Hacking Linux Exposed: Linux Security Secrets & Solutions
by Bri Hatch, James Lee, and George Kurtz
Osborne McGraw-Hill 2001

ISBN: 0-07-212773-2
Pages: 566
Price: $39.99

Review by Joe "Zonker" Brockmeier

I have one big gripe with this book: the misuse of the term "hacker." For people who should know better to use the term "hacker" when describing those who attack systems is very disappointing. The proper term is "cracker," which may seem like nitpicking, but to many people, it's like calling an arsonist a "fireman." I've learned to tolerate this mistake and not grit my teeth when it is made by marketing folks or reporters who don't usually cover computer stories--but from security experts, I expect better.

However, overall, I like this book. It's a great beginner's book to Linux security, and doesn't assume that you have a mastery of the system. The book does have some flaws that keep it from being a great book, which I imagine are due to the fast pace of technical publishing and the fact that it's a product of a team of authors instead one or two authors. Other than the hacker faux pas, I also noticed a number of small errors throughout the book. For instance, in the discussion of package managers for Linux, they refer to "TuxTops" as a distribution. This isn't critical, but it is sloppy. (For those who aren't familiar, TuxTops was a company that manufactured Linux laptops, and also made a go at customizing distros for laptops. They don't, however, make a distinct Linux distro.)

On the plus side, I'm glad to see a book that discusses Linux security without glossing over the basics or assuming that everyone in the world knows what a buffer overflow is. Sure, if you've been using Linux for a while, you already know how to turn off services and install packages, and if you follow security, you've heard of buffer overflows. However, the Linux community is growing at a rapid pace with newbies who want to learn. This book will be of great help to them, despite its small flaws.

The chapter on turning off unneeded services is very useful for beginners, and if I had my way, it would be included with every Linux distribution on bright orange paper with "Read This First" stamped at the top. I do wish the authors would have covered Slackware and Debian in this section as well, but the basic concepts are the same.

The book covers tightening security on FTP and Mail, Web services, password cracking and elevating privileges, social engineering, and much more. Chapter 2 is dedicated to proactive maintenance and recovering from an attack. For newbies, this chapter is essential, as it describes how to tell you've been cracked and how to clean up. In many cases, new Linux users may not even realize they've been rooted unless the cracker does something obvious like deleting the filetree or defacing a Web site.

Chapter 4, "Social Engineering, Trojans, and Other Hacker Trickery," has some very good advice and examples of social engineering that have allowed crackers access to systems without any special computer knowledge. This is an often overlooked area of security that is just as important as using secure services or updating programs. A major part of good security is being able to think like a cracker, and this book does a great job of describing the cracker mindset.

Admittedly, at times the book reads like a cookbook for crackers, but that's as good a way as any to get into the mindset of a cracker. The book provides a good overall understanding of Linux security and ways to abuse it. Users who want a step-by-step approach to security will be disappointed, however.

I liked the chapter on "Access Control and Firewalls," and was glad to see that the authors covered iptables as well as ipchains, because many new Linux users in the coming months may never use a 2.2.x-based kernel. The chapter isn't comprehensive; you could write an entire book on using just iptables if you wanted to cover every possible permutation, but the chapter is a good introduction.

A lot of folks think that if they have secure passwords and lock-down services, they should be fine. However, Hacking Linux Exposed details the physical attacks that someone can mount against a system, and how to defend against them. Admins who are defining security policies for their companies would do well to take the examples in this chapter into account. If a system isn't under lock and key, physical security is just as important as any other kind.

Appendix D covers case studies, which help to drive home exactly how all of this information comes together. They're also interesting to read in their own right, and add a human element to a subject that is usually very dry and too technical for the non-hardcore computer user.

Overall, this is a good book. It has a few flaws, but it also makes security a more accessible topic for beginners and non-gurus, and that's very welcome. Hardcore Linux users are probably already familiar with most of the topics covered in this book, but may enjoy it anyway. Linux home users and folks who are new to administering Linux systems should definitely add Hacking Linux Exposed to their collection. It is written in a style that's very easy to follow, and it's light on the jargon.