Hardening Linux

P

packet filters, checking configuration of, 51-55

PAM, 170-172

backing up the configuration, 174

BSD-like wheel groups, 178-179

configuration file format, 173-174

control flags, 173-174

framework, 175-176

module arguments, 174

module interface, 173

module path , 174

pam_chroot, 207-209

pam_passwdqc module, 180-183

per- user temporary directories, 179

recovering from catastrophic errors, 175

removing obsolete configuration files, 172

strong passwords, 179-183

traditional services, 176-178

passphrases, 152-153

passwords

enforcing strict requirements with PAM, 171

John the Ripper, 337-340

password checkers, 336-340

strong, 179-183

patches

central patch server, 318-319

monitoring and management, 319-321

SUSE, 296-303

up2date tool, 303-314

Perl, Sys:Syslog, 284

permissions

certificate, 279

modes, 130-131, 132-134

special directory permissions, 133

special file permissions, 133

Personal Information Protection and Electronic Documents Act, 368

pinging the gateway, 46

PIPEDA, 368

PKCIPE, 227

See also CIPE

pluggable authentication modules, 170-172

backing up the configuration, 174

BSD-like wheel groups, 178-179

configuration file format, 173-174

control flags, 173-174

framework, 175-176

module arguments, 174

module interface, 173

module path, 174

pam_chroot, 207-209

pam_passwdqc module, 180-183

per-user temporary directories, 179

recovering from catastrophic errors, 175

removing obsolete configuration files, 172

strong passwords, 179-183

traditional services, 176-178

portmap, 28

ports

monitoring, 102-103

scanning, 45

SSH port forwarding, 222-224

POSIX, access control lists, 130-137

power

ensuring stability of, 12-13

See also UPSs

PrivilegeSeparation, 208

protocols, 212

comparison, 213

IPSec, 228-235

SSH, 213-224

ps command, 45-46, 84

ps -ef, 102