Barrett D. J., Byrnes R. G., Silverman R. Linux Security Cookbook / Copyright

Computers & Technology
Education & Reference
Business & Investing
Science & Math

Linux Security Cookbook
Authors: Barrett D. J., Byrnes R. G., Silverman R.
Published year: 2006
Pages: 4-6/247

<< Previous page
Table of contents
Next page >>

Copyright

Printed in the United States of America.

Published by O'Reilly & Associates, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472.

O'Reilly & Associates books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (http://safari.oreilly.com). For more information, contact our corporate/institutional sales department: (800) 998-9938 or corporate@oreilly.com.

Nutshell Handbook, the Nutshell Handbook logo, and the O'Reilly logo are registered trademarks of O'Reilly & Associates, Inc. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and O'Reilly & Associates, Inc. was aware of a trademark claim, the designations have been printed in caps or initial caps. The association between the image of a campfire scene and the topic of Linux security is a trademark of O'Reilly & Associates, Inc.

While every precaution has been taken in the preparation of this book, the publisher and authors assume no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein.

Preface

If you run a Linux machine, you must think about security. Consider this story told by Scott, a system administrator we know:

In early 2001, I was asked to build two Linux servers for a client. They just wanted the machines installed and put online. I asked my boss if I should secure them, and he said no, the client would take care of all that. So I did a base install, no updates. The next morning, we found our network switch completely saturated by a denial of service attack. We powered off the two servers, and everything returned to normal. Later I had the fun of figuring out what had happened . Both machines had been rooted, via ftpd holes, within six hours of going online. One had been scanning lots of other machines for ftp and portmap exploits. The other was blasting SYN packets at some poor cablemodem in Canada, saturating our 100Mb network segment. And you know, they had been rooted independently , and the exploits had required no skill whatsoever. Just typical script kiddies.

Scott's story is not unusual: today's Internet is full of port scanners -both the automated and human kinds -searching for vulnerable systems. We've heard of systems infiltrated one hour after installation. Linux vendors have gotten better at delivering default installs with most vital services turned off instead of left on, but you still need to think about security from the moment you connect your box to the Net . . . and even earlier.

A Cookbook About Security?!?

Computer security is an ongoing process, a constant contest between system administrators and intruders. It needs to be monitored carefully and revised frequently. So . . . how the heck can this complex subject be condensed into a bunch of cookbook recipes?

Let's get one thing straight: this book is absolutely not a total security solution for your Linux computers. Don't even think it. Instead, we've presented a handy guide filled with easy-to-follow recipes for improving your security and performing common tasks securely. Need a quick way to send encrypted email within Emacs? It's in here. How about restricting access to your network services at particular times of day? Look inside. Want to firewall your web server? Prevent IP spoofing? Set up key-based SSH authentication? We'll show you the specific commands and configuration file entries you need.

In short: this book won't teach you security, but it will demonstrate helpful solutions to targeted problems, guiding you to close common security holes, and saving you the trouble of looking up specific syntax.