- Messages
- 39
- Reaction score
- 1
- Points
- 28
hello mga k SB share ko lang s mga gumagamit ng LINUX OS jn at mga I.T security experts and professional magagamit nyo to
pr masecure nyo ung server or website nyo,enjoy learning,sana makatulong s inyo to at marami din kyo matutunan...God Speed: )
Security Audit Tools:
Perform a "Security Risk Assessment" on your system with the following tools.
System Audits:
•Chkrootkit (YoLinux tutorial) - Scan system for trojans, worms and exploits.
•Root kit detection: ◦checkps - detect rootkits by detecting falsified output and similar anomalies. The ps check should work on anything with /proc. Also uses netstat.
◦Rootkit hunter - scans for rootkits, back doors and local exploits
◦
◦Rkdet - root kit detector daemon. Intended to catch someone installing a rootkit or running a packet sniffer.
•fsaudit - Perl script to scan filesystems and search for suspicious looking directories
•COPS: Computer Oracle and Password System - UNIX security checks. Programs and shell scripts which perform security checks. Checks include file and directory permissions, passwords, system scripts, SUID files, ftp configuration check, ...
•SARA - Security Auditor's Research Assistant - network security vulnerability scanner for SQL injections, remote scans, etc. (follow-on to the SATAN analysis tool)
•Tiger Analytical Research Assistant (TARA Pro) - Commercial support
Network Vulnerability Audits:
•Nessus (YoLinux tutorial) - Remote security scanner - This is my favorite security audit tool!! Checks service exploits and vulnerabilities.
•OpenVAS: Open Vulnerability Assessment System. A branch of Nessus which is more free of licensing restrictions
•Argus - IP network transaction auditing tool. This daemon promiscuously reads network datagrams from a specified interface, and generates network traffic status records
Argus 2
•InterSect Alliance - Intrusion analysis. Identifies malicious or unauthorized access attempts.
•Linuxforce: AdminForce CGI Auto Audit - CGI script analyzer to find security deficiencies.
Wireless:
•AirSnort - wireless LAN (WLAN) tool that recovers encryption keys.
•WEPCrack
Port Scanners:
Used to identify computer network services available for exploit.
•nmap - Port scanner and security scanning and investigation tool ◦NmapFe++ - GUI front-end to NMAP
◦KNmap - KDE front-end
◦pbnj - Diff nmap scans to find changes to systems on the network.
◦nmap3d - nmap post processing to 3-d VRML
◦nmap-sql - log scans to database
◦Gremwell MagicTree - processes NMap and OpenVAS output to generate a report. Requires OpenOffice.
•UnicornScan - fast portscanner
Also see onetwopunch.sh to automate UnicornScans.
•portscan - C++ Port Scanner will try to connect on every port you define for a particular host.
•pof - passive OS fingerprinting.
•Web/http scan: ◦Nikto - web server scanner. CGI, vulnerability checks. Not a stealthy tool. For security tests.
Portscanning Information:
•Art of port scanning - types of scans explained.
Network Sniffers:
Linux Tools for Network Examination.
•DSniff - network tools for auditing and penetration testing.
•Wireshark - full network protocol sniffer/analyzer
(Ethereal - legacy. Now Wireshark)
•IPTraf - curses based IP LAN monitor
•TcpDump - network monitor and data acquisition ◦VOMIT - Voice Over Misconfigured Internet Telephones - Use TCP dump of VOIP stream and convert to WAV file.
Cisco Call Manager depends on MS/SQL server and are thus vulnerable to SQL Slammer attacks.
•KISMET - 802.11a/b/g wireless network detector, sniffer and intrusion detection system.
•DISCO - Passive IP discovery and fingerprinting tool. Sits on a segment of a network to discover unique IPs and identify them.
•Yersina - Framework for analyzing and testing the deployed networks and systems. Designed to take advantage of some weakness in different Layer 2 protocols: Spanning Tree Protocol (STP), Cisco Discovery Protocol (CDP), Dynamic Trunking Protocol (DTP), Dynamic Host Configuration Protocol (DHCP), Hot Standby Router Protocol (HSRP), IEEE 802.1q, Inter-Switch Link Protocol (ISL), VLAN Trunking Protocol (VTP).
•YoLinux.com List of network monitoring tools and example tcpdump sessions
Hacker Tools:
Password crackers:
(can also be part of a vulnerability audit)
•John the Ripper - weak password detection. crypt, Kerberos AFS, MS/Windows LM, ...
•lCRACK - password hacker, dictionary, brute force incremental, ...
Exploits:
•bobkit
•woot-project
Exploit framework:
•MetaSploit - Exploit launcher, test and development tool
Other Links:
•InfoSysSec.org: Hacking howto
•Network intrusion and hacking
•hping - command line TCP/IP packet assembler/analyzer. Supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, ...
•hping2 - Can be used to performs a lot of tasks, like testing of firewall rules, (spoofed) port scanning, ...
Security Infrastructure Software Tools:
•Sentry Tools: Port Sentry, Log Check, Host Sentry - attack detection and defense ◦PortSentry: basic theory - Part 1 - Part 2
◦YoLinux.com Tutorial: Portsentry installation and use
•YoLinux.com Tutorial: Tripwire installation and use
•tripwire - File system data integrity checking tool
•SNORT - intrusion detection and prevention. Rules to inspect and detect anomaly signatures.
•Bastille-linux - Hardening perl scripts to lock down a system and increase its security. Can perform an assessment of a system's configuration (bastille --assess). It queries the administrator as to the expected level of security expected for various system components and then configures the system (./InteractiveBastille).
•Kali Linux - Bootable live CD Linux distro preconfigured for penetration testing.
•CipherDyne.com: PSAD - analyzes iptables log messages to detect port scans and other suspicious traffic.
•IPPL - IP packet logger. Log anomalies
•Kerberos - secure authentication
•deslogin - remote login. SSH is more popular.
•YoLinux.com Tutorial: SSH server configuration and use
•Secure connections SSH (shell) and SSL (socket layer): ◦OpenSSH - Open Source version - Requires :
OpenSSL - Secure Socket Layer
◦SSH.com - Commercial versions SSH1 and SSH2
◦ SSH FAQ - Frequently Asked Questions
◦MS/Windows clients:PuTTY - Telnet, SSH, SCP, SFTP client
Tera Term
•TCP wrappers - Wietse Venema
•YoLinux.com iptables tutorial
•rsaeuro - cryptographic toolkit
•Pretty Good Privacy (PGP) - encryption
Commercial Vendors:
•RSA Security - Encryption and secure commerce.
•CRYPTOCard authentication servers
•CryptoHeaven - Secure online storage, file sharing and distribution, email, instant messaging. Free Linux client but it is a commercial for fee service. (less than 2MB storage is free)
•Tiger Analytical Research Assistant (TARA Pro) - Texas A+M Tiger Commercial support
•TIS: Trusted Informations Systems Inc. - [download] - TIS Internet firewall toolkit
•Tripwire Security Systems - Intrusion detection
•CA (Computer Associates): eTrust Compliance - Vulnerability assessment, security policies, audit and correction.
•Labatam: Secure X-Server Encryption
Online Web Based Tools:
•Clackcode.com: security scan
•HackerTarget.com: online vulnerability tests
•AutomatedScanning.com - commercial service
Software Updates and Security fixes:
•Red Hat Security fixes and Errata
•Red Hat Enterprise Linux security updates
•Fedora security advisories and package updates
•Ubuntu security notices
•Debian security information
•SUSE Linux Enterprise Security
Forensic and Data Recovery Tools:
•Basic Steps in Forensic Analysis of Unix Systems - a case study
•GIIS ext3/ext2FS file undelete tool.User can recover files by it's name or type or by its owner. Can't recover the files deleted before installation of giis.
•Why Recovering a Deleted Ext3 File Is Difficult
•Commercial Linux data recovery tools - list
Anti-Virus Software:
This has typically been the domain of the Microsoft Windows and Outlook products and NOT Linux but Linux administrators running SAMBA file servers often must be aware of these viruses. There are according to Symantec 68 Linux specific viruses and worms including the Ramen worm which attempts to attack unpatched rpc.statd, wuftpd, and LPRng.
Anti-Virus products:
•F-Secure.com ◦Anti-Virus for File Servers
◦Anti-Virus for Desktops and Laptops
•Kaspersky Lab - Workstation/Server/eMail gateway protection
•Sophos.com ◦Endpoint Security and Control: Anti-Virus and anti-spyware for Unix/Linux
◦SOPHOS Anti-virus - Sophos Anti-Virus for Linux
◦eMail security
•Grisoft.com ◦AVG Anti-Virus Linux E-mail Server Edition
•Symantec.com ◦Mail-Gear: (up to and including version 1.2.x)
◦Antivirus client for Linux
•TrendMicro.com ◦Interscan VirusWall for Linux - Internet Gateway - detect/scan SMTP, HTTP and FTP
•ClamAv.net - Clam anti-virus. Open source virus protection for mail servers.
Virus info:
•CERT.org - Carnegie Mellon University's Software Engineering Institute - security vulnerability research.
•ICSA.net - Anti-virus / Anti-spyware / Anti-spam Product Developers Consortium
•Symantec security response - commercial security support
•Threat Explorer - real and hoaxes
Virus email alert:
•McAfee Dispatch
•Symantec Security Response Newsletter
Attacks:
•SYN packet manipulation: ◦SYN flood Description
◦SYN Cookie
•Smurf DOS: ◦ISS.com: Description
•IRC (Internet Relay Chat) Client attacks: ◦IIS.com: Description
•Service attacks: ◦Buffer Overflow attacks
•Session Hijacking: ◦IIS.com: Descriptions
•ARP Cache poisoning: ◦Wireless Attacks Threaten Wired Networks
Honeypots:
How to bait and catch the evil hackers:
•honeyd
•Honeynet.org - The honeynet project
DoD/DoE NISPOM Chapter 8 computer security configuration for Linux:
NISPOM (National Industry Security Program Operating Manual) chapter 8 is a computer security requirement developed by the US DoD (Department of Defense - US) and DoE (Department of Energy) and published by the DSS (Defense Security Service) which US defense contractors are required to meet when processing classified data on computers in a classified environment. Linux as issued by major distros defaults do not meet this requirement. Use the following software packages/configurations:
1.Use central authentication server (LDAP or NIS) with the proper security policies. See YoLinux LDAP authentication tutorial.
2. Meet reporting requirements: This auditing and reporting requirement can be met using Snare. This requires a kernel patch (or use of one of the kernels [RHEL3 or RHEL4] downloaded from the Snare home page.) and the running of a Snare audit daemon. It meets C-2 reporting requirements and records logins/logoffs, file and directory access, access denial, ...
Newer Linux distributions running auditd (RHEL4, FC3+) can get compliant results.
Intersect Alliance: Snare project. For more aggressive reporting requirements, see Computer Associates eTrust Security Information Management.
3. Grant admin privileges without giving root password. Granular delegation of root privileges. File and directory access control. Symark.com: PowerBroker
4.Virus scanner. (See above list)
Links: •Configuration for Linux NISPOM Chapter 8 compliance - YoLinux Tutorial
•Sans.org: NISPOM Chapter 8 checklist [pdf]
Standards and Security Certification:
•ISACA.org - The Information Systems Audit and Control Association & Foundation
•CISA - Certified Information Systems Auditor
•COBIT - Control Objectives for Information and related Technology
Links:
•YoLinux.com security info web site list (see right hand column)
•ZedZ.net - Cryptography Archives for data and network security
•FTP directory of tools
•Purdue FTP site of tools - Index
•DFN-CERT FTP tools site - Tool descriptions/index
•Wietse's tools and papers - Coroner's toolkit, SATAN, TCP wrappers, ...
•Internet Security Systems (ISS): Database security scanner - BlackIce - commercial service
FOR MORE INFO VISIT SITE HERE:
http://www.yolinux.com/TUTORIALS/LinuxSecurityTools.html
pr masecure nyo ung server or website nyo,enjoy learning,sana makatulong s inyo to at marami din kyo matutunan...God Speed: )
Security Audit Tools:
Perform a "Security Risk Assessment" on your system with the following tools.
System Audits:
•Chkrootkit (YoLinux tutorial) - Scan system for trojans, worms and exploits.
•Root kit detection: ◦checkps - detect rootkits by detecting falsified output and similar anomalies. The ps check should work on anything with /proc. Also uses netstat.
◦Rootkit hunter - scans for rootkits, back doors and local exploits
◦
◦Rkdet - root kit detector daemon. Intended to catch someone installing a rootkit or running a packet sniffer.
•fsaudit - Perl script to scan filesystems and search for suspicious looking directories
•COPS: Computer Oracle and Password System - UNIX security checks. Programs and shell scripts which perform security checks. Checks include file and directory permissions, passwords, system scripts, SUID files, ftp configuration check, ...
•SARA - Security Auditor's Research Assistant - network security vulnerability scanner for SQL injections, remote scans, etc. (follow-on to the SATAN analysis tool)
•Tiger Analytical Research Assistant (TARA Pro) - Commercial support
Network Vulnerability Audits:
•Nessus (YoLinux tutorial) - Remote security scanner - This is my favorite security audit tool!! Checks service exploits and vulnerabilities.
•OpenVAS: Open Vulnerability Assessment System. A branch of Nessus which is more free of licensing restrictions
•Argus - IP network transaction auditing tool. This daemon promiscuously reads network datagrams from a specified interface, and generates network traffic status records
Argus 2
•InterSect Alliance - Intrusion analysis. Identifies malicious or unauthorized access attempts.
•Linuxforce: AdminForce CGI Auto Audit - CGI script analyzer to find security deficiencies.
Wireless:
•AirSnort - wireless LAN (WLAN) tool that recovers encryption keys.
•WEPCrack
Port Scanners:
Used to identify computer network services available for exploit.
•nmap - Port scanner and security scanning and investigation tool ◦NmapFe++ - GUI front-end to NMAP
◦KNmap - KDE front-end
◦pbnj - Diff nmap scans to find changes to systems on the network.
◦nmap3d - nmap post processing to 3-d VRML
◦nmap-sql - log scans to database
◦Gremwell MagicTree - processes NMap and OpenVAS output to generate a report. Requires OpenOffice.
•UnicornScan - fast portscanner
Also see onetwopunch.sh to automate UnicornScans.
•portscan - C++ Port Scanner will try to connect on every port you define for a particular host.
•pof - passive OS fingerprinting.
•Web/http scan: ◦Nikto - web server scanner. CGI, vulnerability checks. Not a stealthy tool. For security tests.
Portscanning Information:
•Art of port scanning - types of scans explained.
Network Sniffers:
Linux Tools for Network Examination.
•DSniff - network tools for auditing and penetration testing.
•Wireshark - full network protocol sniffer/analyzer
(Ethereal - legacy. Now Wireshark)
•IPTraf - curses based IP LAN monitor
•TcpDump - network monitor and data acquisition ◦VOMIT - Voice Over Misconfigured Internet Telephones - Use TCP dump of VOIP stream and convert to WAV file.
Cisco Call Manager depends on MS/SQL server and are thus vulnerable to SQL Slammer attacks.
•KISMET - 802.11a/b/g wireless network detector, sniffer and intrusion detection system.
•DISCO - Passive IP discovery and fingerprinting tool. Sits on a segment of a network to discover unique IPs and identify them.
•Yersina - Framework for analyzing and testing the deployed networks and systems. Designed to take advantage of some weakness in different Layer 2 protocols: Spanning Tree Protocol (STP), Cisco Discovery Protocol (CDP), Dynamic Trunking Protocol (DTP), Dynamic Host Configuration Protocol (DHCP), Hot Standby Router Protocol (HSRP), IEEE 802.1q, Inter-Switch Link Protocol (ISL), VLAN Trunking Protocol (VTP).
•YoLinux.com List of network monitoring tools and example tcpdump sessions
Hacker Tools:
Password crackers:
(can also be part of a vulnerability audit)
•John the Ripper - weak password detection. crypt, Kerberos AFS, MS/Windows LM, ...
•lCRACK - password hacker, dictionary, brute force incremental, ...
Exploits:
•bobkit
•woot-project
Exploit framework:
•MetaSploit - Exploit launcher, test and development tool
Other Links:
•InfoSysSec.org: Hacking howto
•Network intrusion and hacking
•hping - command line TCP/IP packet assembler/analyzer. Supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, ...
•hping2 - Can be used to performs a lot of tasks, like testing of firewall rules, (spoofed) port scanning, ...
Security Infrastructure Software Tools:
•Sentry Tools: Port Sentry, Log Check, Host Sentry - attack detection and defense ◦PortSentry: basic theory - Part 1 - Part 2
◦YoLinux.com Tutorial: Portsentry installation and use
•YoLinux.com Tutorial: Tripwire installation and use
•tripwire - File system data integrity checking tool
•SNORT - intrusion detection and prevention. Rules to inspect and detect anomaly signatures.
•Bastille-linux - Hardening perl scripts to lock down a system and increase its security. Can perform an assessment of a system's configuration (bastille --assess). It queries the administrator as to the expected level of security expected for various system components and then configures the system (./InteractiveBastille).
•Kali Linux - Bootable live CD Linux distro preconfigured for penetration testing.
•CipherDyne.com: PSAD - analyzes iptables log messages to detect port scans and other suspicious traffic.
•IPPL - IP packet logger. Log anomalies
•Kerberos - secure authentication
•deslogin - remote login. SSH is more popular.
•YoLinux.com Tutorial: SSH server configuration and use
•Secure connections SSH (shell) and SSL (socket layer): ◦OpenSSH - Open Source version - Requires :
OpenSSL - Secure Socket Layer ◦SSH.com - Commercial versions SSH1 and SSH2
◦ SSH FAQ - Frequently Asked Questions
◦MS/Windows clients:
PuTTY - Telnet, SSH, SCP, SFTP client Tera Term •TCP wrappers - Wietse Venema
•YoLinux.com iptables tutorial
•rsaeuro - cryptographic toolkit
•Pretty Good Privacy (PGP) - encryption
Commercial Vendors:
•RSA Security - Encryption and secure commerce.
•CRYPTOCard authentication servers
•CryptoHeaven - Secure online storage, file sharing and distribution, email, instant messaging. Free Linux client but it is a commercial for fee service. (less than 2MB storage is free)
•Tiger Analytical Research Assistant (TARA Pro) - Texas A+M Tiger Commercial support
•TIS: Trusted Informations Systems Inc. - [download] - TIS Internet firewall toolkit
•Tripwire Security Systems - Intrusion detection
•CA (Computer Associates): eTrust Compliance - Vulnerability assessment, security policies, audit and correction.
•Labatam: Secure X-Server Encryption
Online Web Based Tools:
•Clackcode.com: security scan
•HackerTarget.com: online vulnerability tests
•AutomatedScanning.com - commercial service
Software Updates and Security fixes:
•Red Hat Security fixes and Errata
•Red Hat Enterprise Linux security updates
•Fedora security advisories and package updates
•Ubuntu security notices
•Debian security information
•SUSE Linux Enterprise Security
Forensic and Data Recovery Tools:
•Basic Steps in Forensic Analysis of Unix Systems - a case study
•GIIS ext3/ext2FS file undelete tool.User can recover files by it's name or type or by its owner. Can't recover the files deleted before installation of giis.
•Why Recovering a Deleted Ext3 File Is Difficult
•Commercial Linux data recovery tools - list
Anti-Virus Software:
This has typically been the domain of the Microsoft Windows and Outlook products and NOT Linux but Linux administrators running SAMBA file servers often must be aware of these viruses. There are according to Symantec 68 Linux specific viruses and worms including the Ramen worm which attempts to attack unpatched rpc.statd, wuftpd, and LPRng.
Anti-Virus products:
•F-Secure.com ◦Anti-Virus for File Servers
◦Anti-Virus for Desktops and Laptops
•Kaspersky Lab - Workstation/Server/eMail gateway protection
•Sophos.com ◦Endpoint Security and Control: Anti-Virus and anti-spyware for Unix/Linux
◦SOPHOS Anti-virus - Sophos Anti-Virus for Linux
◦eMail security
•Grisoft.com ◦AVG Anti-Virus Linux E-mail Server Edition
•Symantec.com ◦Mail-Gear: (up to and including version 1.2.x)
◦Antivirus client for Linux
•TrendMicro.com ◦Interscan VirusWall for Linux - Internet Gateway - detect/scan SMTP, HTTP and FTP
•ClamAv.net - Clam anti-virus. Open source virus protection for mail servers.
Virus info:
•CERT.org - Carnegie Mellon University's Software Engineering Institute - security vulnerability research.
•ICSA.net - Anti-virus / Anti-spyware / Anti-spam Product Developers Consortium
•Symantec security response - commercial security support
•Threat Explorer - real and hoaxes
Virus email alert:
•McAfee Dispatch
•Symantec Security Response Newsletter
Attacks:
•SYN packet manipulation: ◦SYN flood Description
◦SYN Cookie
•Smurf DOS: ◦ISS.com: Description
•IRC (Internet Relay Chat) Client attacks: ◦IIS.com: Description
•Service attacks: ◦Buffer Overflow attacks
•Session Hijacking: ◦IIS.com: Descriptions
•ARP Cache poisoning: ◦Wireless Attacks Threaten Wired Networks
Honeypots:
How to bait and catch the evil hackers:
•honeyd
•Honeynet.org - The honeynet project
DoD/DoE NISPOM Chapter 8 computer security configuration for Linux:
NISPOM (National Industry Security Program Operating Manual) chapter 8 is a computer security requirement developed by the US DoD (Department of Defense - US) and DoE (Department of Energy) and published by the DSS (Defense Security Service) which US defense contractors are required to meet when processing classified data on computers in a classified environment. Linux as issued by major distros defaults do not meet this requirement. Use the following software packages/configurations:
1.Use central authentication server (LDAP or NIS) with the proper security policies. See YoLinux LDAP authentication tutorial.
2. Meet reporting requirements: This auditing and reporting requirement can be met using Snare. This requires a kernel patch (or use of one of the kernels [RHEL3 or RHEL4] downloaded from the Snare home page.) and the running of a Snare audit daemon. It meets C-2 reporting requirements and records logins/logoffs, file and directory access, access denial, ...
Newer Linux distributions running auditd (RHEL4, FC3+) can get compliant results.
Intersect Alliance: Snare project. For more aggressive reporting requirements, see Computer Associates eTrust Security Information Management.
3. Grant admin privileges without giving root password. Granular delegation of root privileges. File and directory access control. Symark.com: PowerBroker
4.Virus scanner. (See above list)
Links: •Configuration for Linux NISPOM Chapter 8 compliance - YoLinux Tutorial
•Sans.org: NISPOM Chapter 8 checklist [pdf]
Standards and Security Certification:
•ISACA.org - The Information Systems Audit and Control Association & Foundation
•CISA - Certified Information Systems Auditor
•COBIT - Control Objectives for Information and related Technology
Links:
•YoLinux.com security info web site list (see right hand column)
•ZedZ.net - Cryptography Archives for data and network security
•FTP directory of tools
•Purdue FTP site of tools - Index
•DFN-CERT FTP tools site - Tool descriptions/index
•Wietse's tools and papers - Coroner's toolkit, SATAN, TCP wrappers, ...
•Internet Security Systems (ISS): Database security scanner - BlackIce - commercial service
FOR MORE INFO VISIT SITE HERE:
http://www.yolinux.com/TUTORIALS/LinuxSecurityTools.html
Thankyou po
