Hacking Linux Exposed deals with security-related threats to Linux systems.
Past months' Linux worms and the shell
server compromise of sourceforge.net, leading to the crack of several
open-source sites, have reminded us that not even Linux systems are
invulnerable to malevolent attackers. Three leading computer security
experts published Hacking Exposed in 1999. The book is a thorough
dissertation on cracking and was followed up by a second edition in
2000. This year George Kurtz, coauthor of Hacking Exposed, teamed
up with two leading Linux security experts to bring us Hacking Linux
Exposed.
Hacking Linux Exposed deals with security-related threats to
Linux systems. It's a book for practitioners by practitioners,
with an emphasis on practice rather than theory. The book provides an
overview of various security-related issues. To this end, it has been
organized into four parts. Each part deals with a distinct aspect of
systems' security and is in turn broken into several chapters.
Contents
Part I is the system administrator's inside view of
systems' security. It deals with how he or she can prevent the
cracker from intruding, starting with an examination of the basic
security features built into Linux. This is a look at users, groups,
file permissions, etc., from a security point of view. While this should
be old news to a systems administrator, this angle into the matter may
shed some new light on the topic. The authors then progress to proactive
measures and recovering from break-ins. Tools to both search for system
vulnerabilities in order to harden a Linux installation and to reveal
system compromises are dealt with. Part I is rounded off with a chapter
on how a cracker would go about mapping and enumerating your systems in
preparation for an attack.
We can make our systems as secure as we want, but there will
always be methods of gaining what is considered legal access from
the system's point of view. Part II deals with how a cracker
could gain such access. Access may be gained in several ways, and the
important lesson here is that you can never be too paranoid. Crackers
will do anything to gain access, whether it is physical access to your
facilities or access through the network. Almost an entire chapter is
devoted to social engineering. Worms also receive due attention.
Once malevolent users gain access to a system, their next step will be
to elevate their privileges. Local user attacks is the topic of Part
III. An entire chapter is dedicated to Linux password systems. For
those ever wondering about shadow passwords and PAM, look no further. I
particularly like that the authors target attacks against poor programming
in this part of the book. Part III ends with an entire chapter on how
the cracker can go about maintaining access to an already compromised
system. This chapter is particularly useful as it can be read as an
introduction to the clues a cracker would leave behind on a compromised
system.
While the compromise of a workstation may be bad enough, it is far
worse when a server is compromised. Servers play a far more important
role in an organization, and server downtime affects more than a single
individual. Part IV is devoted to the three major services that Linux
supports in both large farms and the kid's bedroom--mail,
FTP and Web. General security-related issues are explored along with
application-specific issues, including some of the most popular server
software like sendmail, postfix, WU-FTP and more. Part IV concludes with
a look at access control at the network layer. Both local-access control
through the inet dæmon and TCP wrappers, as well as external-access
control with firewalls are discussed.
The fifth and final part consists of four appendices. The first
two appendices, ``Keeping Your Programs Current'' and
``Turning Off Unneeded Services'', contain distribution-specific
material. Appendix C deals with on-line resources, while the final
appendix provides case studies. The case studies are in-depth descriptions
of how three crackers have broken into computers.
Presentation
The book is both well structured and well written. It is scattered
with gems of computer-security wisdom. I especially like the use of
caution and note callouts to emphasize important issues. Each chapter
consists of a number of security-related threats to Linux systems, ways to
exploit a threat and existing countermeasures. The use of sample scenarios
helps clarify the threat and often sheds additional light on the text.
As an aid to understanding the risks involved, all exploits
are accompanied by a risk rating. The risk rating is based on the
exploit's popularity, how hard it is to perform and the impact
it has on the target system. While such figures will always be somewhat
arbitrary--it's incredibly hard to come up with any good and
exhaustive metrics to measure such factors--the risk rating provides
an indication of the overall risk involved with a security-related threat.
A book on computer security would never be complete without descriptions
of the tools involved. Both tools to exploit a weakness and tools to
fend off and guard oneself against hostile attacks are covered on a
per-threat basis. When dealing with the tools, the authors are brief and
to the point. This is, after all, a book on computer security as a whole,
not a tool tutorial.
I would have expected the authors to explain their use of the term
hacking, especially when writing for a Linux audience. We all know how
particular some of us are with the hacking vs. cracking issue. In the
authors' defense, it has to be said that the original manuscript
did contain a section on just this issue, but it was deemed extraneous
by the editor and removed.
Conclusion
Hacking Linux Exposed is a good read and a great introduction
to computer security on the Linux platform. More than that, it is a
great reference work for the more experienced systems administrator. As
the authors fairly quickly jump to rather technical material and assume
some knowledge of both networking and Linux systems, the book is not
ideally suited for the complete Linux neophyte. However, I am of the
firm opinion that for a freshman wanting to learn more, the book is
perfectly suited as a guide to further reading.
I'm not overly sure I'd recommend the book as a general
introduction for those completely new to computer security. For that
I'd recommend a book like Hacking Exposed, which is a
better all-around introduction to computer security. Don't let
the two books' similarities in cover and title fool you. There are
major differences between them. The problem with Hacking Exposed
is that it's somewhat lacking in the department of Linux-specific
solutions. Hacking Linux Exposed amends this. The two books should
be considered complementary.
Hacking Linux Exposed is easy to read. The authors have done a
very good job of providing an overview of security-related threats to
the Linux platform and how best to avoid falling prey to them. As such,
I greatly recommend the book to systems administrators and Linux users
who want to learn more about how to secure their systems.
The Good/The Bad
Thomas Østerlie (thomas.osterlie@consultit.no) is
a consultant with Norwegian-based consulting company ConsultIT A/S,
where he works with server-side systems development for UNIX platforms
and with computer security.
| 
