What do you think?
Rate this book
SEGURANÇA EM SERVIDORES LINUX ATAQUE E DEFESA
O Linux tornou-se o servidor web mais popular do planeta, o que coloca a segurança dessas máquinas no topo das prioridades de qualquer administrador de sistemas – e, claro, de qualquer hacker também. O Linux sempre foi um berço de novas fronteiras e tecnologias no domínio da segurança, tendo dado à luz ferramentas tanto de defesa quanto de ataque: knockd, netcat, Nmap, Nping, entre muitas outras. Contudo, saber como explorar essas ferramentas à maneira hacker tem se tornado parte essencial do processo de fortalecimento da segurança de qualquer sistema moderno. Em vez de correr atrás do bandido, aprenda a antecipar seus movimentos e bloqueá-los.
Chris Binnie é um veterano do Linux, com experiência no mercado financeiro e no governo norte-americano, nos quais a segurança é considerada um ativo crítico. Binnie demonstra cenários bastante desafiadores e guia o leitor em diversas áreas da segurança para demonstrar técnicas robustas de detecção, prevenção e defesa, e não economiza conselhos que ele mesmo precisou de anos de experiência para aprender. Essas técnicas podem ser aplicadas em qualquer distribuição Linux, incluindo os derivados do Debian e Red Hat, bem como outros sistemas baseados em Unix ou semelhantes a ele. O texto inclui dicas do especialista para fazer com que os pacotes de software funcionem bem com o sistema operacional e com outros pacotes.
O Linux goza de uma reputação ilibada e muito merecida de estabilidade firme como rocha, e é por isso que 70% dos servidores da internet rodam nele. Este livro oferece insight e informação para que o leitor possa manter seus próprios servidores Linux trancafiados a sete chaves.
Abordando as ferramentas prediletas dos hackers e suas maiores frustrações, Segurança em servidores Linux mostra como:
Tornar o servidor invisível sem perturbar os serviços em produção
Monitorar arquivos individuais ou sistemas de arquivos manual ou automaticamente
Virar as ferramentas prediletas dos hackers contra eles mesmos, como parte de sua defesa
Aprender como os agressores descobrem os pontos fracos dos seus sistemas
Explorar as possibilidades dos scripts do Nmap
Defender-se de malware e de ataques DDoS
Descobrir quão fácil é comprometer um website ou quebrar uma senha
Chris Binnie é um veterano do Linux, com experiência no mercado financeiro e no governo norte-americano, nos quais a segurança é considerada um ativo crítico. Binnie demonstra cenários bastante desafiadores e guia o leitor em diversas áreas da segurança para demonstrar técnicas robustas de detecção, prevenção e defesa, e não economiza conselhos que ele mesmo precisou de anos de experiência para aprender. Essas técnicas podem ser aplicadas em qualquer distribuição Linux, incluindo os derivados do Debian e Red Hat, bem como outros sistemas baseados em Unix ou semelhantes a ele. O texto inclui dicas do especialista para fazer com que os pacotes de software funcionem bem com o sistema operacional e com outros pacotes.
O Linux goza de uma reputação ilibada e muito merecida de estabilidade firme como rocha, e é por isso que 70% dos servidores da internet rodam nele. Este livro oferece insight e informação para que o leitor possa manter seus próprios servidores Linux trancafiados a sete chaves.
Abordando as ferramentas prediletas dos hackers e suas maiores frustrações, Segurança em servidores Linux mostra como:
Tornar o servidor invisível sem perturbar os serviços em produção
Monitorar arquivos individuais ou sistemas de arquivos manual ou automaticamente
Virar as ferramentas prediletas dos hackers contra eles mesmos, como parte de sua defesa
Aprender como os agressores descobrem os pontos fracos dos seus sistemas
Explorar as possibilidades dos scripts do Nmap
Defender-se de malware e de ataques DDoS
Descobrir quão fácil é comprometer um website ou quebrar uma senha
- GenresReference
168 pages, Paperback
First published January 2, 2016
3 people are currently reading
26 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 2 of 2 reviews
September 12, 2024
This was an interesting read. On one hand, I did learn about various tools I didn’t know about (or only knew about-knew about but never took time to look into) as well as learning some protocol level stuff, on the other hand… is this for beginners or intermediaries? Seasoned system administrators or hobbyist home server/system maintainers?
It claims to be for mid-level admins, software hackers, and other IT professionals, yet still includes instructions on how to use basic standard package management commands (`apt-get`/`yum`). It also includes help with using basic systemd commands and various other very basic system administration commands. On the other hand, it seems to just not cover other (basic, I thought) security concepts—or maybe the audience is supposed to already be familiar with these?
E.g., the first chapter starts right off the bat with an approach on how to make your system “invisible” on the internet, but there is no discussion (here or later on) about how obscurity isn’t security—which I feel is a fairly basic tenet within security (computer and otherwise)? Any discussion about threat modelling is also entirely absent, to the extent where it isn’t mentioned at all (“model” is not in the text once!).
The author also seems to not be very knowledgable about the field and to not have done simple fact-checks of some statements made. E.g., inotify is reportedly in kernels from version 2.6.13 and after. “Reportedly”? Either it’s in the kernel tree or it isn’t! And according to the forums, AMD processor chips suit the XOP version. This should be a very simple case of checking which CPU flags the XOP expects and whether AMD CPUs have them. This could even have included the flag(s) to look for in `/proc/cpuinfo` so readers could determine this on their own, beyond just “AMD CPU or not”.
Some parts also come across as if the author is trying out the software solely for the purpose of including in the book. E.g., Having tried installing LMD […], and having become familiar with how it operates, I believe that LMD is definitely worth considering for use on your
production machines. Does this mean the author has no experience actually running LMD (Linux Malware Detect) on production machines? They’ve just installed it on a test machine and played around with it? And how much did they even try it out? E.g., when discussing Iptables rules in chapter 6, they note that If I’m reading the documentation correctly, [some details about command-line options/flags]. Did he even try it out? Is he writing the chapter based entirely off of his understanding from reading the man page? If he did try it out, why does he need to specify the If I’m reading […] correctly, he would know… no?
There are a number of other small gripes (like, why is the author calling standard `*` globbing “regular expressions”??), but I feel like I have already dug into the writer enough, so let me finish off with some things I did appreciate.
Each chapter is written somewhat like a longer blog post and are mostly self-contained, which makes them good for use as reference material as well as for picking out only chapters of relevance/interest. I did learn about a number of tools I was not familiar with before (e.g., `knock`, LMD) and brought up some other tools that I’ve been meaning to look into but never got around to (e.g., nmap). I also learned some background about TCP and ICMP I didn’t know beforehand.
Overall, it’s… fine. The book is showing its age (being almost 10 years old now), but many of the foundational things covered here are, to my knowledge, still true today, though specifics/implementations may look different. If you’re a war-seasoned system administrator and/or pentester, there likely won’t be much to gather from this, but if you’re reasonably new to Linux and security/system hardening, there might be some decent pointers here. In the latter case, though, there are probably other and better sources to get started with before you begin to look at the things in this book (such as the “Security” article on the ArchWiki).
It claims to be for mid-level admins, software hackers, and other IT professionals, yet still includes instructions on how to use basic standard package management commands (`apt-get`/`yum`). It also includes help with using basic systemd commands and various other very basic system administration commands. On the other hand, it seems to just not cover other (basic, I thought) security concepts—or maybe the audience is supposed to already be familiar with these?
E.g., the first chapter starts right off the bat with an approach on how to make your system “invisible” on the internet, but there is no discussion (here or later on) about how obscurity isn’t security—which I feel is a fairly basic tenet within security (computer and otherwise)? Any discussion about threat modelling is also entirely absent, to the extent where it isn’t mentioned at all (“model” is not in the text once!).
The author also seems to not be very knowledgable about the field and to not have done simple fact-checks of some statements made. E.g., inotify is reportedly in kernels from version 2.6.13 and after. “Reportedly”? Either it’s in the kernel tree or it isn’t! And according to the forums, AMD processor chips suit the XOP version. This should be a very simple case of checking which CPU flags the XOP expects and whether AMD CPUs have them. This could even have included the flag(s) to look for in `/proc/cpuinfo` so readers could determine this on their own, beyond just “AMD CPU or not”.
Some parts also come across as if the author is trying out the software solely for the purpose of including in the book. E.g., Having tried installing LMD […], and having become familiar with how it operates, I believe that LMD is definitely worth considering for use on your
production machines. Does this mean the author has no experience actually running LMD (Linux Malware Detect) on production machines? They’ve just installed it on a test machine and played around with it? And how much did they even try it out? E.g., when discussing Iptables rules in chapter 6, they note that If I’m reading the documentation correctly, [some details about command-line options/flags]. Did he even try it out? Is he writing the chapter based entirely off of his understanding from reading the man page? If he did try it out, why does he need to specify the If I’m reading […] correctly, he would know… no?
There are a number of other small gripes (like, why is the author calling standard `*` globbing “regular expressions”??), but I feel like I have already dug into the writer enough, so let me finish off with some things I did appreciate.
Each chapter is written somewhat like a longer blog post and are mostly self-contained, which makes them good for use as reference material as well as for picking out only chapters of relevance/interest. I did learn about a number of tools I was not familiar with before (e.g., `knock`, LMD) and brought up some other tools that I’ve been meaning to look into but never got around to (e.g., nmap). I also learned some background about TCP and ICMP I didn’t know beforehand.
Overall, it’s… fine. The book is showing its age (being almost 10 years old now), but many of the foundational things covered here are, to my knowledge, still true today, though specifics/implementations may look different. If you’re a war-seasoned system administrator and/or pentester, there likely won’t be much to gather from this, but if you’re reasonably new to Linux and security/system hardening, there might be some decent pointers here. In the latter case, though, there are probably other and better sources to get started with before you begin to look at the things in this book (such as the “Security” article on the ArchWiki).
May 2, 2017
A wonderful source for information security. Hopefully the content is not misused and only should be used for legitimate purposes to defend the threats.
Displaying 1 - 2 of 2 reviews