LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 24th, 2014
Linux Security Week: October 20th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Review: Linux Security Cookbook Print E-mail
User Rating:      How can I rate this item?
Book Reviews There are rarely straightforward solutions to real world issues, especially in the field of security. The Linux Security Cookbook is an essential tool to help solve those real world problems. By covering situations that apply to everyone from the seasoned Systems Administrator to the security curious home user, the Linux Security Cookbook distinguishes itself as an indispensible reference for security oriented individuals.

Vitals:

TitleLinux Security Cookbook
Author(s)Daniel J. Barrett, Richard Silverman, Robert G. Byrnes
Pages311
ISBN0596003919
PublisherO'Reilly
Edition1st edition (June, 2003)
PurchaseO'Reilly

Audience:

Although Linux Security Cookbook is geared towards people who have a specific need for security, it covers all grounds. The spectrum of recipes th at are covered are useful to new System Administrators as well serving as a handy reference to those with more experience.

Summary:

The tendency of many readers is to skip the preface of a book. In the case of the Linux Security Cookbook, this would be a big mistake. Right from the beginning, the authors point out the fact that security is an ongoing learning process and that by no means is the Cookbook a be all, end all security solution. The idea of this book is to aid you in locking down your machines in an easy to understand manner that will hopefully lead to more stringent security policies.

The first few chapters focus on the most apparent levels of needed security, the network and the filesystem. It begins with Tripwire, and then moves into Samhein, rpm, and other forms of integrity checking. Recipes ranging from shell scripts to rsync are also offered if previous integrity checking suggestions are not eligilbe for implemention. The network recipes focus first on the firewall (iptables and ipchains), then on mandatory access control of services using (x)inetd and tcpwrappers, amongst other things.

The next chapter covered involves integrating various authentication techniques into applications to provide a secure means of authentication to the authentication modules and the password files from withing an application. This covers everything from enforcing strong passwords to kerberos realm authentication to protecting your website and email with openssl digital certificates.

Chapter 5 goes in depth into the ability to restrict or authorize one user to change to another either via SSH, sudo, ksu, or any number of other methods. Chapter 6 goes into more detail about managing user profiles to securely move between machines using SSH and the associated SSH Tools.

Chapters 7 and 8 talk about protecting files and email. This includes everything from permissions to crtyptography. The cryptography aspect of this chapter is especially interesting because of the amount of time dedicated to explaining GPG and its many uses, not only in the client capacity for email, but also in the server capacity for maintaing encrypted files. Chapter 8 also covers securing many of the major email clients.

Chapter 9 (pdf version available from link), is about testing and monitoring your system and your network. The authors briefly describes some tools to test and sniff your network. This includes everything from testing for accounts with no password to searching for strings within your network using ngrep. You learn to check for open ports, world-writable files, and rogue processes. This chapter even goes into detail about effective methods of logging all this information via syslog through perl, bash, or a number of other possible languages. The book finishes up by talking about how to recover from a hack and filing incident reports.

Opinions:

The Linux Security Cookbook has proved itself to be an indispensible reference for the standard security practices. Just as with any other problem that requires a solution in the open source community, there are usually multiple ways of solving it. With recipes covering a wide variety of tools, it is not difficult to find the solution with a tool that best suits you.

My favorite recipe comes from Chapter 7 and it has to do with creating encyrpted backups. Using that in combination with rsync, cron, and a perl script does exactly the job that I need a backup system to do.

I recommend that anyone who has the slighest interest or necessity for security get their hands on a copy of the Linux Security Cookbook. It will become an integral part of your security reference collection.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Pro-Privacy Senator Wyden on Fighting the NSA From Inside the System
NIST to hypervisor admins: secure your systems
Quick PHP patch beats slow research reveal
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.