                                   [Image]
OpenSEC Picks
Crack - the best known UNIX password cracker
John the Ripper - an easy to use and install UNIX password cracker.
Logcheck - monitors syslog and produces pretty reports by the author of
Abacus Sentry.
Nannie - a tiny daemon that generates syslog events when anything in
user-specified list of files has changed. Similar to tripwire in concept,
except much lighter-weight.
Npasswd - a replacement for the passwd command for UNIX. New passwords are
stringently screened to decrease the chance of having passwords vulnerable
to guessing by programs such as Crack. In addition npasswd addresses other
deficiencies found in many vendor-supplied passwd programs.
Stackguard - a compiler approach for defending programs and systems against
"stack smashing" attacks. Stack smashing attacks are the most common form of
security vulnerability. Programs that have been compiled with StackGuard are
largely immune to stack smashing attack. Protection requires no source code
changes at all. When a vulnerability is exploited, StackGuard detects the
attack in progress, raises an intrusion alert, and halts the victim program.

More Tools
ACUA - a program used to administer accounts and enforce access
restrictions.
Aide - reates a database from the regular expression rules that it finds
from the config file. Once this database is initialized it can be used to
verify the integrity of the files. It currently has 4 message digest
algorithms (md5,sha1,rmd160,tiger) that are used to check the integrity of
the file.
Auditd - a tool available from HERT that allows you to monitor and log
specific system calls
Bgcheck - a process monitor for linux written in perl. It can be a very
useful tool for administrators used to limit the amount of background
processes that each user can run
Colorlogs - olor codes your logfiles for simpler reading. Sit at a distance
and watch for specified colors in the logfile output to alert you of unusual
activity.
Installwatch - useful when you install a new package you've just compiled
and want to keep track of changes in your file system. It monitors created
and modified files, directories, and permissions
Gog & Magog - distributed integrity management tool
Fcheck - a Perl script for verifying file integrity against a baseline
(similar in concept to Tripwire)
HostSentry - a host based IDS for detecting system anonomalies based on
login activity
Logwatch - a customizable, pluggable log-monitoring system that analyzes and
reports on system logs. It will go through your logs for a given period of
time and make a report in the areas that you wish with the detail that you
wish
LOMAC - The LOMAC Loadable Kernel Module is a security enhancement for Linux
that uses Low Water-Mark Mandatory Access Control to protect the integrity
of processes and data. A partially functional prototype is now available for
single-CPU Linux 2.0 systems. Although the prototype is incomplete, enough
functionality exists to demonstrate LOMAC's ability to contain viruses and
to limit the destructive potential of malicious remote users and compromised
root daemons.
Memwatch - a fault tolerant memory leak and corruption detection tool.
Basically, you add a header file to your souce code files, and compile with
MEMWATCH defined or not
Sxid - an all in one suid/sgid monitoring program designed to be run from
cron on a regular basis. Basically it tracks any changes in your s[ug]id
files and folders. If there are any new ones, ones that aren't set any more,
or they have changed bits or other modes then it reports the changes in an
easy to read format via email or on the command line.
RSBAC - Rule Set Based Access Control for Linux - a big patch for current
Linux kernels. It is based on the Generalized Framework for Access Control
(GFAC) by Abrams and LaPadula and provides a flexible system of access
control based on several modules. All security relevant system calls are
extended by security enforcement code. This code calls the central decision
component, which in turn calls all active decision modules and generates a
combined decision. This decision is then enforced by the system call
extensions.
Sherpa - a host security scanner for RH5.x/6.x that checks for
world-writable files & directories, SGUI/SUID programs, network services,
and generates ASCII/HTML logs.
SBScan - performs a bunch of local/remote security checks
Secure Sylog - A new cryptographically secure system logging tool is
available for UNIX systems. Designed to replace the syslog daemon, ssyslog
implements a cryptographic protocol called PEO-1 that allows the remote
auditing of system logs. Auditing remains possible even if an intruder gains
superuser privileges in the system, the protocol guarantees that the
information logged before and during the intrusion process cannot be
modified without the auditor (on a remote, trusted host) noticing.
Sudo - Sudo (superuser do) allows a system administrator to give certain
users (or groups of users) the ability to run some (or all) commands as root
while logging all commands and arguments. Sudo operates on a per-command
basis, it is not a replacement for the shell.
Syslog-ng - a syslogd replacement, but with new functionality for the new
generation. The original syslogd allows messages only to be sorted based on
priority/facility pair, syslog-ng adds the possibility to filter based on
message contents using regular expressions. The new configuration scheme is
intuitive and powerful. It supports transporting messages over TCP, stores
digital fingerprints of each message, so that unauthorized modification can
be detected, and much more.
SFS - kernel patches to allow a stenographic filesytem
TARA - updated versions of the TAMU Tiger scriopts. Gig 'em.
Tripwire - Tripwire Academic Source Release 1.3 - updated version of the
classic integrity checker
Saltine Cracker -a distributed password cracker
Slurpie - distributed password cracker
Userv - a tool for system administrators, who often find themselves with a
program running as one user which needs to be able to do certain things as
another user.
Viper - a Perl password cracker that utilizes user-specified character
patterns instead of a dictionary
ViperDB - a smaller and faster option to Tripwire. ViperDB does not use a
fancy all-in-one database to keep records. Instead it uses a plaintext db
which is stored in each "watched" directory. By using this there is no real
one attack point for an attacker to focus his attention on. This coupled
with the running of ViperDB every 5 minutes (via cron root job) decreases
the likelihood that an attacker will be able to modify your "watched"
filesystem while ViperDB is monitoring your system.
Wipe - a tool that effectively degauses the surface of a hard disk, making
it virtually impossible to retrieve the data that was stored on it. This is
the ultimate in making sure secure data that is erased from a hard drive is
unrecoverable.
WOTS - a swatch derivative
