Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
Other Sellers on Amazon
+ $3.99 shipping
+ $3.99 shipping
+ $3.99 shipping
Hardening Linux Paperback – February 1, 2005
Frequently bought together
Customers who bought this item also bought
Customers who viewed this item also viewed
From the Publisher
"Hardening" is the process of protecting a system and its applications against unknown threats. Hardening Linux identifies many of the risks of running Linux hosts and applications and provides practical examples and methods to minimize those risks.
About the Author
James Turnbull is the author of five technical books about open source software and a longtime member of the open source community. James authored the first and second books about Puppet, and works for Puppet Labs, running client services. James speaks regularly at conferences including OSCON, Linux.conf.au, FOSDEM, OpenSourceBridge, DevOpsDays and a number of others. He is a past president of Linux Australia, has run Linux.conf.au and serves on the program committee of Linux.conf.au and OSCON. James is Australian but currently lives in Portland, Oregon. His interests include cooking, wine, political theory, photojournalism, philosophy, and most recently the Portland Timbers association football team.
Top customer reviews
There was a problem filtering reviews right now. Please try again later.
This is the sort of book that covers the topics of interest to those who administer Linux systems that do have valuable information on them. The techniques described can keep the valuable information out of reach from all but the most determined and skilled cyber-crooks.
Turnbull kick starts the book by explaining user and group management, basics of the Linux file system security, how to verify downloaded packages, which tools and packages you probably should remove from a production server. By page 50, he had also shown how to compile your kernel with security flags and the Openwall project.
After the rather intense first chapter, the rest of the book's chapters each focus on a certain aspect of a system or a specific product, showing how to secure your system from that particular perspective. Most of these chapters are really top-notch compared to most of the online material I've resorted to in the past. For example, Turnbull presents the most intuitive tutorial on configuring the iptables firewall I've seen so far.
Another excellent description is the chapter on file system security. In my experience, the majority of developers dealing with Linux -- myself included -- don't really know much about Linux file system security beyond the basic file permission attributes. Thanks to chapter 4, I know twice as much about what's possible and what to look out for with regards to file permissions and ownership, and all those mysterious "special" characters that don't have to do with the basic read-write-execute stuff.
The author also covers the topics of syslog (and syslog-ng), secure remote connections (including SSL/TLS and SSH among other things), and gives a broad overview of common security analysis tools such as NMAP, Nessus, Ethereal, and tcpdump. Beyond those I already mentioned, Turnbull has written excellent chapters explaining how to secure your email servers (both sendmail and postfix), putting your FTP server into a chroot jail, and how to set up your DNS server and protect yourself from common attacks such as cache poisoning.
All in all, an excellent book on not just Linux security but also on Linux fundamentals. Highly recommended reading if you're running a Linux box you wouldn't want getting "0wn3d."
Of course no book on hardening a system would be complete without discussing how to build an effective firewall. The section on firewalling is excellent and strikes a solid balance between a technical presentation and a user level presentation.
Other important areas include securing connections, secure remote administration, public-key encryption, securing files and file systems, mounting drives securely, securing removable drives, encrypting the file system, and file integrity using tripwire.
Of course setting all of that security up helps a lot but you still need to test the system to see that it works the way you want it to. The author examines several security testing tools to scan your system for root kits and weak passwords as well as using packet sniffers, the Snort intrusion detection system, and other tools.
The book assumes some very basic familiarity with Linux including a file editor, the grep utility, file permissions and ownership, user administration, package management, the purpose and layout of init and init scripts, the basics of networking (TCP/IP, subnetting, etc.), and mounting and unmounting a partition. Hardening Linux is a highly recommended book and provides a better overall view of Linux security than most similar choices.