Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.
- Create BookmarkCreate Bookmark
- Create Note or TagCreate Note or Tag
- DownloadDownload
- PrintPrint
Part V: Appendixes > Other Useful Linux Security Tools
Appendix C. Other Useful Linux Security Tools
The following appendix provides links to various Linux security and system administration tools. Some are essential, some are merely interesting, but nearly all are free.
Tool or Resource: Abacus Project
URL: http://www.psionic.com/abacus/
Description: The Abacus Project offers several tools for logging, intrusion detection, and general system management. Of these, the most interesting is HostSentry. Its author describes it as a host-based login anomaly detection and response tool. Other Abacus Project tools analyze logs and defend against port scan attacks in real-time.
URL: http://www.acme.com/java/software/Package-Acme.Nnrpd.html
Description: Acme.Nnrpd is a newsagent written in Java. Although it's not strictly a security tool, Acme.Nnrpd allows you to read Net news through a firewall. (Warning: To access the full features of this tool, you need to run it root on port 119.)
URL: ftp://ADM.isp.at/ADM/ADMsmb-v0.2.tgz
Description: ADMsmb is a network scanner that detects Windows shares (SMB). This is useful when you have a Windows/Linux network.
Keywords: Network monitoring and logging
Notes: Requires libpcap and tcp_wrappers.
URL: http://ciac.llnl.gov/ciac/ToolsUnixNetMon.html#Argus
Description: Argus is a generic IP network transaction auditing tool that performs network monitoring.
Keywords: Network troubleshooting and analysis
URL: ftp://ftp.inr.ac.ru/ip-routing/iputils-current.tar.gz
Description: arping is a set of network diagnostic tools, such as an enhanced replacement for traceroute.
Tool or Resource: Basic Merit AAA Server
Keywords: Network authentication
Notes: Be sure to read the license.
URL: http://www.merit.edu/aaa/
Description: The Merit Authentication Server is a full-fledged RADIUS implementation. (Planning on starting a small ISP?) Mind the licensing here: It's freely available, but not for redistribution.
Keywords: Network analysis and monitoring
Notes: Requires Perl 5.004+ and Net::Ping and Net::Telnet.
URL: http://www.bsb-software.com/download/bsb-monitor
Description: BSB-Monitor monitors your network and automatically generates HTML output. Good for when you need to monitor happenings from afar.
Keywords: File integrity checking
URL: ftp://ftp.buici.com/pub/bsign/
Description: bsign offers file integrity verification via digital fingerprints.
Notes: Requires Sun's Java SDK or Runtime Environment.
URL: http://www.besiex.org/ByProxy/
Description: ByProxy, a radical anti-SPAM, anti-anything-and-almost-everything filter/proxy, allows you to tailor your wire, including WWW, email, IRC, and so on.
Keywords: Network analysis and visualization
URL: http://www.marko.net/cheops/
Description: cheops is a complex network utility-integration tool that offers network visualization. In some respects, it resembles Unicenter TNG. (Hard to describe. Check it out.)
URL: http://sites.inka.de/sites/bigred/devel/cipe.html
Description: A Crypto IP Encapsulation project. This site offers a protocol that passes encrypted packets between prearranged routers in the form of UDP packets. Reportedly, it's not as flexible as IPSEC, but quite adequate for securing garden-variety network traffic.
Tool or Resource: Cistron RADIUS server
Keywords: Network user authentication and administration
URL: http://home.cistron.nl/~miquels/radius/
Description: A free, industrial-strength, Livingston-style RADUIS server (without S/Key support) for Linux networks running Livingston Portmasters, or Ascend routers and perhaps others.
URL: http://www.panservice.it/cold/
Description: COLD is a protocol analyzer that can monitor various interfaces, including ISDN, PPP, Token Ring, standard loop back, and standard Ethernet.
Keywords: Network and host analysis and troubleshooting
URL: http://www.trouble.org/cops/
Description: The famed Computer Oracle and Password System is a suite of tools that can automatically detect configuration problems or holes in your system. Although COPS is now antiquated, it's still quite relevant and useful, offering password checking, SUID/SGID searches, file integrity via CRC checking, path and file config checking, and so on.
Notes: This package requires Java.
URL: http://www.hi.is/~logir/logi.crypto/
Description: Cryptonite is a Java library for using strong encryption in Java applications (version 1.1).
URL: http://www.bifroest.demon.co.uk/ctc/
Description: CTC is a freeware PGP-interoperable encryption software package.
Notes: Known to work well with Red Hat 5.1 and perhaps others.
URL: http://www.inet.no/dante/
Description: Dante is a circuit-level firewall/proxy that can be used to provide convenient and secure network connectivity to a wide range of hosts, while requiring only that the server Dante runs on have external network connectivity. (Dante is a free SOCKS implementation, essentially.)
Tool or Resource: Deception Tookit
Keywords: Intrusion detection and disinformation
URL: http://all.net/dtk/download.html
Description: In recent years, there's been much research on the practice of deception, or deceiving attackers by electronically emulating other operating systems and/or vulnerabilities that don't actually exist. The Deception Toolkit offers tools to do just that.
Keywords: Network and firewall administration
URL: http://wall.etl.go.jp/delegate/
Description: DeleGate is an application-level gateway (or a proxy server).
Keywords: Network monitoring and security
URL: http://members.tripod.com/~robel/dni/dniadm.html
Description: Using DNI, you can set packet filtering rules via a Web page. Although this could cause security vulnerability when used from remote sites (some of DNI is implemented through JavaScript, and the transmission is not encrypted), it can be quite useful for testing in an intranet setting.
Notes: Requires Perl 5.003+ and the Net::DNS module.
URL: http://www.cis.ohio-state.edu/~barr/dnswalk/
Description: dnswalk is a tool for automatically debugging DNS databases. It works by initiating a zone transfer of a current zone, inspecting individual records for inconsistencies with other data, and generating warnings and errors.
Notes: 3Com 3c505 Etherlink+ or wavelan cards will not work.
URL: http://drawbridge.tamu.edu/
Description: DrawBridge is a BSD-based firewall with source included. It is possible to use DrawBridge on Linux (with effort), but DrawBridge's main value is that it comes with source and you can learn how firewalls are developed.
Tool or Resource: The EDGE Router Project
URL: http://edge.fireplug.net/
Description: The Edge Router suite can turn a minimally configured consumer PC into a standalone Internet firewall, complete with address translation, proxying, and IP packet forwarding (and naturally, it is implemented on Linux).
URL: ftp://ftp.replay.com/pub/crypto/crypto/SSLapps/
Description: edssl is a Secure Sockets Layer (SSL) proxy with multiple uses. For example, you can use it to wrap Lynx traffic in SSL.
Notes: Requires Linux 2.0 and above.
URL: http://www.et-inf.fho-emden.de/~tobias/epan/
Description: epan is a protocol analyzer that supports Ethernet, Token Ring, SLIP, PPP, ISDN, ARCnet, and local loopback. It also supports MAC Ethernet, MAC IEEE 802.3, LLC (IEEE 802.2), SNAP, ARP, RARP, IP (including IPIP and IP-ENCAP), ICMP, IGMPv1, IGRP, TCP (including 9 TCP options), UDP, DNS (including 22 Resource Records), SUN RPC, TFTP, BOOTP/DHCP, RIPv1, RIPv2, rwho, and time.
Keywords: Network administration
Notes: Requires bootp or dhcpd, tftp, and NFS.
URL: http://www.slug.org.au/etherboot/
Description: Etherboot is a free software package for booting x86 PCs (including those running Linux) over networks.
URL: http://ethereal.zing.org/
Description: Ethereal is a protocol analyzer supporting AARP/DDP, ARP/RARP, BOOTP/DHCP, CDP, DNS, Ethernet, FTP, HTTP, ICMP, IGMP, IP/TCP/UDP, IPv6/ICMPv6, IPsec, IPX/SPX/NCP, LPR/LPD, NNTP, OSPF, POP, PPP, RIP, Token Ring, Telnet, and TFTP (and marginal SNMP support is also included).
URL: http://exscan.netpedia.net/exscan.html
Description: exscan is a port scanner in the tradition of Strobe, and it's great for quickly identifying what services are running.
Keywords: Redundancy and high availability
URL: http://linux.zipworld.com.au/fake/
Description: Fake is a redundant server switch. When one server goes down, another, similarly configured server takes its place. Since electronic commerce depends greatly on reliability (Is your site always up and available?), tools like this are invaluable. Don't want server downtime? Get Fake.
Keywords: Firewall administration
URL: http://www.fen.baynet.de/~ft114/FCT/index.html
Description: FCT is the Firewall Configuration Tool, a system you can use to manage firewalls in large networks. It offers many configuration options, firewall rule testing, and so on.
Keywords: Database administration and programming
Notes: You need Sybase or Microsoft SQL.
URL: http://metalab.unc.edu/freetds/
Description: Free Tabular DataStream package. Tabular DataStream is a client-to-database server protocol in SyBase and Microsoft SQL database implementations.
Keywords: Privacy and encryption
Notes: See RFC 2440: http://www.d.shuttle.de/isil/gnupg/rfc2440.html.
URL: http://www.d.shuttle.de/isil/gnupg/
Description: GNUPG is the GNU Privacy Guard, an open source OpenPGP compatible encryption system. OpenPGP provides data integrity services for messages and data files by using digital signatures, encryption, and compression.
URL: http://www.ozemail.com.au/~peterhawkins/gnusniff.html
Description: Gnusniff is a sniffer for Linux.
Tool or Resource: gPGPshell (now called Geheimnis)
Keywords: Encryption and privacy
URL: http://www.dimensional.com/~cwiegand/linux/gpgpshell.html
Description: Geheimnis is a PGP shell for the K Desktop Environment. It is functionally quite similar to the free PGP Keys application for Windows and Windows NT. Geheimnis makes it very easy to author and encrypt documents, manage PGP keys, and so on.
URL: http://www.kyuzz.org/antirez
Description: hping is a network scanner that uses spoofed packets. (And therefore obscures its source address. Hmmm…)
Tool or Resource: Hummer from the Hummingbird Project
Keywords: Intrusion detection and network monitoring
Notes: Newer releases may require Java.
URL: http://www.cs.uidaho.edu/~hummer/
Description: Hummer is a complex tool that lets you distribute security and intrusion detection information between several hosts. It can therefore be used to detect sophisticated attacks where multiple attackers and targets are mixed and matched. Attackers are now using such sophisticated attacks to obscure their activity, spreading it across several hosts from several source addresses. Because the resulting logs are not unified, such attacks are difficult to pinpoint or identify. Hummer works in cross-host environments and is one potential solution. It can class hosts into hierarchies and groups and reduce the cloud factor in analyzing results. Hummer is to regular intrusion detection tools what C++ is to C—a step forward.
Notes: Requires Linux 2.0.35+, GlibC 2.0.7 with LinuxThreads.
URL: http://www.cri.cz/kra/index.html
Description: Hunt is a work-in-progress exploit suite that exploits well-known holes in TCP/IP but takes things a step further, offering many functions that aren't available in most free attack tools.
URL: http://www.angio.net/security/
Description: icmpquery is a tool for sending and receiving ICMP queries for address mask and current time.
Description: ident2 is an Identity/AUTH server for Linux.
Tool or Resource: The Internet Junkbuster
URL: http://internet.junkbuster.com/
Description: The Internet Junkbuster is a proxy that blocks unwanted banner ads and protects your privacy from cookies and other threats.
Keywords: Firewalling and packet filtering
Notes: Works on Linux 2.0.31+ on non-glibc systems.
URL: http://cheops.anu.edu.au/~avalon/ip-filter.html
Description: IP Filter is an advanced TCP/IP packet filter suitable for use in firewall environments. You can use it as a loadable kernel module or incorporate it into your kernel. IP Filter sports a staggering number of options (including filtering of fragmented packets, an issue at the heart of many denial-of-service attacks).
Keywords: Network accounting and analysis
Notes: Requires Perl 5 and ipfwadm or ipchains.
URL: http://www.comlink.apc.org/~moritz/ipac.html
Description: IPAC is a Linux IP accounting package that supports ASCII and graphical mapping. Although IPAC is not strictly a security tool, in certain instances it can be useful in a security context. IPAC monitors IP traffic and graphs out this information. Using IPAC, you can perform traffic analysis and perhaps discover unwanted activity.
Tool or Resource: ipfwadm dotfile module
Keywords: Filtering, firewalls, and IP masquerading
Notes: Requires X, Tcl/Tk, and IP firewalling enabled.
URL: http://www.wolfenet.com/~jhardin/ipfwadm.html
Description: The ipfwadm dotfile module makes IP masquerading and firewalling on a small network easier for Linux users who aren't professional network administrators.
Keywords: Network monitoring and analysis
URL: http://www.xnet.com/~cathmike/MSB/Software/
Description: ipgrab is a packet-sniffing tool, based on the Berkeley packet capture library, that prints complete data-link, network, and transport layer header information for all packets it sees.
Keywords: Network monitoring and logging
Notes: Requires libc and the pthread library.
URL: http://www.via.ecp.fr/~hugo/ippl/
Description: ippl is a multi-threaded tool that logs incoming IP packets. You can establish rules for which packet types you'd like to filter.
Notes: Require Linux 2.2.0+, libc 5, and a terminfo database.
URL: http://cebu.mozcom.com/riker/iptraf/
Description: IPTraf is a console-based network statistics utility that gathers TCP connection packet and byte counts, interface statistics and activity indicators, and TCP/UDP traffic.
URL: http://www.tummy.com/isinglass/
Description: Isinglass consists of tools to create a firewall for dialup machines. Because most Linux users are newcomers (and they probably surf using ppp connections), Isinglass is perfect for the home user. It protects against attackers that find your dynamic IP and attack your machine.
Keywords: Network administration and filtering
URL: ftp://franz.ww.tu-berlin.de/pub/authors/id/JWIED/Mail-ispmailgate-1.000.tar.gz
Description: IspMailGate is a general-purpose filtering agent for sendmail. Its filters are implemented as modules, and the tool is therefore extensible. Current modules offer automatic compression and decompression, encryption, decryption, and certification with PGP or virus scanning.
Keywords: Network monitoring and analysis
URL: http://ita.ee.lbl.gov/html/software.html
Description: The Internet Traffic Archie. Here, you'll find several utilities that clean or otherwise improve tcpdump trace files (like hiding confidential data in them). tcpdump is a network-monitoring tool that dumps packet headers from the specified network interface. It's useful for diagnosing network problems and forensically examining network attacks. It's also highly configurable: You can specify which hosts to monitor, as well as which kind of traffic and which services.
Tool or Resource: Juniper Firewall Toolkit
Notes: The full install is a commercial product.
URL: http://www.obtuse.com/juniper/
Description: The Juniper Firewall Toolkit works on dual-homed bastion hosts that don't forward packets between interfaces. Juniper implements transparent proxy facilities to allow machines on internal, unrouted networks to transparently access the Internet as if they were directly connected.
URL: http://mojo.calyx.net/~btx/karpski.html
Description: K-Arp-Ski is a network mapper and misuse detector with many nice amenities. For example, it quickly gathers all known IP addresses on your network, tracks TCP connections via MAC addresses, identifies the NIC vendor of each card, and does many other things.
URL: http://www.mtco.com/~whoop/ksniff/ksniff.html
Description: Ksniff is a work-in-progress GUI for sniffers (in this case Sniffit, but you could easily use others).
Keywords: File integrity checking (ala TripWire)
Notes: Uses MD5-1.7 and SHA-1.2 Perl modules. You need Perl.
URL: http://www.pgci.ca/l6.html
Description: The L6 program generates unique 128-bit (MD5) or 160-bit (SHA-1) cryptographic message digest values derived from file content. Each value is a highly reliable fingerprint that can be used to verify file content integrity.
Keywords: Network and user administration
URL: http://linux.uhw.com/software/lanlord/index.html
Description: Lanlord tracks Dynamic Host Configuration Protocol (DHCP) client leases. DHCP allows your Linux system to relay vital network information to incoming clients. Users needn't know their IP address, default gateway, or subnet masks before logging in because DHCP does it all for them. Essentially, DHCP is a way to cut down on tech support calls. Inexperienced users often get confused when configuring their network settings, so they bother you. With DHCP, setup is done automatically in the background. Many ISPs use DHCP.
Keywords: Network administration
URL: http://www.umich.edu/~dirsvcs/ldap/
Description: Important information about (and a tool for) Lightweight Directory Access Protocol.
Tool or Resource: LDAP for Linux
Keywords: Network administration
Description: A project for integrating LDAP and SSL to provide secure next-generation network directory services architecture to replace Network Information Service (NIS).
Tool or Resource: The Linux Free S/WAN Project
Keywords: Network encryption and privacy
URL: http://www.flora.org/freeswan/
Description: The Free S/WAN project aims to provide encrypted traffic for the Internet using IPSEC, ISAKMP/Oakley, and DNSSEC using PCs and freely available software. To learn how the S/WAN project came about, go to http://www.toad.com/gnu/swan.html.
Tool or Resource: Linux IP-NAT Forum
URL: http://www.csn.tu-chemnitz.de/HyperNews/get/linux-ip-nat.html
Description: Linux IP Network Address Translation forum.
Tool or Resource: Linux Router
Keywords: Network administration and routing
URL: http://www.linuxrouter.org
Description: Linux Router is a networking-centric mini-distribution of Linux. LRP fits on a single 1.44MB floppy diskette and simplifies the process of building and maintaining routers, terminal servers, and embedded networking systems.
Tool or Resource: Linux Virtual Server
Keywords: Network high availability, virtual servers
URL: http://proxy.iinchina.net/~wensong/ippfvs/
Description: This site presents papers about (and tools to create) a Linux virtual server. The argument is that expensive hardware upgrades to a beefed-up single server may not necessarily be the answer to heavy network loads. Instead, the Linux virtual server allows you to create a virtual server that issues requests to multiple boxes. To outsiders, it appears a though they're dealing with a single server. However, behind the scenes, the virtual server can consist of many machines, thus ensuring reliability, redundancy, survivability, and, most importantly, 24-hour availability. A load balancer manages the virtual server.
Keywords: Network logging and auditing
URL: http://www.psionic.com/abacus/logcheck/
Description: Logcheck is one component of the Abacus Project and processes logs generated by the Abacus Project tools, system daemons, TCP Wrapper, logdaemon, and the TIS Firewall Toolkit.
Keywords: Network logging, auditing, and intrusion detection
URL: http://www.cert.dfn.de/eng/team/wl/logsurf/
Description: logsurfer monitors text-based logfiles in real-time. It differs from its counterparts in that it handles multi-line patterns and substrings (and can identify multiple significant events on a single line). As a result, logsurfer often returns much more detailed information.
Keywords: Firewall administration
URL: http://www.pobox.com/~wstearns/mason/
Description: Mason is an intelligent firewall tool. It interactively builds a firewall using Linux' ipfwadm or ipchains firewalling. You leave Mason running on the firewall machine while make all the kinds of connections that you want the firewall to support (and to block). Mason gives you a list of firewall rules that allow and block those exact connections.
Keywords: Firewall administration and management
Notes: Comes with a binary distribution.
URL: http://www.els.url.es/~si03786/masq.html
Description: masq offers local and remote firewall administration, user authentication, and masquerading management.
Tool or Resource: Mig's RADIUS Labs
Keywords: RADIUS administration
Notes: Requires Perl 5 and mgetty.
URL: http://home.iphil.net/~map/radius/
Description: Linux RADIUS resources.
Keywords: Network encryption and privacy
URL: http://www.mindbright.se/mindterm
Description: MindTerm is a Java-based Secure Shell (SSH) client that can run standalone or within a Web browser. The package also offers tools to incorporate SSL into future applications.
Description: Muffin is a Java-based filtering system for HTTP. It can remove cookies, kill GIF animations, remove advertisements, add, remove, or modify arbitrary HTML tags, remove Java applets, remove JavaScript, and much more.
Keywords: Encryption and privacy
Notes: Requires sound support (VoxWare).
URL: http://www.lila.com/nautilus/
Description: Nautilus allows two parties to hold a secure voice conversation over TCP/IP networks (including the Internet).
Notes: Requires gtk (for the GUI).
Description: Nessus is a highly extensible network scanner for Linux (as well as Windows 95 and NT). Nessus sports a nice GUI and comes with many, many exploit plug-ins. You can easily incorporate new exploits, too.
Notes: Requires Perl 5.004+ and libpcap
URL: http://quake.skif.net/RawIP/
Description: Net::RawIP is a Perl module for manipulating raw IP packets. (It also has an optional feature for manipulating Ethernet headers.)
Keywords: Networking and administration
Notes: The client box should have a NIC with a 32KB+ bootrom.
URL: http://www.han.de/~gero/netboot.html
Description: This package allows a diskless PC to boot an operating system using an IP-based Ethernet network (even without a floppy diskette, in some cases). netboot currently supports Linux and DOS.
Description: netcat is a network analysis, debugging, and automation tool that reads and writes data across over connections using TCP or UDP. netcat is extremely versatile and has many features that make it an indispensable networking tool.
Keywords: Network monitoring and auditing
Notes: This package requires ANSI C support.
URL: http://net.tamu.edu/ftp/security/TAMU/netlog.README
Description: netlog is a collection of network monitoring and logging utilities (tcplogger, udplogger, netwatch, and extract). netlog can log all TCP connections (and UDP sessions) on a subnet and provide real-time monitoring and reporting.
Notes: Some versions are not for foreign export.
URL: http://web.purplefrog.com/~thoth/netpipes/netpipes.html
Description: netpipes makes TCP/IP streams usable in shell scripts and simplifies client/server code, allowing programmers to skip tedious socket routines and instead concentrate on writing filters or services.
Keywords: Network monitoring and analysis
URL: ftp://ftp.slctech.org/pub/
Description: netwatchis a network monitor. Output is color-coded based on time—red for events in the past minute, yellow for those in the past five minutes, and green for those older than 30 minutes. A nifty tool.
Notes: If you don't have gtk, get the statically linked binary.
URL: http://www.insecure.org/nmap/
Description: nmap (the Network Mapper) is a comprehensive network analysis and scanning utility. In addition to network mapping, it also supports all known scanning techniques—behind firewalls, stealth scanning, half-open connection scanning, UDP scanning, ICMP scanning, remote OS identification, and so on.
Tool or Resource: NRL IPv6+IPsec Software Distribution
Notes: You need Linux 2.1+ and Linux source installed.
URL: http://www.ipv6.nrl.navy.mil/
Description: NRL IPv6+Ipsec is the IPSEC implementation from The Internet Security Technology project at the U.S. Naval Research Laboratory (NRL).
URL: http://www.freiburg.linux.de/OpenBIOS/
Description: OpenBIOS is a project to create an open source PC BIOS.
Keywords: Network administration and development
Notes: On Dec Alphas (64-bit), performance is slightly degraded.
Description: The OpenLDAP Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and open source LDAP suite of applications and development tools.
Notes: This package requires ANSI C and termios support.
URL: http://www.ipv6.nrl.navy.mil/ist/otp/
Description: OPIE is One Time Passwords in Everything, a one-time password implementation with MD5 support. (OPIE is similar in design to S/Key.)
Keywords: Encryption and privacy
URL: http://www.dstc.qut.edu.au/MSU/projects/pki/
Description: Oscar (the Open Secure Certificate Architecture) is a Public Key Infrastructure (PKI) prototype. It consists of a C++ library and a number of command-line tools for setting up certification authorities and using PKI technology. (In public key cryptography, public keys are stored at a central server for verification. Oscar is one implementation for establishing such a server.)
Keywords: Encryption and privacy
Notes: There are export restrictions on this tool.
URL: http://www.pgp.com/products/pgp-fone.cgi
Description: PGPfone offers eavesdropping-proof modem-to-modem communication via PGP.
Keywords: Network administration
Notes: Requires make, flex, bison, and rx (in addition to C).
URL: http://pikt.uchicago.edu/pikt/
Description: PIKT is the Problem Informant/Killer Tool, which monitors multiple workstations for problems and, if appropriate, automatically fixes those problems. Example problems include disk failures, log failures, queue overflows, erroneous or suspicious permission changes, and so forth.
URL: http://www.taronga.com/plugdaemon.shar
Description: plugdaemon is a proxy tool that redirects TCP/IP connections from one port on one host to a user-specified port on another. It also logs this traffic.
Notes: Requires Perl 5+ and modules.
URL: http://www.megacity.org/pong3/
Description: Pong3 is a network monitoring tool that handles HTTP, Telnet, FTP, POP3, SMTP, SSH, and IMAP (among other things).
Notes: Requires RSA and DES libraries.
URL: http://www.devolution.com/~slouken/projects/ppptcp/
Description: A peer-to-peer IP tunnel program that runs a PPP connection over an arbitrary TCP port.
Keywords: System administration
URL: http://www.psn.ie/psntools/
Description: System administration tools for handling accounts, passwords, and quotas en masse.
URL: http://apostols.org/projectz/queso/
Description: QueSO identifies remote host operating systems by sending custom packets and analyzing the response received.
Notes: This package requires Java.
URL: http://www.nada.kth.se/projects/prup98/web_proxy/
Description: RabbIt is a Java-based proxy for HTTP that filters out advertisements, images, and other unwanted materials. (It also has caching and image compression.) The authors indicate that RabbIt can significantly speed Web browsing on slow connections.
Keywords: Network administration
Notes: The end-point server can't identify the source address.
URL: http://www.boutell.com/rinetd/
Description: rinetd redirects TCP connections from one IP address and port to another and offers deny/allow control rules.
Keywords: Enhanced access control
Notes: Don't install this unless you have a lot of Linux experience.
URL: http://agn-www.informatik.uni-hamburg.de/people/1ott/rsbac
Description: RSBAC is Rule Set Based Access Control. This tool deploys very advanced technology to bolster access control. When users request access to a given resource, a central decision component queries all active decision modules. Together, these modules decide whether to grant access or not.
Notes: This package requires Perl.
URL: http://www.wwdsi.com/saint/
Description: SAINT is the Security Administrator's Integrated Network Tool, a network and system scanner that gathers information on remote hosts and services including finger, NFS, NIS, ftp and tftp, rexd, statd, and other services.
Notes: SATAN requires Perl 5.0+.
URL: http://www.fish.com/~zen/satan/satan.html
Description: SATAN is a scanner utility that will probe your host for possible security weaknesses. If SATAN finds such a weakness, it offers you a tutorial that explains the hole's impact and how to fix it.
Tool or Resource: SDDB and the Cisco Print System
Keywords: Network printing administration
URL: http://www.tpp.org/CiscoPrint/
Description: This tool allows you to manage network printing on massive networks. Originally written at Cisco and used with some 1,600 printers, this system allows various printing systems to share network configuration information, thus solving many network printing woes. Print servers update all their counterparts within 30 seconds to a minute via UDP. This system is very cool and can be a system administrator's best friend.
Tool or Resource: Shadow Project and step
Notes: Requires SSH, tcpdump, libpcap, and Apache.
URL: http://www.nswc.navy.mil/ISSEC/CID/
Description: This site houses documentation and tools for an innovative new intrusion detection system. It differs from its predecessors in that detection occurs in real-time by traffic analysis, instead of the typical log content analysis. In the long run, this brings big gains because often you're alerted to (and can circumvent) attacks before they actually amount to anything.
Tool or Resource: SINUS Firewall
Keywords: Firewall administration and deployment
URL: http://www.ifi.unizh.ch/ikm/SINUS/firewall/
Description: The SINUS Firewall is a free TCP/IP packet filter for Linux and provides most functions available in commercial firewalls. It is reportedly robust and reliable (the authors reported an uninterrupted run of 12 months without a crash). SINUS is great if you are studying firewalls or considering writing one.
Tool or Resource: Socket Script
Keywords: Network programming.
Notes: An ELF binary distribution is available.
URL: http://devplanet.fastethernet.net/sscript.html
Description: Socket Script is a new scripting language for easily making network-oriented applications. It obviates the need to learn socket routines. This package is good for building small, simple network applications.
Keywords: Network administration
Notes: Debian offers ready-made Squid packages.
URL: http://squid.nlanr.net/Squid/
Description: The Squid Internet Object Cache offers high-performance proxy caching for Web clients, and supports FTP and Gopher as well.
Keywords: Network administration
Notes: Requires Python 1.5 or better.
URL: http://www.pobox.com/~mnot/squij/
Description: Squij works with Squid. It's a program that looks at Web Proxy logfiles in Squid format and gives you information about how objects in the cache are accessed.
Tool or Resource: SRP Telnet and FTP
Keywords: Network encryption and authentication
Notes: Requires GNU MP + Cryptolib 1.1 (see site for details).
URL: http://srp.stanford.edu/srp/download.html
Description: SRP stands for the Secure Remote Password protocol, a new mechanism for performing secure, password-based authentication and key exchange over any type of network. At the moment, a secure Telnet and FTP distribution is available. However, I suspect that SRP may be plugged into many other network applications.
URL: http://www.psy.uq.edu.au:8080/~ftp/Crypto/
Description: ssleay is a free implementation of Netscape's Secure Socket Layer, the software encryption protocol behind the Netscape Secure Server and the Netscape Navigator Browser. It provides encryption for sessions between Web clients and servers.
Notes: Requires ssleay or RSA's RSAREF (see site for details).
URL: http://www.rickk.com/sslwrap/sslwrap.tar.gz
Description: sslwrap is a simple UNIX service that sits over any simple TCP service, such as POP3, IMAP, or SMTP, and encrypts all of the data on the connection using TLS/SSL. It uses ssleay to support SSL version 2 and 3. It can also encrypt data for services located on another computer.
Notes: Requires ANSI C support and ssleay.
URL: http://mike.daewoo.com.pl/computer/stunnel/
Description: stunnel is an SSL encryption wrapper between a remote client and a local (inetd-startable) or remote server. The concept is that with non-SSL aware daemons running on your system, you can easily set them up to communicate with clients over a secure SSL channel. Essentially, stunnel is a generic SSL wrapper that you can use to add SSL functionality to popular daemons without altering their source code.
Keywords: Network monitoring and logging
URL: ftp://ftp.ee.lbl.gov/tcpdump.tar.Z
Description: tcpdump is a network-monitoring tool that dumps packet headers from the specified network interface. It's useful for diagnosing network problems and forensically examining network attacks. tcpdump is highly configurable: you can specify which hosts to monitor, as well as what kind of traffic.
Keywords: Network and host analysis
URL: http://net.tamu.edu/ftp/security/TAMU/tiger.README
Description: tiger is a set of scripts that scan your system looking for security problems, in the same fashion as COPS. This is an older package, written for UNIX, but it's a good one.
URL: http://www.ninsei.com/tinyproxy/
Description: tinyproxy is a small, non-caching HTTP proxy suitable for use on small networks where a larger caching HTTP proxy, such as squid, might be impractical or a security hazard. tinyproxy has many nice features, including an ANON option where it doesn't send headers to remote servers.
Keywords: Network administration
URL: http://www.mmedia.is/~bre/tircproxy/
Description: tircproxy is a proxy to help IRC users who are not directly connected to the Internet, but are behind a firewall based on Linux or some other UNIX variant. (You can use this yourself, maybe, but I don't know about giving your users access to it.)
Keywords: Network and host analysis
URL: http://www.trouble.org/titan/
Description: Titan is a collection of programs that fix or tighten one or more potential security problems arising from configuration of a UNIX system. Titan's author wrote it in the Bourne shell, and it is therefore easily understandable and extensible.
URL: http://www.ilogic.com.au/~dmiller/traffic-vis.html
Description: traffic-vis is a network monitoring tool with data visualization.
Keywords: Network security, monitoring, and troubleshooting
Description: Trinux is a compact Linux system that fits on floppies and offers secure network monitoring and management. It offers and supports many common security tools. It runs with very meager resources (386 with 12MB RAM). Trinux is great for economical network troubleshooting.
Keywords: Network administration
URL: http://www.ece.ucdavis.edu/ucd-snmp/
Description: Auxiliary tools for the Simple Network Management Protocol.
Keywords: Network administration
URL: http://sunsite.unc.edu/pub/Linux/system/network/misc/
Description: uredir is a UDP redirector. It redirects UDP packets coming in on a port to another port on another machine.
Keywords: Network encryption and privacy
URL: http://www.inka.de/sites/bigred/sw/
Description: usocksd is a small SOCKS5 server, not for hosts or networks but for individual users and their workstations. (The SOCKS protocol establishes a secure proxy data channel between two computers in a client/server environment.)
URL: http://www2.crosswinds.net/nuremberg/~anstein/unix/vpnd.html
Description: vpnd is a daemon that connects two networks on the network level either via TCP/IP or a virtual leased line attached to a serial interface. All data transferred between the two networks is encrypted using the Blowfish. Essentially, this is a Linux VPN solution.
Notes: Requires Perl 5.004+ and SSH.
URL: http://www.strongcrypto.com/
Description: VPS (Virtual Private Server) is a free, Linux-based VPN solution for connecting disparate networks securely over the Internet.
Keywords: Privacy and filtering
Notes: Works with CERN's Web server.
URL: http://math-www.uni-paderborn.de/~axel/NoShit/
Description: WebFilter is a powerful Web proxy for filtering out unwanted material (such as advertisements).
Keywords: Network monitoring and intrusion detection
URL: http://www.vcpc.univie.ac.at/%7Etc/tools/
Description: WOTS is a tool for monitoring logging output from multiple sources, and then generating actions and reports based on what is found in these logs (If you find this, do this).
URL: http://www.gedanken.demon.co.uk/wwwoffle/index.html
Description: The WWWOFFLE system simplifies World Wide Web browsing from computers that use intermittent (dial-up) connections to the Internet.
Keywords: X11 traffic administration
URL: http://verdict.uthscsa.edu/gram/xgate/index.html
Description: Xgate is a client/server system that creates a single TCP connection acting as a gateway between remote X11 clients and your local X11 server. It has some very practical uses, like redirecting X traffic in environments that use VPN servers, end-point proxies, or other network authentication systems that only handle incoming network connections and won't redirect X traffic.
Keywords: Network user administration
URL: http://www.netplex-tech.com/software/xtacacs/
Description: xtacas is s a modified version of Cisco's TACACS, which is an authentication system used to validate users in a network environment. xtacas allows a network access server to offload the user administration to a central server.
