I'm looking to learn further about securing a CentOS 6.3 web server and can get a used copy of "Linux Server Security" pretty cheap (http://www.barnesandnoble.com/w/linu...i=linux+server)

My question is whether a book from 2005 about Linux server security is prescient in 2012. I was also looking at buying a book on iptables which confuses the hell out of me up to this point. Is this a question whose answer varies on specifics or are there general rules of thumb when trying to expand your knowledge affordably?

Specifics: I'm running a CentOS 6.3 mirror of the apache project's download section and getting a surprisingly large # of apparent hack attacks which is ok with me if it serves as an opportunity for learning security.

Any links to good (prescient) e-learning would also be greatly appreciated. I suppose my question is really one of advice on direction to take at this point in my self-ejumukashun and newb-dom.

Learning even old data helps you. 2005 isn't that bad so you can learn almost all of that and still have use for it.

I used to get older books at a discount and really liked it.

Not sure iptables has changed so it would be useful.

I'd buy it.
The principles and techniques in the book will still be valid even though the data it is referencing may be dated.

I agree that even a book from that long ago still serves a purpose as Linux server management as well as security insights and best practices tend to gradually evolve over time. However considering the topics of your previous threads (some of which unfortunately were left unanswered [0|1]) which slowly move from client-oriented to server-centric, the fact you use a RHEL clone and the fact you appear to have started your server project some time ago I would nonetheless suggest starting with fundamentals like Rute's tutorial (just skip what you know) or if you want a dead tree O"Reilly's "Linux in a Nutshell" (2009 IIRC). While you might scoff at what the title suggests it offers you a solid foundation covering all Linux basics. But once you know how to properly config and admin a basic client role machine you're halfway there. One of the upsides of using Red Hat is that it comes with plenty of management basics (the Deployment, Configuration and Administration Guides for example) and server administration documentation you should be (or get) comfortable with anyway (RSN). A more recent (2011) dead tree might be Sobell's "A Practical Guide to Fedora and Red Hat Enterprise Linux" which covers firewalling and networked services too. Point is I wouldn't shell out cash because something is cheap. Instead I'd look around for what gets you up to speed with the basics in a comfortable and quick way (preferably something that you want to use and re-read again), check what's there for free on any topic that would get you started securing your server (about each major OSS has detailed sections on security) and only buy another book when you've exhausted your on-line resources.

Iptables, from a philosophical/approach standpoint, confuses the hell out of me. I find bits of things that are suggested to put into my firewall without understanding them. Then I see others say stick to a minimal setup, including your firewall because some firewall settings can cause problems.

I didn't (but may still) get the book I mentioned, but did purchase an e-book, "Network Security Using Linux," which covers a lot of ground at a basic level & I would definitely recommend (haven't finished it yet though.)

I went back, commented and closed some of those threads.

I was able to get a copy of "Linux in a Nutshell" and am slowly making my way through it, along with the other book I mentioned above, on Linux network security.

Thanks to everyone for the suggestions, very helpful!

Looking back at my old threads, it's surprising how far I've come and how clueless I was, yet still am. I was lucky enough to be able to take an online grad-level course on Linux System Admin., using CentOS (hence my using it now.) It was very basic, however, so not much on iptables or (applied) security, other than basic principles/philosophy.

At this point I've made some progress and have other concerns I will start separate threads for. Thanks again to everyone that has helped me get this far.

If it helps, there's a lot(!) of free to read manuals/books at www.linuxtopia.org.

Awesome thanks! Will definitely be spending some time there.