
This is the Title of the Book, eMatter Edition
Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.
x
|
Preface
• How to “harden” a fresh installation of Linux and keep it patched against newly
discovered vulnerabilities with a minimum of ongoing effort
• How to make effective use of the security features of some particularly popular
and securable server applications
• How to implement some powerful security applications, including Nessus and
Snort
In particular, this book is about “bastionizing” Linux servers. The term bastion host
can legitimately be used several ways, one of which is as a synonym for firewall.
(This book is not about building Linux firewalls, though much of what I cover can
and should be done on firewalls.) My definition of bastion host is a carefully config-
ured, closely monitored host that provides restricted but publicly accessible services
to nontrusted users and systems. Since the biggest, most important, and least
trustworthy public network is the Internet, my focus is on creating Linux bastion
hosts for Internet use.
I have several reasons for this seemingly narrow focus. First, Linux has been particu-
larly successful as a server platform: even in organizations that otherwise rely heavily
on commercial operating systems such as Microsoft Windows, Linux is often
deployed in “infrastructure” roles, such as SMTP gateway and DNS server, due to its
reliability, low ...