Real World Linux Security book

Real World Linux Security, 2nd Ed. has been SLASHDOT'ed! It has 848 pages explaining how to secure your Linux or UNIX systems in an easy-to-understand step-by-step method, with many examples showing exactly what to expect when doing building, installation, and configuration. It is not simply a recipe; it explains why these things are important and how to prioritize your efforts for the best return on time invested. There is plenty of humor and discussion of actual break-ins, why they occurred, and how to prevent them.

The 2nd Ed. has about 200 pages of new material as well as having substantial revision of existing material; it is (c) 2003. The Seven Deadly Linux Sins have been revised to match the current risks and a new Physical Security section has been added. Varying danger levels are noted by one to five skull-and-crossbones symbols so you know which problems most deserve your attention. Its extensive cross-referencing (including page numbers), Index, and design also allow it to be used as a reference.

RWLS has a very extensive IP Tables section, including Tips and techniques of debugging rules locally and remotely. It includes "drop in" Firewall scripts for a Small Office/Home Office environment and for a small/medium company with a DMZ. It covers wireless networks, low-level protocol ARP and Switch attacks and new defenses, Arpwatch, Logcheck, xinetd, and more.
Click to purchase 848pp 2nd edition from Amazon or other fine bookstore.

The author is Chief Technical Officer of Horizon Network Security.
Eric Raymond wrote the foreword for the book, which starts out "You have in your hands a book I've been waiting to read for years -- a practical, hands-on guide to hardening your Linux system which also manages to illuminate the larger issues in Unix security and computer security in general."

Berislav Kucan of says that it is "terrific and proves to be pure gold. Greatly written, filled with lot of interesting tips and facts about securing the Linux environment, the book can be used both for pumping your knowledge and as a reference in your future security related work."

Steve Bourne, creator of the Bourne Shell says of it, "A comprehensive guide to system security - covers everything from hardening a system to system recovery after an attack."

Very few networks, even those with a firewall, are secure. Many organizations' firewalls are improperly configured, allowing crackers to see and attack their internal network with ease. For US$100 we will do a non-destructive scan of your network from the Internet (and interpret the results) to show you what a Cracker can see and attack. Most people are very surprised at how open their networks really are to attack.

Usually, we will be able to tell you not only the IP address of each of your internal systems but also what version of Windows, Unix, Linux, etc. that each system is running, what network services it is offering, and how vulnerable to attack each system is. We then can discuss inexpensive ways to secure your network.

Among our many security and system administration services, we offer 24x7 Monitoring of our clients' systems to detect and correct computer and network failure, cracker attacks, and defaced web pages. Additional services include the installation of security patches as they become available and also typical SysAdmin duties.

For more information on our services contact the author's Linux & UNIX security consulting company, Horizon Network Security, at +1 770-662-8321 10 am to 6 pm US Eastern Time (or other times in an emergency), click on the icon, or send us email at

Please read what has been said about RWLS.

It has it all when it comes to Linux security (Rated 5 stars)
( reader review)

I have both editions of Bob's book. I've been working with Linux since 1995, system administration/networked systems for over 12 years. I must say, this is the most comprehensive book on system/network protection of any I've seen. It covers every subject found in other books I've purchased and then some. It is an excellent read from cover to cover as well as a reference document to keep at hand. Much of the book is applicable to network/system security regardless of the systems you're using.

You'll find yourself wondering "wow, that's common sense, why didn't I think of that?" But, it is also full of jewels of more esoteric approaches to protecting systems that will continue to foil the knowledgeable cracker. Focus on the "rings of security," the concept is excellent. This is the book to have, to read cover to cover and keep at your side as it is the ultimate reference document for network/system security.

The book was written by Bob Toxen, one of the 162 developers of Berkeley UNIX, who had 26 years of UNIX and 6 years of Linux experience at the time and much of that involves security. Real World Linux Security, 1st Ed. was published November 2000.

Be sure to add yourself to the readers' mailing list (near the bottom of this web page) to get important new security information and also check the Updates and errata link for the few typos and information received after publication.

This complete, easy-to-use, and up-to-date book will help you secure your Linux and UNIX systems against all manner of attack with extensive examples and step-by-step instructions. It is set up so that it can be used as a workbook, doing a little bit at a time, or as a reference for any aspect of Linux or UNIX security. This includes using Linux as a firewall for a mixed operating system network. It covers home systems, corporate networks, and e-commerce issues.

Learn the seven deadly sins of Linux security

Learn the gory details of securing Sendmail and Apache

Learn to install key security tools, such as PGP and Secure Shell

Learn how to configure an effective firewall with IP Chains

Learn how to create effective security policy

Read case studies on break-ins and and their successes and failures

Learn how to block spam

Learn how to protect your customer credit card database

Learn how to quickly detect when someone is breaking in

Learn to recover quickly and completely from break-ins

Load the author's own tools and many open source tools from the included CD-ROM.

Updates and errata for the book is available here.

Extensive attention is devoted to protecting Internet servers, including web servers used for e-commerce, mail servers, and FTP servers. SSH, the secure shell, and the GNU version of PGP are covered in detail in a step-by-step fashion. It offers a unique but easy-to-implement method to protect your database of customer credit cards from almost any attack by crackers. 300,000 customer credit card numbers were stolen from one site alone (CD Universe), possibly 4,000,000 from another (Egg Head); do not be next.

The author recognizes that despite the best efforts of talented system administrators, some systems will suffer break-ins. Rather than the usual "install from backup, good luck, and don't call me" this book devotes over 60,000 words to preparing for this, detecting it, and very rapidly recovering from almost any break-in. Learn how to have your system page you when an attempted break-in or successful web page defacement occurs.

If your site is breached it will allow you the fastest recovery with the least damage to your data and organization. The White House, the FBI and CIA, Lloyds of London, eBay, and many others could have benefited from this information. Know what to do and what to expect if you wish to "throw the cracker in prison". Find out how the U.S. Secret Service can help you.

The book contains humorous examples and amusing case studies to add laughs to the topic while illustrating important points. Find out about the problem on the M5 computer, how Ken Thompson broke into a Navy computer, and if Bill's password is "money" or "640k". Find out how one gray hat who had broken into UC Berkeley's main UNIX development system got his password stolen by another person who was breaking in.

The book addresses the difficult issues of policy and laptop security, keeping up to date on the latest vulnerabilities and defenses, tracking an attack back to its source, and how many popular protocol-based attacks work, what to do about buffer overflow vulnerabilities, and CGI program bugs.


It has been featured on's books page.
In a review at Unix Ben Rothke gives it 5 stars and says on August 28, 2001

"Although it comprises nearly 700 pages, Real World Linux Security is light on filler and bursting with important information on how to secure a Linux host. In reference to space filler, other books often have about a third of their content made up of screen prints and source code listing. Toxen's book fortunately does not use that route and instead directs readers to either a Web site or the companion CD-ROM for source code. The book is useful for all flavors of Linux, yet nearly all of the topics can be applied to other operating systems as well, because the threats are basically the same -- only the common line usage changes.

"At page 25 -- where many other security books would still be addressing abstract ideas about computer security -- Real World Linux Security deals with Linux's "Seven Most Deadly Sins." Some of them are: weak passwords, old software versions, open network ports, and poor physical security. Just a few of the other critical security topics covered in the book are: common break-ins by subsystem, establishing security policies, hardening your system, and scanning your system for anomalies.

My interview with Cameron Laird was published on March 23, 2001 in IT World.
In "Linux Journal" in June 2001 on pages 68-69, Don Marti ( highly regards the book and says

"Real World Linux Security is the kind of book to which we have to give a good review, as it is seemingly written to butter us up. Bob Toxen says most Linux distributions install too many extra dæmons by default, he lists privacy-violating web advertiser DoubleClick, Inc. as a security issue, and he even uses as one of the hosts in an example. We like him already.

"We also have to like the concept of a big, fun workbook full of things we can do to increase the security of our Linux systems and how to prepare to get back up with minimum pain if they do get compromised. So please resist the temptation to, after taking one look at these 694 pages of cracks, sploits, bugs and vulnerabilities, go home, unplug your Linux box from the Net and crouch behind it with a shotgun. This book is here to help you, not scare you, and you should be able to get through the most important parts in a weekend. There's no cause for alarm, but no reason to be smug either.


There was interview in Russian with the author in Computerworld Russia.
There was an review in German.
In Linux Journal's on-line web site on May 1, 2001 S. Salman Ahmed thinks highly of the book and says

"I found that the book had an easy-to-read style, and Toxen's explanations are to-the-point, concise and clear. Toxen's writing style has just the right touch of humour to make this book an engaging, entertaining and informative read on the subject of Linux security. I would highly recommend this book to any Linux SysAdmin (and user) interested in securing their Linux systems. From practical hands-on tips and techniques to detailed explanations of attacks and other Linux security issues, this book is a must-read for anyone interested in Linux security.
"Security isn't a subject solely for SysAdmins responsible for maintaining and administering large corporate networks. It's a subject that every Linux user and certainly every Linux administrator must educate themselves on and always be aware of. As Linux continues to attract new users and becomes more popular in the server space, understanding security issues and knowing how to secure a Linux system becomes very important.

"Upon opening this book for the first time, I was immediately impressed by the vast amount of information presented. Simply skimming through the book's table of contents, it is easy to appreciate the wide range of topics covered by Toxen.

"The book is divided into three parts, with Part I of the book focused on ways to secure a Linux system.

"Toxen gets off to a quick start with a chapter aptly titled "Quick Fixes for Common Problems", in which he discusses the basic and most common security issues that most SysAdmins have to face.


In Information Security Magazine in April 2001 on page 114, Pete Loshin gives the book 5 stars and says

"Not many people know enough about Unix, Linux and security to meld the three topics together in a comprehensive book. Bob Toxen may be the exception. With more than 26 years of Unix and six years of Linux experience, Toxen brings a wealth of knowledge and an easy-to-digest writing style to Real World Linux Security, turning what could have been a dusty tome into an enjoyable read.

"This book isn't just about Linux security; it's for "any Linux and Unix system administrator," as Toxen writes in the introduction. Despite the abundance of technical information, readers will appreciate Toxen's entertaining style as much as the code and detailed examples.


In Linux Magazine in April 2001, on page 18 Joe "Zonker" Brockmeier gives the book 5 penguins and says

"Bob Toxen's Real World Linux Security is a hefty tome, wherein he describes in great detail how to secure a Linux system ... His experience is evident throughout the book, which consists of 21 chapters that cover the gamut of security risks, how to detect and fix them, and what one should do in the event that your system is compromised.

"Real World Linux Security is a complete book that covers all of the bases ... However, the security holes are listed in order of severity in Appendix H, giving the harried system administrator a laundry list of issues to deal with when time is short.

"If you are responsible for the security of a Linux system, you should own this book. Toxen's work is an invaluable asset for novice and experienced admins alike.


In The Embedded Linux Consortium's web site says of RWLS in their June 2001 review by Dr. Skip Carter:

"Overall this is an excellent book on Linux Security, highly recommended. The book should be read, understood and PRACTICED.

There are many Unix security books in print, but what the Linux system administrator has not had available is one that covers specifically Linux in a substantial way. With "Real World Linux Security" we finally have such a book, written by someone that has been working with Unix since the early days and is one of the original developers of Berkeley Unix.

"This book is useful for the Linux sysadmin for whom Linux is just one more flavor of Unix for them to administer as well as those for whom Linux is their first and only Unix type system to manage. The book will help the first group by saving them time in trying to figure out the "Linux way" of doing something that they know how to do on other types of Unix OSs. The second category of Linux administrators will find this book to be absolutely essential, since they do not have the benefit of having seen something at least similar enough that would allow them to say, take the recommendations on a Solaris security book and figure out how (or if) that would apply under Linux.

"The book makes an effort to cover all the practical issues involved in having a system online and still being secure. It starts with a section that describes how and why Linux systems should be secured. It begins the section with substantial chapter which provides advice on what services should be turned off and how to harden the services that are to be kept. This is followed by a chapter that covers the steps that can be taken to avoid the simpler break-in methods. Then there is chapter 4, the single most important chapter in the book. It covers the major services that get exploited: NFS, portmap, sendmail, FTP, telnet, the "r" commands, DNS, POP, IMAP, and lpd. Hardly a day goes by on a large network without somebody rattling the doorknob on one of these services. Every security administrator should know about the potential problems with each of these services and what to do about them. This is the chapter to study, if they don't.


In "Server/Workstation Expert Magazine" (formerly "Sun Expert Magazine"), Cameron Laird said of it in the March 2001 issue on page 44:

"Of only slightly less universal interest [than SAGE] is Real World Linux Security, by Robert Toxen. This book is remarkable for its accuracy and pertinence in a volatile field; in fact, the worst thing I've found so far in Real World Linux Security is the title. Its contents apply almost equally well to UNIXes other than Linux.

"Toxen is an industry vet who has poured his experience and judgment between the covers of this book. I'm generally discouraged about attempts to say anything simultaneously comprehensive and meaningful about security. Toxen changed my attitude, though. This book balances appropriate technical detail and personal anecdote more usefully and lucidly than I expected. I've tested Real World Linux Security a half-dozen times with situations that have come up in my own work, and each time Toxen had something helpful for me. You can read more about it at Toxen's site

;Login: Magazine, the magazine of Usenix (the original and most academic Unix organization) and SAGE reviewed Real World Linux Security in the February 2001 issue on page 74-75. Peter Salus said

"By and large, I found Bob Toxen's book very good. It is the first really full treatment of Linux security. But therein lies one of its flaws: it's very long. Over 700 pages. Nearly 100 of them made up of appendices. But it's solid; and the topic is an important one. (Perhaps I've said that too often.)

"Toxen has organized the tome well, and he writes well enough that I wasn't in agony at any time. The 20 pages of Chapter 5 ("Common Attacks"); Chapters 10 and 11 ("Case Studies" and "Recent Break-ins"); and the 40 pages on Intrusion Detection (Part III) are exceptionally fine.

"The appendix on references is good, but confusingly organized. Too many non-Prentice Hall books (especially those published by Addison-Wesley and O'Reilly) are missing. reviewed Real World Linux Security on 02/20/2001.
Real World Linux Security is mentioned in the September issue of Linux Journal in Stan Kelly-Bootle's column on page 166. "Coming Soon [November 2000]: the ultimate book on Linux Security from Prentice Hall Ptr: Bob Toxen's Real World Linux Security -- Intrusion Prevention, Detection, and Recovery, including a CD-ROM of vital programs to reduce your ``vulnerabilities''."

It is mentioned in the October issue of Linux Journal in Stan Kelly-Bootle's column on page 190. mentions the book in the article "Southern Fried Firewalls".
Cameron Laird,, said of it:

"I won't wish you good luck with your book; all you need is for it to get the attention it deserves. I've been using it over the past week, and, so far, it's proved to be as valuable as the glowing words on the cover promise.

More generally, thanks for taking the time to answer with the detail and personal care you've shown here [in the online interview]. Your remarks have done ME considerable good, and I expect the same is true for other readers, too."

Linux Weekly News (Liz Coolbaugh) said of it on Security on December 14, 2000:

"Real World Linux Security: Intrusion Prevention, Detection, and Recovery. Bob Toxen kindly dropped us a note announcing the publication of his book, "Real World Linux Security: Intrusion Prevention, Detection, and Recovery", by Prentice Hall Ptr. "Most of the problems raised in Bruce Schneier's new book, "Secrets and Lies: Digital Security in a Networked World", are addressed in my book and solutions are offered and explained".

There is another interview with the author at This interview also is linked to from interview mirror
S. Walberg of BrainBuzz said of it:

A cookbook style manual on securing a Linux installation.

In Why We Love Linux, Rob Wright of VARBusiness Magazine talks about how reliable Linux is. Connecting any machine to the Internet is a dangerous thing. In these times, script kiddies routinely scan for vulnerabilities. Linux is a secure operating system, but it takes a bit of work. To make the job easier, a good book can help. "Real World Linux Security" is such a book. What makes this book special is that it focuses not only on securing your box, but also on preparing for, detecting, and recovering from intrusions. The fact of the matter is, an intrusion is a real possibility, and not knowing about it can almost be worse than the intrusion itself.
... This is a very good book for someone looking for a beginner's cookbook on security for Linux. It's full of shell scripts to help you out, links to get the software, and a well designed classification of vulnerabilities to help you spend your time more wisely. Don't expect to be a security guru at the end of it, but you can certainly expect to sleep better at night

The book is mentioned in Poptronics Magazine in the March 2001 issue, starting on page 4 in a letter by Doug Merritt.
Eric Raymond has reviewed the book and written the foreword for it: "You have in your hands a book I've been waiting to read for years -- a practical, hands-on guide to hardening your Linux system which also manages to illuminate the larger issues in Unix security and computer security in general." We're looking forward to the chance to review it ourselves. Best of luck, Bob."

About the author

As an undergraduate at Berkeley in the late 1970s, he learned about security by breaking into the UNIX systems there, successfully evading such system administrators as Jeff Schriebmann, Bill Joy, and Bob Kridle; they later founded UniSoft, Sun, and Mt. Xinu. Bob is one of the 168 recognized developers of Berkeley UNIX.

He was one of the four developers who did the initial port of UNIX to the Silicon Graphics hardware and has hacked the kernel of a C2-compliant secure UNIX system.

Bob was the architect of the client/server system that NASA's Kennedy Space Center uses to communicate with the 3000 PCs used to store and retrieve the 900 GB of documents pertaining to Space Shuttle Payloads. He was the UNIX System Administrator for the Americas Computer Center for one of the world's largest shipping companies.

Bob was the architect for the server controlling a popular Linux-based Network Disk appliance, the Netgear ND508 and ND520. Mr. Toxen wrote "The Problem Solver" column for UNIX Review magazine and has given many classes on Linux and UNIX. He created the Sunset Computer at, used by hundreds of thousands of people around the world to determine sunrise and sunset and local time. (Even "Ask Jeeves" recommends it.) These include private, commercial, and military pilots, air traffic controllers, photographers, the U.S. Army for planning maneuvers, hunters and game wardens, truckers, and police officers.

The book was technically reviewed by:

Kurt Seifried, Consultant

Michael Warfield, Sr. Wizard X-Force
Internet Security Systems

Larry Gee, Consultant

Stephen Friedl, Consultant

Mike O'Shaughnessy

Dr. Indira Moyer, Consultant

Bob lives in Atlanta, GA, where he is president and CTO of Who do you want to keep out today?(SM)Horizon Network Security , which offers inexpensive Firewalls, Virtual Private Networks (VPN), Virus filters, and Routers on the same Linux box, consulting services in network, Linux, and UNIX security, and system administration -oriented C programming -- done right the first time.

Add yourself to the mailing list to be notified of important new security information, tips, and book errata. (While I'll try to mention major new security problems, this is no substitute for subscribing to the mailing lists discussed in the book.)

Privacy notice:
Your information will be used only to supply security related information and occasional mention of security, SysAdmin, and programming services offered by Horizon Network Security. This information will not be shared with anyone else.

Your name: Your company:
Your City and State or Country:
Your E-mail address:
Did you buy Real World Linux Security, 2nd Edition?
Did you buy Real World Linux Security, 1st Edition?
Do you plan to buy Real World Linux Security, 2nd Edition book?
Are you responsible for corporate network/system security?
Is corporate network/system security more than 50% of your job?
Do you have a home Firewall?
Do you want expert Linux & UNIX security and SysAdmin consulting help at reasonable rates?

Please add any comments, including what you think of the book (use as many lines as you want):

Receipt of your request will be acknowledged.

Send email to the author at to comment on the book.
Who do you want to keep out today?(SM)
o Security consulting
o Security audits (let us tell you the holes in your firewall and servers)
o Network and system hardening (to reduce the likelihood of break-in)
o Firewall, VPN, and T1/E1/DSL Router installation, configuration, and monitoring, including redundant firewalls
o 24x7 monitoring/repair of sites for crashes, web page defacement, attacks
o Recovery from break-ins
o Installation of security patches on a timely basis
o Routine Linux and Unix System Administration

Telephone us at +1 770-662-8321 10 am to 6 pm US Eastern Time (and at other times in emergencies) or email us at for expert Linux, Unix, and network security help.

The author's public PGP/GPG key may be used to send the author confidential email and to verify the signatures on the web site; it also is on the CD-ROM as key.txt.
pub 1024D/E3A1C540 2000-06-21 Bob Toxen <>
Key fingerprint = 30BA AA0A 31DD B68B 47C9 601E 96D3 533D E3A1 C540
sub 2048g/03FFCCB9 2000-06-21

Copyright © 2000-2020 Horizon Network Security. All rights reserved.