Security Guide
- Security Guide
- Available Documentation
- Feedback
- Documentation Conventions
- About the Making of This Manual
- Source Code
- Acknowledgments
- Security and Confidentiality
- Local Security and Network Security
- Some General Security Tips and Tricks
- Using the Central Security Reporting Address
- Authentication
- Authentication with PAM
- Structure of a PAM Configuration File
- The PAM Configuration of sshd
- Configuration of PAM Modules
- Configuring PAM Using pam-config
- For More Information
- Using NIS
- Configuring NIS Servers
- Configuring NIS Clients
- LDAP—A Directory Service
- LDAP versus NIS
- Structure of an LDAP Directory Tree
- Configuring an LDAP Server with YaST
- Configuring an LDAP Client with YaST
- Configuring LDAP Users and Groups in YaST
- Browsing the LDAP Directory Tree
- Manually Configuring an LDAP Server
- Manually Administering LDAP Data
- For More Information
- Active Directory Support
- Integrating Linux and AD Environments
- Background Information for Linux AD Support
- Configuring a Linux Client for Active Directory
- Logging In to an AD Domain
- Changing Passwords
- Network Authentication with Kerberos
- Kerberos Terminology
- How Kerberos Works
- Users' View of Kerberos
- For More Information
- Using the Fingerprint Reader
- Supported Applications and Actions
- Managing Fingerprints with YaST
- Local Security
- Configuring Security Settings with YaST
- Security Overview
- Predefined Security Configurations
- Password Settings
- Boot Settings
- Login Settings
- User Addition
- Miscellaneous Settings
- PolicyKit
- Available Policies and Supported Applications
- Authorization Types
- Modifying and Setting Privileges
- Access Control Lists in Linux
- Traditional File Permissions
- Advantages of ACLs
- Definitions
- Handling ACLs
- ACL Support in Applications
- For More Information
- Encrypting Partitions and Files
- Setting Up an Encrypted File System with YaST
- Using Encrypted Home Directories
- Using vi to Encrypt Single ASCII Text Files
- Intrusion Detection with AIDE
- Setting Up a AIDE Database
- Local AIDE Checks
- System Independent Checking
- For More Information
- Network Security
- SSH: Secure Network Operations
- The OpenSSH Package
- The ssh Program
- scp—Secure Copy
- sftp—Secure File Transfer
- The SSH Daemon (sshd)—Server-Side
- SSH Authentication Mechanisms
- X, Authentication, and Forwarding Mechanisms
- Masquerading and Firewalls
- Packet Filtering with iptables
- Masquerading Basics
- Firewalling Basics
- SuSEfirewall2
- For More Information
- Configuring VPN Server
- Overview
- Creating the Simplest VPN Example
- Setting Up Your VPN Server Using Certificate Authority
- KDE- and GNOME Applets For Clients
- For More Information
- Managing X.509 Certification
- The Principles of Digital Certification
- YaST Modules for CA Management
- Confining Privileges with Novell AppArmor
- Introducing AppArmor
- Background Information on AppArmor Profiling
- Getting Started
- Installing Novell AppArmor
- Enabling and Disabling Novell AppArmor
- Choosing the Applications to Profile
- Building and Modifying Profiles
- Configuring Novell AppArmor Event Notification and Reports
- Updating Your Profiles
- Immunizing Programs
- Introducing the AppArmor Framework
- Determining Programs to Immunize
- Immunizing cron Jobs
- Immunizing Network Applications
- Profile Components and Syntax
- Breaking a Novell AppArmor Profile into Its Parts
- Profile Types
- #include Statements
- Capability Entries (POSIX.1e)
- Network Access Control
- Paths and Globbing
- File Permission Access Modes
- Execute Modes
- Resource Limit Control
- Auditing Rules
- Setting Capabilities per Profile
- AppArmor Profile Repositories
- Using the Local Repository
- Using the External Repository
- Building and Managing Profiles with YaST
- Adding a Profile Using the Wizard
- Manually Adding a Profile
- Editing Profiles
- Deleting a Profile
- Updating Profiles from Log Entries
- Managing Novell AppArmor and Security Event Status
- Building Profiles from the Command Line
- Checking the AppArmor Module Status
- Building AppArmor Profiles
- Adding or Creating an AppArmor Profile
- Editing an AppArmor Profile
- Deleting an AppArmor Profile
- Two Methods of Profiling
- Important Filenames and Directories
- Profiling Your Web Applications Using ChangeHat
- Apache ChangeHat
- Configuring Apache for mod_apparmor
- Confining Users with pam_apparmor
- Managing Profiled Applications
- Monitoring Your Secured Applications
- Configuring Security Event Notification
- Configuring Reports
- Configuring and Using the AppArmor Desktop Monitor Applet
- Reacting to Security Event Rejections
- Maintaining Your Security Profiles
- Support
- Updating Novell AppArmor Online
- Using the Man Pages
- For More Information
- Troubleshooting
- Reporting Bugs for AppArmor
- AppArmor Glossary
- The Linux Audit Framework
- Understanding Linux Audit
- Introducing the Components of Linux Audit
- Configuring the Audit Daemon
- Controlling the Audit System Using auditctl
- Passing Parameters to the Audit System
- Understanding the Audit Logs and Generating Reports
- Querying the Audit Daemon Logs with ausearch
- Analyzing Processes with autrace
- Visualizing Audit Data
- Setting Up the Linux Audit Framework
- Determining the Components to Audit
- Configuring the Audit Daemon
- Enabling Audit for System Calls
- Setting Up Audit Rules
- Configuring Audit Reports
- Configuring Log Visualization
- Introducing an Audit Rule Set
- Adding Basic Audit Configuration Parameters
- Adding Watches on Audit Log Files and Configuration Files
- Monitoring File System Objects
- Monitoring Security Configuration Files and Databases
- Monitoring Miscellaneous System Calls
- Filtering System Call Arguments
- Managing Audit Event Records Using Keys
- Useful Resources
- GNU Licenses
- GNU General Public License
- GNU Free Documentation License
- Legal