"Hacking Linux Exposed" (HLE) is the second title out of three
in the "Hacking
Exposed" series by Osborne/McGraw-Hill.
The first published in September 1999, "Hacking
Exposed" (HE), is currently into its third edition (just out in
September 2001). Due to its popularity, the publishers decided to
spin-off two other books, namely HLE published in March 2001 which is
co-authored by Brian Hatch, James Lee, and George Kurtz (one of the
original HE authors) with contributions from four other security
experts. The third book dealing mainly with Windows 2000 security is
written by the rest of the original HE authors: Joel Scambray and
Stuart McClure. All three books enjoyed rave reviews from readers
and one may suspect that there are more books in the pipeline for this
Despite being an off-spring of HE, HLE is an individual in its own
right, with a distinct personality. Some may say that it supersedes
its parent but this is only the case for those interested in Linux
issues. As HE covers a wide range of security topics, these two books
complement each other. For example, HLE does not cover web browser
security problems but refers readers to HE.
In accordance with the current trend, there is an official web site to
accompany this book. Updates, errata, commentary from authors,
reviews, and links to other online resources are available
there. Source code used in the book can be downloaded using the
username and password provided in the book itself.
Generally most security books arrange the chapters according to the
thought process of readers. They often start by explaining about the
different types of attacks and vulnerabilities, the ways to secure and
harden your system against intrusions, how to detect break-ins and
lastly, how to recover from them. However, HLE engages a somewhat
unorthodox approach by going the opposite way. It presents the
countermeasures first, how to detect and recover from intrusions, and
then only talks about the different types of attacks.
Linux security is not only about technology but also about pyschology
and behavioural science. The authors show a clear understanding of the
human mind and nature. I am amused when I identified my previous self
in the book as one of the Linux users who think that their Linux
machines are not important enough to be cracked. When you read the
book, I have no doubt that you will recognise yourself in it one way
or another, either as a blissfully ignorant Linux user like I used to
be or a well-versed Linux system administrator.
HLE subscribes to the belief that the best way to secure your system
is to think like a cracker and it is successful in its quest to lead
us into the cracker's mind. In "The Art of War", Sun Tzu says "know
the enemy and know yourself, and you can fight a hundred battles with
no danger of defeat." This is what HLE does, it teaches you how to
know your system intimately, plug all its weaknesses, and also to know
how your enemy, the cracker thinks.
chapters and four appendixes spanning 566 pages are categorised
under five major sections namely: various attack countermeasures,
detecting and recovering from intrusions; the methods attackers may
use to get into your system; what attackers may do once they have
user-level access to your box; the common services which are
vulnerable; and lastly the appendixes which provide step-by-step
instructions for various Linux distributions.
Chapter 1 is basically a refresher course for Linux experts as it
gives a brief overview of Linux, the built-in security controls and
the differences between Linux and other flavours of UNIX. If you think
that your Linux machine is not important enough to be cracked, you
will be convinced otherwise after reading the very first section.
As many attacks can be deterred by the same countermeasures, the
common ones are all detailed in chapter 2 so that readers are
acquainted with them early on. By doing this, it is hoped that readers
will be able to foresee which countermeasure to use when the attacks
are presented in later chapters before reading about the actual
countermeasure suggested by the authors. You are shown how to use
various tools to proactively scan your system for weak spots, harden
your system and recover from a break-in.
It's time to enter the cracker's mind in chapter 3 as we look at how
attackers target you and select you as the "lucky winner" for them to
spring their big surprise. You'll discover exactly the methods they
use to suss out your system, and get up close and personal with you.
Chapter 4 is all about how someone may sweet talk and con you into
trusting him with confidential information through social
engineering. As much as we would like to believe in utopia and that
humans are basically good, it is recommended that the best way to
protect ourselves is to be paranoid, sceptical, and untrusting. In
addition it also delves into Trojan horses, viruses and worms
including the recent Ramen Worm.
Next, chapter 5 warns that no matter how protected your machine is on the
network, it will never be secure as long as it can be easily
approached physically. You are reminded that boot access is root
access and never to casually throw away confidential documents as
dumpster-diving is becoming so popular that books
are written about how to do it.
Beginners may take longer to read chapter 6 as it covers attacks over
the network, and starts by going through the various network
protocols. It also explains about the IP packet header and TCP
header. It is necessary to understand these concepts before moving on
to chapter 7 where general network and network protocols abuses are
Sometimes system administrators may overlook securing the machine from
the normal user. Chapter 8 considers what the cracker may do to be
root once he's in your machine as one of the unprivilege users. It
then looks at the importance of passwords, how to crack and protect
them in chapter 9.
Later in the following chapter, we are advised never to underestimate
a cracker because they have many ingenious ways of covering their
tracks and installing backdoors for themselves. To be 100 percent sure
that there are no "extra goodies" left on your machine by the cracker
for himself, the only way is to do a complete reinstall.
The remaining three chapters talk about security issues with mail
servers - Sendmail, Postfix and Qmail, and FTP (servers, clients, and
protocol); web servers security focussing on configuring a secure
Apache web server, and programming secure CGIs; and how to control
which services are allowed to be accessed over the Internet. Chapter
13 also looks at inetd, xinetd, iptables and ipchains.
Step-by-step instructions are provided on how to install and upgrade
softwares on a variety of Linux distributions in appendix A. In the
next appendix, you are shown how to turn off services that you don't
require. A list of other online resources for your reference and to
keep yourself constantly updated follows. No book about security is
complete without presenting some case studies and HLE is not an
exception here. The final appendix examines three real world security
breaches which are kept anonymous. One may prefer to start reading
these case studies first to get a taste of what really happens in the
wild before "attacking" the book head-on.
As the book uses a down-to-earth writing style, I can almost hear the
authors speaking to me, advising me on how to secure my system, and
warning me of pitfalls. Without using a lot of jargons, the book can
be easily understood by home-users and experts alike. It truly
provides an all-round coverage of Linux security.
Although it only touches on Linux, it doesn't take much for
experienced system administrators to relate to similar events on other
flavours of Unix. By doing so, they could customise the
countermeasures and apply them to their actual platforms.
Special graphics are used throughout the book to enable readers to
easily pick up attack methods and countermeasures from a page crowded
with text. Important points are also highlighted using icons for
"Note", "Tip", and "Caution". Every attack has an overall risk rating
which comprises the frequency of the attacks appearing in the wild,
the level of skill required for executing the attack, and the severity
of damage which could be caused by the attack. This helps users to
prioritise which security holes to rectify first if there is a
shortage of time to cover all the holes.
Some reviewers are annoyed that this book does nothing to help correct
the misuse of the word "hacker" by the media and to promote the right
term "cracker". Although this may seem like a non-issue, real hackers
and purists may be offended that this mistake could be made by people
who should know better. The authors are not to be blamed for this as
they did use the term "cracker" when describing an attacker but this
was changed during the editing process. Only the following
sentence: "Unfortunately, the term hacker has been perverted from
those early days when it symbolized the quintessential programmers of
the world like Linus.." on page xxiv survived the cut to hint at the
real meaning of hacker. This is such a shame, for HLE could have
succeeded in righting the wrong among the masses. Hopefully for the
next edition, the correct term would be used.
Although this book will educate you on the techniques of attacks and
countermeasures but it is not a step-by-step guide. After reading
this, you will be wiser on the ways of the attackers but you may need
to refer to other sources to actually implement the countermeasures.
Some attacks included seem pretty obvious and may insult the
intelligence of the readers. For example, the warning that
confidential information shouldn't be made available on an
unrestricted web site as crackers may use these sensitive data to
their advantages. I believe that everyone who knows how to set up a
web site and surf the Web are aware that the Web is public and open to
It could do better by being more specific in certain cases such as
providing the exact early versions of the Apache web server which are
susceptible to the "double-dot" vulnerability. The countermeasure of
this security hole is to use the latest version of the Apache web
server. It would be helpful if we are told exactly from which Apache
version this hole has been patched.
Overall, this book presents attacks and countermeasures clearly and
succeeds in impressing upon users on the real danger of security
risks. It could be the book that popularise Linux security for
the general public. Linux users who have basic knowledge about
programming and networks but none so ever about security will benefit
the most from HLE. It will also help Linux system administrators in
their everyday work to be more alert. However, Linux beginners will
need to do extra reading on network protocols to truly appreciate
chapters 6 and 7. Experts on security may be interested to check this
book out for one or two things that they may have overlooked. So what
are you all waiting for? Get out now, grab this book and start
securing your system!