Cover
CopyRight
Contributors
Table of Contents
Preface
Section I: Setting up a Secure Linux System
Chapter 1: Running Linux in a Virtual Environment
Looking at the threat landscape
Why do security breaches happen?
Keeping up with security news
Differences between physical, virtual, and cloud setups
Introducing VirtualBox and Cygwin
Installing a virtual machine in VirtualBox
Installing the EPEL repository on the CentOS 7 virtual machine
Installing the EPEL repository on the AlmaLinux 8/9 virtual machines
Configuring a network for VirtualBox virtual machines
Creating a virtual machine snapshot with VirtualBox
Using Cygwin to connect to your virtual machines
Installing Cygwin on your Windows host
Using the Windows 10 SSH client to interface with Linux virtual machines
Using the Windows 11 SSH client to interface with Linux virtual machines
Cygwin versus the Windows shell
Keeping the Linux systems updated
Updating Debian-based systems
Configuring auto updates for Ubuntu
Updating Red Hat 7-based systems
Updating Red Hat 8/9-based systems
Managing updates in an enterprise
Summary
Questions
Further reading
Answers
Chapter 2: Securing Administrative User Accounts
The dangers of logging in as the root user
The advantages of using sudo
Setting up sudo privileges for full administrative users
Adding users to a predefined admin group
Creating an entry in the sudo policy file
Setting up sudo for users with only certain delegated privileges
Hands-on lab for assigning limited sudo privileges
Advanced tips and tricks for using sudo
The sudo timer
View your sudo privileges
Hands-on lab for disabling the sudo timer
Preventing users from having root shell access
Preventing users from using shell escapes
Preventing users from using other dangerous programs
Limiting the user's actions with commands
Letting users run as other users
Preventing abuse via a user's shell scripts
Detecting and deleting default user accounts
New sudo features
Special sudo considerations for SUSE and OpenSUSE
Summary
Questions
Further reading
Answers
Chapter 3: Securing Normal User Accounts
Locking down users' home directories the Red Hat way
Locking down users' home directories the Debian/Ubuntu way
useradd on Debian/Ubuntu
adduser on Debian/Ubuntu
Hands-on lab for creating an encrypted home directory with adduser
Enforcing strong password criteria
Installing and configuring pwquality
Hands-on lab for setting password complexity criteria
Setting and enforcing password and account expiration
Configuring default expiry data for useradd for Red Hat-type systems only
Setting expiry data on a per-account basis with useradd and usermod
Setting expiry data on a per-account basis with chage