Hacking Linux Exposed

As many times as we have checked our work, one would hope that there were no errors when Hacking Linux Exposed goes to print. However inevitably things slip through the cracks, or new mistakes are created at the printers.

All known errors are listed below. If you find any problems that are not listed here please contact bri@hackinglinuxexposed.com.

Errors in Hacking Linux Exposed, Second Edition

Page	Correction
39	The line `#just delete - don't bother checking unlink $FILE` should be two lines like this: # just delete - don't bother checking unlink $FILE
228	The lower Attack Icon should be a Countermeasure Icon.
228	The first line of `lilo.conf` be `boot = /dev/hda` not `boot = dev/had`
267	Last line should read `ForwardAgent no` instead of `ForwardX11 no`
268	In $HOME/.ssh/config snippit, it should read `ForwardAgent yes` instead of `ForwardX11 yes`
274	Second paragraph, last sentance, "UL?" should be "URL"
287	Opening paren "(" should be at the end of the first line of the code listing, ala @ IN SOA cobalt.disreputable_dns.com cracker.disreputable_dns.com. (
326	4th paragraph first sentance should read "In Figure 7-6, the wired network is on the left"
350	The `PATH` sanitizing snippet isn't robust enough. Instead, try the following: PATH=`echo $PATH sed -e 's/^[\.//g; s/:\.[^:]//g; s/:://g; s/[:\.]*$//g; ' ` (Even this isn't the most wonderful thing - it removes '.' but not all relative dirs that could get you in trouble.)
367	In paragraph 2, "viola" should be "voilà"
369	The `ls -li` output in the second code listing should line up properly, ala 876193 -rw------- 1 george twinlks 707 Dec 6 8:15 file1 578283 -rw------- 2 bonnie twinlks 19 Feb 25 10:39 file2 578283 -rw------- 2 bonnie twinlks 19 Feb 25 10:39 newlink
673	The fourth paragraph should read as follows: Files are named with either an `S` (stop) or a `K` (kill) at the beginning, followed by two digits, followed by the name of the service. When entering a runlevel, the `K` scripts are run to kill off their respective service, such as `/etc/rc1.d/K20rwhod stop`. Next the `S` scripts ae run to start their service, such as `/etc/rc3.d/S16apmd start`. The files are called in numeric order; thus S10network would be run before S30syslog in the preceding directory, for example.
682	The code line at the top of the page should read machine# killall -HUP xinetd
11	In the Case Studies PDF, page 11, the sentance "All attempts to telnet to it; however, he was dropped instantly." should read "All attempts to telnet to it, however, were dropped instantly."

Errors in Hacking Linux Exposed

Page	Correction
xxvi	The description of Simplicity in the table has the values reversed. It should read: `Simplicity: The degree of skill necessary to execute the attack, 1 being a seasoned security programmer, 10 being little or no skill.` Note that all the risk ratings throughout the book are accurate, it was only the description on this page that was backwards.
xxix	Chapter 11 section, remove extra "that may" from last sentance. Or, for you perl folk: s/(that may) \1/$1/;
7	The extract from `/etc/passwd` should read jdoe:2bTlcMw8zeSdw:500:100:John Doe:/home/jdoe:/bin/bash
10	The group ownership of the file `a.txt` mysteriously switches between users and jdoe. Obviously a case of bad cut/paste on our part. All the files that have jdoe as the group owner should read users instead. This occurs on pages 10-14.
13	The first line should read as follows: This example shows `chmod` being executed with `g-r`, which means "remove group read permissions."
24	First line of the Network Scanners section, `s/sanners/scanners/`.
39	The last line of the top code listing from `/etc/syslog.conf` should read: local6.notice,local7.notice /var/log/local.log
63	The Coroner's Toolkit url in the "Special Tools" section should read http://www.fish.com/tct/.
66	TCP Wrappers, not tcpwrappers
137	The .com reference at the bottom of the page has the wrong url, and should read www.hackinglinuxexposed.com. Then again, if you got here, you knew that, didn't you?
153	The note at the bottom should read :.-s/detail oriented/anal-retentive/
191/195	The home of Packetstorm has moved (again). The new url is packetstormsecurity.org. Additionally, the filename has changed from `defaultpassword.txt` to `defaultpasswords.txt`.
204	Netstat does not associate network connections to processes by default. However you can use the '-p' argument to print out the pid/name of programs with open sockets if desired. Using '-l' will query only listening sockets.
216	The code listing should read as follows: hackerbox# cat /etc/dnsspoof.hosts 192.168.2.10 www.example.com 192.168.2.11 ftp.example.com hackerbox# dnsspoof -f /etc/dnsspoof.hosts
242	The graphic on page 242 does not match the code on page 243 -- `eth0` and `eth1` have been swapped by mistake in the graphic, the code listing is correct.
262	A few errors are present in the script. See the corrected version in the sourcecode directory online.
320	The encrypted password used was 'l37-mE!in'.
399	In the iptables example at the bottom of the page, it should read `-j DROP` not `-j DENY`.
483	The last `ipchains` example should read `/sbin/ipchains -A input -i eth0 -s 0/0 -d 192.168.1.102 smtp -p tcp -j DENY`
486	MonMotha's firewall has changed locations, and is now available at http://monmotha.mplug.org.
497	In the paragraph after the box, it should read '`apt-get install stunnel`' instead of '`apt-get stunnel`'.
503	In the section 'The /etc/rc#.d Directories', the first line of the last paragraph should read: Files are named with either an S (start) or a K (kill) at the beginning, followed by ...

:PAGE_BODY]