Linux Security Cookbook. Security Tools & Techniques
by Daniel Barrett, Richard Silverman and Robert Byrnes
O'Reilly 2003.
ISBN 0-596-00391-9. 311 pages. Index. $39.95
Reviewed by Robert Bruen January 13, 2004
There are a number of good Linux Security books out there, for example, Real World Linux Security, Hacking Linux Exposed, Hackproofing Linux and Linux Security, so why another one? Each book has its strengths and weaknesses, no one book does it all. Each has its own mission and approach. Cookbooks in general are helpful because they condense the problems into a short, easy to follow recipes. They are not intended to be read at one sitting. When you need a method to follow without requiring the theory, the cookbook is the place to go.
The value of cookbook is determined by how good it is. Is the coverage broad enough and is it the correct coverage? Are the recipes easy to follow? Do they actually work? Do the authors know what they are doing? No cookbook will replace a total security plan, but a good cookbook should be part of the plan.
The Linux Security Cookbook answers all these questions in the affirmative. The authors realize their book is just part of an overall plan and they make it fit in properly. It can be used as the quick-start for the impatient or as a dictionary by the forgetful who drop a step in some piece of software. One of the important uses is as a checklist. Very few of us know everything or can remember it all even if we did. You can either look up a specific problem, such as how to encrypt Pine email or you can just open it up to a random spot and read.
By reading through little by little, you could learn quite a bit about practical security on Linux, and by extension general security principles. If you have not yet been bold enough to try Tripwire or Kerberos, the recipes might give you that little extra boost of confidence because it is so straightforward. Although I really like the Snort 2.0 book, the recipe in this book makes starting it up and using it pretty simple. The authors point out helpful details such as which Linux distro (distribution) comes with Snort (e.g., SuSe) and which does not (e.g., Red Hat). Not all Linux distros are created equal.
There are almost 200 recipes in the book covering protecting files, encrypting files, firewalls (iptables), authorization, network access and the longest chapter: testing and monitoring. You are not left hanging after you have tried a few recipes. This is quite "pen-testing" (checking input/output validity), but it has a similar flavor. For example, finding writable files, examining /proc, watching traffic, checking on open ports, and other techniques are presented in a simplified manner. If you are new to this, it is a good starting point. Each recipe is organized nicely into problem, solution and discussion and yes, with code or commands as needed,
This is highly recommended book to round out your Linux security bookshelf, especially if you are a Microsoft admin seeking Linux knowledge or a Linux admin seeking security knowledge.