You may also be interested in reading extracts of the book. We have PDFs of the case studies, Chapter 1 from HLEv1 Chapter 1 from HLEv2, and LinuxWorld has a copy of Appendix A "Detecting and Recovering From an Attack" online.
Part I: Linux Security Overview
- Chapter 1
Linux Security Overview- Why They Want to Root Your Box
- The Open Source Movement
- Open Source and Security
- Linux Users
- /etc/passwd
- How to Place Controls on Users
- Other Security Controls
- Signals
- Privileged Ports
- Virtual Memory Management
- System Logging
- /etc/securetty
- chrooting
- Using Linux Capabilities to Reduce the Risks of root
- Poorly Written Code
- Failing to Drop Privileges
- Buffer Overflows
- Format String Bugs
- Race Conditions
- Auditing Tools
- Summary
- Chapter 2
Proactive Security Measures- Security Scanners
- System Security Scanners
- Network Security Scanning
- Scan Detectors
- Hardening Your System
- Log File Analysis
- Syslog Messages
- Scanning Your Log Files
- Log Analysis Suites
- Common Log-Related Attacks
- Filesystem Integrity Checks
- Generating Checksums and Permissions Databases
- Existing File Integrity Tools
- Summary
- Chapter 3
Mapping Your Machine and Network- Online Searches
- Whois Databases
- Ping Sweeps
- DNS Issues
- Example DNS Lookups
- DNS Query Security Issues
- Determining Nameserver Characteristics
- DNSSEC
- Traceroutes
- Port Scanning
- OS Detection
- Active Stack Fingerprinting
- Passive Stack Fingerprinting
- Enumerating RPC Services
- File Sharing with NFS
- Simple Network Management Protocol (SNMP)
- Network Insecurity Scanners
- Summary
Part II: Breaking In from the Outside
- Chapter 4
Social Engineering, Trojans, and Other Cracker Trickery- Social Engineering
- Social Engineering Categories
- What to Do to Avoid Being Socially Engineered
- Crackers Do Their Homework
- Trojan Horses
- Methods of Trojan Delivery
- Other Trojans
- Viruses and Worms
- How Viruses and Worms Spread
- Viruses and Linux
- Worms and Linux
- Summary
- Chapter 5
Physical Attacks- Attacking the Office
- Boot Access Is Root Access
- Boot Loaders
- Rebooting from the Terminal
- Encrypted Filesystems
- Summary
- Chapter 6
Attacking over the Network- Using the Network
- TCP/IP Networks
- Public Phone Networks
- Network-Accessible Vulnerabilities
- Programming Errors in Network Daemons
- Default or Bad Configurations
- X Windows System
- Attacks Against OpenSSH
- Attacks Against Network Clients
- Default Passwords
- Sniffing Traffic
- How Sniffers Work
- Common Sniffers
- Guessing Passwords
- Summary
- Chapter 7
Advanced Network Attacks- Domain Name Service Exploits
- Routing Issues
- Advanced Sniffing and Session Hijacking
- Hunt
- Dsniff
- Man-in-the-Middle Attacks
- Abusing Trust Relationships
- Cracking Wireless LANs
- Protecting Wireless LANs with VPNs
- Implementing Egress Filtering
- Summary
Part III: Local User Attacks
- Chapter 8
Elevating User Privileges- Users and Privileges
- Elevation of Privilege
- System Investigation
- Password Storage and Use
- Trusted Paths and Trojan Horses
- Sudo
- Locally Exploitable Programs
- sXid Programs
- Race Conditions
- Hardlinks and Symlinks
- Input Validation
- Kernel-Based Attacks
- Summary
- Chapter 9
Linux Authentication- How Passwords Work in Linux
- Keys and Salts
- The DES Algorithm
- The MD5 Algorithm
- Other Algorithms
- Password-Cracking Programs
- Availability of Wordlists
- Pluggable Authentication Modules
- PAM Configuration
- Brute-Force Password-Guessing Attacks
- Password Protection
- Authenticating NonShell Linux Programs
- Apache Password Files
- Samba
- MySQL
- Summary
Part IV: Server Issues
- Chapter 10
Mail Security- Mail Transfer Agents
- Sendmail
- Qmail
- Postfix
- Exim
- Mail Server Insecurities
- Summary
- Chapter 11
File Transfer Protocol Security- FTP Software History
- The FTP Protocol Explained
- Sample FTP Session
- Active Mode FTP
- Passive Mode FTP
- Port Scanning Through Third-Party FTP Servers
- Enabling Third-Party FTP
- Insecure Stateful FTP Firewall Rules
- Anonymous FTP Problems
- Summary
- Chapter 12
Web Servers and Dynamic Content- Making an HTTP Request
- The Apache Web Server
- Apache Configuration
- Apache Log Files
- Problems with CGI Programs
- Insecure CGI Programs
- Insecure CGI Configuration
- PHP
- Other Linux Web Servers
- Summary
- Chapter 13
Access Control and Firewalls- An Overview of Inetd and Xinetd
- Inetd
- Xinetd
- Firewalls: Kernel-Level Access Control
- Linux Packet Filtering
- Blocking Specific Network Access
- Firewall Strategy
- Firewall Products
- Summary
- Chapter 14
Denial of Service Attacks- Kernel DoS Attacks
- Network Floods
- Packet Magnification Attacks
- Distributed Denial of Service Attacks
- Local Resource Exhaustion Attacks
- Summary
Part V: After a Break-In
- Chapter 15
Covert Access- Trail Hiding
- Trojaned System Programs
- OS Trickery
- Hiding Network Access
- Summary
- Chapter 16
Back Doors- Host-Based Authentication and User Access
- Creating and Modifying Accounts
- Putting Back Doors into Existing Accounts
- Passwordless Logons with SSH
- Network Accessible Root Shells
- Trojan Back Doors
- Summary
- Chapter 17
Advanced System Abuse- Kernel Hacks
- Weakening the Linux Kernel
- Rootkits
- Summary
Part VI: Appendixes
- Appendix A
Discovering and Recovering from an Attack- How to Know When You've Been Cracked
- What to Do After a Break-In
- Mitigating Concerns
- Summary
- Appendix B
Keeping Your Programs Current- Updating RPM Packages
- Updating Debian Packages
- Updating Slackware Packages
- Upgrading Your Kernel
- Facing Your Fears
- Reboot
- Kernel-Related Web Sites
- Appendix C
Turning Off Unneeded Software- Runlevels
- The /etc/rc#.d Directories
- Turning Off Specific Services
- Red Hat
- Debian
- SuSE
- Inetd/Xinetd Network Services
- Svscan services
- Identifying Network Daemons
- Appendix D
Case Studies- Case Studies 1-3 (available online here)
- Case Study 4