Andrew Allentuck
Monday, December 30, 2002


Hacking Linux Exposed
Second Edition
McGraw-Hill, 2003, 712 pages

The authors, each a network security maven, confront the problem of Linux, an security open source operating system, from attack. They discuss the security features of various flavours of Linux including Red Hat, Debian SuSE and Slackware. As well, they pay a lot of attention to housekeeping as well as emergency response. They look at kernel hacks, password cracks, firewall strategies, and ways of hardening systems.

Organizationally, Hacking Linux Exposed uses icons to identify attacks. They employ a spherical bomb with a burning fuse to designate a danger, a countermeasure that looks like a European traffic sign, and various note tips with stencil-like icons.

The book starts off with an overview of Linux and its built-in security features, a discussion of routine countermeasures such as log file analysis, and an alarming walk through the ways hackers find a system and decides to attack it.

The hacker or cracker has to find a way to let a user or system administrator to allow a compromised or compromising file to pass via network attacks, DNS or ARP cache poisoning, and how pluggable access modules can add security to Linux systems.

There are server issues in e-mail and servers, all duly examined. The authors show how web servers can be configured in terms of cracking problems, how denial of service attacks affect servers, and how crackers hide while removing log entries that may indicate where he operates. If the cracker puts in his own back doors, they have to be found and disabled.

A valuable appendix deals with discovering and recovering from attacks. If web pages or defaced, unknown files installed, if the computer begins behaving oddly, then an attack may have happened. What to do? Turn off all network interfaces, move the system to single user mode, turn off official root processes, reboot from a pristine Linux floppy or CD-ROM, and read the rest of the appendix very carefully.

McGraw-Hill has printed a banner at the top of the cover of the book that declares this work to be "an awesome reference" that should be of value "across all aspects of information security." We'd agree and say that, if anything, the blurb is too modest. This is definitive, readable, essential stuff for any Linux system administrator, security manager, heavy system user, apps developer and for all security buffs. Unfortunately, crackers will probably glom through the book, making it necessary for the authors to crank out the eagerly awaited third edition in a year or two.