REVIEW - Linux Security - Craig Hunt Linux Library


Linux Security - Craig Hunt Linux Library


Ramón J. Hontañón




John Wiley & Sons (2001)




Joe McCool


April 2002



I approached this book with some excitement. Recently on a site of mine, I had a problem with spam and network intrusion. I had the idea of implementing a Linux firewall, using the famed robustness of Linux to keep intruders from tampering with prone NT servers. As it turned out, I got it completely wrong. Hontañón's book is about security on Linux itself and not just about using Linux to protect others, but it is no less relevant for that. It had never crossed my mind that Linux might itself be susceptible.

Susceptible it certainly is, according to this author. Problems can stem right from kernel compilation to setting up user accounts. (Hontañón points out that most hacking takes place behind firewalls and by legitimate users!)

There is a wealth of material covered here; things to watch while configuring samba, apache, network security, sendmail, user authentication, transport and application layer firewalls, ssh and vpn. The material is well organised and presented clearly.

I do have some petty criticisms: some diagrams have essential text missing, screen shots, while pretty, add little to the understanding. Listings are too long (4 pages), deliver little and could be relocated to an appendix. Like anyone trying to hedge their bets, he does not come down in favour of any particular Linux distribution. Kernel re-compilation is an essential part of Linux security and very much part of Linux culture. Hontañón recommends kernel compilation as root. This contradicts the advice given by Linux gurus on the Step by Step site (see http://linux.ns/misconstrue.html). Otherwise this is a good and useful read, certainly recommended. With Linux playing an increasing role in commercial web servers, this text has a ready market.

Book cover image courtesy of Open Library.