Suramya’s Blog

The following is a list of programs that detect/monitor file changes on both *nix/Windows:

• Filemon
• Tripwire
• AIDE
• STEALTH
• Samhain

Good article on how to do a File Integrity Assesment and how to securely use AIDE.

- Suramya

Now this is a cool software. It allows a user to encrypt all communications using end-to-end encryption and routing based on Tor (Tor Overview)

The program is a ‘friendly’ fork of the Gaim project. In case you are wondering what a fork is, a project fork or branch happens when a developer (or a group of them) takes a copy of source code from one software package and starts to independently develop a new package.

The software itself is pretty cool, but its likely to come under heavy fire from various govt and ’spy’ agencies because the design of the software makes it really hard for anyone to eavesdrop on anyone. They will claim that this will allow terrorists and child pornographers to communicate anonymously.

It might be used by a terrorist but then so can a car (used as a getaway vehicle), a cell phone (used as a communication tool), watch (to sync timed attacks)… does this mean all of them should be banned as well? Any technology developed can be used for good as well as bad purposes.. starting with fire all the way upto a nuclear reaction… now that the genie is out of the bottle you can’t stuff it back in.

I think it will be useful for all sorts of people including:

Spies, to let them communicate with the home office, report anonymously
Corporate whistle blowers: they can report wrongs/broken laws without getting into trouble
People behind the great firewall of china, where you can be arrested for disagreeing with the government.

Check out the software: ScatterChat

Thanks to Schneier on Security for the link.

- Suramya

PS: I haven’t tried the software yet so don’t know how stable it is. Though I will be installing it shortly so will let you know how it goes.

Interesting software to try out for network monitoring. Hopefully it will be simpler to use/setup than some of the other software I have tried earlier.

Network monitoring with Cacti

This is an awesome article on how to create Encrypted Containers that makes it easy to create encrypted backup locations that can copied to other systems without hassle and are simple to use.

Protecting Files at Home Using Encrypted Containers

Configuring firewalls is not easy if you don’t know what you are doing and most of us don’t have the time of the paitience to spend hours figuring out internet security. But having a badly configured firewall is worse than having no firewall ’cause it gives you a false sense of security.

Thankfully there are tools out there that allow you to configure a decent firewall without needing a degree in rocket science. Chris Lynch has written an article on Newsforge which looks at Three tools to help you configure iptables.

Check it out.

- Suramya

Tools that will display group and user permissions on a set of folder:

Hyena

AccessEnum

xcacls

DumpSec

Scriptlogic

- Suramya

These programs will generate a per protocol/port bandwidth usage information on a given server:

flowscan

www.ntop.org

- Suramya

Use a program called script, it makes a typescript of terminal session, meaning it logs everything printed on your terminal. Use `man script` to get more information about it.

- Suramya

These tools will help you identify which programs are opening what ports on the system.

1. lsof | grep ‘IPv.’

lsof shows the list of open files, piping it through grep and searching for IPv will give you a list of ports used by a program

lsof -i TCP:<PORT>

where PORT is the one you need to know about the program behind it.

2. netstat -anp

Should display open ports, machines connected to the ports as well as which application has that port open.

If you know of any other ways let me know.

- Suramya

Linux Magazine has a really good article on The Coroner Tool kit which allows a sysadmin to perform forensics analysis on a compromized system.

Article: Linux Magazine
The Coroner Toolkit: Download Page

- Suramya