Linux Security Cookbook

last command  2nd 

lastb command 

lastcomm utility 

    bugs in latest version 

lastdb command 

lastlog command 

    databases from several systems, merging 

    multiple systems, monitoring problems with 

ldd command 

libnet (toolkit for network packet manipulation) 

libnids (for TCP stream reassembly) 

libpcap (packet capture library)  2nd 

    binary files

        Snort logging directory, creating in 

    logging Snort data to libpcap-format files 

    network trace files, ngrep 

    Snort, use by 

libwrap, using with xinetd 

Linux

    /proc filesystem 

    differing locations for binaries and configuration files in distributions 

    encryption software included with 

    operating system vulnerabilities 

    Red Hat  [See Red Hat Linux]

    supported distributions for security recipes 

    SuSE  [See SuSE Linux]

ListenAddress statements, adding to sshd_config 

listfile module (PAM) 

    ACL file entries 

local acces, permitting while blocking remote access 

local facilities (system messages) 

local filesystems, searching 

local key (Tripwire) 

    creating with twinstall.sh script 

    fingerprints, creating in secure integrity checks 

    read-only integrity checking 

local mail (acceptance by SMTP server) 

local password authentication, using Kerberos with PAM 

localhost

    problems with Kerberos on SSH 

    SSH port forwarding, use in 

    unsecured mail sessions from 

logfile group configuration file (logwatch) 

logger program 

    writing system log entries via shell scripts and syslog API 

logging

    access to services 

    combining log files 

    firewalls, configuring for 

    nmap -o options, formats of 

    PAM modules, error messages 

    rotating log files 

    service access via xinetd 

    shutdowns, reboots, and runlevel changes in /var/log/wtmp 

    Snort  2nd 

        to binary files 

        partitioning into separate files 

        permissions for directory 

    stunnel messages 

    sudo command 

        remotely 

    system  [See system logger]

    testing with nmap stealth operations 

loghost

    changing 

    remote logging of system messages 

login shells, root 

logins

    adding another Kerberos principal to your ~/.k5login file 

    Kerberos, using with PAM 

    monitoring suspicious activity 

    printing information about for each user 

    recent logins to system accounts, checking 

    testing passwords for strength 

        CrackLib, using 

        John the Ripper, using 

logouts, history of all on system 

logrotate program  2nd  3rd 

logwatch

    filter, defining 

    integrating services into 

    listing all sudo invocation attempts 

    scanning log files for messages of interest 

    scanning Snort logs and sending out alerts 

    scanning system log files for problem reports 

lsh (SSH implementation) 

lsof command 

    +M option, (for processes using RPC services) 

    -c option (command name for processes) 

    -i option (for network connections) 

    -p option (selecting processes by ID) 

    -u option (username for processes) 

    /proc files, reading 

    IP addresses, conversion to hostnames 

    network connections for processes, listing