Linux Security Cookbook

The Linux Security Cookbook is a good hands-on guide to the major aspects of securing your Linux box. This book offers many quick reference guides to pieces of software for securing or testing your system and goes through many different means of fortifying your box including:-controlling system access with firewalls-monitoring your network-using SSH and SSL-intrusion detection systems-authentication and cryptographic keys-encrypting files and email messages-system security probingThe recipes in this book allows administrators to learn quick and easy ways to secure their systems including over 150 ready-to-use scripts and configuration files without having to look up or research specific syntax.This book is definitely a quick hands-on guide to securing and monitoring your system and would recommend it to anyone looking for a good source of guides and ready-to-use scripts and configurations.

At fewer than 300 pages, the initial size of the Linux Security Cookbook may seem to be meager to cover such a broad subject. But what the book lacks in size, it makes up in content.While many security books may waste the reader's time by spending hundreds of pages on introductory subjects; chapter 1 of the Linux Security Cookbook goes straight into using and configuring Tripwire. The book then goes into fundamental topics such as firewalling with iptables/ipchains, authentication, access control, file control, email security and more.If you are interested in Linux security, this is a well-written and well-organized book, filled with valuable and timely information.

I read this book from cover to cover and consider it a great effort by the authors to cover many security issues related to not just Linux, but most *nix operating systems. Here's a chapter by chapter review of what I've observed in the book:Chapter 1 - System Snapshots with TripwireI liked the discussion of Tripwire and its configuration options. The sections on "Ultra-Paranoid Integrity Checking" were great! A decent introduction to Tripwire and some of its features.Chapter 2 - Firewalls with iptables and ipchainsThe difference between "Drop versus Reject" targets was good. So many books have info on iptables, but none discusses these issues. Also the point made about dropping ICMP messages was good. Quick to learn and implement recipes presented in this chapter.Chapter 3 - Restricting Access by Remote UsersRecipe 3.7 was very neat. Allowing users to access a service only by port-forwarding over ssh allows the administrator to restrict access by user names. A smart way of imposing restrictions!Also, in recipe 3.9, I liked the authors' approach to finding if xinetd is compiled with libwrap support.All recipes regarding tweaking xinetd were good. It isn't always possible to look at all the configurable options with xinetd, and the authors did a good job in mentioning a few useful options.Chapter 4 - Authentication Techniques and InfrastructuresQuick tips with PAM, openssl and kerberos. I couldnt get some of the recipes to work on my machine, but got most openssl stuff to work.Chapter 5 - Authorization ControlsI liked this chapter the best. The discussion on sudo was enlightening, and I was able to effectively tweak most recipes to my needs. The man page would never have provided me with such a good explanation. Thanks to the authors for this chapter.Chapter 6 - Protecting Outgoing Network ConnectionsTwo of these authors had written the snail book and I expected nothing less than a very useful recipe session on SSH. The most useful recipe here was setting up public key authentication between an openssh client and an ssh.com server and vice-versa. I had always wanted to do this but didnt have a clue until I read these recipes. All recipes have strong technical content and are well written. The recipe on running cron jobs with ssh wasamazing. The authors teach how to be creative, rather than merelyexplaining facts and methodologies.Chapter 7 - Protecting FilesI liked all recipes on GnuPG especially neat hacks like maintaining encrypted files with vim, encrypting backups etc..Chapter 8 - Protecting EmailI tried out a few recipes and got them to work with my configuration. Pretty impressive stuff! The difference between SSL and STARTTLS daemons was very well explained. I havent seen a consolidated discussion on this topic thus far and was really happy to see things explained clearly in just one sidebar. I couldn't get the imap/ssl recipe working for my settings, inspite of spending quite some time. Perhaps a few screen-shotsmade available via the webs

Enjoyable and useful. I didn't really expect to learn a whole lot from this, but surprisingly (and happily), I did. It's jam packed with practical advice, and avoids the too often seen slant of many security books that don't understand the concept of "good enough". These authors understand that no security is 100%, that you are always trading off convenience, cost, and other variables. Their suggestions and recipes carefully explain the risks and advantages involved with each, and often give alternatives for those with higher or lower security needs. This would be an excellent book for the new administrator to have right beside the keyboard, but it also will be useful for those with more experience. The recipes are concise, but complete: there is little wasted verbiage, yet you don't feel that anything important was left out. As I said, I learned a few things. For example, I had never really looked at xinetd, assuming that it was just a slightly polished up inetd with different configuration files. My failure to look below the surface (or even really read the man page) caused me to miss quite a bit, and this book was a wake-up for me on that. Recommended, worth the money.