لطفا منتظر باشید ...
Chapter 22.
General System Security
Linux is an extremely powerful OS for many
networking functions. Unfortunately, with that power comes at least the
potential for vulnerability. Most major servers have a history of bugs that
allow outsiders to gain access, and even those that are without bugs may be
vulnerable to abuse if an intruder has obtained a password or if the server is misconfigured.
Keeping your system secure is therefore a topic that deserves careful
attention; you must configure your system to be as secure as possible, and
monitor security developments to ensure that you don't fall victim to a newly
discovered security vulnerability.This chapter begins an investigation of
security issues with information on shutting down unnecessary servers,
controlling accounts and passwords, keeping your system up to date, checking
for evidence of intrusion, and locating additional security information. Some
subsequent chapters expand on specific security topics. In particular,
Configuring a chroot Jail, describes a technique that's used by some servers to minimize
the risk involved in running a server;
Configuring iptables, describes the Linux packet filter tool that's used to set
up firewalls; and
a VPN, describes a method of extending a local network across the Internet in
an encrypted fashion.In addition to the security resources
described in the upcoming section, "
include Mann and Mitchell's Linux System Security: The
Administrator's Guide to Open Source Security Tools (Prentice Hall,
1999) and Garfinkel and Spafford's Practical UNIX
& Internet Security, 2nd Edition (O'Reilly, 1996). There are also
books dedicated to firewalls, such as Constaintine & Ziegler's Linux Firewalls (New Riders, 2001). If your network
includes non-Linux systems, you might want to consider a book with broader
scope, such as McClure, Scambray, and Kurtz's Hacking
Exposed, 3rd Edition (McGraw-Hill, 2001).
