Ravi writes: "Qt is a cross platform application development framework which is widely used for the development of GUI and non-GUI programs. Some of the most visible products which have been developed using Qt are KDE, Opera web browser, Google Earth, Skype and Photoshop Elements just to name a few. Some of the pertinent reasons for using Qt are — One: Qt library is released under a dual licensing business model which means you can develop open source or closed source applications. If you are developing the former, then you do not have to pay any money for using the library.
Two: It is truly cross platform — which filters down to the fact that you can write the code for your application in one platform — say Linux, and then copy the code to Windows and recompile the code without making any changes and your application is guaranteed to run on Windows.
Three: Cellphone behemoth Nokia's recent acquisition of Trolltech has definitely infused fresh breadth and energy into the future of Qt. The latest version of Qt namely version 4.3 has a lot of enhancements which make developing GUI applications using this library a joy for most C++ programmers.
C++ GUI Programming with Qt4 authored by Jasmin Blanchette and Mark Summerfield; published under the Prentice Hall Open source software development series is well into its second edition. This book is touted as the "Official book on Qt from Trolltech".
The main goal of this book is to teach how to write GUI programs using Qt4 and is targeted at the entry level to intermediate and advanced C++ programmer. So it starts off with a shallow curve, hand holding the reader from the first rudimentary steps in writing a simple C++ GUI program using Qt4. And over the chapters, gradually builds up steam and introduces the reader to complex scenarios such as creating plugins, 3D graphics, application scripting and more. Going through the book, I didn't feel like I was studying a programming framework rather I found the language used in explaining things quite lucid, clear and interesting all the same.
A couple of months back, I had reviewed the first edition of the same book and so, rather than regurgitate what I had written there, I will focus on the enhancements and changes that the second edition of this wonderful book has in store for its readers.
The book is divided into three parts. A new programmer in Qt will find the first part really useful because it covers the fundamental concepts and practices required for programming in Qt. The second and third part of this book comprising of 12 and 7 chapters respectively deal with specialized topics and can be read in any order. For example, if I want to build a GUI program which needs to connect to a database at the back end, then I can straight away read the 13th chapter namely "Databases", of this book provided I am conversant with Part I of this book which covers the foundation of programming in Qt 4.
The second edition of this book builds up on the first edition and contains numerous changes. For one, a couple of additional chapters have been included such as "Look and Feel Customization" and "Application Scripting". The book has been thoroughly revised to include changes incorporated in Qt 4.2 and Qt 4.3. The original "Graphics" chapter has been split into 2D and 3D graphics chapters respectively. The tiny chapter on Embedded Programming has been expanded to include programming in Qtopia, thus making it not tiny anymore.
What I really like about this book are the realistic examples which are used to introduce each Qt control or concept. There are plenty of images scattered within, which impart visual appeal to the book. More over, these images hopefully give the reader an idea about the correct way of designing their software.
Going through this book, I find that the authors have explained different scenarios of developing programs in Qt 4 exhaustively without overwhelming the reader. Each program is split into digestible chunks of code with detailed explanation succeeding them. This makes it quite easy to understand what each line of code accomplishes.
The appendixes contain a new section namely "Introduction to Qt Jambi". Qt Jambi is the Java edition of the Qt application development framework. Apart from that, there are of course the other sections in the appendix namely installing Qt, building Qt applications and also a concise section listing the main nuances of programming in C++ for Java and C# programmers.
One thing I noticed is that the hard bound book I received did not have a companion CD containing the Qt library and the IDE used to design your applications. Then again, one can always visit the Trolltech site and get the Qt 4.3 library and applications which is available as a free download.
All in all, this is a great book not just for any neophyte in Qt but also for the accomplished Qt programmer to use as a ready reference.
Ravi Kumar is a Linux enthusiast who is passionate about Linux and is excited in seeing how it is changing the perception of the people towards computers and operating systems. In his free time, he writes on the blog related to Linux at linuxhelp.blogspot.com."
Ravi writes: "What does it take to start writing programs for Linux ? Most people will guess a text editor, knowledge of a programming language and the compiler and libraries of that language would suffice. But ask a professional programmer who has been writing code for Linux and he will differ with you and insist that while the three things stated above can very well help kick start ones programs, other things also come into play in writing efficient programs such as a debugger, memory profiler tools and above all a good understanding of the inner working of Linux kernel and its processes.
The book titled "The Linux Programmer's Toolbox" authored by John Fusco is a book which is a store house of knowledge which aims to make the average Linux/Windows programmer aware of the tools at his disposal which can help him write better programs for Linux.
The book is divided into 10 distinct chapters with the first 4 chapters describing various ways of boosting ones productivity while embarking on writing code for Linux as well as getting to know the various tools at ones disposal.
In the very first chapter titled "Downloading and Installing Opensource tools", he talks about the different archive formats commonly used in Linux, various package managers such as Debian's own apt-get, Red Hat's Yum and how to properly authenticate the packages you download to ensure that they are not tampered.
The second chapter deals with building tools from source. Here apart from describing the actual steps involved in compiling the sources, the author also delves into explaining the concept behind the MakeFile, the common variables used in implicit rules and so on. In this chapter one also gets to acquire an understanding of the tools used to create projects as well as examine how these tools work together in the build process.
The book has a chapter exclusively devoted to explaining ways of ambulating through the myriad of documents; tools such as man, info, as well as some of the not so obvious ones. One thing I like about this particular chapter is how the author has provided tables which list a number of recommended manual pages with a short description of each of them.
Linux doesn't have a comprehensive IDE on the lines of Microsoft Visual Studio to develop programs — at least not yet. Most Linux programming gurus are perfectly at home with coding using their favorite text editor. And any book of this stature will be incomplete without a mention of the different editors available for coding in Linux and their pros and cons. The 4th chapter of this book introduces the different editors including Vim and Emacs and discusses their pros and cons. There are numerous tips in this chapter which aims to make writing code much more efficient, productive and a pleasant experience for the average Linux programmer. As a Vi enthusiast, I couldn't help but admire how one can convert Vim editor to work as a code browser with the help of Ctags which is explained in detail.
The fifth chapter titled "What every developer should know about the kernel" is a turning point in the book and gives a comprehensive understanding of the working of the Linux kernel. It is by far the largest chapter — with nearly 100 pages devoted to this topic — in this book. In this chapter the author talks in lucid detail about the different modes in Linux, the process scheduler, device drivers, the I/O scheduler and the memory management in user space, understanding all of which is instrumental in writing better programs for Linux.
The next two chapters deal with Linux processes and the communication between processes. Here one gets to know more about the technical vagaries related to processes such as forking, cloning, process synchronization and the basics of inter process communication. The author has introduced several APIs and basic examples of each.
In the 8th chapter, the author introduces many tools which are installed by default in most Linux distributions which aid in debugging communication between processes. The tools include (but are not limited to) lsof, fuser, stat, hexdump, strace and so on. And each tool is accompanied by its usage and its output with a short discussion of the output.
In the 9th chapter titled "Performance Tuning", one gets to know more about fine tuning ones Linux program. Here the author explains the factors affecting system performance as well as the tools for finding system performance issues.
Finally, the last chapter of this book explores some of the most common debugging tools and techniques for Linux. More specifically, I found the discussion on the use of GNU debugger quite informative.
At the end of each of the 10 chapters in the book, the author has provided a short synopsis of the tools that are used. Also many additional online resources have also been listed where one can acquire more knowledge about the topic being covered. Through out the book, noteworthy sections have been highlighted in dark background which makes it quite eye catching and also easy for quick reference.
The book is written with a slant towards the C language especially when depicting the examples in the latter half of the book. But that is something which can be understood considering that the bulk of the Linux kernel has been written using C language.
Most programmers with Windows background will be forced to make a paradigm shift while embarking to program for Linux. While the Windows programmers are used to taking deceptive comfort within the cozy confines of a Visual IDE, when they make the shift to write Linux programs, they are suddenly faced with the hard facts of programming as it really is. And this book could be an ideal companion for this set of programmers who wish to lessen their learning curve and make programming for Linux a much more pleasurable experience.
Having said that, I found this book to be an excellent resource for any programmer (not necessarily only of Windows background) who wish to develop programs for Linux.
Ravi Kumar is a Linux enthusiast who maintains a blog related to Linux, Open Source and Free Software at linuxhelp.blogspot.com."
Ravi writes: "Anyone who is net savvy will be aware that there are special software available which make it possible to publish ones thoughts on the web without even an iota of coding skills. These new fangled tech tools are popularly known as blogs. In recent times, blogs have empowered numerous individuals and groups by allowing them a platform to air their thoughts. This has been made possible because of the development of numerous blogging tools and one of the foremost blogging tool which has gained mass appeal in the blogging community is Wordpress. What is exciting about this tool or blog engine is that even a lay person can easily master its use and get his or her blog up and running in no time. More over, for its basic use, you do not need any coding skills.
The book titled "Wordpress Complete" authored by Hasin Hayder and published by Packt Publishing is a book ideal for any beginner in blogging who intends to set up his/her own Wordpress blog. The book is divided into 10 distinct chapters with each chapter describing a particular feature of the Wordpress blog.
I found the book unique in that instead of straight away jumping into installing and configuring Wordpress, the author takes time to explain the concept of a blog and the different ways in which you can blog. All the blogs irrespective of the blogging engine being used share some common terminology. And this is also clearly explained in the very first chapter. In the same chapter, the readers are given a bird's eye view of the different blogging engines — both the free ones and those which cost money. And in limited words the readers are made aware of the pros and cons of each of them.
Installing Wordpress is considered easy. More so because it is a two step install process. But when you intend to host a Wordpress blog on a remote host, a few factors come into play depending upon what is offered by your web hosting provider. So there is more than one way of installing a Wordpress blog on a remote host which is dealt with clearly in the second chapter.
Each individual chapters of the book address a specific part of Wordpress. The third chapter dwells on choosing and installing themes where the author goes into the details of themes, the different types of themes and their file composition.
Having gone through the book, I am of the opinion that each and every aspect of Wordpress has been given due weightage by the author. Each chapter includes numerous screenshots of the Wordpress interface where ever applicable with a description of the options seen on the screenshot. I feel, this sort of reduce the learning curve of the person new to the blogging world.
In the fourth chapter titled "Blogging your heart out", the author embarks on an extensive trip explaining the concept of posts and different ways of adding posts in Wordpress such as posting via email. Apart from that, this chapter contains an exhaustive introduction to the rich text editing interface which is the default editor used to write the posts. One also gets to know more about the features common to all blogs such as trackbacks, pinging as well as some Wordpress specific features.
While at first glance, one might be tempted to think why one should buy a Wordpress book when the bulk of the documentation is freely available online, on further reading, you will find this book to be a very good asset for beginner Wordpress bloggers because the author introduces a wealth of information which will require a lot of digging online to find it that too only if you know what you are looking for. For example, the author explains how to put together an image gallery in Wordpress which I was not aware of before I read the book.
Chapter 6 deals with the all important topic of Feeds and Podcasts. There are four different feed formats and Wordpress supports all of them. Feeds are an easy way for the visitors of a site to keep track of the most recent changes in the content of a website.
While the first 6 chapters are targeted at Wordpress users, the remaining 4 chapters are more useful for Wordpress developers. On that note, developing themes form the basis of the 7th chapter of this book. Here the author demonstrates how to build a theme from grounds up by starting from scratch. Wordpress is essentially an amalgamation of PHP code, CSS and standards compliant HTML and this chapter has a fair sprinkling of code snippets with explanation. After going through the chapter, I was able to get a very good idea of the different files and their contents which form the heart of Wordpress.
Another very good feature of this book is that while explaining the concepts, the author has liberally used snippets of PHP code which imparts an idea about the different programming functions which play a specific role in Wordpress.
The next chapter titled "Community Blogging" provides a brief outline of a parallel project of Wordpress which is the Multi-user Wordpress which goes by the name Wordpress MU.
Chapter 9 titled "Developing plug-ins and widgets" is a very interesting chapter with the author explaining the process of creating ones own widgets which are small bits of code which incorporate third party functionality.
There is also an exclusive chapter which acts as an administrative reference where a number of problems that Wordpress administrators might face and their possible solutions are listed.
The book takes a reader right from the installation to the configuration of each and every aspect of Wordpress to eventually give some troubleshooting tips. There is no dearth of relevant screenshots. And the language used in explaining the concepts is clear and to the point. The author also provides Web references in many places which will help in broadening ones knowledge of Wordpress. In short, I found this book to be an ideal resource for bloggers who wish to host their blog on Wordpress.
Ravi Kumar likes to share his thoughts on all things related to GNU/Linux, Open Source and Free Software on his blog linuxhelp.blogspot.com."
Ravi writes: "Perl (Practical Extraction and Report Language) — the language which was created by Larry Wall is arguably one of the greatest programming languages. But it has a reputation for taking an excessive cryptic nature which gives it an image especially among Perl novices as a language which is complex and hard to master.
The book titled "Minimal Perl — for Unix and Linux people", authored by Tim Maher and published by Manning Publications addresses these obstacles presented by Perl's complexity. This book which is divided into two parts comprising of a total of 12 chapters takes a unique methodology to explain the Perl syntax and its use. The author emphasizes on Perl's grep, awk and sed like features and relys on concepts such as inputs, filters and arguments to allow Unix users to directly apply their existing knowledge to the task of learning Perl.
What I found while reading this book is that the "Minimal Perl" is a specially crafted subset of Perl language designed to be easily grasped by people who have a Unix background and who wish to use Perl to write their scripts. Its main aim is to filter out the complex way of writing programs using Perl and stick to simple ways and where ever possible accomplish complex tasks using just one or two lines of Perl code. So in the first part of the book comprising of 6 chapters, the author explains how Perl can be used to do the same tasks as accomplished by common Unix tools such as grep, awk, sed and find. He goes one step further by explaining how one can accomplish much more and in a much simpler way by using the Perl techniques than can be achieved by using these tools.
Through out the book, the author consciously makes sure that the learning curve in acquiring Perl skills remain gentle. As Perl is a language whose syntax has a multitude of options, this book is peppered with numerous tables which provide excellent information at a glance. For example, in the third chapter titled "Perl as a (Better) grep command", the author lists and compares the fundamental capabilities of Perl and the different grep commands such as grep, egrep and fgrep which clearly shows the advantages that Perl has over grep. In another table, you get a birds eye view of the essential syntax of Perl's regular expressions and their meaning. This chapter alone has around 12 tables. This is a really nice feature of this book because it doubles this book as a ready reference for Perl where you can flip to the respective page and get the information you need.
The main strength and drawback of a language such as Perl is its dependence on regular expressions for accomplishing complex tasks. Once you master the regular expressions, the sky is the limit for ordering and segregating data using this language. And in Perl, there are more than one ways of doing the same thing. What is unique about this book is that the author specializes in explaining the easiest way of doing a particular task as is hinted by the title of the book.
In many places, the author demonstrates accomplishing complex tasks using just a few lines of Perl code. And many of the examples covered in this book are practical examples which give an idea of how the commands relate to the final outcome. For instance, while elaborating on the one line grep like commands in Perl, the author illustrates a web oriented application of pattern matching where he shows how to extract and list, the outline of slashdot.org site's front page. And the surprising thing is this is accomplished using just a single line of Perl code. This book has lots of such one liner examples which teaches how to use Perl intelligently using minimal effort.
If part I of this book focuses on ways in which simple Perl programs can provide superior alternatives to standard Unix commands, the second part comprising of another six chapters throws light on the other aspects of Perl concentrating on the syntax of the language and various built-in functions and modules available which does away with a lot of re-invention of the wheel — so to speak, and helps churn out code which is portable across OSes.
Chapter 7 titled "Built-in functions" introduces an eclectic mix of functions available in Perl. So you have functions which are used to extract a list of fields from a string, functions to access the current date and time, generating random numbers, sorting lists, transforming lists, managing files with functions and so on. These functions are broadly classified into those which generate and process scalars and those that process lists.
In chapter 8 of this book, the author involves the reader on the numerous scripting techniques that can be used to write better Perl programs.
It was quite surprising that the author has chosen to discuss the variables — more specifically the list variables comprising of arrays and hashes as well as the looping constructs only in the 9th and 10th chapters respectively when they should be some where up front. But on hind sight, I feel it is a good decision as once, you execute the one liner Perl programs in the initial chapters, by the time you reach the 9th chapter, you will be fairly confident in using Perl.
The last two chapters deal with creating sub-routines and modules. Over the years various Perl programmers have created modules which are used for diverse purposes. And with an aim to share these modules, they are collected and stored at one central place known as CPAN, which is an acronym for Comprehensive Perl Archive Network. The final chapter, apart from teaching how to create modules in Perl and manage them, also introduces the CPAN and ways in which one can find the right module by searching on CPAN.
The special variables cheat-sheet and the guidelines for parenthesizing code provided in the two appendices are really useful as a quick reference while writing Perl programs.
This is not a comprehensive book on Perl, rather the author specializes on a slice of Perl which when mastered can do over 95% of the jobs which require Perl. So for instance, you won't find object oriented concepts of Perl being mentioned in this book. But in many ways, the author has moved beyond explaining a subset of Perl by providing a section titled "Directions for further study" at the end of each chapter, where the author lists further material which can be used to learn more about the topic that is covered.
I really enjoyed going through this book on Perl, especially because it stresses on the practical side of using Perl and takes a minimal approach which does away with some of the seemingly complex nature of this language.
Ravi Kumar maintains a blog titled "All about Linux" where he shares his thoughts and experiences in using Linux, Open Source and Free software."
Ravi writes: "SuSE Linux, one of the oldest Linux distribution was originally developed by a German company. Not many people will know that SuSE is an acronym in the German language for "Software und System-Entwicklung" which translates as software and system development. Over time, SuSE has gained a reputation as a robust, secure and easy to use Linux distribution both on the server and desktop front.
The book "Beginning SuSE Linux" is authored by Kier Thomas and published by APress. As the name of the book indicates, it is geared towards beginners in GNU/Linux who have set their eyes on trying out the SuSE Linux distribution. The book is divided into 7 different parts with the first part of the book discussing the pros and cons of using Linux as a part of ones daily routine. In this part, the author gives a well balanced view of what Linux is all about and the history behind its formation.
The second part of this book contain chapters which hand hold a person in installing SuSE Linux on ones machine. The author starts by explaining the concept of partitions, backing up your data and the benefits of dual booting between diverse OSes. The 5th chapter titled "Installing SUSE Linux" gives a thorough introduction to installing this Linux distribution on ones machine. And the steps are accompanied by screen-shots which makes it rather intuitive to follow. SuSE provides a number of installation modes and one gets to know the best way of installing it. One thing worth noting is that SuSE allows the user to shrink his Windows partition from within its Installer and this book explains it in a clear way in the section on partitioning the disk. In fact the manner in which the author has explained the steps leaves no room for doubts while installing SuSE. The succeeding chapter lists the possible problems one might face and the solutions for these problems. Most Linux users would be aware of one or more of these problems but to a new Linux user, these could be a real time saver and will save their sanity when they face these problems.
Part 3 of this book is titled "The No-Nonsense getting started guide" and has a collection of 6 chapters. These chapters give a good introduction to the SuSE Desktop — more specifically to the Gnome desktop which is the default one in SuSE. In the 8th chapter titled "Getting everything up and running", the author explains how to setup and configure the diverse hardware which form a part and parcel of a computer. For instance, this chapter deals with configuring the sound card, setting up and managing the printer including a printer on the network which is connected to a Windows machine, importing photos from a digital camera and more. But what is worth noting is that SuSE has its own unique methods and GUI tools to accomplish these tasks and the author explains these via the SuSE specific tools where ever applicable.
There is a separate chapter on securing the machine running SuSE Linux where the author impresses upon the readers the necessity of securing ones machine. He further goes on to explain the different ways of securing SuSE which includes steps to update the software. This chapter also dwells deeply on using Aparmor — SUSE's industrial grade security system.
It is really thoughtful of the author to include a chapter detailing the various commonly used Windows software and their possible Free replacements.
The 4th part of the book titled "Shell and beyond" comprises of 5 chapters deals with educating the new Linux user on the usage of command line to accomplish ones tasks. The author starts by providing a gentle introduction to the shell, the different terminals available in Linux and then gradually moves on to explain the usage of different commands which provide the true power to Linux. In the chapter titled "Understanding Linux files and users", he gives a detailed explanation of the concept of files, their permissions and how they relate in the Linux as well as explain the concept of mounting. Even though I was conversant with most of what the author was explaining, reading the book, I couldn't help feel that this book is an excellent resource for a Linux neophyte who is looking forward to taking his first baby steps in learning to be productive in Linux, more specifically SuSE Linux.
The next three chapters deal with getting SuSE Linux to play all the proprietary music and video file formats. One of the inherent disadvantages of Linux owed mostly due to the ideological stance of GPL is that it cannot play music and video encoded in a proprietary file format out of the box. But with a little effort, it is possible to provide support for these proprietary file formats in Linux. In these chapters, the author gives a good run down on the various music and video codecs and ways of getting support for them in SuSE Linux. He introduces different software which allow one to not only just play music but also to categorize, burn music onto removable media and even rip music from audio CDs and save them on to ones hard disk. Surprisingly, I found this book much more than a mere how-to-do-it sort of book as the author provides details of related facts from a lay man's perspective where ever applicable. For instance, in the chapter titled "Movies and Multimedia", while explaining how to enable media players to play the files encoded in these formats, he impresses upon the readers the ethical issues surrounding the DRM and patents.
There is a whole chapter dedicated to image manipulation where many features of the GIMP software has been explained. The author has done a splendid job of explaining this image manipulation editor within the constrains of this chapter.
The next 8 chapters deal with using SuSE in an office setup. SuSE Linux comes bundled with a plethora of applications which form a part and parcel of any office setup. This includes word processors, spreadsheets, a database, presentation software and email client just to name a few of them. This book has dedicated a chapter each in explaining how to put these software to productive use in an office setup. Catering to those die hard MS Word enthusiasts, there is also a chapter on making MS Office to work natively in SuSE Linux if at all you have a licensed copy of it lying around.
The seventh and final part of the book titled "Keeping your System Running" provides details on the vagaries of system administration such as installing, removing and updating software binaries, compiling software from source and installing it, managing users and groups optimizing your system, backing up data and scheduling tasks.
The final chapter which is the 34th chapter of this book deals with explaining various ways of connecting to the SuSE Linux machine remotely where the author explains about SSH and related tools.
This book contain three appendices with a glossary of Linux terms being one of them where the newbies among us gets to understand the meaning of Linux related geek terms. There is also an appendix containing a Bash command index which — embracing authors own words — provides a whistle stop tour of commands that can be used at the Bash Shell.
I have always maintained that writing a good book is an art. It is not just enough if the person is well versed in his area of expertise. Rather, he should also be a good communicator and should be able to sustain the reader's interest in the subject through out the book. Kier Thomas shines through in his narration of the concepts quite well. He explains in simple, lucid and entertaining manner the different ways of configuring all aspects of SuSE Linux from a users perspective. This is definitely a good book for those of us who look forward to installing and becoming productive in using SuSE Linux.
Ravi Kumar is a GNU/Linux enthusiast who likes to share his thoughts on GNU/Linux and Free Software through his blog on Linux."
Ravi writes: "SELinux is a project started and actively maintained by the U.S Department of Defense to provide a Mandatory Access Controls mechanism in Linux. It had been a long standing grouse of Linux power users and system administrators over its lack of fine grained access control over various running processes as well as files in Linux. While Solaris touts its famous RBAC and Microsoft Windows has its own way of providing finer rights to its resources, Linux had to put up with the simple but crude user rights known in tech speak as discretionary access control to control user access of files. But with SELinux project making great strides and now being bundled with many major Linux distributions, it is possible to effectively lock down a Linux system through judicious use of SELinux policies. SELinux implements a more flexible form of MAC called type enforcement and an optional form of multilevel security.
The book "SELinux by Example" is authored by three people — Frank Mayer, Karl Macmillan and David Caplan and is published by Prentice Hall. The target audience for this book is SELinux policy writers and system administrators with more content dedicated to be put to use by policy writers. There are a total of 14 chapters and 4 appendices spread just over 400 pages. The 14 chapters are in turn broadly divided into three parts with the first part containing chapters which provide an overview of SELinux, its background and the concepts behind it. The second part contain 7 chapters which are most useful for SELinux policy writers and contain detailed explanation of the syntax used in writing the policy files. It is the third part namely "Creating and Writing SELinux Security Policies" which could be most put to use by system administrators where the authors provide enough details of working with SELinux.
In the second chapter, the authors introduce the concept of type enforcement access control, understanding of which is imperative to ones knowledge of SELinux. They further talk on the concept of roles and multi level security. And true to the title of the book, all these concepts are explained by analyzing the security controls of the ubiquitous passwd program.
In the succeeding chapter the authors explain the underlying architecture of SELinux. More specifically, how SELinux integrates with the Linux kernel via the Linux security module (LSM), the organization of the policy source file and how to build and install policies.
SELinux policies to a large extent are based on object classes. For example, you can create an object class and associate a set of permissions to that class. And all objects associated with that class will share the same set of permissions. In the fourth chapter, one get to know about different types of object classes and the permissions that can be assigned to these classes. A total of 40 classes and 48 permissions are discussed in this chapter.
The next chapter titled "Types Enforcement" goes into a detailed analysis of all the types and attributes as well as the rules that could be used. The majority of SELinux policy is a set of statements and rules that collectively define the type enforcement policy. Going through the chapter, I was able to get a fair idea of the syntax used in writing TE policies.
Keeping in mind the complexity of the subject, it helps a great deal that at the end of each chapter, there is a summary section where the authors have listed the important points covered in the chapter. More over, one gets to answer a couple of questions and check one's knowledge about the topic being discussed.
In the 6th chapter, the authors explain in detail the concept of roles and their relationship in SELinux. In fact, what I really like about this book is the fact that each concept of SELinux has been dedicated a chapter of its own. For instance, constraints, multilevel security, type enforcement, conditional policies,... all are explained in chapters of their own.
One thing worth noting is that Fedora Core 4 and RHEL 4 and above ship with the targeted policy by default. Where as to completely lock down a Linux machine, you need to embrace the strict SELinux policy. But this has the side effect of causing breakages with some of the existing Linux applications which expect looser security controls. In targeted policy, the more confining rules are focused on a subset of likely to be attacked network applications. So in most cases, one can manage by using targeted policy. This book mostly deals with the strict policy of SELinux and in chapter 11, the authors dissect the strict example policy maintained and updated via the NSA and Fedora Core mailing lists.
But there is another policy called the Reference Policy which is an attempt to water down the strict policy maintained by NSA and in the process make it easier to use, understand, maintain, also to make it more modular and this is covered in the succeeding chapter titled "Reference Policy".
The next chapter titled "Managing an SELinux system" is one which the system administrators will relate to, where the authors throw light on the hierarchy of SELinux configuration files. The purpose of each file is explained in simple terms. And considering that SELinux comes bundled with a rich set of tools meant to be used by system administrators, one gets to know the usage of some of them and also learn about the common problems that are faced by administrators while administering an SELinux system.
And in the last chapter of the book which is the 14th chapter, one is introduced to the task of writing policy modules. Here the authors hand hold in the creation of a policy module for the IRC daemon for Fedora Core 4 from start to finish which involves right from the planning stage to writing and applying the policy module, to the final testing of the module.
This book also includes 4 appendices which contain a wealth of knowledge on SELinux. I especially liked appendix C which lists all the object classes and permissions as well as appendix D which has a list of SELinux system tools and third party utilities with explanations.
It could be just me but I found that I was better able to assimilate what the authors explained when I read the 13th chapter of this book first and then went back to read the 4rd chapter onwards. Having said that, I find this book to be an excellent resource for people interested in developing SELinux policies and to a slightly lesser extent a resource for system administrators. At the very least, this book imparts a deep understanding of the features, structure, syntax and working of SELinux.
Ravi Kumar maintains a blog at linuxhelp.blogspot.com where he shares his thoughts and experiences on all things related to Linux."
Ravi writes: "IPCop is a GPLed firewall solution targeted at Small Office/Home Office network. It is favored by many for its ease of configuration and setup and its support for a variety of features that you would expect to have in a modern firewall. IPCop is famed for letting users setup a sophisticated firewall for ones network without ever having to write an iptables rule themselves.
The book titled "Configuring IPCOP Firewalls" published by Packt Publishing is authored by two people Barrie Dempster and James Eaton-Lee and is divided into 11 chapters. The first chapter gives a brief introduction to firewalls and explains technical concepts such as OSI reference model, an introduction to TCP/IP and a brief outline of the parts that comprise a network. Even though I did not find anything new in this chapter, I realized that this is meant for people who are new to the world of computer networks and aims to bring them upto date with the various technologies associated with it. A network administrator intending to pick up skills in configuring and setting up IPCOP, can circumvent this chapter and directly go to the second chapter which gives an introduction to IPCOP — its different features, and in which all ways it can be effectively used. The authors have explained the concepts in an easily understood way with the aid of necessary screen-shots. One of the salient features of IPCOP is its web based interface which allows one to configure all aspects of it from a remote location. In fact, IPCOP is designed to be controlled from a remote location and serves all its configuration parameters via the Apache web server. In the second chapter, one gets to know all the features of IPCOP including the different services it offer. One thing that struck me while going through this book was that the authors are fully immersed in explaining the configuration aspects of IPCOP which is done entirely via the web interface. So much that other than the first chapter — "Introduction to firewalls", the third chapter titled "Deploying IPCop and Designing a network" and the 10th chapter titled "Testing, Auditing and Hardening IPCop" where the readers are made to digest some theory, the rest of the book is a how-to sort of book which I found to be ideally suited — especially for people who are the least bothered about theory and just want to set up IPCop and get on with what ever they were doing.
In the third chapter, we are introduced to the unique feature used by IPCop to segregate the network depending upon its vulnerability. And in the succeeding chapter, the authors walk one through installing IPCop on ones machine. Here each and every installation step is explained with the help of a screenshot which makes understanding the procedure much more intuitive.
The chapter titled "Basic IPCop Usage" gives a good introduction to the web interface provided by IPCop. Reading this chapter, I was able to get a good feel for the IPCop interface. More specifically, one gets to know how to configure IPCop to provide different services such as DHCP server, support for Dynamic DNS, editing the hosts file and so on. Mind you, the IPCop interface is quite rich in functionality even providing options to reboot or shutdown the machine remotely. In this chapter, apart from the introduction to the web interface, the authors have also provided a few tips related to logging in to the remote machine running IPCop using SSH.
Put in simple terms, IPCop is a specialized Linux distribution which contain a collection of tools which revolve around providing robust firewall capabilities. The tools bundled with IPCop range from the ubiquitous iptables, services such as DNS, DHCP to tools which specialize in intrusion detection such as snort. The sixth chapter titled "Intrusion Detection with IPCop" explains the concept of intrusion detection and how one can use snort IDS bundled with IPCop to effectively find out what is passing through our network and thus isolate any harmful packets.
From there, the book moves on to explain how to use IPCop to set up a virtual private network (VPN). By way of an example, the authors explain how to setup a VPN between two remote networks with each end having a IPCop firewall in place. This chapter covers different VPN scenarios such as host to net, net to net connections as well as configuring IPCop to detect the Certifying Authority certificates.
The 8th chapter is a rather short one which explains how to effectively use proxying and caching solutions available in IPCop to manage the bandwidth.
One of the biggest advantages of IPCop is that it is possible to extend it to provide additional features by way of addons. Addons are generally developed by third parties and are usually developed with an aim to provide a feature that the developers of IPCop have missed. There are a whole lot of addons available for IPCop. The 9th chapter introduces the most popular addons available for IPCop such as SquidGuard — a content filtering addon, LogSend — an addon which send the IPCop logs to remote email accounts, AntiSpam, integrating ClamAV anti virus solution and more. The authors have also explained how to install and enable these addons using the IPCop web interface.
As I said earlier, the tenth chapter titled "Testing, Auditing and Hardening IPCop" has more of a theoretical disposition where the authors list some of the common attributes towards security and patch management and also some of the security risks and a few common security and auditing tools and tests.
One thing I really like about this book is the practical approach taken by the authors in explaining how to accomplish a certain task. Each section is accompanied by the relevant screenshots of the web interface with a brief explanation of the options available. The book is well designed with a number of tips provided in each section highlighted in big square brackets which makes it quite eye catching. Even though I found the book a bit short on theory, it is an ideal resource which provides a hands on approach to people who are more interested in installing and setting up IPCop firewall solutions in ones network rather than pondering about the theoretical concepts of the same.
Ravi Kumar likes to share his thoughts on all things related to GNU/Linux, Open Source and Free Software through his blog on Linux."