Chapter 15. Scanning Your Own System

A number of powerful tools are discussed here that should be used to scan (probe) your system for vulnerabilities and improper visibility. A vulnerability is a buggy or misconfigured service, such as sendmail, allowing your system to be used to relay spam. An improper visibility is where a service that should be visible only from inside a network (or portion of it) is visible (accessible) from outside it. Samba (NETBIOS) is one possible example of a service that should not be visible from outside one's network. Visibility testing must be done from outside your network, perhaps from your home system or from a friend's system.

Most of these tools are used both by SysAdmins to find vulnerabilities in their systems to fix and by crackers to take advantage of those that SysAdmins neglected to fix. It should be considered mandatory to use these tools both initially and periodically, especially after significant reconfigurations, to find problems.

The topics covered in this chapter include:

• "The Nessus Security Scanner" on page 591

• "The SARA and SAINT Security Auditors" on page 592

• "The nmap Network Mapper" on page 592

• "The Snort Attack Detector" on page 598

• "Scanning and Analyzing with SHADOW" on page 599

• "John the Ripper" on page 599

• "Store the RPM Database Checksums" on page 599