Linux Security

This is the first book I have bought from the Craig Hunt Linux library and judging by this volume I will be buying more.It's an excellent book covering all aspects of Linux securityfrom physical site security to VPN's. It's up to date: a good section with clear examples on iptables is included.For each section the author selects a few (or as in the case of file integrity just one product like tripwire) products and explains with good examples how to install and configure from scratch (including installing the rpm's). The language is clear and the author explains both why and how. There is an excellent section on nessus and the tripwire part really shows what a cumbersome beast tripwire now has become ... The focus is almost 100% on freely available tools in true Linux spirit.It's not without minor faults however - but so far I have only found one major one. The section on "Starting Network Services from /etc/rc.d" is weak: it messes up the runlevels (1 is single user and 5 is X11), it does not mention the fact that Kill scripts are run before the Start script when _entering_ a new run level and there is no mention of ntsysv (or chkconfig).I do like the fact that Hontanon is not at all afraid of giving strong recommendations - i.e. "Among the password auditing tools ... John the Ripper stands out as the clear winner because of its performance and ease of use".This is not a beginners book - it assumes general Linux and networking knowledge.If you are looking for a source for overall Linux security, Unix security tools and how to use these tools look no further. This book should be on your bookshelf along with the 2nd edition of "Maximum Linux Security" and (the now slightly out of date) "Practical Unix & Internet Security". Recommended.