[SYMBOL]
[A]
[B]
[C]
[D]
[E]
[F]
[G]
[H]
[I]
[J]
[K]
[L]
[M]
[N]
[O]
[P]
[Q]
[R]
[S]
[T]
[U]
[V]
[W]
[X]
S/MIME
native support by Mozilla
support by Evolution mailer
sa -s command (truncating process accounting the log file)
Samhain (integrity checker)
scp command
mirroring set of files securely between computers
options for remote file copying
securely copying files between computers
syntax
scripts, enabling/disabling network interfaces
search path, testing
. (period) in
relative directories in, dangers of
SEC_BIN global variable (Tripwire)
secret keys
adding to GnuPG keyring
default key for GnuPG operations
listing for GnuPG
secret-key encryption
secure integrity checks
creating bootable CD-ROM securely
dual-ported disk array, using
Secure Sockets Layer
[See SSL]
securetty file, editing to prevent root logins via terminal devices
security policies
[See policies]
security tests
[See monitoring systems for suspicious activity]
security tools (Insecure.org)
self-signed certificates
creating
generating X.509 certificate
man-in-the-middle attacks, risk of
setting up your own CA to issue certificates
sending-filters for email (PinePGP)
sendmail
accepting mail from other hosts
authentication mechanisms accepted as trusted
daemons (visible), security risks with
restriction on accepting connections from only same host, changing
SSL, using to protect entire SMTP session
sense keyword (PAM, listfile module)
server arguments (inetd.conf file)
server authentication
[See Kerberos; PAM; SSH; SSL; trusted-host authentication]
server keyword (xinetd)
server program, OpenSSH
service filter configuration file (logwatch)
service filter executable (logwatch)
service names
conversion of port numbers to by netstat and lsof
executable
modifying to invoke tcpd in /etc/xinetd.d startup file
PAM
2nd
services file, adding service names to inetd.conf
session protection for mail
setgid bit on directories
setgid/setuid programs
security checks
setgid/setuid programs, security checks
finding and interactively fixing
listing all files
listing scripts only
removing setgid/setuid bits from a file
setuid programs for hostbased authentication
setlogsock (Sys::Syslog)
setuid root, ssh-keysign program
sftp
shadow directive (/etc/pam.d/system-auth)
shadow password file
2nd
sharing files
prohibiting directory listings
protecting shared directory
shell command substitution, exceeding command line maximum
shell item (PAM)
shell prompts, standards used
shell scripts
in your current directory
writing system log entries
2nd
shell-style wildcard expansion
shells
bash
checking for dormant accounts
invoking MH commands from prompt
invoking with root privileges by sudo, security risks
process substitution
root login shell, running
root shell vs. root login shell
terminating SSH agent on logout
umask command
shosts.equiv file
show command, decrypting email displayed with
shutdowns (system), records of
shutting down network interfaces
signature ID (Snort alerts)
signed cryptographic keys
signing files
[See digital signatures]
single computer
blocking spoofed addresses
firewall design
single-threaded services (inetd.conf file)
site key (Tripwire)
creating with twinstall.sh script
fingerprints, creating in secure integrity checks
read-only integrity checking
size, file
/bin/login, changes since last Tripwire check
verifying for RPM-installed files
SLAC (Stanford Linear Accelerator), Network Monitoring Tools page
SMTP
blocking requests for mail service from a remote host
capturing messages from with dsniff program mailsnarf
protecting dedicated server for smtp services
requiring authentication by server before relaying mail
using server from arbitrary clients
snapshots
[See Tripwire]
Snort
decoding alert messages
nmap port scan detected
priority levels
writing alerts to file instead of syslog
detecting intrusions with
dumping statistics to the system logger
promiscuous mode, setting
running in background as daemon
packet sniffing with
partitioning logs into separate files
upgrading and tuning ruleset
socket type (inetd.conf file)
software packages, risk of Trojan horses in
sort command
-z option for null filename separators
source address verification
enabling
enabling in kernel
website information on
source addresses
controlling access by
limiting server sessions by
source name for remote file copying
source quench, blocking
sources for system messages
spoofed addresses
blocking access from
MAC
source addresses
SquirrelMail
SSH (Secure Shell)
agents
[See ssh-agent]
authenticating between client/server by trusted host
authenticating between SSH2 client/OpenSSH server
authenticating by public key
changing client defaults
client configurations in ~/.ssh/config
connecting via ssh with Kerberos authentication
cryptographic authentication
download site for OpenSSH
fetchmail, use of
important programs and files
scp (client program)
ssh (client program)
Kerberos, using with
debugging
Kerberos-5 support
permitting only incoming access via SSH with firewall
protecting dedicated server for ssh services
public-key and ssh-agent, using with Pine
public-key authentication between SSH2 client/OpenSSH server
public/private authentication keys
remote user access by public key authentication
restricting access by remote users
restricting access to server by account
restricting access to server by host
running root commands via
securing POP/IMAP
with Pine
sharing root privileges via
SSH-2 connections, trusted-host authentication
SSH2 server and OpenSSH client, authenticating between with OpenSSH key
SSH2 server and OpenSSH client, authenticating between with SSH2 key
superusers, authentication of
tailoring per host
transferring email from another ISP over tunnel
tunneling NNTP with
tunneling TCP connection through
web site
ssh command
-t option (for pseudo-tty)
-X option (for X forwarding)
using with rsync to mirror set of files between computers
ssh file
ssh-add
ssh-agent
automatic authentication (without password)
invoking between backticks (` `)
public-key authentication without passphrase
terminating on logout
ssh-keygen
conversion of SSH2 private key into OpenSSH private key with -i (import) option
ssh-keysign
setuid root on client
ssh_config file
~/.ssh file, using instead of
client configuration keywords
HostbasedAuthentication, enabling
ssh_known_hosts file
OpenSSH client, using ~/.ssh file instead of
sshd
AllowUsers keyword
authorizing users to restart
restricting access from specific remote hosts
TCP wrappers support
sshd_config file
AllowUsers keyword
HostbasedAuthentication, enabling
HostbasedUsesNameFromPacketOnly
KerberosTgtPassing, enabling
ListenAddress statements, adding
PermitRootLogin, setting
PublicAuthentication, permitting
X11Forwarding setting
SSL (Secure Sockets Layer)
connection problems, server-side debugging
converting certificates from DER to PEM
creating self-signed certificate
decoding SSL certificates
generating Certificate Signing Request (CSR)
installing new certificate
OpenSSL
web site
POP/IMAP security
mail server, running with
mail sessions for Evolution
mutt mail client, using with
stunnel, using
with pine mail client
setting up CA and issuing certificates
STARTTLS command (IMAP), negotiating protection for mail
STLS command (POP), negotiating protection for email
validating a certificate
verifying connection to secure POP or IMAP server
SSL-port
on mail servers
POP or IMAP connections for mutt client
testing use in pine mail client
standard input, redirecting from /dev/null
Stanford Linear Accelerator (SLAC) Network Monitoring Tools page
starting network interfaces
STARTTLS command (IMAP)
mail server support for SSL
mutt client connection over IMAP, testing
testing use in pine mail client
startup scripts (bootable CD-ROM), disabling networking
stateful
stateless
sticky bit
set on world-writable directories
setting on world-writable directory
STLS command (POP)
2nd
strace command
2nd
strings
matching with fgrep command
searching network traffic for
strings command
strong authentication for email sessions
strong session protection for mail (by SSL)
stunnel, securing POP/IMAP with SSL
su command
invoking with root privileges by sudo, security risks
ksu (Kerberized su)
authentication via Kerberos
sharing root privileges via
su -, running root login shell
su configuration (PAM)
subject (certificates)
components of certificate subject name
self-signed
sudo command
bypassing password authentication
careful practices for using
forcing password authentication
killing processes via
listing invocations
logging remotely
password changes, authorizing via
prohibiting command-line arguments for command run via
read-only access to shared file
running any program in a directory
running commands as another user
starting/stopping daemons
user authorization privileges, allowing per host
sudoers file
argument lists for each command, specifying meticulously
editing with visudo program
listing permissible commands for root privileges
running commands as another user
timestamp_timeout variable
user authorization to kill certain processes
superdaemons
inetd
[See inetd]
xinetd
[See xinetd]
superuser
2nd
[See also root]
assigning privileges via ssh without disclosing root password
finding all accounts on system
ksu (Kerberized su)
processes owned by others, examining
SuSE Linux
firewall rules, building
Heimdal Kerberos
inetd superdaemon
loading firewall rules at boot time
process accounting RPM
script allowing users to start/stop daemons
Snort, starting automatically at boot
SSL certificates
2nd
TCP wrappers
2nd
switched networks
packet sniffers and
simulated attacks with dsniff
symbolic links
for encrypted files on separate system
inability to verify with manual integrity check
permission bits, ignoring
scp command and
symmetric encryption
file encryption with gpg -c
files encrypted with GnuPG, decrypting
problems with
single encrypted file containing all files in directory
SYN_RECV state, large numbers of network connections in
synchronizing files on two machines (rsync)
integrity checking with
Sys::Lastlog and Sys::Utmp modules (Perl)
Sys::Syslog module
syslog function
using in C program
syslog-ng (Ònew generationÓ)
syslog.conf file
directing messages to different log files by facility and priority
remote logging, configuring
2nd
RPM-installed, verifying with Tripwire
setting up for local logging
signaling system logger about changes in
tracing configuration errors in
syslogd
-r flag to receive remote messages
signaling to pick up changes in syslog.conf
system accounts, login activity on
2nd
system calls, tracing on network
system logger
combining log files
debugging SSL connections
directing system messages to log files
log files created by, permissions and
logging messages remotely
programs not using
scanning log files for problem reports
sending messages to
signaling changes in syslog.conf
standard API, functions provided by
testing and monitoring
writing system log entries
in C
2nd
in Perl
in shell scripts
xinetd, logging to
system-wide authentication (Kerberos with PAM)
system_auth (/etc/pam.d startup file)
forbidding local password validation
Kerberos in
systems
authentication methods and policies (authconfig)
security tests on
[See monitoring systems for suspicious activity]
|