ebook img

Linux for hacking: install test and hack PDF

589 Pages·3.167 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Linux for hacking: install test and hack

Detailed and thorough, this guide demonstrates how to install Linux for the highest security and best performance, how to scan the network and encrypt the traffic, and how to monitor and log the system to detect security problems. Table of Contents Preface Chapter 1 Introduction Linux Installation and Initial Chapter 2 Configuration Chapter 3 Welcome to Linux! Chapter 4 Access Control Chapter 5 Administration Chapter 6 Samba Style Chapter 7 Web Server Chapter 8 Electronic Mail Chapter 9 Gateway to Internet Chapter 10- File Transfer Chapter 11- Network Addressing Chapter 12 - System Monitoring Chapter 13 - Backing Up and Restoring Data Chapter 14 - Advice from a Hacker Part 1 - Appendixes Appendix 1 - FTP Commands Appendix 2 - Useful Programs Appendix 3 - Internet Resources Conclusion List of Figures List of Tables List of Listings Overview This book is dev oted to exploring one of the most popular operating sy stems installed on serv ers: Linux. So f ar, this operating sy stem has not been as popular among home users as among prof essional administrators. There hav e been, howev er, dev elopments of late that make this sy stem likely to capture a good segment of the home-computer operating sy stem market. The operating sy stem is becoming easier to install all the time, and its graphical user interf ace and the ease of use of ten giv e the most popular operating sy stem among home users — Windows — a good run f or its money. This book will be of use to Linux administrators and to those Linux users who want to learn this operating sy stem in more detail. The discussion of the conf iguration and security issues will come in handy f or network security prof essionals, ev en those running other operating sy stems, because the larger part of the inf ormation is not tied to any specif ic operating sy stem. You will learn how hackers break into serv ers, and use the knowledge to prev ent them f rom breaking into y our serv er. Because some examples prov ided in the book can be used not only f or def ense but also f or of f ense, I would like to giv e f air warning to y oung aspiring hackers. Curiosity is a commendable quality, but remember that the law is ev er v igilant and alway s gets its man. If y ou get away with one break-in, next time y ou may not be so lucky and may hav e to spend some time in a company of unf ortunate specimens of humankind, where y our hacking skills will be of little use to y ou. Some material in the book is presented f rom the hacker's point of v iew and describes methods of breaking into computer sy stems. I hope that this inf ormation will not actually be put to use. But being somewhat skeptical of the av erage human integrity, I tried to place more emphasis on def ense against breaking in. I also lef t out some aspects and gav e only a general description of others in order not to lead y ou into the temptation of apply ing these methods in practice. You only need to spend a f ew minutes on programming or on Internet research to f inalize my thoughts. Although this book can serv e as a starting point f or learning break-in techniques, I hope y ou will not use the acquired knowledge maliciously. If common morality is not enough to keep y ou f rom stepping onto the slippery path of computer burglary, remember the legal ramif ications of y our actions. Any tool can be used f or both usef ul and destructiv e purposes. A simple kitchen knif e is a good example. It can be used as intended f or its kitchen chores or as a def ensiv e or killing weapon. Likewise, the hacker techniques discussed in this book can be used f or ev ery day operating sy stem maintenance as well as f or def ending against or perpetrating computer sy stem break-ins. I hope that y ou will not use the acquired knowledge f or destructiv e purposes, which will not add to y our good name. As f or cracker notoriety, why do y ou need it? You will be better of f directing y our ef f orts toward constructiv e pursuits. Despite the obv ious striv ings by Linux to become an ev ery day home computer operating sy stem, it is still quite dif f icult to conf igure and contains lots of options that most people simply do not need. "Security " is a misnomer when ref erring to a Linux sy stem operated with its def ault conf iguration settings. But no operating sy stem running at the def ault conf iguration settings can work reliably and be maximally secure. Sof tware dev elopers cannot possibly know each user's indiv idual needs and striv e to make the sof tware work on any hardware conf iguration. To achiev e this, they hav e to build many extraneous capabilities into their product. It just happens that being a Linux administrator requires more knowledge and experience than being a Windows administrator. This is because Linux is more complex to conf igure. In this book, I try to explain this operating sy stem in the most understandable terms; moreov er, I try to do this f rom the hacker's point of v iew. "What exactly is the hacker's point of v iew?" my readers of ten ask. To answer this question, y ou should hav e a clear idea of what a hacker is and what he or she sees in an operating sy stem. When I am asked how I understand what a hacker is, I answer with the f ollowing example: If y ou can install an operating sy stem and get it working, then y ou are an administrator. But if y ou hav e tuned it up f or maximum perf ormance and security, than y ou are a hacker. Being a hacker means being able to create something better than others can, to make this something f aster, more conv enient, and more secure. This is what the Linux operating sy stem is, which was created by hackers f or the whole world to use. This book considers the operating sy stem starting f rom the basics and proceeding to the most complex manipulations with the sy stem. The material is presented in language simple and comprehensible to ev ery one. This will make it possible f or y ou to acquire essential Linux knowledge without hav ing to use any supplementary literature, because y ou will learn all the necessary inf ormation f rom one source. For more detailed inf ormation, y ou can take adv antage of the man, info, and help f iles supplied with the operating sy stem. This book is dif f erent f rom other books on the subject in that the security and perf ormance are considered not in separate chapters at the end of the book — doing this would be a big mistake — but throughout the book as may be necessary. If a person acquires unproductiv e habits of working with the sy stem, two chapters at the end of the book as an af terthought will not break these wrong habits to teach the right ones. This is why the perf ormance and security of each area considered will be discussed immediately without putting it of f until the end of the book. You can alway s f ind instructions on how to simply use or ev en administer Linux on the Internet or in the sof tware manuals. But inf ormation on how to use the operating sy stem ef f ectiv ely is more dif f icult to come by and is usually gained in pieces f rom v arious sources, which makes it dif f icult to f use this inf ormation into a solid body of knowledge. True security cannot be based on piecemeal inf ormation. Ov erlooking a single, seemingly triv ial thing can leav e y our computer v ulnerable to a break-in. (For supplementary inf ormation on computer and network security, I recommend reading another of my books,Hackish PC, which prov ides a good deal of general inf ormation concerning computer and network protection.) Although this book deals mostly with the security of the Linux operating sy stem, many of the questions considered can also be of use when building a secure Linux serv er. Windows security prof essionals can also deriv e benef its f rom the book's inf ormation. The subject of v iruses is not treated in the book, because currently the activ ity of Linux operating sy stem v iruses is minimal, which is not to say that there is no such threat. Howev er small it may be, it alway s exists; but protecting against v iruses is similar to protecting against Trojans, of which there are quite a f ew of the Linux v ariety. You can obtain more inf ormation about v irus attacks and protection against them in the already -mentioned Hackish PCbook of my authorship. So, start discov ering Linux. I am certain that y ou will see this operating sy stem in an entirely dif f erent light and learn many new and interesting things. Chapter 1: Introduction Overview Once I showed a Windows administrator how to install and work with Linux. He liked the installation process, because it was easy in the latest v ersions of the operating sy stem. But when we installed and decided to conf igure the Samba serv er, there was a f lood of questions of the ty pe, "Why does Samba hav e to be conf igured? Why can't I just be granted access automatically ?" The truth is, Windows administrators are lazy and are used to the operating sy stem doing ev ery thing f or them. But when their sy stem is broken into, there ensues another f lood of questions, this time of a dif f erent ty pe: "Why didn't Microsof t prov ide the tools to disable certain operations?" As f ar as users are concerned, once the Linux operating sy stem is installed, it does not require any additional custom conf iguring. You can start working with any of f ice sof tware and user utilities right away. But network utilities and serv er programs will not work automatically and require more complex conf iguring. Practically all operations that can produce undesired results or f acilitate intrusions ov er the network are disabled. The operations are enabled by editing the conf iguration f iles or using specialized utilities. The conf iguration process is rather cumbersome because editing conf iguration f iles is awkward and most conf iguration utilities hav e the command line interf ace. One of the Windows administrators I know gav e the f ollowing appraisal of Linux based on the complexity of its conf iguration process: Linux was inv ented by those administrators who hav e nothing to do at work so that they could f ool around with the conf iguration f iles. A week later, the same acquaintance was setting up the Internet Inf ormation Serv er (IIS) serv ice on a serv er running under Windows Serv er 2003. His appraisal of this serv ice was the same as f or Linux, because by def ault the IIS v ersion supplied with Windows Serv er 2003 has all its serv ices disabled and bef ore y ou can run the serv er y ou hav e to clearly specif y what should work and what should not. Microsof t started designing its operating sy stems with ease of operation as the f oremost goal so that a program installed on the earlier operating sy stems would work right away without requiring any additional adjustments. With each passing y ear, Windows security is improv ing, but at the expense of most f unctions that make the sy stem easy to use being disabled by def ault. It is the other way around with Linux. At the inception, it was dev eloped with the security of the sy stem as the f oremost concern of its designers. Now, howev er, this concern has become the secondary priority, with ease of use mov ing up. It is rather rough going, because making a sy stem conv enient to use detracts f rom its security and, on the contrary, making a sy stem more secure makes lif e harder f or the users. So manuf acturers hav e to f ind some reasonable compromise between these two requirements. 1.1. Hacker Attacks Bef ore starting to explore Linux and its security sy stem, y ou hav e to know how hackers can penetrate computer sy stems. To protect the sy stem ef f ectiv ely, y ou hav e to be f amiliar with the possible way s hackers can use to break into it. To this ef f ect, take a brief look at the break-in process. You must know what hackers think, what f ood they eat, and what air they breathe. Only in this way can y ou build an impenetrable f irewall f or y our serv er or network. It is impossible to prov ide a general f ormula that can be used f or all breakins. Each case is dif f erent and requires an indiv idual, creativ e approach that depends on the sy stem and its security conf igurations. Computer sy stems are most compromised by hackers taking adv antage of the sof tware errors, and each administrator can hav e dif f erent sof tware on his or her network. Why do attacks on computers continue to increase with each passing y ear? The inf ormation about the security holes and v ulnerabilities in computer sy stems used to be stored on Bulletin Board Sy stems (BBSs) and only a f ew people with special priv ileges had access to it. So it was these hackers who carried out attacks with impunity, because their lev el of education and experience was high. The hacker elite consisted mostly of honest people who conducted their research in the security area with the goal of improv ing this security, not compromising it. The way things stand now, any inf ormation about v ulnerabilities — holes, bugs, and so on — can be f ound in any corner of the Internet. Now any one can be a hacker. The f reedom-of -inf ormation f ighters are to blame: How this came to be? Unlimited f reedom alway s leads to destruction in the end. I guess that the urge to destroy is in the blood of all of us. Most of us suppress this, just like we do many other primitiv e desires, but some giv e in and use the publicly av ailable inf ormation to become crackers. When breaking into a sy stem, hackers pursue one or a combination of the f ollowing goals: Obtaining information. The sy stem is broken into to obtain inf ormation that is not av ailable to the common public. Such break-ins are usually directed at stealing business or f inancial secrets, sof tware source codes, conf idential data, and so on. They are usually carried out by prof essional hackers f ulf illing an order or f or personal gain. Modifying or destroying data . All Internet or intranet serv ers are susceptible to this ty pe of attack. They can be carried out not only by prof essional hackers but also by amateurs, including disgruntled employ ees. Denial of Service (DoS). The purpose of the attack is to render the serv er's serv ice unav ailable without actually destroy ing any data. These attacks are mainly carried out by amateurs whose only goal is to do damage. Zombification . This ty pe of attack has become quite common of late. The purpose of the attack is to put the serv er under the hacker's control (in the parlance, to turn it into a zombie) and use it to attack other serv ers. For example, carry ing out a DoS attack most of ten requires powerf ul resources (a powerf ul processor, broad-bandwidth Internet access, etc.), which are generally not av ailable on home computers. To carry out such an attack, a hacker f irst takes ov er a poorly protected Internet serv er that has the necessary resources and then uses it to carry out the attack itself . Attacks can be classif ied into the f ollowing three groups, based on the manner, in which they are executed: Local attacks . These attacks are executed by an intruder with phy sical access to the computer being broken into. This sort of attack is not dif f icult to protect against because all that is necessary is to restrict phy sical access to the serv er by, f or example, placing it in a limited-access room and guarding it. Remote attacks . These are carried out remotely v ia networks f rom a phy sical location other than where the computer being broken into is located. This ty pe of attack is the most dif f icult to protect against. Ev en the installation of the best f irewalls and monitoring and logging sof tware cannot guarantee complete security. Proof of this can be seen in the many break-ins suf f ered by some of the world's most protected Internet serv ers (Yahoo, Microsof t, NASA, etc.). Remote attacks carried out by users of the local network . Yes, not only bad dudes somewhere on the Internet can be hackers but also the guy next cubicle who may try to break into y our computer f or f un, prof it, or rev enge. When designing y our def enses, y ou must understand the techniques used by hackers to break into computers. Only then will y ou be able to prev ent unwanted intrusions and protect y our computers. Consider the main attack techniques used by hackers and how they are used. To help y ou understand the process better, I will look at them f rom the standpoint of the perpetrator. I will not consider social engineering. This subject is worth a separate book, and it makes no sense to only touch on the topic. 1.1.1. Research Suppose that y ou want to break into a certain serv er to test how well it is protected. What should y ou start with? There is no clear-cut answer to this question. Again, any break-in is a creativ e process and requires an indiv idual, creativ e approach. There are no set rules or ready -made templates. Howev er, a f ew practical recommendations f or y ou to f ollow can be prov ided. Scanning The f irst thing to do is test the sy stem's v ulnerability by scanning its ports. What f or? To f ind out what serv ices (in Linux, daemons) are installed in the sy stem. Each open port is a serv ice program installed on the serv er, to which y ou can connect and make it do certain things f or y ou. For example, port 21 is used by the File Transf er Protocol (FTP) serv ice. If y ou connect to this port, y ou will be able to download f iles f rom and upload f iles to the serv er. You will hav e to hav e the corresponding priv ileges, howev er, to be able to do this. First, y ou need to scan the f irst 1,024 ports. Many of them are used by standard serv ices such as FTP, Hy perText Transf er Protocol (HTTP), and Telnet. An open port is just like a locked entrance door to the serv er. The more entrances of this ty pe there are, the greater the chances that the lock f or one of them will succumb to picking and swing open to let y ou in. A good administrator leav es only the most necessary ports open. For example, if y our serv er is used only to serv e Web pages but not email, there is no need to keep the mail serv ers open. The only port that a Web serv er needs is port 80, so only it should be lef t open. A good port scanner reports not only the open-port number but also the names of the serv ice using them. Unf ortunately, the serv ice name is not real; it is only the name of the serv er installed on the port. Thus, the name of port 80 will be giv en as HTTP. It is desirable that the scanner could sav e the scanning results to a f ile and ev en print them out. If y our scanner does not hav e these f eatures, y ou will hav e to write down all the inf ormation y ourself and sav e it. You will need this inf ormation f or y our f uture exploits. Af ter scanning the f irst 1,024 ports, y ou can mov e on to scanning the rest. Standard serv ices are a rare occurrence in this port range. Why bother scanning them then? Well, there is alway s a chance that someone has already v isited this area and lef t an open door or installed a Trojan horse on the serv

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.