Hardening Linux

C

California SB 1386, 367

certificates, creating, 278-279

CFS, 161

configuring, 164-165

installing, 162-164

testing and using, 165-167

chkconfig command, 40-41

checking configuration for necessary services, 45

checking configuration for unnecessary services, 44

chmod command, 132

chroot, 187-188

building the directory structure, 188-198

BusyBox, 196-198

combining with your distribution's security capabilities, 207-210

configuring services to log activity, 205-206

creating devices in the chroot directory, 194-195

determining file dependencies, 192-193

establishing shells and user environments, 195-198

installing a binary RPM to an alternate location, 204-205

installing services to the chroot directory, 198-205

maintaining, 210

monitoring file mode and permission settings, 209-210

pam_chroot, 207-209

resolving dynamic library dependencies, 190-192

strace command, 190-192

troubleshooting, 206-207

CIPE, 225-228

command line, turning off unnecessary services from, 40-43

control flags, 173-174

cost effectiveness, 4

Crypto API, 161

Crypto IP Encapsulation, 225-228

Crypto Link Farm, 143

cryptography

CFS, 161-167

ethical issues, 143-144

GnuPG, 147-159

installing and using a cryptographic file system, 161-167

legal requirements, 142-143

magnetic media, 144-145

OpenSSL, 159-161

proper procedures, 144-147

removing plaintext copies of data, 146-147

shred command, 146-147

storage, 144-146

See also decryption

custom kernels , 106-107