This is an archived course. Information may be out of date, some links are broken and email addresses have been removed.

03 Linux Security Resources

From the Linux Documentation Project

Other web sites

Books (Not to endorse Amazon -- they just have handy reviews and comments. Buy from your vendor of choice.)

Mailing lists


  • logcheck is a very configurable shell script that digests your logfiles for you and sends you email in regular intervals (you can choose the intervals yourself; default is every 2 hours) informing you of anything irregular that goes on, such as login attempts (successful and unsuccessful), relaying attempts, and so on. Of course, it doesn't replace securing your box, but it's very handy as a reference of what's going on. It's available for various distributions and pretty easy to set up.
  • While looking for something completely unrelated, I stumbled across this apparently very useful tool. It's called lsof (was a separate package in Mandrake - rpmfind or a search of your install cds might turn it up for your distro). What it does is list the files that are opened by a particular process. Its relevence for our security course is that while using nmap to list the open ports on your sytem, you might find one that you have no idea what it is. You can use lsof to tell you which programme has this port open. To illustrate by example:
     Port       State       Service
     3/tcp      open        foo
    lsof -i :3
    and it tells you the files that are using that port, so hopefully you can track down what programme is using it.

Copyright (c) 2002 by Raven Alder. This material may be distributed only subject to the terms and conditions set forth in the Open Publication License, v1.0 or later (the latest version is presently available at