Slashdot Mirror
Best Linux Security Books?
RyuMaou asks: "I'm about to move a small company from an old, ailing Windows server to some flavor of Linux and I want to make sure they're proprietary information is safe. Here's the problem: I've only run Linux as an application server, behind the firewall, in a Novell environment. Time is short and I have limited resources and want to read at least one really great book on Linux security, then follow that up with some good reinforcement. I know the information is mostly available on the Internet for free, but I like reading actual books, not printouts. So, if you had to pick five books, or fewer, on Linux security, what would you read?"
Linux is ok, but iptables is a mess if you are going to be doing firewalling[1].
Why not use OpenBSD? I might recomend using Absolute OpenBSD, Secure Architectures with OpenBSD, and Building Firewalls with OpenBSD and PF. Of course the OpenBSD man pages are superb. You also have access to CARP (rather an implementation that works as expected), plus you get the benefit of not having to update very often (I've only had to patch SSH and FTPD in the last 2 or 3 years).
[1]Shorewall does make this easier though.
/* oops I accidentally made a comment, sorry */
I recommend Bob Toxen's Real World Linux Security, it's a year or two old but still chock-full of goodness.
I'm a huge advocate of McKusick's Kernel Internals course. It's essential for anyone serious about understanding the core components of the OS. The videos are like a grand, but you can find it free in a lot of libraries, or you might be lucky to catch a copy on half.com.
Has a 5 year old copy of "Maximum Linux Security" from Sam's Publishing.
It's really only slightly dated, and I have no idea if an updated version is available, but it's a good start.
HexaByte - he's a square and a half!
While books are good, you will have to wade through a lot of verbiage to find the gems. Although they won't provide the historical and technical backgrounds, you should seriously consider beginning with industry benchmarks rather than trying to make up your own.
y =stepxstep&portal=d3e56294b582309b0d88a6990e8621ce
Try these for starters:
Center for Internet Security
http://www.cisecurity.org/
SANS Step-By-Step Guides
https://store.sans.org/store_category.php?categor
Both will provide you with a checklist to secure your systems, and although neither will be "all inclusive" they will give you a foundation to build your security program on.
In large enterprises subject to regulatory oversight and external auditing they use these as a starting point.
Hope this helps,
Jim Robinson Jr., CISSP
I've found Bill McCarty's SELinux book particularly useful for understanding the implementation of mandatory access controls on Linux.
Can You Say Linux? I Knew That You Could.
I was surprised to see that nobody had mentioned Nessus and/or Nmap yet. They're excellent at showing you what you're exposing to the outside world. I should however caution you that they're merely a companion on your journey to security, not the path.
Game! - Where the stick is mightier than the sword!
2) Stop and Disable network servers that you do not need right now (e.g. chkconfig --del)
3) Restrict access to the rest using built in ACLs, tcp_wrappers (i.e. hosts.allow/hosts.deny) and/or iptables/netfilter.
4) Set strong passwords where applicable.
5) Keep patched up-to-date.
6) If your distribution includes SELinux, consider enabling it. Test thoroughly before moving to production status.
7) Perform regular backups.
8) Test your backups and your backup hardware.
9) Monitor log files.
To do anything more than that requires fairly extreme justification, and will increase costs due to administrative overhead. Doing the above will probably render your site a less attractive target than 90-something percent of sites. If you and a friend are running away from a tiger, you don't need to outrun the tiger - just your friend. :-)