Building Secure Servers with Linux [Paperback]

If you are a security professional or would like to be, this is the book for you. Take advantage of the author's years of experience as well as the knowledge he has gleaned and refined from his years of writing security articles for Linux Magazine.

It's not some kind of "super" book on the security subject that'll give you answers on all your questions and the same time cover all security aspects.
On contrary, it covers the most important security issues concerning the services and tools that you'll probably use or support on average Linux box connected to the net. This book really helped me a lot in that respect, not only with home project but also on my daily job that is only occasionally related with network security.

If my case sounds familiar to you then you're definitely the prime candidate for this book.

Let me say without hesitation that this book has changed my life. I have secured my network, protected my data, detected attempted hacks, and learned a TON. This knowledge has also helped me tremendously in my day job, as an awareness of the overall network security environment is essential to being a good enterprise developer. I give 100% of the credit to Mr. Bauer, whose writing is complete, comprehensible, succinct, and lively. He progresses logically through the material, covering firewall architecture, server hardening, use of ssh for all administration, log watching, web and DNS security, threat detection, and many other topics. His coverage is a judicious mixture of utilitarian and theoretical - he gives you just the right instructions to accomplish your goals, and just enough background to make it interesting and understandable. This approach makes his chapters on bastion hosts, ssh, and tripwire especially definitive. His humor, unlike that of many other technical authors, actually is funny and helpful. When he refers to the complex Diffie-Hellman key exchange algorithm as a "large-prime-number hoe-down," he succeeds in both entertaining and providing an adequate summary for the average network administrator. Bauer's sense of organization and style enables him to take the mystique and complexity out of computer security and empower the reader.

I take extreme exception to the negative reviewer who claims that Bauer relies too heavily on graphical tools, which is bad since one should not even have X11 running on a secure server. Obviously this other reviewer never read the book. In his chapter on hardening Linux, Bauer EXPRESSLY SAYS not to install X11 on a secure server. Almost NOWHERE in the book does he use graphical tools. What the other reviewer has written is unfair and untrue. Maybe he read a different book.

One minor quibble I have is that the log monitoring software Bauer suggests, "swatch," is adequate but has really been superseded by "logwatcher," which comes with Red Hat Linux. Logwatcher has built-in smarts, and does not need to rely on downloading modules from CPAN onto your secure server. But consider this: the fact that I can even raise this issue, after previously knowing absolutely nothing about computer security, is further testament to the greatness of this book.