Daemon with YaST . . .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .1651671671681681691691701721731 5 Masquerading and Firewalls15.115.2Packet Filtering with iptables . . . . . . . . . . . . . . . . . . . .Masquerading Basics . . . . . . . . . . . . . . . . . . . . . . .175175178
[ Pobierz całość w formacie PDF ]