Top Ten Linux Security Programs
Here's is my personal Top Ten list of Linux Security Programs. Most of such lists you find everywhere are boring because they include only the usual suspects like nessus, nmap and John the Ripper. So I've tried to include some not so well known programs, which sometimes aren't real "security programs" but nevertheless are extremly useful to secure your Linux system.
logcheck
The most underrated security tool in my opinion; and it isn't even a security program. It's a log-checking program. It parses the various logs in /var/log and if something unusual was logged sends you a message. The documentation and the website isn't that good but that's not a big problem. Logcheck is really easy to configure and offers useful features like whitelists and different security levels (workstation, server, paranoid).
Learn more
Installation
aptitude install logcheck
last
last is a tiny but very useful programs. It searches back through the file /var/log/wtmp and displays a list of all
users logged in (and out) since that file was created. So by running last you get a listing of last logged in users.
If the login came from a remote machine the IP-address is logged too. You can control the output by using some option flags which are described
in the man page.
Learn more
Installation
aptitude install sysvinit-utils (installed by default)
w
w displays information about the users currently on the machine, and their processes. The header shows, in this order,
- the current time
- how long the system has been running
- how many users are currently logged on
- the system load averages for the past 1, 5, and 15 minutes
who.
Learn more
Installation
aptitude install procps (installed by default)
lsof
lsof is a command meaning "list open files", which is used to report a list of all open files and the processes that opened them. Open files in the system include disk files, pipes, network sockets and devices opened by all processes.The listing of open files can be consulted to identify the process that is using the files.
Learn more
Installation
aptitude install lsof
nmap
Nmap (Network Mapper) is a port and security scanner used to discover hosts and services on a computer network. To accomplish its goal, Nmap sends specially crafted packets to the target host and then analyzes the responses.
Also, owing to the large and active user community providing feedback and contributing to its features, Nmap has been able to extend its discovery capabilities beyond simply figuring out whether a host is up or down and which ports are open and closed; it can determine the operating system of the target, names and versions of the listening services, estimated uptime, type of device, and presence of a firewall.
Learn more
Installation
aptitude install nmap
rkhunter
rkhunter (Rootkit Hunter) is a tool that scans for rootkits, backdoors and possible local exploits. It does this by comparing SHA-1 hashes of important files with known good ones in online database, searching for default directories (of rootkits), wrong permissions, hidden files, suspicious strings in kernel modules, and special tests for Linux and FreeBSD.
Learn more
http://www.rootkit.nl/projects/rootkit_hunter.html
Installation
aptitude install rkhunter
bastille
Bastille Linux aims to provide an interactive tool for the purpose of performing additional security hardening measures to increase the over-all security, and decrease the susceptibility of compromise for a Linux system. Through the interactive mode of bastille you learn a lot about security while hardening your system
Learn more
http://bastille-linux.sourceforge.net/
Installation
aptitude install bastille
buck-security
buck-security is a collection of security checks for Linux. It was designed for Debian and Ubuntu servers, but can be useful for any Linux system.
The aim of buck-security is to allow you to get a quick overview of the security status of your system. As a linux system administrator - but also as a normal linux user - you often wonder if your system is secure. In this situation it is useful to get an overvirew of the security status of the system immediately. buck-security was designed exactly for this. It runs important tests and returns the results to you after a couple of minutes.
Learn more
Installation
Check out the documentation site of buck-security
So while it says "Top Ten" that are only eight tools, right? Well, because "Top Ten" sounds better. And maybe I'll add other tools later if I find them useful and can recommend them.