After 7 years of **IX based development, I find myself in a VERY security conscious environment. I am aware of the basics, but I need come up to speed very quickly on the details of how or why to implement various security features, e.g. how does ssh work. What are the specific holes to watch out for etc., I'm looking more for the lower level mechanics not the "don't surf the web as root" stuff.
If someone could point me to the FAQ for this group and any other recommended reading I sure would appreciate it.
Linux Administrator's Security Guide (LASG) (Thanks Kurt!) Read it end to end. http://securityportal.com/lasg/ Try "Linux System Security" for in depth coverage of security features & software on Linux. Well written and goes into good detail on algorithms (the SSH chapter is very useful if you're trying to visualize the protocol) and recommendations. http://www.phptr.com/ptrbooks/ptr_0130158070.html Practical UNIX & Internet Security, 2nd Edition Classic O'Reilly guide to security on a UNIX system http://www.oreilly.com/catalog/puis/ and finally: http://www.suse.de/~marc/ Of particular interest are the harden_suse and seccheck scripts. Once you understand everything they do and why you'll know more about security than most admins. Jonathan Conway Senior DBA ipoPros.com/TheStreet.com