Summary:
thanks for all the great replies, (aside from he who didnt think it was an
appropriate question)
gnu tar
netcat
tcpdump
nmap
lsof
top
the various Adrian tools
sysinfo
sysaudit
gzip
perl
gcc
ncurses
bash
flex
expect
bzip
zip
ntop
netscape
ssh
tcp wrappers
COPS
Tripwire
Orca
Netsaint
Tiger
The contributors who didn't mind being named:
Alan Reichert:
ntop
This creates a socket that you can connect to via web browser and
look at network traffic statistics.
Moti Levi
gnu tar
Jason Marshall:
Don't forget netcat, tcpdump (nice to be able to snoop without resolving
every hostname -- Sol8 has this option in its snoop, finally), and nmap...
Those are the ones I use ALL the time...
Michael DeSimone wisely suggested that compilers be removed once the system
is
up and running normally.
Duane Gran:
SSH
Tripwire
TCP Wrappers
Mike Syiek Suggested
COPS
COPS is a collection of programs that assesses and reports on the security
of a UNIX host. COPS performs checks on the following items:
· File, directory, and device permissions/modes
· Content, format, and security of password and group files
· Existence of and permissions on root-SUID files
· Writability of home directories and startup files
· Inetd checks
· Miscellaneous root checks
COPS is run daily to help detect system changes (either authorized or
unauthorized) and to look for any insecure hosts settings.
http://dan.drydog.com/cops/software/
Tiger
Tiger performs much of the same functionality as COPS, however Tiger checks
for and reports on a wider array of possible system security issues. Like
COPS, Tiger is run daily to help detect system changes (either authorized or
unauthorized) and to look for any insecure host settings.
http://mirror.nucba.ac.jp/mirror/security/Unix/tiger/tiger.README
http://mirror.nucba.ac.jp/mirror/security/Unix/tiger/
LogChecker
LogChecker examines system log files on an hourly basis for any specified
system error or security related messages. If a specified message is found
within the host's log files, LogChecker notifies the Security Administrator
of the anomaly.
http://psionic.com/
Portsentry
Portsentry listens for UDP and TCP traffic on certain key ports of a host.
These are TCP/UDP ports that are not in use by the datacenter or by
applications which run in the datacenter. If any traffic is detected on
these host ports, an alarm message is posted to the host's log files (which
is in turn picked up by LogChecker for notification of the Security
Administrator).
Watcher
Watcher examines the health of the system on a hourly basis. Watcher looks
at things like free memory, disk space usage, and processor time to see if
any of these values are outside of a normal operating range. If they are
outside of a normal operating range, Watcher will notify the System
Administrators of the issue.
http://www.i-pi.com/watcher.html
<ftp://coast.cs.purdue.edu/pub/tools/unix/Watcher.tar.Z
TCP Wrappers
TCP Wrappers logs all inetd type connections to a host (which is currently
only FTP and TELNET, since all other inetd services have been removed).
Additionally, TCP Wrappers is also used to enforce the security of the
network architecture of the datacenter. This means that connection attempts
to the host from outside of the host's normal subnets will be denied and
logged (the logged attempt will in turn be picked up by LogChecker for
notification of the Security Adminitrator).
http://www.bigmouse.net/literature/Oreilly/puis/ch22_03.htm
SSH
SSH is installed on all datacenter machines. SSH allows for the secure
transmission of data and host passwords over the network. SSH also enables
for the secure transmission and display of Xwindow GUIs on the local
administrator's desktop from a datacenter machine. SCP (which is part of
SSH) allows for the secure copying of data from one machine to another (it
replace the insecure FTP protocol).
Any number of programs to do this
Tripwire
Tripwire maintains a database of 'fingerprints' (cryptographic hashes) of
key system files and their permissions. Tripwire is installed and run
immediately after a host is built. This provides us with a baseline
configuration for all datacenter machines. Additionally, the tripwire
database is compared against the current operating machine's 'fingerprint'
on a weekly basis to help ensure the integrity and security of the host.
Any anomalies are sent to the Security Administrator for analysis.
http://www.peapod.co.uk/products/tripwire/tripunix.html
Orca
http://www.gps.caltech.edu/~blair/orca/docs/orcallator.html
NetSaint
(we do not use these, as another package we use takes care of this
functionality for us.)
S
U BEFORE POSTING please READ the FAQ located at
N ftp://ftp.cs.toronto.edu/pub/jdd/sun-managers/faq
. and the list POLICY statement located at
M ftp://ftp.cs.toronto.edu/pub/jdd/sun-managers/policy
A To submit questions/summaries to this list send your email message to:
N sun-managers@ececs.uc.edu
A To unsubscribe from this list please send an email message to:
G majordomo@sunmanagers.ececs.uc.edu
E and in the BODY type:
R unsubscribe sun-managers
S Or
. unsubscribe sun-managers original@subscription.address
L To view an archive of this list please visit:
I http://www.latech.edu/sunman.html
S
T
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:14:16 CDT