Building Secure Servers with Linux is another fine example of the type of books O’Reilly release. The same high level of technically accurate content can be expected as usual. This book covers a range of detail, beginning with a more abstract scope, slowly winding to the specifics, finally arriving at hardening Linux itself. To starting out, the book has a chapter that overviews the threats and risks, and how these are managed, clearly explaining the jargon used as it progresses – I’m sure this is welcomed by those that are not in the know. This chapter is obviously useful for those new to the security world, providing a basic but concise mechanism of evaluating both the threat and risk involved with systems. Narrowing the scope, the book looks at the design of perimeter networks. Again, this book explains the jargon used, and covers the basics behind DMZs and firewalls. The usual beautiful O’Reilly network layout illustrations are utilised within this book, making it much easier to visualise the ideas being portrayed. An overview of Linux’ iptables is included and later in the book, example scripts are provided. The book then moves on to hardening Linux, the main crux of this book. Covering a number of issues, such as disabling and uninstalling unused services, patch updating, etc. The book seems heavily SuSE, Debian and RedHat biased, so this may be a turn off for some users of other distributions, although this book would still prove invaluable as a reference resource. Secure shell (SSH) is covered in this book, and this content seems remarkably similar to O’Reilly’s SSH book, so if you already have the SSH book, you will most probably feel as though this chapter is a complete waste of money. Having said that, if you do not have access to the SSH book, then this chapter will more than cover the topic for you, potentially saving you money down the road since it will save you from buying the SSH book later. Topics covered here are administration, configuration and utilisation of the commands. Tunnelling and TCP port forwarding are also covered. Securing DNS is then covered, making an interesting read since it highlight the weaknesses of DNS, especially those with earlier version of BIND and zone transfers. Email, web and file services are then covered, and provide an interesting read highlighting some areas that are commonly overlooked. One of the nice features of this book is the clear highlighting of real configuration dangers – a side note is utilised which draws the information out of the page, grabbing your attention! The book finishes with an overview of basic intrusion detection. Although still interesting, I found that the book finished at a point that I personally was craving for more. This book comes highly recommended for anyone dabbling with Linux server configurations. Although most of the information provided could be sourced from various resources on the Internet, the book saves both time and ultimately money since all the required resources are there in one concise reference. So, if you are configuring Linux servers, I’d be clicking on the “buy” button right now!
I have used this book for over a year, and return to it regularly, despite having many other Linux books. Covers most of what you need to know to set up a server with firewall, e-mail (postfix and sendmail), Apache, and FTP. The coverage of remote administration with SSH is excellent, and there are also useful sections on tripwire (intrusion detection), log management, and general security concepts. It does not cover installing Linux or getting TCP/IP going, but it's simply the best book I have seen for setting up a Linux server once the basic Linux installation is done. Highly recommended!