Title: Linux Server Security, 2nd Edition
Title: Hardening Linux
Title: Hardening Apache
I recently picked up three security-related titles that I thought were
worth reviewing: Linux Server Security, 2nd
Edition, by Michael D. Bauer; Hardening
Linux, by James Turnball; and Hardening Apache,
by Tony Mobily. O'Reilly and Apress books feel different from each other. I
like both publishers' products, but it's worth trying different flavors to
see which appeals to you more than the other on any given topic.
O'Reilly books are a bit prettier that Apress's. The font is lighter, tables use
lighter rules and greying to offset table headers and notes are marked
with icons. None of this affects the substance, but it feels more
polished--like attending a class.
Apress books, on the other hand, are less formal. The font is a bit
heavier, and the typography makes everything look more solid. When I'm reading
an Apress book, I feel closer to the author, almost like I'm on Usenet or trading
e-mail with an expert.
Linux Server Security has 13 chapters, totaling 487 pages. It's
written for a Linux administrator who has some security experience. I love
the first chapter, "Threat Modeling and Risk Management", because it does a
great job of talking about why everything else in the book is important
and teaches you how to think about it all together. Another good chapter
is "Simple Intrusion Detection Techniques" (Chapter 13), which talks about
both host-based and network-based intrusion detection.
After chapters covering general topics such as perimeter networks,
system hardening and remote administration, Bauer goes on to cover six
different kinds of bastion servers. Name servers, LDAP, databases,
e-mail, Web servers and file services each gets its own chapter. The
book then book returns to general topics, such as hitting logging and the
aforementioned intrusion detection.
I think Linux Server Security is a great value for
the price. It ought to be on your bookshelf if you've been tasked with
improving the security of your Linux host(s).
Hardening Linux is 11 chapters long and has 510
pages, discounting index and appendices. It's geared toward a Linux
professional who has a little security experience. Two features of this
book that I really like are Chapter six, "Using Tools for Security
Testing", and Appendix C, "Checkpoints", which gives a chapter-by-chapter
punch-list of practices from the book.
The first six chapters cover security in general and are followed by
five chapters covering three specific services: email, which gets three
chapters; FTP; and DNS. Reading the three chapters on e-mail is time well spent. The first
covers your MTA and looks at relaying as well as anti-spam and anti-virus tools.
The second chapter looks at mail as an application, covering authentication and
encryption. The third talks about providing remote access to e-mail by
way of POP, IMAP and fetchmail.
Hardening Linux provides a lot of value for the
price, particularly if you're just getting started with security. I
think it's a close second to Bauer's book.
Hardening Apache is the smallest and most focused
of the three titles discussed here. It weighs in at 236 pages, without
appendices and index, and seven chapters. Hardening
Apache also seemed the most compelling of the three books. I
really liked Appendix C, "Chapter Checkpoints", and Chapter 7,
Hardening Apache covers the installation and
configuration of Apache, common vulnerabilities, logging, cross site
scripting (XSS), several security modules, chrooting and the
automation tools I mentioned before. It does not provide any coverage of
CGI-related security issues--outside of the XSS chapter--however, which
is a bit of a weakness.
Overall, I liked Mobily's book. As an administrator, I think it's worth
owning. If you're a Web developer, though, you might want to look for a
book more attuned to your specific needs.
Practical Task Scheduling Deployment
One of the best things about the UNIX environment (aside from being stable and efficient) is the vast array of software tools available to help you do your job. Traditionally, a UNIX tool does only one thing, but does that one thing very well. For example, grep is very easy to use and can search vast amounts of data quickly. The find tool can find a particular file or files based on all kinds of criteria. It's pretty easy to string these tools together to build even more powerful tools, such as a tool that finds all of the .log files in the /home directory and searches each one for a particular entry. This erector-set mentality allows UNIX system administrators to seem to always have the right tool for the job.
Cron traditionally has been considered another such a tool for job scheduling, but is it enough? This webinar considers that very question. The first part builds on a previous Geek Guide, Beyond Cron, and briefly describes how to know when it might be time to consider upgrading your job scheduling infrastructure. The second part presents an actual planning and implementation framework.
Join Linux Journal's Mike Diehl and Pat Cameron of Help Systems.
Free to Linux Journal readers.View Now!
|The Firebird Project's Firebird Relational Database||Jul 29, 2016|
|Stunnel Security for Oracle||Jul 28, 2016|
|SUSE LLC's SUSE Manager||Jul 21, 2016|
|My +1 Sword of Productivity||Jul 20, 2016|
|Non-Linux FOSS: Caffeine!||Jul 19, 2016|
|Murat Yener and Onur Dundar's Expert Android Studio (Wrox)||Jul 18, 2016|
- Stunnel Security for Oracle
- The Firebird Project's Firebird Relational Database
- Murat Yener and Onur Dundar's Expert Android Studio (Wrox)
- SUSE LLC's SUSE Manager
- Managing Linux Using Puppet
- My +1 Sword of Productivity
- Non-Linux FOSS: Caffeine!
- Google's SwiftShader Released
- SuperTuxKart 0.9.2 Released
- Doing for User Space What We Did for Kernel Space
With all the industry talk about the benefits of Linux on Power and all the performance advantages offered by its open architecture, you may be considering a move in that direction. If you are thinking about analytics, big data and cloud computing, you would be right to evaluate Power. The idea of using commodity x86 hardware and replacing it every three years is an outdated cost model. It doesn’t consider the total cost of ownership, and it doesn’t consider the advantage of real processing power, high-availability and multithreading like a demon.
This ebook takes a look at some of the practical applications of the Linux on Power platform and ways you might bring all the performance power of this open architecture to bear for your organization. There are no smoke and mirrors here—just hard, cold, empirical evidence provided by independent sources. I also consider some innovative ways Linux on Power will be used in the future.Get the Guide