Tài liệu Hacking Exposed Linux, 3rd Edition pot

www.it-ebooks.info

A valuable extension to the Hacking Exposed franchise; the authors do a great job of

incorporating the vast pool of knowledge of security testing from the team who built the Open

Source Security Testing Methodology Manual (OSSTMM) into an easy-to-digest, concise read

on how Linux systems can be hacked.

Steven Splaine

Author, The Web Testing Handbook and Testing Web Security

Industry-Recognized Software Testing Expert

With Pete being a pioneer of open-source security methodologies, directing ISECOM, and

formulating the OPSA certification, few people are more qualified to write this book than him.

Matthew Conover

Principal Software Engineer

Core Research Group, Symantec Research Labs

You’ll feel as if you are sitting in a room with the authors as they walk you through the steps

the bad guys take to attack your network and the steps you need to take to protect it. Or, as the

authors put it: “Separating the asset from the threat.” Great job, guys!

Michael T. Simpson, CISSP

Senior Staff Analyst

PACAF Information Assurance

An excellent resource for security information, obviously written by those with real-world

experience. The thoroughness of the information is impressive —very useful to have it presented in

one place.

Jack Louis

Security Researcher

www.it-ebooks.info

This page intentionally left blank

www.it-ebooks.info

HACKING EXPOSED™

LINUX:

LINUX SECURITY SECRETS

& SOLUTIONS

THIRD EDITION

ISECOM

New York Chicago San Francisco

Lisbon London Madrid Mexico City

Milan New Delhi San Juan

Seoul Singapore Sydney Toronto

www.it-ebooks.info

Copyright © 2008 by The McGraw-Hill Companies. All rights reserved. Manufactured in the United States of America. Except as permitted

under the United States Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or

stored in a database or retrieval system, without the prior written permission of the publisher.

0-07-159642-9

The material in this eBook also appears in the print version of this title: 0-07-226257-5.

All trademarks are trademarks of their respective owners. Rather than put a trademark symbol after every occurrence of a trademarked name,

we use names in an editorial fashion only, and to the benefit of the trademark owner, with no intention of infringement of the trademark. Where

such designations appear in this book, they have been printed with initial caps.

McGraw-Hill eBooks are available at special quantity discounts to use as premiums and sales promotions, or for use in corporate training

programs. For more information, please contact George Hoare, Special Sales, at [email protected] or (212) 904-4069.

TERMS OF USE

This is a copyrighted work and The McGraw-Hill Companies, Inc. (“McGraw-Hill”) and its licensors reserve all rights in and to the work. Use

of this work is subject to these terms. Except as permitted under the Copyright Act of 1976 and the right to store and retrieve one copy of the

work, you may not decompile, disassemble, reverse engineer, reproduce, modify, create derivative works based upon, transmit, distribute,

disseminate, sell, publish or sublicense the work or any part of it without McGraw-Hill’s prior consent. You may use the work for your own

noncommercial and personal use; any other use of the work is strictly prohibited. Your right to use the work may be terminated if you fail to

comply with these terms.

THE WORK IS PROVIDED “AS IS.” McGRAW-HILL AND ITS LICENSORS MAKE NO GUARANTEES OR WARRANTIES AS TO THE

ACCURACY, ADEQUACY OR COMPLETENESS OF OR RESULTS TO BE OBTAINED FROM USING THE WORK, INCLUDING ANY

INFORMATION THAT CAN BE ACCESSED THROUGH THE WORK VIA HYPERLINK OR OTHERWISE, AND EXPRESSLY DIS￾CLAIM ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MER￾CHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. McGraw-Hill and its licensors do not warrant or guarantee that the

functions contained in the work will meet your requirements or that its operation will be uninterrupted or error free. Neither McGraw-Hill nor

its licensors shall be liable to you or anyone else for any inaccuracy, error or omission, regardless of cause, in the work or for any damages

resulting therefrom. McGraw-Hill has no responsibility for the content of any information accessed through the work. Under no circumstances

shall McGraw-Hill and/or its licensors be liable for any indirect, incidental, special, punitive, consequential or similar damages that result from

the use of or inability to use the work, even if any of them has been advised of the possibility of such damages. This limitation of

liability shall apply to any claim or cause whatsoever whether such claim or cause arises in contract, tort or otherwise.

DOI: 10.1036/0072262575

www.it-ebooks.info

As Project Leader, I want to dedicate this book to all the

volunteers who helped out and contributed through

ISECOM to make sense of security so the rest of the world

can fi nd a little more peace. It’s the selfl ess hackers like

them who make being a hacker such a cool thing.

I also need to say that all this work would be overwhelming

if not for my unbelievably supportive wife, Marta. Even my

three children, Ayla, Jace, and Aidan, who can all put

ISECOM on the list of their fi rst spoken words, were all

very helpful in the making of this book.

—Pete Herzog

www.it-ebooks.info

ABOUT THE AUTHORS

This book was written according to the ISECOM (Institute for Security and Open

Methodologies) project methodology. ISECOM is an open, nonprofit security research

and certification organization established in January 2001 with the mission to make sense

of security. They release security standards and methodologies under the Open

Methodology License for free public and commercial use.

This book was written by multiple authors, reviewers, and editors—too many to all

be listed here—who collaborated to create the best Linux hacking book they could. Since

no one person can master everything you may want to do in Linux, a community wrote

the book on how to secure it.

The following people contributed greatly and should be recognized.

About the Project Leader

Pete Herzog

As Managing Director, Pete is the co-founder of ISECOM and creator of the

OSSTMM. At work, Pete focuses on scientific, methodical testing for controlling

the quality of security and safety. He is currently managing projects in development

that include security for homeowners, hacking lessons for teenagers, source￾code static analysis, critical-thinking training for children, wireless certification

exam and training for testing the operational electromagnetic spectrum, a

legislator’s guide to security solutions, a Dr. Seuss–type children’s book in metered prose

and rhyme, a security analysis textbook, a guide on human security, solutions for

university security and safety, a guide on using security for national reform, a guide for

factually calculating trust for marriage counselors and family therapists, and of course,

the Open Source Security Testing Methodology Manual (OSSTMM).

In addition to managing ISECOM projects, Pete teaches in the Masters for Security

program at La Salle University in Barcelona and supports the worldwide security

certification network of partners and trainers. He received a bachelor’s degree from

Syracuse University. He currently only takes time off to travel in Europe and North

America with his family.

About the Project Managers

Marta Barceló

Marta Barceló is Director of Operations, co-founder of ISECOM, and is

responsible for ISECOM business operations. In early 2003, she designed the

process for the Hacker Highschool project, developing and designing teaching

methods for the website and individual and multilingual lessons. Later that

same year, she developed the financial and IT operations behind the ISESTORM

conferences. In 2006, Marta was invited to join the EU-sponsored Open Trusted

Computing consortium to manage ISECOM’s participation within the project, including

financial and operating procedures. In 2007, she began the currently running advertising

campaign for ISECOM, providing all creative and technical skills as well as direction.

Copyright © 2008 by The McGraw-Hill Companies. Click here for terms of use.

www.it-ebooks.info

Marta maintains the media presence of all ISECOM projects and provides technical

server administration for the websites. She attended Mannheim University of Applied

Sciences in Germany and graduated with a masters in computer science.

In addition to running ISECOM, Marta has a strong passion for the arts, especially

photography and graphic design, and her first degree is in music from the Conservatori

del Liceu in Barcelona.

Rick Tucker

Rick Tucker has provided ISECOM with technical writing, editing, and general

support on a number of projects, including SIPES and Hacker Highschool. He

currently resides in Portland, Oregon, and works for a small law firm as the go￾to person for all manner of mundane and perplexing issues.

About the Authors

Andrea Barisani

Andrea Barisani is an internationally known security researcher. His

professional career began eight years ago, but it all really started with a

Commodore-64 when he was ten-years-old. Now Andrea is having fun with

large-scale IDS/firewall-deployment administration, forensic analysis,

vulnerability assessment, penetration testing, security training, and his

open-source projects. He eventually found that system and security administration are

the only effective way to express his need for paranoia.

Andrea is the founder and project coordinator of the oCERT effort, the Open Source

CERT. He is involved in the Gentoo project as a member of the Security and Infrastructure

Teams and is part of Open Source Security Testing Methodology Manual, becoming an

ISECOM Core Team member. Outside the community, he is the co-founder and chief

security engineer of Inverse Path, Ltd. He has been a speaker and trainer at the PacSec,

CanSecWest, BlackHat, and DefCon conferences among many others.

Thomas Bader

Thomas Bader works at Dreamlab Technologies, Ltd., as a trainer and solution

architect. Since the early summer of 2007, he has been in charge of ISECOM

courses throughout Switzerland. As an ISECOM team member, he participates

in the development of the OPSE certification courses, the ISECOM test network,

and the OSSTMM.

From the time he first came into contact with open-source software in 1997,

he has specialized in network and security technologies. Over the following years, he

has worked in this field and gained a great deal of experience with different firms as a

consultant and also as a technician. Since 2001, Thomas has worked as a developer and

trainer of LPI training courses. Since 2006, he has worked for Dreamlab Technologies,

Ltd., the official ISECOM representative for the German- and French-speaking countries

of Europe.

www.it-ebooks.info

Simon Biles

Simon Biles is the director and lead consultant at Thinking Security, a UK-based

InfoSec Consultancy. He is the author of The Snort Cookbook from O’Reilly, as well

as other material for ISECOM, Microsoft, and SysAdmin magazine. He is in

currently pursuing his masters in forensic computing at the Defence Academy in

Shrivenham. He holds a CISSP, OPSA, is an ISO17799 Lead Auditor, and is also a

Chartered Member of the British Computer Society. He is married with children

(several) and reptiles (several). His wife is not only the most beautiful woman ever, but

also incredibly patient when he says things like “I’ve just agreed to ... <insert time-drain

here>.” In his spare time, when that happens, he likes messing about with Land Rovers

and is the proud owner of a semi-reliable, second-generation Range Rover.

Colby Clark

Colby Clark is Guidance Software’s Network Security Manager and has the day￾to-day responsibility for overseeing the development, implementation, and

management of their information security program. He has many years of

security-related experience and has a proven track record with Fortune 500

companies, law firms, financial institutions, educational institutions,

telecommunications companies, and other public and private companies in

regulatory compliance consulting and auditing (Sarbanes Oxley and FTC Consent

Order), security consulting, business continuity, disaster recovery, incident response,

and computer forensic investigations. Colby received an advanced degree in business

administration from the University of Southern California, maintains the EnCE, CISSP,

OPSA, and CISA certifications, and has taught advanced computer forensic and incident

response techniques at the Computer and Enterprise Investigations Conference (CEIC).

He is also a developer of the Open Source Security Testing Methodology Manual (OSSTMM)

and has been with ISECOM since 2003.

Raoul Chiesa

Raoul “Nobody” Chiesa has 22 years of experience in information security

and 11 years of professional knowledge. He is the founder and president of

@ Mediaservice.net Srl, an Italian-based, vendor-neutral security consulting

company. Raoul is on the board of directors for the OWASP Italian Chapter,

Telecom Security Task Force (TSTF.net), and the ISO International User Group.

Since 2007, he has been a consultant on cybercrime issues for the UN at the United

Nations Interregional Crime & Justice Research Institute (UNICRI).

He authored Hacker Profile, a book which will be published in the U.S. by Taylor &

Francis in late 2008. Raoul’s company was the first worldwide ISECOM partner, launching

the OPST and OPSA classes back in 2003. At ISECOM, he works as Director of

Communications, enhancing ISECOM evangelism all around the world.

Pablo Endres

Pablo Endres is a security engineer/consultant and technical solution architect

with a strong background built upon his experience at a broad spectrum of

companies: wireless phone providers, VoIP solution providers, contact centers,

universities, and consultancies. He started working with computers (an XT) in

www.it-ebooks.info

the late 1980s and holds a degree in computer engineering from the Universidad Simón

Bolívar at Caracas, Venezuela. Pablo has been working, researching, and playing around

with Linux, Unix, and networked systems for more than a decade.

Pablo would like to thank Pete for the opportunity to work on this book and with

ISECOM, and last but not least, his wife and parents for all the support and time

sharing.

Richard Feist

Richard has been working in the computer industry since 1989 when he started as

a programmer and has since moved through various roles. He has a good view of

both business and IT and is one of the few people who can interact in both spaces.

He recently started his own small IT security consultancy, Blue Secure. He

currently holds various certifications (CISSP, Prince2 Practitioner, OPST/OPSA

trainer, MCSE, and so on) in a constant attempt to stay up-to-date.

Andrea Ghirardini

Andrea “Pila” Ghirardini has over seven years expertise in computer forensics

analysis. The labs he leads (@PSS Labs, http://www.atpss.net) have assisted Italian

and Swiss Police Special Units in more than 300 different investigations related

to drug dealing, fraud, tax fraud, terrorism, weapons trafficking, murder,

kidnapping, phishing, and many others.

His labs are the oldest ones in Italy, continuously supported by the company team’s

strong background in building CF machines and storage systems in order to handle and

examine digital evidence, using both open-source-based and commercial tools. In 2007,

Andrea wrote the first book ever published in Italy on computer forensics investigations

and methodologies (Apogeo Editore). In this book, he also analyzed Italian laws related

to these kinds of crimes. Andrea holds the third CISSP certification in Italy.

Julian “HammerJammer” Ho

Julian “HammerJammer” Ho is co-founder of ThinkSECURE Pte, Ltd., (http://

securitystartshere.org), an Asia-based practical IT security certification/training

authority and professional IT security services organization and an ISECOM￾certified OPST trainer.

Julian was responsible for design, implementation, and maintenance of

security operations for StarHub’s Wireless Hotzones in Changi International

Airport Terminals 1 and 2 and Suntec Convention Centre. He is one half of the design

team for BlackOPS:HackAttack 2004, a security tournament held in Singapore; AIRRAID

(Asia’s first-ever pure wireless hacking tournament) in 2005; and AIRRAID2 (Thailand’s

first-ever public hacking tournament) in 2008. He also contributed toward research and

publication of the WCCD vulnerability in 2006.

Julian created and maintains the OSWA-Assistant wireless auditing toolkit, which

was awarded best in the Wireless Testing category and recommended/excellent in the

LiveCDs category by Security-Database.com in their “Best IT Security and Auditing

Software 2007” article.

www.it-ebooks.info

Marco Ivaldi

Marco Ivaldi ([email protected]) is a computer security researcher and

consultant, a software developer, and a Unix system administrator. His particular

interests are networking, telephony, and cryptology. He is an ISECOM Core

Team member, actively involved in the OSSTMM development process. He

holds the OPST certification and is currently employed as Red Team Coordinator

at @ Mediaservice.net, a leading information-security company based in Italy. His daily

tasks include advanced penetration testing, ISMS deployment and auditing, vulnerability

research, and exploit development. He is founder and editorial board member of

Linux&C, the first Italian magazine about Linux and open source. His homepage and

playground is http://www.0xdeadbeef.info.

Marco wishes to thank VoIP gurus Emmanuel Gadaix of TSTF and thegrugq for their

invaluable and constant support throughout the writing of this book. His work on this

book is dedicated to z*.

Dru Lavigne

Dru Lavigne is a network and systems administrator, IT instructor, curriculum

developer, and author. She has over a decade of experience administering and

teaching Netware, Microsoft, Cisco, Checkpoint, SCO, Solaris, Linux, and BSD

systems. She is author of BSD Hacks and The Best of FreeBSD Basics. She is currently

the editor-in-chief of the Open Source Business Resource, a free monthly

publication covering open source. She is founder and current chair of the BSD Certification

Group, Inc., a nonprofit organization with a mission to create the standard for certifying

BSD system administrators. At ISECOM, she maintains the Open Protocol Database. Her

blog can be found at http://blogs.ittoolbox.com/unix/bsd.

Stephane Lo Presti

Stéphane is a research scientist who has explored the various facets of trust in

computer science for the past several years. He is currently working at The City

University, London, on service-oriented architectures and trust. His past jobs

include the European project, Open Trusted Computing (http://www.opentc.net) at

Royal Holloway, University of London, and the Trusted Software Agents and

Services (T-SAS) project at the University of Southampton, UK. He enjoys

applying his requirement-analysis and formal-specification computing skills to modern

systems and important properties, such as trust. In 2002, he received a Ph.D. in computing

science from the Grenoble Institute of Technology, France, where he also graduated as a

computing engineer in 1998 from the ENSIMAG Grandes École of Computing and

Applied Mathematics, Grenoble, France.

Christopher Low

Christopher Low is co-founder of ThinkSECURE Pte Ltd. (http://securitystartshere

.org), an Asia-based IT-security training, certification, and professional IT security

services organization. Christopher has more than ten years of IT security

experience and has extensive security consultancy and penetration-testing

experience. Christopher is also an accomplished trainer, an ISECOM-certified

www.it-ebooks.info

OPST trainer and has developed various practical-based security certification courses

drawn from his experiences in the IT security field. He also co-designed the BlackOPS:

HackAttack 2004 security tournament held in Singapore, AIRRAID (Asia’s first-ever

pure wireless hacking tournament) in 2005, and AIRRAID2 (Thailand’s first-ever public

hacking tournament).

Christopher is also very actively involved in security research; he likes to code and

created the Probemapper and MoocherHunter tools, both of which can be found in the

OSWA-Assistant wireless auditing toolkit.

Ty Miller

Ty Miller is Chief Technical Officer at Pure Hacking in Sydney, Australia. Ty has

performed penetration tests against countless systems for large banking,

government, telecommunications, and insurance organizations worldwide, and

has designed and managed large security architectures for a number of

Australian organizations within the Education and Airline industries.

Ty presented at Blackhat USA 2008 in Las Vegas on his development of DNS

Tunneling Shellcode and was also involved in the development of the CHAOS Linux

distribution, which aims to be the most compact, secure openMosix cluster platform.

He is a certified ISECOM OPST and OPSA instructor and contributes to the Open Source

Security Testing Methodology Manual. Ty has also run web-application security courses

and penetration-testing tutorials for various organizations and conferences.

Ty holds a bachelors of technology in information and communication systems from

Macquarie University, Australia. His interests include web-application penetration

testing and shellcode development.

Armand Puccetti

Armand Puccetti is a research engineer and project manager at CEA-LIST (a

department of the French Nuclear Energy Agency, http://www-list.cea.fr) where

he is working in the Software Safety Laboratory. He is involved in several

European research projects belonging to the MEDEA+, EUCLID, ESSI, and

FP6 programs. His research interests include formal methods for software and

hardware description languages, semantics of programming languages, theorem

provers, compilers, and event-based simulation techniques. Before moving to CEA

in 2000, he was employed as a project manager at C-S (Communications & Systems,

http://www.c-s.fr/), a privately owned software house. At C-S he contributed to numerous

software development and applied research projects, ranging from CASE tools and

compiler development to military simulation tools and methods (http://escadre.cad.etca

.fr/ESCADRE) and consultancy.

He graduated from INPL (http://www.inpl-nancy.fr) where he earned a Ph.D. in 1987

in the Semantics and Axiomatic Proof for the Ada Programming Language.

www.it-ebooks.info

About the Contributing Authors

Görkem Çetin

Görkem Çetin has been a renowned Linux and open-source professional for more than

15 years. As a Ph.D. candidate, his current doctorate studies focus on human/computer

interaction issues of free/open-source software. Görkem has authored four books on

Linux and networking and written numerous articles for technical and trade magazines.

He works for the National Cryptography and Technology Institute of Turkey (TUBITAK/

UEKAE) as a project manager.

Volkan Erol

Volkan Erol is a researcher at the Turkish National Research Institute of Electronics and

Cryptology (TUBITAK-NRIEC). After receiving his bachelor of science degree in

computer engineering from Galatasaray University Engineering and Technology Faculty,

Volkan continued his studies in the Computer Science, Master of Science program, at

Istanbul Technical University. He worked as software engineer at the Turkcell Shubuo￾Turtle project and has participated in TUBITAK-NRIEC since November 2005. He works

as a full-time researcher in the Open Trusted Computing project. His research areas are

Trusted Computing, applied cryptography, software development, and design and

image processing.

Chris Griffi n

Chris Griffin has nine years of experience in information security. Chris obtained the

OPST, OPSA, CISSP, and CNDA certifications and is an active contributor to ISECOM’s

OSSTMM. Chris has most recently become ISECOM’s Trainer for the USA. He wants to

thank Pete for this opportunity and his wife and kids for their patience.

Fredesvinda Insa Mérida

Fredesvinda Insa Mérida is the Strategic Development Manager of Cybex. Dr. Insa

graduated in law from the University of Barcelona (1994–1998). She also holds a Ph.D. in

information sciences and communications, from the University Complutense of Madrid.

Dr. Insa has represented Cybex in several computer-forensics and electronic-evidence

meetings. She has a great deal of experience in fighting against computer-related crimes.

Within Cybex, she provides legal assistance to the computer forensics experts.

About the Editors and Reviewers

Chuck Truett

Chuck Truett is a writer, editor, SAS programmer, and data analyst. In addition to his

work with ISECOM, he has written fiction and nonfiction for audiences ranging from

children to role-playing gamers.

www.it-ebooks.info

Adrien de Beaupré

Adrien de Beaupré is practice lead at Bell Canada. He holds the following certifications:

GPEN, GCIH, GSEC, CISSP, OPSA, and OPST. Adrien is very active with isc.sans.org. He

is an ISECOM OSSTMM-certified instructor. His areas of expertise include vulnerability

assessments, penetration testing, incident response, and digital forensics.

Mike Hawkins

Michael Hawkins, CISSP, has over ten years experience in the computer industry, the

majority of time spent at Fortune 500 companies. He is currently the Manager of

Networks and Security at the loudspeaker company Klipsch. He has been a full-time

security professional for over five years.

Matías Bevilacqua Trabado

Matías Bevilacqua Trabado graduated in computer engineering from the University of

Barcelona and currently works for Cybex as IT Manager. From a security background,

Matías specializes in computer forensics and the admissibility of electronic evidence. He

designed and ran the first private forensic laboratory in Spain and is currently leading

research and development at Cybex.

Patrick Boucher

Patrick Boucher is a senior security consultant for Gardien Virtuel. Patrick has many

years of experience with ethical hacking, security policy, and strategic planning like

disaster recovery and continuity planning. His clients include many Fortune 500

companies, financial institutions, telecommunications companies, and SME enterprises

throughout Canada. Patrick has obtained CISSP and CISA certifications

www.it-ebooks.info

This page intentionally left blank

www.it-ebooks.info