Part one, "Linux Security Basics", covers some introductory material, physical security, Linux installation, and basic Linux system administration. Part two, "Linux User Security", covers password security and cryptography. Part three, "Linux Network Security", covers trojans and viruses, sniffers, scanners, and spoofing. Part four, "Linux Internet Security", covers various servers that can run on Linux boxes, including FTP, mail, Web, and firewalls, along with logging and disaster recovery. Part five, the appendices, are little more than shovelware listings of programs and vulnerabilities.
The book's intended audience is unclear. Too much basic system administration is covered to make the book palatable to all but the rawest novice administrators, but without detailed discussions of system architecture or security issues, it cannot catapult these readers into the realm of security-aware readers. Much of the book reads like a laundry list of past exploits; as these have all by definition been discovered and repaired, they are of limited utility. Had these exploits been used to illustrate security concepts or modes of attack, they might have proved useful.
Though the anonymous author is billed as an experienced hacker, methodology of attacks is rarely discussed. The exception is the coverage of password attacks which, while still important, are less important than they used to be. When biometrics are discussed, weaknesses of these systems are not mentioned, nor are possible attacks against them. Given the success of simple techniques in thwarting these systems, some consideration of them would have been apropos. Similarly, social engineering, one of the most fruitful of hacking techniques, does not even appear in the index.
One can certainly believe that the author has broken into a number of systems; this would explain the morbid focus on exploitable packages and the scattershot nature of his understanding. (Though the author's name is not given, his biographic blurb definitely indicates that he is male.) Cryptographic applications such as Gnu Privacy Guard are covered, but the essentials of public-key cryptography are ignored, as are issues of key distribution and certificate hierarchies.
Even his hacking knowledge, however, is out-of-date at best. For example, ethernet switches are recommended as a security measure to prevent sniffing traffic. In fact, for quite a number of years, software has been available that tricks switches into becoming hubs. The existence of these MAC flooders is not acknowledged, nor are even theoretical weaknesses suggested.
The chapter on network scanners assumes reader knowledge of the TCP protocol, including the three-way handshake and the various flags. It is not clear, however, from the laundry list of scanning tools, that the author understands the underlying mechanisms by which any of these tools operate. The information in this list is sadly out-of-date. It seems to indicate that the Jakal scanner's stealth techniques will prevent discovery of such scans. In fact, on most modern networks (and even with many tools that predate Jakal), the illegal flag combinations set on these packets are much more obvious than non-stealth scanning techniques.
Other information is equally out-of-date. The section on basic system administration relies on Linuxconf. Linuxconf has had quite a long security history and is no longer included in most Linux distributions. Even Red Hat, long one of Linuxconf's proponents, no longer ships Linuxconf. Should a user be able to download and install Linuxconf from scratch, the user will find the system administration tutorial to be an insult to his or her intelligence. The official Red Hat documentation does a much better job in any case.
Appendix A, the "Linux Security Command Reference", appears to be useful at first. It lists many security applications and provides descriptions. However, some items (such as "exports") are files, not commands, and for commands that are noted as "add-on" applications, no source is provided. The failure to list any means of acquiring these packages is unfortunate, and negates most of the usefulness of this appendix.
There is information in the book that would help a system administrator secure his or her system. However, that information is not consolidated, and is never expressed as a principle. Had the book discussed the principle of least privilege, the principle of minimalism, or the importance of promptly installing security updates, it might have proven useful. Instead, this information is scattered over more than eight hundred pages.
Had the book served to describe the methodologies of system intrusion or defense, advanced system administrators might have gleaned some useful information from the text. Instead, however, concentrating on outdated exploits and half-understood hacking tools, the book accomplishes nothing of note. It is not recommended, except as a curiosity for the library of a completist.