我的书签
添加书签
移除书签2.2. 应当知道的一般性安全问题
下边在为什么一些内容了涉及安全问题上(通常)将不做细节性探讨. 因此, 你最好有 UNIX 和(特别是) linux 安全知识背景, 您遇到不同选择的时候, 花点时间阅读一些安全文档是个明智的决定. Debian GNU/Linux 是基于 linux 内核的, 因此很多有关 Linux 的信息, 以及其它发行版和一般性 Unix 安全同样也适用于它(即使使用工具或程序有所不同).
一些有用的文档:
The http://www.tldp.org/HOWTO/Security-HOWTO/ (also available at http://www.linuxsecurity.com/docs/LDP/Security-HOWTO.html) is one of the best references regarding general Linux security.
The http://www.tldp.org/HOWTO/Security-Quickstart-HOWTO/ is also a very good starting point for novice users (both to Linux and security).
The http://seifried.org/lasg/ is a complete guide that touches all the issues related to security in Linux, from kernel security to VPNs. Note that it has not been updated since 2001, but some information is still relevant. [1]
Kurt Seifried’s http://seifried.org/security/os/linux/20020324-securing-linux-step-by-step.html.
In http://www.tldp.org/links/p_books.html#securing_linux you can find a similar document to this manual but related to Red Hat, some of the issues are not distribution-specific and also apply to Debian.
Another Red Hat related document is http://ltp.sourceforge.net/docs/RHEL-EAL3-Configuration-Guide.pdf.
IntersectAlliance has published some documents that can be used as reference cards on how to harden Linux servers (and their services), the documents are available at http://www.intersectalliance.com/projects/index.html.
For network administrators, a good reference for building a secure network is the http://www.linuxsecurity.com/docs/LDP/Securing-Domain-HOWTO/.
If you want to evaluate the programs you are going to use (or want to build up some new ones) you should read the http://www.tldp.org/HOWTO/Secure-Programs-HOWTO/ (master copy is available at http://www.dwheeler.com/secure-programs/, it includes slides and talks from the author, David Wheeler)
If you are considering installing firewall capabilities, you should read the http://www.tldp.org/HOWTO/Firewall-HOWTO.html and the http://www.tldp.org/HOWTO/IPCHAINS-HOWTO.html (for kernels previous to 2.4).
Finally, a good card to keep handy is the http://www.linuxsecurity.com/docs/QuickRefCard.pdf.
In any case, there is more information regarding the services explained here (NFS, NIS, SMB…) in many of the HOWTOs of the http://www.tldp.org/. Some of these documents speak on the security side of a given service, so be sure to take a look there too.
The HOWTO documents from the Linux Documentation Project are available in Debian GNU/Linux through the installation of the doc-linux-text (text version) or doc-linux-html (HTML version). After installation these documents will be available at the /usr/share/doc/HOWTO/en-txt and /usr/share/doc/HOWTO/en-html directories, respectively.
其它一些推荐文档:
Linux 安全最大化 : 一个黑客在保护您的 Linux服务和网络方面给出的指导. Anonymous. Paperback - 829 pages. Sams Publishing. ISBN: 0672313413. July 1999.
Linux Security By John S. Flowers. New Riders; ISBN: 0735700354. March 1999.
http://www.linux.org/books/ISBN_0072127732.html By Brian Hatch. McGraw-Hill Higher Education. ISBN 0072127732. April, 2001
其它一些图书 (与一般性 UNIX 安全问题相关,而不是针对 Linux):
http://www.ora.com/catalog/puis/noframes.html Garfinkel, Simpson, and Spafford, Gene; O’Reilly Associates; ISBN 0-56592-148-8; 1004pp; 1996.
防火墙与入侵检测 Cheswick, William R. and Bellovin, Steven M.; Addison-Wesley; 1994; ISBN 0-201-63357-4; 320pp.
Some useful web sites to keep up to date regarding security:
http://www.securityfocus.com the server that hosts the Bugtraq vulnerability database and list, and provides general security information, news and reports.
http://www.linuxsecurity.com/. General information regarding Linux security (tools, news…). Most useful is the http://www.linuxsecurity.com/resources/documentation-1.html page.
http://www.linux-firewall-tools.com/linux/. General information regarding Linux firewalls and tools to control and administrate them.
[1] At a given time it was superseded by the “Linux Security Knowledge Base”. This documentation is also provided in Debian through the lskb package. Now it’s back as the Lasg again.
