Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Security Books Media Book Reviews

Real World Linux Security, 2nd Edition 109

Berislav Kucan writes with the following review of Real World Linux Security, 2nd edition. If you've already had a break-in, or just want to avoid it in the future, this book has some tips for you.
Real World Linux Security, 2nd edition
author Bob Toxen
pages 848
publisher Prentice Hall PTR
rating 10
reviewer Berislav Kucan
ISBN 0130464562
summary In the mentioned 800 pages, this book proves to be pure gold, when we are talking about all aspects of Linux security. Well written, filled with lot of interesting tips and facts about securing the Linux environment, the book can be used both for pumping your knowledge and as a reference in your future security related work.

Who's behind this book?

The author of this book, Bob Toxen, is one of the 162 recognized developers of Berkeley UNIX. He has more then 28 years of UNIX and 8 years of Linux experience. Trivia from his resume includes that he was one of the four developers who did the initial port of UNIX to Silicon Graphics hardware, that he was an architect of the client/server system used by NASA's Kennedy Space Center and that he wrote the "The Problem Solver" column for popular UNIX Review magazine. Currently he is a president of Fly-By-Day Consulting, Inc. offering Linux security-consulting services.

The cover

The Real World Linux Security cover features Cerberus, the three headed dog that safeguarded the entrance to Hades. Hades is an underground place from Greek mythology where deceased people ended up. Cerberus was there to stop the demons from Hades to escape into our world, and vice-versa - stopping the living people entering the Hades. Mr. Toxen did a metaphor connecting the three headed demon dog to a system administrator. How come? "This is not unlike the security aspects of system administrator's job and it certainly seems to require three heads to keep ahead of the problem," he notes.

Inside the book

From the introduction credits, you can see that this book will be an interesting read. The author has a lot of expertise in Linux/UNIX areas, which gives the credibility to the book's title "Real World Linux Security." Another big plus is that the book has about 800 pages of valuable information, divided into these four interest areas:

  • Securing your system
  • Preparing for an intrusion
  • Detecting an intrusion
  • Recovering from an intrusion
Securing your system is an imperative for any system administrator. There are many ways to stay in touch with the latest security problems, so patching vulnerable services must be done on a regular basis. Patching won't keep you secure if you don't consider every "living" thing that runs on your production server as a possible entrance into your system. The first part of the book covers the initial step in the "security ring." There are "Seven Most Deadly Sins," the author is warning us:
  1. Weak and default passwords
  2. Open Network ports
  3. Old software versions
  4. Insecure and badly configured programs
  5. Insufficient resources and misplaced priorities
  6. Stale and unnecessary accounts
  7. Procrastination

If you are interested in various aspects and details on securing your system, you'll enjoy the first 400 pages of the book as it deals with:

  • quick fixes for common problems (shutting down unnecessary services, using quality passwords, limiting access)
  • common subsystem hacking (playing with sendmail, POP and IMAP servers, samba etc)
  • usual hacker attacks (rootkits, packet spoofing, man in the middle and other common attacks)
  • advanced security issues (apache and web server security techniques, buffer overflows)

After securing your system, what should you do as the next step? Well -- secure it even more, of course. The second part of the book continues with hardening the system, which is a must for preparing on a possibility of an intrusion. Possible intrusion must always be on your mind, as no one is safe when connected to the Internet. Vulnerability scanners deployed by crackers don't see the difference between your home computer system, a test e-commerce server or a big consultancy company server -- if you have a vulnerable service running on it, you'll probably get burned. This part introduces you to the world of protecting user sessions with SSH, Virtual Private Networks, PGP/GPG cryptography usage, firewalls and DMZs and preparing your hardware to meet the security readiness. I should especially note a great coverage on iptables with some helpful rule sets both mentioned in the book and placed on the CD.

This publication also bears in mind the situation of your system being compromised. It is noted that probably 10-20 percent of people reading this book will suffer a system break-in. By proactively monitoring your system and keeping up-to-date with security web sites, you can reduce the risk of someone hacking your system to the minimum. As a quality security book should have in mind, Real World Linux Security also deals with the darkest system administrator's moment -- successful compromise. The author explains the steps of regaining the control of your system, finding and repairing the damage, tracking the attacker, and sending him/her/them to prison.

As a notable addition, the author doesn't stay blindly connected with just Linux security. As a true expert in his field, he walks into some areas that aren't closely connected with Linux, but with security in general. One of the examples is a 20 page chapter dealing with security policies. In this mini suggestion to the decision makers, he guides us through the possible policies - from accounts and e-mail to network topology, problem reporting and even policy policies.

Another good part that came from Mr. Toxen's experience is a part called "Case studies." Several stories contained in this area describe some of the actual cases that can be compared with hacking history jewels like "Masters of Deception: The Gang That Ruled Cyberspace" by Slatalla/Quittner and "Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage." Stories here describe old-school playing cat-and-mouse with Berkeley sysadmins back in late seventies and making virtual-machine trojans to the latest issues with easy DNS information changes and Microsoft's Visual Studio .Net getting shipped with Nimda worm.

The CD-ROM

The accompanying CD-ROM contains the author's own software for instantly locking out attackers and alerting system administrators. There are also exclusive iptables and ipchains firewall rules, as well as a collection of tools for monitoring network health, detecting and reporting suspicious activities, securing backups, simplifying recovery etc.

The CD has two main folders: "book" and "net." The "book" folder contains up to 100 files, mostly written by the author especially for the needs of this book. These files include Cracker Trap software, sample iptables and ipchains scripts and various useful programs for doing different security related activities. The other folder contains about 40 MB of security software that the author used as references in this book. The tools from this section contain: crack, firestarter, sniffit, john the ripper, LIDS, netfilter, ntop, samhain, snort and more. As you can see, Mr. Toxen has really worked hard to make this CD a worthy addition to the book.

The verdict

After reading some of the comments on the first edition of this book and briefly taking a look at the chapters of this second edition, I knew it would be a great read. After reading it, I must say that "Real World Linux Security" is even better -- I can even say terrific. In the mentioned 800 pages, this book proves to be pure gold, when we are talking about all aspects of Linux security. Well written, filled with lot of interesting tips and facts about securing the Linux environment, the book can be used both for pumping your knowledge and as a reference in your future security related work.

The release of a second edition of this book was proven to be a good choice, and I am really looking forward to the possible third edition in the future.

An interview with the author is available here.


You can purchase Real World Linux Security from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

This discussion has been archived. No new comments can be posted.

Real World Linux Security, 2nd Edition

Comments Filter:
  • I have used it on many occassions to tighten up some particularly loose default installs[1]. It has great advice that everyone should follow.

    Which is the problem, really. Why is this security stuff put on the user/administrator to do? This is OS-level work. The people who really need this book are the Alans and Linii of the world. It's their fault that Linux requires a 600 page book to make it usable, make them fix it.

    [1]*cough*debian*cough*

  • by Noryungi ( 70322 ) on Wednesday December 18, 2002 @11:53AM (#4915221) Homepage Journal
    And his book is definitely on my "must buy ASAP" list!

    For more info, refer to this interview on Linux Online [linux.org] and also to this article in UNIX Review [cavu.com].

    I mean, the guy was already hacking UNIX systems when Bill Joy was his system administrator!! :-)
    • I've got a copy of the first edition, and it's quite dog-eared, worn out, and bookmarked and dozens of places. IIRC, it was the *only* thing I read (and re-read) for the first 2 months I had it. Very educational stuff, he comes out with things I never would have thought of.

      I'm glad to hear he's keeping it up, and I plan to get a copy of the 2nd Edition ASAP.
    • Thanks for putting up the link to the article
      I wrote with Bob for Unix Review; browsing
      it really brings back nostalgic memories.
  • by _Sambo ( 153114 ) on Wednesday December 18, 2002 @11:53AM (#4915231)
    Could you please suggest a speed reading course that would allow me to read an 800 page book as fast as the /. book reviewers do?
    • by Anonymous Coward
      Could you please suggest a speed reading course that would allow me to read an 800 page book as fast as the /. book reviewers do?

      Just scribble the word TOLKIEN on the front.
    • Imagine how many pages would a Windows security book would take.

      RAID 1 reading: get a bunch of reviewers and make them read different chapters from different copies
      RAID 0 reading: split the book in several parts and get a bunch of reviewers and make them read different chapters
      Promise reading: get a reader read the odd line numbers and other the even ones
    • Can't .... resist ... the ... urge...

      Maybe you should get a Beowulf cluster of readers?
    • > Could you please suggest a speed reading course that would allow me to read an 800 page book as fast as the /. book reviewers do?

      Let me quote Woody Allen on that subject:

      "I went on a speed reading course last week - and it worked! Yesterday I read War and Peace in an hour ... It's about some Russians." :)
  • by Yoda2 ( 522522 ) on Wednesday December 18, 2002 @11:54AM (#4915235)
    "Make-Believe Windows Security"
  • What about LIDS? (Score:4, Interesting)

    by Dick Click ( 166230 ) on Wednesday December 18, 2002 @11:58AM (#4915278)
    While the review indicates LIDS is included in the CD, it does not mention if it is well covered in the text. I believe a Linux security book could really benefit by including a good discussion of LIDS. I find the available LIDS documents a bit lacking, specifically in relation to applying LIDS to a real system, with real users, running real services.

    Anybody know how LIDS is dealt with in this book?
  • by Cy Guy ( 56083 ) on Wednesday December 18, 2002 @12:00PM (#4915298) Homepage Journal
    "You can purchase Real World Linux Security from bn.com."

    SlashDot must have some deal worked out with BN* since they are recommending you buy reviewed books there when they can be bought much cheaper ($34.99 at Amazon [amazon.com]) elsewhere on the web.



    * Full dislosure: yes I have a 'deal' worked out with Amazon in the form of their affiliate program, but it seems the typical shopper should care more about how much they are spending rather than where they are spending it.

    • Hey, you should post a journal detailing how much cash you've made off of Slashdot users clicking your links. How much to you get for a SegWay purchase?

      I hope at least you're kicking some of that money back to Rob in the form of a Slashdot subscription, since he's providing you a free business model.
    • by Anonymous Coward
      It might have something to do with the patents Amazon holds and how they choose to enforce them.

      The typical shopper probably does care more about how much they spend than where they spend it. I know there's a group of shoppers that refuses to support Amazon in anyway until they stop harassing other companies for also using obvious techniques for selling items on the web.
    • It is 29.95 at Bookpool [bookpool.com], although out of stock.
    • This [bestwebbuys.com] site is great for comparing book prices. It even figures shipping for total cost.
      • I also like ISBN.nu [isbn.nu] (though they may be having some technical dificulties currently) and Google's new Froogle [google.com] site, all you have to do is search on the ISBN.

        I've tried Froogle for some other products though and was less satisfied, since it seems to grab the price in closest proximity on the page to the search term you used - which is sometimes for a different product or for some other charge besides the product price like the shipping, warranty, cost of a peripheral.

    • typical shopper SHOULD care where (and what he/she supports by doing so) they spend their cash rather than if they save few bucks by doing so.(going to big megahypersupermarket vs your local cornerstore)

      not that typical shopper cares in reality what ethics the companies they give moneyt are pursuing..
  • by greechneb ( 574646 ) on Wednesday December 18, 2002 @12:01PM (#4915304) Journal
    If it was windows security it would be 8,000
  • Even better (Score:1, Funny)

    by termos ( 634980 )
    Real World is not in a geeks vocabulary, do they really think Linux people will buy this?
  • by burgburgburg ( 574866 ) <{splisken06} {at} {email.com}> on Wednesday December 18, 2002 @12:07PM (#4915362)
    I was going to put that on my list of things to watch out for.
  • I think... (Score:4, Funny)

    by craenor ( 623901 ) on Wednesday December 18, 2002 @12:10PM (#4915389) Homepage
    They intend for you to find the person trying to break into your network...and beat them with the 800 page book...
  • Linux? (Score:2, Interesting)

    by Fulkkari ( 603331 )
    Why call it "Real World Linux Security"? The book sounds more like a book in *NIX security to me. Is this because Linux is pop, or what? Shees. The writer were even a developer of the Berkeley Unix. :-/
    • well he DID mention iptables and ipchains. When was the last time you did THAT with UNIX?
    • The writer were even a developer of the Berkeley Unix.

      If you're trying to fault him for an allegiance to BSD instead of Linux, consider that his BSD work was 15 years before Linux even existed!

      Doh!

      I went to U.C. Berkeley with the author and have a very similar history to his (look for me in the book ;-). We both specialize in Linux these days, not BSD.

      And yes, the book is about Linux.

      What, you think that maybe if you open it, it would be all about BSD security despite the title??? Why comment about what you don't know and haven't bothered to check? Bizarre.

      • What I meant was that different subjects mentioned in the post (like sendmail, Apache, SSH etc.) are quite the same in other *NIXes, like BSDs.

        Even the "ideas" behind the firewall rulesets could be ported to other firewalls.

        So even if some parts are particulary Linux, I got the impression based on the post that the 800 pages include information, that could be usefull to all *NIX admins. So I tought calling it UNIX security would broaden the reader community. :)

        They are not _that_ different after all. :)

        • Ah, I see. Sorry I misunderstood.

          I think you are correct in part -- lots of it certainly is applicable to Unix in general, and some of the anecdotes give warnings that would be useful even on non-Unix systems like Windows.

          But the focus is nonetheless on Linux.

          BTW the author posted several comments here under the user name "Real World Linux Sec" (it was truncated), but not until fairly late in the day, so most readers of the story didn't see them...search the page if you're interested to see his responses to questions.

    • I called it Real World Linux Security because my intent was to provide practical solutions, based on my experience running critical production systems.

      Thus, I give advice on how to recover a compromised system quickly. Other books say "re-install from scratch" or "recover from backup". If one has production data on it, these suggestions from (from other Linux security books) would cause loss of that data. My techniques will save the data.

      One Linux security book says not to remotely manage Linux firewalls because of the risk of locking oneself out or briefly opening up insecure access. I explain how to remotely manage Linux firewalls without the risk of locking oneself out or having even a nanosecond of insecurity. My techniques have worked well for my managing clients' firewalls around the world for three years.

      I start with quick fixes for common problems that everyone can benefit from, especially those new to Linux security. Then I get into increased security in different areas, such as desktop systems, mail servers, web servers, etc.

  • First Ed. was great (Score:4, Informative)

    by nomax ( 165497 ) on Wednesday December 18, 2002 @12:12PM (#4915404)
    If you run a server and have no idea how to secure it, this book will get you to plug all the obvious holes in short order.

    After that it's just a question of how much time and effort you want to expend being safe from the more determined attacks. The strength of this book is that it is organized so you can get the most from your early simpler efforts, but still goes into as much depth as you need if you want to get really serious.

    Recommended.
  • by Cy Guy ( 56083 ) on Wednesday December 18, 2002 @12:12PM (#4915407) Homepage Journal
    The accompanying CD-ROM contains the author's own software for instantly locking out attackers and alerting system administrators. There are also exclusive iptables and ipchains firewall rules, as well as a collection of tools for monitoring network health, detecting and reporting suspicious activities, securing backups, simplifying recovery etc.

    When you say exclusive, I hear closed license. Is that the case? If I get the book [amazon.com], and look at the iptables and ipchains configs provided am I actually allowed to use it on my own firewall box? Am I allowed to recommend them to my friends? My employer?

    The review says the author's own software is also included. What sort of license is it provided under? Is there a EULA with proscriptive provisions? Will I only find out about the license/EULA after I have bought the book and loaded the CD?

    • Copyright is probably not as far reaching as you believe - there are two causes why his scripts might not even be protected by copyright, which is the base of any special licence agreement.

      In fact there are two causes why it is probably not protected by copyright:

      - To simple: In most countries, copyright requires a certain amount of "creativity". A simple firewall script as it is shown in hundreds of tutorials may not fulfil this requirement.

      - You won't copy it: Copyright protects not an idea (as patents do) but a concrete piece of code. If you catch the "idea" from his example code and do your own script (you should do this anyway), there's no problem with copyrights or licences.
    • I guess it depends on what they mean by exclusive. A search on dictionary.com yeilds
      several definitions for the word exclusive.

      exclusive adj.
      1. Excluding or tending to exclude


      Yeah, pretty much sums up a firewall ruleset. Unless your FW ruleset is
      designed to allow everything, they do tend to exclude.

      But my favorite definition is:
      8. Catering to a wealthy clientele; expensive

      Perhaps they are catering to the wealthy people who can afford to purchase the book and read the license agreement on the CDROM?
    • They're just his preferred scripts, etc. The 1st Edition had most of it under GPL or BSD licenses; the remainder were under a "free for personal use" licence as long as the original author is acknowledged. Most of the configs and scripts were printed verbatim in the text also.
  • since, according to this very informed article, Linux is the most insecure OS [wininformant.com]. Not a troll:)
    • That claim, originated by the Aberdeen Group, simply is incorrect. They noted that there were more vulnerabilities posted for Linux than for Windows and drew the conclusion that Linux was less secure than Windows. I've read followups that also said that if a vulnerability occurred in 3 Linux distributions that Aberdeen counted it as 3 vulnerabilities.

      However, Aberdeen's analysis is flawed because it failed to weight each according to its severity (whether it offers a remote root or remote non-root vulnerability, what percentage of the installed base is vulnerable, etc.)

      The reality is that many Windows vulnerabilities are the equivalent of a Linux "remote root" vulnerability and affect either every Windows system running IE or every Windows system that runs IIS. Most Linux vulnerabilities are not remotely exploitable and most of those that are affect only a small percentage of systems.

      Using a valid analysis, a Linux system deployed for the same purpose as a Windows system (e.g., as a desktop system, web server, file server, mail server, or whatever) is far less likely to be violated, in my opinion.

  • To check out a better price Check here [buy.com]

    I can't believe B&N would sell this for $47... I guess they are relying on lazyness. A few mouse clicks will generally yield better results.

  • Wasn't it just a few years ago when I was complaining that there was not enough focus on security? Now there are so many books it is almost annoying. Even casual admins or enthusiasts have that "Hackers Exposed" book.

    At 800 pages, they MUST be re-inventing the wheel to some degree. A lot of those bullets in the contents seem like general things you should know about host-based security in general. Boosk like that usually annoy me - sifting through all that to get to the fresh information is tedious. I have an American attention span, damnit!

    • Now there are so many books it is almost annoying.

      Yah, there are too many books in the world! Burn them! :-)

      sifting through all that to get to the fresh information is tedious

      If you're knowledgeable enough to already know all of the old information, why would you even consider reading a new book? Perhaps you should be writing your own book.

      Oh wait, no, I forgot the "too many books in the world" point. Certainly wouldn't want to contribute to that evil!

      Brand new, cutting edge, up-to-the-moment security information you get from various web sites, not books -- as you surely know.

      • > Yah, there are too many books in the world!
        > Burn them! :-)

        That's funny.

        > If you're knowledgeable enough to already know
        > all of the old information, why would you even
        > consider reading a new book? Perhaps you should
        > be writing your own book.

        I'm not complaining that there are too many books. On the contrary, I'm saying there are not enough - with a narrower scope. Many have a general knowledge of security, but not every single platform. Surely you can see the benefit to writing a concise platform-specific book rather than (or in addition to) yet another biblical security compendium with a one platform focus?

        Imagine being an admin and being tasked with "securing" a client's heterogeneous network. You could either a) read through a general security bible and adapt the concepts to each platform, researching the specific methods yourself, or b) you could have a cookbook-style guide for each platform that names the popular tools, configuration options, and pitfalls.

        I think b) would be quicker and would avoid reinvention of the wheel during implementation. What would really be irritating is if all of those books cost 50 bucks and had 600 pages of duplicate material common to each book.

        > Brand new, cutting edge, up-to-the-moment
        > security information you get from various web
        > sites, not books -- as you surely know.

        At this point, it should be clear that I'm not talking about bleeding-edge changes.

  • This book is a very level look on linux / unix security in general for the new admin or even for the god-like admin theres something even for you. the cd contains various utilities which the book explains the usage of. So you know how to setup a linux box and webserver eh? secure it! great read ... so far
  • by kingkade ( 584184 ) on Wednesday December 18, 2002 @12:44PM (#4915747)
    Who's behind this book?
    The author of this book, Bob Toxen, is one of the 162 recognized developers of Berkeley UNIX. He has more then 28 years of UNIX and 8 years of Linux experience. Trivia from his resume includes that he was one of the four developers who did the initial port of UNIX to Silicon Graphics hardware, that he was an architect of the client/server system used by NASA's Kennedy Space Center and that he wrote the "The Problem Solver" column for popular UNIX Review magazine. Currently he is a president of Fly-By-Day Consulting, Inc. offering Linux security-consulting services.


    Yes, yes -- but is he qualified?
  • by Anonymous Coward
    I had the 1st edition of RWLS and got the second (you can never have too many security books) but found that the 2nd suffered the same problems as the first. There is a lot of space wasted on stuff that's old and doesn't affect any linux machine from the last few years, because the author keeps going on about his hayday years of bsd - things that aren't relevant today.

    There is a lot of stuff on the cd, but it seems like he's just plopped in stuff
    that he wrote for clients, whithout making it obvious where it is appropriate on my machine. I think he would do much better to avoid trying to be an authority on everything and point to texts where they are covered in better detail. rather than writing a half-assed iptables stuff, he should point to the ziegler "linux firewalls" book, which is the true authority, where it hasenough time to get
    real coverage needed.
    • Dear Rambling,

      Almost every issue discussed in the book can affect the newest Linux versions. Most of the problems of BSD that I discuss are in the category of "Those who fail to learn from history are doomed to repeat it".

      Most of my original code on the CD was written for the book. While some of it, such as my substantially enhanced versions of Logcheck and Arpwatch were written for clients, these are of general interest and I have sent my enhancements back to the authors for including in their next versions if they desire. The use of each of my programs is discussed in detail in the book. Logcheck and Arpwatch each get about 5 pages under the obscure titles of "Using Logcheck to Check Log Files You Never Check" and "Using Arpwatch..."

      RWLS 2/e covers many aspects of IP Tables that Ziegler's book does not. This includes how to safely debug a firewall remotely (Zieger says not to bother), a detailed comparison of Tables to Chains for those considering switching, and tips and techniques for working with IP Tables or Chains.

      RWLS's CD contains a complete IP Tables-based firewall rules script that does not need configuration, not even specifying one's external IP address because it figures it out automatically. Ziegler does not provide a CD.

  • by MarkOlszewski42 ( 634723 ) on Wednesday December 18, 2002 @01:14PM (#4916035)
    I got both Hacking Linux Exposed 2nd edition and Real world Linux Security 2nd Edition this year, and hacking Linux Exposed is infinitely better. Most of the new things in RWLS seem to be to make it as good as HEL 1st edition, but they fail to live up. If you want to read good case studies about linux, the ones in HLE are great command-line stuff. THe ones in RWLS are ages old - -the coocoo's egg stuff isa great story, but the guy who was there wrote all about it in much better style than RWLS can do.

    WHat I noticed about the new editions of both books is that HLE took out stuff that's no longer relevant and/or put it online instead, while RWLS just added (often repetitive) stuff. You get a much better bang for your buck with hacking linux.

    Also, hacking linux is donating any money they make from sales to the EFF. See their site [hackinglinuxexposed.com] for more info.

    • Now, see, every once in a while I start to wonder why in the hell it is that I bother reading /. threads. It's posts like these that keep me coming back for more.

      Thank you for the info!

    • This sounds like the same guy that posted a recommendation on Amazon's RWLS 2/e web page, preferring HLE to it. His recommendation (and thus his evaluation of RWLS 2/e) was posted before RWLS 2/e started shipping and thus he could not have read it before evaluating it.

      Regarding "ages old" stories in RWLS 2/e, my discussion of Microsoft's Korean version of .Net having shipped with Nimda was based on a June 2002 report. I then explain nine lessons that can be learned to avoid repeating Microsoft's mistake. For those who actually have read the book, this case study begins on page 387.


    • I got both Hacking Linux Exposed 2nd edition and Real world Linux Security 2nd Edition this year, and hacking Linux Exposed is infinitely better.

      I cannot disagree more. I bought some of the Hacking Unix/Linux series, and they're pretty much large-type-to-fatten-the-book, punk-cracker-posturing affairs. They're worthless for a working admin.

      OTOH, Real World Linux Security -- albeit the first edition -- has been invaluable to me and my team. Toxen knows his stuff, and when we say that, we mean he knows specifics. Like: here's what to do to prevent chroot jails from being broken out of. Here's some stuff you've never seen before to harden Sendmail.

      I cannot imagine why someone would recommend the 'Exposed' series, unless said person is the author or something. That series is not of help to someone who actually has to do this stuff on a regular basis. It is of help if you like to read some socially inept guys posture about what mad hackz they know about.

    • I bought the second addition of RWLS and HLE also, I like HLE much better. I had to order HLE from the publisher so I had RWLS a couple days earlier. I've been reading the same topics in both books, HLE has been more up to date so far. Something that really annoys me about RWLS is being referred to so many other sections. I want to simply read the chapter of interest and learn from it, not jump around all over the book. I will continue to read both books by topic together, and I may come to appreciate RWLS. So far, it hasn't been as helpful as HLE. Compare them before you buy, I wasn't able, HLE wasn't on the shelf yet.
  • http://online.securityfocus.com/archive/98/301300/ 2002-11-24/2002-11-30/0 I was watching this thread a while back that started out as "Are Bad developer libraries the problem with M$ software" and evolved into "Security Education in the Workplace". Last night, i was wearing my defcon shirt while doing some christmas shopping, and the kid behind the counter at Bookman's commented on it. Well, he turned out to be a THIRD year C.S student from ASU...he bitched how ASU and his last professor stressed (crammed down his throat, he said) security, so now he doesn't care about writing with security in mind. No, he said he would never write code with security in mind. He said he'd write the code but never personally use it. I really lost all respect for him, and at first i was pissed, but then again, that can't be such a Bad thing. I'm competing against the likes of him, and he just lowered the bar. As the threads mentioned above point out, it's really about programmers and the entire IT infrastructure being educated about security. At least, our CTO and CIOs should be aware about security, and have the knowledge to know that the kid from ASU would be a liability to a company and their clients. That's the second half of the problem. The second half is just lazy developers who just copy structures blindly or move strings blindly without any checks.
  • It seems like the only obstacles in complete Linux security are the current slew of buggy user-land software that grant such. I use mostly LinuxFromScratch on a 164UX Alpha computer and install software the ol'-fassioned way by only downloading, building, and installing archived sources. I beleive debian's Apt and RedHat's RPM are much too monologous within their simple user-land methodologies. To properly manage the software and security installed on any given workstation, it will require somthing much more sophisticated than Palladium. Now would be a good time to discuss Unix software as a whole in attempt to build a more reliant and secure user interface as well as the secondary goal of preventing Microsoft and the United States (government) from using contracts and intellectual property to defer freedom and/or security on their whim. A kernel-based real-time, on-demand, file auditing routine would make this possible. By any chance, would it be possible to filter binary code into a parsable markup language to filter for any exploits or do we still have a long ways to go and need to consider MONO? But I still degress, the user-land tools and their common-practice installation without fine-grained permissions is what kills many secure systems. All someone needs to do to exploit a system is telnet or ssh with a valid account name and password and the intruder has all the options of the system to their disposal. We have User, Group, Other, what else? I am thinking of a hundred security measures possible with dnyamic symbolic linking of userland applications based on user and group permissions, but it looks much too difficult to implement because anything that breaks today's userland software is what determines the life of an operating system. Exception to Microsoft, they can change whatever they want and all the application programmers just release a patch because that's who they chose their "big daddy" to be: Microsoft.
    • But I still degress, the user-land tools and their common-practice installation without fine-grained permissions is what kills many secure systems. All someone needs to do to exploit a system is telnet or ssh with a valid account name and password and the intruder has all the options of the system to their disposal. We have User, Group, Other, what else?

      In vanilla 2.2 and 2.4 kernels, you don't have any additional kernel level controls (not counting filesystem controls, such as ext2/ext3's extended attributes, (chattr +i filename to make filename unchangeable, even by root, for example)) but you are effectively correct. However there are user-level tools you can use, such as libsafe and stackguard that can prevent many common attacks such as generic buffer overflows.

      However there are various patches to the kernel that can provide much more finely tuned control of software. LIDS, GRSecurity, SELinux, and more can allow you to say exactly what a process can or can not do. By creating good rules for the software you need, you can effectively make root no more special than any other user. Only Apache can bind port 80, and no other port. Only ntpd can change the system time - not even root using 'date'. When you create an explicit list of what can do what (easiest by locking everything down and then adding permissions back in where needed) you will have a machine where a piece of software that is compromised only means it can function as it was built to - it has no new functionality it can abuse.

      Now kernel patching is intimidating for many, whic h keeps them from trying these advanced security measures. However a new infrastructure is under development which can make this much simpler to use. LSM, the Linux Security Module, has been accepted into linux 2.5 kernel, and it allows you to load or unload advanced linux kernel security systems at run time without the need for kernel recompilation. (This requires that an LSM version of the patch exists, which is the case with LIDS, GRSecurity, SELinux and friends.)

      As these are more visible, they will become more mainstream. Debian has an SELinux installer, for example, which can let you boot a very secure version without compiling anything on your own.

      Advanced linux security is here today if you want it.

  • "The Real World Linux Security cover features Cerberus, the three headed dog that safeguarded the entrance to Hades. Hades is an underground place from Greek mythology where deceased people ended up."

    Please correct me if I'm wrong but I believe that Cerberus is the Latin spelling and Kerberos (the security framework we all know and love... or not) is the Greek spelling.

    It's very appropriate that a beast that guards something is a icon for security, and at the same time ironic that what it's guarding (one's network) is "where deceased people ended up". I know /.'ers have particular attitudes about their users, but give me a break!

    • Ill gaurantee the greeks did not spell it Kerberos, since they didn't use those letters much at all. I can't include the greek letters in the post (or at least don't know how).

      Cerberus is a Latin transliteration, rather than a "spelling" since you cannot spell a greek work without the greek letters. We transliterate it as Kerberos because our pronunciation of the letter C would tend towards a soft pronounciation if we spelled it like the Romans. Their letter C was always hard. Similar with the o or u.

      Since alot of our literature is from the Romans, the latin spelling has persisted, and as with many latin words, we have changed the pronunciation and often say SERberous when we see "Cerberus".

      However, neither Cerberos nor Kerberos are more greek than the other. It is still the Greek Mythological three headed dog protector of Hades.

      -Jacob
  • To begin with, I got a lot of useful information out of this book. Bob Toxen knows his stuff, and he does a reasonable, if not superb, job of explaining it.

    However...

    Had it been on any other subject, I probably would have put it away and went looking for a better book not long after buying it. The only reason it was as useful as it was to me was that at the time, it was the only Linux-specific security book I could find. While there is good information, it is incredibly badly organized. The various tips seem to be haphazardly scattered around the book rather than carefully organized into any coherent scheme; and what's worse, it's redundant. Badly redundant. As I recall, many passages and some paragraphs are repeated word-for-word at different places in the book. Security issues are sometimes covered twice over in different parts of the book, artificially inflating the content. Toxen also comes across as someone who thinks of himself as a real bad-ass cowboy of the UNIX world, which contrasts poorly with the proffessional, occasionally wry tone of the classic O'Reilly UNIX books to which this book must naturally be compared.

    Basicaly, the first edition was a good collection of tips and tricks, although no more so than your typical top-teir UNIX security website offers. What it badly needed was the hand of a competent editor to clean up the writing and the organization. Hopefully this second edition recuieved such a treatment.
  • I just thought I would mention that this book will likely be on Oreilly Safari [oreilly.com] since the Rev. 1 is already there [oreilly.com]. I'm a big fan of Safari since I: rarely read a tech book cover to cover, I have a shelf of outdated tech books and I like their search features. [disclaimer] I have no affiliation with Oreilly Safari other than I subscribe to the service [/disclaimer]
  • Good Book, But... I Think Some Of Us Are Still Waitng For The Hackers Bible "part2" Some call it the new hackers testament... That And A New Version Of Project Blue Book Unedited -Right?...

Children begin by loving their parents. After a time they judge them. Rarely, if ever, do they forgive them. - Oscar Wilde

Working...