Real World Linux Security, 2/e

Author: Bob Toxen
Pages: 848
Publisher: Prentice Hall PTR
ISBN: 0-13-046456-2

Who’s behind this book?

The author of this book, Bob Toxen, is one of the 162 recognized developers of Berkeley UNIX. He has more then 28 years of UNIX and 8 years of Linux experience. Trivia from his resume includes that he was one of the four developers who did the initial port of UNIX to Silicon Graphics hardware, that he was an architect of the client/server system used by NASA’s Kennedy Space Center and that he wrote the “The Problem Solver” column for popular UNIX Review magazine. Currently he is a president of Fly-By-Day Consulting, Inc. offering Linux security-consulting services.

An interview with Bob Toxen is available here.

The cover

The “Real World Linux Security” cover features Cerberus, the three headed dog that safeguarded the entrance to Hades. Hades is an underground place from Greek mythology where deceased people ended up. Cerberus was there to stop the demons from Hades to escape into our world, and vice-versa – stopping the living people entering the Hades. Mr. Toxen did a metaphor connecting the three headed demon dog to a system administrator. How come? “This is not unlike the security aspects of system administrator’s job and it certainly seems to require three heads to keep ahead of the problem” – he notes.

Inside the book

From the introduction credits, you can see that this book will be an interesting read. The author has a lot of expertise in Linux/UNIX areas, which gives the credibility to the book’s title “Real World Linux Security”. Another big plus is that the book has about 800 pages of valuable information, divided into these four interest areas:

  • Securing your system
  • Preparing for an intrusion
  • Detecting an intrusion
  • Recovering from an intrusion

Securing your system is an imperative for any system administrator. There are many ways to stay in touch with the latest security problems, so patching vulnerable services must be done on a regular basis. Patching won’t keep you secure if you don’t consider every “living” thing that runs on your production server as a possible entrance into your system. The first part of the book covers the initial step in the “security ring”. There are “Seven Most Deadly Sins”, the author is warning us:

1) Weak and default passwords
2) Open Network ports
3) Old software versions
4) Insecure and badly configured programs
5) Insufficient resources and misplaced priorities
6) Stale and unnecessary accounts
7) Procrastination

If you are interested in various aspects and details on primer securing your system, you’ll enjoy the first 400 pages of the book as it deals with:

  • quick fixes for common problems (shutting down unnecessary services, using quality passwords, limiting access)
  • common subsystem hacking (playing with sendmail, POP and IMAP servers, samba etc)
  • usual hacker attacks (rootkits, packet spoofing, man in the middle and other common attacks)
  • advanced security issues (apache and web server security techniques, buffer overflows)

After securing your system, what should you do as the next step? Well – secure it even more, of course. The second part of the book continues with hardening the system, which is a must for preparing on a possibility of an intrusion. Possible intrusion must always be on your mind, as no one is safe when connected to the Internet. Vulnerability scanners deployed by crackers don’t see the difference between your home computer system, a test e-commerce server or a big consultancy company server – if you have a vulnerable service running on it, you’ll probably get burned. This part introduces you to the world of protecting user sessions with SSH, Virtual Private Networks, PGP/GPG cryptography usage, firewalls and DMZs and preparing your hardware to meet the security readiness. I should especially note a great coverage on IP Tables with some helpful rule sets both mentioned in the book and placed on the CD.

This publication also bares in mind the situation of your system being compromised. It is noted that probably 10-20 percent of people reading this book will suffer a system break-in. By proactively monitoring your system and keeping up-to-date with security web sites, you can reduce the risk of someone hacking your system to the minimum. As a quality security book should have in mind, “Real World Linux Security” also deals with the darkest system administrator’s moment – successful compromise. The author explains the steps of regaining the control of your system, finding and repairing the damage, tracking the attacker and sending him/her/them to the prison.

As a notable addition, the author doesn’t stay blindly connected with just Linux security. As a true expert in his field, he walks into some areas that aren’t closely connected with Linux, but with security in general. One of the examples is a 20 page chapter dealing with security policies. In this mini suggestion to the decision makers, he guides us through the possible policies – from accounts and e-mail to network topology, problem reporting and even policy policies.

Another good part that came from Mr. Toxen’s experience is a part called “Case studies”. Several stories contained in this area describe some of the actual cases that can be compared with hacking history jewels like “Masters of Deception: The Gang That Ruled Cyberspace” by Slatalla/Quittner and “Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage”. Stories here describe from old school playing cat and mouse with Berkley sysadmins back in late seventies and making virtual machine trojans to the latest issues with easy DNS information changes and Microsoft’s Visual Studio .Net getting shipped with Nimda worm.


The accompanying CD-ROM contains the author’s own software for instantly locking out attackers and alerting system administrators. There are also exclusive IP Tables and IP Chains firewall rules, as well as a collection of tools for monitoring network health, detecting and reporting suspicious activities, securing backups, simplifying recovery etc.

The CD has two main folders – “book” and “net”. The “book” folder contains up to 100 files, mostly written by the author especially for the needs of this book. These files include Cracker Trap software, sample IP Tables and IP Chains scripts and various useful programs for doing different security related activities. The other folder contains about 40 MB of security software that the author used as references in this book. The tools from this section contain: crack, firestarter, sniffit, john the ripper, LIDS, netfilter, ntop, samhain, snort and more. As you can see, Mr. Toxen has really worked hard to make this CD a worthy addition to the book.

The verdict

After reading some of the comments on the first edition of this book and briefly taking a look at the chapters of this second edition, I knew it would be a great read. After reading it, I must say that “Real World Linux Security” is even better – I can even say terrific. In the mentioned 800 pages, this book proves to be pure gold, when we are talking about all aspects of Linux security. Greatly written, filled with lot of interesting tips and facts about securing the Linux environment, the book can be used both for pumping your knowledge and as a reference in your future security related work.

The release of a second edition of this book was proven to be a good choice, and I am really looking forward to the possible third edition in the future.

Don't miss