Tools and Best Practices for Bastion Hosts
‘Linux Server Security’ is a book for linux users with little security expertise, the book explains security and techniques in clear language, beginning with the fundamentals.
‘Linux Server Security’ begins with teaching you how to design a network with god secure principles, and different ways to set up networks on paper by using a DMZ or firewall setup with an SMTP server on the network etc.
The following chapter introduces you to a general round up of how to secure your system by installing updates on your system, securing the operating system accounts, and the use of iptables and sudo. Secure Remote Administration is then discussed and includes using secure SSH to access your system instead of standard telnet sessions.
There is a short chapter on MySQL security and making sure you set the MySQL root password and that you should delete anonymous users and test databases, there is also a section on dealing with MySQL injection attacks and setting up the MySQL configuration files.
‘Linux Server Security’ includes an extensive chapter on securing your internet email, the chapter is broken down into securing different email applications such as sendmail and postfix. There is also a section on Mail Delivery Agents and how to encrypt your email.
One of the most interesting chapters for me was the chapter on securing web servers, or more to the point, Apache. It discusses installing apache, and the correct file permissions each directory of apache should have as well as how to securely use CGI, Perl and PHP scripts on your web server.
The remaining chapters cover securing file services such as FTP and how to administrate and read your system logs.
Overall ‘Linux Server Security’ is a good book which has a large number of code examples and the occasional screen shot from the Linux GUI. If you are after a book which solely covers linux security instead of a general system administration book on Linux then ‘Linux Server Security’ could be for you.