Slashdot Mirror

← Back to Stories (view on slashdot.org)

Best Linux Security Books?

Posted by Cliff on from the resources-for-locking-down-Linux dept.

RyuMaou asks: "I'm about to move a small company from an old, ailing Windows server to some flavor of Linux and I want to make sure they're proprietary information is safe. Here's the problem: I've only run Linux as an application server, behind the firewall, in a Novell environment. Time is short and I have limited resources and want to read at least one really great book on Linux security, then follow that up with some good reinforcement. I know the information is mostly available on the Internet for free, but I like reading actual books, not printouts. So, if you had to pick five books, or fewer, on Linux security, what would you read?"

11 of 33 comments (clear)

  1. Scary by PhiznTRG · · Score: 4, Insightful
    This type of question always scares me - if this guy was attempting to work on my network, the last thing I would want him to do is move to Linux "just because".
    Why are you moving the server to a platform you are not familiar enough with? Because you have used it in an unrelated application? Is there something wrong with the Windows server (besides being old and the typical Windows bashing?)

    I'm all for trying things out but is it right to do this with a clients "proprietary" data? What is your backup plan? Will the server store the information as well as act as the firewall? Why Linux and not a flavor of BSD?

    After all of that, whlie a book may feel nice - you will get much better and more up to date information on the 'net.

  2. Does it have to be Linux? by nocomment · · Score: 4, Informative

    Linux is ok, but iptables is a mess if you are going to be doing firewalling[1].

    Why not use OpenBSD? I might recomend using Absolute OpenBSD, Secure Architectures with OpenBSD, and Building Firewalls with OpenBSD and PF. Of course the OpenBSD man pages are superb. You also have access to CARP (rather an implementation that works as expected), plus you get the benefit of not having to update very often (I've only had to patch SSH and FTPD in the last 2 or 3 years).


    [1]Shorewall does make this easier though.

    --
    /* oops I accidentally made a comment, sorry */
    /* http://allyourbasearebelongto.us */
    1. Re:Does it have to be Linux? by ehvoy · · Score: 4, Insightful

      Minimize services

      1. Install distribution

      2. Comment out all services running via /etc/inetd.conf and run "killall -HUP inetd" (if inetd is running at all).

      3. For services you want running, determine which ones are only needed by the machine actually running the services and research how to get them listening on 127.0.0.1 only. Implement. smtp is usually the one I do this for so I can send emails but don't have to worry about external abuse.

      4. determine your default runlevel by opening "/etc/inittab" and looking for a line like "id:n:initdefault:". The number is your default runlevel.

      5. run netstat -tunap to get a list of services listening on the machine. Browse /etc/init.d to get their startup script names.

      6. Open /etc/rcn.d and delete the files representing services you do not want to start up based on result of step 5. Or just uninstall them with distribution's installer software.

      7. install logcheck/some kind of log auditing software that can email you hourly errors/warnings.

      8. forward root's email via /root/.forward file or /etc/aliases.

      Patch if needed. Subscribe to distribution security mailing list, subscribe to bugtraq, check for new patches every week via distribution's upgrade/patching tool, if a patch is not available for a particular vulnerability, think of ways to survive if server is compromised.

      Partially there. Now just need some nice slashdotter to confirm I am on the right track, correct me where I am wrong and offer other options or a book that continues beyond this.

  3. Real World Linux Security by jimpop · · Score: 5, Informative

    I recommend Bob Toxen's Real World Linux Security, it's a year or two old but still chock-full of goodness.

  4. Get a good overview by Anonymous Coward · · Score: 4, Informative
    Don't focus on security books. Get a thorough overview of UNIX. Security books are only useful once you know where to look for problems. Get your head around the network, user privileges, etc before you worry about specifics.

    I'm a huge advocate of McKusick's Kernel Internals course. It's essential for anyone serious about understanding the core components of the OS. The videos are like a grand, but you can find it free in a lot of libraries, or you might be lucky to catch a copy on half.com.

  5. My bookshelf... by HexaByte · · Score: 3, Informative

    Has a 5 year old copy of "Maximum Linux Security" from Sam's Publishing.

    It's really only slightly dated, and I have no idea if an updated version is available, but it's a good start.

    --
    HexaByte - he's a square and a half!
    1. Re:My bookshelf... by 286 · · Score: 2, Interesting

      I would seriously think twice before buying a five year old book on security. Linux security tools have changed. Maximum Linux Security will have you setting up ipchains!

      I would take `jimpop' advice and go with Bob Toxen's "Real World Linux Security" if you must have a linux book. Besides he is a really nice guy.

      Maximum Linux Security was written by anonymous author(s) who couldn't be bothered to sign there name to their work.

      Your best bet is to grab "Absolute OpenBSD: UNIX for the Practical Paranoid" by Michael W. Lucas.
      You can't beat OpenBSD with a stick... not without physical access to the box at least. ;P

  6. Try looking at Benchmarks by Jim+Robinson+Jr. · · Score: 5, Informative

    While books are good, you will have to wade through a lot of verbiage to find the gems. Although they won't provide the historical and technical backgrounds, you should seriously consider beginning with industry benchmarks rather than trying to make up your own.

    Try these for starters:

    Center for Internet Security
    http://www.cisecurity.org/

    SANS Step-By-Step Guides
    https://store.sans.org/store_category.php?category =stepxstep&portal=d3e56294b582309b0d88a6990e8621ce

    Both will provide you with a checklist to secure your systems, and although neither will be "all inclusive" they will give you a foundation to build your security program on.

    In large enterprises subject to regulatory oversight and external auditing they use these as a starting point.

    Hope this helps,

    Jim Robinson Jr., CISSP

  7. SELinux by macemoneta · · Score: 4, Informative

    I've found Bill McCarty's SELinux book particularly useful for understanding the implementation of mandatory access controls on Linux.

    --

    Can You Say Linux? I Knew That You Could.

  8. Not a replacement for a book... by Mad+Merlin · · Score: 2, Informative

    I was surprised to see that nobody had mentioned Nessus and/or Nmap yet. They're excellent at showing you what you're exposing to the outside world. I should however caution you that they're merely a companion on your journey to security, not the path.

    --
    Game! - Where the stick is mightier than the sword!
  9. Simple rules by cowbutt · · Score: 2, Informative
    1) Stop and uninstall network servers that you will never need (e.g. rpm -e)
    2) Stop and Disable network servers that you do not need right now (e.g. chkconfig --del)
    3) Restrict access to the rest using built in ACLs, tcp_wrappers (i.e. hosts.allow/hosts.deny) and/or iptables/netfilter.
    4) Set strong passwords where applicable.
    5) Keep patched up-to-date.
    6) If your distribution includes SELinux, consider enabling it. Test thoroughly before moving to production status.
    7) Perform regular backups.
    8) Test your backups and your backup hardware.
    9) Monitor log files.

    To do anything more than that requires fairly extreme justification, and will increase costs due to administrative overhead. Doing the above will probably render your site a less attractive target than 90-something percent of sites. If you and a friend are running away from a tiger, you don't need to outrun the tiger - just your friend. :-)