Learn how to attack and defend the world’s most popular web server platform
Linux Server Security: Hack and Defend presents a detailed guide for experienced admins, aspiring hackers and other IT professionals seeking a more advanced understanding of Linux security. Written by a 20-year veteran of Linux server deployment this book provides the insight of experience along with highly practical instruction.
The topics range from the theory of past, current, and future attacks, to the mitigation of a variety of online attacks, all the way to empowering you to perform numerous malicious attacks yourself (in the hope that you will learn how to defend against them). By increasing your understanding of a hacker’s tools and mindset you're less likely to be confronted by the all-too-common reality faced by many admins these days: someone else has control of your systems.
- Master hacking tools and launch sophisticated attacks: perform SQL injections, deploy multiple server exploits and crack complex passwords.
- Defend systems and networks: make your servers invisible, be confident of your security with penetration testing and repel unwelcome attackers.
- Increase your background knowledge of attacks on systems and networks and improve all-important practical skills required to secure any Linux server.
The techniques presented apply to almost all Linux distributions including the many Debian and Red Hat derivatives and some other Unix-type systems. Further your career with this intriguing, deeply insightful, must-have technical book. Diverse, broadly-applicable and hands-on practical, Linux Server Security: Hack and Defend is an essential resource which will sit proudly on any techie's bookshelf.
Table of Contents:
Preface xiii Introduction xv
Chapter 1: Invisibility Cloak 1
Background 1
Probing Ports 1
Confusing a Port Scanner 2
Installing knockd 2
Packages 3
Changing Default Settings 3
Altering Filesystem Locations 4
Some Config Options 5
Starting the Service 5
Changing the Default Network Interface 5
Packet Types and Timing 5
Testing Your Install 6
Port Knocking Clients 7
Making Your Server Invisible 7
Testing Your iptables 8
Saving iptables Rules 9
Further Considerations 10
Smartphone Client 10
Troubleshooting 10
Security Considerations 10
Ephemeral Sequences 11
Summary 12
Chapter 2: Digitally Fingerprint Your Files 13
Filesystem Integrity 13
Whole Filesystem 16
Rootkits 17
Confi guration 19
False Positives 21
Well Designed 22
Summary 23
Chapter 3: Twenty-First-Century Netcat 25
History 25
Installation Packages 27
Getting Started 27
Transferring Files 29
Chatting Example 30
Chaining Commands Together 30
Secure Communications 31
Executables 33
Access Control Lists 34
Miscellaneous Options 34
Summary 35
Chapter 4: Denying Service 37
NTP Infrastructure 37
NTP Reflection Attacks 38
Attack Reporting 40
Preventing SNMP Reflection 41
DNS Resolvers 42
Complicity 43
Bringing a Nation to Its Knees 44
Mapping Attacks 45
Summary 46
Chapter 5: Nping 49
Functionality 49
TCP 50
Interpreter 51
UDP 52
ICMP 52
ARP 53
Payload Options 53
Echo Mode 54
Other Nping Options 57
Summary 58
Chapter 6: Logging Reconnoiters 59
ICMP Misconceptions 59
tcpdump 60
Iptables 61
Multipart Rules 64
Log Everything for Forensic Analysis 64
Hardening 65
Summary 67
Chapter 7: Nmap’s Prodigious NSE 69
Basic Port Scanning 69
The Nmap Scripting Engine 71
Timing Templates 73
Categorizing Scripts 74
Contributing Factors 75
Security Holes 75
Authentication Checks 77
Discovery 78
Updating Scripts 79
Script Type 80
Regular Expressions 80
Graphical User Interfaces 81
Zenmap 81
Summary 82
Chapter 8: Malware Detection 85
Getting Started 85
Definition Update Frequency 85
Malware Hash Registry 86
Prevalent Threats 86
LMD Features 86
Monitoring Filesystems 88
Installation 88
Monitoring Modes 90
Configuration 91
Exclusions 91
Running from the CLI 92
Reporting 92
Quarantining and Cleaning 93
Updating LMD 94
Scanning and Stopping Scans 94
Cron Job 96
Reporting Malware 96
Apache Integration 96
Summary 97
Chapter 9: Password Cracking with Hashcat 99
History 99
Understanding Passwords 99
Keyspace 100
Hashes101
Using Hashcat 103
Hashcat Capabilities 103
Installation 103
Hash Identifi cation104
Choosing Attack Mode 106
Downloading a Wordlist 106
Rainbow Tables 107
Running Hashcat 107
oclHashcat 110
Hashcat-Utils 111
Summary 111
Chapter 10: SQL Injection Attacks 113
History 113
Basic SQLi 114
Mitigating SQLi in PHP 115
Exploiting SQL Flaws 117
Launching an Attack 118
Trying SQLi Legally 120
Summary 121
Index 123
About the Author :
CHRIS BINNIE is a Technical Consultant with 20 years of experience working with Linux systems, and a writer for Linux Magazine and Admin Magazine. He built an Autonomous System Network in 2005, and served HD video to 77 countries via a media streaming platform that he architected and built. Over the course of his career, he has deployed many servers in the cloud and on banking and government server estates.
