Using Red Hat Linux as the demonstration environment, the authors explain how to use a suite of publicly available tools to analyze, protect, and monitor your machines and networks. They approach the subject from a practical standpoint, emphasizing software and its use while referring the reader (using copious bibliographic notes) to more specialized works for detailed information on cryptography, firewall configuration, and other subjects.

Scott Mann and Ellen Mitchell have done excellent work in combining explanations of the "soft" aspects of security management with the particulars of using software. In a typical section, they explain how to acquire, install, and run Crack, a password breaker. First they show how a bad guy would use Crack to get unauthorized access to a machine over a network; then they explore the "white hat" applications of the program as a security tool for preemptively weeding out weak passwords. More detailed coverage goes to tiger and Tripwire, a pair of powerful auditing and monitoring tools. Along with Maximum Linux Security (which covers more offensive and defensive weapons in less detail), this is one of the two best Linux security books you can own. --David Wall

Topics covered: Linux security practices and tools, as demonstrated under Red Hat Linux 5.2 and 6. Software and commands include Pluggable Authentication Modules (PAM), OPIE, syslog, sudo, xinetd, Secure Shell (SSH), Crack, tiger, Tripwire, The Cryptographic File System (TCFS), and ipchains. The authors discuss administrative policies and procedures along the way.

Want info on ipchains? This book has at least 50 pages on the subject!

I could go on and on about this book it is so good!

This book is written by experienced people, not just an author who was assigned another book to write.

You will not regret buying this book!

The authors seems to know the subject and really used tools that they are writing about. For several popular tools the book provides some useful info that is difficult to find elsewhere. Pretty decent typography, although it's a little bit too academic and does not use icons on margins that IMHO simplify reading. 

As for the classic open security tools, the book covers PAM(36 pages), Sudo(20 pages), TCP Wrappers(24 pages), SSH(55 pages), Tripwire(24 pages), CFS and TCFS (30 pages), and ipchains.

From the first reading it looks like the chapters are *not* a rehash of existing online documentation. In addition to the chapters about classic open source security tools I like chapters about logs: a chapter on syslog (Ch.8) and a chapter on log file management (Ch.17). 

Now about weaknesses. The chapter on Tiger is rather weak. Moreover regrettably Tiger is a legacy tool, but actually information is not completely useless -- it's not difficult to switch to another tool after one understands how Tiger works. Actually Perl is superior for writing Unix vulnerability scanners in comparison with shell. May be hardening scripts like Bastille would be a better choice for this chapter in the second edition of the book.

Book is incomplete in a sense that neither Snort (or any similar intrusion detection tool), nor open source network scanners (Saint, Sara, etc.) are covered.

Of course there are some typos, but generally not that many. But what is really bad is that the Prentice Hall book page currently is pretty basic with no errata or additional links. The authors do not provide a WEB site for the book.

This book can probably be used for studying Unix security at universities along with somewhat outdated Practical Unix and Internet Security and this combination can somewhat compensate deficiencies of the latter (non tool oriented descriptive approach).