Assumptions This Book Makes

While security itself is too important to relegate to the list of "advanced topics" that you'll get around to addressing at a later date, this book does not assume that you are an absolute beginner at Linux or Unix. If it did, it would be twice as long: for example, I can't give a very focused description of setting up syslog's startup script if I also have to explain in detail how the System V init system works.

Therefore, you need to understand the basic configuration and operation of your Linux system before my procedures and examples will make much sense. This doesn't mean you need to be a grizzled veteran of Unix who's been running Linux since kernel Version 0.9 and who can't imagine listing a directory's contents without piping it through impromptu awk and sed scripts. But you should have a working grasp of the following:

  • Basic use of your distribution's package manager (rpm, dselect, etc.)

  • Linux directory system hierarchies (e.g., the difference between /etc and /var)

  • How to manage files, directories, packages, user accounts, and archives from a command prompt (i.e., without having to rely on X)

  • How to compile and install software packages from source

  • Basic installation and setup of your operating system and hardware

Notably absent from this list is any specific application expertise: most security applications discussed herein (e.g., OpenSSH, Swatch, and Tripwire) are covered from the ground up.

I do assume, however, that with non-security-specific applications covered in this book, such as Apache and BIND, you're resourceful enough to get any information you need from other sources. In other words, new to these applications, you shouldn't have any trouble following my procedures on how to harden them. But you'll need to consult their respective manpages, HOWTOs, etc. to learn how to fully configure and maintain them.