Appendix B. Bibliography

Contents

2. On-line resources

1. Books and articles

[Holbrook]

Step by Step Installation of a Secure Linux Web, DNS, and Mail Server, John Holbrook, version 1.4b, February 2004 (74 pages).

This article is available on-line at http://www.openna.com/pdfs/John_Holbrook_GSEC.pdf. It discusses among other things the mod_security module for the Apache webserver. You can also find a short how-to on setting up a secure web server (over TLS/SSL) in this paper.

[Mourani 2002]

Securing and Optimizing Linux: The Hacking Solution, Gerhard Mourani, 2002, Open Network Architecture, Inc., Montreal, Canada, ISBN 0-9688793-1-4

With its 47 chapters and 1200+ pages this book is the ultimate reference documentation for OpenNA Linux. In a simple and structured way the book explains the ways a server can be configured in a safe way. A lot of popular Linux-based services are discussed in extenso. Highly recommended.

[Mourani 2003]

The Official OpenNA Linux Installation Guide, Gerhard Mourani, 2003, Open Network Architecture, Inc., Montreal, Canada.

This installation guide was the inspiration for the ServerAtSchool Installation Guide. It is available via the OpenNA website at http://www.openna.com/pdfs/OpenNA_Linux_Installation_Guide.pdf.

[Ts, Eckstein, Collier-Brown]

Using Samba, 2nd ed., Jay Ts, Robert Eckstein & David Collier-Brown, February 2003, O'Reilly & Associates, Sebastopol, CA, USA, ISBN 0-596-00256-4.

Using Samba, Second Edition is a comprehensive guide to Samba administration. It covers all versions of Samba from 2.0 to 2.2, including selected features from an alpha version of 3.0, as well as the SWAT graphical configuration tool. Updated for Windows 2000, ME, and XP, the book also explores Samba's new role as a primary domain controller and domain member server, its support for the use of Windows NT/2000/XP authentication and filesystem security on the host Unix system, and accessing shared files and printers from Unix clients. The HTML version is included in the Samba distribution and can also be read on-line at http://www.oreilly.com/catalog/samba2/book/toc.html.

[Wessels]

Squid: The Definitive Guide, Duane Wessels, January 2004, O'Reilly and Associates, Sebastopol, CA, USA, ISBN 0-596-00162-2.

Squid is the most popular Web caching software in use today, and it works on a variety of platforms including Linux, FreeBSD, and Microsoft Windows. Squid improves network performance by reducing the amount of bandwidth used when surfing the Web. It makes web pages load faster, and can even be used to reduce the load on your web server. By caching and reusing popular web content, Squid allows you to get by with slower network connections. It also protects the hosts on your internal network by acting as a firewall and proxying your internal web traffic. You can use Squid to collect statistics about the traffic on your network, prevent users from visiting inappropriate web sites at work or school, ensure that only authorized users can surf the Internet, and enhance your privacy by filtering sensitive information from web requests. Companies, schools, libraries, and organizations that use Web caching proxies can look forward to a multitude of benefits.

Written by Duane Wessels, the creator of Squid, Squid: The Definitive Guide will help you to configure and tune Squid for your particular situation. Newcomers to Squid learn how to download, compile, and install code, while seasoned users of Squid will be interested in the later chapters, which tackle advanced topics such as high-performance storage options, rewriting requests, HTTP server acceleration, monitoring, debugging, and troubleshooting Squid. You may want to check out the book on-line at http://safari.oreilly.com/0596001622.

2. On-line resources

[apache]

http://www.apache.org
The Apache Software Foundation provides support for the Apache community of open-source software projects. The Apache projects are characterized by a collaborative, consensus-based development process, an open and pragmatic software license, and a desire to create high-quality software that leads the way in its field. They consider themselves not simply a group of projects sharing a server, but rather a community of developers and users. See also [httpd] below for more information about the Apache webserver.

[bind]

http://www.isc.org/sw/bind
The home page of the BIND nameserver project. BIND (Berkeley Internet Name Domain) is an implementation of the Domain Name System (DNS) protocols and provides an openly redistributable reference implementation of the major components of the Domain Name System, including:

• a Domain Name System server (named)
• a Domain Name System resolver library
• tools for verifying the proper operation of the DNS server

The BIND DNS Server is used on the vast majority of name serving machines on the Internet, providing a robust and stable architecture on top of which an organization's naming architecture can be built. The resolver library included in the BIND distribution provides the standard APIs for translation between domain names and Internet addresses and is intended to be linked with applications requiring name service.

[clamav]

http://www.clamav.net
Clam AntiVirus is a GPL anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (scanning e-mail messages and attachments). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package. Most importantly, the virus database is kept up to date.

[dhcp]

http://www.isc.org/sw/dhcp
ISC's Dynamic Host Configuration Protocol Distribution provides a freely redistributable reference implementation of all aspects of DHCP, through a suite of DHCP tools:

• A DHCP server
• A DHCP client
• A DHCP relay agent

These tools all use a modular API which is designed to be sufficiently general to be easily made to work on POSIX-compliant operating systems and also non-POSIX systems like Windows NT and MacOS.
The DHCP server, client and relay agent are provided both as reference implementations of the protocol and as working, fully-featured sample implementations. Both the client and the server provide functionality that, while not strictly required by the protocol, is very useful in practice. The DHCP server also makes allowances for non-compliant clients which one might still like to support.

[exim]

http://www.exim.org
The home page of the Exim project. Exim is a message transfer agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence.

[fsh]

http://www.pathname.com/fhs/
The Linux filesystem, at first sight, can be very confusing or even chaotic. However, there is order and the Filesystem Hierarchy Standard describes it in detail. The project which maintains this standard is overseen by FHS editors Rusty Russell, Daniel Quinlan, and Christopher Yeoh.
A more accessible and less formal document on the subject is Linux Filesystem Hierarchy by Binh Nguyen. This document can be found at http://www.tldp.org/LDP/Linux-Filesystem-Hierarchy/html.

[g4u]

http://www.feyrer.de/g4u
g4u ('ghost for unix') is a NetBSD-based bootfloppy/CD-ROM that allows easy cloning of PC hard disks to deploy a common setup on a number of PCs using FTP. The floppy/CD offers two functions. The first is to upload the compressed image of a local hard disk to a FTP server, the other is to restore that image via FTP, uncompress it and write it back to disk. Network configuration is fetched via DHCP. As the hard disk is processed as an image, any filesystem and operating system can be deployed using g4u. Easy cloning of local disks as well as partitions is also supported. g4u is maintained by Hubert Feyrer.

[giptables]

http://www.giptables.org
GIPTables Firewall is a free set of shell scripts that helps you generate iptables rules for Linux 2.4.x and newer kernels. It is very easy to configure and currently is designed to run on hosts with one or two network cards. It doesn't require you to install any additional components to make it work with your GNU/Linux system. All you need to set up a very secure firewall for your GNU/Linux machines is iptables and GIPTables Firewall.

[httpd]

http://httpd.apache.org (home page)
http://httpd.apache.org/docs-2.0 (documentation)
The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards.
Apache remains the most popular web server on the Internet since April 1996. The February 2005 Netcraft Web Server Survey found that more than 68% of the web sites on the Internet use Apache, making it more widely used than all other web servers combined.
The Apache HTTP Server is a project of the Apache Software Foundation, see [apache] above.

[jargon file]

http://www.catb.org/~esr/jargon/
This page indexes all the WWW resources associated with the Jargon File and its print version, The New Hacker's Dictionary. It's as official as anything associated with the Jargon File gets. In fall 1991, the 2.9.6 version of the File was published as "The New Hacker's Dictionary". Version 3.0.0, with over 250 new entries and numerous changes, was published in August 1993 as TNHD's second edition (ISBN 0-262-68079-3). Version 4.0.0, with 114 new entries and 235 changed entries, was published in September 1996 as TNHD's third edition (ISBN 0-262-68092-0).

[mailman]

http://www.gnu.org/software/mailman
Mailman, the GNU Mailing List Manager, is used for managing electronic mail discussion and e-newsletter lists. Mailman is web-integrated, making it easy for users to manage their accounts and for list owners to administer their lists. Mailman supports built-in archiving, automatic bounce processing, content filtering, digest delivery, spam filters, and more. Mailman is free software, distributed under the GNU General Public License. Mailman is written in the Python programming language, with a little bit of C code for security. The name of this software is spelled Mailman with a capital leading M and a lowercase second m. It is incorrect to spell it 'MailMan' (i.e. you should not use StudlyCaps).

[mysql]

http://www.mysql.com (home page)
http://dev.mysql.com/doc. (on-line documentation)
The text on the project's home page decribes MySQL very well:
"The MySQL database server is the world's most popular open source database. Over six million installations use MySQL to power high-volume Web sites and other critical business systems. MySQL is an attractive alternative to higher-cost, more complex database technology. Its award-winning speed, scalability and reliability make it the right choice for corporate IT departments, Web developers and packaged software vendors."

[openna]

http://www.openna.com
The home base of OpenNA Linux.

[oui]

http://standards.ieee.org/regauth/oui/index.shtml
'OUI' is short for the IEEE Organizationally Unique Identifier or 'company_id' (aka Ethernet address). The three-octet OUI can be used to identify the maker of ANSI/IEEE Std 802 network gear. A searchable list of these OUI's can be found at this address.

[samba]

http://www.samba.org
Samba is an Open Source/Free Software suite that has, since 1992, provided file and print services to all manner of SMB/CIFS clients, including the numerous versions of Microsoft Windows operating systems. Samba is freely available under the GNU General Public License and allows for interoperability between Linux/Unix servers and Windows-based clients.

[serveratschool]

http://serveratschool.net
The home page of the ServerAtSchool project.

[siteatschool]

http://siteatschool.sourceforge.net (home page)
http://siteatschool.sourceforge.net/index.php?section=5&page=59 (support forum)
http://sourceforge.net/projects/siteatschool (download page)
Site@School is a website Content Management System (CMS) designed espcially for (primary) schools. It is written in PHP and requires a working web server (Apache) and a working MySQL database.

[spf]

http://www.openspf.org
SPF is Sender Policy Framework
SPF fights return-path address forgery and makes it easier to identify spoofs. Domain owners identify sending mail servers in DNS. SMTP receivers verify the envelope sender address against this information, and can distinguish authentic messages from forgeries before any message data is transmitted.

[squid]

http;//www.squid-cache.org
Squid is a high-performance proxy caching server for web clients, supporting FTP, gopher, and HTTP data objects. Squid keeps meta data and often-requested pages and files (also known as 'hot objects') cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests.

[squirrelmail]

http://www.squirrelmail.org
SquirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 (with no JavaScript required) for maximum compatibility across browsers. It has very few requirements and is very easy to configure and install. SquirrelMail has all the functionality you would want from an email client, including strong MIME support, address books, and folder manipulation.

(top)