Use a program called script, it makes a typescript of terminal session, meaning it logs everything printed on your terminal. Use `man script` to get more information about it.
– Suramya
May 7, 2005
How to see which programs are opening ports
These tools will help you identify which programs are opening what ports on the system.
1. lsof | grep ‘IPv.’
lsof shows the list of open files, piping it through grep and searching for IPv will give you a list of ports used by a program
lsof -i TCP:<PORT>
where PORT is the one you need to know about the program behind it.
2. netstat -anp
Should display open ports, machines connected to the ports as well as which application has that port open.
If you know of any other ways let me know.
– Suramya
May 5, 2005
The Coroner Toolkit
Linux Magazine has a really good article on The Coroner Tool kit which allows a sysadmin to perform forensics analysis on a compromized system.
Article: Linux Magazine
The Coroner Toolkit: Download Page
– Suramya
April 28, 2005
Forum on computer security
Cool forum that touches on every aspect of computer security:
April 27, 2005
Detecting suspicious network traffic with psad
These are light weight tools that alert you to suspicious network activity by analyzing iptables log files. This article contains information on how to install and configure psad.
– Suramya
April 24, 2005
Allow non administrators to run Autocad etc
Some applications like autocad require the current user to be logged in as an administrator in order to use them and as you can imagine thats not a good idea. Esp if this makes you give admin access to users who are likely to install random software and otherwise mess up a perfectly good system.
To avoid this situation follow the following instructions by Anomic Anomaly posted on the Security Basics mailing list:
1. Grab ‘FileMon’ and ‘RegMon’ (both free) from SysInternals
2. Run AutoCad and monitor the changes made to the filesystem and registry.
3. Modify permissions only on those specific areas and give the user access to them
4. Watch your users happily run AutoCad as a User.
– Suramya
April 22, 2005
Setting up encrypted tunnels
Sometimes its desireable to setup an encrypted tunnel between two networked computers so that you can transfer data between them without letting anyone snoop the traffic.
The following are some of the programs that enable you to setup secure tunnels:
Cryptcat is the standard netcat enhanced with twofish encryption.
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL. It allows you to secure non-SSL aware daemons and protocols (like POP, IMAP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon’s code.
Zebedee is a simple program to establish an encrypted, compressed â??tunnelâ?? for TCP/IP or UDP data transfer between two systems.
SSH allows you to redirect local and remote ports over a secure SSH connection. The main advantage of this is that no extra software needs to be installed on the systems in order to use it.
In you know of others let me know and I will add them.
– Suramya
April 21, 2005
How to map network
If you ever had to find all of the IP’s of the routers and computers on a network then these programs are for you. I havn’t tried them myself yet but they look promising. (The descriptions are taken verbatin from their respective websites)
Angry IP scanner is a very fast IP scanner for Windows. It can scan IPs in any range. Its binary file size is very small compared to other IP scanners. Angry IP scanner simply pings each IP address to check if it’s alive, then optionally it is resolving hostname, scans ports, etc.
A powerful connect-based TCP port scanner, pinger and hostname resolver. Multithreaded and asynchronous techniques make this program extremely fast and versatile. Perform ping scans and port scans using any IP range or specify a text file to extract addresses from.
Cheops is an Open Source Network User Interface. It is designed to be the network equivalent of a swiss-army knife, unifying your network utilities.
As usual if you know of any others let me know.
– Suramya
April 17, 2005
Securing Apache 2: Step-by-Step
Apache is one of the most common Webservers being used today and Apache 2 is the latest release of this great product. Although Apache2 is fairly secure in its default installation it needs to be tweaked a little to make it more secured. The following article is a step by step guide on how to do this. Check it out. Its worth the time…
Article Link: Securing Apache 2
– Suramya
Information Security papers
Links with papers on information security:
Has a great selection of articles with detailed instructions on how to secure various components of a OS.
Has a great selection of articles with detailed instructions on how to secure various components of a OS.
While Mandatory Access Controls (MAC) are appropriate for multilevel secure military applications, Discretionary Access Controls (DAC) are often perceived as meeting the security processing needs of industry and civilian government. This paper argues that reliance on DAC as the principal method of access control is unfounded and inappropriate for many commercial and civilian government organizations. The paper describes a type of non-discretionary access control – role-based access control (RBAC) – that is more central to the secure processing needs of non-military systems then DAC.
(Abstract Copied verbatin from site)
A NSA based project that attempts to create a more secure version on Linux.
The Information Security Writers group (Infosec Writers) is designed to serve as a primary Internet-based source of information, relating to various Information Security issues and topics.
(Abstract Copied verbatin from site)
Information Systems Security Mechanisms:
A collection of resources on computer security.
As always if you know of a resource not listed here, let me know and I will add it.
– Suramya