12. Security Sources

12.1. LinuxSecurity.com References

The LinuxSecurity.com web site has numerous Linux and open source security references written by the LinuxSecurity staff and people collectively around the world.

• Linux Advisory Watch -- A comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability.

• Linux Security Week -- The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.

• Linux Security Discussion List -- This mailing list is for general security-related questions and comments.

• Linux Security Newsletters -- Subscription information for all newsletters.

• comp.os.linux.security FAQ -- Frequently Asked Questions with answers for the comp.os.linux.security newsgroup.

• Linux Security Documentation -- A great starting point for information pertaining to Linux and Open Source security.

12.2. Web Sites

• The COAST archive has a large number of Unix security programs and information: COAST

• CERT, the Computer Emergency Response Team, puts out advisories on common attacks on Unix platforms: CERT home

• Dan Farmer is the author of SATAN and many other security tools. His home site has some interesting security survey information, as well as security tools: http://www.trouble.org

• CIAC sends out periodic security bulletins on common exploits: http://ciac.llnl.gov/cgi-bin/index/bulletins

• A good starting point for Linux Pluggable Authentication modules can be found at http://www.kernel.org/pub/linux/libs/pam/.

• The Debian project has a web page for their security fixes and information. It is at http://www.debian.com/security/.

• WWW Security FAQ, written by Lincoln Stein, is a great web security reference. Find it at http://www.w3.org/Security/Faq/www-security-faq.html