Hardening Linux by John Terpstra, Paul Love, Ronald P. Reck and Tim Scanlon

 in
A lot of good advice for novice administrators, plus a few tips and tricks for more advanced users.

Publisher: McGraw-Hill

ISBN: 0072254971

Price: $39.99

Hardening Linux sets out to show average users how to secure a Linux server or desktop in a step-by-step manner. From the outset the book assumes you have installed a Red Hat or SuSE Linux server product. Users of other flavors of Linux need not fret, though; they still can implement the security suggestions in the book.

The bulk of the book is spent describing how to implement preventive measures to avoid being attacked. The first step is to secure all networking before connecting to the Internet. The rest of the book goes about installing and configuring firewalls, logging and monitoring tools, encrypted filesystems and so on. The information presented is well detailed, and screenshots are provided when needed.

In a number of instances, however, the authors don't seem to respect the reader's intelligence; as a result, the information sometimes seems a little too dumbed down. I suppose more information is better than less, though. Many example configurations are included, such as one for the iptables firewall. However, configuration files are not provided on-line or on a CD, which means readers have to type them in manually.

The book is littered with tips and tricks for discovering whether your system has been attacked and what to do if it has been. Thanks to the book, I now am able to understand better a lot of the log files on my server. I also implemented a much tighter firewall scheme. My configuration is trimmer now, because I have removed unnecessary services and software, as recommended in the book. Overall, I am much happier with the security of my server.

The material in Hardening Linux is tailored to a corporate environment, and two chapters are devoted to working with management to implement and enforce a security policy. Almost all chapters remind you of costs and real-world concerns.

Hardening Linux is a good, comprehensive book, but like a lot of technical books, it may suffer from a short shelf life because it focuses on two specific distributions, Red Hat Enterprise and SuSE. I would recommend this book to a novice administrator who would like to learn how to deal with the gamut of confusing and overwhelming security issues. However, an advanced administrator also would benefit by discovering new ways of securing Linux and making sure all bases are covered.

______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Hardening Grammer?

Peter H's picture

I bought this book thinking that it would be a good tool for mid-level administration of security. What I got was low to mid-level which I am not even complaining about. I found the subject matter and execution of the book to be fairly effective BUT what I am totally disappointed about is the fact that the editor (if you can even call him that) did one of the grossest editing jobs on a professional release I have ever come across. I have seen traslated texts done better. There are four grammatical errors on the first page of the foreward alone! Please keep in mind that I am not simply talking about a missed comma and such. I am referring to errors that litterally make the reading of the text difficult from time to time. I haven't yet had a chance to implement any of the code in the book but I sure hope that whomever edited the text of the book didn't edit the code or everything will have an exit code above 3! Maybe I am being overly critical but I seriously doubt it. Are the days of one expecting to get a professional book release with proper grammer in it gone? I sure hope that our standards haven't sunk to that level.../peter

News flash

Anonymous's picture

The word 'grammer' is actually spelled 'grammar'.

Hardening Linux - Kernel Suggestions

Scott Miller's picture

I disagree with the author's suggestion of a prebuilt kernel is more secure than compiling it yourself. I can see his point, but as an administrator, I want to know what is compiled in my kernel. By compiling your own kernel, then you know what you have and what you don't. Its very obvious that this book is for the extreme Linux novice, but it didn't merit a purchase for me. Much of the suggestions are obvious for the experienced.

prebuilt/custom kernels

Anonymous's picture

> I can see his point, but as an administrator, I want to know what is compiled in my kernel. By compiling your own kernel, then you know what you have and what you don't.

? How is this different than just examining the .config file (or doing make menuconfig) and seeing what's in that prebuilt kernel? How is one different than the other so far as knowing what's inside?

oh bless you great guru of co

Anonymous's picture

oh bless you great guru of computer wisdom

You guys are all retards.

Anonymous's picture

You guys are all retards. It's just a book. Get over it.

Webcast
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers

Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.

Learn More

Sponsored by AMD

White Paper
Red Hat White Paper: Using an Open Source Framework to Catch the Bad Guy

Built-in forensics, incident response, and security with Red Hat Enterprise Linux 6

Every security policy provides guidance and requirements for ensuring adequate protection of information and data, as well as high-level technical and administrative security requirements for a system in a given environment. Traditionally, providing security for a system focuses on the confidentiality of the information on it. However, protecting the data integrity and system and data availability is just as important. For example, when processing United States intelligence information, there are three attributes that require protection: confidentiality, integrity, and availability.

Learn more about catching the bad guy in this free white paper.

Learn More

Sponsored by DLT Solutions