This is the Table of Contents for the first edition of Hacking Linux Exposed. It is also available in PDF form exactly as it appears in the dead-tree copy.

Part I: Locking into Linux

• Why They Want to Root Your Box
• The Open Source Movement
  • Open Source and Security
• Linux Users
  • /etc/passwd
  • How to Place Controls on Users
  • Other Security Controls
• Summary

Chapter 2
Proactive Measures and Recovering from a Break-In

• Proactive Measures
  • Insecurity Scanners
  • Scan Detectors
  • Hardening Your System
  • Log File Analysis
  • Filesystem Integrity Checks
• Recovering from a Hack
  • How to Know When You've Been Hacked
  • What to Do After a Break-In
• Summary

Chapter 3
Mapping Your Machine and Network

• Online Searches
• Whois Databases
• Ping Sweeps
• DNS Issues
  • Example DNS Lookups
  • DNS Query Security Issues
  • DNSSEC
• Traceroutes
• Port Scanning
• OS Detection
  • Active Stack Fingerprinting
  • Passive Stack Fingerprinting
• Enumerating RPC Services
• File Sharing with NFS
• Simple Network Management Protocol (SNMP)
• Network Insecurity Scanners
• Summary

Part II: Getting In from the Outside

• Social Engineering
  • Social Engineering Categories
  • What to Do to Avoid Being Socially Engineered
  • Hackers Do Their Homework
• Trojan Horses
  • Methods of Trojan Delivery
• Viruses and Worms
  • How Viruses and Worms Spread
  • Viruses and Linux
  • Worms and Linux
• IRC Backdoors
• Summary

Chapter 5
Physical Attacks

• Attacking the Office
• Boot Access Is root Access
• Encrypted Filesystems
• Summary

Chapter 6
Attacking Over the Network

• Using the Network
  • TCP/IP Networks
  • Public Phone Networks
  • Default or Bad Configurations
  • NFS Mounts
  • Netscape Default Configurations
  • Squid
  • X Windows System
• Default Passwords
• Sniffing Traffic
  • How Sniffers Work
  • Common Sniffers
• Guessing Passwords
• Vulnerabilities
  • Buffer Overflows
  • Vulnerable Services
  • Vulnerable Scripts
• Unnecessary Services
  • Using Netstat
  • Using Lsof
  • Using Nmap to Identify Services
  • Turning Off Services
• Summary

Chapter 7
Abusing the Network Itself

• DNS Exploits
• Routing Issues
• Advanced Sniffing and Session Hijacking
  • Hunt
  • Dsniff
  • Man-in-the-Middle Attacks
• Denial of Service Attacks
  • Floods
  • TCP/IP Exploits
• Abusing Trust Relationships
• Implementing Egress Filtering
• Summary

Part III: Local User Attacks

• Users and Privileges
  • Elevation of Privilege
• Trusted Paths and Trojan Horses
• Password Storage and Use
• Group Membership
  • Special-Purpose Groups and Device Access
• Sudo
• Setuserid Programs
  • Hacker Setuserid Programs on Mounted Filesystems
• Attacks Against Poor Programming
  • Hardlinks and Symlinks
  • Input Validation
• Summary

• How Passwords Work in Linux
  • /etc/passwd
  • Linux Encryption Algorithms
• Password Cracking Programs
  • Other Cracking Programs
  • Availability of Dictionaries
• Shadow Passwords and /etc/shadow
  • Shadow Passwords Explained
  • Shadow Passwords Command Suite
• Apache Password Files
• Pluggable Authentication Modules
• Password Protection
• Summary

Chapter 10
How Hackers Maintain Access

• Host-Based Authentication and User Access
• Passwordless Remote Access with the r-Commands
• Passwordless Logons with Ssh
• Network Accessible Root Shells
• Trojaned System Programs
  • Trail Hiding
  • Back Doors
• Kernel Hacks
• Rootkits
• Summary

Part IV: Server Issues

• Mail Security
  • Mail Transfer Agents
  • Mail Server Insecurities
• File Transfer Protocol (FTP)
  • The FTP Protocol
  • Sample FTP Session
  • Active Mode FTP
  • Passive Mode FTP
  • Port Scanning Through Third-Party FTP Servers
  • Enabling Third-Party FTP
  • Insecure Stateful FTP Firewall Rules
  • Anonymous FTP Problems
• Summary
  • Mail Servers
  • FTP

Chapter 12
Web Servers and Dynamic Content

• Making an HTTP Request
• Apache Web Server
  • Apache Configuration
• Problems with CGI Programs
  • Insecure CGI Programs
• Other Linux Web Servers
• Summary

Chapter 13
Access Control and Firewalls

• An Overview of inetd and xinetd
  • inetd
  • xinetd
• Firewalls: Kernel-Level Access Control
  • Types of Firewalls
  • Linux Packet Filtering
  • Blocking Specific Network Access
  • Firewall Strategy
  • Firewall Products
• Summary

Part V: Appendixes

• Red Hat's Rpm
• Debian's Dpkg and Apt
• Slackware Packages

Appendix B
Turning Off Unneeded Services

• Runlevels
  • The /etc/rc#.d Directories
• Turning Off Specific Services
  • Red Hat
  • SuSE
  • Inetd Network Services

Appendix C
Online Resources

• Vendor Mailing Lists
• Other Security Mailing Lists
• Security and Hacking Web Sites
• Newsgroups
• The Hacking Linux Exposed Web Site

Appendix D
Case Studies

• Case Study A
  • Background
  • Sleuthing
  • Attempting to Log In
  • Looking for Another Door
  • Intruder Expelled
• Case Study B
  • Scoping Out the Target
  • Mapping the Network
  • Getting In
  • Entering the Server Room
  • Breaking into the Monitoring Host
  • Investigating the Compromised Host
  • Sniffing the Network
  • Watching the Logs
  • Turning Sniffing Back Off
  • Where to Go Now?
  • The Chase
  • Out, but Not Forever
• Case Study C
  • Scanning the Machine
  • Probing Sendmail
  • Probing the Web Server
  • Looking for CGIs
  • Attacking the CGIs
  • Hiding His Tracks
  • Creating a Permanent Connection
  • Firewall Interference
  • Hacking from a Local Account
  • Scanning for Network Services, Take 2
  • Attacking the FTP Server
  • Wrapping Things Up