The CD-ROM included with Real-World Linux Security: Intrusion Prevention, Detection, and Recovery, Second Edition, contains the following: Software written by the author to detect and repel attacks
Additional programs detect if your network card is in promiscuous mode (sniffing your network), identify which program is sniffing, identify and capture running stealth Trojan Horses, securely delete files and overwrite free space so that the data is destroyed, generate encrypted multitape remote backups impervious to hackers sniffing the network or stealing the tapes, check the GPG signatures of the files in a directory tree, and more. Popular Open Source (Free) security tools Most of the tools discussed in the book are on the CD-ROM, including programs to harden your system; detect attacks and generate alerts; detect and analyze Trojan Horses; test the crackability of your passwords, systems, and networks; reliably keep the system's time correct; analyze network traffic; filter out Web ads; and give PowerPoint-like presentations on Linux. adzap aide arprelay Bastille bottlerocket cpm crack ddd dtk fbi_find_ddos_v31_linux fenris firestarter firewalk ftester ftpd_bsd gaim harden_suse hostsentry icmpinfo inetdconvert internetjunkbusters ip_fil ipf How To john junkbuster libpcap libsafe lids logcheck magicpoint NAT How To nessus netdate netfilter Doc ngrep nmap ntop pcapture pinglogger pmfirewall portsentry rpm2targz saint samhain satan sendmail sniffit snort squid squidGuard tcpdump tripwire viralator wipe wpoison x10 zlib zombie The CD-ROM can be used on all Linux and UNIX systems as a mountable file system (iso9660 with Rock Ridge extensions). The source is supplied for almost all software and almost all of it will run on most Linux distributions with a 2.2, 2.4, or later kernel on any architecture; almost all of the author's software and most of the Open Source programs will also work on most modern UNIX systems. It contains suggested modified versions of the banner messages; these are placed in the public domain. issue issue.net A number of open-source tools discussed in the book are included. A few of the files, such as the FBI tools, are open binary. Some are absent due to the U.S. export restrictions on strong encryption. The following are included. Bastille-1.0.3.pre5.tar.gz lids-howto-2.tex.gz crack5.0.tar.gz lids-howto.tex.gz ddd-3.1.5-3.i386.rpm nessus/ dtk.tar.gz nmap/ fbi_find_ddos_v31_URL pmfirewall-1.1.4.tar.gz fbi_find_ddos_v31_linux.tar.gz zlib-1.1.3.tar.gz icmpinfo-1.11.tar.gz zombie-1.1.tar.gz lids-0.8pre4-psk-2.2.14.tar.gz The Bastille scripts modify a Red Hat system to be more secure. As of the writing of this book, they are for a somewhat old release. The crack utility cracks passwords and is useful for ensuring that yours are not crackable. The ddd program is the Dynamic Data Debugger and is an extremely useful front end to gdb, the GNU debugger. It may be of use in analyzing cracker programs that are found on your system. The dtk.tar.gz archive is of the deception tool kit. The Nessus security scanner finds security holes in your systems. The nmap network mapping tool shows what services are on your system. You might want to install the openssh or ssh2 secure shells. The openssh package requires sslwrap, zlib, and openssl. These latter tools can be useful in their own right. The pmfirewall program is an easy-to-use front end for IP Chains and has received good reports. The fbi_find_ddos and zombie archives find certain DDoS zombies (servers). The icmpinfo archive provides information on ICMP traffic that is suspicious and lids is a Linux Intrusion Detection System. These items, with updates and errata, also should be on the author's Web site www.realworldlinuxsecurity.com/ The author also maintains a completely separate backup Web site at www.mindspring.com/~cavu/rwls/ The Web site will contain the most up-to-date information and errata. Unless the Web site lists a more recent version, the CD-ROM should be used. All readers are welcome to download any particular file from both Web sites and ensure that they are identical; if they are not, beware of possible cracking. All programs on the Web sites are cryptographically signed by the author. Check the signature and assume bad signatures indicate that the Web site has been cracked, though this is unlikely. |
Top |