WEBVTT 1 00:00:00.120 --> 00:00:01.280 Welcome to your deep dive. 2 00:00:01.399 --> 00:00:02.439 Oh thanks for having me. 3 00:00:02.759 --> 00:00:05.320 Today we're diving into practical Linux security. 4 00:00:05.599 --> 00:00:06.480 Excellent topic. 5 00:00:06.559 --> 00:00:10.160 Yeah, we're using Practical Linux Security Cookbook. You know, I 6 00:00:10.199 --> 00:00:12.359 think everyone should be thinking about this kind of stuff 7 00:00:12.400 --> 00:00:14.400 because it's like locking your front door. 8 00:00:14.759 --> 00:00:18.039 Definitely, it's essential. And what's great about this book is 9 00:00:18.039 --> 00:00:20.760 that it really focuses on the why behind security. 10 00:00:20.920 --> 00:00:23.000 Yeah, it's not just about the tools exactly. 11 00:00:23.079 --> 00:00:24.800 It helps you understand the concepts. 12 00:00:25.079 --> 00:00:28.000 Speaking of why. One thing that really struck me the 13 00:00:28.039 --> 00:00:31.440 book says, never use the remember password feature. 14 00:00:31.719 --> 00:00:33.079 Oh that's a good one. 15 00:00:33.200 --> 00:00:35.479 I mean, I get it. It's convenient, but is it 16 00:00:35.520 --> 00:00:38.079 really that risky, even on like a personal laptop. 17 00:00:38.280 --> 00:00:41.960 Well, think about it this way. It's like writing your 18 00:00:42.039 --> 00:00:43.359 pin on your debit card. 19 00:00:43.600 --> 00:00:44.960 Oh right, it's. 20 00:00:44.799 --> 00:00:47.000 Convenient, but if someone gets a hold of it, they 21 00:00:47.000 --> 00:00:50.560 have full access. And imagine that someone is malware. 22 00:00:50.679 --> 00:00:52.280 Ooh, sneaky malware. 23 00:00:52.520 --> 00:00:54.560 It could be silently snooping on your system. 24 00:00:54.719 --> 00:00:57.799 So remember password is a no go, not a good idea. 25 00:00:57.960 --> 00:01:02.039 Got it? Strong unique passwords for everything? 26 00:01:02.320 --> 00:01:06.040 Definitely. Another thing that caught my eye was checksums. 27 00:01:06.239 --> 00:01:07.000 Oh checksum. 28 00:01:07.200 --> 00:01:10.840 Yeah, most people download software without verifying its integrity. But 29 00:01:10.959 --> 00:01:11.719 it's crucial. 30 00:01:11.799 --> 00:01:14.480 I'll admit I'm guilty of skipping that step. Sometimes. 31 00:01:14.519 --> 00:01:16.640 It's like receiving a package. You'd check if it's the 32 00:01:16.719 --> 00:01:18.000 right thing and undamaged. 33 00:01:18.079 --> 00:01:19.359 Right, Yeah, of course. 34 00:01:19.239 --> 00:01:22.239 Checksums are the same, but for digital files. 35 00:01:22.760 --> 00:01:25.079 So how do they actually work? Are they complicated? 36 00:01:25.719 --> 00:01:28.040 Not at all? Think of it as a digital fingerprint. 37 00:01:28.359 --> 00:01:28.840 Oh okay. 38 00:01:28.879 --> 00:01:33.120 The book uses downloading in a Buntu ISO as an example. Okay, yeah, 39 00:01:33.200 --> 00:01:36.280 you can use the md fivesome command to generate a. 40 00:01:36.359 --> 00:01:37.680 Checksum built into Linux. 41 00:01:37.760 --> 00:01:39.319 Right, yep, you compare it to the one on the 42 00:01:39.359 --> 00:01:40.319 Oupuntu website. 43 00:01:40.359 --> 00:01:41.599 If they match your good. 44 00:01:41.599 --> 00:01:43.319 Exactly, you've got the real deal. 45 00:01:43.319 --> 00:01:44.640 Not some tampered version. 46 00:01:44.920 --> 00:01:45.400 Decisely. 47 00:01:45.519 --> 00:01:47.280 So it's a quick verification stack. 48 00:01:47.159 --> 00:01:49.560 Exactly to avoid installing something dodgy. 49 00:01:49.719 --> 00:01:53.640 Definitely worth it. Now let's dive a bit deeper the 50 00:01:53.719 --> 00:01:54.480 Linux kernel. 51 00:01:54.719 --> 00:01:57.959 Ah, yes, the heart of the OS. 52 00:01:58.200 --> 00:02:00.680 It's a bit intimidating, honestly, it can be. 53 00:02:00.959 --> 00:02:03.799 But this book breaks it down. Well that's good to hear, 54 00:02:04.079 --> 00:02:07.280 and it gets into compiling and configuring it yourself. 55 00:02:07.359 --> 00:02:08.840 Okay, so this is serious stuff. 56 00:02:08.960 --> 00:02:12.759 It is, and there's one detail that's super intriguing. It 57 00:02:12.840 --> 00:02:17.240 recommends having at least three GB of space. Three GB, Yeah, 58 00:02:17.479 --> 00:02:19.680 just for the boot partition, just for boot. 59 00:02:20.000 --> 00:02:20.960 That seems like a lot. 60 00:02:21.080 --> 00:02:23.199 It is, especially when compiling the kernel. 61 00:02:23.479 --> 00:02:25.439 Why so much space? What's going on there? 62 00:02:25.560 --> 00:02:28.639 It's like building a house versus moving into a furnished one. 63 00:02:28.719 --> 00:02:30.039 Oh, interesting analogy. 64 00:02:30.080 --> 00:02:33.759 Compiling your kernel gives you ultimate control, but it involves 65 00:02:33.879 --> 00:02:38.520 generating a ton of temporary files, configuration, options modules. It's 66 00:02:38.560 --> 00:02:41.439 a complex process, it is, and all those pieces need 67 00:02:41.479 --> 00:02:43.280 a place to live during the build. 68 00:02:43.039 --> 00:02:45.599 And that's where the boot partition comes in exactly. So 69 00:02:45.680 --> 00:02:49.879 more control equals more complexity and more space makes sense, right, Okay, 70 00:02:50.199 --> 00:02:52.439 let's switch gears a bit. Security tools. 71 00:02:52.479 --> 00:02:52.960 It's good. 72 00:02:53.719 --> 00:02:55.520 There are so many covered in the book, but two 73 00:02:55.680 --> 00:03:00.840 caught my attention. The first is SXID. SXID okay, sounds 74 00:03:00.879 --> 00:03:02.000 like a sci fi weapon. 75 00:03:02.280 --> 00:03:05.120 Well, it's definitely a defender. It stands for a system 76 00:03:05.199 --> 00:03:06.520 file integrity damon. 77 00:03:06.879 --> 00:03:09.960 Okay, less sci Fi, more system protection, right. 78 00:03:09.800 --> 00:03:12.960 And it's all about monitoring your critical system files for 79 00:03:13.080 --> 00:03:14.240 unauthorized changes. 80 00:03:14.319 --> 00:03:16.560 So if someone's trying to sneak in and change. 81 00:03:16.280 --> 00:03:18.960 Things, SXID will trip the alarm like. 82 00:03:18.919 --> 00:03:21.080 A super sensitive shopwire exactly. 83 00:03:21.840 --> 00:03:24.680 The other tool that caught my eye is port centry. 84 00:03:25.000 --> 00:03:26.919 Port centry. That sounds intriguing. 85 00:03:27.039 --> 00:03:29.840 It's all about protecting your ports, you know, those entry 86 00:03:29.879 --> 00:03:31.599 points for communication. 87 00:03:31.199 --> 00:03:32.639 Right the doors to the outside world. 88 00:03:32.680 --> 00:03:35.719 Exactly. It's like having a vigilant guard dog at each entrance, 89 00:03:35.879 --> 00:03:37.840 sniffing out suspicious activities. 90 00:03:37.919 --> 00:03:43.599 So it's actively defending shutting down unauthorized access attempts precisely. Now, 91 00:03:43.800 --> 00:03:46.520 the book goes deep on SSH, which is essential for 92 00:03:46.599 --> 00:03:47.759 remote access. 93 00:03:47.479 --> 00:03:51.039 Right, absolutely essential secure Shell or SSH. 94 00:03:51.159 --> 00:03:56.000 But there's one recommendation that seems counterintuitive, disabling root log 95 00:03:56.080 --> 00:03:57.360 in via SSH. 96 00:03:57.560 --> 00:03:59.879 Ah. Yes, it might seem strange. 97 00:04:00.080 --> 00:04:02.840 First, I mean Root is like the master key exactly. 98 00:04:02.840 --> 00:04:03.879 Why would you restrict that? 99 00:04:04.080 --> 00:04:07.759 Well, because it's so powerful. Allowing direct rout log in 100 00:04:08.000 --> 00:04:10.039 is like leaving your front door wide open with the 101 00:04:10.080 --> 00:04:11.879 sign that says welcome hackers. 102 00:04:12.280 --> 00:04:15.400 Oh yikes, not a good idea, not at all. 103 00:04:15.599 --> 00:04:18.639 The book stresses the principle of least privilege. 104 00:04:18.199 --> 00:04:21.759 Okay, so only giving users the access they absolutely. 105 00:04:21.160 --> 00:04:24.160 Need exactly, So instead of logging in as root directly, 106 00:04:24.560 --> 00:04:27.800 you use a regular account and then elevate privileges with pseudo. 107 00:04:27.680 --> 00:04:30.839 Only when necessary. So it's about minimizing the attack surface, 108 00:04:31.079 --> 00:04:32.759 adding an extra layer of security. 109 00:04:32.959 --> 00:04:35.759 Right, even if someone gets your user's password, they still 110 00:04:35.800 --> 00:04:37.120 can't become root easily. 111 00:04:37.439 --> 00:04:38.399 I see the wisdom there. 112 00:04:38.480 --> 00:04:40.240 It's all about layers of protection. 113 00:04:40.519 --> 00:04:43.399 Okay. And speaking of layers, let's talk about file permissions. 114 00:04:43.439 --> 00:04:43.920 Good one. 115 00:04:44.079 --> 00:04:49.439 The book goes beyond basic CHAMAD commands and introduces access 116 00:04:49.480 --> 00:04:51.519 control lists or acls. 117 00:04:51.800 --> 00:04:53.439 Acls give you finer control. 118 00:04:53.959 --> 00:04:55.399 Boys, tell them a bit intimidating. 119 00:04:55.600 --> 00:04:58.000 They can seem complex, but they're very powerful. 120 00:04:58.160 --> 00:05:00.000 When would you actually need to use them? 121 00:05:00.079 --> 00:05:03.160 Imagine you have sensitive financial data in a shared directory. 122 00:05:03.279 --> 00:05:04.800 Okay, sensitive data, I'm listening. 123 00:05:04.879 --> 00:05:07.079 You want your finance team to have full access but 124 00:05:07.199 --> 00:05:10.199 also grant read only to auditors. 125 00:05:09.839 --> 00:05:13.560 While keeping everyone else out. Exactly, basic permissions wouldn't work 126 00:05:13.560 --> 00:05:14.319 for that, right. 127 00:05:14.519 --> 00:05:17.360 That's where acls come in. You can set specific. 128 00:05:16.959 --> 00:05:21.120 Rules, so very specific rules for different users in groups, 129 00:05:21.639 --> 00:05:23.639 even within the same directory. 130 00:05:23.199 --> 00:05:25.639 Exactly like a highly customizable security system. 131 00:05:25.920 --> 00:05:31.519 Wow, this is fascinating stuff. Passwords, kernel tools, permissions. We've 132 00:05:31.560 --> 00:05:33.839 covered a lot, and there's so much more to explore. 133 00:05:34.040 --> 00:05:37.120 Definitely get ready for Part two of our deep dive, 134 00:05:37.360 --> 00:05:39.920 where we delve even deeper into Linux security. 135 00:05:40.040 --> 00:05:43.519 Looking forward to it. So picking up where we left off. Okay, 136 00:05:43.639 --> 00:05:46.279 let's talk about something I think most people take for granted. 137 00:05:46.399 --> 00:05:46.759 What's that? 138 00:05:47.160 --> 00:05:47.800 The network? 139 00:05:48.079 --> 00:05:49.439 Ah, the network. 140 00:05:49.560 --> 00:05:55.279 The book goes really deep into managing your TCPIP network. Okay, 141 00:05:55.439 --> 00:05:57.720 you know, the foundation of how computers talk to each other. 142 00:05:57.920 --> 00:06:00.560 Yeah, that's pretty important. It is it is now, I'll 143 00:06:00.560 --> 00:06:03.839 be honest. I usually just stick with those default network settings, right, 144 00:06:03.959 --> 00:06:04.759 isn't that good enough? 145 00:06:04.879 --> 00:06:07.120 Well, default settings are kind of like a one size 146 00:06:07.160 --> 00:06:10.600 fits all outfit. Oh they might work okay, right, but 147 00:06:10.639 --> 00:06:13.079 they're not tailored to your specific needs. 148 00:06:13.160 --> 00:06:13.600 I see. 149 00:06:13.639 --> 00:06:15.959 So the book encourages us to get hands off and 150 00:06:16.040 --> 00:06:18.879 configure our networks manually for bar security. 151 00:06:19.240 --> 00:06:22.000 So it's like learning to tailor your own clothes exactly, 152 00:06:22.079 --> 00:06:23.680 instead of just buying something off the rack. 153 00:06:23.839 --> 00:06:25.279 Yeah, you get a much better fit. 154 00:06:25.480 --> 00:06:30.000 And speaking of tailoring firewalls, yes, they're all about customizing 155 00:06:30.079 --> 00:06:32.879 that network access right exact. And the book gives us 156 00:06:32.920 --> 00:06:35.560 a crash course on IP tables. 157 00:06:35.879 --> 00:06:39.800 Yes, the classic Linux firewase. It can be a little intimidating, 158 00:06:39.920 --> 00:06:42.000 to be honest, it can be, but the book does 159 00:06:42.000 --> 00:06:45.839 a good job of demystifying it. Okay, because it's incredibly powerful. 160 00:06:45.879 --> 00:06:46.879 Once you understand it. 161 00:06:47.480 --> 00:06:51.519 So I've heard of IP tables but never really understood 162 00:06:51.519 --> 00:06:52.839 what makes it so powerful. 163 00:06:52.879 --> 00:06:55.480 We'll think of it like this. IP tables lets you 164 00:06:55.480 --> 00:06:58.959 set up a series of rules okay that control how 165 00:06:59.079 --> 00:07:01.800 network traffic flows in and out of your system. 166 00:07:02.160 --> 00:07:03.720 Okay, So you can control the flow. 167 00:07:03.959 --> 00:07:08.279 Yes, you can block specific ports, allow connections only from 168 00:07:08.319 --> 00:07:11.680 certain IP addresses. You can even define how your system 169 00:07:11.720 --> 00:07:14.879 responds to any kind of suspicious activity. 170 00:07:15.000 --> 00:07:17.839 So it's like a security checkpoint for your network. Not 171 00:07:17.879 --> 00:07:18.759 just an on off switch. 172 00:07:18.879 --> 00:07:20.439 No, it's much more nuanced than that. 173 00:07:20.839 --> 00:07:24.160 You can really fine tune it precisely. Now. The book 174 00:07:24.199 --> 00:07:26.560 also mentioned this thing called IP spoofing. 175 00:07:26.759 --> 00:07:29.240 Ooh, yes, what's that all about? 176 00:07:29.480 --> 00:07:33.759 Well? IP spoofing is a tactic where attackers disguise themselves 177 00:07:34.040 --> 00:07:35.519 using fake IP addresses. 178 00:07:35.920 --> 00:07:37.839 So it's like sending a letter with a fake return 179 00:07:37.879 --> 00:07:38.920 address exactly. 180 00:07:39.079 --> 00:07:40.079 It's all about deception. 181 00:07:40.240 --> 00:07:41.519 So how do you protect against that? 182 00:07:42.000 --> 00:07:44.720 Well, luckily IP tables can help us fight back. 183 00:07:44.839 --> 00:07:45.800 Oh okay, good. 184 00:07:45.879 --> 00:07:49.879 The book shows you how to create rules that specifically 185 00:07:49.920 --> 00:07:52.120 block those spoofed addresses. 186 00:07:51.639 --> 00:07:54.759 Another layer of protection, exactly, like a security guard checking 187 00:07:54.759 --> 00:07:55.720 IDs at the door. 188 00:07:55.920 --> 00:07:57.040 Yeah. Good, analogy. 189 00:07:57.439 --> 00:07:59.959 So I'm starting to see how all these different pieces 190 00:08:00.720 --> 00:08:03.000 fit together to create a secure system. 191 00:08:03.079 --> 00:08:04.199 Yeah, it's all about layers. 192 00:08:04.319 --> 00:08:06.639 Now. The book also talks about TCP rappers. 193 00:08:06.759 --> 00:08:08.279 Yes, TCP rapp. 194 00:08:08.160 --> 00:08:09.639 Is that related to firewalls at all? 195 00:08:09.839 --> 00:08:12.600 It is? Okay, think of TCP rappers as an access 196 00:08:12.639 --> 00:08:15.959 control list specifically for your network services, so. 197 00:08:16.040 --> 00:08:19.240 Lets you control which hosts are allowed to connect to 198 00:08:19.360 --> 00:08:21.160 specific services. 199 00:08:20.639 --> 00:08:24.120 So like SSH or my web server exactly. Okay, So 200 00:08:24.439 --> 00:08:29.040 IP tables for the general firewall rules and TCP rappers 201 00:08:29.600 --> 00:08:33.759 for that more granular service level control. Precisely, it's like 202 00:08:33.799 --> 00:08:36.679 having different security guards, you know, mm mmm, each with 203 00:08:36.720 --> 00:08:37.600 their own expertise. 204 00:08:37.720 --> 00:08:39.159 Yeah, it's a good way to think about it. 205 00:08:39.480 --> 00:08:42.720 Now. The book also covers tons of these specialized security tools. 206 00:08:42.840 --> 00:08:44.120 Yes, there are so many. 207 00:08:44.200 --> 00:08:46.919 We already talked about SXID right in fourth century. But 208 00:08:47.120 --> 00:08:48.759 what other tools really stood out to you. 209 00:08:49.039 --> 00:08:51.639 One that I think is particularly interesting is squid proxy. 210 00:08:51.679 --> 00:08:52.720 It quid proxy Okay. 211 00:08:52.720 --> 00:08:54.879 It might sound a bit technical, yeah, a little bit, 212 00:08:54.919 --> 00:08:57.600 but it's basically a middleman for your Internet traffic. 213 00:08:57.720 --> 00:08:59.639 A middleman. Okay. What's the advantage of that. 214 00:09:00.000 --> 00:09:03.960 Well, Proxy servers like squid can do a lot of things. Okay, 215 00:09:04.279 --> 00:09:09.000 they can cash frequently access content, which can speed up 216 00:09:09.000 --> 00:09:12.519 your browsing. They can enhance your privacy by masking your 217 00:09:12.559 --> 00:09:16.159 IP address. Oh interesting, And for security, squid can filter 218 00:09:16.240 --> 00:09:18.399 out malicious websites okay, or. 219 00:09:18.360 --> 00:09:20.399 Block access to certain types of content. 220 00:09:20.480 --> 00:09:22.759 So it's like having a bodyguard for your Internet traffic, 221 00:09:22.919 --> 00:09:25.080 exactly screening out those bad guys. 222 00:09:24.919 --> 00:09:25.960 Keeping you safe. 223 00:09:26.279 --> 00:09:26.799 I like it. 224 00:09:26.679 --> 00:09:28.000 It's a very versatile tool. 225 00:09:28.120 --> 00:09:31.080 Now, another crucial aspect of online security. 226 00:09:30.679 --> 00:09:32.799 Is encryption, right absolutely. 227 00:09:32.919 --> 00:09:35.480 The book mentions open SSL. 228 00:09:35.279 --> 00:09:39.679 Yes, open SSL. In that context, it's a powerhouse, okay. 229 00:09:39.759 --> 00:09:42.720 It's the engine behind those little padlock icons that you 230 00:09:42.759 --> 00:09:47.080 see in your web browser, ensuring secure communication for websites, email, 231 00:09:47.279 --> 00:09:47.879 you name it. 232 00:09:47.919 --> 00:09:50.039 So it's like the secret code language of the Internet, 233 00:09:50.159 --> 00:09:51.639 exactly keeping our data. 234 00:09:51.440 --> 00:09:52.840 Safe from prying eyes. 235 00:09:53.480 --> 00:09:56.000 But what happens if somebody does manage to get through 236 00:09:56.519 --> 00:09:59.799 all these defenses, that's a good question. How do we 237 00:09:59.840 --> 00:10:02.039 eat even know if our system has been compromised? 238 00:10:02.840 --> 00:10:05.600 Well, that's where intrusion detection systems come in. 239 00:10:05.559 --> 00:10:07.679 Or IDs is okay, IDSS, got it. 240 00:10:07.879 --> 00:10:10.799 The book introduces us to tripwire trip wise, which is 241 00:10:10.840 --> 00:10:12.639 a classic open source IDs. 242 00:10:12.720 --> 00:10:15.919 Okay, So how does tripwire work. Does it just scan 243 00:10:16.080 --> 00:10:17.639 your system for viruses? 244 00:10:17.679 --> 00:10:18.840 It's more subtle than that. 245 00:10:19.159 --> 00:10:23.039 Tripwire takes a snapshot of your critical system files okay, 246 00:10:23.080 --> 00:10:26.799 and then constantly compares them to the current state. Oh interesting, 247 00:10:26.919 --> 00:10:30.360 So if anything changes, like a file is modified or deleted, 248 00:10:30.759 --> 00:10:33.639 or a new one is added, right, tripwire will alert you. 249 00:10:33.879 --> 00:10:36.240 So it's like a security camera for your file. 250 00:10:36.039 --> 00:10:38.679 System, exactly detecting any tampering. 251 00:10:38.840 --> 00:10:42.919 That's pretty clever. The book also talks about shorewall. Shorewall, Yes, 252 00:10:43.080 --> 00:10:44.759 is that another type of fear wall? 253 00:10:45.480 --> 00:10:47.919 You could say that shore wall is designed to make 254 00:10:48.080 --> 00:10:51.600 setting up a robust firewall easier, okay, especially if you're 255 00:10:51.639 --> 00:10:54.120 not a command line guru. It gives you a more 256 00:10:54.480 --> 00:10:57.480 user friendly way to define those firewall rules. 257 00:10:57.759 --> 00:11:00.879 So it's like IP tables, but with training wheels exactly. 258 00:11:01.080 --> 00:11:03.200 You get the same level of control, but it's a 259 00:11:03.240 --> 00:11:06.480 bit more approachable. I like that approachable security, right, It's 260 00:11:06.519 --> 00:11:08.720 important to make these tools accessible now. 261 00:11:08.759 --> 00:11:13.080 The book also covers a bunch of security focused Linux distributions. 262 00:11:13.240 --> 00:11:14.519 Oh yes, the distros. 263 00:11:14.679 --> 00:11:16.120 Have you heard of Kali Linux? 264 00:11:16.240 --> 00:11:18.679 Kalie Linux is famous in the security world. 265 00:11:18.919 --> 00:11:21.480 Okay, it rings a bell, but I don't really know 266 00:11:21.600 --> 00:11:22.159 much about it. 267 00:11:22.159 --> 00:11:24.039 It's a penetration testing distribution. 268 00:11:24.080 --> 00:11:25.440 Penetration testing, what's. 269 00:11:25.240 --> 00:11:28.440 That it means? It comes pre loaded with all sorts 270 00:11:28.440 --> 00:11:35.399 of tools okay, for ethical hacking, vulnerability assessments, digital forensics. 271 00:11:35.960 --> 00:11:37.120 So this is for the pros. 272 00:11:37.240 --> 00:11:39.960 Yeah, it's like a toolkit for security professionals. 273 00:11:40.039 --> 00:11:43.799 Okay, So probably not something i'd install my everyday computer. 274 00:11:44.240 --> 00:11:47.120 Probably not unless you're a cybersecurity enthusiast. 275 00:11:46.799 --> 00:11:50.080 Side or a professional. Exactly are there any other specialized 276 00:11:50.080 --> 00:11:51.279 distros worth mentioning? 277 00:11:51.919 --> 00:11:54.279 There are a few others that the book mentions, okay. 278 00:11:54.360 --> 00:11:58.240 One is called Paycience. It's all about building rock solid 279 00:11:58.360 --> 00:11:59.720 firewalls and routers. 280 00:12:00.080 --> 00:12:02.919 Interesting, So if I wanted to turn an old computer 281 00:12:03.080 --> 00:12:05.720 into a dedicated firewall appliance. 282 00:12:05.320 --> 00:12:06.600 P sense would be a great option. 283 00:12:06.720 --> 00:12:07.240 Okay. Cool. 284 00:12:07.279 --> 00:12:09.559 It even has a web based interface, so you don't 285 00:12:09.600 --> 00:12:12.159 need to be a command line wizard to set it up. 286 00:12:12.240 --> 00:12:12.879 Oh it's good. 287 00:12:13.000 --> 00:12:15.519 Another one that caught my eye is deafift. 288 00:12:15.399 --> 00:12:17.360 Deaf t okay, which stands. 289 00:12:17.039 --> 00:12:19.399 For Digital Evidence and Forensic Toolkit. 290 00:12:19.559 --> 00:12:20.879 Oh wow, that sounds serious. 291 00:12:21.159 --> 00:12:26.080 It is. It's all about digital forensics okay, investigating computer crimes, 292 00:12:26.679 --> 00:12:32.000 gathering evidence okay. It has tools for data recovery, malware analysis, 293 00:12:32.120 --> 00:12:34.679 creating forensic images of hard drives. 294 00:12:34.879 --> 00:12:37.679 So it's like a digital detective's toolkit exactly. So if 295 00:12:37.679 --> 00:12:41.080 I were investigating a cybercrime, DFT would be my go to. 296 00:12:41.279 --> 00:12:42.759 It would be a great choice. 297 00:12:42.840 --> 00:12:45.879 Pretty cool. Any other specialized distros we should know about. 298 00:12:46.039 --> 00:12:48.919 The book also talks about NST and ST, which is 299 00:12:48.960 --> 00:12:52.399 the Network Security Toolkit. Oh okay, it's a powerhouse for 300 00:12:52.480 --> 00:12:55.039 network security monitoring and analysis. 301 00:12:55.080 --> 00:12:57.440 Okay, what kind of monitoring are we talking about here? 302 00:12:57.519 --> 00:13:03.360 Everything? Okay, network traffic analysis, intrusion detection, vulnerability scanning. Wow, 303 00:13:03.559 --> 00:13:05.399 you name it. NST has a tool for it. 304 00:13:05.440 --> 00:13:09.320 So it's like a security command center for your network exactly. Wow, Okay, 305 00:13:09.320 --> 00:13:10.039 this is impressive. 306 00:13:10.120 --> 00:13:13.440 And lastly, there's Helix, which is another distro designed for 307 00:13:13.480 --> 00:13:15.559 those digital forensics investigations. 308 00:13:15.720 --> 00:13:18.879 So if I were serious about digital forensics, I'd probably 309 00:13:18.879 --> 00:13:21.159 want to check out both the FT and Helix. 310 00:13:21.559 --> 00:13:23.600 Yeah, see which one suits your needs better. 311 00:13:24.200 --> 00:13:24.919 That's pretty cool. 312 00:13:25.000 --> 00:13:28.120 It is. There's a whole world of specialized distros out there. 313 00:13:28.159 --> 00:13:30.480 The world of Linux security is so much bigger than 314 00:13:30.519 --> 00:13:31.480 I ever imagine. 315 00:13:31.519 --> 00:13:34.320 It really is, and we've only just scratched the surface. 316 00:13:34.519 --> 00:13:37.360 Now, remember that shell shock vulnerability we talked about earlier. 317 00:13:37.399 --> 00:13:41.399 Oh yes, the bash shell vulnerability back in twenty fourteen. 318 00:13:41.559 --> 00:13:44.639 That sounded pretty scary. Did the book offer any insights 319 00:13:44.679 --> 00:13:47.159 on preventing similar vulnerabilities in the future. 320 00:13:47.360 --> 00:13:50.720 It did. It emphasizes the importance of patch management. 321 00:13:50.879 --> 00:13:52.200 Patch management keeping. 322 00:13:52.000 --> 00:13:55.559 Your software up to date with the latest security fixes. 323 00:13:55.960 --> 00:13:59.080 So it's not just installing the tools, it's also staying 324 00:13:59.080 --> 00:13:59.960 on top of those updates. 325 00:14:00.120 --> 00:14:00.480 Exactly. 326 00:14:00.480 --> 00:14:03.120 Got to keep things patched makes sense. But how do 327 00:14:03.159 --> 00:14:05.440 we even know if something suspicious is happening on our 328 00:14:05.480 --> 00:14:06.440 system in real time? 329 00:14:06.720 --> 00:14:10.360 Well, our systems are constantly generating these log files, right, 330 00:14:11.159 --> 00:14:14.960 recording all sorts of activity, log in attempts, service activity, 331 00:14:15.240 --> 00:14:17.799 error messages. There's a lot of data, it is, and 332 00:14:17.919 --> 00:14:22.000 the book explores tools for monitoring and analyzing these logs 333 00:14:22.360 --> 00:14:25.080 to detect those potential problems early on. 334 00:14:25.759 --> 00:14:28.480 So it's like having a security camera that records everything, 335 00:14:29.320 --> 00:14:32.279 but you need to know how to review the footage exactly. 336 00:14:32.679 --> 00:14:35.759 The book mentions a tool called log check. Log check, Yes, 337 00:14:35.840 --> 00:14:36.480 what's that about. 338 00:14:36.679 --> 00:14:40.120 Log check is like a filter for your log files? Okay, 339 00:14:40.440 --> 00:14:44.320 It sifts through all that noise and highlights the important 340 00:14:44.320 --> 00:14:45.600 security events. 341 00:14:45.279 --> 00:14:46.879 So it tells me what I need to pay attention 342 00:14:46.919 --> 00:14:48.399 to exactly. 343 00:14:48.240 --> 00:14:51.200 And it can even send you email alerts. Oh nice, 344 00:14:51.279 --> 00:14:52.679 something suspicious pops up. 345 00:14:52.799 --> 00:14:55.559 So it's like having a security guard who reviews the 346 00:14:55.679 --> 00:14:59.480 logs and gives you a heads up if something's wrong. 347 00:14:59.600 --> 00:15:01.960 Precise, Very handy, very handy. 348 00:15:02.399 --> 00:15:05.200 The book also talks about end map en map, Yes, 349 00:15:05.440 --> 00:15:06.159 what's that one for? 350 00:15:06.440 --> 00:15:07.919 Endmap is a network mapper. 351 00:15:08.120 --> 00:15:08.919 A network mapper. 352 00:15:08.919 --> 00:15:11.480 Oh, it's like a sonar system for your network, okay, 353 00:15:11.600 --> 00:15:14.960 letting you discover and probe devices and services so. 354 00:15:14.919 --> 00:15:17.159 You can see what's out there exactly. Okay. So it's 355 00:15:17.200 --> 00:15:20.360 not just about protecting your own system. Yeah, it's also 356 00:15:20.440 --> 00:15:22.519 understanding your network environment. 357 00:15:22.320 --> 00:15:25.399 Right, you need to know what you're dealing with. 358 00:15:25.480 --> 00:15:28.080 That makes sense. What about monitoring the health and performance 359 00:15:28.159 --> 00:15:29.360 of our system itself? 360 00:15:29.600 --> 00:15:33.679 Well, the book introduces us to a tool called Glances. 361 00:15:33.960 --> 00:15:34.759 Glances okay. 362 00:15:34.919 --> 00:15:38.399 It gives you a real time overview of your system's performance, 363 00:15:39.000 --> 00:15:44.519 CPU usage, memory usage, network activity disc io. 364 00:15:44.879 --> 00:15:47.919 Wow. So it's like a dashboard for your system's vitals exactly. 365 00:15:48.159 --> 00:15:49.840 A great way to keep an eye on things. 366 00:15:50.080 --> 00:15:52.960 Are there any other system monitoring tools worth mentioning? 367 00:15:53.120 --> 00:15:57.120 The book also covers multi tail multi tail, which is 368 00:15:57.159 --> 00:16:00.639 great for monitoring multiple log files at the same time time. Okay, 369 00:16:00.799 --> 00:16:03.799 you can even define filters and color coding rules to 370 00:16:03.879 --> 00:16:05.759 make it easier to spot problems. 371 00:16:05.960 --> 00:16:08.399 So it's like having multiple security cameras all feeding into 372 00:16:08.399 --> 00:16:09.519 a central monitoring station. 373 00:16:09.720 --> 00:16:11.519 Precisely you get a comprehensive view. 374 00:16:11.720 --> 00:16:14.799 Very cool. The book mentions another utility called who watch 375 00:16:14.919 --> 00:16:16.159 Who watch, Yes, what's that for? 376 00:16:16.559 --> 00:16:21.240 Who watch is a simple but useful tool for monitoring 377 00:16:21.320 --> 00:16:24.080 user activity on your system. It shows you who's logged in, 378 00:16:24.159 --> 00:16:26.759 what processes they're running, even their idle time. 379 00:16:26.879 --> 00:16:28.600 So it's like a roll call for all the users 380 00:16:28.600 --> 00:16:30.559 on your system exactly. I can see how that would 381 00:16:30.559 --> 00:16:32.320 be helpful for administrators. 382 00:16:31.840 --> 00:16:33.519 Definitely, it gives you that visibility. 383 00:16:34.080 --> 00:16:37.000 What about digging into the details of files and filesystems? 384 00:16:37.600 --> 00:16:40.960 Well, for that, the book introduces us to the stack command. 385 00:16:41.279 --> 00:16:44.480 It's like a supercharged version of role l's giving you 386 00:16:44.519 --> 00:16:50.919 a wealth of information about a file or file system, size, permissions, ownership, 387 00:16:51.440 --> 00:16:52.399 access times. 388 00:16:52.480 --> 00:16:54.240 It's like getting a full report card for your. 389 00:16:54.159 --> 00:16:56.840 Files, exactly all the essential details. 390 00:16:56.960 --> 00:17:00.120 I'm curious, are there any tools for understanding what's happening 391 00:17:00.200 --> 00:17:02.559 under the hood? With those running processes. 392 00:17:02.799 --> 00:17:07.039 Absolutely. The book covers alsoft falsoft, which stands for list 393 00:17:07.119 --> 00:17:12.319 Open files okay, and it's incredibly useful for troubleshooting, even 394 00:17:12.359 --> 00:17:13.920 detecting suspicious activity. 395 00:17:14.160 --> 00:17:17.119 So if a process is acting up, alsoft can help 396 00:17:17.119 --> 00:17:19.880 me figure out what it's messing with exactly. It gives 397 00:17:19.920 --> 00:17:23.359 you that insight, super helpful. What about tools that let 398 00:17:23.440 --> 00:17:27.319 us see how programs interact with the kernel at a 399 00:17:27.400 --> 00:17:28.359 very low level. 400 00:17:28.359 --> 00:17:30.440 Well, the book has us covered there too with a 401 00:17:30.519 --> 00:17:34.400 tool called strass. It traces system calls, giving you a 402 00:17:34.480 --> 00:17:38.200 detailed view of how a program is interacting with the operating. 403 00:17:37.799 --> 00:17:40.279 System, so you can see what's happening behind. 404 00:17:40.079 --> 00:17:43.440 The scenes exactly. It's like watching the program's execution in 405 00:17:43.480 --> 00:17:44.000 slow motion. 406 00:17:44.559 --> 00:17:46.759 WHOA, that sounds pretty intense. 407 00:17:47.000 --> 00:17:49.920 It can be, but it's a powerful tool for debugging 408 00:17:49.960 --> 00:17:51.319 and understanding your system. 409 00:17:51.480 --> 00:17:53.799 It's like having X ray vision into the workings of 410 00:17:53.839 --> 00:17:54.519 your programs. 411 00:17:54.519 --> 00:17:55.400 A good analogy. 412 00:17:55.759 --> 00:17:59.680 And finally, the book concludes with this tool called Linus. Linus, 413 00:17:59.759 --> 00:18:01.799 Yes it sounds pretty intriguing it is. 414 00:18:01.839 --> 00:18:05.640 It's an automated security auditing tool. It scans your system 415 00:18:05.759 --> 00:18:10.799 for potential vulnerabilities, misconfigurations, and generates a report that highlights 416 00:18:10.880 --> 00:18:12.119 areas for improvement. 417 00:18:12.519 --> 00:18:15.359 So it's like having a security consultant come in exactly 418 00:18:15.599 --> 00:18:17.440 and give your system a checkup. 419 00:18:17.119 --> 00:18:18.319 A thorough checkup. 420 00:18:18.400 --> 00:18:20.200 That sounds incredibly useful. It is. 421 00:18:20.240 --> 00:18:22.960 It's a great way to get a comprehensive overview of 422 00:18:23.000 --> 00:18:24.279 your security posture. 423 00:18:24.400 --> 00:18:28.640 So we've got tools for preventing attacks, tools for detecting them, yes, 424 00:18:28.640 --> 00:18:32.240 soos for analyzing them, even tools for auditing our systems 425 00:18:32.240 --> 00:18:33.000 for weaknesses. 426 00:18:33.400 --> 00:18:34.519 It's a whole arsenal. 427 00:18:34.599 --> 00:18:35.680 This is a lot to take in. 428 00:18:35.920 --> 00:18:39.160 It is, but the key takeaway is that Linux provides 429 00:18:39.200 --> 00:18:43.319 an incredible array of tools and techniques for security, and 430 00:18:43.440 --> 00:18:47.960 the Practical Linux Security Cookbook gives us a roadmap for 431 00:18:48.119 --> 00:18:50.359 navigating this complex landscape. 432 00:18:50.400 --> 00:18:53.440 Absolutely, we've only just begun to explore the world of 433 00:18:53.480 --> 00:18:57.599 practical Linux security, but I already feel so much more 434 00:18:57.640 --> 00:18:58.920 informed and empowered. 435 00:18:59.039 --> 00:19:01.519 That's great to hear. It's all about knowledge and understanding. 436 00:19:01.880 --> 00:19:04.200 Stay tuned for Part three of our deep dive, where 437 00:19:04.240 --> 00:19:07.599 we'll wrap up our exploration of the Practical Linux Security. 438 00:19:07.200 --> 00:19:08.799 Cookbook, looking forward to it. 439 00:19:08.680 --> 00:19:11.680 And leave you with some key takeaways and final thoughts. 440 00:19:12.240 --> 00:19:14.960 Welcome back, it's great to be here so We've been 441 00:19:15.039 --> 00:19:18.240 uncovering a ton of useful tips and techniques in this 442 00:19:18.400 --> 00:19:20.119 Practical Linux Security Cookbook. 443 00:19:20.160 --> 00:19:21.359 It's an amazing resource. 444 00:19:21.440 --> 00:19:24.480 As we wrap up our exploration, what's the one big 445 00:19:24.519 --> 00:19:26.799 thing that stands out to you? What should our listener 446 00:19:26.920 --> 00:19:28.759 really take away from all of this? 447 00:19:29.200 --> 00:19:31.440 I think the biggest takeaway is that security is an 448 00:19:31.480 --> 00:19:32.640 ongoing process. 449 00:19:32.880 --> 00:19:35.480 You know, Okay, it's not a one and done exactly. 450 00:19:35.519 --> 00:19:37.559 It's not like you set things up once and then 451 00:19:37.680 --> 00:19:38.440 just forget about it. 452 00:19:38.480 --> 00:19:40.599 You've got to stay vigilant, right, you have. 453 00:19:40.559 --> 00:19:44.400 To understand the principles, stay aware, and always be learning 454 00:19:44.440 --> 00:19:45.079 and adapting. 455 00:19:45.200 --> 00:19:47.079 So it's like being a gardener, right. You have to 456 00:19:47.119 --> 00:19:48.599 constantly tend to your plans. 457 00:19:48.720 --> 00:19:52.759 I like that analogy. You have to prune, protect from pests, 458 00:19:53.039 --> 00:19:53.920 all that stuff. 459 00:19:53.960 --> 00:19:56.079 You can't just plan them and walk away exactly. 460 00:19:56.440 --> 00:19:59.000 And this book gives us the tools to be those 461 00:19:59.079 --> 00:20:01.440 good gardeners for our digital ecosystems. 462 00:20:01.480 --> 00:20:04.039 Okay, so you're saying we need to actively manage our security. 463 00:20:04.319 --> 00:20:07.000 Absolutely, And one thing that really struck me about the 464 00:20:07.000 --> 00:20:10.640 book is how much it emphasizes that customization. 465 00:20:10.839 --> 00:20:14.000 Oh customization, Linux is so flexible, it really is. 466 00:20:14.279 --> 00:20:19.039 It lets us tailor our systems to our specific security needs. 467 00:20:19.240 --> 00:20:22.119 Right, Like, we're not stuck with some default configuration exactly. 468 00:20:22.200 --> 00:20:23.960 It's like having those lego blocks. 469 00:20:23.680 --> 00:20:25.440 Right, lego blocks. 470 00:20:25.480 --> 00:20:27.359 I love that you can build whatever you want. 471 00:20:28.160 --> 00:20:30.559 You're not limited to those predesigned models. 472 00:20:30.759 --> 00:20:34.559 Right. You have the freedom to create something perfect for 473 00:20:34.680 --> 00:20:35.279 your purpose. 474 00:20:35.720 --> 00:20:38.680 And that freedom is really powerful. But it also means 475 00:20:39.039 --> 00:20:40.720 we need to understand what we're doing, right. 476 00:20:40.759 --> 00:20:43.119 Absolutely, power comes with responsibility. 477 00:20:43.200 --> 00:20:45.319 We can't just blindly follow instructions. 478 00:20:45.400 --> 00:20:48.799 We need to know the why behind those security measures. 479 00:20:49.039 --> 00:20:51.000 And the book does a good job of explaining that 480 00:20:51.279 --> 00:20:51.680 it does. 481 00:20:51.759 --> 00:20:53.119 It's not just a list of rules. 482 00:20:53.240 --> 00:20:56.680 It's a guide to understanding those principles of security exactly. 483 00:20:56.799 --> 00:21:00.920 It's like learning the strategy behind the game, not justing moves. 484 00:21:01.240 --> 00:21:04.640 Okay, so let's get practical here, Bates. On all we've 485 00:21:04.640 --> 00:21:07.799 talked about, what's one thing our listener can do right 486 00:21:07.839 --> 00:21:09.279 now to improve their security? 487 00:21:09.920 --> 00:21:12.119 If I had to pick just one, I'd say review 488 00:21:12.119 --> 00:21:13.960 and update your SSH configuration. 489 00:21:14.759 --> 00:21:17.240 SSH. That's essential for remote. 490 00:21:16.880 --> 00:21:20.160 Access, it is, but it can also be a vulnerability 491 00:21:20.160 --> 00:21:21.319 if it's not set upright. 492 00:21:21.680 --> 00:21:22.960 So what should we be looking at? 493 00:21:23.200 --> 00:21:26.440 Make sure you're using strong passwords or even better switch 494 00:21:26.519 --> 00:21:27.599 to key based. 495 00:21:27.319 --> 00:21:30.119 Authentication, Okay, strong authentication, got it. 496 00:21:30.279 --> 00:21:32.240 And definitely disable that route log in. 497 00:21:32.480 --> 00:21:34.119 So it's like reinforcing the main gate to. 498 00:21:34.160 --> 00:21:36.599 Your castle, exactly. You want to make it as tough 499 00:21:36.640 --> 00:21:38.880 as possible for unauthorized access. 500 00:21:39.319 --> 00:21:42.599 Solid advice. As we wrap up this deep dive, any 501 00:21:42.680 --> 00:21:46.279 final thoughts for our listener something that maybe wasn't explicitly 502 00:21:46.279 --> 00:21:48.519 in the book, but came out of our discussion today. 503 00:21:49.400 --> 00:21:52.680 You know, the book really stresses the importance of continuous 504 00:21:52.759 --> 00:21:56.599 learning and vigilance. Right, security never sleeps, exactly, But I 505 00:21:56.680 --> 00:21:58.839 take it a step further and encourage our listener to 506 00:21:58.960 --> 00:22:01.680 get involved in the Linux security community. 507 00:22:01.799 --> 00:22:02.319 The community. 508 00:22:02.400 --> 00:22:06.160 Yeah, share your knowledge, report those vulnerabilities, help others learn 509 00:22:06.200 --> 00:22:07.400 from your experiences. 510 00:22:07.559 --> 00:22:11.680 That's a fantastic point. Security isn't just an individual. 511 00:22:11.200 --> 00:22:13.079 Thing, right, We're all in this together. 512 00:22:13.200 --> 00:22:14.559 It's a collective effort. 513 00:22:14.359 --> 00:22:17.079 Exactly, and we can make the digital world a safer 514 00:22:17.119 --> 00:22:18.519 place by working together. 515 00:22:18.759 --> 00:22:23.279 Absolutely. So, listener name that's your deep dive into the 516 00:22:23.279 --> 00:22:26.440 world of practical Linux security. Oh, we've covered a ton 517 00:22:26.519 --> 00:22:30.640 from the Practical Linux Security Cookbook, everything from passwords to 518 00:22:30.759 --> 00:22:33.079 kernel to all those advanced tools. 519 00:22:33.160 --> 00:22:35.480 We've just scratched the surface, but it's a good start. 520 00:22:35.680 --> 00:22:38.079 We hope you feel more informed and empowered to take 521 00:22:38.079 --> 00:22:41.200 control of your own security. This is just the beginning 522 00:22:41.240 --> 00:22:45.359 of your journey. Keep learning, stay curious, and never stop 523 00:22:45.400 --> 00:22:48.720 exploring this ever evolving world of security. Catch you on 524 00:22:48.759 --> 00:22:49.599 the next deep dive.