Hacking Linux Exposed





As many times as we have checked our work, one would hope that there were no errors when Hacking Linux Exposed goes to print. However inevitably things slip through the cracks, or new mistakes are created at the printers.

All known errors are listed below. If you find any problems that are not listed here please contact bri@hackinglinuxexposed.com.

Errors in Hacking Linux Exposed, Second Edition

39 The line #just delete - don't bother checking unlink $FILE should be two lines like this:

 # just delete - don't bother checking
 unlink $FILE
228 The lower Attack Icon should be a Countermeasure Icon.
228 The first line of lilo.conf be boot = /dev/hda not boot = dev/had
267 Last line should read ForwardAgent no instead of ForwardX11 no
268 In $HOME/.ssh/config snippit, it should read ForwardAgent yes instead of ForwardX11 yes
274 Second paragraph, last sentance, "UL?" should be "URL"
287 Opening paren "(" should be at the end of the first line of the code listing, ala
 @ IN SOA cobalt.disreputable_dns.com cracker.disreputable_dns.com. (
326 4th paragraph first sentance should read "In Figure 7-6, the wired network is on the left"
350 The PATH sanitizing snippet isn't robust enough. Instead, try the following:

PATH=`echo $PATH sed -e 's/^[\.*//g; s/:\.[^:]*//g; s/:://g; s/[:\.]*$//g; ' `

(Even this isn't the most wonderful thing - it removes '.' but not all relative dirs that could get you in trouble.)

367 In paragraph 2, "viola" should be "voilà"
369 The ls -li output in the second code listing should line up properly, ala
876193 -rw-------   1 george    twinlks     707 Dec  6  8:15 file1
578283 -rw-------   2 bonnie    twinlks      19 Feb 25 10:39 file2
578283 -rw-------   2 bonnie    twinlks      19 Feb 25 10:39 newlink
673 The fourth paragraph should read as follows:

Files are named with either an S (stop) or a K (kill) at the beginning, followed by two digits, followed by the name of the service. When entering a runlevel, the K scripts are run to kill off their respective service, such as /etc/rc1.d/K20rwhod stop. Next the S scripts ae run to start their service, such as /etc/rc3.d/S16apmd start. The files are called in numeric order; thus S10network would be run before S30syslog in the preceding directory, for example.

682 The code line at the top of the page should read
machine# killall -HUP xinetd
11 In the Case Studies PDF, page 11, the sentance "All attempts to telnet to it; however, he was dropped instantly." should read "All attempts to telnet to it, however, were dropped instantly."

Errors in Hacking Linux Exposed

xxvi The description of Simplicity in the table has the values reversed. It should read:

Simplicity: The degree of skill necessary to execute the attack, 1 being a seasoned security programmer, 10 being little or no skill.

Note that all the risk ratings throughout the book are accurate, it was only the description on this page that was backwards.

xxix Chapter 11 section, remove extra "that may" from last sentance. Or, for you perl folk:
	s/(that may) \1/$1/;
7 The extract from /etc/passwd should read
  jdoe:2bTlcMw8zeSdw:500:100:John Doe:/home/jdoe:/bin/bash
10 The group ownership of the file a.txt mysteriously switches between users and jdoe. Obviously a case of bad cut/paste on our part. All the files that have jdoe as the group owner should read users instead. This occurs on pages 10-14.
13 The first line should read as follows:

This example shows chmod being executed with g-r, which means "remove group read permissions."

24 First line of the Network Scanners section,
39 The last line of the top code listing from /etc/syslog.conf should read:
   local6.notice,local7.notice     /var/log/local.log
63 The Coroner's Toolkit url in the "Special Tools" section should read http://www.fish.com/tct/.
66 TCP Wrappers, not tcpwrappers
137 The .com reference at the bottom of the page has the wrong url, and should read www.hackinglinuxexposed.com.

Then again, if you got here, you knew that, didn't you?

153 The note at the bottom should read
:.-s/detail oriented/anal-retentive/
191/195 The home of Packetstorm has moved (again). The new url is packetstormsecurity.org. Additionally, the filename has changed from defaultpassword.txt to defaultpasswords.txt.
204 Netstat does not associate network connections to processes by default. However you can use the '-p' argument to print out the pid/name of programs with open sockets if desired. Using '-l' will query only listening sockets.
216 The code listing should read as follows:

 hackerbox# cat /etc/dnsspoof.hosts    www.example.com    ftp.example.com
 hackerbox# dnsspoof -f /etc/dnsspoof.hosts
242 The graphic on page 242 does not match the code on page 243 -- eth0 and eth1 have been swapped by mistake in the graphic, the code listing is correct.
262 A few errors are present in the script. See the corrected version in the sourcecode directory online.
320 The encrypted password used was 'l37-mE!in'.
399 In the iptables example at the bottom of the page, it should read -j DROP not -j DENY.
483 The last ipchains example should read

/sbin/ipchains -A input -i eth0 -s 0/0 -d smtp -p tcp -j DENY

486 MonMotha's firewall has changed locations, and is now available at http://monmotha.mplug.org.
497 In the paragraph after the box, it should read 'apt-get install stunnel' instead of 'apt-get stunnel'.
503 In the section 'The /etc/rc#.d Directories', the first line of the last paragraph should read:
Files are named with either an S (start) or a K (kill) at the beginning, followed by ...