Linux System Security: The Administrator's Guide to Open Source
Authors: Scott Mann and Ellen L. Mitchell
Publisher: Prentice Hall
Price: $48.99 US
Reviewer: Ibrahim F. Haddad
Linux System Security offers ways to protect Linux systems from break-in, as well as to detect evidence of attacks quickly. The book is intended to provide readers with skills, knowledge and tools that will allow them to prepare their systems for use in production environments. The methods discussed are from the perspective of restricting use to authorized access and making it as difficult as possible for crackers to gain access.
The book covers all aspects of Linux security and has plenty of practical tools and techniques for achieving it. The authors discuss common hacks and penetrations of Linux systems and show administrators how to protect themselves, set traps and trail hackers, using publicly available, open-source security tools. The tools are used to analyze, protect and monitor systems and networks.
In order to provide an accurate representation of the book's contents, the following is a summary of each of the 18 chapters in Linux System Security.
Chapter 1--The authors guide the reader through a system vulnerability survey and discuss security policies. Various types of vulnerabilities and attacks are outlined, which is handy for people with no previous exposure to these issues.
Chapter 2--A good overview of how to prepare a Security Policy and a useful framework for its implementation.
Chapter 3--Background information on BIOS passwords, LILO, startup scripts, TCP/IP networking and cryptography is offered. Concepts and utilities are presented that are referred to throughout the book.
Chapter 4--Necessary basic security issues related to user and group accounts management, using the root account, files and directories' permissions as well as file system restrictions are discussed.
Chapter 5--Thoroughly pluggable authentication modules are presented along with a practical and comprehensive overview of PAM, its configuration and administration.
Chapter 6--An in-depth discussion is offered of two different one-time password programs, S/Key and OPIE, and how they reduce considerably the risks associated with system access by utilizing a password only once.
Chapter 7--System and connection accounting are explained. It describes in detail the commands that allow information collected by the accounting system to be viewed.
Chapter 8--The syslog (system logging) utility is covered in great depth; syslog, its workings and the /etc/syslog.conf configuration file are all discussed. This chapter is the most informative piece on syslog I have ever seen.
Chapter 9--An explanation of how to obtain, install and configure the Superuser utility, it talks about sudo's options, features and vulnerabilities.
Chapter 10--The features, functionality and weaknesses of inetd, TCP_wrappers, the portmapper and xinetd are covered.
Chapter 11--Implementation and configuration of the secure shell, SSH, one of the most important utilities in the public domain, is explained. The authors describe how to build an encrypted tunnel between two or more hosts, protecting all aspects of the communication.
Chapter 12--Crack, a tool that attempts to guess passwords, receives an in-depth explanation of how to build, configure and use it. The authors did not fail to address the ethical issues surrounding such a tool.
Chapter 13--How to audit the system with Tiger, a set of scripts and programs that help identify system vulnerabilities is explained. The authors provide an overview of, how to obtain, install, configure and use it.
Chapter 14--An overview of Tripwire, which acts as a valuable alarm system. The authors describe how to get, install and configure it, as well as how to securely store its databases and configuration files. Any Tripwire user will find this chapter valuable for its explanations and information.
Chapter 15--Two publicly available tools to protect data through encryption are explored and compared. The Cryptographic and Transparent Cryptographic Filesystems (CFS and TCFS) that assist the system administrator secure data.
Chapter 16--The focus is on packet filtering with the ipchains utility, and how to configure this utility to limit connections through a Linux system connected to two different networks.
Chapter 17--Log file management as an essential part of system security and various log management tools, such as logrotate and swatch, are discussed.
Chapter 18--An overview of the book's topics is offered along with ways to simplify the process of implementing, configuring and utilizing Linux security features and various publicly available tools.
At the end of the book, there are two appendices. Appendix A provides a list of web sites, e-mail lists and news groups that offer additional information about securing computer systems. Appendix B provides a list of several other tools that were not covered in the book.
Linux Systems Security is an essential book for system administrators and security professionals. It covers topics related to Linux systems security with a focus on freely available tools. The book helps identify system vulnerabilities and offers plans for security administration. It highlights how to detect intrusions and how to secure file systems, e-mail, web servers and other key applications. The book also emphasizes administrative security duties with discussions of system accounts, logging, superuser safety and secure network services.
A nice feature of the book is that the authors approach the subject from a practical point of view by emphasizing the use of software and providing references at the end of each chapter for further investigation. Another characteristic is the use of many examples, charts, tables and graphs to illustrate complex processes and concepts.
If you depend on Linux to run mission-critical networks, and you want to protect your Linux system, the procedures outlined in this book will certainly reduce your system's level of vulnerability.
|Using Salt Stack and Vagrant for Drupal Development||May 20, 2013|
|Making Linux and Android Get Along (It's Not as Hard as It Sounds)||May 16, 2013|
|Drupal Is a Framework: Why Everyone Needs to Understand This||May 15, 2013|
|Home, My Backup Data Center||May 13, 2013|
|Non-Linux FOSS: Seashore||May 10, 2013|
|Trying to Tame the Tablet||May 08, 2013|
- RSS Feeds
- Making Linux and Android Get Along (It's Not as Hard as It Sounds)
- Using Salt Stack and Vagrant for Drupal Development
- New Products
- Validate an E-Mail Address with PHP, the Right Way
- Drupal Is a Framework: Why Everyone Needs to Understand This
- A Topic for Discussion - Open Source Feature-Richness?
- Download the Free Red Hat White Paper "Using an Open Source Framework to Catch the Bad Guy"
- Tech Tip: Really Simple HTTP Server with Python
- Home, My Backup Data Center
- Android is Linux -- why no better inter-operation
1 hour 58 min ago
- Connecting Android device to desktop Linux via USB
2 hours 26 min ago
- Find new cell phone and tablet pc
3 hours 24 min ago
4 hours 53 min ago
- Automatically updating Guest Additions
6 hours 2 min ago
- I like your topic on android
6 hours 48 min ago
- Reply to comment | Linux Journal
7 hours 9 min ago
- This is the easiest tutorial
13 hours 24 min ago
- Ahh, the Koolaid.
19 hours 2 min ago
- git-annex assistant
1 day 1 hour ago
Free Webinar: Hadoop
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers
Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.
Some of key questions to be discussed are:
- What is the “typical” Hadoop cluster and what should be installed on the different machine types?
- Why should you consider the typical workload patterns when making your hardware decisions?
- Are all microservers created equal for Hadoop deployments?
- How do I plan for expansion if I require more compute, memory, storage or networking?