Slashdot Mirror

← Back to Stories (view on slashdot.org)

Best Linux Security Books?

Posted by Cliff on from the resources-for-locking-down-Linux dept.

RyuMaou asks: "I'm about to move a small company from an old, ailing Windows server to some flavor of Linux and I want to make sure they're proprietary information is safe. Here's the problem: I've only run Linux as an application server, behind the firewall, in a Novell environment. Time is short and I have limited resources and want to read at least one really great book on Linux security, then follow that up with some good reinforcement. I know the information is mostly available on the Internet for free, but I like reading actual books, not printouts. So, if you had to pick five books, or fewer, on Linux security, what would you read?"

2 of 33 comments (clear)

  1. Scary by PhiznTRG · · Score: 4, Insightful
    This type of question always scares me - if this guy was attempting to work on my network, the last thing I would want him to do is move to Linux "just because".
    Why are you moving the server to a platform you are not familiar enough with? Because you have used it in an unrelated application? Is there something wrong with the Windows server (besides being old and the typical Windows bashing?)

    I'm all for trying things out but is it right to do this with a clients "proprietary" data? What is your backup plan? Will the server store the information as well as act as the firewall? Why Linux and not a flavor of BSD?

    After all of that, whlie a book may feel nice - you will get much better and more up to date information on the 'net.

  2. Re:Does it have to be Linux? by ehvoy · · Score: 4, Insightful

    Minimize services

    1. Install distribution

    2. Comment out all services running via /etc/inetd.conf and run "killall -HUP inetd" (if inetd is running at all).

    3. For services you want running, determine which ones are only needed by the machine actually running the services and research how to get them listening on 127.0.0.1 only. Implement. smtp is usually the one I do this for so I can send emails but don't have to worry about external abuse.

    4. determine your default runlevel by opening "/etc/inittab" and looking for a line like "id:n:initdefault:". The number is your default runlevel.

    5. run netstat -tunap to get a list of services listening on the machine. Browse /etc/init.d to get their startup script names.

    6. Open /etc/rcn.d and delete the files representing services you do not want to start up based on result of step 5. Or just uninstall them with distribution's installer software.

    7. install logcheck/some kind of log auditing software that can email you hourly errors/warnings.

    8. forward root's email via /root/.forward file or /etc/aliases.

    Patch if needed. Subscribe to distribution security mailing list, subscribe to bugtraq, check for new patches every week via distribution's upgrade/patching tool, if a patch is not available for a particular vulnerability, think of ways to survive if server is compromised.

    Partially there. Now just need some nice slashdotter to confirm I am on the right track, correct me where I am wrong and offer other options or a book that continues beyond this.