BN.com Gift Guide

Hardening Linux

( 2 )

Overview

“Hardening” is the process of protecting a system and its applications against unknown threats. Hardening Linux identifies many of the risks of running Linux hosts and applications and provides practical examples and methods to minimize those risks. The book is written for Linux/UNIX administrators who do not necessarily have in-depth knowledge of security but need to know how to secure their networks.

Read More Show Less
... See more details below
Other sellers (Paperback)
  • All (14) from $7.67   
  • New (7) from $28.43   
  • Used (7) from $7.67   
Sending request ...

Overview

“Hardening” is the process of protecting a system and its applications against unknown threats. Hardening Linux identifies many of the risks of running Linux hosts and applications and provides practical examples and methods to minimize those risks. The book is written for Linux/UNIX administrators who do not necessarily have in-depth knowledge of security but need to know how to secure their networks.

Read More Show Less

Product Details

Meet the Author

James Turnbull is the author of five technical books about open source software and a longtime member of the open source community. James authored the first and second books about Puppet, and works for Puppet Labs, running client services. James speaks regularly at conferences including OSCON, Linux.conf.au, FOSDEM, OpenSourceBridge, DevOpsDays and a number of others. He is a past president of Linux Australia, has run Linux.conf.au and serves on the program committee of Linux.conf.au and OSCON. James is Australian but currently lives in Portland, Oregon. His interests include cooking, wine, political theory, photojournalism, philosophy, and most recently the Portland Timbers association football team.
Read More Show Less

Table of Contents

Ch. 1 Hardening the basics 1
Ch. 2 Firewalling your hosts 79
Ch. 3 Securing connections and remote administration 137
Ch. 4 Securing files and file systems 187
Ch. 5 Understanding logging and log monitoring 233
Ch. 6 Using tools for security testing 281
Ch. 7 Securing your mail server 321
Ch. 8 Authenticating and securing your mail 373
Ch. 9 Hardening remote access to e-mail 403
Ch. 10 Securing an FTP server 443
Ch. 11 Hardening DNS and BIND 463
App. A The bastion host firewall script 511
App. B BIND configuration files 517
App. C Checkpoints 525
Read More Show Less

Customer Reviews

Average Rating 3.5
( 2 )
Rating Distribution

5 Star

(0)

4 Star

(1)

3 Star

(1)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing all of 2 Customer Reviews
  • Anonymous

    Posted August 11, 2005

    In-depth explanations with step-by-step techniques for securing Linux and common applications.

    Hardening Linux by James Turnbull, stands out in my mind as a vitally important text that clearly lays out how to make your Linux boxes as secure as possible. Mr. Turnbull has done a remarkable job in delineating the potential vulnerabilities, and how to mitigate them. Each chapter covers a particular focus area in depth, with carefully worded and easy-to-follow examples. In the cases where you need to install some other piece of software to provide the extra security, he gives you the step-by-step details, leaving nothing for misinterpretation. This is one of those books that, as you finish each chapter, you¿ll want to apply your new-found knowledge to the machines at your disposal. As each subsequent chapter unfolds, James explains very carefully how to tighten remote administration, files and file systems, mail, ftp, and DNS/BIND. Additional information is given on how to log important information securely, and efficiently monitor the data collected. In addition, tools for testing the security of your hosts is described very clearly, from the inside-out and the outside-in, along with explanations of how to detect penetrations and recover from them. Writing about securing a computer system can be written on a few different levels, from the general suggestions which apply to just about any program, to the specific which apply to just one. Mr. Turnbull has chosen to pick commonly used programs and provide step-by-step procedures for locking them down. For example, if you are hardening a mail server, you will find descriptions of Sendmail and Postfix, but not of Qmail or Courier. While this might limit the appeal of the book to just those using the more common programs, it allows a depth that would be otherwise unavailable. The only quibble I have is that his book does not go far enough. While the chosen types of applications are covered in great depth, some applications are missing. There is no coverage for a web server, such as Apache, or a database server, such as MySQL. I can only hope that a future edition of the book includes chapters on these and other categories of programs. I definitely recommend Hardening Linux by James Turnbull to anyone who installs and maintains Linux servers. The information packed in this book is easy to follow, and will help you configure your systems very securely. The additional insights into why the configurations are important is extremely valuable in its own right. This book belongs on any Linux sysadmin's bookshelf.

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted March 2, 2005

    outdated antispam methods

    With the onslaught of malware in all its deviant forms, securing your linux machine should be a high priority. Linux now has a plethora of tools and procedures to aid in this. But where can you start? Perhaps here. Turnbull tries to help you make sense of what you can do, where hopefully you already have some linux sysadmin experience. He goes into considerable detail about many potential weaknesses. Consider, for example, having compilers on your machine. These are usually installed by default and available to any user. But if your users never compile, then it's worth removing the compilers, or restricting their usage to you alone. This is one of the crucial preventive steps recommended in the book. There are others. Though his description of immutable files is a trifle overstated. They 'cannot be written to by any user, even by the root user, regardless of their file permissions'. Immediately contradicted by the book showing how to change this attribute on a file. Thence, you as root can certainly alter or even delete it. The discussion of antispam methods is outdated. The descriptions of some do not go into their limitations. Like for Postfix, it is possible to check the Subject line of an email against a list of regular expressions, and reject any matches. This is a first generation antispam method, circa 1998. It has proved virtually useless against spammers. The problem is that a spammer can craft a Subject line so that the recipient (who is wetware) can recognise the meaning, while making it very hard for software, which has rigid rules, to detect it. There are two problems with the book mentioning the regexp filter. Firstly, you can waste a lot of your time, writing those regexps to try to detect as much spam as possible. Plus the time to maintain and adding more such rules, when your first tries prove inadequate. Secondly, there is the run time cost. The clock cycles spent on applying this filter are largely wasted. If you get a lot of messages, this can affect the performance of your mail server. Remember that the more rules you have, the longer it takes, because you usually have to apply all of them to each message's header. Also, blacklists are discussed as another antispam method, for both sendmail and Postfix. But the application of the blacklists is limited and outdated. More powerful usages of blacklists now exist. And there is no description of using milter filters with sendmail, to fight spam. This has been a recent important enhancement of sendmail.

    Was this review helpful? Yes  No   Report this review
Sort by: Showing all of 2 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)