Table of Contents for
Linux Essentials for Cybersecurity, First Edition

Version ebook / Retour

Cover image for bash Cookbook, 2nd Edition Linux Essentials for Cybersecurity, First Edition by William Rothwell Published by Pearson IT Certification, 2018
  1. Cover Page
  2. Title Page
  3. Copyright Page
  4. Contents at a Glance
  5. Table of Contents
  6. About the Author
  7. Dedication
  8. Acknowledgments
  9. About the Technical Reviewers
  10. We Want to Hear from You!
  11. Reader Services
  12. Introduction
  13. Part I: Introducing Linux
  14. Chapter 1: Distributions and Key Components
  15. Chapter 2: Working on the Command Line
  16. Chapter 3: Getting Help
  17. Chapter 4: Editing Files
  18. Chapter 5: When Things Go Wrong
  19. Part II: User and Group Accounts
  20. Chapter 6: Managing Group Accounts
  21. Chapter 7: Managing User Accounts
  22. Chapter 8: Develop an Account Security Policy
  23. Part III: File and Data Storage
  24. Chapter 9: File Permissions
  25. Chapter 10: Manage Local Storage: Essentials
  26. Chapter 11: Manage Local Storage: Advanced Features
  27. Chapter 12: Manage Network Storage
  28. Chapter 13: Develop a Storage Security Policy
  29. Part IV: Automation
  30. Chapter 14: Crontab and At
  31. Chapter 15: Scripting
  32. Chapter 16: Common Automation Tasks
  33. Chapter 17: Develop an Automation Security Policy
  34. Part V: Networking
  35. Chapter 18: Networking Basics
  36. Chapter 19: Network Configuration
  37. Chapter 20: Network Service Configuration: Essential Services
  38. Chapter 21: Network Service Configuration: Web Services
  39. Chapter 22: Connecting to Remote Systems
  40. Chapter 23: Develop a Network Security Policy
  41. Part VI: Process and Log Administration
  42. Chapter 24: Process Control
  43. Chapter 25: System Logging
  44. Part VII: Software Management
  45. Chapter 26: Red Hat–Based Software Management
  46. Chapter 27: Debian-Based Software Management
  47. Chapter 28: System Booting
  48. Chapter 29: Develop a Software Management Security Policy
  49. Part VIII: Security Tasks
  50. Chapter 30: Footprinting
  51. Chapter 31: Firewalls
  52. Chapter 32: Intrusion Detection
  53. Chapter 33: Additional Security Tasks
  54. Appendix A: Answers to Review Questions
  55. Appendix B: Resource Guide
  56. Glossary

Glossary

absolute path Directions provided to a file or directory from the root directory.

access control lists ACLs are used to grant permissions to specific users or groups.

Active Directory A Microsoft Windows product based on the LDAP protocol. Designed to store information and provide this data for various purposes, such as user authentication.

active FTP mode In this mode, the FTP server initiates the data connection.

alias A shell feature that allows a collection of commands to be executed by issuing a single “command.”

Amanda A third-party backup utility.

anonymous FTP An FTP feature where a special account (anonymous or ftp) can be used to connect to an FTP server without the need of a password or access to a local user account.

Apache A common way to refer to the Apache Web Server (the formal name is Apache Hypertext Transfer Protocol Server).

argument A parameter provided to a command that tells the command what thing (file, user, and so on) to perform an action on.

ARP Address Resolution Protocol; a protocol that defines how IP addresses are translated into MAC addresses.

ARP table A memory-based table that contains IP addresses and corresponding MAC addresses.

asymmetric cryptography An encryption technique in which one key (the public key) is used to encrypt data, and another key (the private key) is used to decrypt data. Also referred to as PKC (public key cryptography).

at A system for scheduling one or more commands to be executed at one specific time in the future.

attribute A component of an object.

authoritative name server A name server that returns results based the records stored locally on the system. Also see name server.

autofs A system designed to automatically mount filesystems on demand.

background process A process that runs without impacting the ability of the parent process to execute additional programs.

Bacula A third-party backup utility.

Berkeley Internet Name Domain (BIND) The DNS software that is most widely used on the Internet.

BIOS Basic Input/Output System; firmware that starts the process of booting a system.

bootloader A software program provided by the operating system that is designed to access files on the hard drive (specifically the kernel) and start the booting of the operating system.

CA Certificate Authority; a system designed to digitally sign certificates to authenticate another system’s identity. CAs have a hierarchy, and the top-level CA is called the root CA.

caching name server A name server that returns results based on information obtained from another name server, such as an authoritative name server.

CERT Computer Emergency Response Teams; the original is the CERT Coordination Center (CERT-CC) at Carnegie Mellon University (CMU).

certificate For SSH, certificates are used to allow for password-less authentication.

chain A set of firewall rules that includes both the type and the filtering point.

child directory See subdirectory.

CIDR Classless Inter-Domain Routing; Like VLSM, CIDR provides a subnet mask, but by specifying how many bytes of the IPv4 address are reserved for the network.

CIFS Common Internet File System; an SMB-based protocol made popular on Microsoft Windows systems.

CLI Command-line interface; a means to communicate with an operating system via commands typed within a shell program.

CN Common name; the relative name of an object.

component In terms of Debian package configuration, this is a feature used to categorize packages. Common components include Main Restricted, Universe, and Multiverse.

conditional expression A programming term that means to perform a statement based on the outcome of a true or false test.

crontab A system for scheduling processes to execute at specific times in the future.

current directory The directory that the shell is currently in.

CVE Common Vulnerabilities and Exposures; a system designed to provide a single location where security personal can learn about security-related software issues.

daemon A program that runs in the background, performing specific system tasks.

DDoS attack Distributed denial of service; when packets are sent from multiple systems to overwhelm a host.

default chain policy The target to use when no rule in a chain is matched.

dependency In terms of software packages, a dependency is a feature that a package requires to function correctly.

DFS Distributed File System; a technique of sharing files and directories across a network.

DHCP Dynamic Host Configuration Protocol; provides administrators with the ability to dynamically assign network-related information to client systems.

digital signature A unique “key” that an organization can place on a software package to provide the means to verify the origin of the package.

distribution A specific implementation of a Linux operating system.

distro See distribution.

DN Distinguished name; the full name of an object.

DNS Domain Name Service; Used to translate hostnames to IP addresses.

DNS forwarder A DNS server designed to take DNS queries from an Internet network and send the queries to an external DNS server.

DNS master The DNS server where changes to the zone files are made.

DNS slave A DNS server that holds a copy of the zone files from the DNS master.

Domain Name Service (DNS) A protocol that allows for hostname-to-IP-address resolution.

DoS attack Denial of service; when a large number of network packets are sent to a system, making it difficult for the system to handle all the data and thus rendering the system unresponsive.

dotted decimal notation A 32-bit number divided into four octets that is used to define an IPv4 address or subnet mask.

environment variable A variable that is passed from the current shell into any program or command that is invoked from the shell.

ESMTP Extended SMTP. See SMTP.

ESSID Extended Service Set Identification; a name given to a wireless router to distinguish it from other wireless routers.

eth0 The primary Ethernet device name.

Ethernet A technology that allows hosts to form a network—the physical lines of connection between the hosts.

exit status A numeric value returned by a command or program to the calling process (shell). A value of 0 means success whereas a value of 1 means failure.

extension module In terms of iptables, an extension module is an optional feature.

facility In terms of system logging, the facility is the service that is sending the system log.

fiber optic A high-speed technology that allows hosts to form a network—the physical lines of connection between the hosts.

file glob A symbol that is used to match a filename pattern when specifying files on the command line.

file system A structure that is used to organize files and directories on an operating system.

Filesystem Hierarchy Standard A standard that specifies in which directories specific files should be stored.

filtering point A component of a firewall where rules are placed.

firewall A network appliance that is designed to either allow or block network traffic.

firewalld A front-end utility designed to make the process of configuring firewalls with iptables easier.

firmware A program embedded within hardware.

footprinting Also called reconnaissance; the process of discovering information about a network or system with the intent to use this information to compromise security measures.

foreground process A process that prevents the parent process from executing any additional programs until the foreground process has terminated.

forward DNS lookup When a query provides a domain name and the DNS server provides the corresponding IP address for that domain name.

forward lookup The process of translating an IP address into a domain name.

FTP File Transfer Protocol; Used for transferring files between hosts.

fully qualified domain name (FQDN) The domain name of a host starting from the top of the DNS structure.

gateway A network device that connects two networks. Also called a router.

GECOS General Comprehensive Operating System; a feature that makes use of specific commands to populate and view the comment field of the /etc/passwd file.

GID See group ID.

group account An account that users can be assigned to in order to provide additional system access.

group ID A unique numeric value assigned to a group account.

GRUB The Grand Unified Boot Loader; the most commonly used boot loader on modern Linux distributions.

GUI Graphical user interface; a means to communicate with an operating system via a window-based environment using a mouse and keyboard.

hexadecimal notation A 128-bit number divided into eight equal parts that is used to define an IPv6 address.

HIDS Host-based IDS; an intrusion detection system that runs on a specific system to determine if an intrusion attempt has occurred.

host A device that communicates on a network.

HTML Hypertext Markup Language; a language used to develop web pages.

HTTP Hypertext Transfer Protocol (or simply hypertext); a protocol that has been a standard for web pages since the 1990s.

HTTPS HTTP Secure or HTTP SSL; a secure version of HTTPS that uses SSL. (See also SSL.)

HUP A signal sent to processes when the parent process terminates.

ICMP Internet Control Message Protocol; A protocol used primarily to send error messages and for determining the status of network devices.

IDS Intrusion detection system; a suites of tools used to discover security breaches.

IMAP Internet Message Access Protocol; a protocol used by MUAs to retrieve email.

IMAPS Internet Message Access Protocol, Secured; Used to retrieve email via encrypted connections.

info page A document that describes a command or configuration file and provides hyperlinks to additional information related to the topic.

initialization file A file that is executed when a shell starts in order to customize the environment for the user.

initiator In terms of iSCSI, this is the client that connects to the target.

inode A component of a filesystem that stores metadata about a file, including the file ownership, file permissions, and timestamps.

intrusion detection The process of identifying unauthorized access to system and network resources.

IP Internet Protocol; A protocol that’s responsible for delivering network packets between hosts.

IP address A unique, numeric-based value used for network communications. Each host has a unique IP address.

IP source routing A feature that enables the sender of a packet to specify the network route that should be taken.

iSCSI Internet Small Computer System Interface; a network storage solution based on the communication protocol provided by SCSI.

job A process started from a shell.

journal A filesystem feature designed to make the fsck command perform more quickly.

kernel A software program that controls the operating system.

kernel image file A file that contains a collection of kernel modules and is used during the boot process to provide more kernel features that are required to properly boot the system.

kernel module A software component that provides more features to the kernel.

kill A term used when stopping a program

label A name assigned to a filesystem to make it easier to mount the filesystem.

LAN local area network; this network describes all the hosts that communicate directly with other hosts on the same network.

LDAP Lightweight Directory Access Protocol; provides user and group account data, as well as other data that can be defined by the LDAP administrator. Often used for network-based authentication.

LDAPS Lightweight Directory Access Protocol, Secured; Used to provide network-based information via encryption, such as network account information.

LDIF LDAP Data Interchange Format; a file format used to create LDAP objects.

LE logical extent; a small partition of a logical volume.

libraries A collection of software that is used by other programs to perform specific tasks.

libwrap A library that uses the /etc/hosts.allow and /etc/hosts.deny files to control access to specific services.

LILO Linux Loader; an older bootloader rarely used on modern Linux distributions.

LKM Loadable Kernel Module; see kernel module.

lo The local loopback network address.

local variable A variable that only exists in the current shell.

log A location where actions or issues are described.

login shell A shell that is open when the user initially logs in to the system.

LUKS Linux Unified Key Setup; a filesystem encryption specification.

LUN Logical Unit Number; this is a value used by the target to identify a iSCSI device.

LV logical volume; a device that can act as a partition but has the flexibility to be resized.

LVM Logical Volume Manager; a storage method alternative to traditional partitions.

MAC Media Access Control; a unique address assigned to a network device.

mail spool The location where email messages are placed by the MTA or procmail.

Maildir A format for storing mail spools in different directories.

man page A document that describes a command or configuration file.

man-in-the-middle attack When a system interjects itself between a client and server’s communications.

mangle A firewall feature that modifies a network packet.

mask A technique to block default values, such as the umask setting that blocks default maximum file and directory permissions.

mbox A format for storing mail spools in a single file for each user.

MBR Master Boot Record; a reserved location at the beginning of the hard disk designed for the bootloader software.

MDA Mail delivery agent; a server that takes the message from the MTA and sends it to the local mail spool.

metadata Information about the software and its dependencies.

mirror In terms of servers, a mirror is a server that provides a copy of data from another server.

mount point A directory used to provide access to the files stored on a physical filesystem.

mounting The process of placing a physical filesystem within the virtual filesystem.

MSA Mail submission agent; a program that accepts an email message from the MUA and communicates with an MTA.

MTA Mail transfer agent; a server responsible for accepting the email message from the MUA and sending it the correct receiving mail server.

MUA Mail user agent; the client program that the user employs to create email messages.

name server A system that responds to DNS client requests.

NAT Network Address Translation; An IPv4 feature that allows for a host with an Internet-accessible IP address to provide access to multiple hosts with internal, private IP addresses.

NetBIOS Network Basic Input/Output System; a set of software that allows different operating systems to communicate.

network A collection of devices that have the means to communicate with other devices sharing that connection.

network packet A well-defined message that includes the data and metadata (called the packet header).

NFS Network File System; a method for sharing files across the network.

NIDS Network-based IDS; an intrusion detection system designed to discover intrusions or attempts by monitoring key networks.

NIS Network Information Service; a limited network-based authentication service.

non-login shell A shell that is open after the user logs in to the system.

NSS Name Service Switch; a service that determines which location to search for system data, including user and group account data.

NTP Network Time Protocol; a protocol that allows a host’s system time to be updated from a set of centralize servers.

object Also called an entry or record; a single item within the LDAP directory.

OpenLDAP An open source server that provides LDAP functionality.

option A predefined value that modifies the behavior of a command.

package Also called a software package; a file that contains a collection of files that make up a software program. The package also includes metadata.

packet header The part of a network packet that provides information about how the network packet is to reach its destination.

packet sniffer A tool that displays local network traffic.

PAM Pluggable Authentication Modules; a Linux feature that allows an administrator to modify the manner in which user accounts are authenticated.

parent directory A directory that holds other directories (called subdirectories).

passive FTP mode In this mode, the FTP client initiates the data connection.

passive IDS An IDS that detects possible intrusions and then notifies administrators.

PE physical extent; a small portion of a physical volume.

Perl A scripting language often used on Linux distributions and known for its flexible programming style.

permission A feature that allows or blocks access to a file or directory.

PHP A language commonly used to create dynamic web pages. PHP originally stood for Personal Home Page.

physical filesystem A filesystem placed on a device, such as a partition or logical volume.

PID Process ID; a unique number that is used to control a process.

piping Sending the output of a command as input to the next command.

PKC See asymmetric cryptography.

plugin A component of a utility or server that adds more features. You can add or remove the features by turning the plug-in on or off.

POP Post Office Protocol; a protocol used by MUAs to retrieve email.

POP3 Post Office Protocol; Used to retrieve email.

POP3S Post Office Protocol, Secured; Used to retrieve email via encrypted connections.

port scanner A tool that probes a system for open network ports.

primary group The group that, by default, a user account’s new files belong to.

priority In terms of system logging, the priority is the level of the message.

private IP address An IPv4 address that can’t be connected directly to the Internet. Also see NAT.

private key A key used by the system to decrypt data that has been encrypted with a corresponding public key.

process A program that is running on the system.

promiscuous mode A network mode that has the local network device listen to all network traffic instead of traffic only intended for that network device.

protocol A well-defined standard for network communications between two hosts.

proxy server A system that serves to facilitate the communications between a client and a server.

public key A key used by other systems to encrypt data.

pull server In email terminology, a server that waits for a client to initiate the transfer of data.

push server In email terminology, a server that initiates the transfer of data.

PV physical volume; a storage device used as the base of LVM.

Python A scripting language often used on Linux distributions and known for its rigid programming style.

reactive or active IDS An IDS that attempts to automatically react or respond to intrusions.

record Within the zone file, a record is an entry that defines one IP-address-to-domain-name translation.

recursive acronym An acronym that has the acronym as part of the definition.

redirection Taking the input or output of a command and sending it to an alternative location.

regular expressions Special characters that are used to match the pattern of text from a file’s contents or the output of a command.

relative path Providing directions to a file or directory from the current directory.

repository Also called repo; a location, typically network accessible, that contains RPM packages and a small database that describes the relationship between these packages. In coding terms, a repository is a location where people share programs.

reverse DNS lookup When a query provides an IP address and the DNS server provides the corresponding domain name for that IP address.

reverse lookup The process of translating a domain name into an IP address.

RHSA Red Hat Security Advisory; a Red Hat technique to inform security personal of any potential vulnerabilities.

root directory The top-level directory of the Linux filesystem.

root servers The DNS servers at the very top of the DNS hierarchy. These servers are aware of the IP address of the top-level domain DNS servers.

route The path from one network to another.

router A system that forwards network packets between networks.

routing How network packets are moved from one network to another.

RPC Remote Procedure Call; a service that acts as a go-between for a client and a server.

RPM RPM Package Manager; a tool for managing software packages.

RSA Rivest-Shamir-Adleman; an encryption system that uses private and public keys.

Samba A service that provides authentication and file-sharing features.

schema Used to define the attributes and objects in an LDAP directory.

secondary group An additional group that the user belongs to, providing the user with access to more system resources.

self-signing When a system acts as the root CA for its own certificate.

SELinux Security Enhanced Linux; a security method that adds a layer of security to files and directory access.

SGID Set group ID; a method to give default group ownership to files created within a specific directory.

shell A software program that provides a command-line interface to the operating system.

skel directory A directory used to populate a user’s home directory when the user account is created.

SMB Server Message Block; a protocol invented in the mid-1980s by IBM for the purpose of sharing directories between hosts on a local area network (LAN).

SMTP Simple Mail Transfer Protocol; the standard protocol for email exchange.

SMTPS Simple Mail Transfer Protocol, Secured; Used to send encrypted email messages.

snapshot A technique to make a filesystem appear to be static to perform an accurate backup.

sniff To watch network traffic.

SNMP Simple Network Management Protocol; Used to gather information about network devices.

socket Part of a network connection between two systems, associated with a specific network port.

source For package management, this is the term used for repositories on Debian-based systems.

source repository In terms of Debian packages, this is the location from which packages are downloaded when the apt commands are used.

sourcing Executing the code from a separate file as if it was code embedded in the current shell or script. This is often used to create variables in the current shell or script.

special groups Groups that are either part of the default Linux installation or created when software is added to the system. These groups normally provide special access to the system for system processes or software.

splashimage A graphic displayed when the Legacy GRUB boot menu is displayed.

SSH Secure Shell; Used for connecting to remote systems and executing commands.

SSL Secure Sockets Layer; a cryptographic protocol used to secure data transfer and authenticate systems.

SSSD System Security Services Daemon; a daemon that interacts with directory structures to provide authentication services.

static host A host that is provided the same network information from a DHCP server each time the host requests an IP address. Also called a reservation.

Sticky bit A permission set that modifies the write permissions on directories.

subcommand A command that is executed on another (primary) command’s argument list. The output of the subcommand is passed as an argument to the primary command.

subdirectory A directory under another directory (the parent directory of the subdirectory).

subdomain Any domain that is a component of a larger domain.

subnet A network feature that, when combined with an IP address, defines the network of a host.

SUID Set user ID; a method to grant additional access to files when a process is run.

swap space Hard drive space used in place of RAM when available RAM runs low.

SYN flood attack A DoS attack where SYN requests are used to make a system unresponsive.

syncing The process of writing data being stored in memory to the hard drive.

syslog Used to send system log messages to remote systems.

table A type of firewall rule, such as filter, nat, or mangle.

tape device A device that allows you to back up filesystem data to tape.

tar ball A file that is the result of merging files together using the tar command.

target In terms of iSCSI, the target describes the storage device, which resides on a remote server.

target The action to be taken when a rule is matched.

TCP Transmission Control Protocol; A protocol that is designed to ensure that the network packages arrive in a reliable and ordered manner.

TCP Wrappers A library used by some servers to allow or deny access to the service.

telnet Used for connecting to remote systems and executing commands.

terminal A place where a user is provided command-line access to the system. This could be a physical terminal machine connected to the system or a virtual terminal, such as a GUI terminal window or an SSH connection.

time to live How long a caching DNS server should hold data obtained from a master or slave DNS server.

TLS Transport Layer Security; a cryptographic protocol used to secure data transfer and authenticate systems. Designed to replace SSL, TLS is often generically called SSL.

Tower of Hanoi A backup strategy based on a mathematical puzzle.

TTL See time to live.

TTY Represents a terminal; a unique name of a physical or virtual terminal.

UDP User Datagram Protocol; A protocol designed to allow for the transportation of packages in a connectionless manner.

UEFI Unified Extensible Firmware Interface; software designed to replace BIOS (also see BIOS).

UFW Uncomplicated firewall; a front-end utility designed to make the process of configuring firewalls with iptables easier.

UID See user ID.

unit One of the core features of a system.

UPG See User Private Group.

URI (uniform resource identifier) In terms of Debian package configuration, a URI is used to define the path to a source repository.

user ID A unique numeric value assigned to a user account.

user ID mapping The mapping of one username or group name on an NFS client to a username or group name on an NFS server.

User Private Group A group account created for a specific user.

UUID Universally Unique Identifier; a unique value used to designate a disk device.

variable A way to store a value in the shell or in a programming language.

VG volume group; a collection of physical volumes used to create logical volumes.

vi mode A feature of the vi editor; the mode you are in allows you to perform specific operations.

virtual filesystem The collection of physical filesystems merged together via mount points.

virtual host When an Apache Web Server serves up web pages for more than one website.

virtual machine An operating system that thinks it is installed natively but is actually sharing a system with a host operating system.

VLSM Variable-Length Subnet Mask; A 32-bit number divided into four octets that is used to define an IPv4 subnet mask.

VM See virtual machine.

VPN Virtual private network; a virtual network that provides the privacy normally only available on a physical network.

WAN Wide area network; this network describes a collection of LANs that communicate through a series of routers or switches.

WAP Wi-Fi Protected Access; an encryption specification used to secure the wireless router from unauthorized users.

WEP Wireless Encryption Protocol; an old encryption specification used to secure the wireless router from unauthorized users.

white pages A schema designed to provide information about users.

wildcard See file glob.

WWID World Wide Identifier; in terms of iSCSI, this is an identifier guaranteed to be unique throughout the world.

xinetd Know as the “super daemon” because it will start other daemons (services) as needed and stop each one when it is no longer needed.

zone transfer The process of copying new DNS zone information from the master server to the slave server.