Table Of ContentDetailed and thorough, this guide demonstrates how to install
Linux for the highest security and best performance, how to
scan the network and encrypt the traffic, and how to monitor
and log the system to detect security problems.
Table of Contents
Preface Chapter 1 Introduction Linux Installation and
Initial
Chapter 2 Configuration
Chapter 3 Welcome to Linux! Chapter 4 Access Control
Chapter 5 Administration Chapter 6 Samba Style Chapter 7
Web Server Chapter 8 Electronic Mail Chapter 9 Gateway to
Internet Chapter 10- File Transfer Chapter 11- Network
Addressing Chapter 12 - System Monitoring Chapter 13 -
Backing Up and Restoring Data Chapter 14 - Advice from a
Hacker
Part 1 - Appendixes
Appendix 1 - FTP Commands Appendix 2 - Useful Programs
Appendix 3 - Internet Resources Conclusion List of Figures
List of Tables List of Listings
Overview
This book is dev oted to exploring one of the most popular operating sy stems
installed on serv ers: Linux. So f ar, this operating sy stem has not been as
popular among home users as among prof essional administrators. There hav
e been, howev er, dev elopments of late that make this sy stem likely to
capture a good segment of the home-computer operating sy stem market. The
operating sy stem is becoming easier to install all the time, and its graphical
user interf ace and the ease of use of ten giv e the most popular operating sy
stem among home users — Windows — a good run f or its money.
This book will be of use to Linux administrators and to those Linux users
who want to learn this operating sy stem in more detail. The discussion of the
conf iguration and security issues will come in handy f or network security
prof essionals, ev en those running other operating sy stems, because the
larger part of the inf ormation is not tied to any specif ic operating sy stem.
You will learn how hackers break into serv ers, and use the knowledge to
prev ent them f rom breaking into y our serv er. Because some examples prov
ided in the book can be used not only f or def ense but also f or of f ense, I
would like to giv e f air warning to y oung aspiring hackers. Curiosity is a
commendable quality, but remember that the law is ev er v igilant and alway
s gets its man. If y ou get away with one break-in, next time y ou may not be
so lucky and may hav e to spend some time in a company of unf ortunate
specimens of humankind, where y our hacking skills will be of little use to y
ou.
Some material in the book is presented f rom the hacker's point of v iew and
describes methods of breaking into computer sy stems. I hope that this inf
ormation will not actually be put to use. But being somewhat skeptical of the
av erage human integrity, I tried to place more emphasis on def ense against
breaking in. I also lef t out some aspects and gav e only a general description
of others in order not to lead y ou into the temptation of apply ing these
methods in practice.
You only need to spend a f ew minutes on programming or on Internet
research to f inalize my thoughts. Although this book can serv e as a starting
point f or learning break-in techniques, I hope y ou will not use the acquired
knowledge maliciously. If common morality is not enough to keep y ou f rom
stepping onto the slippery path of computer burglary, remember the legal
ramif ications of y our actions.
Any tool can be used f or both usef ul and destructiv e purposes. A simple
kitchen knif e is a good example. It can be used as intended f or its kitchen
chores or as a def ensiv e or killing weapon. Likewise, the hacker techniques
discussed in this book can be used f or ev ery day operating sy stem
maintenance as well as f or def ending against or perpetrating computer sy
stem break-ins. I hope that y ou will not use the acquired knowledge f or
destructiv e purposes, which will not add to y our good name. As f or cracker
notoriety, why do y ou need it? You will be better of f directing y our ef f orts
toward constructiv e pursuits.
Despite the obv ious striv ings by Linux to become an ev ery day home
computer operating sy stem, it is still quite dif f icult to conf igure and
contains lots of options that most people simply do not need. "Security " is a
misnomer when ref erring to a Linux sy stem operated with its def ault conf
iguration settings. But no operating sy stem running at the def ault conf
iguration settings can work reliably and be maximally secure. Sof tware dev
elopers cannot possibly know each user's indiv idual needs and striv e to
make the sof tware work on any hardware conf iguration. To achiev e this,
they hav e to build many extraneous capabilities into their product.
It just happens that being a Linux administrator requires more knowledge and
experience than being a Windows administrator. This is because Linux is
more complex to conf igure. In this book, I try to explain this operating sy
stem in the most understandable terms; moreov er, I try to do this f rom the
hacker's point of v iew.
"What exactly is the hacker's point of v iew?" my readers of ten ask. To
answer this question, y ou should hav e a clear idea of what a hacker is and
what he or she sees in an operating sy stem.
When I am asked how I understand what a hacker is, I answer with the f
ollowing example: If y ou can install an operating sy stem and get it working,
then y ou are an administrator. But if y ou hav e tuned it up f or maximum
perf ormance and security, than y ou are a hacker. Being a hacker means
being able to create something better than others can, to make this something
f aster, more conv enient, and more secure. This is what the Linux operating
sy stem is, which was created by hackers f or the whole world to use.
This book considers the operating sy stem starting f rom the basics and
proceeding to the most complex manipulations with the sy stem. The material
is presented in language simple and comprehensible to ev ery one. This will
make it possible f or y ou to acquire essential Linux knowledge without hav
ing to use any supplementary literature, because y ou will learn all the
necessary inf ormation f rom one source. For more detailed inf ormation, y ou
can take adv antage of the man, info, and help f iles supplied with the
operating sy stem.
This book is dif f erent f rom other books on the subject in that the security
and perf ormance are considered not in separate chapters at the end of the
book — doing this would be a big mistake — but throughout the book as may
be necessary. If a person acquires unproductiv e habits of working with the sy
stem, two chapters at the end of the book as an af terthought will not break
these wrong habits to teach the right ones. This is why the perf ormance and
security of each area considered will be discussed immediately without
putting it of f until the end of the book.
You can alway s f ind instructions on how to simply use or ev en administer
Linux on the Internet or in the sof tware manuals. But inf ormation on how to
use the operating sy stem ef f ectiv ely is more dif f icult to come by and is
usually gained in pieces f rom v arious sources, which makes it dif f icult to f
use this inf ormation into a solid body of knowledge. True security cannot be
based on piecemeal inf ormation. Ov erlooking a single, seemingly triv ial
thing can leav e y our computer v ulnerable to a break-in.
(For supplementary inf ormation on computer and network security, I
recommend reading another of my books,Hackish PC, which prov ides a
good deal of general inf ormation concerning computer and network
protection.) Although this book deals mostly with the security of the Linux
operating sy stem, many of the questions considered can also be of use when
building a secure Linux serv er. Windows security prof essionals can also
deriv e benef its f rom the book's inf ormation.
The subject of v iruses is not treated in the book, because currently the activ
ity of Linux operating sy stem v iruses is minimal, which is not to say that
there is no such threat. Howev er small it may be, it alway s exists; but
protecting against v iruses is similar to protecting against Trojans, of which
there are quite a f ew of the Linux v ariety. You can obtain more inf ormation
about v irus attacks and protection against them in the already -mentioned
Hackish PCbook of my authorship.
So, start discov ering Linux. I am certain that y ou will see this operating sy
stem in an entirely dif f erent light and learn many new and interesting things.
Chapter 1: Introduction
Overview
Once I showed a Windows administrator how to install and work with Linux.
He liked the installation process, because it was easy in the latest v ersions of
the operating sy stem. But when we installed and decided to conf igure the
Samba serv er, there was a f lood of questions of the ty pe, "Why does Samba
hav e to be conf igured? Why can't I just be granted access automatically ?"
The truth is, Windows administrators are lazy and are used to the operating
sy stem doing ev ery thing f or them. But when their sy stem is broken into,
there ensues another f lood of questions, this time of a dif f erent ty pe: "Why
didn't Microsof t prov ide the tools to disable certain operations?"
As f ar as users are concerned, once the Linux operating sy stem is installed,
it does not require any additional custom conf iguring. You can start working
with any of f ice sof tware and user utilities right away. But network utilities
and serv er programs will not work automatically and require more complex
conf iguring. Practically all operations that can produce undesired results or f
acilitate intrusions ov er the network are disabled. The operations are enabled
by editing the conf iguration f iles or using specialized utilities. The conf
iguration process is rather cumbersome because editing conf iguration f iles is
awkward and most conf iguration utilities hav e the command line interf ace.
One of the Windows administrators I know gav e the f ollowing appraisal of
Linux based on the complexity of its conf iguration process: Linux was inv
ented by those administrators who hav e nothing to do at work so that they
could f ool around with the conf iguration f iles. A week later, the same
acquaintance was setting up the Internet Inf ormation Serv er (IIS) serv ice on
a serv er running under Windows Serv er 2003. His appraisal of this serv ice
was the same as f or Linux, because by def ault the IIS v ersion supplied with
Windows Serv er 2003 has all its serv ices disabled and bef ore y ou can run
the serv er y ou hav e to clearly specif y what should work and what should
not.
Microsof t started designing its operating sy stems with ease of operation as
the f oremost goal so that a program installed on the earlier operating sy
stems would work right away without requiring any additional adjustments.
With each passing y ear, Windows security is improv ing, but at the expense
of most f unctions that make the sy stem easy to use being disabled by def
ault. It is the other way around with Linux. At the inception, it was dev
eloped with the security of the sy stem as the f oremost concern of its
designers. Now, howev er, this concern has become the secondary priority,
with ease of use mov ing up.
It is rather rough going, because making a sy stem conv enient to use detracts
f rom its security and, on the contrary, making a sy stem more secure makes
lif e harder f or the users. So manuf acturers hav e to f ind some reasonable
compromise between these two requirements.
1.1. Hacker Attacks
Bef ore starting to explore Linux and its security sy stem, y ou hav e to know
how hackers can penetrate computer sy stems. To protect the sy stem ef f
ectiv ely, y ou hav e to be f amiliar with the possible way s hackers can use to
break into it. To this ef f ect, take a brief look at the break-in process. You
must know what hackers think, what f ood they eat, and what air they
breathe. Only in this way can y ou build an impenetrable f irewall f or y our
serv er or network.
It is impossible to prov ide a general f ormula that can be used f or all
breakins. Each case is dif f erent and requires an indiv idual, creativ e
approach that depends on the sy stem and its security conf igurations.
Computer sy stems are most compromised by hackers taking adv antage of
the sof tware errors, and each administrator can hav e dif f erent sof tware on
his or her network.
Why do attacks on computers continue to increase with each passing y ear?
The inf ormation about the security holes and v ulnerabilities in computer sy
stems used to be stored on Bulletin Board Sy stems (BBSs) and only a f ew
people with special priv ileges had access to it. So it was these hackers who
carried out attacks with impunity, because their lev el of education and
experience was high.
The hacker elite consisted mostly of honest people who conducted their
research in the security area with the goal of improv ing this security, not
compromising it.
The way things stand now, any inf ormation about v ulnerabilities — holes,
bugs, and so on — can be f ound in any corner of the Internet. Now any one
can be a hacker. The f reedom-of -inf ormation f ighters are to blame: How
this came to be? Unlimited f reedom alway s leads to destruction in the end. I
guess that the urge to destroy is in the blood of all of us. Most of us suppress
this, just like we do many other primitiv e desires, but some giv e in and use
the publicly av ailable inf ormation to become crackers.
When breaking into a sy stem, hackers pursue one or a combination of the f
ollowing goals:
Obtaining information. The sy stem is broken into to obtain inf ormation that
is not av ailable to the common public. Such break-ins are usually directed at
stealing business or f inancial secrets, sof tware source codes, conf idential
data, and so on. They are usually carried out by prof essional hackers f ulf
illing an order or f or personal gain.
Modifying or destroying data . All Internet or intranet serv ers are susceptible
to this ty pe of attack. They can be carried out not only by prof essional
hackers but also by amateurs, including disgruntled employ ees.
Denial of Service (DoS). The purpose of the attack is to render the serv er's
serv ice unav ailable without actually destroy ing any data. These attacks are
mainly carried out by amateurs whose only goal is to do damage.
Zombification . This ty pe of attack has become quite common of late. The
purpose of the attack is to put the serv er under the hacker's control (in the
parlance, to turn it into a zombie) and use it to attack other serv ers. For
example, carry ing out a DoS attack most of ten requires powerf ul resources
(a powerf ul processor, broad-bandwidth Internet access, etc.), which are
generally not av ailable on home computers. To carry out such an attack, a
hacker f irst takes ov er a poorly protected Internet serv er that has the
necessary resources and then uses it to carry out the attack itself .
Attacks can be classif ied into the f ollowing three groups, based on the
manner, in which they are executed:
Local attacks . These attacks are executed by an intruder with phy sical
access to the computer being broken into. This sort of attack is not dif f icult
to protect against because all that is necessary is to restrict phy sical access to
the serv er by, f or example, placing it in a limited-access room and guarding
it.
Remote attacks . These are carried out remotely v ia networks f rom a phy
sical location other than where the computer being broken into is located.
This ty pe of attack is the most dif f icult to protect against. Ev en the
installation of the best f irewalls and monitoring and logging sof tware cannot
guarantee complete security. Proof of this can be seen in the many break-ins
suf f ered by some of the world's most protected Internet serv ers (Yahoo,
Microsof t, NASA, etc.).
Remote attacks carried out by users of the local network . Yes, not only bad
dudes somewhere on the Internet can be hackers but also the guy next cubicle
who may try to break into y our computer f or f un, prof it, or rev enge.
When designing y our def enses, y ou must understand the techniques used
by hackers to break into computers. Only then will y ou be able to prev ent
unwanted intrusions and protect y our computers. Consider the main attack
techniques used by hackers and how they are used. To help y ou understand
the process better, I will look at them f rom the standpoint of the perpetrator.
I will not consider social engineering. This subject is worth a separate book,
and it makes no sense to only touch on the topic.
1.1.1. Research
Suppose that y ou want to break into a certain serv er to test how well it is
protected. What should y ou start with? There is no clear-cut answer to this
question. Again, any break-in is a creativ e process and requires an indiv
idual, creativ e approach. There are no set rules or ready -made templates.
Howev er, a f ew practical recommendations f or y ou to f ollow can be prov
ided.
Scanning
The f irst thing to do is test the sy stem's v ulnerability by scanning its ports.
What f or? To f ind out what serv ices (in Linux, daemons) are installed in the
sy stem. Each open port is a serv ice program installed on the serv er, to
which y ou can connect and make it do certain things f or y ou. For example,
port 21 is used by the File Transf er Protocol (FTP) serv ice. If y ou connect
to this port, y ou will be able to download f iles f rom and upload f iles to the
serv er. You will hav e to hav e the corresponding priv ileges, howev er, to be
able to do this.
First, y ou need to scan the f irst 1,024 ports. Many of them are used by
standard serv ices such as FTP, Hy perText Transf er Protocol (HTTP), and
Telnet. An open port is just like a locked entrance door to the serv er. The
more entrances of this ty pe there are, the greater the chances that the lock f
or one of them will succumb to picking and swing open to let y ou in.
A good administrator leav es only the most necessary ports open. For
example, if y our serv er is used only to serv e Web pages but not email, there
is no need to keep the mail serv ers open. The only port that a Web serv er
needs is port 80, so only it should be lef t open.
A good port scanner reports not only the open-port number but also the
names of the serv ice using them. Unf ortunately, the serv ice name is not
real; it is only the name of the serv er installed on the port. Thus, the name of
port 80 will be giv en as HTTP. It is desirable that the scanner could sav e the
scanning results to a f ile and ev en print them out. If y our scanner does not
hav e these f eatures, y ou will hav e to write down all the inf ormation y
ourself and sav e it. You will need this inf ormation f or y our f uture exploits.
Af ter scanning the f irst 1,024 ports, y ou can mov e on to scanning the rest.
Standard serv ices are a rare occurrence in this port range. Why bother
scanning them then? Well, there is alway s a chance that someone has already
v isited this area and lef t an open door or installed a Trojan horse on the serv
