Hacking Exposed Linux, 2nd Edition [Paperback]

The book now appeals not only to Linux beginners, but for more advanced users and developers as well. It provides wonderfully detailed and correct technical descriptions, gives sounds and simple-to-use advice and entertains with great writing style and authors' sense of humor. The content of the book is also very current (late 2002). It shines brilliantly on the background of vaporous and unoriginal security books published today.

Wireless, physical attacks and social engineering are woven into the fabric of Linux security. There are fun descriptions for classic attacks, which provide worthwhile reading even for people who already know them. Attacks against network clients sections is especially interesting as those attacks were used in some recent high -profile penetrations.

Kernel security (including capabilities) gets the coverage it deserves. An entire loadable kernel module (LKM) code is included. Several common malicious LKMs are analyzed in the book. In addition, the authors show how attackers can easily modify the Linux kernel itself to hide programs and get extra privileges.

A nice summary of attack methods against many network protocols is very useful as a reference. For example, many attacks against FTP are described analyzed and practical protection techniques are outlined. Description of security of various mail servers is detailed and comprehensive. I also liked the well-supported argument of DJBDNS vs BIND.

An overview of classic backdoor methods is similarly useful. Crontab backdoors, .forward abuse and other techniques are all in the book. Also, a well-written overview of CGI abuses that delves into the realm of security programming is provided.

Another advantage is that authors uncovered many great little known security tools for Linux and provided useful descriptions for their use. Overall, tool descriptions are kept to a reasonable size, add value to the tool included documentation and give pointers to learn more by using them.

Book appendices contain a fun case study, and a great section on "Discovering and Recovering from Attacks". Be sure to read the appendix and keep the book handy as a reference.

Overall, the book is necessary tool for security professionals and others dealing with Linux security. I suspect that even the most advanced Linux security experts will pick up a thing or two from the book. The book's information delivery is flawless.

Anton Chuvakin, Ph.D., GCIA is a Senior Security Analyst with a major information security company. His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal info-secure.org

The authors share many novel ways to abuse Linux systems, but counter those exploits with little-known features or third-party tools. I never knew I could use bash's HISTCONTROL feature to selectively remove entries from shell history files. HE:L2E goes the extra mile to help secure your system, such as including sample C code in ch. 13 to allow one to compile TCP Wrappers support into one's own programs. Other clear, concise defensive measures were introduced in excellent chapters on keeping the kernel and packages current (appendix B) and pro-active security measures (ch. 2). The last appendix gives a short yet powerful description of the damage an intruder can perform, showing how he hid unauthorized programs and how those programs were discovered.

If you use Linux, you'll find HE:L2E indispensable. I even applied many of the tools and techniques to my FreeBSD system, showing that that good security advice can be a cross-platform endeavor.