Title: Linux Server Security, 2nd Edition
Title: Hardening Linux
Title: Hardening Apache
I recently picked up three security-related titles that I thought were
worth reviewing: Linux Server Security, 2nd
Edition, by Michael D. Bauer; Hardening
Linux, by James Turnball; and Hardening Apache,
by Tony Mobily. O'Reilly and Apress books feel different from each other. I
like both publishers' products, but it's worth trying different flavors to
see which appeals to you more than the other on any given topic.
O'Reilly books are a bit prettier that Apress's. The font is lighter, tables use
lighter rules and greying to offset table headers and notes are marked
with icons. None of this affects the substance, but it feels more
polished--like attending a class.
Apress books, on the other hand, are less formal. The font is a bit
heavier, and the typography makes everything look more solid. When I'm reading
an Apress book, I feel closer to the author, almost like I'm on Usenet or trading
e-mail with an expert.
Linux Server Security has 13 chapters, totaling 487 pages. It's
written for a Linux administrator who has some security experience. I love
the first chapter, "Threat Modeling and Risk Management", because it does a
great job of talking about why everything else in the book is important
and teaches you how to think about it all together. Another good chapter
is "Simple Intrusion Detection Techniques" (Chapter 13), which talks about
both host-based and network-based intrusion detection.
After chapters covering general topics such as perimeter networks,
system hardening and remote administration, Bauer goes on to cover six
different kinds of bastion servers. Name servers, LDAP, databases,
e-mail, Web servers and file services each gets its own chapter. The
book then book returns to general topics, such as hitting logging and the
aforementioned intrusion detection.
I think Linux Server Security is a great value for
the price. It ought to be on your bookshelf if you've been tasked with
improving the security of your Linux host(s).
Hardening Linux is 11 chapters long and has 510
pages, discounting index and appendices. It's geared toward a Linux
professional who has a little security experience. Two features of this
book that I really like are Chapter six, "Using Tools for Security
Testing", and Appendix C, "Checkpoints", which gives a chapter-by-chapter
punch-list of practices from the book.
The first six chapters cover security in general and are followed by
five chapters covering three specific services: email, which gets three
chapters; FTP; and DNS. Reading the three chapters on e-mail is time well spent. The first
covers your MTA and looks at relaying as well as anti-spam and anti-virus tools.
The second chapter looks at mail as an application, covering authentication and
encryption. The third talks about providing remote access to e-mail by
way of POP, IMAP and fetchmail.
Hardening Linux provides a lot of value for the
price, particularly if you're just getting started with security. I
think it's a close second to Bauer's book.
Hardening Apache is the smallest and most focused
of the three titles discussed here. It weighs in at 236 pages, without
appendices and index, and seven chapters. Hardening
Apache also seemed the most compelling of the three books. I
really liked Appendix C, "Chapter Checkpoints", and Chapter 7,
Hardening Apache covers the installation and
configuration of Apache, common vulnerabilities, logging, cross site
scripting (XSS), several security modules, chrooting and the
automation tools I mentioned before. It does not provide any coverage of
CGI-related security issues--outside of the XSS chapter--however, which
is a bit of a weakness.
Overall, I liked Mobily's book. As an administrator, I think it's worth
owning. If you're a Web developer, though, you might want to look for a
book more attuned to your specific needs.
- Nmap—Not Just for Evil!
- Resurrecting the Armadillo
- High-Availability Storage with HA-LVM
- March 2015 Issue of Linux Journal: System Administration
- Real-Time Rogue Wireless Access Point Detection with the Raspberry Pi
- DNSMasq, the Pint-Sized Super Dæmon!
- Localhost DNS Cache
- Days Between Dates: the Counting
- The Usability of GNOME
- Linux for Astronomers