Sign In Sign-Up

Welcome!

Close

Would you like to make this site your homepage? It's fast and easy...

Yes, Please make this my home page!

No Thanks

  Don't show this to me again.

Close

Security Packages

CONFIGURATION MANAGEMENT

NETWORK ACCESS

PASSWORD MANAGEMENT

SCREEN LOCKING

Reference

  Note:  * stands for the percent of recommendation, but it's
             up to your requirements. (5 star is the best.)

CONFIGURATION MANAGEMENT
     These tools help set security parameters to safe, non-default
     values.  They also monitor the systems for changes which
     could compromise security.
 

  COPS  ( ***** )

 Computer Oracle and Password System (COPS) is a public domain
 security assessment tool for a single UNIX system. It checks for empty
 passwords in /etc/passwd, world-writable files, misconfigure anonymous
 ftp and many others.

 COPS is available via anonymous ftp from ftp.cert.org,
 located in /pub/tools/cops/1.04.
 

Tripwire  ( ***** )

 Tripwire is a public domain tool that monitors for changes in system
 binaries, which aids system admin and users in monitoring a designated
 set of files for any changes.  Used with system files on a regular (e.g., daily)
 basis, Tripwire can notify system administrators of corrupted or tampered
 files, so damage control measures can be taken  in a timely manner.

 Tripwire is available via anonymous ftp from ftp.cert.org,
 located in /pub/tools/tripwire.

  Lsof   ( *** )

     Displays all open files on a UNIX system.

  Lsof is availabie via anonymous ftp at vic.cc.purdue.edu

Tiger   ( *** )

 Checks for known security vulnerabilities of Unix workstations. It is similar
  to Cops with many extensions.

  Tiger is availabile iva anonymous ftp at net.tamu.edu

NETWORK ACCESS
 These tools provide additional control and log information.
 

TCP wrapper    ( ***** )

 TCP Wrapper is a public domain program that can monitor
 and filter incoming requests for network services (e.g.
 SYSTAT, FINGER, FTP, TELNET, RLOGIN, RSH, EXEC, TFTP, TALK,
 etc.).  The package provides daemon wrapper programs that
 can be installed without any changes to existing software
 or to existing configuration files.  The wrappers report
 the name of the remote host and of the requested service;
 they do not exchange information with the remote client
 process, and impose no overhead on the actual communication
 between the client and server applications.
 Optional features are access control to restrict what
 systems can connect to your network daemons, remote user
 name lookups with the RFC 931 protocol, and additional
 protection against hosts that pretend to have another host's
 name or address.

 TCP Wrapper is available via anonymous ftp from ftp.cert.org
 (or ftp.win.tue.nl)
 located in the directory /pub/tools/tcp_wrappers.

SATAN   ( *** )

  SATAN is a program that gathers network information such the type
  of machines and services available on these machine as well as potential
  security flaws.

   Satan is availabile via anonymous ftp at ftp.win.tue.nl.

Traceroute ( **** )

    Traceroute traces the route IP packets take from the current system
     to a destination system.

    Traceroute is availabile via anonymous ftp at ftp.psc.edu

Arpwatch   ( ** )

    Arpwatch is an ethernet monitor program that keeps tracks of
    ethernet/IP address pairings.

    It's availabile via anonymous ftp at ftp.ee.lbl.gov

ISS   ( *** )

    ISS is used to check hosts within a specified range of IP address
    for various security vulnerabilities in sendmail, anonymous FTP setup,
    NFS and many more.

    It's availabile via anonymous ftp at info.cert.org

Netlog  ( *** )

    Network logging and monitoring of all TCP and UDP connections
    on a subnet. Netlog also includes tools to analyzing the output.

    It's availabile via anonymous ftp at net.tamu.edu

PASSWORD MANAGEMENT
 

anlpasswd    ( **** )

 Anlpasswd is a public domain proactive password checker
 that prevents users from selecting a weak password.
 Anlpasswd is very portable because it wraps the system's
 password changing routine, instead of replacing it (it will
 work in an NIS environment).  Anlpasswd requires PERL, and
 a big dictionary.  According to the documentation it runs
 on: Sun, IBM, NeXT, SGI, Intel iPSC860, Alliant, Encore,
 BBN TC200, Solbourne, and Sequent.
 Anlpasswd is available via anonymous ftp://info.mcs.anl.gov,
 located in the directory /pub/systems.  PERL is available
 from ftp.uu.net, located in the directory /languages/perl.
 Dictionaries can be found on coast.cs.purdue.edu, located
 in the directory /pub/dict.
 

npasswd     ( **** )

 Npasswd is a public domain proactive password checker that
 replaces the standard "passwd" command, in order to prevent
 users from selecting easily-guessable passwords.  Npasswd
 requires a dictionary for lookups.  According to the
 documentation it runs on: 4.3BSD, SunOS 4.0, and SVR3(untested)
 and has patches for use with NIS.  If used, it is recommended
 to use DBM files for dictionaries, instead of flat files,
 since flat files would be searched using egrep on the
 command line.
 Npasswd is available via anonymous ftp://ftp.cc.utexas.edu/pub/npasswd/.
 

passwd+     ( *** )

 Passwd+ is a public domain proactive password checker that
 replaces /bin/passwd on your system.  It is rule-based and
 easily configurable.  It prevents users from selecting a
 weak password so that programs like "CRACK" can't guess
 it, and it provides enhanced syslog logging.  According to
 the documentation it runs on: SunOS 4.X, Solaris 2.3, Ultrix
 4.3A, and SGI IRIX 4.x.

 Passwd+ is available via anonymous ftp://tam.cs.ucdavis.edu/pub/security/.
 

Crack  ( **** )

Crack is a password cracker.
Is' availabile via www at http://www.users.dircon.co.uk
 

Sudo  ( **** )

Sudo allows a system administrator to give limited root privileges to user and log their activities. This version of Sudo is also known as CU-sudo.
It's availabile via anonymous ftp://ftp.cs.colorado.edu
 

SCREEN LOCKING

 These controls lock the workstation if it is left idle.

Xautolock   ( ***** )

 Xautolock is a public domain program which monitors console
 activity, and starts up a program of your choice after a
 specified amount of idle time has passed.  You can use this
 to automatically start up a screen locker such as xlock or
 xlockmore.
 Xlock  is a screenlocking program that comes with Sun's Openwindows.
 Xlockmore is xlock with added functionality and portability.

 Xlockmore is available via anonymous ftp://ftp.x.org/contrib/applications/.
 

Xscreensaver   ( ***** )

 When properly configured, xscreensaver can be used as a
 screenlocker for machines using Motif.  Xscreensaver monitors
 keyboard and mouse movement and will lock the screen after
 the timeout threshold has been exceeded.  A nice feature
 of xscreensaver is that any program that draws on the root
 window of the screen can be used as a screensaver without
 modification.

 Xscreensaver is available via anonymous ftp://ftp.x.org/contrib/applications/.
 

Additional Information (Reference)

        ftp://info.cert.org/pub/tech_tips/UNIX_configuration_guidelines
        ftp://info.cert.org/pub/tech_tips/security_tools

        http://www.cs.purdue.edu/coast
        http://www.nsi.org/compsec.html
        http://www.telstra.com.au/info/security.html
        http://www.iss.net
        http://www.ncsa.com