Slashdot Mirror

Alan Eibner submitted this review of Addison-Wesley's Open Source Web Development With LAMP. He writes "The number of books about Web development technologies is astounding. Some claim you can learn everything you need to know in 24 hours. Others require several complementary volumes in order to learn the subject. Why another web development book? And what sets this one apart from the rest?" Read on for the rest of Alan's chapter-by-chapter review. Update: 04/11 18:22 GMT by T : I'd called this an O'Reilly book rather than Addison-Wesley; sorry, now fixed. Open Source Web Development with LAMP author James Lee, Brent Ware pages 496 publisher Addison-Wesley rating 10 reviewer Alan Eibner ISBN 020177061X summary All the Open Source web technologies in one easy to read place.

Open Source Web Development with LAMP (henceforth OSWB) has a difficult goal: to teach you enough about all the LAMP (Linux, Apache, MySQL, Perl/Mod_Perl/PHP) technologies that you can start developing static and dynamic websites right away. How on earth can they cover so much in one ~500 page book, you ask?

The Theory The authors do not intend to teach every little bit about the web technologies they cover. No book binding is that strong, but the reason is more subtle than that. When you try to cover everything, you lose perspective about the pros and cons of the technologies.

Instead, the authors try to teach you enough about the technologies to hit the road running, and provide you pointers to websites, man pages, and other books where you can learn the pieces they don't cover. I think the authors' words themselves describe it best -- quoting from the Introduction:

"Based on experience, we believe that 80 percent of the utility of any complicated tool is the result of knowing 20 percent of the uses of that tool, whether that tool be software, hardware, mechanical, or electronic. Swiss Army knives are excellent and versatile tools, but most of the time, you just use the blade or the screwdriver.

The purpose of this book is to introduce you to that 20 percent -- the blade and the screwdriver -- that opens up the most functionality, and to make you aware of the remaining 80 percent so you can use the other tools when most appropriate."

This is the goal of the book -- a goal that I believe they fulfilled superbly.

The Authors James Lee is the lead author of OSWB. He's a Perl and Open Source trainer, programmer, hacker and who-knows-what-else at Onsight, Inc.. He's also co-author of Hacking Linux Exposed first and second editions. (./ review of HLE 2nd edition)

Brent Ware, co-author of OSWB, has a PhD in Physics, has done the Dot Com thing, failed to get independently wealthy, and now gets paid to play with lasers, but would rather be climbing mountains. He was also a contributing author to Hacking Linux Exposed.

(Descriptions are based on their Bios, intuition, and unsubstantiated rumors.)

The Book

• Part I: Structural
  • Chapter 1: The Web Explained
  • Chapter 2: Linux - the Choice of a GNU generation

    These two chapters are mainly here for folks new to Web development in a Linux/Non-Microsoft environment. They do a superb job of explaining why LAMP is a good solution for both technology and monetary reasons. A great read, especially for your manager who keeps asking why you shouldn't use some proprietary development tools. It also shows you what HTTP actually looks like, and the difference between static HTML, dynamic websites, and embedded web programming languages.

  • Chapter 3: Apache Webserver

    Next they provide information about configuring Apache, creating password-restricted access, and other security considerations. At about 20 pages, this is fast and concise, but contains all you really need to know when setting up your Apache server.

  • Chapter 4: Perl

    Following the 20/80 rule, the authors manage to teach you the Perl you'll need to know in order to generate web content. They don't go into things like creating network sockets, shared memory, or the Foo::Bar::Never::Necessary module. What you do get is all the I/O, flow control, datatypes, regexps, system access, scoping, best practices (use strict, etc), and enough OO to use modules that require it. (Database access via DBI is covered later, don't worry.)

  • Chapter 5: MySQL

    Here they teach you to install MySQL databases, tables, and enough SQL to do what you need to do. The examples are excellent and frequently amusing. This is also where the book starts to really begin its integration of multiple technologies. We'll be referring back here later when we start programming web front-ends to MySQL databases.

• Part II: Static
  • Chapter 6: WML

    For those that don't know, WML is the Website Meta Language. WML allows you to create static HTML files using a very powerful suite of pre-processing, macros, eperl, and HTML shortcuts. By creating site templates, WML can manage all your links and layout, leaving you to concentrate on the content of each page. OSWB is the only book I know of that discusses WML.

• Part III: Dynamic
  • Chapter 7: CGI

    First, the authors discuss how dynamic HTTP actually works -- GET/POST requests, variable passing, types of fields, and security implications. This will be important for all the remaining chapters of the book. The chapter then continues with a focus on perl and CGI.pm for CGI development, including a fully functional CGI/MySQL/DBI project.

  • Chapter 8: mod_perl

    For those who want to get more performance out of dynamic perl-created content, mod_perl is the answer. The authors explain the ways you can create mod_perl code, the differences between this and the CGI.pm environment, and then continue with a mod_perl MySQL/DBI project. This chapter is worth the cost of the book alone.

• Part IV: Embedded Languages
  • Chapter 9: Server Side Includes

    I think most people agree that SSI is pretty much dead, when compared to the more functional languages we have nowadays. The authors give a very complete synopsis in about 10 pages.

  • Chapter 10: Embperl
  • Chapter 11: Mason
  • Chapter 11: PHP

    If you want to use an embedded language (where the code is inside the HTML files themselves) then you're much more likely to use one of these three languages. I'd never heard of Embperl or Mason before, but they seem to be an excellent middle ground between CGI and mod_perl. They both are explained extremely well. Since they are based on Perl, much of the background was already covered in Chapter 4, so the authors concentrate on the important features, rather than the language constructs.

    PHP is, of course, completely different than Perl, and thus Chapter 11 needs to teach everything from the constructs and datatypes up to database integration. Yet somehow it manages to do so with ease. It also concludes with a database-driven project ripe for you to modify for your own needs.

Short notes

Some short comments that didn't seem to fit anywhere else in this review:

• Distro: OSWB does assume a Red Hat installation for its example configurations, but does a good job of remaining distro-agnostic aside from pathnames, and letting you know the differences you're likely to face.

• Humor: Lee and Ware are funny - reading this book is really enjoyable because they are constantly weaving humor into it.

• Security: Security is discussed whenever appropriate in the book, which is not a surprise, given the authors' association with Hacking Linux Exposed.

• Omissions: The "What We Didn't Talk About" section is excellent. Most books deny what they haven't covered. OSWB tells you exactly what they haven't taught you, and point you to the places you can get more information if you need it.

• Projects: The book has many projects that let you learn and experiment with the languages directly. Each one could serve as a branching-off point for your own website's needs.

• Integration: Since OSWB covers all the technologies, you don't have constant overlap or redundancies; that lets it stay lean and tight. For example WML allows you to include perl code, but since you already learned perl in Chapter 4 the authors don't need to start from the ground up. However, they do keep introducing us to new and neat features in all their subsequent code examples.

The Website

The OSWB website at OpenSourceWebBook.com is written in the languages they discuss, and all the original source code used to build the website and the rest of the code in the book is available for download. Snippets of the code for the website is shown as examples with commentary in the book, letting you really see how everything fits together. These guys fall squarely into the practice-what-you-preach category.

The Verdict By not trying to teach every nuance and advanced feature of each of these languages and technologies fully, you actually have a much better book. At the end you have an excellent understanding of what tools are out there, and can best choose the ones you should use for a given purpose. I came away from this book and immediately used a combination of WML templates + mod_perl + MySQL to create a very robust dynamic web application using only the info in the book and a few choice man pages.

I'd recommend this book both to nitty-gritty web developers, and also to non-techies who want to be able to understand the technologies that are out there, to help create informed decisions when starting any web development project.

You can purchase Open Source Web Development With LAMP from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

David Schaffter writes "I bought Hacking Linux Exposed when it first came out. What struck me about it at the time was that it was unlike the other hacking books that were out there. Most seemed to play on the hacker craze, and were essentially lists of cracks. Hacking Exposed, presumably the model for HLE, was very much like this. Topical, overblown, and in the end it was outdated by the time you got it." Read on to see what David finds has changed (or not) in the second edition. Hacking Linux Exposed, Second Edition author Brian Hatch, James Lee pages 720 publisher Osborne McGraw-Hill rating 10 reviewer David Schaffter ISBN 0072225645 summary This second edition of the best selling Hacking Linux Exposed shows you in great detail how to secure your Linux box - or break into one.

HLE on the other hand was much more like a good textbook -- it taught you how to think about security, to see how each problem was caused and how to combat them. As the years went by, my copy of HLE was still as useful as it was the day I got it. For this reason, I was skeptical what they could put into a second edition -- the first seemed to stand the passage of time just fine.

Nonetheless, I bought it, and was surprised to find that the second edition is even stronger than the first, yet they have made it still work on its own -- you don't need to buy the first edition to have a complete understanding of Linux security. You should probably read their reviews page which has links to reviews of the original, as well as the Slashdot review from last time which have detailed breakdowns of what you'll find. I'll concentrate on the changes in this review.

The new edition deprecates or cuts a lot of old material that is no longer applicable -- the emphasis is on OpenSSH configuration vulnerabilities, rather than RLogin/RSH/etc, for example, which is fine since no Linux system comes with Rlogin installed by default any more. The second edition is 100 actual pages longer, but due to the condensing of old material, it's effectively 200 pages longer at least. They took out some of the material that isn't needed in the paper copy and put it online too, which was a great idea.

So, from my perspective, here are the noticeable differences:

• More tools are covered in detail -- Exim gets equal play with Sendmail and friends, DJBDNS gets covered as much as BIND. (For configuration, that is. Nothing can match BIND for vulnerabilities.)

• There's a whole new Denial and Distributed Denial of Service chapter, that covers the gamut - much more than just your simple TCP-connect floods.

• There are three new chapters about post-system-compromise tricks the crackers will play on you, showing you exactly what kind of things you'll need to clean up if they get in. This stuff was absolutely amazing, and the authors could probably write a whole book on this if they wanted to.

• More distribution-specific information.

• Step-by-step instructions on how to patch and rebuild your kernel using the existing kernel configuration parameters, detailed enough that any newbie could do it. They have specific variants for Red Hat and Debian as well.

• The best discussion of network-based attacks (ARP spoofing, Man-in-the-middle, session hijacking, etc) in any book, anywhere. You could easily use the stuff in this chapter to take over Windows machines too.

• More custom tools and code than before.

• Just passing references to things like the Morris worm, the Ping of death, ipfwadm, and other hacks and tools that are so old and irrelevant today that they shouldn't be discussed in depth any more. They get their nod, but the authors spend quality time with things of current relevance only, rather than wasting the space just to make the book look thick.

• Even more integration with the website.

That last one needs a bit of explanation. Brian Hatch, the lead author of HLE, has a weekly security newsletter called Linux Security: Tips, Tricks, and Hackery. (You can read the article archives or subscribe.) These often have very detailed implementation instructions, such as installing DJBDNS and migrating away from BIND, using /proc to investigate cracker activities, and occasionally has contests too.

The nice thing is that Hatch has built up a body of free online instructions, and thus rather than copy and pasting them into HLE, he can point to the online articles from within the book. This saves lots of paper, and keeps you focused on the goal of the book -- to learn attack methodologies and how to stop them.

One thing that these guys prove in their book is that "code is speech." Rather than having wordy passages such as "The user then needs to run the command 'nc client-ip-address 80' on server 'freddie' from the /etc/ directory where client-ip-address is the actual ip address of the target, and type ..." they show it all through a command-line view, embedding this extra location and user information in the prompts and formatting (bold/italics/etc) like this

jdoe@freddie:/etc$ nc client_ip 80
GET /some/web/page
<head><title>This is some web page</title>
...

They always show you what's actually going on behind the scenes -- an actual SMTP or POP conversation for example -- so you know how things really work, rather than living in a black box where Nessus says "vulnerable" and you don't know how to determine it on your own.

Here's a very quick table of contents:

• Part I: Linux Security Overview
  • Chapter 1 -- Linux Security Overview
  • Chapter 2 -- Proactive Security Measures
  • Chapter 3 -- Mapping Your Machine and Network

• Part II: Breaking In from the Outside
  • Chapter 4 -- Social Engineering, Trojans, and Other Cracker Trickery
  • Chapter 5 -- Physical Attacks
  • Chapter 6 -- Attacking over the Network
  • Chapter 7 -- Advanced Network Attacks

• Part III: Local User Attacks
  • Chapter 8 -- Elevating User Privileges
  • Chapter 9 -- Linux Authentication

• Part IV: Server Issues
  • Chapter 10 -- Mail Security
  • Chapter 11 -- File Transfer Protocol Security
  • Chapter 12 -- Web Servers and Dynamic Content
  • Chapter 13 -- Access Control and Firewalls
  • Chapter 14 -- Denial of Service Attacks

• Part V: After a Break-In
  • Chapter 15 -- Covert Access
  • Chapter 16 -- Back Doors
  • Chapter 17 -- Advanced System Abuse

• Part VI: Appendixes
  • Appendix A -- Discovering and Recovering from an Attack
  • Appendix B -- Keeping Your Programs Current
  • Appendix C -- Turning Off Unneeded Software
  • Appendix D -- Case Studies

The HackingLinuxExposed.com website has a more complete list of contents, as well as a sample chapter.

The other nice thing is the authors have put all their source code, tools, and example cracks online for free download, released under the GPL. You may notice that you need to type a password to get in, but if you have half a hacking cell in your body, you'll find that the authors think a password requirement is stupid as we do.

If I could change one thing about this book, it would be the risk ratings. These are the dumbest things I've seen. These are little boxes at the beginning of each 'Attack' that list three values: "Popularity", "Simplicity" and "Impact." It then averages these and comes up with a risk rating. Since all the Hacking Exposed books have them, I can only assume it was a requirement of the publisher -- I don't know if Hatch and Lee care for them one bit, but I can tell you I find them useless. (Of course, I give this book a 10 in spite of this fact.)

These numbers are presented as quantitative, but it can't possibly be. I can argue giving many different values in each category, so what does this actually tell us? For example take open X11 servers. Impact could be 10 because you could type a root password that's intercepted, or it could be 7 because it only gives you user-level access. Popularity could be 3 if you say most people don't set it up this way, or you could say it's 9 because many crackers look for open servers. I'd rather they just used impact, gave it a scale of 1-10 and were done with it. The popularity and simplicity factors override the impact in too many cases to make the final value anything but specious.

Aside from that drawback, which is easily ignored, the book is absolutely solid.

When I was about to buy my copy, I noticed that the authors are donating all online proceeds to the Electronic Frontier Foundation, so you should order through their website, regardless what the Slashdot link may be. ;-)

In my opinion, there's no Linux user who should be without this book. It's 720 pages of answers you need to keep yourself secure from the blackhats, or 720 pages of ways to become a blackhat yourself, depending on your ethical alignment. Either way, you won't be able to put it down, except to type as you follow along.

If David did not convince you otherwise, you can purchase Hacking Linux Exposed, Second Edition from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

David Schaffter writes "I bought Hacking Linux Exposed when it first came out. What struck me about it at the time was that it was unlike the other hacking books that were out there. Most seemed to play on the hacker craze, and were essentially lists of cracks. Hacking Exposed, presumably the model for HLE, was very much like this. Topical, overblown, and in the end it was outdated by the time you got it." Read on to see what David finds has changed (or not) in the second edition. Hacking Linux Exposed, Second Edition author Brian Hatch, James Lee pages 720 publisher Osborne McGraw-Hill rating 10 reviewer David Schaffter ISBN 0072225645 summary This second edition of the best selling Hacking Linux Exposed shows you in great detail how to secure your Linux box - or break into one.

HLE on the other hand was much more like a good textbook -- it taught you how to think about security, to see how each problem was caused and how to combat them. As the years went by, my copy of HLE was still as useful as it was the day I got it. For this reason, I was skeptical what they could put into a second edition -- the first seemed to stand the passage of time just fine.

Nonetheless, I bought it, and was surprised to find that the second edition is even stronger than the first, yet they have made it still work on its own -- you don't need to buy the first edition to have a complete understanding of Linux security. You should probably read their reviews page which has links to reviews of the original, as well as the Slashdot review from last time which have detailed breakdowns of what you'll find. I'll concentrate on the changes in this review.

The new edition deprecates or cuts a lot of old material that is no longer applicable -- the emphasis is on OpenSSH configuration vulnerabilities, rather than RLogin/RSH/etc, for example, which is fine since no Linux system comes with Rlogin installed by default any more. The second edition is 100 actual pages longer, but due to the condensing of old material, it's effectively 200 pages longer at least. They took out some of the material that isn't needed in the paper copy and put it online too, which was a great idea.

So, from my perspective, here are the noticeable differences:

• More tools are covered in detail -- Exim gets equal play with Sendmail and friends, DJBDNS gets covered as much as BIND. (For configuration, that is. Nothing can match BIND for vulnerabilities.)

• There's a whole new Denial and Distributed Denial of Service chapter, that covers the gamut - much more than just your simple TCP-connect floods.

• There are three new chapters about post-system-compromise tricks the crackers will play on you, showing you exactly what kind of things you'll need to clean up if they get in. This stuff was absolutely amazing, and the authors could probably write a whole book on this if they wanted to.

• More distribution-specific information.

• Step-by-step instructions on how to patch and rebuild your kernel using the existing kernel configuration parameters, detailed enough that any newbie could do it. They have specific variants for Red Hat and Debian as well.

• The best discussion of network-based attacks (ARP spoofing, Man-in-the-middle, session hijacking, etc) in any book, anywhere. You could easily use the stuff in this chapter to take over Windows machines too.

• More custom tools and code than before.

• Just passing references to things like the Morris worm, the Ping of death, ipfwadm, and other hacks and tools that are so old and irrelevant today that they shouldn't be discussed in depth any more. They get their nod, but the authors spend quality time with things of current relevance only, rather than wasting the space just to make the book look thick.

• Even more integration with the website.

That last one needs a bit of explanation. Brian Hatch, the lead author of HLE, has a weekly security newsletter called Linux Security: Tips, Tricks, and Hackery. (You can read the article archives or subscribe.) These often have very detailed implementation instructions, such as installing DJBDNS and migrating away from BIND, using /proc to investigate cracker activities, and occasionally has contests too.

The nice thing is that Hatch has built up a body of free online instructions, and thus rather than copy and pasting them into HLE, he can point to the online articles from within the book. This saves lots of paper, and keeps you focused on the goal of the book -- to learn attack methodologies and how to stop them.

One thing that these guys prove in their book is that "code is speech." Rather than having wordy passages such as "The user then needs to run the command 'nc client-ip-address 80' on server 'freddie' from the /etc/ directory where client-ip-address is the actual ip address of the target, and type ..." they show it all through a command-line view, embedding this extra location and user information in the prompts and formatting (bold/italics/etc) like this

jdoe@freddie:/etc$ nc client_ip 80
GET /some/web/page
<head><title>This is some web page</title>
...

They always show you what's actually going on behind the scenes -- an actual SMTP or POP conversation for example -- so you know how things really work, rather than living in a black box where Nessus says "vulnerable" and you don't know how to determine it on your own.

Here's a very quick table of contents:

• Part I: Linux Security Overview
  • Chapter 1 -- Linux Security Overview
  • Chapter 2 -- Proactive Security Measures
  • Chapter 3 -- Mapping Your Machine and Network

• Part II: Breaking In from the Outside
  • Chapter 4 -- Social Engineering, Trojans, and Other Cracker Trickery
  • Chapter 5 -- Physical Attacks
  • Chapter 6 -- Attacking over the Network
  • Chapter 7 -- Advanced Network Attacks

• Part III: Local User Attacks
  • Chapter 8 -- Elevating User Privileges
  • Chapter 9 -- Linux Authentication

• Part IV: Server Issues
  • Chapter 10 -- Mail Security
  • Chapter 11 -- File Transfer Protocol Security
  • Chapter 12 -- Web Servers and Dynamic Content
  • Chapter 13 -- Access Control and Firewalls
  • Chapter 14 -- Denial of Service Attacks

• Part V: After a Break-In
  • Chapter 15 -- Covert Access
  • Chapter 16 -- Back Doors
  • Chapter 17 -- Advanced System Abuse

• Part VI: Appendixes
  • Appendix A -- Discovering and Recovering from an Attack
  • Appendix B -- Keeping Your Programs Current
  • Appendix C -- Turning Off Unneeded Software
  • Appendix D -- Case Studies

The HackingLinuxExposed.com website has a more complete list of contents, as well as a sample chapter.

The other nice thing is the authors have put all their source code, tools, and example cracks online for free download, released under the GPL. You may notice that you need to type a password to get in, but if you have half a hacking cell in your body, you'll find that the authors think a password requirement is stupid as we do.

If I could change one thing about this book, it would be the risk ratings. These are the dumbest things I've seen. These are little boxes at the beginning of each 'Attack' that list three values: "Popularity", "Simplicity" and "Impact." It then averages these and comes up with a risk rating. Since all the Hacking Exposed books have them, I can only assume it was a requirement of the publisher -- I don't know if Hatch and Lee care for them one bit, but I can tell you I find them useless. (Of course, I give this book a 10 in spite of this fact.)

These numbers are presented as quantitative, but it can't possibly be. I can argue giving many different values in each category, so what does this actually tell us? For example take open X11 servers. Impact could be 10 because you could type a root password that's intercepted, or it could be 7 because it only gives you user-level access. Popularity could be 3 if you say most people don't set it up this way, or you could say it's 9 because many crackers look for open servers. I'd rather they just used impact, gave it a scale of 1-10 and were done with it. The popularity and simplicity factors override the impact in too many cases to make the final value anything but specious.

Aside from that drawback, which is easily ignored, the book is absolutely solid.

When I was about to buy my copy, I noticed that the authors are donating all online proceeds to the Electronic Frontier Foundation, so you should order through their website, regardless what the Slashdot link may be. ;-)

In my opinion, there's no Linux user who should be without this book. It's 720 pages of answers you need to keep yourself secure from the blackhats, or 720 pages of ways to become a blackhat yourself, depending on your ethical alignment. Either way, you won't be able to put it down, except to type as you follow along.

If David did not convince you otherwise, you can purchase Hacking Linux Exposed, Second Edition from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

David Schaffter writes "I bought Hacking Linux Exposed when it first came out. What struck me about it at the time was that it was unlike the other hacking books that were out there. Most seemed to play on the hacker craze, and were essentially lists of cracks. Hacking Exposed, presumably the model for HLE, was very much like this. Topical, overblown, and in the end it was outdated by the time you got it." Read on to see what David finds has changed (or not) in the second edition. Hacking Linux Exposed, Second Edition author Brian Hatch, James Lee pages 720 publisher Osborne McGraw-Hill rating 10 reviewer David Schaffter ISBN 0072225645 summary This second edition of the best selling Hacking Linux Exposed shows you in great detail how to secure your Linux box - or break into one.

HLE on the other hand was much more like a good textbook -- it taught you how to think about security, to see how each problem was caused and how to combat them. As the years went by, my copy of HLE was still as useful as it was the day I got it. For this reason, I was skeptical what they could put into a second edition -- the first seemed to stand the passage of time just fine.

Nonetheless, I bought it, and was surprised to find that the second edition is even stronger than the first, yet they have made it still work on its own -- you don't need to buy the first edition to have a complete understanding of Linux security. You should probably read their reviews page which has links to reviews of the original, as well as the Slashdot review from last time which have detailed breakdowns of what you'll find. I'll concentrate on the changes in this review.

The new edition deprecates or cuts a lot of old material that is no longer applicable -- the emphasis is on OpenSSH configuration vulnerabilities, rather than RLogin/RSH/etc, for example, which is fine since no Linux system comes with Rlogin installed by default any more. The second edition is 100 actual pages longer, but due to the condensing of old material, it's effectively 200 pages longer at least. They took out some of the material that isn't needed in the paper copy and put it online too, which was a great idea.

So, from my perspective, here are the noticeable differences:

• More tools are covered in detail -- Exim gets equal play with Sendmail and friends, DJBDNS gets covered as much as BIND. (For configuration, that is. Nothing can match BIND for vulnerabilities.)

• There's a whole new Denial and Distributed Denial of Service chapter, that covers the gamut - much more than just your simple TCP-connect floods.

• There are three new chapters about post-system-compromise tricks the crackers will play on you, showing you exactly what kind of things you'll need to clean up if they get in. This stuff was absolutely amazing, and the authors could probably write a whole book on this if they wanted to.

• More distribution-specific information.

• Step-by-step instructions on how to patch and rebuild your kernel using the existing kernel configuration parameters, detailed enough that any newbie could do it. They have specific variants for Red Hat and Debian as well.

• The best discussion of network-based attacks (ARP spoofing, Man-in-the-middle, session hijacking, etc) in any book, anywhere. You could easily use the stuff in this chapter to take over Windows machines too.

• More custom tools and code than before.

• Just passing references to things like the Morris worm, the Ping of death, ipfwadm, and other hacks and tools that are so old and irrelevant today that they shouldn't be discussed in depth any more. They get their nod, but the authors spend quality time with things of current relevance only, rather than wasting the space just to make the book look thick.

• Even more integration with the website.

That last one needs a bit of explanation. Brian Hatch, the lead author of HLE, has a weekly security newsletter called Linux Security: Tips, Tricks, and Hackery. (You can read the article archives or subscribe.) These often have very detailed implementation instructions, such as installing DJBDNS and migrating away from BIND, using /proc to investigate cracker activities, and occasionally has contests too.

The nice thing is that Hatch has built up a body of free online instructions, and thus rather than copy and pasting them into HLE, he can point to the online articles from within the book. This saves lots of paper, and keeps you focused on the goal of the book -- to learn attack methodologies and how to stop them.

One thing that these guys prove in their book is that "code is speech." Rather than having wordy passages such as "The user then needs to run the command 'nc client-ip-address 80' on server 'freddie' from the /etc/ directory where client-ip-address is the actual ip address of the target, and type ..." they show it all through a command-line view, embedding this extra location and user information in the prompts and formatting (bold/italics/etc) like this

jdoe@freddie:/etc$ nc client_ip 80
GET /some/web/page
<head><title>This is some web page</title>
...

They always show you what's actually going on behind the scenes -- an actual SMTP or POP conversation for example -- so you know how things really work, rather than living in a black box where Nessus says "vulnerable" and you don't know how to determine it on your own.

Here's a very quick table of contents:

• Part I: Linux Security Overview
  • Chapter 1 -- Linux Security Overview
  • Chapter 2 -- Proactive Security Measures
  • Chapter 3 -- Mapping Your Machine and Network

• Part II: Breaking In from the Outside
  • Chapter 4 -- Social Engineering, Trojans, and Other Cracker Trickery
  • Chapter 5 -- Physical Attacks
  • Chapter 6 -- Attacking over the Network
  • Chapter 7 -- Advanced Network Attacks

• Part III: Local User Attacks
  • Chapter 8 -- Elevating User Privileges
  • Chapter 9 -- Linux Authentication

• Part IV: Server Issues
  • Chapter 10 -- Mail Security
  • Chapter 11 -- File Transfer Protocol Security
  • Chapter 12 -- Web Servers and Dynamic Content
  • Chapter 13 -- Access Control and Firewalls
  • Chapter 14 -- Denial of Service Attacks

• Part V: After a Break-In
  • Chapter 15 -- Covert Access
  • Chapter 16 -- Back Doors
  • Chapter 17 -- Advanced System Abuse

• Part VI: Appendixes
  • Appendix A -- Discovering and Recovering from an Attack
  • Appendix B -- Keeping Your Programs Current
  • Appendix C -- Turning Off Unneeded Software
  • Appendix D -- Case Studies

The HackingLinuxExposed.com website has a more complete list of contents, as well as a sample chapter.

The other nice thing is the authors have put all their source code, tools, and example cracks online for free download, released under the GPL. You may notice that you need to type a password to get in, but if you have half a hacking cell in your body, you'll find that the authors think a password requirement is stupid as we do.

If I could change one thing about this book, it would be the risk ratings. These are the dumbest things I've seen. These are little boxes at the beginning of each 'Attack' that list three values: "Popularity", "Simplicity" and "Impact." It then averages these and comes up with a risk rating. Since all the Hacking Exposed books have them, I can only assume it was a requirement of the publisher -- I don't know if Hatch and Lee care for them one bit, but I can tell you I find them useless. (Of course, I give this book a 10 in spite of this fact.)

These numbers are presented as quantitative, but it can't possibly be. I can argue giving many different values in each category, so what does this actually tell us? For example take open X11 servers. Impact could be 10 because you could type a root password that's intercepted, or it could be 7 because it only gives you user-level access. Popularity could be 3 if you say most people don't set it up this way, or you could say it's 9 because many crackers look for open servers. I'd rather they just used impact, gave it a scale of 1-10 and were done with it. The popularity and simplicity factors override the impact in too many cases to make the final value anything but specious.

Aside from that drawback, which is easily ignored, the book is absolutely solid.

When I was about to buy my copy, I noticed that the authors are donating all online proceeds to the Electronic Frontier Foundation, so you should order through their website, regardless what the Slashdot link may be. ;-)

In my opinion, there's no Linux user who should be without this book. It's 720 pages of answers you need to keep yourself secure from the blackhats, or 720 pages of ways to become a blackhat yourself, depending on your ethical alignment. Either way, you won't be able to put it down, except to type as you follow along.

If David did not convince you otherwise, you can purchase Hacking Linux Exposed, Second Edition from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

David Schaffter writes "I bought Hacking Linux Exposed when it first came out. What struck me about it at the time was that it was unlike the other hacking books that were out there. Most seemed to play on the hacker craze, and were essentially lists of cracks. Hacking Exposed, presumably the model for HLE, was very much like this. Topical, overblown, and in the end it was outdated by the time you got it." Read on to see what David finds has changed (or not) in the second edition. Hacking Linux Exposed, Second Edition author Brian Hatch, James Lee pages 720 publisher Osborne McGraw-Hill rating 10 reviewer David Schaffter ISBN 0072225645 summary This second edition of the best selling Hacking Linux Exposed shows you in great detail how to secure your Linux box - or break into one.

HLE on the other hand was much more like a good textbook -- it taught you how to think about security, to see how each problem was caused and how to combat them. As the years went by, my copy of HLE was still as useful as it was the day I got it. For this reason, I was skeptical what they could put into a second edition -- the first seemed to stand the passage of time just fine.

Nonetheless, I bought it, and was surprised to find that the second edition is even stronger than the first, yet they have made it still work on its own -- you don't need to buy the first edition to have a complete understanding of Linux security. You should probably read their reviews page which has links to reviews of the original, as well as the Slashdot review from last time which have detailed breakdowns of what you'll find. I'll concentrate on the changes in this review.

The new edition deprecates or cuts a lot of old material that is no longer applicable -- the emphasis is on OpenSSH configuration vulnerabilities, rather than RLogin/RSH/etc, for example, which is fine since no Linux system comes with Rlogin installed by default any more. The second edition is 100 actual pages longer, but due to the condensing of old material, it's effectively 200 pages longer at least. They took out some of the material that isn't needed in the paper copy and put it online too, which was a great idea.

So, from my perspective, here are the noticeable differences:

• More tools are covered in detail -- Exim gets equal play with Sendmail and friends, DJBDNS gets covered as much as BIND. (For configuration, that is. Nothing can match BIND for vulnerabilities.)

• There's a whole new Denial and Distributed Denial of Service chapter, that covers the gamut - much more than just your simple TCP-connect floods.

• There are three new chapters about post-system-compromise tricks the crackers will play on you, showing you exactly what kind of things you'll need to clean up if they get in. This stuff was absolutely amazing, and the authors could probably write a whole book on this if they wanted to.

• More distribution-specific information.

• Step-by-step instructions on how to patch and rebuild your kernel using the existing kernel configuration parameters, detailed enough that any newbie could do it. They have specific variants for Red Hat and Debian as well.

• The best discussion of network-based attacks (ARP spoofing, Man-in-the-middle, session hijacking, etc) in any book, anywhere. You could easily use the stuff in this chapter to take over Windows machines too.

• More custom tools and code than before.

• Just passing references to things like the Morris worm, the Ping of death, ipfwadm, and other hacks and tools that are so old and irrelevant today that they shouldn't be discussed in depth any more. They get their nod, but the authors spend quality time with things of current relevance only, rather than wasting the space just to make the book look thick.

• Even more integration with the website.

That last one needs a bit of explanation. Brian Hatch, the lead author of HLE, has a weekly security newsletter called Linux Security: Tips, Tricks, and Hackery. (You can read the article archives or subscribe.) These often have very detailed implementation instructions, such as installing DJBDNS and migrating away from BIND, using /proc to investigate cracker activities, and occasionally has contests too.

The nice thing is that Hatch has built up a body of free online instructions, and thus rather than copy and pasting them into HLE, he can point to the online articles from within the book. This saves lots of paper, and keeps you focused on the goal of the book -- to learn attack methodologies and how to stop them.

One thing that these guys prove in their book is that "code is speech." Rather than having wordy passages such as "The user then needs to run the command 'nc client-ip-address 80' on server 'freddie' from the /etc/ directory where client-ip-address is the actual ip address of the target, and type ..." they show it all through a command-line view, embedding this extra location and user information in the prompts and formatting (bold/italics/etc) like this

jdoe@freddie:/etc$ nc client_ip 80
GET /some/web/page
<head><title>This is some web page</title>
...

They always show you what's actually going on behind the scenes -- an actual SMTP or POP conversation for example -- so you know how things really work, rather than living in a black box where Nessus says "vulnerable" and you don't know how to determine it on your own.

Here's a very quick table of contents:

• Part I: Linux Security Overview
  • Chapter 1 -- Linux Security Overview
  • Chapter 2 -- Proactive Security Measures
  • Chapter 3 -- Mapping Your Machine and Network

• Part II: Breaking In from the Outside
  • Chapter 4 -- Social Engineering, Trojans, and Other Cracker Trickery
  • Chapter 5 -- Physical Attacks
  • Chapter 6 -- Attacking over the Network
  • Chapter 7 -- Advanced Network Attacks

• Part III: Local User Attacks
  • Chapter 8 -- Elevating User Privileges
  • Chapter 9 -- Linux Authentication

• Part IV: Server Issues
  • Chapter 10 -- Mail Security
  • Chapter 11 -- File Transfer Protocol Security
  • Chapter 12 -- Web Servers and Dynamic Content
  • Chapter 13 -- Access Control and Firewalls
  • Chapter 14 -- Denial of Service Attacks

• Part V: After a Break-In
  • Chapter 15 -- Covert Access
  • Chapter 16 -- Back Doors
  • Chapter 17 -- Advanced System Abuse

• Part VI: Appendixes
  • Appendix A -- Discovering and Recovering from an Attack
  • Appendix B -- Keeping Your Programs Current
  • Appendix C -- Turning Off Unneeded Software
  • Appendix D -- Case Studies

The HackingLinuxExposed.com website has a more complete list of contents, as well as a sample chapter.

The other nice thing is the authors have put all their source code, tools, and example cracks online for free download, released under the GPL. You may notice that you need to type a password to get in, but if you have half a hacking cell in your body, you'll find that the authors think a password requirement is stupid as we do.

If I could change one thing about this book, it would be the risk ratings. These are the dumbest things I've seen. These are little boxes at the beginning of each 'Attack' that list three values: "Popularity", "Simplicity" and "Impact." It then averages these and comes up with a risk rating. Since all the Hacking Exposed books have them, I can only assume it was a requirement of the publisher -- I don't know if Hatch and Lee care for them one bit, but I can tell you I find them useless. (Of course, I give this book a 10 in spite of this fact.)

These numbers are presented as quantitative, but it can't possibly be. I can argue giving many different values in each category, so what does this actually tell us? For example take open X11 servers. Impact could be 10 because you could type a root password that's intercepted, or it could be 7 because it only gives you user-level access. Popularity could be 3 if you say most people don't set it up this way, or you could say it's 9 because many crackers look for open servers. I'd rather they just used impact, gave it a scale of 1-10 and were done with it. The popularity and simplicity factors override the impact in too many cases to make the final value anything but specious.

Aside from that drawback, which is easily ignored, the book is absolutely solid.

When I was about to buy my copy, I noticed that the authors are donating all online proceeds to the Electronic Frontier Foundation, so you should order through their website, regardless what the Slashdot link may be. ;-)

In my opinion, there's no Linux user who should be without this book. It's 720 pages of answers you need to keep yourself secure from the blackhats, or 720 pages of ways to become a blackhat yourself, depending on your ethical alignment. Either way, you won't be able to put it down, except to type as you follow along.

If David did not convince you otherwise, you can purchase Hacking Linux Exposed, Second Edition from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

David Schaffter writes "I bought Hacking Linux Exposed when it first came out. What struck me about it at the time was that it was unlike the other hacking books that were out there. Most seemed to play on the hacker craze, and were essentially lists of cracks. Hacking Exposed, presumably the model for HLE, was very much like this. Topical, overblown, and in the end it was outdated by the time you got it." Read on to see what David finds has changed (or not) in the second edition. Hacking Linux Exposed, Second Edition author Brian Hatch, James Lee pages 720 publisher Osborne McGraw-Hill rating 10 reviewer David Schaffter ISBN 0072225645 summary This second edition of the best selling Hacking Linux Exposed shows you in great detail how to secure your Linux box - or break into one.

HLE on the other hand was much more like a good textbook -- it taught you how to think about security, to see how each problem was caused and how to combat them. As the years went by, my copy of HLE was still as useful as it was the day I got it. For this reason, I was skeptical what they could put into a second edition -- the first seemed to stand the passage of time just fine.

Nonetheless, I bought it, and was surprised to find that the second edition is even stronger than the first, yet they have made it still work on its own -- you don't need to buy the first edition to have a complete understanding of Linux security. You should probably read their reviews page which has links to reviews of the original, as well as the Slashdot review from last time which have detailed breakdowns of what you'll find. I'll concentrate on the changes in this review.

The new edition deprecates or cuts a lot of old material that is no longer applicable -- the emphasis is on OpenSSH configuration vulnerabilities, rather than RLogin/RSH/etc, for example, which is fine since no Linux system comes with Rlogin installed by default any more. The second edition is 100 actual pages longer, but due to the condensing of old material, it's effectively 200 pages longer at least. They took out some of the material that isn't needed in the paper copy and put it online too, which was a great idea.

So, from my perspective, here are the noticeable differences:

• More tools are covered in detail -- Exim gets equal play with Sendmail and friends, DJBDNS gets covered as much as BIND. (For configuration, that is. Nothing can match BIND for vulnerabilities.)

• There's a whole new Denial and Distributed Denial of Service chapter, that covers the gamut - much more than just your simple TCP-connect floods.

• There are three new chapters about post-system-compromise tricks the crackers will play on you, showing you exactly what kind of things you'll need to clean up if they get in. This stuff was absolutely amazing, and the authors could probably write a whole book on this if they wanted to.

• More distribution-specific information.

• Step-by-step instructions on how to patch and rebuild your kernel using the existing kernel configuration parameters, detailed enough that any newbie could do it. They have specific variants for Red Hat and Debian as well.

• The best discussion of network-based attacks (ARP spoofing, Man-in-the-middle, session hijacking, etc) in any book, anywhere. You could easily use the stuff in this chapter to take over Windows machines too.

• More custom tools and code than before.

• Just passing references to things like the Morris worm, the Ping of death, ipfwadm, and other hacks and tools that are so old and irrelevant today that they shouldn't be discussed in depth any more. They get their nod, but the authors spend quality time with things of current relevance only, rather than wasting the space just to make the book look thick.

• Even more integration with the website.

That last one needs a bit of explanation. Brian Hatch, the lead author of HLE, has a weekly security newsletter called Linux Security: Tips, Tricks, and Hackery. (You can read the article archives or subscribe.) These often have very detailed implementation instructions, such as installing DJBDNS and migrating away from BIND, using /proc to investigate cracker activities, and occasionally has contests too.

The nice thing is that Hatch has built up a body of free online instructions, and thus rather than copy and pasting them into HLE, he can point to the online articles from within the book. This saves lots of paper, and keeps you focused on the goal of the book -- to learn attack methodologies and how to stop them.

One thing that these guys prove in their book is that "code is speech." Rather than having wordy passages such as "The user then needs to run the command 'nc client-ip-address 80' on server 'freddie' from the /etc/ directory where client-ip-address is the actual ip address of the target, and type ..." they show it all through a command-line view, embedding this extra location and user information in the prompts and formatting (bold/italics/etc) like this

jdoe@freddie:/etc$ nc client_ip 80
GET /some/web/page
<head><title>This is some web page</title>
...

They always show you what's actually going on behind the scenes -- an actual SMTP or POP conversation for example -- so you know how things really work, rather than living in a black box where Nessus says "vulnerable" and you don't know how to determine it on your own.

Here's a very quick table of contents:

• Part I: Linux Security Overview
  • Chapter 1 -- Linux Security Overview
  • Chapter 2 -- Proactive Security Measures
  • Chapter 3 -- Mapping Your Machine and Network

• Part II: Breaking In from the Outside
  • Chapter 4 -- Social Engineering, Trojans, and Other Cracker Trickery
  • Chapter 5 -- Physical Attacks
  • Chapter 6 -- Attacking over the Network
  • Chapter 7 -- Advanced Network Attacks

• Part III: Local User Attacks
  • Chapter 8 -- Elevating User Privileges
  • Chapter 9 -- Linux Authentication

• Part IV: Server Issues
  • Chapter 10 -- Mail Security
  • Chapter 11 -- File Transfer Protocol Security
  • Chapter 12 -- Web Servers and Dynamic Content
  • Chapter 13 -- Access Control and Firewalls
  • Chapter 14 -- Denial of Service Attacks

• Part V: After a Break-In
  • Chapter 15 -- Covert Access
  • Chapter 16 -- Back Doors
  • Chapter 17 -- Advanced System Abuse

• Part VI: Appendixes
  • Appendix A -- Discovering and Recovering from an Attack
  • Appendix B -- Keeping Your Programs Current
  • Appendix C -- Turning Off Unneeded Software
  • Appendix D -- Case Studies

The HackingLinuxExposed.com website has a more complete list of contents, as well as a sample chapter.

The other nice thing is the authors have put all their source code, tools, and example cracks online for free download, released under the GPL. You may notice that you need to type a password to get in, but if you have half a hacking cell in your body, you'll find that the authors think a password requirement is stupid as we do.

If I could change one thing about this book, it would be the risk ratings. These are the dumbest things I've seen. These are little boxes at the beginning of each 'Attack' that list three values: "Popularity", "Simplicity" and "Impact." It then averages these and comes up with a risk rating. Since all the Hacking Exposed books have them, I can only assume it was a requirement of the publisher -- I don't know if Hatch and Lee care for them one bit, but I can tell you I find them useless. (Of course, I give this book a 10 in spite of this fact.)

These numbers are presented as quantitative, but it can't possibly be. I can argue giving many different values in each category, so what does this actually tell us? For example take open X11 servers. Impact could be 10 because you could type a root password that's intercepted, or it could be 7 because it only gives you user-level access. Popularity could be 3 if you say most people don't set it up this way, or you could say it's 9 because many crackers look for open servers. I'd rather they just used impact, gave it a scale of 1-10 and were done with it. The popularity and simplicity factors override the impact in too many cases to make the final value anything but specious.

Aside from that drawback, which is easily ignored, the book is absolutely solid.

When I was about to buy my copy, I noticed that the authors are donating all online proceeds to the Electronic Frontier Foundation, so you should order through their website, regardless what the Slashdot link may be. ;-)

In my opinion, there's no Linux user who should be without this book. It's 720 pages of answers you need to keep yourself secure from the blackhats, or 720 pages of ways to become a blackhat yourself, depending on your ethical alignment. Either way, you won't be able to put it down, except to type as you follow along.

If David did not convince you otherwise, you can purchase Hacking Linux Exposed, Second Edition from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

David Schaffter writes "I bought Hacking Linux Exposed when it first came out. What struck me about it at the time was that it was unlike the other hacking books that were out there. Most seemed to play on the hacker craze, and were essentially lists of cracks. Hacking Exposed, presumably the model for HLE, was very much like this. Topical, overblown, and in the end it was outdated by the time you got it." Read on to see what David finds has changed (or not) in the second edition. Hacking Linux Exposed, Second Edition author Brian Hatch, James Lee pages 720 publisher Osborne McGraw-Hill rating 10 reviewer David Schaffter ISBN 0072225645 summary This second edition of the best selling Hacking Linux Exposed shows you in great detail how to secure your Linux box - or break into one.

HLE on the other hand was much more like a good textbook -- it taught you how to think about security, to see how each problem was caused and how to combat them. As the years went by, my copy of HLE was still as useful as it was the day I got it. For this reason, I was skeptical what they could put into a second edition -- the first seemed to stand the passage of time just fine.

Nonetheless, I bought it, and was surprised to find that the second edition is even stronger than the first, yet they have made it still work on its own -- you don't need to buy the first edition to have a complete understanding of Linux security. You should probably read their reviews page which has links to reviews of the original, as well as the Slashdot review from last time which have detailed breakdowns of what you'll find. I'll concentrate on the changes in this review.

The new edition deprecates or cuts a lot of old material that is no longer applicable -- the emphasis is on OpenSSH configuration vulnerabilities, rather than RLogin/RSH/etc, for example, which is fine since no Linux system comes with Rlogin installed by default any more. The second edition is 100 actual pages longer, but due to the condensing of old material, it's effectively 200 pages longer at least. They took out some of the material that isn't needed in the paper copy and put it online too, which was a great idea.

So, from my perspective, here are the noticeable differences:

• More tools are covered in detail -- Exim gets equal play with Sendmail and friends, DJBDNS gets covered as much as BIND. (For configuration, that is. Nothing can match BIND for vulnerabilities.)

• There's a whole new Denial and Distributed Denial of Service chapter, that covers the gamut - much more than just your simple TCP-connect floods.

• There are three new chapters about post-system-compromise tricks the crackers will play on you, showing you exactly what kind of things you'll need to clean up if they get in. This stuff was absolutely amazing, and the authors could probably write a whole book on this if they wanted to.

• More distribution-specific information.

• Step-by-step instructions on how to patch and rebuild your kernel using the existing kernel configuration parameters, detailed enough that any newbie could do it. They have specific variants for Red Hat and Debian as well.

• The best discussion of network-based attacks (ARP spoofing, Man-in-the-middle, session hijacking, etc) in any book, anywhere. You could easily use the stuff in this chapter to take over Windows machines too.

• More custom tools and code than before.

• Just passing references to things like the Morris worm, the Ping of death, ipfwadm, and other hacks and tools that are so old and irrelevant today that they shouldn't be discussed in depth any more. They get their nod, but the authors spend quality time with things of current relevance only, rather than wasting the space just to make the book look thick.

• Even more integration with the website.

That last one needs a bit of explanation. Brian Hatch, the lead author of HLE, has a weekly security newsletter called Linux Security: Tips, Tricks, and Hackery. (You can read the article archives or subscribe.) These often have very detailed implementation instructions, such as installing DJBDNS and migrating away from BIND, using /proc to investigate cracker activities, and occasionally has contests too.

The nice thing is that Hatch has built up a body of free online instructions, and thus rather than copy and pasting them into HLE, he can point to the online articles from within the book. This saves lots of paper, and keeps you focused on the goal of the book -- to learn attack methodologies and how to stop them.

One thing that these guys prove in their book is that "code is speech." Rather than having wordy passages such as "The user then needs to run the command 'nc client-ip-address 80' on server 'freddie' from the /etc/ directory where client-ip-address is the actual ip address of the target, and type ..." they show it all through a command-line view, embedding this extra location and user information in the prompts and formatting (bold/italics/etc) like this

jdoe@freddie:/etc$ nc client_ip 80
GET /some/web/page
<head><title>This is some web page</title>
...

They always show you what's actually going on behind the scenes -- an actual SMTP or POP conversation for example -- so you know how things really work, rather than living in a black box where Nessus says "vulnerable" and you don't know how to determine it on your own.

Here's a very quick table of contents:

• Part I: Linux Security Overview
  • Chapter 1 -- Linux Security Overview
  • Chapter 2 -- Proactive Security Measures
  • Chapter 3 -- Mapping Your Machine and Network

• Part II: Breaking In from the Outside
  • Chapter 4 -- Social Engineering, Trojans, and Other Cracker Trickery
  • Chapter 5 -- Physical Attacks
  • Chapter 6 -- Attacking over the Network
  • Chapter 7 -- Advanced Network Attacks

• Part III: Local User Attacks
  • Chapter 8 -- Elevating User Privileges
  • Chapter 9 -- Linux Authentication

• Part IV: Server Issues
  • Chapter 10 -- Mail Security
  • Chapter 11 -- File Transfer Protocol Security
  • Chapter 12 -- Web Servers and Dynamic Content
  • Chapter 13 -- Access Control and Firewalls
  • Chapter 14 -- Denial of Service Attacks

• Part V: After a Break-In
  • Chapter 15 -- Covert Access
  • Chapter 16 -- Back Doors
  • Chapter 17 -- Advanced System Abuse

• Part VI: Appendixes
  • Appendix A -- Discovering and Recovering from an Attack
  • Appendix B -- Keeping Your Programs Current
  • Appendix C -- Turning Off Unneeded Software
  • Appendix D -- Case Studies

The HackingLinuxExposed.com website has a more complete list of contents, as well as a sample chapter.

The other nice thing is the authors have put all their source code, tools, and example cracks online for free download, released under the GPL. You may notice that you need to type a password to get in, but if you have half a hacking cell in your body, you'll find that the authors think a password requirement is stupid as we do.

If I could change one thing about this book, it would be the risk ratings. These are the dumbest things I've seen. These are little boxes at the beginning of each 'Attack' that list three values: "Popularity", "Simplicity" and "Impact." It then averages these and comes up with a risk rating. Since all the Hacking Exposed books have them, I can only assume it was a requirement of the publisher -- I don't know if Hatch and Lee care for them one bit, but I can tell you I find them useless. (Of course, I give this book a 10 in spite of this fact.)

These numbers are presented as quantitative, but it can't possibly be. I can argue giving many different values in each category, so what does this actually tell us? For example take open X11 servers. Impact could be 10 because you could type a root password that's intercepted, or it could be 7 because it only gives you user-level access. Popularity could be 3 if you say most people don't set it up this way, or you could say it's 9 because many crackers look for open servers. I'd rather they just used impact, gave it a scale of 1-10 and were done with it. The popularity and simplicity factors override the impact in too many cases to make the final value anything but specious.

Aside from that drawback, which is easily ignored, the book is absolutely solid.

When I was about to buy my copy, I noticed that the authors are donating all online proceeds to the Electronic Frontier Foundation, so you should order through their website, regardless what the Slashdot link may be. ;-)

In my opinion, there's no Linux user who should be without this book. It's 720 pages of answers you need to keep yourself secure from the blackhats, or 720 pages of ways to become a blackhat yourself, depending on your ethical alignment. Either way, you won't be able to put it down, except to type as you follow along.

If David did not convince you otherwise, you can purchase Hacking Linux Exposed, Second Edition from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

David Schaffter writes "I bought Hacking Linux Exposed when it first came out. What struck me about it at the time was that it was unlike the other hacking books that were out there. Most seemed to play on the hacker craze, and were essentially lists of cracks. Hacking Exposed, presumably the model for HLE, was very much like this. Topical, overblown, and in the end it was outdated by the time you got it." Read on to see what David finds has changed (or not) in the second edition. Hacking Linux Exposed, Second Edition author Brian Hatch, James Lee pages 720 publisher Osborne McGraw-Hill rating 10 reviewer David Schaffter ISBN 0072225645 summary This second edition of the best selling Hacking Linux Exposed shows you in great detail how to secure your Linux box - or break into one.

HLE on the other hand was much more like a good textbook -- it taught you how to think about security, to see how each problem was caused and how to combat them. As the years went by, my copy of HLE was still as useful as it was the day I got it. For this reason, I was skeptical what they could put into a second edition -- the first seemed to stand the passage of time just fine.

Nonetheless, I bought it, and was surprised to find that the second edition is even stronger than the first, yet they have made it still work on its own -- you don't need to buy the first edition to have a complete understanding of Linux security. You should probably read their reviews page which has links to reviews of the original, as well as the Slashdot review from last time which have detailed breakdowns of what you'll find. I'll concentrate on the changes in this review.

The new edition deprecates or cuts a lot of old material that is no longer applicable -- the emphasis is on OpenSSH configuration vulnerabilities, rather than RLogin/RSH/etc, for example, which is fine since no Linux system comes with Rlogin installed by default any more. The second edition is 100 actual pages longer, but due to the condensing of old material, it's effectively 200 pages longer at least. They took out some of the material that isn't needed in the paper copy and put it online too, which was a great idea.

So, from my perspective, here are the noticeable differences:

• More tools are covered in detail -- Exim gets equal play with Sendmail and friends, DJBDNS gets covered as much as BIND. (For configuration, that is. Nothing can match BIND for vulnerabilities.)

• There's a whole new Denial and Distributed Denial of Service chapter, that covers the gamut - much more than just your simple TCP-connect floods.

• There are three new chapters about post-system-compromise tricks the crackers will play on you, showing you exactly what kind of things you'll need to clean up if they get in. This stuff was absolutely amazing, and the authors could probably write a whole book on this if they wanted to.

• More distribution-specific information.

• Step-by-step instructions on how to patch and rebuild your kernel using the existing kernel configuration parameters, detailed enough that any newbie could do it. They have specific variants for Red Hat and Debian as well.

• The best discussion of network-based attacks (ARP spoofing, Man-in-the-middle, session hijacking, etc) in any book, anywhere. You could easily use the stuff in this chapter to take over Windows machines too.

• More custom tools and code than before.

• Just passing references to things like the Morris worm, the Ping of death, ipfwadm, and other hacks and tools that are so old and irrelevant today that they shouldn't be discussed in depth any more. They get their nod, but the authors spend quality time with things of current relevance only, rather than wasting the space just to make the book look thick.

• Even more integration with the website.

That last one needs a bit of explanation. Brian Hatch, the lead author of HLE, has a weekly security newsletter called Linux Security: Tips, Tricks, and Hackery. (You can read the article archives or subscribe.) These often have very detailed implementation instructions, such as installing DJBDNS and migrating away from BIND, using /proc to investigate cracker activities, and occasionally has contests too.

The nice thing is that Hatch has built up a body of free online instructions, and thus rather than copy and pasting them into HLE, he can point to the online articles from within the book. This saves lots of paper, and keeps you focused on the goal of the book -- to learn attack methodologies and how to stop them.

One thing that these guys prove in their book is that "code is speech." Rather than having wordy passages such as "The user then needs to run the command 'nc client-ip-address 80' on server 'freddie' from the /etc/ directory where client-ip-address is the actual ip address of the target, and type ..." they show it all through a command-line view, embedding this extra location and user information in the prompts and formatting (bold/italics/etc) like this

jdoe@freddie:/etc$ nc client_ip 80
GET /some/web/page
<head><title>This is some web page</title>
...

They always show you what's actually going on behind the scenes -- an actual SMTP or POP conversation for example -- so you know how things really work, rather than living in a black box where Nessus says "vulnerable" and you don't know how to determine it on your own.

Here's a very quick table of contents:

• Part I: Linux Security Overview
  • Chapter 1 -- Linux Security Overview
  • Chapter 2 -- Proactive Security Measures
  • Chapter 3 -- Mapping Your Machine and Network

• Part II: Breaking In from the Outside
  • Chapter 4 -- Social Engineering, Trojans, and Other Cracker Trickery
  • Chapter 5 -- Physical Attacks
  • Chapter 6 -- Attacking over the Network
  • Chapter 7 -- Advanced Network Attacks

• Part III: Local User Attacks
  • Chapter 8 -- Elevating User Privileges
  • Chapter 9 -- Linux Authentication

• Part IV: Server Issues
  • Chapter 10 -- Mail Security
  • Chapter 11 -- File Transfer Protocol Security
  • Chapter 12 -- Web Servers and Dynamic Content
  • Chapter 13 -- Access Control and Firewalls
  • Chapter 14 -- Denial of Service Attacks

• Part V: After a Break-In
  • Chapter 15 -- Covert Access
  • Chapter 16 -- Back Doors
  • Chapter 17 -- Advanced System Abuse

• Part VI: Appendixes
  • Appendix A -- Discovering and Recovering from an Attack
  • Appendix B -- Keeping Your Programs Current
  • Appendix C -- Turning Off Unneeded Software
  • Appendix D -- Case Studies

The HackingLinuxExposed.com website has a more complete list of contents, as well as a sample chapter.

The other nice thing is the authors have put all their source code, tools, and example cracks online for free download, released under the GPL. You may notice that you need to type a password to get in, but if you have half a hacking cell in your body, you'll find that the authors think a password requirement is stupid as we do.

If I could change one thing about this book, it would be the risk ratings. These are the dumbest things I've seen. These are little boxes at the beginning of each 'Attack' that list three values: "Popularity", "Simplicity" and "Impact." It then averages these and comes up with a risk rating. Since all the Hacking Exposed books have them, I can only assume it was a requirement of the publisher -- I don't know if Hatch and Lee care for them one bit, but I can tell you I find them useless. (Of course, I give this book a 10 in spite of this fact.)

These numbers are presented as quantitative, but it can't possibly be. I can argue giving many different values in each category, so what does this actually tell us? For example take open X11 servers. Impact could be 10 because you could type a root password that's intercepted, or it could be 7 because it only gives you user-level access. Popularity could be 3 if you say most people don't set it up this way, or you could say it's 9 because many crackers look for open servers. I'd rather they just used impact, gave it a scale of 1-10 and were done with it. The popularity and simplicity factors override the impact in too many cases to make the final value anything but specious.

Aside from that drawback, which is easily ignored, the book is absolutely solid.

When I was about to buy my copy, I noticed that the authors are donating all online proceeds to the Electronic Frontier Foundation, so you should order through their website, regardless what the Slashdot link may be. ;-)

In my opinion, there's no Linux user who should be without this book. It's 720 pages of answers you need to keep yourself secure from the blackhats, or 720 pages of ways to become a blackhat yourself, depending on your ethical alignment. Either way, you won't be able to put it down, except to type as you follow along.

If David did not convince you otherwise, you can purchase Hacking Linux Exposed, Second Edition from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

David Schaffter writes "I bought Hacking Linux Exposed when it first came out. What struck me about it at the time was that it was unlike the other hacking books that were out there. Most seemed to play on the hacker craze, and were essentially lists of cracks. Hacking Exposed, presumably the model for HLE, was very much like this. Topical, overblown, and in the end it was outdated by the time you got it." Read on to see what David finds has changed (or not) in the second edition. Hacking Linux Exposed, Second Edition author Brian Hatch, James Lee pages 720 publisher Osborne McGraw-Hill rating 10 reviewer David Schaffter ISBN 0072225645 summary This second edition of the best selling Hacking Linux Exposed shows you in great detail how to secure your Linux box - or break into one.

HLE on the other hand was much more like a good textbook -- it taught you how to think about security, to see how each problem was caused and how to combat them. As the years went by, my copy of HLE was still as useful as it was the day I got it. For this reason, I was skeptical what they could put into a second edition -- the first seemed to stand the passage of time just fine.

Nonetheless, I bought it, and was surprised to find that the second edition is even stronger than the first, yet they have made it still work on its own -- you don't need to buy the first edition to have a complete understanding of Linux security. You should probably read their reviews page which has links to reviews of the original, as well as the Slashdot review from last time which have detailed breakdowns of what you'll find. I'll concentrate on the changes in this review.

The new edition deprecates or cuts a lot of old material that is no longer applicable -- the emphasis is on OpenSSH configuration vulnerabilities, rather than RLogin/RSH/etc, for example, which is fine since no Linux system comes with Rlogin installed by default any more. The second edition is 100 actual pages longer, but due to the condensing of old material, it's effectively 200 pages longer at least. They took out some of the material that isn't needed in the paper copy and put it online too, which was a great idea.

So, from my perspective, here are the noticeable differences:

• More tools are covered in detail -- Exim gets equal play with Sendmail and friends, DJBDNS gets covered as much as BIND. (For configuration, that is. Nothing can match BIND for vulnerabilities.)

• There's a whole new Denial and Distributed Denial of Service chapter, that covers the gamut - much more than just your simple TCP-connect floods.

• There are three new chapters about post-system-compromise tricks the crackers will play on you, showing you exactly what kind of things you'll need to clean up if they get in. This stuff was absolutely amazing, and the authors could probably write a whole book on this if they wanted to.

• More distribution-specific information.

• Step-by-step instructions on how to patch and rebuild your kernel using the existing kernel configuration parameters, detailed enough that any newbie could do it. They have specific variants for Red Hat and Debian as well.

• The best discussion of network-based attacks (ARP spoofing, Man-in-the-middle, session hijacking, etc) in any book, anywhere. You could easily use the stuff in this chapter to take over Windows machines too.

• More custom tools and code than before.

• Just passing references to things like the Morris worm, the Ping of death, ipfwadm, and other hacks and tools that are so old and irrelevant today that they shouldn't be discussed in depth any more. They get their nod, but the authors spend quality time with things of current relevance only, rather than wasting the space just to make the book look thick.

• Even more integration with the website.

That last one needs a bit of explanation. Brian Hatch, the lead author of HLE, has a weekly security newsletter called Linux Security: Tips, Tricks, and Hackery. (You can read the article archives or subscribe.) These often have very detailed implementation instructions, such as installing DJBDNS and migrating away from BIND, using /proc to investigate cracker activities, and occasionally has contests too.

The nice thing is that Hatch has built up a body of free online instructions, and thus rather than copy and pasting them into HLE, he can point to the online articles from within the book. This saves lots of paper, and keeps you focused on the goal of the book -- to learn attack methodologies and how to stop them.

One thing that these guys prove in their book is that "code is speech." Rather than having wordy passages such as "The user then needs to run the command 'nc client-ip-address 80' on server 'freddie' from the /etc/ directory where client-ip-address is the actual ip address of the target, and type ..." they show it all through a command-line view, embedding this extra location and user information in the prompts and formatting (bold/italics/etc) like this

jdoe@freddie:/etc$ nc client_ip 80
GET /some/web/page
<head><title>This is some web page</title>
...

They always show you what's actually going on behind the scenes -- an actual SMTP or POP conversation for example -- so you know how things really work, rather than living in a black box where Nessus says "vulnerable" and you don't know how to determine it on your own.

Here's a very quick table of contents:

• Part I: Linux Security Overview
  • Chapter 1 -- Linux Security Overview
  • Chapter 2 -- Proactive Security Measures
  • Chapter 3 -- Mapping Your Machine and Network

• Part II: Breaking In from the Outside
  • Chapter 4 -- Social Engineering, Trojans, and Other Cracker Trickery
  • Chapter 5 -- Physical Attacks
  • Chapter 6 -- Attacking over the Network
  • Chapter 7 -- Advanced Network Attacks

• Part III: Local User Attacks
  • Chapter 8 -- Elevating User Privileges
  • Chapter 9 -- Linux Authentication

• Part IV: Server Issues
  • Chapter 10 -- Mail Security
  • Chapter 11 -- File Transfer Protocol Security
  • Chapter 12 -- Web Servers and Dynamic Content
  • Chapter 13 -- Access Control and Firewalls
  • Chapter 14 -- Denial of Service Attacks

• Part V: After a Break-In
  • Chapter 15 -- Covert Access
  • Chapter 16 -- Back Doors
  • Chapter 17 -- Advanced System Abuse

• Part VI: Appendixes
  • Appendix A -- Discovering and Recovering from an Attack
  • Appendix B -- Keeping Your Programs Current
  • Appendix C -- Turning Off Unneeded Software
  • Appendix D -- Case Studies

The HackingLinuxExposed.com website has a more complete list of contents, as well as a sample chapter.

The other nice thing is the authors have put all their source code, tools, and example cracks online for free download, released under the GPL. You may notice that you need to type a password to get in, but if you have half a hacking cell in your body, you'll find that the authors think a password requirement is stupid as we do.

If I could change one thing about this book, it would be the risk ratings. These are the dumbest things I've seen. These are little boxes at the beginning of each 'Attack' that list three values: "Popularity", "Simplicity" and "Impact." It then averages these and comes up with a risk rating. Since all the Hacking Exposed books have them, I can only assume it was a requirement of the publisher -- I don't know if Hatch and Lee care for them one bit, but I can tell you I find them useless. (Of course, I give this book a 10 in spite of this fact.)

These numbers are presented as quantitative, but it can't possibly be. I can argue giving many different values in each category, so what does this actually tell us? For example take open X11 servers. Impact could be 10 because you could type a root password that's intercepted, or it could be 7 because it only gives you user-level access. Popularity could be 3 if you say most people don't set it up this way, or you could say it's 9 because many crackers look for open servers. I'd rather they just used impact, gave it a scale of 1-10 and were done with it. The popularity and simplicity factors override the impact in too many cases to make the final value anything but specious.

Aside from that drawback, which is easily ignored, the book is absolutely solid.

When I was about to buy my copy, I noticed that the authors are donating all online proceeds to the Electronic Frontier Foundation, so you should order through their website, regardless what the Slashdot link may be. ;-)

In my opinion, there's no Linux user who should be without this book. It's 720 pages of answers you need to keep yourself secure from the blackhats, or 720 pages of ways to become a blackhat yourself, depending on your ethical alignment. Either way, you won't be able to put it down, except to type as you follow along.

If David did not convince you otherwise, you can purchase Hacking Linux Exposed, Second Edition from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

David Schaffter writes "I bought Hacking Linux Exposed when it first came out. What struck me about it at the time was that it was unlike the other hacking books that were out there. Most seemed to play on the hacker craze, and were essentially lists of cracks. Hacking Exposed, presumably the model for HLE, was very much like this. Topical, overblown, and in the end it was outdated by the time you got it." Read on to see what David finds has changed (or not) in the second edition. Hacking Linux Exposed, Second Edition author Brian Hatch, James Lee pages 720 publisher Osborne McGraw-Hill rating 10 reviewer David Schaffter ISBN 0072225645 summary This second edition of the best selling Hacking Linux Exposed shows you in great detail how to secure your Linux box - or break into one.

HLE on the other hand was much more like a good textbook -- it taught you how to think about security, to see how each problem was caused and how to combat them. As the years went by, my copy of HLE was still as useful as it was the day I got it. For this reason, I was skeptical what they could put into a second edition -- the first seemed to stand the passage of time just fine.

Nonetheless, I bought it, and was surprised to find that the second edition is even stronger than the first, yet they have made it still work on its own -- you don't need to buy the first edition to have a complete understanding of Linux security. You should probably read their reviews page which has links to reviews of the original, as well as the Slashdot review from last time which have detailed breakdowns of what you'll find. I'll concentrate on the changes in this review.

The new edition deprecates or cuts a lot of old material that is no longer applicable -- the emphasis is on OpenSSH configuration vulnerabilities, rather than RLogin/RSH/etc, for example, which is fine since no Linux system comes with Rlogin installed by default any more. The second edition is 100 actual pages longer, but due to the condensing of old material, it's effectively 200 pages longer at least. They took out some of the material that isn't needed in the paper copy and put it online too, which was a great idea.

So, from my perspective, here are the noticeable differences:

• More tools are covered in detail -- Exim gets equal play with Sendmail and friends, DJBDNS gets covered as much as BIND. (For configuration, that is. Nothing can match BIND for vulnerabilities.)

• There's a whole new Denial and Distributed Denial of Service chapter, that covers the gamut - much more than just your simple TCP-connect floods.

• There are three new chapters about post-system-compromise tricks the crackers will play on you, showing you exactly what kind of things you'll need to clean up if they get in. This stuff was absolutely amazing, and the authors could probably write a whole book on this if they wanted to.

• More distribution-specific information.

• Step-by-step instructions on how to patch and rebuild your kernel using the existing kernel configuration parameters, detailed enough that any newbie could do it. They have specific variants for Red Hat and Debian as well.

• The best discussion of network-based attacks (ARP spoofing, Man-in-the-middle, session hijacking, etc) in any book, anywhere. You could easily use the stuff in this chapter to take over Windows machines too.

• More custom tools and code than before.

• Just passing references to things like the Morris worm, the Ping of death, ipfwadm, and other hacks and tools that are so old and irrelevant today that they shouldn't be discussed in depth any more. They get their nod, but the authors spend quality time with things of current relevance only, rather than wasting the space just to make the book look thick.

• Even more integration with the website.

That last one needs a bit of explanation. Brian Hatch, the lead author of HLE, has a weekly security newsletter called Linux Security: Tips, Tricks, and Hackery. (You can read the article archives or subscribe.) These often have very detailed implementation instructions, such as installing DJBDNS and migrating away from BIND, using /proc to investigate cracker activities, and occasionally has contests too.

The nice thing is that Hatch has built up a body of free online instructions, and thus rather than copy and pasting them into HLE, he can point to the online articles from within the book. This saves lots of paper, and keeps you focused on the goal of the book -- to learn attack methodologies and how to stop them.

One thing that these guys prove in their book is that "code is speech." Rather than having wordy passages such as "The user then needs to run the command 'nc client-ip-address 80' on server 'freddie' from the /etc/ directory where client-ip-address is the actual ip address of the target, and type ..." they show it all through a command-line view, embedding this extra location and user information in the prompts and formatting (bold/italics/etc) like this

jdoe@freddie:/etc$ nc client_ip 80
GET /some/web/page
<head><title>This is some web page</title>
...

They always show you what's actually going on behind the scenes -- an actual SMTP or POP conversation for example -- so you know how things really work, rather than living in a black box where Nessus says "vulnerable" and you don't know how to determine it on your own.

Here's a very quick table of contents:

• Part I: Linux Security Overview
  • Chapter 1 -- Linux Security Overview
  • Chapter 2 -- Proactive Security Measures
  • Chapter 3 -- Mapping Your Machine and Network

• Part II: Breaking In from the Outside
  • Chapter 4 -- Social Engineering, Trojans, and Other Cracker Trickery
  • Chapter 5 -- Physical Attacks
  • Chapter 6 -- Attacking over the Network
  • Chapter 7 -- Advanced Network Attacks

• Part III: Local User Attacks
  • Chapter 8 -- Elevating User Privileges
  • Chapter 9 -- Linux Authentication

• Part IV: Server Issues
  • Chapter 10 -- Mail Security
  • Chapter 11 -- File Transfer Protocol Security
  • Chapter 12 -- Web Servers and Dynamic Content
  • Chapter 13 -- Access Control and Firewalls
  • Chapter 14 -- Denial of Service Attacks

• Part V: After a Break-In
  • Chapter 15 -- Covert Access
  • Chapter 16 -- Back Doors
  • Chapter 17 -- Advanced System Abuse

• Part VI: Appendixes
  • Appendix A -- Discovering and Recovering from an Attack
  • Appendix B -- Keeping Your Programs Current
  • Appendix C -- Turning Off Unneeded Software
  • Appendix D -- Case Studies

The HackingLinuxExposed.com website has a more complete list of contents, as well as a sample chapter.

The other nice thing is the authors have put all their source code, tools, and example cracks online for free download, released under the GPL. You may notice that you need to type a password to get in, but if you have half a hacking cell in your body, you'll find that the authors think a password requirement is stupid as we do.

If I could change one thing about this book, it would be the risk ratings. These are the dumbest things I've seen. These are little boxes at the beginning of each 'Attack' that list three values: "Popularity", "Simplicity" and "Impact." It then averages these and comes up with a risk rating. Since all the Hacking Exposed books have them, I can only assume it was a requirement of the publisher -- I don't know if Hatch and Lee care for them one bit, but I can tell you I find them useless. (Of course, I give this book a 10 in spite of this fact.)

These numbers are presented as quantitative, but it can't possibly be. I can argue giving many different values in each category, so what does this actually tell us? For example take open X11 servers. Impact could be 10 because you could type a root password that's intercepted, or it could be 7 because it only gives you user-level access. Popularity could be 3 if you say most people don't set it up this way, or you could say it's 9 because many crackers look for open servers. I'd rather they just used impact, gave it a scale of 1-10 and were done with it. The popularity and simplicity factors override the impact in too many cases to make the final value anything but specious.

Aside from that drawback, which is easily ignored, the book is absolutely solid.

When I was about to buy my copy, I noticed that the authors are donating all online proceeds to the Electronic Frontier Foundation, so you should order through their website, regardless what the Slashdot link may be. ;-)

In my opinion, there's no Linux user who should be without this book. It's 720 pages of answers you need to keep yourself secure from the blackhats, or 720 pages of ways to become a blackhat yourself, depending on your ethical alignment. Either way, you won't be able to put it down, except to type as you follow along.

If David did not convince you otherwise, you can purchase Hacking Linux Exposed, Second Edition from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Reader Bob Johnson wrote this detailed review of Hacking Exposed followup Hacking Linux Exposed -- especially in light of the various color-coded Windows viruses still on the loose, this might be a good present for your your local Windows administrator as well, but both Bob and the authors are clear: GNU/Linux systems may be more resistant, but are not immune to cracking. Hacking Linux Exposed author Brian Hatch, James Lee, George Kurtz pages 566 publisher Osborne/McGraw-hill rating 8.5 reviewer Bob Johnson. ISBN 0072127732 summary The definitive Linux/Unix security and hacking text; follows in the full-disclosure footsteps of Hacking Exposed. What it is

While the recent Code Red worms and their offspring have taken center stage, it is not time for Linux administrators to sit on their behinds and say 'told you so.' Yes, our Unix systems may have been immune, but let us not forget the flurry of worms that came after Ramen made the scene early this year.

Most folks have heard of Hacking Exposed, the ground-breaking security book that is now coming out with a 3rd edition. One of the HE authors, George Kurtz, teamed up with two leading security experts to bring us Hacking Linux Exposed which was released in April of this year.

Hacking Linux Exposed teaches you about security from the cracker's point of view. to give you all you need to know to protect your own systems. It is written by security experts who have seen these attacks in the wild and have been protecting their own systems from them. It gives many examples of attacks, but it also teaches you how attacks of various forms occur in general, giving you a true understanding of vulnerabilities current, future, and theoretical.

The book itself is organized into four parts, each discussing a specific aspect of system security in depth.

Contents Part I begins with Unix permission models, such as passwords, file (user/group/other) modes, capabilities, limits, and other security features built into Linux. Though the authors claim this chapter is 'to get those Windows users up to speed' I found details about things I didn't know about, having been administering Linux systems for several years.

The authors then move onto proactive measures that can be taken to protect your system, under the theory that you shouldn't be reading the entire book before you start securing your systems. This section primes you with security procedures that will be referenced later in the book multiple times, and keeping it all contained seems a very logical organization. Topics include log analysis, system security scanners, hardening tools and patches. The chapter is ended with a step-by-step discussion of what to do should you suffer a break-in. While they strongly suggest a reinstall, and describe all the problems and pitfalls that brings, they acknowledge when business needs may conflict, and how to deal with differing requirements.

Rounding out the first part we move onto a chapter showing how crackers find out information about your machines and network. Naturally it includes the standard port-scanning tools, ping sweepers, and OS detection software, as well as network (in)security scanners such as SAINT, Nessus, and SARA. New administrators will learn a lot from discussions of information leakage through SNMP, DNS, whois, and even newsgroups. I believe this is the only book I have ever read to start a chapter with a piece of email Spam for educational purposes.

Part II talks about how crackers can get into your machine from the outside. We begin with a chapter entitled "Social Engineering, Trojans, and Other Hacker Trickery." This chapter is dedicated to various methods that are not necessarily code-related. The social-engineering angle is broken down into several categories, explaining the human insecurities that are most effective at getting people to give out inappropriate access or information, complete with frighteningly simple examples. The discussion of Trojans reminds us that everything may not be what it seems, such as the trojaned version of tcpd back in 1999, and explains how not to be taken advantage of by using checksums, pgp signatures, and the like. It ends with a discussion of worms. A discussion of the Ramen worm is included (the book was published very soon after this worm was released) as is a prediction that other worms may be on the horizon, which turned out to be all too true.

Next we move onto physical attacks that are used to gain access to systems, or helpful information. You are reminded how lax your office environment is (yes, we all have at least one sticky note with some password, somewhere) perhaps more than necessary. However when discussing console access, the authors return to instantly-implementable countermeasures to keep folks from walking up, rebooting, and dropping into single user mode, including a bit on encrypted filesystems.

Next comes a chapter devoted to attacks launched over the network. True to the overall style of the book, this isn't simply a list of the various POP/IMAP/Sendmail hacks over the years, but rather examples of different classes of attacks, such as wardialing, X servers, buffer overflows, denial of service attacks, sniffers, and automated password guessers. The information provided should help you prevent the known attacks and those that haven't been written yet that operate on similar principles.

The last chapter of Part II discusses attacks based on abuse of the network and network protocols themselves. We learn about abuses of DNS, routing protocols, and advanced sniffing and session hijacking that can be used to funnel your traffic through an attacker's machine without your knowledge, often without any loss in service. Man in the middle attacks against SSH and SSL are also well explained, and critical for anyone to understand before blindly clicking 'ok' to PKI-based warnings. The chapter ends with a discussion of the hazards IP-based trust relationships, and how to properly implement ingress and egress filtering.

All the topics to this point have been geared to keeping the attacker off of your system. In Part III, the authors move on to how an attacker that has already gotten onto your machine in some way will ultimately hack the root account.

We begin with PATH and permissions problems, insecurities with suid/sgid and custom root-run scripts, and common problems with poor sudo configuration (including a script you could use to allow limited editing of /etc/passwd via sudo safely.) It continues with local buffer overflow, format string vulnerabilities, race conditions, and hard/symbolic link problems. A very good chapter for anyone writing code, in addition to security administrators.

Chapter 9 is devoted to password cracking techniques and programs, such as Crack, John the Ripper, and pointers to useful word lists. Shadow passwords, including expiration information, is explained, as well as other systems that use passwords such as Apache .htpasswd files. Lastly, they describe good methods of choosing and enforcing strong passwords via PAM.

Chapter 10 shows you all the evils an attacker can do to your system after having cracked root. This chapter reads like a ringing wake-up call if you think a machine can be properly resecured once it has been compromised. The authors show some simplistic methods a hacker can use to maintain access, such as modifications of .rhosts, read/write nfs exports, and suid root shells, to more advanced methods such as the use of SSH authorized_keys which are suprisingly still not part of most script-kiddies arsenal. It then moves onto several methods of creating a network-accessible root shell (a wacky custom one is written in perl and netcat). The rest of the chapter is devoted to trojaning a system by replacing/recompiling new versions of system programs (netstat/ls/etc) which can be used to hide an attacker's activities. Loadable kernel modules which can do the same, but are potentially undetectable are discussed, complete with code. This chapter could have been titled 'How to build your own rootkit' given the detail they provide.

The last main part of the book discusses firewalls, web, mail, and ftp servers in detail. The server room is still where Linux is most often deployed, and the authors decided to give extensive detail about how to secure these commonly-provided services.

Chapter 11 discusses mail and ftp security, services that are most frequently run by the buggiest of software. However, the authors don't waste their time listing the insecurities that have existed in each product over the years (which would have taken several books) but instead look at current problems in implementations and the protocols themselves. For the mail section, it was refreshing to see that Postfix and Qmail were given equal air time along with Sendmail The authors described attacks that affect Sendmail, Postfix, and Qmail, showing the necessary fix for each mail server. The FTP section began the actual workings of the FTP protocol in both Active and Passive modes to allow you to understand the problems with the protocol itself and how it can be used for FTP bounce attacks, penetrating poorly-designed firewalls, and how data hijacking can occur.

Chapter 12 discusses both webserver configuration issues (Apache being the most prominent) and server-side dynamic content insecurities. The authors show you how to trim overly-permissive configuration options that are enabled by default, protect your HTTP authentication files, tighten proxy settings, decide where symlinks are appropriate, and more. The CGI (mod_perl, etc) section does a good job of showing you common pitfalls you or the programmers you support make every day that can lead to a compromise.

The last chapter of the book discusses how you can enable access controls and firewall rules to keep the bad guys off of your machine. They discuss TCP Wrappers along with inetd, xinetd, and even how to integrate them into your own daemons. They give detailed examples of how you can implement packet filters on your machine. It was nice to see iptables described as prominently as ipchains, especially since the 2.4 kernel was barely out when they released the book.

The last section of the book is the appendices. The first discusses the package management systems of various Linux distributions (RedHat, Debian, Slackware) and how to install/upgrade/verify your packages. The next details how to see what services you are running and how to turn them off, again describing distribution-specific methods where appropriate. The last appendix consists of three actual-hack case studies. If you've read Hacking Exposed then you're familiar with the 1-2 page case study at the beginning of each chapter. Here they included much lengthier case studies, including the code the attackers used. The increased length works much better, and provides a good view into these attacker's methods.

Presentation This book is very well organized, and includes the right combination of discussion and code. They made frequent use of special 'Caution', 'Note' and 'Tip' graphics to emphasis specific issues, and each attack begins with a 'Risk Rating' that lets you understand which attacks should be secured first as you attempt to implement all the countermeasures they make. No issue was brought up without a specific countermeasure you can implement today.

Many security books out there focus on various tools available to attackers, and read like a shopping cart with occasional text interspersed. This book focuses on the attack methods themselves, rather than the tools. As such it contains information about cracking programs where appropriate, and reads more like an educational journey of hacking methods. When many similar tools are available, only a few are described in depth, and eliminating duplication when possible, leaving you with the right information to decide which tool or tools are best for you.

One of the things that I really appreciated about this book is how the authors will start off topics with home-grown examples before discussing advanced security tools. For example, the authors give you a simple shell script that could function as a crude file integrity checker to provide you a clear method of understanding the concept before going onto detailed configuration examples of tripwire, Aide, and others. While they do not take up much space for these primers, usually half a page or so, they are excellent examples of speaking through code, rather than magician wave-of-the-hand explanations.

Conclusion Hacking Linux Exposed is a very good read. It does a great job of staying focused and interesting, without skimping on the actual details you need to secure your systems and understand the threats. The countermeasures are real and specific, allowing administrators to use this book as a tool to secure their own systems.

At many times I wished that the book were more Unix-centric than simply Linux centric. Many of the issues are similar, and the countermeasures would simply be broken down into *BSD vs Linux vs Solaris, etc. However that would have made reading the countermeasures a bit more difficult. As it is, many of the issues have similar or identical countermeasures, regardless of OS, so administrators should be able to extend what is said to their Unix OS of choice without too much trouble.

The Linux focus allows the authors to get much more in depth than they were able to in Hacking Exposed, which was disjointed at times, unable to really probe each issue. However the opposite is also true --- since they wanted to focus on Linux-specific attacks, they do not go into general attacks, such as JavaScript, cross site scripting, and other browser-related problems, for example. For these types of attacks you should look elsewhere. I think keeping the focus clean is very much worth it.

Beginning administrators may find some of the lead-up lacking in places. For example someone who is not very knowledgeable about IP may have trouble understanding some of the sophisticated network abuses and malformed packets described. However this is to be expected. This book is not standalone, nor should it be. If the HLE authors included enough information to adequately describe every nuance of IP packets then that'd be a disservice to those who already have a copy of W. Richard Stevens, and would needlessly add weight to a book that is supposed to stay focused on hacking.

The book has a website that includes all the source code in the book, released under the GPL, as well as some tools they wrote which they didn't feel belonged in the book itself. They also have book corrections on the website, as well as sections they had wished to put in the book that were rejected by the editor, such as their stance on the "Hacking vs Cracking" semantics debate, and why "Linux is Securable" (as opposed to Windows.) Needless to say, these folks won't be employed by Microsoft in the near future.

I highly recommend this book. You'll have ready-to-implement measures that can keep you busy for some time securing your systems. You'll learn a lot on the journey. And I look forward to seeing "Hacking Windows 2000 Exposed" later this year --- I can only assume it'll say "Install Linux."

You can purchase this book at FatBrain.