UKUUG home


(the UK's Unix & Open Systems User Group)






Book Discounts

Other Discounts

Mailing lists






Linux Security Cookbook Daniel Barrett, Richard Silverman and Robert Byrnes
Published by O'Reilly and Associates
332 pages
£ 28.50
Published: 13th June 2003
reviewed by Mick Farmer
   in the September 2003 issue (pdf), (html)

I really enjoyed this book. Some years ago, when at work I first migrated from Sun to Linux, my early Red Hat system was hacked (I think this is called rooted these days) by the trinoo crowd and was used as part of a denial of Service (DoS) attack on some remote hosts. Since that episode I have been security conscious, so I thought this book would check my defences, so to speak.

The book consists of nine chapters, each covering a particular aspect of Linux security or a particular tool. Red Hat 8.0 and SuSE 8.0 are the target distributions, but much of the information is generic.

The first chapter is concerned with Tripwire, an open source integrity checker, that stores a snapshot of your (unhacked) files that is used to periodically check for any discrepencies. I followed the instructions given and soon had basic integrity checking working - something I had always meant to do but had never got around to! This chapter also contained many recipes for different levels of paranoid integrity checking together with sections on verifying RPM-installed files and what to do if you can't use tripwire.

The second chapter covers firewalls using iptables and ipchains. I use iptables as my first line of defence and was pleased to discover that my personal rules for blocking access were covered in this chapter. Basically I only allow incoming Secure Shell (SSH) connections from the static IP address of my home ADSL router! Various sections covered the general housekeeping chores necessary to maintain a firewall on a single machine.

Chapter 3 covers network access control, i.e. incoming connections. Some preliminary sections on network interfaces are followed by recipes for enabling/disabling services via xinetd or inetd. Once again I noted that my own paranoid view of disabling all unnecessary services was dealt with, as were topics such as restricting access by user, host, time of day, etc.

Chapter 4 covers authentication techniques, primarily Pluggable Authentication Modules (PAM), Secure Sockets Layer (SSL), and Kerberos. SSH has its own chapter. This chapter focuses on basic setup and maintenance. I confess to not bothering to use SSL certificates or Kerberos.

Chapter 5 is about authorization control. It contains a number of recipes for configuring sudo so that a user can run commands as another (usually root) user. Since I'm the only user of my current Red Hat 8.0 system I don't use sudo. Perhaps I should!

Chapter 6 is about protecting outgoing connections, primarily using SSH and its relatives. Many recipes cover different flavours of public-key authentication. I followed these instructions and even went as far as using ssh-agent to allow authentication without typing a password or passphrase. All good stuff.

Chapter 7 is concerned with securing data, i.e. files. It covers everything you need to know about employing the Gnu Privacy Guard (GnuPG) which is an open source replacement for Phil Zimmerman's PGP. The recipes work fine and you can read my digital signature at the end of this review.

Chapter 8 is about protecting e-mail. Recipes show how to encrypt mail using a number of popular mailers and how to secure mail access using SSL and SSH. At work my mail is handled separately, so this chapter was not tested.

Chapter 9 covers testing and monitoring and, as such, is something of a mixed bag. I tried using John the Ripper to check my password strength, but it was still running after 48 hours so I gave up. There are the usual recipes for checking suspicious accounts, finding setuid (and getuid) programs, and securing device special files - much of which can be handled by Tripwire. I used chkrootkit to test for possible rootkits, worms, and trojans (none found). I used nmap to test for open ports (none). I used tcpdump and ethereal to watch my network traffic. There were a number of recipes on using snort as a packet sniffer which I skipped over. Once again I was pleased to see that I was already using the recipes to maintain and rotate log files. This chapter finishes with information on how to recover from a hack and how to file an incident report.

I think my machine is more secure than before I read this book. The advice is good and pitched at, for me, the right level. References were up-to-date as far as I could see. I would certainly recommend this book to anyone wanting to secure, or test the existing security, of a Linux system.

Back to reviews list

Tel: 01763 273 475
Fax: 01763 273 255
Web: Webmaster
Queries: Ask Here
Join UKUUG Today!

UKUUG Secretariat
More information

Page last modified 03 Apr 2007
Copyright © 1995-2011 UKUUG Ltd.