| | |  | Computer Security | Home » » Hardening Linux | | | | | | | Description: | | “Hardening” is the process of protecting a system and its applications against unknown threats. Hardening Linux identifies many of the risks of running Linux hosts and applications and provides practical examples and methods to minimize those risks. The book is written for Linux/UNIX administrators who do not necessarily have in-depth knowledge of security but need to know how to secure their networks. | | | Product Details: | | | Author:
| James Turnbull | | Paperback:
| 584 pages | | Publisher:
| Apress | | Publication Date:
| February 01, 2005 | | Language:
| English | | ISBN:
| 1590594444 | | Product Length:
| 8.78 inches | | Product Width:
| 8.12 inches | | Product Height:
| 1.29 inches | | Product Weight:
| 2.23 pounds | | Package Length:
| 9.13 inches | | Package Width:
| 6.93 inches | | Package Height:
| 1.26 inches | | Package Weight:
| 2.78 pounds | | Average Customer Rating:
|  based on 8 reviews |
| | | | Customer Reviews: | |
Average Customer Review:
 ( 8 customer reviews )
Write an online review and share your thoughts with other customers.
Most Helpful Customer Reviews
29 of 31 found the following review helpful:
 Much more than I expectedMar 02, 2005
By Anthony Lawrence
"Unix, Linux and Mac OS X"
I thought this might just be a book on iptables and other firewalls, but it's much more. In 400 pages, this covers everything from initial installation right through what to do if you did get breached. It covers email security, ftp,
dns and bind, ssh, file systems, pam authentication, firewalls, penetration testing and more.
The really impressive thing is that everything is covered well - obviously some of these subjects could be hundreds of pages by themselves, but the author manages to succintly present the important concepts.
I'd certainly recommend this to anyone running a Linux box.
26 of 28 found the following review helpful:
 Excellent. Couldn't ask for more.Aug 13, 2005
By Lasse Koskela
I haven't run a Linux box since 2002. Some time ago, realizing that I'd soon have a chance to migrate to using Linux for everyday work, I decided I should start refreshing my *NIX commands and shell scripting. Then, I saw "Hardening Linux". Rather spontaneously, I decided to start with this security-focused title instead of the perhaps more intuitive path of installing the latest distro, setting up a bunch of daemons, installing databases, etc. That proved to be an excellent decision. "Hardening Linux" is not a small book. Yet, I read the 500 pages more or less cover to cover. Even though we're talking about a book of which purpose is to help you to secure your Linux server, I felt like I learned more about Linux reading this book than I've learned during the last year at work.
Turnbull kick starts the book by explaining user and group management, basics of the Linux file system security, how to verify downloaded packages, which tools and packages you probably should remove from a production server. By page 50, he had also shown how to compile your kernel with security flags and the Openwall project.
After the rather intense first chapter, the rest of the book's chapters each focus on a certain aspect of a system or a specific product, showing how to secure your system from that particular perspective. Most of these chapters are really top-notch compared to most of the online material I've resorted to in the past. For example, Turnbull presents the most intuitive tutorial on configuring the iptables firewall I've seen so far.
Another excellent description is the chapter on file system security. In my experience, the majority of developers dealing with Linux -- myself included -- don't really know much about Linux file system security beyond the basic file permission attributes. Thanks to chapter 4, I know twice as much about what's possible and what to look out for with regards to file permissions and ownership, and all those mysterious "special" characters that don't have to do with the basic read-write-execute stuff.
The author also covers the topics of syslog (and syslog-ng), secure remote connections (including SSL/TLS and SSH among other things), and gives a broad overview of common security analysis tools such as NMAP, Nessus, Ethereal, and tcpdump. Beyond those I already mentioned, Turnbull has written excellent chapters explaining how to secure your email servers (both sendmail and postfix), putting your FTP server into a chroot jail, and how to set up your DNS server and protect yourself from common attacks such as cache poisoning.
All in all, an excellent book on not just Linux security but also on Linux fundamentals. Highly recommended reading if you're running a Linux box you wouldn't want getting "0wn3d."
10 of 11 found the following review helpful:
Great topicsMay 03, 2006
By Michael Stahnke
After reading this book, I think it is going to be the mandatory companion I hand out to new Linux administrators, along with Essential System Administration. The first 6 chapters are exceptional. I can't say enough good things about them. The coverage of PAM is better than anything I have seen. The coverage of authentication, groups, users and best practices surrounding them was very good as well. The logging chapter alone is probably worth the purchase of the book.
After the first section, the book covers more specific topics that are of less interest to me. I realize that a lot of people use email, of all kinds. Chapter 7, 8 and 9 cover email, and I just wasn't that excited about it.
Chapter 10 covered securing FTP, which is nice, and 11 covers Bind. I guess I wonder why some of the topics were chosen. There are whole books on email and bind, available, but there isn't always good material for some other services, like CUPS, maybe some web-based administration tools, or SELinux. The coverage of topics that made the table of contents are very good.
I would say if you are new to Linux Security, or a seasoned player looking for just another reference, this book is great.
14 of 18 found the following review helpful:
 antispam descriptions are outdatedMar 02, 2005
By W Boudville
With the onslaught of malware in all its deviant forms, securing your linux machine should be a high priority. Linux now has a plethora of tools and procedures to aid in this. But where can you start? Perhaps here. Turnbull tries to help you make sense of what you can do, where hopefully you already have some linux sysadmin experience.
He goes into considerable detail about many potential weaknesses. Consider, for example, having compilers on your machine. These are usually installed by default and available to any user. But if your users never compile, then it's worth removing the compilers, or restricting their usage to you alone. This is one of the crucial preventive steps recommended in the book.
There are others. Though his description of immutable files is a trifle overstated. They "cannot be written to by any user, even by the root user, regardless of their file permissions". Immediately contradicted by the book showing how to change this attribute on a file. Thence, you as root can certainly alter or even delete it.
The discussion of antispam methods is outdated. The descriptions of some do not go into their limitations. Like for Postfix, it is possible to check the Subject line of an email against a list of regular expressions, and reject any matches. This is a first generation antispam method, circa 1998. It has proved virtually useless against spammers. The problem is that a spammer can craft a Subject line so that the recipient (who is wetware) can recognise the meaning, while making it very hard for software, which has rigid rules, to detect it.
There are two problems with the book mentioning the regexp filter. Firstly, you can waste a lot of your time, writing those regexps to try to detect as much spam as possible. Plus the time to maintain and adding more such rules, when your first tries prove inadequate. Secondly, there is the run time cost. The clock cycles spent on applying this filter are largely wasted. If you get a lot of messages, this can affect the performance of your mail server. Remember that the more rules you have, the longer it takes, because you usually have to apply all of them to each message's header.
The book would better serve you if it explained that Postfix could have the above filter, but why you should refrain from doing so. A more perceptive analysis.
Also, blacklists are discussed as another antispam method, for both sendmail and Postfix. But the application of the blacklists is limited and outdated. More powerful usages of blacklists now exist. And there is no description of using milter filters with sendmail, to fight spam. This has been a recent important enhancement of sendmail.
7 of 9 found the following review helpful:
The basics that Linux users must understandApr 30, 2005
By Harold McFarland
The book starts with the basics of hardening a Linux system to prevent purposeful attack as well as the inadvertently harm some users may cause. This basic section includes booting securely, securing virtual consoles, passwords, groups, users, authentication modules, package management, hardening your kernel, and removing development tools that are not needed.
Of course no book on hardening a system would be complete without discussing how to build an effective firewall. The section on firewalling is excellent and strikes a solid balance between a technical presentation and a user level presentation.
Other important areas include securing connections, secure remote administration, public-key encryption, securing files and file systems, mounting drives securely, securing removable drives, encrypting the file system, and file integrity using tripwire.
Of course setting all of that security up helps a lot but you still need to test the system to see that it works the way you want it to. The author examines several security testing tools to scan your system for root kits and weak passwords as well as using packet sniffers, the Snort intrusion detection system, and other tools.
The book assumes some very basic familiarity with Linux including a file editor, the grep utility, file permissions and ownership, user administration, package management, the purpose and layout of init and init scripts, the basics of networking (TCP/IP, subnetting, etc.), and mounting and unmounting a partition. Hardening Linux is a highly recommended book and provides a better overall view of Linux security than most similar choices.
See all 8 customer reviews on Amazon.com
| | |
|
