Book Review: Mastering Linux Security and Hardening

Written by: By Donald A. Tevault, and published by Packt Publishing. Secure your Linux server and protect it from intruders, malware attacks, and other external threats
Official Book Link

One thing to always remember as you go through this book is that the only operating system you’ll ever see that’s totally, 100% secure will be installed on a computer that never gets turned on.

Target Audience For This Book

You are a Linux user and have been using Linux either for a couple years or a couple decades but never really dug into the details of how to harden a linux system. You might be a developer, a casual linux user, a system administrator, dev ops, release engineering, or some variation of the same. Now its time to harden your system and sharpen your knowledge on security.

Setting the Context In Beginning

Why do you even care about the content in this book? How would you like a system you are responsible for to be hijacked and converted in a crypto-currency mining server or file server for illicit content on behalf of a criminal. Or perhaps your server will be jacked and used for distributed denial of server attack bringing down important corporate or government servers. If you leave non-secure systems on the Internet you are part of the problem. Let alone having your proprietary content stolen by hackers. The default settings in most linux distributions is inherently insecure! This context is set in the beginning of the book.

Content Organization and Style

After setting the context around security and providing links to some main stream security news websites where you can subscribe or visit to keep current on new developments in security and computing in general, the lab environment for this book is introduced. Basically the labs are not super proprietary but you will need a linux environment and for that VirtualBox or Cygwin is recommended and instructions for getting setup with it is provided (mostly for newbies without access to linux systems to run the labs). If you have your own system, perhaps bypass the VirtualBox or Cygwin, and run the labs on your own system to save setup time. But if you are more of newbie, definitely follow the lab setup process.

The content in this book is geared to two of the most popular linux distributions: RedHat (or CentOS) and Ubuntu. These are great choices to focus on as they are the most mainstream Linux distributions. What becomes obvious when reading the book, is much of Linux Security hardening is Linux Distribution dependent as the kernel itself is fairly secure but the wrapping bits which open up various potential issues. So no book can cover all linux distributions and this book focuses on RedHat, CentOS and Ubuntu, although principles are largely generic.

Most of the content in this book assumes you are familiar with using the Command Line Interface for linux, which is more efficient and more suitable for day to day linux folks, however there are some cases where Graphical User Interface tools are showcased when they add special value in various cases.

Core Content of Book

  • Proper usage of the sudo command to restrict the requirement of full root access
  • How to restrict too simple passwords and enforce periodic password resets by users
  • Temporarily lock suspicious or under investigation user accounts
  • Basic firewall setup to limit traffic to specific ports and applications
  • Difference between symmetric and assymetric encryption algorithms and use cases respectively
  • How to encrypt files, directories, disk volumes on the system
  • Basic SSH hardening, including use cases where this is important
  • Chown/Chmod and basic access system. Coverage largely for beginners and good review for others
  • Access Control Lists, which are more sophisticated then the basics with Chown/Chmod. This is for intermediate to advanced users
  • SELinux (RHEL) and AppArmor (Ubuntu): Acknowledges the clunkiness of these solutions but shows how they can be used and use cases where they add specific value
  • Relevance and techniques for Virus and Malware detection and prevention, and how this is different than Windows which is very much more vulnerable
  • Complying to official security standards and how to verify your system against these standards using tools
  • Snort for intrusion detection. If your system is compromised you need a way to detect the intrusion
  • Introduction to Linux Distributions that are designed specifically for security vulnerability work such as Security Onion, Kali, Parrot, and Black Arch


Get the book from Amazon today. You can start as a casual to advanced Linux user and sharpen your awareness of security hardening by just reading this one book, so its highly recommended that everyone using Linux get a copy and go through the lessons in this book.

(This post contains affiliate links. It is a way for this site to earn advertising fees by advertising or linking to certain products and/or services.)

ONET IDC thành lập vào năm 2012, là công ty chuyên nghiệp tại Việt Nam trong lĩnh vực cung cấp dịch vụ Hosting, VPS, máy chủ vật lý, dịch vụ Firewall Anti DDoS, SSL… Với 10 năm xây dựng và phát triển, ứng dụng nhiều công nghệ hiện đại, ONET IDC đã giúp hàng ngàn khách hàng tin tưởng lựa chọn, mang lại sự ổn định tuyệt đối cho website của khách hàng để thúc đẩy việc kinh doanh đạt được hiệu quả và thành công.
Bài viết liên quan

Best Security Focused Linux Distros for Ethical Hacking and Pentesting

A hacker needs a security focused operating system to help discover the weakness in computer systems or network. Among...

Driftnet command tutorial and examples

Sniffing consists of intercepting packets through a network to get their content. When we share a network, intercepting...

Top 10 tools for Penetration Testing on Linux

Previously, i have written an article which i suggested to learn certain tools a lot if you are in the penetration testing...
Bài Viết

Bài Viết Mới Cập Nhật

Check proxy trên trang nào chuẩn nhất❓

Thuê Proxy chạy Google Ads / Cần chú ý gì khi chọn proxy và email chạy G.G ads?

Thuê proxy 4G ở đâu uy tín, giá rẻ, chất lượng?

Vì sao cần thuê proxy xoay? Địa chỉ cung cấp proxy xoay uy tín

Thuê proxy v6 kéo view Youtube ở đâu uy tín, chất lượng?