Linux Security Cookbook: Security Tools & Techniques

TRUE DESCRIPTION AS DESCRIBED BY THE SELLER!

Excellent

I would recommend this book to anyone interested in Linux Security. I am in information assurance and find a lot of problems with security and STIG. This book will assist any system admin with security compliance and is a must for good security practices.This book is out of date and should be updated to new copyright addition.

Could be more in depth, I guess the author was wasting his focus on what he felt was important within his knowledge of the material

I read this book from cover to cover and consider it a great effort by the authors to cover many security issues related to not just Linux, but most *nix operating systems. Here's a chapter by chapter review of what I've observed in the book:Chapter 1 - System Snapshots with TripwireI liked the discussion of Tripwire and its configuration options. The sections on "Ultra-Paranoid Integrity Checking" were great! A decent introduction to Tripwire and some of its features.Chapter 2 - Firewalls with iptables and ipchainsThe difference between "Drop versus Reject" targets was good. So many books have info on iptables, but none discusses these issues. Also the point made about dropping ICMP messages was good. Quick to learn and implement recipes presented in this chapter.Chapter 3 - Restricting Access by Remote UsersRecipe 3.7 was very neat. Allowing users to access a service only by port-forwarding over ssh allows the administrator to restrict access by user names. A smart way of imposing restrictions!Also, in recipe 3.9, I liked the authors' approach to finding if xinetd is compiled with libwrap support.All recipes regarding tweaking xinetd were good. It isn't always possible to look at all the configurable options with xinetd, and the authors did a good job in mentioning a few useful options.Chapter 4 - Authentication Techniques and InfrastructuresQuick tips with PAM, openssl and kerberos. I couldnt get some of the recipes to work on my machine, but got most openssl stuff to work.Chapter 5 - Authorization ControlsI liked this chapter the best. The discussion on sudo was enlightening, and I was able to effectively tweak most recipes to my needs. The man page would never have provided me with such a good explanation. Thanks to the authors for this chapter.Chapter 6 - Protecting Outgoing Network ConnectionsTwo of these authors had written the snail book and I expected nothing less than a very useful recipe session on SSH. The most useful recipe here was setting up public key authentication between an openssh client and an ssh.com server and vice-versa. I had always wanted to do this but didnt have a clue until I read these recipes. All recipes have strong technical content and are well written. The recipe on running cron jobs with ssh wasamazing. The authors teach how to be creative, rather than merelyexplaining facts and methodologies.Chapter 7 - Protecting FilesI liked all recipes on GnuPG especially neat hacks like maintaining encrypted files with vim, encrypting backups etc..Chapter 8 - Protecting EmailI tried out a few recipes and got them to work with my configuration. Pretty impressive stuff! The difference between SSL and STARTTLS daemons was very well explained. I havent seen a consolidated discussion on this topic thus far and was really happy to see things explained clearly in just one sidebar. I couldn't get the imap/ssl recipe working for my settings, inspite of spending quite some time. Perhaps a few screen-shotsmade available via the website would've been of greatest help..Chapter 9 - Testing and MonitoringRecipes on Cracklib, using find for setuid/setgid files and the discussion on the 'find' command are very well written. Though this stuff has been mentioned in most security books/magazines, a consolidated treatment here is nice to note. nmap truly deserved the long section and I was able to learn a few facts I didnt know about nmap until now. The recipe on examining local network activities covered the best tools in business -netstat, lsof and rpcinfo. Sniffing network traffic, using tcpdump, ethereal and dsniff provide a good refresher and ready-to-use recipes.Overall, Linux Security Cookbook is a very useful book for quickreference. It covers a wide range of security topics and issues related to not just Linux but most Unices. The recipes provided here are well written and ready to use. I have found many tips related to sudo, SSH, xinetd, encryption and network security extremely useful. Full credit to the authors for bringing out such a comprehensive book on Linux Security.

As the title suggests, LSC is a series of different Linux security "recipes." I found the cookbook-style of presentation both good and bad. Some recipes were a breeze to follow (such as the gpg recipes). Other recipes were difficult, but not impossible to follow.As a "desktop" Linux user who only administers a desktop machine and notebook the chapters I found most useful were those on intrusion detection systems (Chapter 1) and GPG (Chapters 7 & 8). That said, LSC contains dozens of useful recipes for administrators from PAM authentication to monitoring who is doing what on your system. Some of the programs covered are programs I've never heard of before, John the Ripper for example. Other recipes cover those programs I know I should check out, like Snort, but have never taken the time to.LSC is for the most part very easy to follow. The authors have been very careful to mention when software (snort for example) might or might not be included and how to find and install it. I got tripped up a little in the first chapter (which covers tripwire), because I tried downloading and compiling the tripwire source found at the tripwire web site. I obtained the source from a couple of recommended sites. In one instance tripwire failed to compile correctly, in another it compiled but kept segfaulting when I tried to initialize the database. It wasn't until after I emailed O'Reilly that I saw mention further in Chapter 1 that tripwire is included with Red Hat Linux. One of the authors, Daniel J. Barrett, also emailed me to tell me that it was on the third CD - doh! The upside of this little tale is that I got to know aide (another intrusion detection system) a little better after I installed it on my Debian-based notebook.... it is certainly money well spent. I now use gpg and check my systems for intrusions on a regular basis. I've also finally found a spring board for learning more about Linux security. Reading O'Reilly's LSC made it easier to follow the ipchains-HOWTO and learn more about Linux security from other sources. If you're new to Linux security LSC is a great springboard for learning about a wide range of Linux security issues.I've saved what is actually covered in LSC for the end of this review. My intention in this review has been mainly to present my experience with LSC so that other Amazon users who are also still desktop users, or have never really been concerned with Linux security issues can take away the fact that despite a few sticking points I found this book to be a great source for information on different Linux security issues. For those concerned with the meat of the book, here's how it breaks down:1. System Snapshots with Tripwire2. Firewalls with iptables and ipchains3. Network Access Control (xinetd, inetd, preventing DOS attacks)4. Authentication Techniques and Infrastructures (PAM, SSL, Kerberos)5. Authorization Controls (su and sudo)6. Protecting Outgoing Network Connections (OpenSSH)7. Protecting Files (permissions, GPG)8. Protecting Email (all popular mail user agents, SSL and SSH)9. Testing and Monitoring (Jack the Ripper, Cracklib, Snort, tcpdump, syslog)You really need to have a good look at the table of contents to get an idea of all this book covers. I have written about it from a desktop-user standpoint, but there are so many recipes that I couldn't cover everything. There are many great code snippets that more advanced users would find useful.If you don't have an intrusion detection system, need to grant some of your users limited root privileges, have been using the default firewall rules (or don't have a clue about iptables/ipchains), haven't checked your system for root kits or insecure protocols, then the Linux Security Cookbook should be at the top of your reading list.

Enjoyable and useful. I didn't really expect to learn a whole lot from this, but surprisingly (and happily), I did. It's jam packed with practical advice, and avoids the too often seen slant of many security books that don't understand the concept of "good enough". These authors understand that no security is 100%, that you are always trading off convenience, cost, and other variables. Their suggestions and recipes carefully explain the risks and advantages involved with each, and often give alternatives for those with higher or lower security needs.This would be an excellent book for the new administrator to have right beside the keyboard, but it also will be useful for those with more experience. The recipes are concise, but complete: there is little wasted verbiage, yet you don't feel that anything important was left out.As I said, I learned a few things. For example, I had never really looked at xinetd, assuming that it was just a slightly polished up inetd with different configuration files. My failure to look below the surface (or even really read the man page) caused me to miss quite a bit, and this book was a wake-up for me on that.Recommended, worth the money.

ok