Linux Security Cookbook

absolute directory names 

access control lists (ACLs), creating with PAM 

access_times attribute (xinetd) 

accounting  [See process accounting]

acct RPM 

accton command (for process accounting) 

addpol command (Kerberos) 

administrative privileges, Kerberos user 

administrative system, Kerberos  [See kadmin utility]

agents, SSH  [See also ssh-agent]

    forwarding, disabling for authorized keys 

    terminating on logout 

    using with Pine 

Aide (integrity checker) 

alerts, intrusion detection  [See Snort]

aliases

    for hostnames 

        changing SSH client defaults 

    for users and commands (with sudo) 

ALL keyword 

    user administration of their own machines (not others) 

AllowUsers keyword (sshd) 

Andrew Filesystem kaserver 

ank command (adding new Kerberos principal) 

apache (/etc/init.d startup file) 

append-only directories 

apply keyword (PAM, listfile module) 

asymmetric encryption  2nd  [See also public-key encryption]

attacks

    anti-NIDS attacks 

    buffer overflow

        detection with ngrep 

        indications from system daemon messages 

    dictionary attacks on terminals 

    dsniff, using to simulate 

    inactive accounts still enabled, using 

    man-in-the-middle (MITM)

        risk with self-signed certificates 

        services deployed with dummy keys 

    operating system vulnerability to forged connections 

    setuid root program hidden in filesystems 

    on specific protocols 

    system hacked via the network 

    vulnerability to, factors in 

attributes (file), preserving in remote file copying 

authconfig utility 

    imapd, use of general system authentication 

    Kerberos option, turning on 

AUTHENTICATE command (IMAP) 

authentication

    cryptographic, for hosts 

    for email sessions  [See email IMAP]

    interactive, without password  [See ssh-agent]

    Internet Protocol Security (IPSec) 

    Kerberos  [See Kerberos authentication]

    OpenSSH  [See SSH]

    PAM (Pluggable Authentication Modules)  [See PAM]

    SMTP  [See SMTP]

    specifying alternate username for remote file copying 

    SSH (Secure Shell)  [See SSH]

    SSL (Secure Sockets Layer)  [See SSL]

    by trusted host  [See trusted-host authentication]

authentication keys for Kerberos users and hosts 

authorization 

    root user

        ksu (Kerberized su) command 

        multiple root accounts 

        privileges, dispensing 

        running root login shell 

        running X programs as 

        SSH, use of  2nd 

        sudo command 

    sharing files using groups 

    sharing root privileges

        via Kerberos 

        via SSH 

    sudo command

        allowing user authorization privileges per host 

        bypassing password authentication 

        forcing password authentication 

        granting privileges to a group 

        killing processes with 

        logging remotely 

        password changes 

        read-only access to shared file 

        restricting root privileges 

        running any program in a directory 

        running commands as another user 

        starting/stopping daemons 

        unauthorized attempts to invoke, listing 

    weak controls in trusted-host authentication 

authorized_keys file (~/.ssh directory) 

    forced commands, adding to 

authpriv facility (system messages)