Book Description
Computer security is an ongoing process, a relentless contest between system administrators and intruders.A good administrator needs to stay one step ahead of any adversaries, which often involves a continuing process of education. If you're grounded in the basics of security, however, you won't necessarily want a complete treatise on the subject each time you pick up a book. Sometimes you want to get straight to the point. That's exactly what the new Linux Security Cookbook does.Rather than provide a total security solution for Linux computers, the authors present a series of easy-to-follow recipes--short, focused pieces of code that administrators can use to improve security and perform common tasks securely. The Linux Security Cookbook includes real solutions to a wide range of targeted problems, such as sending encrypted email within Emacs, restricting access to network services at particular times of day, firewalling a webserver, preventing IP spoofing, setting up key-based SSH authentication, and much more.With over 150 ready-to-use scripts and configuration files, this unique book helps administrators secure their systems without having to look up specific syntax. The book begins with recipes devised to establish a secure system, then moves on to secure day-to-day practices, and concludes with techniques to help your system stay secure.Some of the "recipes" you'll find in this book are:

• Controlling access to your system from firewalls down to individual services, using iptables, ipchains, xinetd, inetd, and more
• Monitoring your network with tcpdump, dsniff, netstat, and other tools
• Protecting network connections with Secure Shell (SSH) and stunnel
• Safeguarding email sessions with Secure Sockets Layer (SSL)
• Encrypting files and email messages with GnuPG
• Probing your own security with password crackers, nmap, and handy scripts

Customer Reviews (10)

Pensacola LUG review book
The Linux Security Cookbook is a good hands-on guide to the major aspects of securing your Linux box. This book offers many quick reference guides to pieces of software for securing or testing your system and goes through many different means of fortifying your box including:
-controlling system access with firewalls
-monitoring your network
-using SSH and SSL
-intrusion detection systems
-authentication and cryptographic keys
-encrypting files and email messages
-system security probing

The recipes in this book allows administrators to learn quick and easy ways to secure their systems including over 150 ready-to-use scripts and configuration files without having to look up or research specific syntax.

This book is definitely a quick hands-on guide to securing and monitoring your system and would recommend it to anyone looking for a good source of guides and ready-to-use scripts and configurations.

Excellent resource on Linux security
At fewer than 300 pages, the initial size of the Linux Security Cookbook may seem to be meager to cover such a broad subject.But what the book lacks in size, it makes up in content.

While many security books may waste the reader's time by spending hundreds of pages on introductory subjects; chapter 1 of the Linux Security Cookbook goes straight into using and configuring Tripwire.

The book then goes into fundamental topics such as firewalling with iptables/ipchains, authentication, access control, file control, email security and more.

If you are interested in Linux security, this is a well-written and well-organized book, filled with valuable and timely information.

Good book for quick reference...
I read this book from cover to cover and consider it a great effort by the authors to cover many security issues related to not just Linux, but most *nix operating systems. Here's a chapter by chapter review of what I've observed in the book:

Chapter 1 - System Snapshots with Tripwire

I liked the discussion of Tripwire and its configuration options. The sections on "Ultra-Paranoid Integrity Checking" were great! A decent introduction to Tripwire and some of its features.

Chapter 2 - Firewalls with iptables and ipchains

The difference between "Drop versus Reject" targets was good. So many books have info on iptables, but none discusses these issues. Also the point made about dropping ICMP messages was good. Quick to learn and implement recipes presented in this chapter.

Chapter 3 - Restricting Access by Remote Users

Recipe 3.7 was very neat. Allowing users to access a service only by port-forwarding over ssh allows the administrator to restrict access by user names. A smart way of imposing restrictions!
Also, in recipe 3.9, I liked the authors' approach to finding if xinetd is compiled with libwrap support.

All recipes regarding tweaking xinetd were good. It isn't always possible to look at all the configurable options with xinetd, and the authors did a good job in mentioning a few useful options.

Chapter 4 - Authentication Techniques and Infrastructures

Quick tips with PAM, openssl and kerberos. I couldnt get some of the recipes to work on my machine, but got most openssl stuff to work.

Chapter 5 - Authorization Controls

I liked this chapter the best. The discussion on sudo was enlightening, and I was able to effectively tweak most recipes to my needs. The man page would never have provided me with such a good explanation. Thanks to the authors for this chapter.

Chapter 6 - Protecting Outgoing Network Connections

Two of these authors had written the snail book and I expected nothing less than a very useful recipe session on SSH. The most useful recipe here was setting up public key authentication between an openssh client and an ssh.com server and vice-versa. I had always wanted to do this but didnt have a clue until I read these recipes. All recipes have strong technical content and are well written. The recipe on running cron jobs with ssh was
amazing. The authors teach how to be creative, rather than merely
explaining facts and methodologies.

Chapter 7 - Protecting Files

I liked all recipes on GnuPG especially neat hacks like maintaining encrypted files with vim, encrypting backups etc..

Chapter 8 - Protecting Email

I tried out a few recipes and got them to work with my configuration. Pretty impressive stuff! The difference between SSL and STARTTLS daemons was very well explained. I havent seen a consolidated discussion on this topic thus far and was really happy to see things explained clearly in just one sidebar. I couldn't get the imap/ssl recipe working for my settings, inspite of spending quite some time. Perhaps a few screen-shots
made available via the website would've been of greatest help..

Chapter 9 - Testing and Monitoring

Recipes on Cracklib, using find for setuid/setgid files and the discussion on the 'find' command are very well written. Though this stuff has been mentioned in most security books/magazines, a consolidated treatment here is nice to note. nmap truly deserved the long section and I was able to learn a few facts I didnt know about nmap until now. The recipe on examining local network activities covered the best tools in business -
netstat, lsof and rpcinfo. Sniffing network traffic, using tcpdump, ethereal and dsniff provide a good refresher and ready-to-use recipes.

Overall, Linux Security Cookbook is a very useful book for quick
reference. It covers a wide range of security topics and issues related to not just Linux but most Unices. The recipes provided here are well written and ready to use. I have found many tips related to sudo, SSH, xinetd, encryption and network security extremely useful. Full credit to the authors for bringing out such a comprehensive book on Linux Security.

Not up to par
I've been reading "Linux Security Cookbook".I fully understandthe goal of this book is to provide lots of little bits of wisdom,not a full fledged security book.I think that's pretty cool.HoweverI'm finding that a lot of the recipies, if you will, are either notwell explained, the equivalent of reading a real cookbook witohutknowing what it means ot 'fold the blueberries into the batter'.Theycould easily have spent more time explaining things so we didn't needto go read/re-reading the man pages just to understand the book.

Worth it
A very cool collection of recipes for common, daily, security of Linux
systems. Some of the other reviewers missed the point...this book
doesn't try to be the ultimate self-contained security book, it's a
collection of one-off recipes...it even says so on page 1. Look at
O'Reilly's other cookbooks (the awesome Perl Cookbook, Javascript
Cookbook, etc)--they aren't meant to be comprehensive or teach you
everything about the subject, they assume you know the basics already
and show you specific solutions to specific problems. This cookbook
does the same thing with Linux security, and I think it succeeds...it
sure helped me with my firewall and with gpg encryption. This
shouldn't be the only security book you own but it's great for what it
is. ... Read more

Amazon.com
The suite of utility applications that Unix users and administrators find indispensable--Telnet, rlogin, FTP, and the rest--can in fact prove to be the undoing of interconnected systems. The Secure Shell, a.k.a. SSH (which isn't a true shell at all) provides your otherwise attack-prone utilities with the protection they need. SSH: The Secure Shell: The Definitive Guide explains how to use SSH at all levels. In a blended sequence, the book explains what SSH is all about, how it fits into a larger security scheme, and how to employ it as an everyday user with an SSH client. More technically detailed chapters show how to configure a SSH server--several variants are covered--and how to integrate SSH with non-Unix client platforms.

As befits its detail- and variation-rich subject, this book comprises many specialized sections, each dealing with some specific aspect of use or configuration (setting up access control at the account level, for example, or generating keys for a particular SSH server). The writing is both informative and fun to read; the authors switch back and forth between text and entry-and-response listings from SSH machines. They often run through a half-dozen or more variants on the same command in a few pages, providing the reader with lots of practical information. The discussion of how SSH fits into a Kerberos Public Key Infrastructure (PKI) is great, as is the advice on defeating particular kinds of attacks. --David Wall

Topics covered:

• The Secure Shell (SSH) for installers, administrators, and everyday users
• SSH design and operation
• Server setup
• SSH agents
• Client configuration
• Public Key Infrastructure (PKI) integration
• SSH1
• SSH2
• F-Secure
• OpenSSH for Unix
• SSH1 and SecureCRT for Microsoft Windows
• NiftyTelnet SSH for Mac OS

Customer Reviews (31)

Great learning book and reference
This book is great if you need to set up an SSH client or server.If you are new to SSH this is
the book for you.As an experienced Linux sysadmin this book still helps.It walks you through
key setup, agents, and explains the differences between the different versions/flavors of SSH.

It is administrators guide, not implementors guide
This is good for beginners and administrators to get an understanding of the SSH. After reading it, you will know, how to set up and configure the SSH.

However, it will not give you details of the SSH protocol for an implementor. I had to look into chapter 7 of "VPNs Illustrated: Tunnels, VPNs, and IPsec by Jon C. Snader" to get an overview of how the SSH protocol really works behind the doors. This chapter gave pictorial descriptions as opposed to textual descriptions in the SSH RFCs.

In the next version, I would expect this book to contain a chapter giving implementation details of the SSH protocol.

It does help me a lot
This book really take me thro' for what I need to know in order to support the deployed SFTP solution.Now, I have clear idea in selecting options while building the package.

About what you would expect
I am a consultant and used this book on an integration project.There is not much special about this book.It is relatively difficult to find information on a topic as the author tries to integrate the information on ssh1, ssh2 and open ssh and it is sometimes not clear what something applies to or not.Not much else available and at least one revision has already been issued.

Stick to the man page
This is one of those O'Reilly books that actually makes you stupider than you were before having read it.

Face it, nobody reads books like this cover-to-cover. We might go through the introduction and the first few chapters, but after that we jump around to the parts we want to know about right now. The authors of this book have done everything in their power to make sure that this is not possible. In my case, I was interested in learning more about the various options involved in port forwarding, so I skipped ahead to chapter 9, which is dedicated to the subject. Unfortunately for me, I was completely lost, not because I had no grasp of the concepts involved, but because of the horrible writing, illustration and page layout choices.

First off, the authors seem to be big fans of mathematics, as they frequently contract long, complex statements into single letters they have chosen arbitrarily. Now this might not be a big problem when you're talking about getting from "computer A" to "computer B", but when providing examples of commands one is to enter into a terminal that look like this:

ssh -L2001:S:143 S

or even better yet:

ssh -g -L P:S:W B

It gets pointlessly confusing. If you don't already know what you're doing, you'll probably think that those capital letters are arguments you should type into your terminal rather than the names of computers and ports you're supposed to insert yourself, especially when there are absolutely NO full, syntactically correct examples of these commands given anywhere in the book. It's like it would kill them to type out a single working example. I would suggest the possibility that they might suffer from severe carpal tunnel syndrome as an explanation for this terseness were it not for the amazing displays of verbosity these very same authors seem to be capable of whenever another opportunity to shamelessly plug Tectia presents itself. If I didn't know better I'd think there was a product placement deal at work here.

On top of all of this, the illustrations are just awful. Not only are they frequently as ambiguous as the command line examples they are meant to illustrate, but they are also labeled inconsistently, and worst of all, are often placed 2-3 pages away from the text they are meant to compliment. You can easily waste hours of time flipping back and forth between lines like "ssh -g -L P:S:W B" and the pictures of poorly drawn boxes which defy all laws of perspective and clouds with arrows pointing all over the place that are meant to clarify them somehow.

I'm sure the authors know a lot more about SSH than I ever will, but they cannot write, and I wish O'Reilly's editors would start enforcing some kind of quality control in their publications. There are free tutorials out there that are better than this tripe, and many of them are written by 11 year olds. ... Read more