How can I learn Linux from hacking or security point of view

Question

I was interested in entering the security Field and then I studied various posts about that. Someone told that I had to first know the unix system inside out form security perspective and then I can go further.

I know only basic Linux, my company has local server Ubuntu and VPS server centos 5. I manage that one by hosting sites and small other stuff like backups, cron, etc.

But i don't know anythin about logs etc. Someone wrote the following to start with:

watching live tcpdump sessions, syslog entries, web server logs, snort dumps, dumping live system memory, to a million other open source tools for peeking and poking at the innards of a running system.

also:

Get a live SMTP server running, and watch the spam bots and scan for malware. Set up a web server and watch the script kiddies try SQL injection attacks in your web and DB logs. Watch your ssh logs for brute force attacks. Set up a common blog engine and have fun fighting off spam bots and attacks. Learn how to deploy various virtualization technologies to partition services from each other. Learn first-hand if ACLs, MAC, and system-level auditing are worth the extra work and hassle over standard system permissions.

Now I really want to dl all that stuff. Can anyone guide me any books to read. Video lectures, exams which can help me in doing that stuff.

Whenever I learn anything new with Linux I apply that to my live server. This is how I learned all the Linux.

Any ideas

Answer 1

I have the perfekt solution for you! There is a big community which is only about security and hacking technics. (and they are great to start with!)

http://www.backtrack-linux.org/

I learned there some basic stuff about how security works and which common methods hackers are using the break into your systems.

NOTE: You have mentioned it, security/hacking requires that you have a decent knowledge about unix/DOS systems. This is because mostly hacking is not like crack opening a door it's more that you are using an "error" in the system or weak configurations which the systemadministrators have made to bypass the security controls.

I hope that I could help you with this information ;)

Answer 2

I also am interested in the security field though mainly as an interesting aside at present. Got a good though not particulary indepth overview by doing the security+ certification. Have been chuntering through a book on pentration testing from Syngress that seems extremely interesting. I will post the link to the book and another book I have found interesting on TCP/IP when I have them.

Professional Penetration Testing

The TCP/IP Guide: A Comprehensive, Illustrated Internet Protocols Reference

EDIT: Changed Sybex to Syngress

Answer 3

Learn general Linux tools and common services. Get a book like the Fedora Bible, Official Ubuntu Server Book (HIGHLY recommended), and/or "Ubuntu Linux Toolbox" manual. Very helpful.

Then, there are book on maintaining secure systems, configuring firewalls, network scanning, etc.

Books:
Practical Packet Analysis
Nmap: The Official Guide
Linux Firewalls

More: anything involving Wireshark, Backtrack Linux, etc.

-Get onto some IRC channels for Linux and UNIX security and system administration.
-Read the security and firewall related questions here.
-Sign up for some Linux magazines, such as Linux Journal (great) and Linux Pro Magazine (good).
-Get the RSS feed for LWN.net, which has a lot of good articles and listings for security updates in a lot of distros.

Answer 4

Learn TCP/IP, Operating systems architecture,learn at least one scripting language to write automations and exploits, you can read the CISSP related litterature. For the tools you might be interested among others in the ones linked in the Penetration Testing Framework

Answer 5

you might want to look into a CEH certification.