Book Review

Linux System Security: The Administrator's Guide to Open Source

• Authors: Scott Mann and Ellen L. Mitchell
• Publisher: Prentice Hall
• URL: http://www.phptr.com/
• ISBN: 0-1301-5807-0
• Price: $48.99 US
• Reviewer: Ibrahim F. Haddad

Linux System Security offers ways to protect Linux systems from break-in, as well as to detect evidence of attacks quickly. The book is intended to provide readers with skills, knowledge and tools that will allow them to prepare their systems for use in production environments. The methods discussed are from the perspective of restricting use to authorized access and making it as difficult as possible for crackers to gain access.

The book covers all aspects of Linux security and has plenty of practical tools and techniques for achieving it. The authors discuss common hacks and penetrations of Linux systems and show administrators how to protect themselves, set traps and trail hackers, using publicly available, open-source security tools. The tools are used to analyze, protect and monitor systems and networks.

In order to provide an accurate representation of the book's contents, the following is a summary of each of the 18 chapters in Linux System Security.

• Chapter 1--The authors guide the reader through a system vulnerability survey and discuss security policies. Various types of vulnerabilities and attacks are outlined, which is handy for people with no previous exposure to these issues.
• Chapter 2--A good overview of how to prepare a Security Policy and a useful framework for its implementation.
• Chapter 3--Background information on BIOS passwords, LILO, startup scripts, TCP/IP networking and cryptography is offered. Concepts and utilities are presented that are referred to throughout the book.
• Chapter 4--Necessary basic security issues related to user and group accounts management, using the root account, files and directories' permissions as well as file system restrictions are discussed.
• Chapter 5--Thoroughly pluggable authentication modules are presented along with a practical and comprehensive overview of PAM, its configuration and administration.
• Chapter 6--An in-depth discussion is offered of two different one-time password programs, S/Key and OPIE, and how they reduce considerably the risks associated with system access by utilizing a password only once.
• Chapter 7--System and connection accounting are explained. It describes in detail the commands that allow information collected by the accounting system to be viewed.
• Chapter 8--The syslog (system logging) utility is covered in great depth; syslog, its workings and the /etc/syslog.conf configuration file are all discussed. This chapter is the most informative piece on syslog I have ever seen.
• Chapter 9--An explanation of how to obtain, install and configure the Superuser utility, it talks about sudo's options, features and vulnerabilities.
• Chapter 10--The features, functionality and weaknesses of inetd, TCP_wrappers, the portmapper and xinetd are covered.
• Chapter 11--Implementation and configuration of the secure shell, SSH, one of the most important utilities in the public domain, is explained. The authors describe how to build an encrypted tunnel between two or more hosts, protecting all aspects of the communication.
• Chapter 12--Crack, a tool that attempts to guess passwords, receives an in-depth explanation of how to build, configure and use it. The authors did not fail to address the ethical issues surrounding such a tool.
• Chapter 13--How to audit the system with Tiger, a set of scripts and programs that help identify system vulnerabilities is explained. The authors provide an overview of, how to obtain, install, configure and use it.
• Chapter 14--An overview of Tripwire, which acts as a valuable alarm system. The authors describe how to get, install and configure it, as well as how to securely store its databases and configuration files. Any Tripwire user will find this chapter valuable for its explanations and information.
• Chapter 15--Two publicly available tools to protect data through encryption are explored and compared. The Cryptographic and Transparent Cryptographic Filesystems (CFS and TCFS) that assist the system administrator secure data.
• Chapter 16--The focus is on packet filtering with the ipchains utility, and how to configure this utility to limit connections through a Linux system connected to two different networks.
• Chapter 17--Log file management as an essential part of system security and various log management tools, such as logrotate and swatch, are discussed.
• Chapter 18--An overview of the book's topics is offered along with ways to simplify the process of implementing, configuring and utilizing Linux security features and various publicly available tools.

Linux Systems Security is an essential book for system administrators and security professionals. It covers topics related to Linux systems security with a focus on freely available tools. The book helps identify system vulnerabilities and offers plans for security administration. It highlights how to detect intrusions and how to secure file systems, e-mail, web servers and other key applications. The book also emphasizes administrative security duties with discussions of system accounts, logging, superuser safety and secure network services.

A nice feature of the book is that the authors approach the subject from a practical point of view by emphasizing the use of software and providing references at the end of each chapter for further investigation. Another characteristic is the use of many examples, charts, tables and graphs to illustrate complex processes and concepts.

If you depend on Linux to run mission-critical networks, and you want to protect your Linux system, the procedures outlined in this book will certainly reduce your system's level of vulnerability.

Ibrahim F. Haddad (ibrahim.haddad@lmc.ericsson.se) works for Ericsson Research Canada in the Systems Research Division. He is currently a Dr Sc candidate in computer science at Concordia University in Montreal.