Linux Security Cookbook

hard links for encrypted files 

hardware, cryptographic 

Heimdal Kerberos 

highly secure integrity checks 

    dual-ported disk array, using 

history of all logins and logouts 

Honeynet project web site (network monitoring information) 

host aliases  [See aliases]

host discovery (with nmap) 

    disabling port scanning with -sP options 

    for IP address range only 

    TCP and ICMP pings 

Host keyword 

host principal for KDC host 

host program, problems with canonical hostname 

hostbased authentication  [See trusted-host authentication]

HostbasedAuthentication

    in ssh_config 

    in sshd_config 

HostbasedUsesNameFromPacketOnly keyword (sshd_config) 

HOSTNAME environment variable 

hostnames

    conversion to IP addresses by netstat and lsof commands 

    in remote file copying 

    using instead of IP addresses in firewall rules 

hosts

    controlling access by (instead of IP source address) 

    firewall design, philosophies for 

    IMAP server, adding Kerberos principals for mail service 

    Kerberos

        adding new principal for 

        adding to existing realm 

        modifying KDC database for 

    Kerberos KDC principal database of 

    Kerberos on SSH, localhost and 

    tailoring SSH per host 

    trusted, authenticating by  [See trusted-host authentication]

hosts.allow file 

    access control for remote hosts

        inetd with tcpd 

    restricting access by remote hosts 

        sshd 

        xinetd with tcpd 

hosts.deny file  2nd 

    access control for remote hosts

        inetd with tcpd 

    restricting access by remote hosts 

        sshd 

        xinetd with tcpd 

HTTP

    blocking all incoming service requests 

    capturing and recording URLs from traffic with urlsnarf 

httpd (/etc/init.d startup file) 

HTTPS, checking certificate for secure web site