[SYMBOL]
[A]
[B]
[C]
[D]
[E]
[F]
[G]
[H]
[I]
[J]
[K]
[L]
[M]
[N]
[O]
[P]
[Q]
[R]
[S]
[T]
[U]
[V]
[W]
[X]
facilities, system messages
sensitive information in messages
FascistCheck function (CrackLib)
fetchmail
mail delivery with
fgrep command
file attributes, preserving in remote file copying
file command
file permissions
[See permissions]
files, protecting
[See also Gnu Privacy Guard]2nd
encrypted, maintaining with Emacs
encrypting directories
encrypting with password
encryption, using
maintaining encrypted files with vim
permissions
[See permissions]
PGP keys, using with GnuPG
prohibiting directory listings
revoking a public key
shared directory
sharing public keys
uploading new signatures to keyserver
world-writable, finding
files, searching effectively
[See find command]
filesnarf command
filesystems
/proc
Andrew Filesystem kaserver
device special files, potential security risks
mounted, listing in /proc/mounts
searching for security risks
filenames, handling carefully
information about your filesystems
local vs. remote filesystems
permissions, examining
preventing crossing filesystem boundaries (find -xdev)
rootkits
skipping directories (find -prune)
Windows VFAT, checking integrity of
filtered email messages (PineGPG)
filters
capture expressions
Ethereal, using with
selecting specific packets
display expressions
Ethereal, using with
tcpdump, using with
logwatch, designing for
protocols matching filter expression, searching network traffic for
Snort, use by
find command
device special files, searching for
manual integrity checks, running with
searching filesystems effectively
-exec option (one file at a time)
-perm (permissions) option
-print0 option
-prune option
-xdev option, preventing crossing filesystem boundaries
running locally on its server
setuid and setgid bits
world-writable files, finding and fixing
finger connections
redirecting to another machine
redirecting to another service
fingerprints
checking for keys imported from keyserver
operating system
2nd
nmap -O command
public key, verifying for
firewalls
blocking access from a remote host
blocking access to a remote host
blocking all network traffic
blocking incoming network traffic
blocking incoming service requests
blocking incoming TCP port for service
blocking outgoing access to all web servers on a network
blocking outgoing network traffic
blocking outgoing Telnet connections
blocking remote access while permitting local
blocking spoofed addresses
controlling remote access by MAC address
decisions based on source addresses, testing with nmap
designing for Linux host, philosophies for
limiting number of incoming connections
Linux machine acting as
loading configuration
logging
network access control
open ports not protected by, finding with nmap
permitting SSH access only
pings, blocking
2nd
portmapper access, reason to block
protecting dedicated server
remote logging host, protecting
rules
building complex rule trees
deleting
hostnames instead of IP addresses, using in rules
inserting
listing
loading at boot time
saving configuration
source address verification, enabling
TCP ports blocked by
TCP RST packets for blocked ports, returning
testing configuration
vulnerability to attacks and
flushing a chain
forced commands
limiting programs user can run as root
plaintext key, using with
security considerations with
server-side restrictions on public keys in authorized keys
Forum of Incident Response and Security Teams (FIRST)
home page
forwardable credentials (Kerberized Telnet)
FreeS/WAN (IPSec implementation)
fstab file
grpid, setting
nodev option to prohibit device special files
prohibiting executables
setuid or setgid attributes for executables
FTP
open server, testing for exploitation as a proxy
passwords captured from sessions with dsniff
sftp
fully-qualified directory name
|