From the Linux Documentation Project
- Securing and Optimizing Linux: Red Hat Edition - A Hands on Guide
- Security-related HOWTOs (for sysadmins)
- Network security-related HOWTOs
- Programming security-related HOWTOs
Other web sites
- Linux Security
- Linux Administrator's Security Guide
- SANS (System Administration, Networking, and Security)
- Security Geeks
Books (Not to endorse Amazon -- they just have handy reviews and comments. Buy from your vendor of choice.)
- logcheck is a very configurable shell script that digests your logfiles for you and sends you email in regular intervals (you can choose the intervals yourself; default is every 2 hours) informing you of anything irregular that goes on, such as login attempts (successful and unsuccessful), relaying attempts, and so on. Of course, it doesn't replace securing your box, but it's very handy as a reference of what's going on. It's available for various distributions and pretty easy to set up.
While looking for something completely unrelated, I stumbled across this apparently very useful tool.
It's called lsof (was a separate package in Mandrake - rpmfind or a search of your install cds might turn it up for your distro).
What it does is list the files that are opened by a particular process.
Its relevence for our security course is that while using nmap to list the open ports on your sytem, you might find one
that you have no idea what it is.
You can use lsof to tell you which programme has this port open.
To illustrate by example:
Port State Service 3/tcp open foodo
lsof -i :3and it tells you the files that are using that port, so hopefully you can track down what programme is using it.
Copyright (c) 2002 by Raven Alder. This material may be distributed only subject to the terms and conditions set forth in the Open Publication License, v1.0 or later (the latest version is presently available at http://www.opencontent.org/openpub/).