Hardening Linux by John Terpstra, Paul Love, Ronald P. Reck and Tim Scanlon
February 14th, 2005 by Tarun Agnani in
Hardening Linux sets out to show average users how to secure a Linux server or desktop in a step-by-step manner. From the outset the book assumes you have installed a Red Hat or SuSE Linux server product. Users of other flavors of Linux need not fret, though; they still can implement the security suggestions in the book.
The bulk of the book is spent describing how to implement preventive measures to avoid being attacked. The first step is to secure all networking before connecting to the Internet. The rest of the book goes about installing and configuring firewalls, logging and monitoring tools, encrypted filesystems and so on. The information presented is well detailed, and screenshots are provided when needed.
In a number of instances, however, the authors don't seem to respect the reader's intelligence; as a result, the information sometimes seems a little too dumbed down. I suppose more information is better than less, though. Many example configurations are included, such as one for the iptables firewall. However, configuration files are not provided on-line or on a CD, which means readers have to type them in manually.
The book is littered with tips and tricks for discovering whether your system has been attacked and what to do if it has been. Thanks to the book, I now am able to understand better a lot of the log files on my server. I also implemented a much tighter firewall scheme. My configuration is trimmer now, because I have removed unnecessary services and software, as recommended in the book. Overall, I am much happier with the security of my server.
The material in Hardening Linux is tailored to a corporate environment, and two chapters are devoted to working with management to implement and enforce a security policy. Almost all chapters remind you of costs and real-world concerns.
Hardening Linux is a good, comprehensive book, but like a lot of technical books, it may suffer from a short shelf life because it focuses on two specific distributions, Red Hat Enterprise and SuSE. I would recommend this book to a novice administrator who would like to learn how to deal with the gamut of confusing and overwhelming security issues. However, an advanced administrator also would benefit by discovering new ways of securing Linux and making sure all bases are covered.
Special Magazine Offer -- Free Gift with Subscription
Receive a free digital copy of Linux Journal's System Administration Special Edition as well as instant online access to current and past issues. CLICK HERE for offer
Linux Journal: delivering readers the advice and inspiration they need to get the most out of their Linux systems since 1994.
Delicious
Digg
StumbleUpon
Reddit
Facebook
Post to TwitterSubscribe now!
The Latest
Newsletter
Tech Tip Videos
Recently Popular
From the Magazine
December 2009, #188
If last month's Infrastrucuture issue was too "big" for you then try on this month's Embedded issue. Find out how to use Player for programming mobile robots, build a humidity controller for your root cellar, find out how to reduce the boot time of your embedded system, and if you're new to embedded systems find out the basics that go into one. You can also read about the Beagle Board, the Mesh Potato and a spate of other interestingly named items. And along with our regular columns don't miss our new monthly column: Economy Size Geek.
Hardening Grammer?
On March 12th, 2005 Peter H (not verified) says:
I bought this book thinking that it would be a good tool for mid-level administration of security. What I got was low to mid-level which I am not even complaining about. I found the subject matter and execution of the book to be fairly effective BUT what I am totally disappointed about is the fact that the editor (if you can even call him that) did one of the grossest editing jobs on a professional release I have ever come across. I have seen traslated texts done better. There are four grammatical errors on the first page of the foreward alone! Please keep in mind that I am not simply talking about a missed comma and such. I am referring to errors that litterally make the reading of the text difficult from time to time. I haven't yet had a chance to implement any of the code in the book but I sure hope that whomever edited the text of the book didn't edit the code or everything will have an exit code above 3! Maybe I am being overly critical but I seriously doubt it. Are the days of one expecting to get a professional book release with proper grammer in it gone? I sure hope that our standards haven't sunk to that level.../peter
News flash
On April 2nd, 2005 Anonymous (not verified) says:
The word 'grammer' is actually spelled 'grammar'.
Hardening Linux - Kernel Suggestions
On February 16th, 2005 Scott Miller (not verified) says:
I disagree with the author's suggestion of a prebuilt kernel is more secure than compiling it yourself. I can see his point, but as an administrator, I want to know what is compiled in my kernel. By compiling your own kernel, then you know what you have and what you don't. Its very obvious that this book is for the extreme Linux novice, but it didn't merit a purchase for me. Much of the suggestions are obvious for the experienced.
prebuilt/custom kernels
On February 17th, 2005 Anonymous (not verified) says:
> I can see his point, but as an administrator, I want to know what is compiled in my kernel. By compiling your own kernel, then you know what you have and what you don't.
? How is this different than just examining the .config file (or doing make menuconfig) and seeing what's in that prebuilt kernel? How is one different than the other so far as knowing what's inside?
oh bless you great guru of co
On February 17th, 2005 Anonymous (not verified) says:
oh bless you great guru of computer wisdom
You guys are all retards.
On November 9th, 2007 Anonymous (not verified) says:
You guys are all retards. It's just a book. Get over it.
Post new comment