Hardening Linux [Paperback]

James Turnbull (Author)

Book Description

Publication Date: February 1, 2005

"Hardening" is the process of protecting a system and its applications against unknown threats. And Hardening Linux will explain the main steps that any Network or Systems Administrator needs to take, to protect his computers that run on Linux. This book discusses security of mail servers, web servers, and file servers, as well as hardening IP tables and remote access functionality.

Written in a similar manner to Hardening Windows and Hardening Apache, complete with checklists and reference-style chapters, Hardeing Linux shows Apress’ commitment to publishing books that appeal to the security professional.

Editorial Reviews

From the Publisher

"Hardening" is the process of protecting a system and its applications against unknown threats. Hardening Linux identifies many of the risks of running Linux hosts and applications and provides practical examples and methods to minimize those risks.

About the Author

Mark Chandler is UNIX Technical Architect for the KAZ Group Limited in Australia. He is an authority on Wide Area Networks, Local Area Networks, and Storage Area Networks. He has extensive experience with Linux, UNIX, Windows, AS/400, AIX, HP-UX and DEC.

James Turnbull is Chief Technology Officer for The George Institute in Australia. He is an expert on IT infrastructure design, Linux, UNIX, Windows, IBM mainframes, network storage, support services design, and business application support.

Product Details

• Paperback: 584 pages
• Publisher: Apress; 1 edition (February 1, 2005)
• Language: English
• ISBN-10: 1590594444
• ISBN-13: 978-1590594445
• Product Dimensions: 9.1 x 6.9 x 1.3 inches
• Shipping Weight: 2.8 pounds (View shipping rates and policies)
• Average Customer Review: 4.4 out of 5 stars  See all reviews (8 customer reviews)
• Amazon Best Sellers Rank: #564,777 in Books (See Top 100 in Books)

More About the Author

James Turnbull works for the National Australia Bank as the manager of
the CERT (Computer Emergency Response Team).

James has previously worked as an Executive Manager of IT Security at
the Commonwealth Bank of Australia, the CIO of a medical research
foundation doing Web-based clinical trials, managing the architecture
group of an outsourcing company and in a number of IT roles in gaming,
telecommunications and government.

He is an experienced infrastructure architect with a background in
Linux/Unix, AS/400, Windows, and storage systems. He has been involved
in security consulting, infrastructure security design, SLA and service
definition and has an abiding interest in security metrics and measurement.

James is involved in the Free and Open Source Software community as a
developer and contributor. He was the Treasurer, member of the papers
committee, and coordinated the mini-conference program at linux.conf.au
2008 in Melbourne, Australia. He is also a member of Linux Australia,
including serving on the Executive Council in 2008.

He is currently on the committee of Linux Users of Victoria.

In his spare time his interests include cooking, wine, political theory,
photojournalism, philosophy, poetry, and cats.

Customer Reviews

Most Helpful Customer Reviews

29 of 31 people found the following review helpful:

4.0 out of 5 stars Much more than I expected, March 2, 2005

By 

Anthony Lawrence "Unix, Linux and Mac OS X" (Middleboro, MA USA) - See all my reviews
(VINE VOICE)    (REAL NAME)   

This review is from: Hardening Linux (Paperback)

I thought this might just be a book on iptables and other firewalls, but it's much more. In 400 pages, this covers everything from initial installation right through what to do if you did get breached. It covers email security, ftp,
dns and bind, ssh, file systems, pam authentication, firewalls, penetration testing and more.

The really impressive thing is that everything is covered well - obviously some of these subjects could be hundreds of pages by themselves, but the author manages to succintly present the important concepts.

I'd certainly recommend this to anyone running a Linux box.

26 of 28 people found the following review helpful:

5.0 out of 5 stars Excellent. Couldn't ask for more., August 13, 2005

By 

Lasse Koskela (Helsinki, Finland) - See all my reviews
(REAL NAME)   

This review is from: Hardening Linux (Paperback)

I haven't run a Linux box since 2002. Some time ago, realizing that I'd soon have a chance to migrate to using Linux for everyday work, I decided I should start refreshing my *NIX commands and shell scripting. Then, I saw "Hardening Linux". Rather spontaneously, I decided to start with this security-focused title instead of the perhaps more intuitive path of installing the latest distro, setting up a bunch of daemons, installing databases, etc. That proved to be an excellent decision. "Hardening Linux" is not a small book. Yet, I read the 500 pages more or less cover to cover. Even though we're talking about a book of which purpose is to help you to secure your Linux server, I felt like I learned more about Linux reading this book than I've learned during the last year at work.

Turnbull kick starts the book by explaining user and group management, basics of the Linux file system security, how to verify downloaded packages, which tools and packages you probably should remove from a production server. By page 50, he had also shown how to compile your kernel with security flags and the Openwall project.

After the rather intense first chapter, the rest of the book's chapters each focus on a certain aspect of a system or a specific product, showing how to secure your system from that particular perspective. Most of these chapters are really top-notch compared to most of the online material I've resorted to in the past. For example, Turnbull presents the most intuitive tutorial on configuring the iptables firewall I've seen so far.

Another excellent description is the chapter on file system security. In my experience, the majority of developers dealing with Linux -- myself included -- don't really know much about Linux file system security beyond the basic file permission attributes. Thanks to chapter 4, I know twice as much about what's possible and what to look out for with regards to file permissions and ownership, and all those mysterious "special" characters that don't have to do with the basic read-write-execute stuff.

The author also covers the topics of syslog (and syslog-ng), secure remote connections (including SSL/TLS and SSH among other things), and gives a broad overview of common security analysis tools such as NMAP, Nessus, Ethereal, and tcpdump. Beyond those I already mentioned, Turnbull has written excellent chapters explaining how to secure your email servers (both sendmail and postfix), putting your FTP server into a chroot jail, and how to set up your DNS server and protect yourself from common attacks such as cache poisoning.

All in all, an excellent book on not just Linux security but also on Linux fundamentals. Highly recommended reading if you're running a Linux box you wouldn't want getting "0wn3d."

10 of 11 people found the following review helpful:

5.0 out of 5 stars Great topics, May 2, 2006

By 

Michael Stahnke (Nashville, TN) - See all my reviews
(REAL NAME)   

This review is from: Hardening Linux (Paperback)

After reading this book, I think it is going to be the mandatory companion I hand out to new Linux administrators, along with Essential System Administration. The first 6 chapters are exceptional. I can't say enough good things about them. The coverage of PAM is better than anything I have seen. The coverage of authentication, groups, users and best practices surrounding them was very good as well. The logging chapter alone is probably worth the purchase of the book.

After the first section, the book covers more specific topics that are of less interest to me. I realize that a lot of people use email, of all kinds. Chapter 7, 8 and 9 cover email, and I just wasn't that excited about it.

Chapter 10 covered securing FTP, which is nice, and 11 covers Bind. I guess I wonder why some of the topics were chosen. There are whole books on email and bind, available, but there isn't always good material for some other services, like CUPS, maybe some web-based administration tools, or SELinux. The coverage of topics that made the table of contents are very good.

I would say if you are new to Linux Security, or a seasoned player looking for just another reference, this book is great.