8 Of The Best Security Audit Tools For Linux


Cyber security is perhaps one of the most talked about topics lately, and very rightly so! We live in some hard times with respect to security and privacy even as we spend more and more time online. Linux is a secure platform, much safer than what propriety solutions can only dream of. However, to remain a step ahead of attackers it is essential users are aware of security tools at hand.

1.chkrootkit

chkrootkit is a Unix-based program intended to help system administrators check their system for known rootkits. It is a shell script using common UNIX/Linux tools like the strings and grep commands to search core system programs for signatures and for comparing a traversal of the /proc filesystem with the output of the ps (process status) command to look for discrepancies.

2.checkps

Program to detect rootkits by detecting falsified output and similar anolomies. The ps check should work on anything with /proc.

3.rkdet

This program is a daemon intended to catch someone installing a rootkit or running a packet sniffer. It is designed to run continually with a small footprint under an innocuous name. When triggered, it sends email, appends to a logfile, and disables networking or halts the system.

4.fsaudit

Program to scan filesystems and search for suspicious looking directories, and only notify when changes occur.

5.Argus

Open source layer 2+ auditing tool (including IP audit) that can be used to help support network security management and network forensics. Argus can easily be adapted to be a network activity monitoring system, easily answering a variety of activity questions (such as bandwidth utilisation). It can also be used to track network performance through the stack, and capture higher level protocol data. 


6.Unicornscan

Unicornscan is an attempt at a User-land Distributed TCP/IP stack. It is intended to provide a researcher a superior interface for introducing a stimulus into and measuring a response from a TCP/IP enabled device or network.

7.P0f

Tool that utilises an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications without interfering in any way.

8.Disco

Disco is a passive IP discovery and fingerprinting utility designed to sit on segments distributed throughout a network to discover unique IP's on the network. In addition to IP discovery disco has the ability to passively fingerprint TCP SYN packets and TCP SYNACK packets. 

0 Comment " 8 Of The Best Security Audit Tools For Linux"

Post a Comment