Linux Security Cookbook
Publisher: O'Reilly Media
Final Release Date: June 2003
Pages: 336

Computer security is an ongoing process, a relentless contest between system administrators and intruders. A good administrator needs to stay one step ahead of any adversaries, which often involves a continuing process of education. If you're grounded in the basics of security, however, you won't necessarily want a complete treatise on the subject each time you pick up a book. Sometimes you want to get straight to the point. That's exactly what the new Linux Security Cookbook does. Rather than provide a total security solution for Linux computers, the authors present a series of easy-to-follow recipes--short, focused pieces of code that administrators can use to improve security and perform common tasks securely.The Linux Security Cookbook includes real solutions to a wide range of targeted problems, such as sending encrypted email within Emacs, restricting access to network services at particular times of day, firewalling a webserver, preventing IP spoofing, setting up key-based SSH authentication, and much more. With over 150 ready-to-use scripts and configuration files, this unique book helps administrators secure their systems without having to look up specific syntax. The book begins with recipes devised to establish a secure system, then moves on to secure day-to-day practices, and concludes with techniques to help your system stay secure.Some of the "recipes" you'll find in this book are:

  • Controlling access to your system from firewalls down to individual services, using iptables, ipchains, xinetd, inetd, and more
  • Monitoring your network with tcpdump, dsniff, netstat, and other tools
  • Protecting network connections with Secure Shell (SSH) and stunnel
  • Safeguarding email sessions with Secure Sockets Layer (SSL)
  • Encrypting files and email messages with GnuPG
  • Probing your own security with password crackers, nmap, and handy scripts
This cookbook's proven techniques are derived from hard-won experience. Whether you're responsible for security on a home Linux system or for a large corporation, or somewhere in between, you'll find valuable, to-the-point, practical recipes for dealing with everyday security issues. This book is a system saver.
Table of Contents
Product Details
About the Author
Colophon
Recommended for You
Customer Reviews

REVIEW SNAPSHOT®

by PowerReviews
oreillyLinux Security Cookbook
 
5.0

(based on 7 reviews)

Ratings Distribution

  • 5 Stars

     

    (7)

  • 4 Stars

     

    (0)

  • 3 Stars

     

    (0)

  • 2 Stars

     

    (0)

  • 1 Stars

     

    (0)

Reviewed by 7 customers

Sort by

Displaying reviews 1-7

Back to top

 
5.0

Best linux book for a sysadmin

By burpat

from Hønefoss, Norway

About Me Sys Admin

Pros

  • Accurate
  • Concise
  • Easy to understand
  • Helpful examples
  • Well-written

Cons

    Best Uses

    • Expert
    • Intermediate

    Comments about oreilly Linux Security Cookbook:

    Not just networking, the book is full of recipes and neat tricks that I use everyday. With examples for both debian based and redhat based distro, it's easy to relate to the examples.

    From Installation, service management, to stuff like Asterisk, the book is simply a must have for all linux sysadmins.

    (1 of 1 customers found this review helpful)

     
    5.0

    Book Review: Linux Security Cookbook

    By USA Linux Users Group

    from Undisclosed

    Comments about oreilly Linux Security Cookbook:

    USA Linux Users Group

    Book Review

    Reviewer: Germ

    Book: Linux Security Cookbook

    Authors: Daniel J. Barrett, Richard Silverman, Robert G. Byrnes

    Publisher: O'Reilly

    Pages: 311

    ISBN: 0-596-00391-9

    Edition: 1st Edition June, 2003

    Intended Audience: intermediate level user

    The Book: http://www.oreilly.com/catalog/linuxsckbk/index.html

    Sample Recipes:

    http://www.linuxdevcenter.com/pub/a/linux/excerpt/lsckbk_chap1/index1.html

    Security, one of the most important words in computing today. A standard install of a modern distro is relatively secure "out of the box". With all the bad guys out there, certain extra steps should be taken towards increasing the security of your Linux box. There is also a fine line between good enough, too strict, convenience, and other variables. The authors have taken all this into consideration. The situations encountered by the home desktop user all the way to the veteran System Admin are covered. Be sure to read the Preface to this book. It could be a real eye-opener.

    Linux Security Cookbook will not teach you everything you need to know about security. In the tradition of the cookbook format, the authors have provided concise, bloat free, and easy to understand recipes. The pros and cons of each recipe are carefully explained. With over 150 file configurations and scripts, there is something for everyone.

    In Chapter 1 the focus is on system security and Tripwire, one of the best known system integrity checkers. Tripwire takes a snapshot of you system files that can be compared to the current state of the system. You'll learn how to setup the policy and database, and how to keep Tripwire itself from being compromised.

    Chapters 2, 3, and 4 cover internet and network security from firewalls, to network authorisation, to user policies, authentication, and permissions. you will also learn how to protect your email and web site.

    Chapters 5 and 6 give a more indepth treatment of user permissions regarding sudo, file sharing, SSH, and associated tools.

    Chapters 7 and 8 should be given special consideration by home users. The main topics coverd in the two chapters are email and file security. You will learn about setting the correct permissions and encrypting files and email using GPG. There are also some great recipes for securing several different email clients.

    Chapter 9 should be paid careful attention by every user. Now that you have secured your Linux box and network, you should regularly monitor and test it. Tools and techniques in the following areas are covered: logins and passwords, filesystems, networking, and logging. This chapter finishes with information on recovering a hacked system and filing a incident report with the appropriate authorities. Chapter 9 can be downloaded as a PDF file: http://www.oreilly.com/catalog/linuxsckbk/chapter/ch09.pdf The authors have done a great job providing security recipes covering a wide range of tools and techniques. In today's computing environment securing your system and network is a must. The Linux Security Cookbook is highly recommended and once you obtain a copy it will become your standard reference for security matters.

    Many thanks to O'Reilly for providing a copy of Linux Security Cookbook to USALUG's Book Review Group.

    Originally Posted: http://usalug.org/phpBB2/viewtopic.php?t=5281

    (1 of 1 customers found this review helpful)

     
    5.0

    Pensacola LUG review book

    By Lloyd R.

    from Undisclosed

    Comments about oreilly Linux Security Cookbook:

    The Linux Security Cookbook is a good hands-on guide to the major aspects of securing your Linux box. This book offers many quick reference guides to pieces of software for securing or testing your system and goes through many different means of fortifying your box including:

    -controlling system access with firewalls

    -monitoring your network

    -using SSH and SSL

    -intrusion detection systems

    -authentication and cryptographic keys

    -encrypting files and email messages

    -system security probing

    The recipes in this book allows administrators to learn quick and easy ways to secure their systems including over 150 ready-to-use scripts and configuration files without having to look up or research specific syntax.

    This book is definitely a quick hands-on guide to securing and monitoring your system and would recommend it to anyone looking for a good source of guides and ready-to-use scripts and configurations.

     
    5.0

    Linux Security Cookbook Review

    By James Ko

    from Undisclosed

    Comments about oreilly Linux Security Cookbook:

    Linux Security Cookbook has so much to offer: from setting up Tripwire to simple authentication, to setting up Linux firewall such as the popular ipchain or iptable, to using IDS snort for monitoring, this book has plenty of examples. In addition to the tips on how to encrypt files with GuPgP, it also shows our readers how to set up openSSH for remote access, as well as how to make email secure with IMAP/POP with SSL.

    Not only does this book provide readers with an overview of what Linux security has to offer, it also provides readers with a very practical hands-on implementation. I also liked about this book is that the authors will tell you about which packages come with SuSE Linux but not with Red Hat Linux, as an example. This helps the reader a lot when you need to decide what features to implement, or settle on what Linux distributions to use.

    Job well done!

    James Ko

    OAM & Security, Data Network Engineering

     
    5.0

    Linux Security Cookbook Review

    By Robert Kruit

    from Undisclosed

    Comments about oreilly Linux Security Cookbook:

    Very easy to read and follow. Great book.

     
    5.0

    Linux Security Cookbook Review

    By Ravi

    from Undisclosed

    Comments about oreilly Linux Security Cookbook:

    Linux Security Cookbook is a very useful book for quick reference. It covers a wide range of security topics and issues related to not just Linux but most Unices. The recipes provided here are well written and ready to use. I have found many tips related to sudo, SSH, xinetd, encryption and network security extremely useful. Some of the recipes show the true hacker spirit in the authors - they teach how to be creative, rather than merely explaining facts and methodologies. Full credit to the authors for bringing out such a comprehensive book on Linux Security.

     
    5.0

    Linux Security Cookbook Review

    By Charles McColm

    from Undisclosed

    Comments about oreilly Linux Security Cookbook:

    As the title suggests, LSC is a series of different Linux security "recipes." I found the cookbook-style of presentation both good and bad. Some recipes were a breeze to follow (such as the gpg recipes). Other recipes were a bit more challenging in part because of my lack of experience and because they are designed to be implemented on systems larger than my 2 node network.

    As a "desktop" Linux user who only administers a desktop machine and notebook the chapters I found most useful were those on intrusion detection systems (Chapter 1) and GPG (Chapters 7 & 8). That said, LSC contains dozens of useful recipes for administrators from PAM authentication to monitoring who is doing what on your system. Some of the programs covered are programs I've never heard of before, John the Ripper for example. Other recipes cover those programs I know I should check out, like Snort, but have never taken the time to. LSC isn't distribution-specific but contains some useful hints for particular distributions.

    LSC is easy to follow. The authors have been very careful to mention when software may or may not be included in a distribution and how to find and install it. I got tripped up a little in the first chapter (which covers tripwire), because I tried downloading and compiling the tripwire source found at the tripwire web site. I obtained the source from a couple of recommended sites. In one instance tripwire failed to compile correctly, in another it compiled but kept segfaulting when I tried to initialize the database. It wasn't until after I emailed O'Reilly that I saw mention further in Chapter 1 that tripwire is included with Red Hat Linux. One of the authors, Daniel J. Barrett, also emailed me to tell me that it was on the third CD – doh! The upside of this little tale is that I got to know aide (another intrusion detection system) a little better after I installed it on my Debian-based notebook.

    LSC is certainly money well spent. I now use gpg and check my systems for intrusions on a regular basis. I've also finally found a spring board for learning more about Linux security. Reading O'Reilly's LSC made it easier to follow the ipchains-HOWTO and learn more about Linux security from other sources. If you're new to Linux security LSC is a great springboard for learning about a wide range of Linux security issues.

    I've saved what is actually covered in LSC for the end of this review. My intention in this review has been mainly to present my experience with LSC so that other Linux users who are also still desktop users, or have never really been concerned with Linux security issues can take away the fact that despite a few sticking points I found this book to be a great source for information on different Linux security issues. For those concerned with the meat of the book, here's how it breaks down:

    1. System Snapshots with Tripwire

    2. Firewalls with iptables and ipchains

    3. Network Access Control (xinetd, inetd, preventing DOS attacks)

    4. Authentication Techniques and Infrastructures (PAM, SSL, Kerberos)

    5. Authorization Controls (su and sudo)

    6. Protecting Outgoing Network Connections (OpenSSH)

    7. Protecting Files (permissions, GPG)

    8. Protecting Email (all popular mail user agents, SSL and SSH)

    9. Testing and Monitoring (Jack the Ripper, Cracklib, Snort, tcpdump, syslog)

    You really need to have a good look at the table of contents to get an idea of all this book covers. I have written about it from a desktop-user standpoint, but there are so many recipes that I couldn't cover everything. There are many great code snippets that more advanced users would find useful.

    If you don't have an intrusion detection system, need to grant some of your users limited root privileges, have been using the default firewall rules (or don't have a clue about iptables/ipchains), haven't checked your system for root kits or insecure protocols, then the Linux Security Cookbook should be at the top of your reading list.

    Displaying reviews 1-7

    Back to top

     
    Buy 2 Get 1 Free Free Shipping Guarantee
    Buying Options
    Immediate Access - Go Digital what's this?
    Ebook: $31.99
    Formats:  DAISY, ePub, Mobi, PDF
    Print & Ebook: $43.99
    Print: $39.99