As Im currently forced to look thru loads of security related books for my MSc dissertation I just thought that I would offer a list of books that come in handy with many topics especially Linux Security.

General Security books
====================

Hacking Exposed 4th ed ------ excellent book can read as a whole or use as a reference.

Hacking Exposed Web Applications --- very informative and helps with developing secure code and secure setup of web servers.

Linux Focused Security
====================

Maximum Linux Security 2nd ed --Excellent reference and very easy to digest

Hacking Linux Exposed 2nd ed -- Again superb reference and identifies via case study etc particular areas of interest.

Linux Security (craig Hunt series) -- Again well balanced, a little dated but very informative.

Apache Security
====================

Proffesional Apache Security --- Fairly thin but its quality not quantity that counts this book is absolutely superb and has an excellent section on Apache Jailing. A must for all interested in APache Security.

Apache the Definitive guide ----- Not strictly security oriented but an excellent reference

Linux reference
======================

Linux in a Nutshell ----need I say anything, brilliant reference



All of the above are excellent books for the relative security newbie and/or intermediate/advanced user. Im not advocating everybody rush out and buy these books as much info is available on-line (See Unspawn's sticky). But for those who like to read info from a book while working or just for a focused approach all of these are excellent in bringing together pertinent security issues and/or supplementary information usefull for all Linux administrators.

Hope this helps some of you

Also Building Internet Firewalls is truely an excellent book for security awareness and hardening systems.

Nice list. "Real World Linux Security" is also a good 'un as far as security is concerned (I'm too poor to buy computer books- but you can jot down a heck of a lot at the bookstore ).

glad it helps, hope anybody else who can reccomend some Security books will let us now.

Perhaps this list could be made a sticky or added to UnSpawns FAQ as a list of sources of information???

Haven't read it myself but every review I've read for Maximum Security 4th Ed. has been excellent.

Also having recently purchased and read the books Id like to recommend


Professional Apache 2.0 Wrox press

Practical Unix and Internet Security 3rd ed. O'Reilly

Both are excellent reads and Practical Unix is an excellent resource for Security allthough a great deal of the security discussions take place at a more theoretical level it does assit in identifying what is needed and isnt before you go about removing/disabling things.

Perhaps this list could be made a sticky or added to UnSpawns FAQ(..)
LOL, it ain't my FAQ, it's a LQ FAQ.
And, yes, I'll add those books. Hows your 'lil project coming on?

Hehe well the FAQ looks like a UnSpawn whats what of Security at the moment so excuse the mistake

With regards my wonderful MSc Project Ive written up about 12000 words of research so far.

Practical element wise, Ive configured Apache 2.0 for SSL, PHP and etc. Along with MySQl yahda, yahda

Installed Sara, Tara, Crack, Jack and run Jack for 3 days before cracking a password so quite happy there.

And the pinnacle is that Ive managed to chroot Apache, ssl and PhP while getting the MySQL db to recognise the /chroot/temp/mysql.sock rather than normal /tmp/ so very happy there.

Now Im going to look into using Port Sentry for on demand Port Scanning and blocking and not sure what else yet. If I get time I may try and stick Guarddog or something on another machine I got and set Apache up as a proxy on it also. But time is short and allthough id like to work on setting up an Ip-tables firewall i dont think i will have time to.

Also Ive not forgotten about the Apache 2.0 chroot discussion/FAQ I said id knock together for you to check out just a bit busy at the moment, when I get a chance I'll e-mail it to you.

Dai