Publisher: O'Reilly & Associates
Available for download is chapter 9 entitled "Testing and Monitoring (Sample Recipes)".
If you work with Linux you certainly know of many resources where you can get your questions answered when running into a problem. When it comes to securing your Linux box, there's a myriad of things you have to think about and this is where this cookbook comes into the picture. The authors aim to provide you with quick recipes for various issues. Read on to find out if this beats searching for information in the usual places.
About the authors
Dan Barrett has been immersed in Internet technology since 1985 and is currently working as a software engineer. He has written several O'Reilly books, as well as monthly columns for Compute! and Keyboard Magazine.
Richard E. Silverman has a B.A. in computer science and an M.A. in pure mathematics. Richard has worked in the fields of networking, formal methods in software development, public-key infrastructure, routing security, and Unix systems administration.
Robert G. Byrnes, Ph.D., has been hacking on UNIX systems for twenty years, and has been involved with security issues since the original Internet worm was launched from Cornell University, while he was a graduate student and system administrator.
Inside the book
First off I have to note that this is not a typical book on Linux security. You won't find any comprehensive overviews but rather hands-on down 'n dirty instructions on how to complete various tasks. Let's explore what the authors have prepared for you.
I must admit I was pleased with the way the authors think already at the very beginning of the book where they discuss working with Tripwire. They start with Tripwire since it's basically the first line of defense you should implement before putting your Linux box online or make it available to other users. If you are not familiar with Tripwire, it's an integrity checker that takes a snapshot of your system and enables you to see modifications made to your system.
The second topic of discussion is firewalls. Linux has a firewall built right into the kernel and it can be configured with the ipchains and iptables interfaces. Besides showing you what you can configure and how, the authors guide you further by providing some insightful information on why you should do something in a given way. This is very helpful if you're wondering, for example, what kind of firewall rules you should setup for a home computer and which ones for a router.
Next you get into network access control as you learn about the various layers of security a system administrator needs to control. The authors write about xinetd, inetd, restricting and logging access, and more.
What follows is a chapter dedicated to authentication techniques and infrastructures. Depicted are the following authentication systems: Pluggable Authentication Modules (PAM), Secure Sockets Layer (SSL), Kerberos and Secure Shell (SSH). As everything else in this cookbook, there's no in-depth information but rather setup instructions and scenarios. This is exactly why you get a list of resources you can use to get deeper understanding on a certain topic.
As the book moves on, you learn a whole lot on authorization controls. As in the previous sections, the authors cover much ground. Some of the topics you can read about are: bypassing password authentication in sudo, sharing files using groups, logging sudo remotely, sharing root privileges via SSH and sharing root privileges via Kerberos su. Also given are a few careful sudo practices that will certainly improve your working experience.
Incoming network connections are not the only ones you have to worry about. That's why chapter 7 deals with the protection of outgoing network connections. The authors underline the insecurities present in telnet, ftp, rsh and others while recommending the use of OpenSSH. A collection of practical tips surrounding OpenSSH are presented.
The authors continue by discussing data protection. They start by writing about file permissions and then introduce you to the Gnu Privacy Guard or more popularly known as GnuPG, an excellent piece of encryption software included with most Linux distributions.
The most popular medium for online communication is certainly e-mail. The problem is its insecurity so the following chapter shows you how to secure it. What you learn here is how to secure e-mail from sender to recipient, between mail client and mail server, and at the mail server. You see how to encrypt e-mail with popular clients such as: Pine, Mozilla, Evolution, mutt, etc.
In chapter 9 the authors note that in order to keep your system secure you have to test it for security holes and monitor for unusual activity. Here you read about tools and techniques that you can use for testing and monitoring of your system. The covered areas are: logins and passwords, file systems, networking and logging. The tools mentioned include: John the Ripper, chkrootkit, tcpdump, Ethereal, Snort, and others. The close the book, the authors show you what to do in order to recover from a hack and how to report it.
The authors managed to put together a collection of easy-to-follow recipes that are very valuable to anyone interested in Linux security. As you may have noticed from the review, they packed a plethora of knowledge into a rather small amount of pages. This is excellent as it makes the book very portable and assures you that you get only the essential information when you need it.
All in all, an excellent reference guide for anyone working with Linux.