Red Hat Linux Security and Optimization

The book is titled Red Hat Linux Security and Optimization, indicating that both topics are covered, but the bulk of this book (chapters 8 - 21) really deals with security topics. Only the first 7 chapters deal with system and network performance.

Part 1 of the book comprises three chapters on system performance. Issues such as performance basics and kernel tuning are discussed. It shows how users can compile and install their own custom kernel. Chapter 3 is on file system tuning and deals with standard issues such as determining which file system to use and the creation of volumes and partitions.

The three chapters of Part 2 (Network and Service Performance) detail the issues of network and server performance. Chapter 5 provides a good overview of tweaking Apache and the use of Squid.

Part 3, System Security, is the heart of the book. The author takes a bottom up approach to security, where he starts with kernel security and progresses to other topics such as file system security, network security, passwords, and more.

Part 4 details network security, from DNS and BIND, to SSL, FTP, and the other major networking protocols. Chapter 17 has a good synopsis of email and the vulnerabilities associated with open email gateways, and how to control mail relays so as not to be used as a spam clearinghouse.

The book finishes with Part 5, which comprises two chapters about Linux firewalls. It also includes information about VPNs, SSL tunnels, and assessment tools.

The enclosed CD-ROM has a lot of security software, including standard security tools such as John the Ripper, netcat, nessus, nmap, and more. Is also includes other software such as Tripwire, Saint, OpenSSH, OpenSSL, tcpdump, and more. Also included is an electronic version of the book. With the exception of the electronic copy of the book, everything on the CD-ROM is available free off the Net. It would have been nice if the book could have included a second CD-ROM with the Linux operating system software. Although the software can be downloaded from Red Hat, the nearly 1 GB of data can take quite a while to download, even with a broadband connection.

Red Hat Linux Security and Optimization is a straightforward book that details all of the rudiments of Linux functionality and security. While the book is written for Red Hat, the majority of the information can be applied to other flavors of Linux. Overall, Red Hat Linux Security and Optimization is a good option for readers who want a security reference book....

Rating:
Summary: One of the Best book in Security & Optimization
Review: Great Book!! Great Writer!!

Nice to have a book like this.

Rating:
Summary: Great book!
Review: I bought at local bookstore after reading the chapter on LIDS and I went to work next saturday and implemented LIDS using the latest 2.4 patches found at the LIDS.org site. It is owesome; no more root hacks! I also liked the LibSafe section.

It is an amazing book for someone who wants to learn more about security fast.

Rating:
Summary: Contradictory, but a good start point
Review: I bought this book to help me learn more of the configuration options for my server and what they did. While this book presents the majority of options, it is contradictory in places and follows old school techniques.

For instance, in the chapter on Apache, the author tells you how to compile Perl into Apache. This is great, but the more preferred method to including things into Apache is to use a DSO so that you don't have to stop and recompile the server everytime you add something. Then it goes on to Squid. In my experience using Squid, it has run on port 3128 and the authoer mentions that, but as an afterthought and not until after he has already told you to run it on port 8080.

In addition, this book neatly seperates content on security and optimization. However, do not buy this book with the thought that it will show you how to build a server or setup your web services. This book is meant only as a resource for tuning your stuff and will not tell you how to install it. You really need to have a knowledge of Linux beforehand.

To put it plainly, buy this book as a corraborative resource or buy it and prepare to refer to other resources on the internet to get a second opinion. Buy this book if you are comfortable tinkering with things. Though, if you are running a Linux system, you had better be comfortable tinkering and not faint of heart or else you'll never get anything done!

Rating:
Summary: Good but for immediate or better users
Review: I want to begin with whats good about the book. It does a good job of covering Linux security concepts, and centralizing them in a well laid out, easily referenced book. Others have pointed out that a lot of this information is available on the net for free, however without a reference like this they wouldn't know what they should be looking for. (How many folks know their BIND server should run in a chroot environment to even begin the research?).

Despite having Red Hat in its title, and being released as a redhat Press book, the book is surprisingly generic in its treatment. While that may be a welcome releif to Suse/Debian/etc users, its a bit annoying to redhat users who were expecting more specific help, and perhaps less conflicting help. Several of the security measures covered in the book have already been implemented in the default redhat install, except using different usernames, file paths, etc.

Some of this may be an artifact of the book not covering the latest release, but some have been around long enough to convince me the book was written to a far more generic audience originally then given a new title. Which isn't bad by itself, just not what a novice user would expect, and might not catch.

My final concern is that some of the implementation steps are just flat wrong. The section on running BIND in a chroot environment is one, it describes the process in 7 steps (only 6 are enumerated) and does not mention redhat's prefered method of passing the options to the daemon. However, since knowing that it should/can be done is half the battle in linux, the correct procedure can be found on the web.

Rating:
Summary: Obviously trying to cash in on Red Hat's dominance
Review: Red Hat is synonymous to Linux for many people, and this book is obviously trying to cash in on that. The editing of this book leaves much to be desired - there are some really terrible errors throughout. I am usually partial to books that have CDs with them, but in this case it doesn't add anything. The tools on the CD are freely downloadable from the internet, and are being updated constantly. The versions on the CD are very old, so you need to download new versions anyway.

Overall, for my money, I'd buy the oreilly security book or the hacking linux exposed one.

Rating:
Summary: Obviously trying to cash in on Red Hat's dominance
Review: Red Hat is synonymous to Linux for many people, and this book is obviously trying to cash in on that. The editing of this book leaves much to be desired - there are some really terrible errors throughout. I am usually partial to books that have CDs with them, but in this case it doesn't add anything. The tools on the CD are freely downloadable from the internet, and are being updated constantly. The versions on the CD are very old, so you need to download new versions anyway.

Overall, for my money, I'd buy the oreilly security book or the hacking linux exposed one.

Rating:
Summary: Very good book.
Review: The author takes the time to explain things out. Most books just skip right by the fact you might not a be a guru with everything. I hope Redhat will keep this up! I would recommend this book for your collection as it is very readable.

Jeremy