There are a LOT of good sites out there for Unix security in general
and Linux security specifically. It's very important to subscribe to
one (or more) of the security mailing lists and keep current on
security fixes. Most of these lists are very low volume, and very
The LinuxSecurity.com web site has numerous Linux and open source security
references written by the LinuxSecurity staff and people collectively around
Linux Advisory Watch -- A comprehensive newsletter that outlines the security
vulnerabilities that have been announced throughout the week. It includes
pointers to updated packages and descriptions of each vulnerability.
Linux Security Week --
The purpose of this document is to provide our readers with a quick summary
of each week's most relevant Linux security headlines.
Linux Security Discussion List -- This mailing list is for general security-related questions and comments.
Linux Security Newsletters -- Subscription information for all newsletters.
comp.os.linux.security FAQ -- Frequently Asked Questions with answers for the comp.os.linux.security newsgroup.
Linux Security Documentation -- A great starting point for information pertaining to Linux and Open Source security.
CERT is the Computer Emergency Response Team. They often send out
alerts of current attacks and fixes. See
ftp://ftp.cert.org for more information.
ZEDZ (formerly Replay) (
has archives of many security programs. Since they are outside
the US, they don't need to obey US crypto restrictions.
Matt Blaze is the author of CFS and a great security advocate. Matt's
archive is available at
tue.nl is a great security FTP site in the Netherlands.
Bugtraq: To subscribe to bugtraq, send mail to email@example.com
containing the message body subscribe bugtraq. (see links above for
CIAC: Send e-mail to firstname.lastname@example.org. In the BODY (not
subject) of the message put (either or both):
Red Hat has a number of mailing lists, the most important of which is
the redhat-announce list. You can read about security (and other)
fixes as soon as they come out. Send email to
email@example.com with the Subject
more info and archives.
The Debian project has a security mailing list that covers their
security fixes. See
http://www.debian.com/security/ for more information.
There are a number of good security books out there. This section
lists a few of them. In addition to the security specific books,
security is covered in a number of other books on system
- Building Internet Firewalls By D. Brent Chapman & Elizabeth D. Zwicky,
1st Edition September 1995,
- Practical UNIX & Internet Security, 2nd Edition By Simson Garfinkel & Gene Spafford, 2nd Edition April 1996, ISBN: 1-56592-148-8
- Computer Security Basics By Deborah Russell & G.T. Gangemi, Sr., 1st
Edition July 1991, ISBN: 0-937175-71-4
- Linux Network Administrator's Guide By Olaf Kirch, 1st Edition January
1995, ISBN: 1-56592-087-2
- PGP: Pretty Good Privacy By Simson Garfinkel, 1st Edition December 1994,
- Computer Crime A Crimefighter's Handbook By David Icove, Karl
Seger & William VonStorch (Consulting Editor Eugene H. Spafford),
1st Edition August 1995, ISBN: 1-56592-086-4
- Linux Security By John S. Flowers, New Riders; ISBN: 0735700354, March 1999
- Maximum Linux Security : A Hacker's Guide to Protecting Your Linux Server
and Network, Anonymous, Paperback - 829 pages, Sams; ISBN: 0672313413, July
- Intrusion Detection By Terry Escamilla, Paperback - 416 pages
(September 1998), John Wiley and Sons; ISBN: 0471290009
- Fighting Computer Crime, Donn Parker, Paperback - 526 pages (September
1998), John Wiley and Sons; ISBN: 0471163783