Linux Server Security, Second Edition

By Michael D. Bauer
January 2005
Pages: 542
ISBN 10: 0-596-00670-5 | ISBN 13: 9780596006709
(4) (Average of 2 Customer Reviews)

Book description

Linux Server Security, 2nd Edition expertly conveys to administrators and developers the tricks of the trade that can help them avoid serious security breaches. It covers both background theory and practical step-by-step instructions for protecting a server that runs Linux. Packed with examples, this must-have book lets the good guys stay one step ahead of potential adversaries.

Academic Supplement

These downloadable review questions, quizzes, and other materials in convenient PDF format will help you use this book in an academic setting. Add the Student Workbook for Linux Server Security to your shopping cart as a FREE purchase. After you check out, you'll be able to download it from your My Account page.
Full Description

Linux consistently appears high up in the list of popular Internet servers, whether it's for the Web, anonymous FTP, or general services such as DNS and delivering mail. But security is the foremost concern of anyone providing such a service. Any server experiences casual probe attempts dozens of time a day, and serious break-in attempts with some frequency as well. This highly regarded book, originally titled Building Secure Servers with Linux, combines practical advice with a firm knowledge of the technical tools needed to ensure security. The book focuses on the most common use of Linux--as a hub offering services to an organization or the Internet--and shows readers how to harden their hosts against attacks. An all-inclusive resource for Linux users who wish to harden their systems, Linux Server Security covers general security such as intrusion detection and firewalling a hub, as well as key services such as DNS, the Apache Web server, mail, and secure shell. Author Michael D. Bauer, a security consultant, network architect, and lead author of the popular Paranoid Penguin column in the Linux Journal, carefully outlines the security risks, defines precautions that can minimize those risks, and offers recipes for robust security. He is joined on several chapters by administrator and developer Bill Lubanovic. A number of new security topics have been added for this edition, including:

Database security, with a focus on MySQL
Using OpenLDAP for authentication
An introduction to email encryption
The Cyrus IMAP service, a popular mail delivery agent
The vsftpd FTP server

Geared toward Linux users with little security expertise, the author explains security concepts and techniques in clear language, beginning with the fundamentals. Linux Server Security with Linux provides a unique balance of "big picture" principles that transcend specific software packages and version numbers, and very clear procedures on securing some of those software packages on several popular distributions. With this book in hand, you'll have both the expertise and the tools to comprehensively secure your Linux system.

Post-purchase benefits:

Browse within this book

| Table of Contents | Index | Sample Chapter | Colophon

Book details

Second Edition: January 2005
ISBN: 0-596-00670-5
Pages: 542
Average Customer Reviews: (4) (Based on 2 Reviews)

Featured customer reviews

For Sys Admins., June 02 2005

Rating:

Submitted by Lloyd R. [Respond | View]

Linux Server Security, Second Edition
By Michael D. Bauer
Second Edition January 2005
ISBN: 0-596-00670-5
544 pages, $44.95 US
http://www.oreilly.com/catalog/linuxss2/

This book goes along with the moving trend of the normal computer user, securing your data. Servers generally are targeted more often than the average home PC because most are made to be accessible from the outside world. This is where securing that server comes into play. This book covers the tools and techniques to securing your Bastion host.

First I'd like to start out and explain what Bastion host means as according this book so you can understand what this book covers more specifically. Bastion Host is defined as "A system that runs publicly accessible services but is usually not itself a firewall. Bastion hosts are what we put on DMZ (although they can be put anywhere). The term implies that a certain amount of system hardening has been done, but sadly, this is not always the case."

After you understand what a Bastion host is defined as, you should understand that this book mainly covers these server daemons and the systems that run them. But some of the information applies to a Linux desktop system such as a per host iptables firewall, using secure shell, keeping up with your logs, and intrusion detection. Most of these things the average user doesn't care much about but sometimes being paranoid comes in handy.

Someone who would most likely use this book more than the average desktop user would probaly be a system administrator. Securing web, database, ftp, dns, and email servers is what majority of this book contains. Along with covering these server systems, there are guides to securing the Linux system that runs these daemons along with designing the networks around these types of hosts.

One of the sections I'm most fond of is Chapter 2: Designing Perimeter Networks. With this section you can really take a look at the design and layout of the different types of networks and figure out the portions that suit your needs for your own network. The diagrams shown in this chapter help explain what is going on with the traffic and allows you to see exactly what is going on and at what points the systems are protected.

At the end of the book there are 2 well commented iptables firewall scripted that allow you to get a feel for the netfilter iptables system if you're not familiar with it already. With some modification of these scripts you can easily bring them into a working environment depending on your situation, which sometimes these helps with some of the frustration with the iptables syntax. I personally prefer the PF system within OpenBSD for it's clean syntax and have grown away from iptables, but both are powerful firewall systems and should fit the needs of your network.

I'd definitely recommend this book to system admins or anyone who is paranoid about their security. Security is always something that people should be educated about.

Lloyd Randall
Pensacola Linux User's Group

A good set of toolsuites, February 26 2005

Rating:

Submitted by Sankarshan [Respond | View]

Linux Server Security seems to be the buzzword in corporates and a lot of Infrastructure Services Group Leaders are spending considerable amounts of time securing the systems.

Server Security has for long been considered as somewhat of a black art with the arcane details of it being shared among the few members who are part of the charmed circle. This book attempts to put the logical nature of Server Security in perspective by bringing together both the fundamentals as well as the practical toolsuites which help a long way in providing stable and secure Linux servers. If not for anything else, then for a description of the toolsuites this book is a worthy reference material.

The section on Cyrus IMAP service is a welcome addition. As the world slowly moves towards a Cyrus-SASL-Kerberos stack for the mailing services, securing such service would be a high item on the agenda. The discussion of the services that make up various Linux servers, beginning with the basic principles and slowly moving into the security best practices would be useful to those who want to create secure server services but were at a loss in the sea of URLs.

The sections on Database Security, Intrusion Detection Services and System Log management are well written especially for the novice users. The underlying assumption that secure bastion hosts are required by anybody drives the book towards a very granular level of discussion of the services. Be warned however, that firewall as a component is not discussed in great detail. A subset of the same is provided but enough forward looking references are provided which can be put to implementation and further tweaking.

Securing Linux services is best done through tinkering and practical implementation of the tools. The fundamental principles provide the underlying causal agents and causal loops, without implementation nothing much is possible.

In short, it is a very good book and worth buying. Go ahead and get your copy.

Read all reviews

Media reviews

"Michael D. Bauer's Linux Server Security isn't for the casual learner; it's a computer toolbox in a book offering intermediate Linux system users a second edition of a classic, adding numerous new security topics and discussions of encryption and mail delivery processes for Linux system administrators and server hsts alike. You don't have to have a security background to use Linux Server Security: just a working familiarity with the system overall."
--James Cox, Midwest Book Review, May 2005

"Even Windows administrators can't get very far away from Linux these days, and the more you know about it the better off you'll be, especially in the area of server security. This book is essentially a tutorial in hardening Linux servers and covers important topics like using iptables, secure remote administration, OpenSSL and Stunnel, and securing various server roles including DNS, LDAP, database, email, and web servers. Good familiarity with basic Linux administration is assumed of course, but the procedures are clearly described and easy to follow even if you're not a Linux guru."
--Mitch Tulloch, WindowsSecurity.com, April 2005

Hide extended reviews