|Title||Linux Security Cookbook|
|Author(s)||Daniel J. Barrett, Richard Silverman, Robert G. Byrnes|
|Edition||1st edition (June, 2003)|
Although Linux Security Cookbook is geared towards people who have a specific need for security, it covers all grounds. The spectrum of recipes th at are covered are useful to new System Administrators as well serving as a handy reference to those with more experience.
The tendency of many readers is to skip the preface of a book. In the case of the Linux Security Cookbook, this would be a big mistake. Right from the beginning, the authors point out the fact that security is an ongoing learning process and that by no means is the Cookbook a be all, end all security solution. The idea of this book is to aid you in locking down your machines in an easy to understand manner that will hopefully lead to more stringent security policies.
The first few chapters focus on the most apparent levels of needed security, the network and the filesystem. It begins with Tripwire, and then moves into Samhein, rpm, and other forms of integrity checking. Recipes ranging from shell scripts to rsync are also offered if previous integrity checking suggestions are not eligilbe for implemention. The network recipes focus first on the firewall (iptables and ipchains), then on mandatory access control of services using (x)inetd and tcpwrappers, amongst other things.
The next chapter covered involves integrating various authentication techniques into applications to provide a secure means of authentication to the authentication modules and the password files from withing an application. This covers everything from enforcing strong passwords to kerberos realm authentication to protecting your website and email with openssl digital certificates.
Chapter 5 goes in depth into the ability to restrict or authorize one user to change to another either via SSH, sudo, ksu, or any number of other methods. Chapter 6 goes into more detail about managing user profiles to securely move between machines using SSH and the associated SSH Tools.
Chapters 7 and 8 talk about protecting files and email. This includes everything from permissions to crtyptography. The cryptography aspect of this chapter is especially interesting because of the amount of time dedicated to explaining GPG and its many uses, not only in the client capacity for email, but also in the server capacity for maintaing encrypted files. Chapter 8 also covers securing many of the major email clients.
Chapter 9 (pdf version available from link), is about testing and monitoring your system and your network. The authors briefly describes some tools to test and sniff your network. This includes everything from testing for accounts with no password to searching for strings within your network using ngrep. You learn to check for open ports, world-writable files, and rogue processes. This chapter even goes into detail about effective methods of logging all this information via syslog through perl, bash, or a number of other possible languages. The book finishes up by talking about how to recover from a hack and filing incident reports.
The Linux Security Cookbook has proved itself to be an indispensible reference for the standard security practices. Just as with any other problem that requires a solution in the open source community, there are usually multiple ways of solving it. With recipes covering a wide variety of tools, it is not difficult to find the solution with a tool that best suits you.
My favorite recipe comes from Chapter 7 and it has to do with creating encyrpted backups. Using that in combination with rsync, cron, and a perl script does exactly the job that I need a backup system to do.
I recommend that anyone who has the slighest interest or necessity for security get their hands on a copy of the Linux Security Cookbook. It will become an integral part of your security reference collection.