Hacking Linux Exposed

About
Authors
Contents
Reviews
Foreword
Purchase

Articles
Books
Sourcecode
Tools
Errata

Home

 


When browsing along the isles of the computer section in your favorite bookstore it is always nice to flip through the books before buying them. Since it's much harder to do that online, we've included the full table of contents below. We also have it available in PDF form if you prefer. And for the historically bent, you can see the First Edition's contents.

You may also be interested in reading extracts of the book. We have PDFs of the case studies, Chapter 1 from HLEv1 Chapter 1 from HLEv2, and LinuxWorld has a copy of Appendix A "Detecting and Recovering From an Attack" online.


Part I: Linux Security Overview

  • Chapter 1
    Linux Security Overview
    • Why They Want to Root Your Box
    • The Open Source Movement
    • Open Source and Security
    • Linux Users
    • /etc/passwd
    • How to Place Controls on Users
    • Other Security Controls
    • Signals
    • Privileged Ports
    • Virtual Memory Management
    • System Logging
    • /etc/securetty
    • chrooting
    • Using Linux Capabilities to Reduce the Risks of root
    • Poorly Written Code
    • Failing to Drop Privileges
    • Buffer Overflows
    • Format String Bugs
    • Race Conditions
    • Auditing Tools
    • Summary

  • Chapter 2
    Proactive Security Measures
    • Security Scanners
    • System Security Scanners
    • Network Security Scanning
    • Scan Detectors
    • Hardening Your System
    • Log File Analysis
    • Syslog Messages
    • Scanning Your Log Files
    • Log Analysis Suites
    • Common Log-Related Attacks
    • Filesystem Integrity Checks
    • Generating Checksums and Permissions Databases
    • Existing File Integrity Tools
    • Summary

  • Chapter 3
    Mapping Your Machine and Network
    • Online Searches
    • Whois Databases
    • Ping Sweeps
    • DNS Issues
    • Example DNS Lookups
    • DNS Query Security Issues
    • Determining Nameserver Characteristics
    • DNSSEC
    • Traceroutes
    • Port Scanning
    • OS Detection
    • Active Stack Fingerprinting
    • Passive Stack Fingerprinting
    • Enumerating RPC Services
    • File Sharing with NFS
    • Simple Network Management Protocol (SNMP)
    • Network Insecurity Scanners
    • Summary


Part II: Breaking In from the Outside

  • Chapter 4
    Social Engineering, Trojans, and Other Cracker Trickery
    • Social Engineering
    • Social Engineering Categories
    • What to Do to Avoid Being Socially Engineered
    • Crackers Do Their Homework
    • Trojan Horses
    • Methods of Trojan Delivery
    • Other Trojans
    • Viruses and Worms
    • How Viruses and Worms Spread
    • Viruses and Linux
    • Worms and Linux
    • Summary

  • Chapter 5
    Physical Attacks
    • Attacking the Office
    • Boot Access Is Root Access
    • Boot Loaders
    • Rebooting from the Terminal
    • Encrypted Filesystems
    • Summary

  • Chapter 6
    Attacking over the Network
    • Using the Network
    • TCP/IP Networks
    • Public Phone Networks
    • Network-Accessible Vulnerabilities
    • Programming Errors in Network Daemons
    • Default or Bad Configurations
    • X Windows System
    • Attacks Against OpenSSH
    • Attacks Against Network Clients
    • Default Passwords
    • Sniffing Traffic
    • How Sniffers Work
    • Common Sniffers
    • Guessing Passwords
    • Summary

  • Chapter 7
    Advanced Network Attacks
    • Domain Name Service Exploits
    • Routing Issues
    • Advanced Sniffing and Session Hijacking
    • Hunt
    • Dsniff
    • Man-in-the-Middle Attacks
    • Abusing Trust Relationships
    • Cracking Wireless LANs
    • Protecting Wireless LANs with VPNs
    • Implementing Egress Filtering
    • Summary


Part III: Local User Attacks

  • Chapter 8
    Elevating User Privileges
    • Users and Privileges
    • Elevation of Privilege
    • System Investigation
    • Password Storage and Use
    • Trusted Paths and Trojan Horses
    • Sudo
    • Locally Exploitable Programs
    • sXid Programs
    • Race Conditions
    • Hardlinks and Symlinks
    • Input Validation
    • Kernel-Based Attacks
    • Summary

  • Chapter 9
    Linux Authentication
    • How Passwords Work in Linux
    • Keys and Salts
    • The DES Algorithm
    • The MD5 Algorithm
    • Other Algorithms
    • Password-Cracking Programs
    • Availability of Wordlists
    • Pluggable Authentication Modules
    • PAM Configuration
    • Brute-Force Password-Guessing Attacks
    • Password Protection
    • Authenticating NonShell Linux Programs
    • Apache Password Files
    • Samba
    • MySQL
    • Summary


Part IV: Server Issues

  • Chapter 10
    Mail Security
    • Mail Transfer Agents
    • Sendmail
    • Qmail
    • Postfix
    • Exim
    • Mail Server Insecurities
    • Summary

  • Chapter 11
    File Transfer Protocol Security
    • FTP Software History
    • The FTP Protocol Explained
    • Sample FTP Session
    • Active Mode FTP
    • Passive Mode FTP
    • Port Scanning Through Third-Party FTP Servers
    • Enabling Third-Party FTP
    • Insecure Stateful FTP Firewall Rules
    • Anonymous FTP Problems
    • Summary

  • Chapter 12
    Web Servers and Dynamic Content
    • Making an HTTP Request
    • The Apache Web Server
    • Apache Configuration
    • Apache Log Files
    • Problems with CGI Programs
    • Insecure CGI Programs
    • Insecure CGI Configuration
    • PHP
    • Other Linux Web Servers
    • Summary

  • Chapter 13
    Access Control and Firewalls
    • An Overview of Inetd and Xinetd
    • Inetd
    • Xinetd
    • Firewalls: Kernel-Level Access Control
    • Linux Packet Filtering
    • Blocking Specific Network Access
    • Firewall Strategy
    • Firewall Products
    • Summary

  • Chapter 14
    Denial of Service Attacks
    • Kernel DoS Attacks
    • Network Floods
    • Packet Magnification Attacks
    • Distributed Denial of Service Attacks
    • Local Resource Exhaustion Attacks
    • Summary


Part V: After a Break-In

  • Chapter 15
    Covert Access
    • Trail Hiding
    • Trojaned System Programs
    • OS Trickery
    • Hiding Network Access
    • Summary

  • Chapter 16
    Back Doors
    • Host-Based Authentication and User Access
    • Creating and Modifying Accounts
    • Putting Back Doors into Existing Accounts
    • Passwordless Logons with SSH
    • Network Accessible Root Shells
    • Trojan Back Doors
    • Summary

  • Chapter 17
    Advanced System Abuse
    • Kernel Hacks
    • Weakening the Linux Kernel
    • Rootkits
    • Summary


Part VI: Appendixes

  • Appendix A
    Discovering and Recovering from an Attack
    • How to Know When You've Been Cracked
    • What to Do After a Break-In
    • Mitigating Concerns
    • Summary

  • Appendix B
    Keeping Your Programs Current
    • Updating RPM Packages
    • Updating Debian Packages
    • Updating Slackware Packages
    • Upgrading Your Kernel
    • Facing Your Fears
    • Reboot
    • Kernel-Related Web Sites

  • Appendix C
    Turning Off Unneeded Software
    • Runlevels
    • The /etc/rc#.d Directories
    • Turning Off Specific Services
    • Red Hat
    • Debian
    • SuSE
    • Inetd/Xinetd Network Services
    • Svscan services
    • Identifying Network Daemons

  • Appendix D
    Case Studies
    • Case Studies 1-3 (available online here)
    • Case Study 4