Free Essay

“Three Linux Security Tools”

In:

Submitted By chuckrock
Words 1070
Pages 5
“Three Linux Security Tools”
Charles Huhn
ITT-Technical Institute

Abstract: UNIX/Linux operating system have hundreds of security tools out there for protecting valuable information. Out of the many tools on the market, I’ve researched three and wrote about them. The three tools that I’ve research are Nmap, Nessus, and Chkrootkit. In this paper I’ll go over how they enforce security, what threats these tools are designed to eliminate, and what organization is behind the tool.

The first security tool I researched is called Nmap Security Scanner. Nmap stands for “Network Mapper”. It can be downloaded for free and comes with a full source code that you can modify and redistribute. Nmap has been used to scan huge networks of literally hundreds of thousands of machines and also works fine with a single host. Not only is it used for Linux, but it runs on all other major computer operating systems like Windows and Mac OS X. Nmap allows you to explore and audit a network. It uses IP packets to determine what hosts are available on the network, what services those hosts are offering, what operating systems they are running, what type of firewalls are being used, and many other characteristics. Network administrators find it useful for tasks like network inventory, managing service upgrade schedules, and monitoring host or service uptime. In addition to the classic command-line, the Nmap suite includes an advanced GUI called Zenmap. Nmap comes with no warranty and there is no organization behind it. It is supported by a community of developers and users. Another cool thing I found out is that Nmap was seen in eight movies including, The Matrix Reloaded, Die Hard 4, and The Bourne Ultimatum.
The next Linux security tool I researched is called Nessus Vulnerability Scanner. The Nessus Project was started by Renaud Deraison in 1998 to provide to the Internet community a free remote security scanner that was also open source. On October 5, 2005, Tenable Network Security changed Nessus 3 to a proprietary license. The Nessus 3 tool is still free of charge; however the professional feed costs $1200 for a one year subscription which gives access to support and additional scripts. Nessus 3 has the ability to perform configuration audits, technical support, SCADA vulnerability audits, the latest network checks and patch audits, the ability to audit anti-virus configurations. It also has the ability to perform sensitive data searches to look for credit card, social security number and many other types of corporate data. Although the high price, it is the world’s most popular vulnerability scanner and used in over 75,000 organizations world-wide. Nessus probes your network machines against an up-to-date security vulnerability database, alerting the user of security holes, with details on how to fix each hole. In typical operation, Nessus begins by doing a port scan with one of its four internal port scanners to determine which ports are open on the target and then tries various exploits on the open ports. Tenable Network Security produces several dozen new vulnerability checks each week. These checks are available for free to the general public. In my opinion, the Nessus Vulnerability Scanner seems to be the best port scanner on the market considering all of its other features for a single host user. The final security tool that caught my eye is Chkrootkit which means Check Rootkit. There are no know organizations behind the tool, but includes software developed by the DFN-CERT, Univ. of Hamburg and small portions of its ifconfig was developed by Fred N. van Kempen. Chkrootkit is a tool designed to locally check for signs of a root kit on your Linux machine. Root kits are files that can hide on your machine after a break in that allows an attacker to gain access to your computer in the future. Chkrootkit is a collection of tools to detect the presence of rootkits. It is a free, open source utility, and it detects almost all the latest rootkits out there because the open source community of contributors keeps it up to date. Chkrootkit is a Unix-based program intended to help system administrators check their system for known rootkits. It is a shell script using common UNIX/Linux tools like the grep commands to search core system programs for signatures and for comparing a traversal of the /proc file system with the output of the process status command to look for discrepancies. A few great features of chkrootkit are that it detects more than 60 old and new kits, is capable of detecting network interfaces in promiscuous mode, can efficiently detect altered lastlog and wtmp files, has easy command-line access with straightforward options, and has a wordy output mode to help admins automate tasks. This tool is packed with other tools to help check for signs of a rootkit which are as follows… * chkrootkit: shell script that checks system binaries for rootkit modification. * ifpromisc.c: checks if the interface is in promiscuous mode. * chklastlog.c: checks for lastlog deletions. * chkwtmp.c: checks for wtmp deletions. * check_wtmpx.c: checks for wtmpx deletions. * chkproc.c: checks for signs of LKM trojans. * chkdirs.c: checks for signs of LKM trojans. * strings.c: quick and dirty strings replacement. * chkutmp.c: checks for utmp deletions.
In my opinion, this a great tool for checking rootkits and other security issues. One of the smart things about this program is that it comes with other helpful programs too. In conclusion, I never realized just how many security tools are out there for Linux. With all the hackers and security threats networks face every day, it’s mandatory to have some kind of security set up. A network should always be monitored for attacks and an administrator should always be ready if it were to happen.

Works referenced

Bradley, T. (n.d.). Internet / network security. Retrieved from http://netsecurity.about.com/cs/toolsutilities/p/aapf100403.htm

Chkrootkit — eliminate the enemy within. (2011, October 1). Retrieved from http://www.linuxforu.com/2011/10/chkrootkit-eliminate-enemy-within/

Linux tips, tricks, and opinions. (2007, January 3). Retrieved from http://www.foogazi.com/2007/01/03/the-best-linux-security-tools/

Tenable network security. (n.d.). Retrieved from https://store.tenable.com/?main_page=inde&xcPath=1

Wikipedea, nessus (software). (n.d.). Retrieved from http://en.wikipedia.org/wiki/Nessus_(software)

(n.d.). Retrieved from http://sectools.org/

Similar Documents

Free Essay

Comparison Matrix

...of Phoenix Material Unix® and Linux® Comparison Matrix Directions: Choose three different versions of the UNIX® or Linux® operating systems to compare. Insert the three chosen versions and fill out the requested information in the Components column. UNIX® or Linux® operating system version: Fedora |Components |Your response | |Role of shell |Gives a command line with built in commands | |Three features and roles of each |Security-there is a firewall tool provided with a task bar that lets the user know of any | |feature |security issues. Shell- Is environment friendly for the user and has functions that run like | | |a PC. Rescue-This feature which is in the disk of the program, can unlock a system to let the| | |user continue their work. | |Comments on security |This is a main important feature for the OS | |Comments on administration |It is easy for ADMIN use and the tools are not as difficult | |Comments on networking |Networking is ok even though the security firewall is good ...

Words: 446 - Pages: 2

Free Essay

Security in Linux

...Security in Linux Linux, like any other computing platform, is constantly changing. There are a few major focus points for new and upgraded platforms, one of which is how user friendly it is. User friendliness goes beyond the ability to simply point and click, it also goes behind the lines deep into the inner workings of the system. Security is one of the most important functions of any operating system, very commonly overlooked and taken for granted. A system administrator can configure tables that are provided by the Linux kernel firewall in a program called iptables. Iptables has the ability to redirect, modify or stop packets of data all based on the state of a connection at any given time. There are many different tables that can be defined and each table contains built in chains or user defined chains. Every chain is essentially a list of rules that matches a set of packets and it specifies what to do with a packet that matches the rules. For the casual user it is best to use the predefined rules, they are often more than adequate. In an enterprise situation the administrator would likely want to define additional rules in order to best suit the business needs. Before iptables Linux mainly used ipchains as a firewall package. Iptables is an improvement on ipchains because it monitors the state of connections. Iptables can use the state of the connection as opposed to ipchains using the source destination and content only, to redirect, modify or drop a packet. At least...

Words: 965 - Pages: 4

Premium Essay

Linux Security Technology

...|Linux Security Technology | | 1. SELinux SELinux, an implementation of Mandatory Access Control (MAC) in the Linux kernel, adds the ability to administratively define policies on all subjects (processes) and objects (devices, files, and signaled processes). This mechanism is in the Linux kernel, checking for allowed operations after standard Linux Discretionary Access Controls DAC are checked. Security-Enhanced Linux (SELinux) is a Linux feature that provides a mechanism for supporting access control security policies, including United States Department of Defense-style mandatory access controls, through the use of Linux Security Modules (LSM) in the Linux kernel. It is not a Linux distribution, but rather a set of Kernel modifications and user-space tools that can be added to various Linux distributions. Its architecture strives to separate enforcement of security decisions from the security policy itself and streamlines the volume of software charged with security policy enforcement. The key concepts underlying SELinux can be traced to several earlier projects by the United States National Security Agency (NSA), It has been integrated into the mainline Linux kernel since version 2.6. NSA, the original primary developer of SELinux, released the first version to the open source development community under the GNU GPL on December 22, 2000. Security-enhanced Linux...

Words: 1860 - Pages: 8

Free Essay

Security Enhanced Linux (Selinux), Chroot Jail, and Iptables

...Three of the most important types of Linux security technologies are Security Enhanced Linux (SELinux), chroot jail, and iptables. These security measures aide in the subversion of theft and malicious activity. We will discuss these items in depth to address who created them and for what reason. Along with how these technologies changed the operating system to enforce security, and the types of threats that these security systems are design to eliminate. Security Enhanced Linux was released in December of 2000 from the National Security Agency (NSA), under the GNU general public license. SELinux is not a Linux distribution; it is a set of kernel modifications and tools that can be added to a variety of Linux distributions. SELinux is currently a part of Fedora Core, and it is supported by Red Hat. Incarnations of SELinux packages are also available for Debian, SuSe, and Gentoo. Security-enhanced Linux is a set of patches to the Linux kernel and some utilities to incorporate a strong, flexible Mandatory Access Control (MAC). MAC provides an enhanced process to enforce the separation of information based on confidentiality and integrity requirements, as well as the confinement of damage that can be caused by malicious or flawed applications. The previous security structure, discretionary access control (DAC), allowed threats of tampering and avoidance of security mechanisms, because DAC gives the user ownership of files and allows users the ability to make policy decisions...

Words: 848 - Pages: 4

Free Essay

It302 Linux System Administration Research Assignment 1

...IT302 Linux System Administration Research Assignment 1 SELinux or Security Enhanced Linux uses an architecture that separates enforcement from access policy decisions. With this architecture different types of policies can be implemented, including Role-Based Access Control (RBAC), Type Enforcement (TE), and Multi-Level Security (MLS). The module assigns security labels to each subject or object. It uses a security class to determine the kinds of relationship a pair of labels might have. The triplet consisting of a pair of labels and a class are then sent to a policy server to determine if access is allowed. The security labels are assigned dynamic integer security ID's (SID's); the reply from the policy server is cached in an 'access vector cache' for performance reasons. SELinux was developed in coordination with the open source community and the National Security Agency (NSA) to provide the highest level of security for the Linux operating system. Linux V-Server – The three basic elements of the VServer are: * The security context. A process in one security context cannot see processes in other security contexts, neither with the 'ps' command, nor with 'cat /proc' nor in any other way. As side-effect, this means that a process in one context cannot kill processes in other contexts. * Capabilities. The existing Linux kernel provides a wide variety of capabilities which can be taken away from processes. These include the ability to change network addresses...

Words: 423 - Pages: 2

Premium Essay

Pos/ Final Paper Compare Windows Linux Unix and Mac

...UNIX®/Linux® versus Mac® versus Windows® POS/355 October 29, 2012 Carol S. Eichling UNIX®/Linux® versus Mac® versus Windows® There are several computer operating systems available on the market, and it is sometimes difficult to choose. Therefore, it is important to compare the system capabilities to make the decision easier. The three biggest players in the operating systems market are UNIX®/Linux®, Mac®, and Microsoft® Windows® with Windows® holding the largest market share (Boitor & Brătucu, 2011). These three operating systems are capable of multi-processing and have similar capabilities; however, and it is important to compare and contrast how they handle memory management, process management, file management, and security, which are critical system functions. Discussing memory management, which is a vital component in operating systems, is first. Memory Management Memory management refers to the way a system makes use of the computer’s RAM (Random Access Memory). Many of the operating systems in use on computer systems have positives and negatives in their use of memory attributes. “Memory management is usually divided into three areas: hardware, operating system, and application…although the distinctions are a little fuzzy. In most computer systems, all three are present to some extent, forming layers between the user's program and the actual memory hardware” (Ravenbrook Limited, 2001, p. 1). There are several types of memory, including main memory, file system...

Words: 2974 - Pages: 12

Free Essay

Case Project

...Project Student College Case Project Linux as an operating system is a powerful tool used in businesses for its secure kernel and command line interface. From a small business to a large enterprise, Linux is used to run servers, store vital information and documents. In Outdoor Adventures, this store needs a more efficient computing system. The system will need to keep information available and secure enough to ensure that the information can only be seen by the right people. To help keep things organized, a file structure will also be required to keep all the files with special permissions together for easy access. To better illustrate the security capabilities of Linux Ed Sawicki of Biznix.org said, “The Linux firewall has functionality that rivals expensive commercial firewalls. Its rules allow fine grained control over stateless and stateful packet filtering. The Linux firewall is extensible, allowing new filtering capabilities as the need arises.” This comparison is powerful when considering what would be the most cost effective direction for a business, but also the safest. Another advantage of linux is that it is generally free to try before applying it to a commercial setting. The product can in effect speak for its self by allowing itself to be made publicly available so there is no need to consider it a “business risk” when a technician can experiment with it first before applying it on a much grander scale. “Linux…is a freely available multitasking and multiuser...

Words: 1333 - Pages: 6

Premium Essay

Operating Systems

...Operating Systems Christy Kegley IT/282 3/2/2014 Carlton Foster Operating Systems * Provide a brief history of three operating systems. The top three operating systems are; Windows XP, Windows Vista, and Linux. “Windows XP is the first Windows OS to allow multiple users to log on simultaneously to the OS, each with their own applications open. Although Windows XP was first released with some bugs, the second service pack (Service Pack 2) resolved most of these problems. XP underwent three service packs. It is an extremely stable OS and was popular in both the home and corporate markets” (Guide to Managing and Maintaining Your PC, Eighth Edition, Andrews, pg. 1116). This programs allows users to do many things that others might not allow like older versions of Windows. Windows Vista is the newest version of Windows. This program is not very popular with some people because there is a lack of compatibility with other programs, also it slows performance. “The first problem is partly caused by hardware manufacturers not providing Vista drivers for their devices that were originally sold with XP drivers. The second problem means that many low end desktop and laptop computers can’t run Vista. And the slow performance of Vista is partly due to the many unnecessary features (fluff) it offers; these features weigh heavy on system resources. Vista comes in five versions: Windows Vista Home Basic, Home Premium, Business, Enterprise, and Ultimate. (Vista Starter...

Words: 764 - Pages: 4

Free Essay

Linux Paper

...Linux Features of Red Hat Red hat has many different features, I will cover a few of the main features in this section, and Red Hat contains more than 1,200 components covering a broad range of functionality. Red Hat Enterprise Linux provides CIOs and IT managers with the means to reduce costs while improving operational flexibility throughout their computing infrastructure. The following list provides a brief summary of the more important features: * Virtualization is provided in all Red Hat Enterprise Linux server products and is optionally available for desktop products. * Storage and extended server virtualization are provided with Red Hat Enterprise Linux Advanced Platform. * Red Hat Network supports virtualized guest operating systems * Virtual-manager, other management tools are available for single system or scripted virtualization management. * Integration with Red Hat Enterprise Virtualization is available for enterprise virtualization management. Networking & interoperability * Network storage enhancements include Autofs, FS-Cache, and iSCSI support * IPv6 support and conformance enhancements * Improved Microsoft® file/print and Active Directory integration, including support for Windows Security Features * SE Linux enhancements include Multi-Level Security and targeted policies for all services * SE troubleshooter GUI simplifies SE Linux management * Integrated directory and security capabilities * IPSEC enhancements...

Words: 769 - Pages: 4

Premium Essay

Term Paper

...Term paper Linux Security Technologies There are many ways to have internet access these days. Coffee shops, libraries, airports and even public buses have free wireless access. With all these free accesses to the World Wide Web, there is also many potential ways for hackers to potentially get your personal information and use it for their gain. There are many ways to combat this situation by using several security measures with Linux programming, which the majority of the software is free. Some of those security technologies are SELinux, TCP Wrappers, IPtables and Chroot Jail to name a few. In basic Linux security, Discretionary Access Control is based practically by users and groups. The process is ran by a user and then has access to anything other users has access to, making it not so secure. The U.S. National Security Agency (NSA) developed the SELinux (Security Enhanced Linux) to combat the lack of strong security. The SELinux implements Mandatory Access Control (MAC) in the Linux kernel which enforces policies that limits the user or a program of what they can do. It is designed to prevent process from reading and/or tampering of data and programs. MAC is an important tool for containing security threats made by user errors, hackers or software errors. It’s pretty hard to bypass the security measure since the kernel is checking the MAC rules right after checking the DAC rules on a constant basis. There are three states you can place SELinux to run in; Enforcing...

Words: 311 - Pages: 2

Free Essay

Linux System Administration

...IT302 Linux System Administration Research Assignment 1 SELinux or Security Enhanced Linux uses an architecture that separates enforcement from access policy decisions. With this architecture different types of policies can be implemented, including Role-Based Access Control (RBAC), Type Enforcement (TE), and Multi-Level Security (MLS). The module assigns security labels to each subject or object. It uses a security class to determine the kinds of relationship a pair of labels might have. The triplet consisting of a pair of labels and a class are then sent to a policy server to determine if access is allowed. The security labels are assigned dynamic integer security ID's (SID's); the reply from the policy server is cached in an 'access vector cache' for performance reasons. SELinux was developed in coordination with the open source community and the National Security Agency (NSA) to provide the highest level of security for the Linux operating system. The three basic elements of the VServer are: The security context. A process in one security context cannot see processes in other security contexts, neither with the 'ps' command, nor with 'cat /proc' nor in any other way. As side-effect, this means that a process in one context cannot kill processes in other contexts. Capabilities. The existing Linux kernel provides a wide variety of capabilities which can be taken away from processes. These include the ability to change network addresses, to change the ownership of a file...

Words: 291 - Pages: 2

Premium Essay

320 Linux Admin

...SELinux was developed by the United States National Security Agency. It was then released for open source development on December 22, 2000 and was merged into the main Linux kernel version 2.6.0-test3 on August 8, 2003. SELinux was designed to change the access control protocols for Linux users, to make them more secure and computer resources and applications less likely to be exploited. Prior to the development of SELinux, systems used a form of DAC, Discretionary Access Control. In this set up, placed all clients into three categories: user, group, and other. If an application or file were "exploited," it would allow the current user to access the file(s) or application at the highest permission allow, the owner of the file, or user. SELinux introduced two new ways to allow permissions to be determined by the client computer. The first of these is MAC, Mandatory Access Control. This new protocol introduce the principle of least privilege, which simply allows programs to use what resources they need to do the task at hand, and nothing else. An example from an article I found online: "if you have a program that responds to socket requests but doesn't need to access the file system, then that program should be able to listen on a given socket but not have access to the file system." The second protocol is RBAC, Role-based Access Control. In this protocol, "permissions are provided based on roles that are granted by the security system." From what I read of roles, they are like...

Words: 792 - Pages: 4

Free Essay

Unix Pos420 Uop

...UNIX, Linux, and Windows Servers Security When comparing Linux/Unix versus Windows platforms for security it is important to take into account the security issues being addressed. The most common types of security breaches in today’s business world are based on social engineering attacks. These attacks are focused on bypassing security measures by tricking users into accomplishing the tasks required by the malicious code. These attacks can introduce numerous types of malicious code into the network ranging from spyware up to and including viruses. When comparing Windows versus Linux/Unix it is important to realize that more security features may be available depending on the exact operating system. This comparison is not to compare specific distributions of Linux/Unix against a specific version of Windows, instead it will compare the core elements that are prevalent in both operating systems regardless of the distribution or version chosen. The first security feature that is discussed is the structure of both operating systems. The difference between Linux/Unix and Windows based on structure is the way configuration for software is approached. Most malicious code in a Windows platform is embedded into the registry. The registry is a single location that stores every configuration setting for software installed on the machine. This allows a standard location for malicious code to target on a windows machine. Whereas Linux/Unix does not have a registry, instead it uses...

Words: 1996 - Pages: 8

Premium Essay

Ethical Hacking

...areas in network security, and certainly an area that generates much discussion, is that of ethical hacking. The purpose of this study is to examine the literature regarding how private sectors and educational institutions are addressing the growing demand for ethical hacking instruction. The study will also examine the opportunity for community colleges in providing this type of instruction. The discussion will conclude with a proposed model of ethical hacking instruction that will be used to teach a course in the summer semester of 2006 through the continuing education department at Caldwell Community College and Technical Institute within the North Carolina Community College System. Ethical Hacking 3 Ethical Hacking: Teaching Students to Hack The growing dependence and importance regarding information technology present within our society is increasingly demanding that professionals find more effective solutions relating to security concerns. Individuals with unethical behaviors are finding a variety of ways of conducting activities that cause businesses and consumers much grief and vast amounts annually in damages. As information security continues to be foremost on the minds of information technology professionals, improvements in this area are critically important. One area that is very promising is penetration testing or Ethical Hacking. The purpose of this paper is to examine effective offerings within public and private sectors to prepare security professionals. These...

Words: 6103 - Pages: 25

Free Essay

It302 Reserch 1

...several security measures with Linux programming, which the majority of the software is free. Some of those security technologies are SELinux, TCP Wrappers, IPtables and Chroot Jail to name a few. In basic Linux security, Discretionary Access Control is based practically by users and groups. The process is run by a user and then has access to anything other users has access to, making it not so secure. The U.S. National Security Agency (NSA) developed the SELinux (Security Enhanced Linux) to combat the lack of strong security. The SELinux implements Mandatory Access Control (MAC) in the Linux kernel which enforces policies that limits the user or a program of what they can do. It is designed to prevent process from reading and/or tampering of data and programs. MAC is an important tool for containing security threats made by user errors, hackers or software errors. It’s pretty hard to bypass the security measure since the kernel is checking the MAC rules right after checking the DAC rules on a constant basis. There are three states you can place SELinux to run in; Enforcing, Permissive and Disabled. Enforcing is the default setting where no program or user can do anything not permitted by the security policy. Permissive is a diagnostic state where it sends warning but does not enforce the policy but you can use to build a new security policy. Disabled is where it does not enforce any security policies at all. Another Linux based security program...

Words: 827 - Pages: 4