security links (was Re: Re [plug] security (was Re: [plug] Installfest - distributions))

Christian christian at amnet.net.au
Sun Aug 27 11:38:53 WST 2000


On Fri, Aug 25, 2000 at 02:09:30PM +0800, skribe wrote:
> At 14:00 25/08/00, Christian wrote:
> >One of them is quite good although the other
> >that I've read is written by a very-much wannabe.
> 
> Give us links!  Damn, talk about getting blood from a stone! =)
> 
> Mental note:  include links in FAQ.

Ok, I haven't looked at the documents for about a year so this is all
for memory.  I think there is a SECURITY HOWTO available from
www.linuxdoc.org (otherwise try doing a search).  The "Linux
Administrators Security Guide" (LASG) by Kurt Seifried which, last time
I read it, contained nearly a dozen technical errors (and probably over
50 major spelling and grammatical errors) is still fairly comprehensive
in terms of coverage (although a lot of that coverage is quite general).
It's a reasonable place for someone who knows nothing about Linux
security to start although it won't tell you anything you don't know if
you already have any sort of background already.  You can probably
get it from either:
		http://www.seifried.org/lasg
		http://www.securityportal.com/lasg

(Or similar.)

There was also a "Linux Security Administrator's Guide" (LSAG) which was
more HOWTO-like and seemed to be both quite well-written and technically
correct (although I didn't spend too long reading it).  This one isn't
quite as popular as the LASG but is still worth hunting down if you want
another (similar, but better) document to above.  I have a URL in my
bookmarks from a while back which was:

http://www.nic.com/~dave/SecurityAdminGuide/SecurityAdminGuide.html

Not sure if this is still current.

As someone suggested there are plenty of other guides out there which
are probably useful if you know nothing about security and would like to
get a background in the basics.  If you want to go beyond the basics,
however, they don't help too much.  In the end it just takes a lot of
time, experience and reading from a variety of sources (mailing lists,
books, academic papers, manuals, published standards, ...).

Hope this helps,

Regards,

Christian.



More information about the plug mailing list