Linux network security tool details

Ttysnoop 3.ttysnoop (s) is a redirection to a Terminal, all the input/output to another Terminal program.

Now I know it's for the Web site, but always even http://uscan.cjb.net not up, otherwise I got ttysnoop-0.12c-5, http://rpmfind.net/linux/rpm/contrib/libc6/i386/ttysnoop-0.12c-5.i386.html this version seems to also could not support the shadowpassword, after installation you will need to manually create the directory/var/spool/ttysnoop testing this program is interesting, here are the relevant directive: bitscn.com China network management Union firstly to/etc/inetd.conf in in.telnetd default call login login program to/sbin/ttysnoops, like this: root @ jephe/etc] # moreinetd.conf/grepin.telnetd telnetstreamtcpnowaitroot/usr/sbin/tcpdin.telnetd-L/sbin/ttysnoops changes must run killall-HUPinetd to make it work, make sure that you do not use shadow passwords, use # pwunconv prohibit shadow password. Then edit the file/etc/snooptab default configuration. Root @ jephe/etc] #/dev/ttyS1 moresnooptab tty7login/bin/login/dev/ttyS2 tty8login/bin/login * socketlogin/bin/login------Finally, if someone is logged on to a Terminal in (you can use the w command to view it in which Terminal), such as logon terminal equipment for ttyp0, then you can log into the server into #/bin/ttysnoopttyp0 (prompt for root password, again, mentioned this version does not support shadow passwords) to monitor the user's login window. 4.nmap nmap is used on a larger network port scanning tool that can detect the server what TCP/IP ports are open. You can run it to ensure that has disabled it shouldn't open non-secure port number. Nmap's home page at http://www.insecure.org/nmap/index.html play.bitscn.com tired to play it here to give a simple example: root @ sh-proxy/etc] #/usr/local/bin/nmappublic. sta.net .cn StartingnmapV.2.12byFyodor (& nbspfyodor@dhp.com, www.insecure.org/nmap/) Interestingportsonpublic sta.net .cn (202.96.199.97): PortStateProtocolService 21opentcptp 23opentcptelnet 25opentcpsmtp 109opentcppop-2 110opentcppop-3 143opentcpimap2 513opentcplogin 514opentcpsell 7000opentcpafs3-fileserver Nmapruncompleted — 1IPaddress (1hostup) scannedin15seconds Johntheripper on Linux, the password is stored in a hash format, you cannot reverse from the hash table of the password, but you can take a list of words hash is compared after it, as the same in relation to guess the password. It is a hard-to-guess password. Generally, you should never use a word exists in the dictionary as a password, it is quite easy to guess. Also can't use some of the common rules of alphanumeric sort to use as a password, 123abc, etc. Johntheripper is a highly efficient and easy-to-use, password guessing programs, its home page in http://www.openwall.com/john/blog.bitscn.com network management blog waiting for you to try to download the tar.gz format forUNIX programs, and then use tarxvfzjohn * .tar.gz untied to any directory. Enter the src directory, enter the makelinux-x86-any-elf (I use redhat6.1) will run Directory generates several files, including master john. Now you want to Crack the password can be run./john/etc/passwd. John can Crack by htpasswd is used to validate the generated by apache user's password, if you created a user htpasswd-capachepasswduser user, and generates a password, you can also use johnapachepasswd to guess. JoHn at guessing the password is output on the Terminal, and the guessing out of passwords stored in john.pot file. Another passwordCracker is known for classic Cracker. home page at http://www.users.dircon.co.uk/~crypto/Logceck Logcheck is used to automatically check for system security intrusion events and unusual activity logging tool that analyzes the various Linuxlog files, like/var/log/messages,/var/log/secure,/var/log/maillog etc, and then build a possible security problem reports automatically sent by email to the administrator. You can set it on a per hour or a day with crond to run automatically. Logcheck tool home page at http://www.psionic.com/abacus/logcheck/after unpacking to a tarxvfzlogcheck * temporary directory such as/tmp, then automatically generated with./makelinux corresponding files to/usr/local/etc,/usr/local/bin/etc directory, you can change settings such as sending notification to who of mail accounts, the default is sent to the root, you can set the root of the mail alias account to a group of people, change the setting to ignore certain types of information such as your email record file plug-gw because plug-gw do reverse IP lookup, if not found then log a warning message to/var/log/maillog, logcheck default logs all these warnings sent to you, you can set ignored them. BitsCN create network management learning platform use logcheck tool analyzes your logfile, avoiding the often manually every day you check them, saving time and increased efficiency. Tripwire Tripwire is the one used to verify file integrity is a very useful tool, you can define which file/directory needs to be tested, but the default setting will satisfy most requirements, which runs in four modules: database-generated model, a database update mode, file integrity checking, interactive database updates. When initializing the database generates, it builds on an existing file in a variety of information in the event of a database file, then your system files or configuration files are accidentally change, replace, delete, it will be every day based on the original database on an existing file for comparison see which file is changed, you can email results to determine whether there is a system intrusion and other unexpected events. Tripwire's home page at http://www.tripwiresecurity.com/,tripwire-1.2.3 versions you can use free of charge. If you use RedhatLinux6.1, you also get the latest 6.1 reconstruction of Tripwire-1.2.3 (http://rufus.w3.org/linux/rpm/powertools/6.1/i386/tripwire-1.2-3.i386.html) when you manually change the system configuration file or program, you can manually once again generated a database file, run tripwire-initialize in the current directory to create the databases directory and the directory to generate a new system database file, and then cp to/var/spool/tripwire directory overwriting old ones.