Linux Security Cookbook [Paperback]

Daniel J. Barrett (Author), Richard E. Silverman (Author), Robert G. Byrnes (Author)

Book Description

ISBN-10: 0596003919 | ISBN-13: 978-0596003913 | Publication Date: June 2003

Computer security is an ongoing process, a relentless contest between system administrators and intruders. A good administrator needs to stay one step ahead of any adversaries, which often involves a continuing process of education. If you're grounded in the basics of security, however, you won't necessarily want a complete treatise on the subject each time you pick up a book. Sometimes you want to get straight to the point. That's exactly what the new Linux Security Cookbook does. Rather than provide a total security solution for Linux computers, the authors present a series of easy-to-follow recipes--short, focused pieces of code that administrators can use to improve security and perform common tasks securely.

The Linux Security Cookbook includes real solutions to a wide range of targeted problems, such as sending encrypted email within Emacs, restricting access to network services at particular times of day, firewalling a webserver, preventing IP spoofing, setting up key-based SSH authentication, and much more. With over 150 ready-to-use scripts and configuration files, this unique book helps administrators secure their systems without having to look up specific syntax. The book begins with recipes devised to establish a secure system, then moves on to secure day-to-day practices, and concludes with techniques to help your system stay secure.

Some of the "recipes" you'll find in this book are:

• Controlling access to your system from firewalls down to individual services, using iptables, ipchains, xinetd, inetd, and more
• Monitoring your network with tcpdump, dsniff, netstat, and other tools
• Protecting network connections with Secure Shell (SSH) and stunnel
• Safeguarding email sessions with Secure Sockets Layer (SSL)
• Encrypting files and email messages with GnuPG
• Probing your own security with password crackers, nmap, and handy scripts

This cookbook's proven techniques are derived from hard-won experience. Whether you're responsible for security on a home Linux system or for a large corporation, or somewhere in between, you'll find valuable, to-the-point, practical recipes for dealing with everyday security issues. This book is a system saver.

Editorial Reviews

Review

"I really enjoyed this book. I think my machine is more secure than before I read this book. The advice is good and pitched at, for me, the right level. References were up-to-date ad far as I could see. I would certainly recommend this book to anyone wanting to secure, or test the esisting security, of a Linux system." - Mick Farmer, Linux Security Cookbook - news@UK, September 2003

About the Author

Dan Barrett has been immersed in Internet technology since 1985. Currently working as a software engineer, Dan has also been a heavy metal singer, Unix system administrator, university lecturer, web designer, and humorist. He has written several O'Reilly books, as well as monthly columns for Compute! and Keyboard Magazine. Dan and his family reside in Boston.

Richard E. Silverman has a B.A. in computer science and an M.A. in pure mathematics. Richard has worked in the fields of networking, formal methods in software development, public-key infrastructure, routing security, and Unix systems administration. He is the co-author of SSH, The Secure Shell: The Definitive Guide.

Product Details

• Paperback: 352 pages
• Publisher: O'Reilly Media (June 2003)
• Language: English
• ISBN-10: 0596003919
• ISBN-13: 978-0596003913
• Product Dimensions: 9.1 x 7.1 x 0.9 inches
• Shipping Weight: 1.3 pounds (View shipping rates and policies)
• Average Customer Review: 3.9 out of 5 stars  See all reviews (11 customer reviews)
• Amazon Best Sellers Rank: #914,304 in Books (See Top 100 in Books)

Customer Reviews

Most Helpful Customer Reviews

20 of 21 people found the following review helpful:

5.0 out of 5 stars Good book for quick reference..., August 28, 2003

By 

"parimi4" (Tucson, AZ United States) - See all my reviews

This review is from: Linux Security Cookbook (Paperback)

I read this book from cover to cover and consider it a great effort by the authors to cover many security issues related to not just Linux, but most *nix operating systems. Here's a chapter by chapter review of what I've observed in the book:

Chapter 1 - System Snapshots with Tripwire

I liked the discussion of Tripwire and its configuration options. The sections on "Ultra-Paranoid Integrity Checking" were great! A decent introduction to Tripwire and some of its features.

Chapter 2 - Firewalls with iptables and ipchains

The difference between "Drop versus Reject" targets was good. So many books have info on iptables, but none discusses these issues. Also the point made about dropping ICMP messages was good. Quick to learn and implement recipes presented in this chapter.

Chapter 3 - Restricting Access by Remote Users

Recipe 3.7 was very neat. Allowing users to access a service only by port-forwarding over ssh allows the administrator to restrict access by user names. A smart way of imposing restrictions!
Also, in recipe 3.9, I liked the authors' approach to finding if xinetd is compiled with libwrap support.

All recipes regarding tweaking xinetd were good. It isn't always possible to look at all the configurable options with xinetd, and the authors did a good job in mentioning a few useful options.

Chapter 4 - Authentication Techniques and Infrastructures

Quick tips with PAM, openssl and kerberos. I couldnt get some of the recipes to work on my machine, but got most openssl stuff to work.

Chapter 5 - Authorization Controls

I liked this chapter the best. The discussion on sudo was enlightening, and I was able to effectively tweak most recipes to my needs. The man page would never have provided me with such a good explanation. Thanks to the authors for this chapter.

Chapter 6 - Protecting Outgoing Network Connections

Two of these authors had written the snail book and I expected nothing less than a very useful recipe session on SSH. The most useful recipe here was setting up public key authentication between an openssh client and an ssh.com server and vice-versa. I had always wanted to do this but didnt have a clue until I read these recipes. All recipes have strong technical content and are well written. The recipe on running cron jobs with ssh was
amazing. The authors teach how to be creative, rather than merely
explaining facts and methodologies.

Chapter 7 - Protecting Files

I liked all recipes on GnuPG especially neat hacks like maintaining encrypted files with vim, encrypting backups etc..

Chapter 8 - Protecting Email

I tried out a few recipes and got them to work with my configuration. Pretty impressive stuff! The difference between SSL and STARTTLS daemons was very well explained. I havent seen a consolidated discussion on this topic thus far and was really happy to see things explained clearly in just one sidebar. I couldn't get the imap/ssl recipe working for my settings, inspite of spending quite some time. Perhaps a few screen-shots
made available via the website would've been of greatest help..

Chapter 9 - Testing and Monitoring

Recipes on Cracklib, using find for setuid/setgid files and the discussion on the 'find' command are very well written. Though this stuff has been mentioned in most security books/magazines, a consolidated treatment here is nice to note. nmap truly deserved the long section and I was able to learn a few facts I didnt know about nmap until now. The recipe on examining local network activities covered the best tools in business -
netstat, lsof and rpcinfo. Sniffing network traffic, using tcpdump, ethereal and dsniff provide a good refresher and ready-to-use recipes.

Overall, Linux Security Cookbook is a very useful book for quick
reference. It covers a wide range of security topics and issues related to not just Linux but most Unices. The recipes provided here are well written and ready to use. I have found many tips related to sudo, SSH, xinetd, encryption and network security extremely useful. Full credit to the authors for bringing out such a comprehensive book on Linux Security.

15 of 15 people found the following review helpful:

5.0 out of 5 stars Excellent resource on Linux security, December 8, 2003

By 

Ben Rothke "Author of 'Computer Security: 20 ... (USA) - See all my reviews
(REAL NAME)   

This review is from: Linux Security Cookbook (Paperback)

At fewer than 300 pages, the initial size of the Linux Security Cookbook may seem to be meager to cover such a broad subject. But what the book lacks in size, it makes up in content.

While many security books may waste the reader's time by spending hundreds of pages on introductory subjects; chapter 1 of the Linux Security Cookbook goes straight into using and configuring Tripwire.

The book then goes into fundamental topics such as firewalling with iptables/ipchains, authentication, access control, file control, email security and more.

If you are interested in Linux security, this is a well-written and well-organized book, filled with valuable and timely information.

9 of 9 people found the following review helpful:

5.0 out of 5 stars Very useful security cookbook, July 12, 2003

By 

Anthony Lawrence "Unix, Linux and Mac OS X" (Middleboro, MA USA) - See all my reviews
(VINE VOICE)    (REAL NAME)   

This review is from: Linux Security Cookbook (Paperback)

Enjoyable and useful. I didn't really expect to learn a whole lot from this, but surprisingly (and happily), I did. It's jam packed with practical advice, and avoids the too often seen slant of many security books that don't understand the concept of "good enough". These authors understand that no security is 100%, that you are always trading off convenience, cost, and other variables. Their suggestions and recipes carefully explain the risks and advantages involved with each, and often give alternatives for those with higher or lower security needs.

This would be an excellent book for the new administrator to have right beside the keyboard, but it also will be useful for those with more experience. The recipes are concise, but complete: there is little wasted verbiage, yet you don't feel that anything important was left out.

As I said, I learned a few things. For example, I had never really looked at xinetd, assuming that it was just a slightly polished up inetd with different configuration files. My failure to look below the surface (or even really read the man page) caused me to miss quite a bit, and this book was a wake-up for me on that.

Recommended, worth the money.