Linux Security Cookbook

C programs

    functions provided by system logger API 

    writing to system log from  2nd 

CA (Certifying Authority) 

    setting up your own for self-signed certificates 

    SSL Certificate Signing Request (CSR), sending to 

    Verisign, Thawte, and Equifax 

CA.pl (Perl script) 

cage, chroot (restricting a service to a particular directory) 

canonical hostname for SSH client 

    finding with Perl script 

    inconsistencies in 

capture filter expressions 

    Ethereal, use of 

CERT Coordination Center (CERT/CC), incident reporting form 

cert.pem file

    adding new SSL certificate to 

    validating SSL certificates in 

certificates

    generating self-signed X.509 certificate 

    revocation certificates for keys 

        distributing 

    SSL

        converting from DER to PEM 

        creating self-signed certificate 

        decoding 

        dummy certificates for imapd and pop3d 

        generating Certificate Signing Request (CSR) 

        installing new 

        mutt mail client, use of 

        setting up CA and issuing certificates 

        validating 

        verifying  2nd 

    testing of pre-installed trusted certificates by Evolution 

Certifying Authority  [See CA]

certutil 

challenge password for certificates 

checksums (MD5), verifying for RPM-installed files 

chkconfig command

    enabling load commands for firewall 

    KDC and kadmin servers, starting at boot 

    process accounting packages, running at boot 

    Snort, starting at boot 

chkrootkit program 

    commands invoked by 

chmod (change mode) command  2nd 

    preventing directory listings 

    removing setuid or setgid bits 

    setting sticky bit on world-writable directory 

    world-writable files access, disabling 

chroot program, restricting services to particular directories 

CIAC (Computer Incident Advisory Capability), Network Monitoring Tools page 

Classless InterDomain Routing (CIDR) mask format 

client authentication  [See Kerberos PAM SSH SSL trusted-host authentication]

client programs, OpenSSH 

closelog function 

    using in C program 

colons (:), referring to current working directory 

command-line arguments

    avoiding long 

    prohibiting for command run via sudo 

Common Log Format (CLF) for URLs 

Common Name 

    self-signed certificates 

compromised systems, analyzing 

Computer Emergency Response Team (CERT) 

Computer Incident Advisory Capability (CIAC) Network Monitoring Tools page 

computer security incident response team (CSIRT) 

copying files

    remotely 

        name-of-source and name-of-destination 

    rsync program, using 

    scp program 

        remote copying of multiple files 

CoronerÕs Toolkit (TCT) 

cps keyword (xinetd) 

Crack utility (Alec Muffet) 

cracking passwords

    CrackLib program, using  2nd 

    John the Ripper software, using 

CRAM-MD5 authentication (SMTP) 

credentials, Kerberos 

    forwardable 

    listing with klist command 

    obtaining and listing for users 

cron utility

    authenticating in jobs 

    cron facility in system messages 

    integrity checking at specific times or intervals 

    restricting service access by time of day (with inetd) 

    secure integrity checks, running 

crypt++ (Emacs package) 

cryptographic authentication

    for hosts 

    Kerberos  [See Kerberos authentication]

    plaintext keys 

        using with forced command 

    public-key authentication 

        between OpenSSH client and SSH2 server, using OpenSSH key 

        between OpenSSH client and SSH2 server, using SSH2 key 

        between SSH2 client/OpenSSH server 

        with ssh-agent 

    SSH  [See SSH]

    SSL  [See SSL]

    by trusted hosts  [See trusted-host authentication]

cryptographic hardware 

csh shell, terminating SSH agent on logout 

CSR (Certificate Signing Request) 

    passphrase for private key 

current directory

    colons (:) referring to 

    Linux shell scripts in 

CyberTrust SafeKeyper (cryptographic hardware)