These classnotes are depreciated. As of 2005, I no longer teach the classes. Notes will remain online for legacy purposes


Classnotes | RecentChanges | Preferences

Instructor: Sam Hart (

The general homepage for this course is

This course will introduce the student to major concepts and techniques involved in securing a Unix server or workstation. Linux is used as the learning environment, but concepts will be applicable to all Unix environments. The book for this course is "Real World Linux Security" by Bobn Toxen (with associated website,

These classnotes are organized by topic. More often than not, these topics will also coincide with particular days in the class. The topics will be presented in the following order:


General System Security Introduction
/On Terminology
/Myths of Unix Security
/Security Versus Obscurity
/Moving to Rings of Security

The Seven Most Deadly Sins (pp. 27-41)
1: /Weak and Default Passwords
PROJECT: /Scan for Weak Passwords
2: /Open Network Ports
PROJECT: /Turn Off Unneeded Services
3: /Old Software Versions
4: /Insecure and Badly Configured Programs
5: /Insufficient Resources and Misplaced Priorities
6: /Stale and Unnecessary Accounts
7: /Procrastination

PROJECT: [/Replace Weak Doors with Brick]?

Common Weaknesses
/Permission Problems
/Kernel Protocol Switches
PROJECT: /Kernel Protocol Switches at Boot
/X Server Security
/Physical Security
[/Secure Deletion]?
[/Destroying Old Confidential Data In Free Blocks]?
/Watching bash
/Executing Stealth Commands
/Pluggable Authentication Modules
PROJECT : /Enable Stronger Passwords


SAMBA Security
/SAMBA Review
/SAMBA Versions
/Securing smb.conf
/Securing smbpasswd
/Other SAMBA Security
PROJECT /Configure SAMBA Securely
SPAM and Viruses
/Why worry about Spam?
/Realtime Blackhole Lists are bad
/Sendmail Security
Setting up an Anti-Spam Gateway - Part I: The Tools
/DCC - Distributed Checksum Clearinghouse
/Vipul's Razor
Setting up an Anti-Spam Gateway - Part II: The Procedure
/Overview of System
  1. /Install Components and Setup Users
  2. /Configure Postfix
  3. /Configure SpamAssassin
  4. /Configure Razor
  5. /Configure DCC
  6. /Configure Amavisd
  7. /Bayesian Learning Script
Adding Anti-Virus Protection
/Overview of AV Software For Linux
/Sophos For Linux
/Sophie - Quick Attachment Scanning
/Integrating Sophie With Amavisd
  1. /Install Sophos
  2. /Install Sophie
  3. /Configure Amavisd for Sophie
  4. /Add Sophie to init


/Ports and Permissions
Apache Security
/Apache Review
/Server Side Includes and Script Issues
/Securing Apache Configuration
/Special Techniques for Web Servers Part 1
/Special Techniques for Web Servers Part 2
/CGI Scripts and Programs
Hardenning Apache
PROJECT: /Harden Apache
/Introduction to WPoison
PROJECT: /Install WPoison
PROJECT: /Set up detection for defaced web pages

FTP Security
/Introduction to WU-FTPD
Chrooting FTP for Guest Access
    1. /Kinds of FTP Accounts
    2. /Chroot setup in passwd
    3. /Create home directory
    4. /Populate home directory
    5. /Build Contents of bin
    6. /Build Contents of etc
    7. /Extra Security Touches

/Limitting Login

Monitoring System Logs
/Scanning and monitoring system logs
/Introduction to Logrotate
/Configuring Logrotate
/Introduction to Logcheck
/Configuring Logcheck
/Introduction to Logwatch
/Configuring Logwatch

/AWStats Introduction
PROJECT : /Install AWStats

Establishing Security Policies
Homework: Read Chapter 7


Hardening Your System - Part I: Firewalling
/Packet FIltering Basics
/Firewalling Terminology
/ipchains and iptables - Small history of filtering under Linux
/Introduction to IPChains
/IPChains Commands
/Introduction to IPTables
/IPTables advantages - disadvantages over IPChains
/IPTables- Fact and Myth
/IPTables Commands
/IPTables Firewall Scripts
PROJECT: Firewall off key ports
/Firewall SAMBA
/Firewall SOHO
/Introduction to TCPWrappers
/TCPWrappers usage
/TCPWrappers advanced usage
PROJECT: Adaptive Firewall
/Introduction to Adaptive Firewall
/Overview of Firewall System
/Install Scripts
/Configure Firewall
/Test Firewall
Scanning Your Own System
/Introduction to nmap
/nmap Usage
PROJECT: /Test Neighbors Firewall


/A Review
Linux Encryption
/Overview of Linux Encryption Options
/Kernel Space Encryption
/Encryption with aespipe
PROJECT : /Encrypt an archive
Monitoring Activity
Snort IDS
/Introduction to Snort
/Snort Install
/Snort Usage
/Snort Configuration
/Introduction to Shadow
Trapping the Intruder
/Honeypots and Tarpits
/Introduction to thp
/Configuring thp
PROJECT /Setup Tiny Honeypot with Snort
/Introduction to TripWire
PROJECT /Setup Logcheck and TripWire
/Monitoring Attacks with Ethereal
Regaining Control
/General behavior
/Backing up the system
/Forensics analysis
/Handling Running Cracker's Processes
/Emergency Shutdown
/Booting Read Only
PROJECT : /Regain Control

Classnotes | RecentChanges | Preferences
This page is read-only | View other revisions
Last edited October 24, 2003 8:05 pm (diff)
(C) Copyright 2003 Samuel Hart
Creative Commons License
This work is licensed under a Creative Commons License.