Hatch B., Lee J., Kurtz G. — Hacking linux exposed: linux security secrets & solutions :: Электронная библиотека попечительского совета мехмата МГУ

Главная Ex Libris Книги Журналы Статьи Серии Каталог Wanted Загрузка ХудЛит Справка Поиск по индексам Поиск Форум

Авторизация

Поиск по указателям

Hatch B., Lee J., Kurtz G. — Hacking linux exposed: linux security secrets & solutions

Обсудите книгу на научном форуме

Нашли опечатку?
Выделите ее мышкой и нажмите Ctrl+Enter

Название: Hacking linux exposed: linux security secrets & solutions

Авторы: Hatch B., Lee J., Kurtz G.

Аннотация:

If you have a vulnerable computer attached to the BIG BAD INTERNET, sooner or later your box will be compromised. Notice I prefer the term compromised to hacked. Hacking is a benign activity. You hack out of curiosity and [hopefully] with prior permission. Can this be done? Can I get into this box? How is he trying to keep me out? What stone has he left unturned? Woops: He has a bulletproof firewall but he left this one vulnerable cgi script in his httpd directory: HA! I'M IN! At that point the correct thing to do is to stop and notify the hackee. But once a hacker gets in, (especially if he is there without permission) the temptation to quietly mess around and cover his guilty tracks is usually overwhelming. Then it has gone from hacking to compromising someone else's box.

Язык:

Рубрика: Технология/

Статус предметного указателя: Готов указатель с номерами страниц

ed2k: ed2k stats

Год издания: 2001

Количество страниц: 566

Добавлена в каталог: 02.12.2005

Операции: Положить на полку | Скопировать ссылку для форума | Скопировать ID

Предметный указатель

Commands, r- commands      239—241 323—326 327
Commands, rcp      323—324
Commands, RETR      409
Commands, rlogin      323—324
Commands, rpcinfo      108—109 319
commands, rpm      264 493—494
Commands, rsh      323—324
Commands, showmount      111—114
Commands, SMTP EXPN      377—379
Commands, SMTP VRFY      376—377
Commands, sulogin      168 169
commands, tar      264
Commands, teleinit      503
commands, top      293
commands, touch      46
commands, ulimit      18—19
Commands, umask      15
commands, USE      350
Commands, useradd      264 303
commands, userdel      303
Commands, usermod      303
Commands, VRFY      376—377
Commands, whois      73 516
Comments      7 208
Common Gateway Interface      See "CGI"
Common Vulnerabilities and Exposures (CVE) standard      120
Community strings      101 114 117
Compilation      100
Compilers      267
Computer Oracle and Password System (COPS) tool      25
Computer, dual-boot systems      163—164
Computer, locks for      166
Computer, starting with boot disk      62
conditional scripts      281—282
Configuration files      48 63
configuration, Apache web server      427—439
Configuration, default      186—190
configuration, files      48
Configuration, Netscape browser      187—188
configuration, networks      186—190
Configuration, Nmap utility      96—97
Configuration, operating systems      186—187
Configuration, syslogd      36—39
Configuration, xinetd      462—464
Connect scans      94
consoles      160—161
Cookies, CGI programs      444 448—449
Cookies, SSL and      449
Cookies, X session access and      189 190
COPS (Computer Oracle and Password System) tool      25
Coroners Toolkit      63
Courtney scan detector      30
cpio command      264
Crack program      290—294
cracking passwords      See "Passwords"
CRC checksums      54
CRC32 checksum      56
Cricket tool      236
Cronjob      39
crypt() passwords      290—291 298
crypt(3) function      287—288
cryptographic checksums      141—144
csh(C Shell)      8
CVE (Common Vulnerabilities and Exposures) standard      120
Daemon accounts      321
Data Encryption Standard      See "DES"
data, backing up      162
Data, encrypted      162 422—424
Data, hacking      5
Data, length of      446—447
Databases, Apache Web server and      303
Databases, checksum      49—50
Databases, encrypted      26
Databases, file integrity      53
Databases, immutable      51
Databases, information gathering and      137
Databases, passwords and      303
Databases, permissions      49—50
Databases, whois      73—77
Databases, whois.arin.net      76—77
datafiles      51
DDoS (Distributed Denial of Service) attacks      235—236
Debian Linux      495—198
Debian Package System      495—198
Decoy hosts      97
Deleting items, files      49
Deleting items, passwords      285
Deleting items, programs      49
denial-of-service (DoS) attacks      232—239
Denial-of-service (DoS) attacks, "Ping of Death" attack      236—237
Denial-of-service (DoS) attacks, automatic host rejection and      31
Denial-of-service (DoS) attacks, DDoS attacks      235—236
Denial-of-service (DoS) attacks, described      232
Denial-of-service (DoS) attacks, floods      232—236
Denial-of-service (DoS) attacks, ICMP floods      232—233
Denial-of-service (DoS) attacks, Klaxon ports and      29
Denial-of-service (DoS) attacks, mail bombs      384—386
Denial-of-service (DoS) attacks, PortSentry and      31
Denial-of-service (DoS) attacks, Scanlogd program and      30
Denial-of-service (DoS) attacks, services      202—204
Denial-of-service (DoS) attacks, Smurf attack      235
Denial-of-service (DoS) attacks, SYN flood attacks      237—239
Denial-of-service (DoS) attacks, TCP/IP attacks      236—239
Denial-of-service (DoS) attacks, Teardrop attack      237
Denial-of-service (DoS) attacks, UDP floods      233—234
deny access      35
DES (Data Encryption Standard)      287—289
DES (Data Encryption Standard), Apache authentication password file      303—304
DES (Data Encryption Standard), described      287
DES (Data Encryption Standard), passwords      307 313
devices, access      258—259
Devices, boot devices      164—165
Devices, group access      258—260
Devices, network devices      160 191—192
Devices, permissions      258—259
Devices, permissions and      258—259
DFS (Distributed File System)      114
Dial-up connections, passwords      255
Dial-up connections, protecting      185
Dial-up hacking      185—186
Dictionaries      291 298 299
dictionary attacks      289 290 299—301
Digest, MD5      445—446
Directories, /etc/rc#.d directory      503 506—508
Directories, Apache web server      428—432
Directories, changes to      50
Directories, conditional scripts and      282
Directories, hardlinks and      280
Directories, hiding      341—343
directories, home directory      7
Directories, monitoring      50
directories, permissions      10 13—16
Directories, restricting CGI access to      431
Directories, runlevel directories      503
Directories, sticky bits      13—14
Directories, suspicious      62
Directories, symbolic links and      428
Disclosure rules      65
Disks, hard disk      60 61
Disks, limiting disk space usage      17—18
disks, quotas      17—18
Distributed Denial of Service (DDoS) attacks      235—236
Distributed file system (DFS)      114
Distributed processes      293
DNS (domain nameserver), attacks      212—217
DNS (domain nameserver), countermeasures      84—87
DNS (domain nameserver), forged replies      226
DNS (domain nameserver), informational fields      82—84
DNS (domain nameserver), public information      137
DNS (domain nameserver), reverse entries      469—471

DNS (domain nameserver), security issues      81—87
DNS (domain nameserver), zone transfers      84—86
DNS lookups      82 469
DNS queries      82—87
DNS Security (DNSSEC)      88 217
DNS servers      84—86
DNS slaves      84 86
DNS spoofing      216—217
DNSSEC (DNS Security)      88 217
Dnsspoof program      216—217 226 227
Domain names, registration information      73—75
Domain names, whois queries      76—77
Domain nameserver      See "DNS"
Domains, enumeration      75—76
Domains, locking out hosts in      470—471
Domains, returning names of      76
Domains, transfer attempts      86
domains, trusted      470—471
DoS attacks      See "Denial-of-service (DoS) attacks"
dpkg commands      495—197
dpkg program      495—198
dsniff program      196 226—229
dual-boot systems      163—164
Dumpster diving      158—159
Dynamic passwords      185 199
Echo port      80
Echo port pings      78
Echo service, DoS attacks      202—203 233
Echo service, turning off      80
Editors, security and      261—263
edquota command      17
EGP (Extended Gateway Protocol)      219
egress filtering      242—243
Email as information gathering tool      137
Email, cleartext and      387—389
Email, Crack program      294
Email, denial-of-service attacks      384—386
Email, free accounts      73
Email, handling of      370
Email, John the Ripper program      297
Email, mail transfer agents      371—373
Email, mailbombing      384—386
Email, mailing lists      71—73
Email, newsgroups      71 73
Email, Postfix      See "Postfix"
Email, precautions      71—73
Email, qmail      See "Qmail"
Email, relaying      381—382
Email, resource restrictions      384—386
Email, security of      370—391
Email, sendmail      See "Sendmail"
Email, separate account for      73
Email, spamming      144 383—384
Email, Trojan horses and      139 144
Email, verifying addresses      376—377
Email, viruses and      147
Email, worms and      147
Employee directories      137
Encrypted Home Directory      174
encryption, algorithms      286—289
Encryption, connections      225—226
Encryption, data      162 422—424
encryption, databases      26
Encryption, DES algorithm      287—289
Encryption, filesystems      173—174
Encryption, IMAP protocol      389—390
Encryption, laptop data      162
Encryption, MD5 algorithm      288—289
Encryption, one-way      284 285
encryption, passwords      7 158 255—256 284—289
Encryption, PGP (Pretty Good Privacy)      309
Encryption, POP protocol      389—390
Encryption, Postfix and      388
Encryption, protocols      225—227
Encryption, qmail and      388
encryption, reversible      256
Encryption, sendmail and      388
Encryption, sniffers and      194
encryption, SSL      256
Encryption, web sites      422—424
Enumeration, domains      75—76
Enumeration, RPC services      108—110
Environment variables      257
ESMTP (Extended Simple Mail Transfer Protocol)      371 375
ethereal program      196
Ethernet addresses      116
Ethernet cards      221 225
exec() function      454—455
EXECUTE permission      12—14
Exploit scripts      145—146
EXPN command      377—379
Exporting items, filesystems      111 113
Exporting items, NFS      318—319
ext2 filesystems      16
Extended Gateway Protocol (EGP)      219
Extended Simple Mail Transfer Protocol (ESMTP)      371 375
Extensions, .cgi      431
Extensions, SMTP-AUTH      388
Extensions, STARTTLS      388—389
Fast hash function      56
Fetchmail utility      253—254
Fields in form files      442—447
Fields, DNS records      82—84
fields, hidden      444—446
Fields, missing      442—444
File integrity tools      51—59
file servers      147
File sharing, NFS and      111—114 187
File sharing, worms and      147
File Transfer Protocol      See "FTP"
file types      11
filehandles      452—455
filenames      449—450
Files directive      432
Files, access control      35—36
files, attributes      16—17
files, backing up      63
Files, checksums      47 49—50 141—142
Files, configuration files      48
files, deleting      49
Files, explicit read mode      450
files, hiding      341—343
Files, identity files      328—329
Files, infected      147
Files, installation files      49
Files, K files      503
files, limits on      18—19
Files, links      55
Files, log files      See "Log files"
Files, modifications to      46
Files, monitoring for web server      351
Files, NFS files      226
Files, password files      See "Password files"
files, permissions      10—16 48—49 55
Files, reporting tools      341—343
Files, S files      503
files, size of      55
Files, sticky bits      13—14
Files, suspicious      62
Files, timestamps on      46—48 62
FILESMATCH directive      432—433
Filesnarf program      226
Filesystems, /home filesystem      113
Filesystems, BestCrypt      173
Filesystems, CFS      173
Filesystems, encrypted      173—174
Filesystems, Encrypted Home Directory      174
Filesystems, exported      111 113
Filesystems, integrity checks      46—59
Filesystems, mounted      186—187 269—271

1 2 3 4 5 6 7 8

О проекте