Securing Linux: A Survival Guide for Linux Security (Version 2.0)

Wow! What a book. Although I know very little about Linux as an OS, even less about security and can barely dress myself, I successfully used this book to set-up a secure, linux-based environment for my top-notch anime collection... All in all, I highly recommend this product...

Why does every book on Linux try to tackle too many issues? Let's face it, 700-800 or even a 1000 pages is just TOO much information. If you are looking for a complete and concise guide to securing your Red Hat Linux installation then I HIGHLY recommend picking up this book. I would rank this as a book that is perfect for intermediate Unix admins but a colleague of mine without ANY Linux experience said she found this book to be a valuable resource in her steep learning curve. The book provides many examples of different configurations and provides great pointers to other resources if you want more information about a particular topic. All in all, I was VERY impressed with this book and I would consider it a "must have" for anyone interested in securing their Red Hat Linux installations.

The excellent SANS "Securing Linux Step by Step"guide suffers from amajor problem: you can't cut-and-paste the commands from it into yourLinux system! The desire to do so constantly appear while reading themanual, and I was very eager to try some of the things describedthereof.The guide presents ultimate hands-on, indeed as step-by-step as theydo. A little of text and a lot of commands to accomplish it! Allconfiguration "recipes" are supposed to be tested by many of the guidecontributors and reviewers. I have found no inaccuracies of any kind.Its a pity that there is no way to cut and paste from the book andclick on links too. The guide begs to have a CD, floppy or a companionsite since commands need to be typed on the server.The book starts from a nice security policy primer and a summary ofsecurity principles, which even touch upon physical security, backupsand other useful operational issues. The range of advice is wide and covers everything from very basicpasswords security to complicated methods of chrooting various networkdaemons for extra security. The complete step-by-step instructions forchrooting bind and ssh are provided together with several sampleconfiguration files. Tips on securing many Linux applications such asApache, Sendmail, Bind, Samba are also detailed in separatechapters. Securing Wu-FTPD, however pointless it might be in light ofa flood of attacks, is also described. Its a pity that commonreplacements such as qmail, proftpd and djbdns are not covered.While other books offer more breadth (such as coverage of manydifferent tools etc), this is ideal for those seeking depth. Thisguide would likely not win any literature prizes, but can save a lifeof a Linux admin.Moreover, even if you think you know _everything_ about Linux security- read it anyway, since you find some new stuff, just like I did. Onthe other hand, complete novices will also benefit from it greatly,since even just typing the command blindly and then reading up on themand gaining in-depth understanding is no the worst way to jump startyour Linux security expertise. Overall, if you own or administer aLinux system - get the guide.Anton Chuvakin, Ph.D., GCIA, GCIH is a Senior Security Analyst with amajor information security company. His areas of infosec expertiseinclude intrusion detection, UNIX security, forensics, honeypots,etc. In his spare time he maintains his security portalinfo-secure.org

I purchased this book because I had the old version from the Red Hat 6.2 era that was severely outdated. The claim that this guide is a total rewrite is VERY accurate. I found the advice given and the steps provided to be extremely helpful in locking down my linux server. Perhaps the most useful section for me was dealing with Sendmail. Even with the most recent release, working with the sendmail configuration files is tricky on a good day and downright frightening. I learned a couple of new tricks by following the steps in the guide and now have a better understanding of how the configuration file can be modified to make my email gateway more secure.I also found the section on RPM's to be extremely helpful. In the past, I struggled with keeping my OS up to date and was actually jealous of the windows users that could "automagically" update their machines. Well, you can do this in Linux too by using up2date or autorpm. Check the guide out on how you can automate this functionality!While I did find this guide to be extremely useful, it didn't cover EVERYTHING. Heck, that would be impossible given the changing nature of the Linux OS and the thousands of applications or services available but I was really hoping to see more example scripts provided in the appendix. Perhaps this will be covered in version 2.0?? All in all, a very good book and a BEST BUY!