Appendix E. About the CD-ROM

   


The CD-ROM included with Real-World Linux Security: Intrusion Prevention, Detection, and Recovery, Second Edition, contains the following:

Software written by the author to detect and repel attacks

rc.fwsoho

Complete IP Tables firewall for a small office/home office

rc.fwdmz

Complete IP Tables firewall for a mid-sized organization with DMZ

blockip

Detects hackers trying to access your network services and in a fraction of a second dynamically reconfigures your system to permanently lock out their system. It is easy to set up, and it supports IP Tables and IP Chains, or similar filters. It works with any Linux version and most UNIX versions. It will alert you instantly by sending e-mail, paging you, using your sound card, and flashing the lights. It is part of the author's Cracker Trap.

arpwatch

Author's substantially enhanced version of Lawrence Berkeley Lab's program that detects Address Resolution Protocol (ARP or MAC) attacks. It is suitable even for large organizations with multiple subnets. It provides special support for Apple Macs too.

tcpread

To enable fast repair, this program quickly and remotely detects if a hacker has managed to deface your Web pages or initiate a Distributed Denial of Service attack. The tcpread program runs on Linux or UNIX but the Web server could be on a Windows, Mac, Linux, UNIX, or other platform.

ports

Provides an easy-to-read analysis of network ports in use on your system, what each one is, what remote system is connected to each, and alerts you to which ones are likely to be hacker Trojan Horses.


Additional programs detect if your network card is in promiscuous mode (sniffing your network), identify which program is sniffing, identify and capture running stealth Trojan Horses, securely delete files and overwrite free space so that the data is destroyed, generate encrypted multitape remote backups impervious to hackers sniffing the network or stealing the tapes, check the GPG signatures of the files in a directory tree, and more.

Popular Open Source (Free) security tools

Most of the tools discussed in the book are on the CD-ROM, including programs to harden your system; detect attacks and generate alerts; detect and analyze Trojan Horses; test the crackability of your passwords, systems, and networks; reliably keep the system's time correct; analyze network traffic; filter out Web ads; and give PowerPoint-like presentations on Linux.

 
 adzap aide arprelay Bastille bottlerocket cpm crack ddd dtk fbi_find_ddos_v31_linux fenris firestarter firewalk ftester ftpd_bsd gaim harden_suse hostsentry icmpinfo inetdconvert internetjunkbusters ip_fil ipf How To john junkbuster libpcap libsafe lids logcheck magicpoint NAT How To nessus netdate netfilter Doc ngrep nmap ntop pcapture pinglogger pmfirewall portsentry rpm2targz saint samhain satan sendmail sniffit snort squid squidGuard tcpdump tripwire viralator wipe wpoison x10 zlib zombie 

The CD-ROM can be used on all Linux and UNIX systems as a mountable file system (iso9660 with Rock Ridge extensions). The source is supplied for almost all software and almost all of it will run on most Linux distributions with a 2.2, 2.4, or later kernel on any architecture; almost all of the author's software and most of the Open Source programs will also work on most modern UNIX systems.

It contains suggested modified versions of the banner messages; these are placed in the public domain.

 
 issue issue.net 

A number of open-source tools discussed in the book are included. A few of the files, such as the FBI tools, are open binary. Some are absent due to the U.S. export restrictions on strong encryption. The following are included.

 
 Bastille-1.0.3.pre5.tar.gz         lids-howto-2.tex.gz crack5.0.tar.gz                    lids-howto.tex.gz ddd-3.1.5-3.i386.rpm               nessus/ dtk.tar.gz                         nmap/ fbi_find_ddos_v31_URL              pmfirewall-1.1.4.tar.gz fbi_find_ddos_v31_linux.tar.gz     zlib-1.1.3.tar.gz icmpinfo-1.11.tar.gz               zombie-1.1.tar.gz lids-0.8pre4-psk-2.2.14.tar.gz 

The Bastille scripts modify a Red Hat system to be more secure. As of the writing of this book, they are for a somewhat old release. The crack utility cracks passwords and is useful for ensuring that yours are not crackable. The ddd program is the Dynamic Data Debugger and is an extremely useful front end to gdb, the GNU debugger. It may be of use in analyzing cracker programs that are found on your system.

The dtk.tar.gz archive is of the deception tool kit. The Nessus security scanner finds security holes in your systems. The nmap network mapping tool shows what services are on your system. You might want to install the openssh or ssh2 secure shells. The openssh package requires sslwrap, zlib, and openssl. These latter tools can be useful in their own right.

The pmfirewall program is an easy-to-use front end for IP Chains and has received good reports. The fbi_find_ddos and zombie archives find certain DDoS zombies (servers). The icmpinfo archive provides information on ICMP traffic that is suspicious and lids is a Linux Intrusion Detection System.

These items, with updates and errata, also should be on the author's Web site

www.realworldlinuxsecurity.com/

The author also maintains a completely separate backup Web site at

www.mindspring.com/~cavu/rwls/

The Web site will contain the most up-to-date information and errata. Unless the Web site lists a more recent version, the CD-ROM should be used. All readers are welcome to download any particular file from both Web sites and ensure that they are identical; if they are not, beware of possible cracking. All programs on the Web sites are cryptographically signed by the author. Check the signature and assume bad signatures indicate that the Web site has been cracked, though this is unlikely.


       
    Top


    Real World Linux Security Prentice Hall Ptr Open Source Technology Series
    Real World Linux Security Prentice Hall Ptr Open Source Technology Series
    ISBN: N/A
    EAN: N/A
    Year: 2002
    Pages: 260

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net