Book Review
Linux System Security: The Administrator's Guide to Open Source
Security Tools
- Authors: Scott Mann and Ellen L. Mitchell
- Publisher: Prentice Hall
- URL: http://www.phptr.com/
- ISBN: 0-1301-5807-0
- Price: $48.99 US
- Reviewer: Ibrahim F. Haddad
Buy this book today!
Linux System Security offers ways to protect Linux systems from
break-in, as well as to detect evidence of attacks quickly.
The book is intended to provide readers with skills, knowledge and tools
that will allow them to prepare their systems for use in production
environments. The methods discussed are from the perspective of
restricting use to authorized access and making it as difficult as
possible for crackers to gain access.
The book covers all aspects of Linux security and has plenty of practical
tools and techniques for achieving it. The authors discuss common
hacks and penetrations of Linux systems and show administrators how
to protect themselves, set traps and trail hackers, using publicly
available, open-source security tools. The tools are used to analyze,
protect and monitor systems and networks.
In order to provide an accurate representation of the book's contents,
the following is a summary of each of the 18 chapters in Linux System
Security.
- Chapter 1--The authors guide the reader through a system
vulnerability survey and discuss security policies. Various types of
vulnerabilities and attacks are outlined, which is handy for people with
no previous exposure to these issues.
- Chapter 2--A good overview of how to prepare a
Security Policy and a useful framework for its implementation.
- Chapter 3--Background information on BIOS passwords, LILO,
startup scripts, TCP/IP networking and cryptography is offered. Concepts and
utilities are presented that are referred to throughout the book.
- Chapter 4--Necessary basic security issues related to
user and group accounts management, using the root account, files and
directories' permissions as well as file system restrictions are discussed.
- Chapter 5--Thoroughly pluggable authentication modules
are presented along with a practical and comprehensive overview of PAM,
its configuration and administration.
- Chapter 6--An in-depth discussion is offered of two different one-time
password programs, S/Key and OPIE, and how they reduce considerably the
risks associated with system access by utilizing a password only once.
- Chapter 7--System and connection accounting are explained. It
describes in detail the commands that allow information
collected by the accounting system to be viewed.
- Chapter 8--The syslog (system logging) utility is covered in
great depth; syslog, its workings and the /etc/syslog.conf configuration
file are all discussed. This chapter is the most informative piece
on syslog I have ever seen.
- Chapter 9--An explanation of how to obtain, install and
configure the Superuser utility, it talks about sudo's options,
features and vulnerabilities.
- Chapter 10--The features, functionality and weaknesses of
inetd, TCP_wrappers, the portmapper and xinetd
are covered.
- Chapter 11--Implementation and configuration of the secure
shell, SSH, one of the most important utilities in the public domain, is
explained. The authors describe how to build an encrypted tunnel between
two or more hosts, protecting all aspects of the communication.
- Chapter 12--Crack, a tool that attempts to guess passwords,
receives an in-depth explanation of how to build, configure
and use it. The authors did not fail to address the ethical issues
surrounding such a tool.
- Chapter 13--How to audit the system with
Tiger, a set of scripts and programs that help identify
system vulnerabilities is explained. The authors provide an overview of, how
to obtain, install, configure and use it.
- Chapter 14--An overview of Tripwire, which acts as a
valuable alarm system. The authors describe how to get, install and configure it, as
well as how to securely store its databases and configuration files. Any
Tripwire user will find this chapter valuable for its explanations
and information.
- Chapter 15--Two publicly available
tools to protect data through encryption are explored and compared. The
Cryptographic and Transparent Cryptographic Filesystems (CFS and TCFS)
that assist the system administrator secure data.
- Chapter 16--The focus is on packet filtering with the
ipchains utility, and how to configure this utility to limit connections
through a Linux system connected to two different networks.
- Chapter 17--Log file management as an essential
part of system security and various log management tools, such as
logrotate and swatch, are discussed.
- Chapter 18--An overview of the book's topics is offered
along with ways to simplify the process of implementing,
configuring and utilizing Linux security features and various publicly
available tools.
At the end of the book, there are two appendices. Appendix A provides a
list of web sites, e-mail lists and news groups that offer additional
information about securing computer systems. Appendix B provides a list of
several other tools that were not covered in the book.
Linux Systems Security is an essential book for system
administrators and security professionals. It covers topics related to Linux
systems security with a focus on freely available tools. The book helps
identify system vulnerabilities and offers plans for security administration. It
highlights how to detect intrusions and how to secure file systems, e-mail,
web servers and other key applications. The book also emphasizes
administrative security duties with discussions of system accounts,
logging, superuser safety and secure network services.
A nice feature of the book is that the authors approach the subject from a
practical point of view by emphasizing the use of software and
providing references at the end of each chapter for further investigation.
Another characteristic is the use of many examples, charts, tables and
graphs to illustrate complex processes and concepts.
If you depend on Linux to run mission-critical networks, and you want to
protect your Linux system, the procedures outlined in this book will
certainly reduce your system's level of vulnerability.
Ibrahim F. Haddad (ibrahim.haddad@lmc.ericsson.se) works for Ericsson
Research Canada in the Systems Research Division.
He is currently a Dr Sc candidate in computer science at Concordia
University in Montreal.