REVIEW - Hardening Linux


Hardening Linux


John H. Terpstra




McGraw-Hill Osborne Media (2004)




Ian Bruntlett


November 2008



I took this book out of the library because I wanted to introduce a Linux box to a LAN that has broadband internet access. I've got to admit the corny looking cover did put me off this book.

To coin a phrase, this is an "Oh, wow!" book. From the little experience I've got, this book covers most if not everything. It certainly covers everything I know about Linux security. And it documents commands and practices that generic Linux primers seem to ignore. That alone makes this book worth buying if you have a Linux box attached to the internet. A word of warning though - this book only covers Red Hat and SuSE Linux. I mainly use SuSE and dabble with other distros - some of the recommendations will still apply to non-Red Hat, non-SuSE Linux systems. Actually this book takes security to the extreme of describing how enterprises should handle security. It's that good.

One of the key aspects of hardening a Linux box is to limit the system services running - the logic being, if it isn't running, it can't be hacked. It also recommends that compilers are kept on safe machines. If you have a machine that might be hacked, then try not to make life easier for the hackers by giving them access to development tools on a compromised system.

Book cover image courtesy of Open Library.