Hatch B., Lee J., Kurtz G. — Hacking linux exposed: linux security secrets & solutions :: Электронная библиотека попечительского совета мехмата МГУ

Главная Ex Libris Книги Журналы Статьи Серии Каталог Wanted Загрузка ХудЛит Справка Поиск по индексам Поиск Форум

Авторизация

Поиск по указателям

Hatch B., Lee J., Kurtz G. — Hacking linux exposed: linux security secrets & solutions

Обсудите книгу на научном форуме

Нашли опечатку?
Выделите ее мышкой и нажмите Ctrl+Enter

Название: Hacking linux exposed: linux security secrets & solutions

Авторы: Hatch B., Lee J., Kurtz G.

Аннотация:

If you have a vulnerable computer attached to the BIG BAD INTERNET, sooner or later your box will be compromised. Notice I prefer the term compromised to hacked. Hacking is a benign activity. You hack out of curiosity and [hopefully] with prior permission. Can this be done? Can I get into this box? How is he trying to keep me out? What stone has he left unturned? Woops: He has a bulletproof firewall but he left this one vulnerable cgi script in his httpd directory: HA! I'M IN! At that point the correct thing to do is to stop and notify the hackee. But once a hacker gets in, (especially if he is there without permission) the temptation to quietly mess around and cover his guilty tracks is usually overwhelming. Then it has gone from hacking to compromising someone else's box.

Язык:

Рубрика: Технология/

Статус предметного указателя: Готов указатель с номерами страниц

ed2k: ed2k stats

Год издания: 2001

Количество страниц: 566

Добавлена в каталог: 02.12.2005

Операции: Положить на полку | Скопировать ссылку для форума | Скопировать ID

Предметный указатель

"Ping of Death" attack      236—237
"The Cathedral and the Bazaar"      5—6
# (number sign)      208 465
* (asterisk)      441
-DPARANOID option      470
-L option      10
. (period symbol)      251—252 466 467
.cgi extension      431
.htaccess files      321 434—435
.htpasswd file      321
.netrc file      253—254
.rhosts file      324 325 327—328
/etc/dfs/dfstab file      187
/etc/exports file      186—187 319
/etc/group file      9—10 320
/etc/hosts.allow file      109 316—317 324 465 466
/etc/hosts.deny file      109 317 465
/etc/inetd.conf file      57 207—208 330—332 460—465
/etc/issue file      102
/etc/lilo.conf file      164 167 168 172
/etc/passwd file      284—292
/etc/passwd file, "Double-Dot" issue      425
/etc/passwd file, checking integrity of      301—302
/etc/passwd file, described      253
/etc/passwd file, overview      7—8
/etc/passwd file, PAM and      305
/etc/passwd file, password shadowing and      299—302
/etc/passwd file, security and      7—8 320
/etc/passwd file, Sudo tool and      262—263
/etc/profile file      18—19
/etc/rc#.d directories      48
/etc/rc#.d directory      503 506—508
/etc/rc.config file      319
/etc/red directory      319
/etc/red scripts      281—282
/etc/security/limits.conf file      19
/etc/sendmail.cf file      102—103
/etc/shadow file      253 299—305 320—322
/etc/sshd_config file      327—328
/etc/syslog.conf file      37—39
/etc/xinetd.conf file      462—464
/home filesystem      113
/proc filesystem      34
/tmp directory      34
@ (at sign)      467
@loghost target      38
Access agent      370
Access control lists (ACLs)      214—215
AccessFileName directive      434
ACK flag      182
ACK packets      223
ACK scans      96
ACK storms      223
ACLs (access control lists)      214—215
Active stack fingerprinting      103—106
AddHandler directive      431—432 437
Address Resolution Protocol      See "ARP"
Advanced Intrusion Detection Environment (AIDE)      52—59
Advanced Package Tool (APT)      496—498
AFS (Andrew File system)      111 113—114 240
Aftpd FTP server      414
AIDE (Advanced Intrusion Detection Environment)      52—59
Aliases      8
Allow transfer statement      85—86
AllowOverride directive      434
America Online (AOL)      456
Andrew File System (AFS)      111 113—114 240
anlpasswd program      311
Anonymous ftp      254 395 413—414
AOL server      456
Apache web server      425—439
Apache web server, CGI and      431—434
Apache web server, configuration of      427—439
Apache web server, directories on      428—432
Apache web server, features      425—426
Apache web server, open source and      5
Apache web server, password files      303—304
Apache web server, proxying      439
Apache web server, security and      426
Apache web server, symbolic links and      427—428
APOP authentication      391
APPEND access      35
Application layer protocols      183—184
applications      See "Programs"
APT (Advanced Package Tool)      496—498
apt-get program      497—498
ARP (Address Resolution Protocol)      221—226
ARP spoofing      221—226
ARP tables      221—223
Arpspoof program      226 227
asterisk (*)      441
at sign (@)      467
Atomic functions      272 274
Authentication, host-based      316—323
Authentication, modem connections      185
Authentication, PAM      304—305 345—347
authentication, POP3      255—256
Authentication, Popauth      255—256
Authentication, privileged ports      21
Authentication, rules      344—345
Authorized_keys files      328 329
awk-httpd server      456
back doors      344—351
Back doors, authentication rules      344—345
Back doors, CGIs      350—351
Back doors, IRC      152—153
Back doors, local setXid programs      348—349
Back doors, network access restrictions      344
Back doors, network daemon modifications      347—348
Back doors, network services      344
Back doors, PAM libraries      345—347
backbone routers      219
backslash (\)      450 465
Backticks      454—455
Backups      63 162
Bandwidth      88 89
Banners, FTP      396—398
Banners, mail server      374—376
Banners, network      102—103
Banners, sendmail      102
Banners, SMTP      375 376
Banners, telnet      102
Banners, wu-ftpd      396—398
bash (Bourne Again Shell)      8
bash-httpd server      456
Bastille utility      32—33
Battery, computer      166
Berkeley Internet Name Domain      See "BIND"
BestCrypt filesystem      173
BGP (Border Gateway Protocol)      217 219
Binaries, setuserid      270
Binaries, smrsh      380
Binaries, trojaned      138 139 338 350—351
BIND server      81
BIND, cache poisoning      212—216
BIND, described      81
BIND, DNS and      81 212
BIND, versions      81
BIND, zone transfers and      84—86
BIOS C-MOS memory      166
BIOS settings      165—167
Blackholes      66 383
Body, packet      477
Boot access      163—173
boot devices      164—165
Boot disks, precautions      164—165 171—172
Boot disks, starting computer with      62 171—172
boot loader      167
Border Gateway Protocol (BGP)      217 219
Bourne Again Shell (bash)      8

Bourne shell      8
Brute-force attacks, described      187—188
Brute-force attacks, Netscape browsers and      187—188
Brute-force attacks, passwords      187 197 289 290 298 311
Brute-force attacks, tools for      197
Brute-force attacks, wardialers      185—186
BSD checksum      141—143
buffer overflows      265—267
Buffer overflows in services      200—201
Buffer overflows, described      199—200
Buffer overflows, scripts for      146—147 201—202
Bugs      420
Bugtraq mailing list      71 510
C shell (csh)      8
C string functions      199
C-MOS memory      166
Cache files      212—216
Case studies, extended      513—541
CD-ROMs, removing drives      165 166
CD-ROMs, running programs from      51
CD-ROMs, starting computer with      62 164—165
CD-ROMs, system tools on      351
Certificate authority      232
CFS filesystem      173
CGI (Common Gateway Interface)      439—456
CGI (Common Gateway Interface), Apache web server and      431—434
CGI (Common Gateway Interface), back-door CGIs      350—351
CGI (Common Gateway Interface), execution based on file name      431—432 437
CGI (Common Gateway Interface), insecure configurations      431—434
CGI (Common Gateway Interface), older versions of      432—433
CGI forms, cookies and      448—449
CGI forms, data length      446—447
CGI forms, hidden fields      444—446
CGI forms, missing fields in      442—444
CGI forms, null characters      450—451
CGI forms, pipes      452—455
CGI forms, preprocessing of data      451—452
CGI forms, referer headers      447—448
CGI forms, system calls      452—455
CGI programs, cookies      444 448—449
CGI programs, downloadable      440—442
CGI programs, execution of      431—432 443
CGI programs, filename characters and      449—451
CGI programs, form fields and      442—444
CGI programs, GET method      443
CGI programs, hidden fields      444—488
CGI programs, insecure      442—456
CGI programs, JavaScript preprocessing      451—452
CGI programs, operating system calls      452—455
CGI programs, Perl code problems      443—444
CGI programs, post connections      443
CGI programs, pre-shipped      440—442
CGI programs, problems with      439—456
CGI programs, referer headers      447—448
CGI programs, running as different users      433—434
CGI programs, shipped with web servers      440—442
CGI programs, telnet connections      443
CGI programs, user input and      446—447
CGI programs, web farms      455—456
CGI scanners      440
CGI scripts      440—442
CGI scripts, attacking      531—534
CGI scripts, downloadable      440—442
CGI scripts, pre-shipped      440—442
CGI scripts, running as different users      433—434
CGI scripts, searching for      531
chage command      302—303 311—312
Channels      391—392
Chargen service      202—203 233
Chassis locks      166
chattr +i command      282 351
chattr +i databasename command      51
chattr command      16—17 173
Checkpoint      486
checksums      49—50
Checksums, algorithms      56—57
Checksums, BSD checksum      141—143
Checksums, comparing      141—142
Checksums, CRC checksums      54
Checksums, CRC32 checksum      56
Checksums, cryptographic checksum      141—144
Checksums, described      47
Checksums, file checksum      141—142
Checksums, MD5 checksum      47 56 141 143
Checksums, System V checksum      141—143
Checksums, verifying      63
chkconfig program      504—505
chklastlog program      61
Chkrootkit      365
chkwtmp program      61
chmod command      12—13 263
chown command      264 278
chown() system call      278
chroot jails      139
Cisco Pix packet filter      486
Cisco routers      218
Cisco switches      523—525
Cleartext, email      387—389
Cleartext, FTP protocol      394-395
Cleartext, passwords      253—256 389—391 394—395
Cleartext, SMTP      387—389
Cleartext, usernames      394—395
Clients, FTP client      412—413
Clients, IRC client      152
Clients, netcat client      537—538
Clients, rsh client      21
Clients, SSH client      21 228—229
Clients, telnet client      184
Clients, Xftp FTP client      405 407
COAST project      51—52
Coda      240
Code on FTP sites      139—140
Code, comparing versions      140—141
Code, Linux kernel      359
code, Perl      443—444 447
Code, reviewing      140—141
Code, Trojaned      138—144
command lines      256—257
commands, chage      302—303 311—312
Commands, chattr      16—17 173
Commands, chattr +i      282 351
Commands, chattr +i databasename      51
commands, chmod      12—13 263
commands, chown      264 278
Commands, command lines      256—257
Commands, cpio      264
Commands, dpkg      495—497
Commands, edquota      17
Commands, EXPN      377 379
Commands, find      25 410
Commands, gpasswd      303
Commands, groupadd      303
Commands, groupdel      303
Commands, groupmod      303
Commands, host      82—86
Commands, htpasswd      304
Commands, ifconfig      27—28
Commands, killall      20—21
Commands, LIST      398—399 408
commands, ls      10 251 393
Commands, lsattr      16—17
Commands, lsmod      352—353
commands, mkdir      273—274
commands, mount      186—187 264 269—270
commands, netstat      203—206
commands, passwd      260—261 303
Commands, PASV      394 399 401—404
commands, ping      78
commands, port      398—401 408 409 412
commands, ps      319

1 2 3 4 5 6 7 8

О проекте