UKUUG home


(the UK's Unix & Open Systems User Group)






Book Discounts

Other Discounts

Mailing lists






Linux Server Security (2nd Edition) Michael D Bauer
Published by O'Reilly Media
544 pages
£ 31.95
Published: 21st January 2005
reviewed by John Collins
   in the June 2005 issue (pdf), (html)

This book is a second edition of a book previously entitled ``Building Secure Servers with Linux''. Its new name is probably better as it assumes people have Linux servers to start with and now want to keep it away from the great unwashed.

It is alas, a cruel necessity that make you have to spend time checking and enhancing the security of your system. If you leave a single loophole, someone will jump through it soon. We get people trying to get in via SSH by brute force attacks with about 2000 user names about once a day. Once in a favourite trick is to exploit a loophole in some server process to get root access and then install ``rootkits'' which as well as creating server processes -- probably to relay spam -- insert doctored versions of ls, ps, etc which don't display the inserted modules or processes. And they chattr all sorts of things to make it awkward for you to clear up the mess.

The book mentions just about every topic I could have thought of, quite a lot I didn't think of, and not a few things I didn't know anything about before, for example alternatives to syslogd. Successive chapters deal with network and IP security, remote administration, OpenSSL, DNS, LDAP, database (particularly MySQL), email and various email servers, web servers, FTP, log management and intrusion detection techniques. Quite a lot of time is spent defining terms you will probably have already met to even get that far -- for example ``what is an algorithm'', and ``what is public-key cryptography''.

As it covers so many topics, it cannot cover anything in very much detail. For example, I tried to look up PAM and MySQL security features ``in anger'' but found the former barely mentioned and the latter didn't really cover quite what I wanted. The style is to outline each particular problem and give you a collection of pointers as to how to tackle it, but without a lot of detail. It has an extensive bibliography and website list at the end of each chapter to tell you where to go and to download documentation and up-to-date replacement software.

You will need to get to grips separately with each aspect sooner or later and you certainly have to go for the more detailed documentation in each case but I think within the limitations of its scope this book is a good, well-written and fairly comprehensive overview and introduction to each topic.

Back to reviews list

Tel: 01763 273 475
Fax: 01763 273 255
Web: Webmaster
Queries: Ask Here
Join UKUUG Today!

UKUUG Secretariat
More information

Page last modified 02 Apr 2007
Copyright © 1995-2011 UKUUG Ltd.