- White Papers
- UNIX Password Security
- Password Security: A Case History
- Securing RedHat Linux | Solaris
- A Comaparison of the Security of Windows NT and UNIX
- Linux Security Quick Reference Guide
- Improving the security of your UNIX system
- Securing and Optimizing Red Hat Linux
- Solaris Security: Recommendations from SANS Step by Step
- Site Security Handbook - rfc1244 | rfc2196
- Guidelines for the Secure Operation of the Internet
- Solaris Operating Environment Security
- Rapid Recovery Techniques for Solaris Operating Environment
- Disaster Recovery Analysis Form
- Solaris Operating Environment Network Setting for Security
- UNIX System Security Checklist
- X Window Security
- UNIX Configuration Guidelines - from http://www.cert.org
- Tools
- John the Ripper
- John the Ripper is a password cracker, currently available for UNIX, DOS, Win32. Its primary purpose is to detect weak UNIX passwords.
- L0phtCrack
- Password Auditing and Recovery Application
- exec.c
- exec.c 1.0.4 is a kernel module which logs all the commands executed on the system. Extremely powerful stealth logging made easy! Changes: This release fixes a memory allocation problem. Please update to the current version if you use the module. This module should work on 2.2.* kernels. By Pat Szuta
- Virtual FTPD
- Virtual FTPD v6.4 is a secure FTP daemon which is derived from the OpenBSD ftp daemon and can allows virtual FTP accounts which do not have an /etc/passwd entry. For more information, here.
- Snoopy
- Snoopy is designed to log all commands executed by providing a transparent wrapper around calls to execve() via LD_PRELOAD. Logging is done via syslogd and written to authpriv, allowing secure offsite logging of activity. Changes: Integrity checking, a new method of logging, and faster logging.
- FPF
- FPF is a lkm for Linux which changes the TCP/IP stack in order to emulate other OS's TCP fingerprint. The package contains the lkm and a parser for the nmap file that let you choose directly the os you want. For more information, here.
- Imsafe
- Imsafe is a host-based intrusion detection tool for Linux which does anomaly detection at the process level and tries to detect various type of attacks. Since Imsafe doesn't know anything about specific attacks, it can detect unknown and unpublished attacks or any other form of malicious use of the monitored application. Created for Linux systems but works on almost every UNIX flavor by watching strace outputs. Screenshots available here. Warning: Still in alpha. For more information, here.
- IPtrap
- IPtrap listens to several TCP ports to simulate fake services (X11, Netbios, DNS, etc) . When a remote client connects to one of these ports, his IP address gets immediately firewalled and an alert is logged. It runs with iptables and ipchains, but any external script can also be launched. IPv6 is supported. Changes: Logging the scanned port, and no more iptables/ipchains zombies. For more information, here.
- LOMAC
- LOMAC is a security enhancement for Linux that uses Low Water-Mark Mandatory Access Control to protect the integrity of processes and data from viruses, Trojan horses, malicious remote users, and compromised root daemons. LOMAC is implemented as a loadable kernel module - no kernel recompilations or changes to existing applications are required. Although not all the planned features are currently implemented, it presently provides sufficient protection to thwart script-kiddies, and is stable enough for everyday use. Whitepaper available here. Manual available here. Changes: Added mediation of directory modification operations, improving protection. here.
- Maxty
- Maxty is a small kernel-space tty sniffer. It is a LKM which will attach to read/write syscalls and save incoming/outgoing requests to opened tty devices into separate log files. It provides a way keeping a track what is happening on virtual consoles similar to a keystroke recorder.
- John the Ripper
- Links
SECURING YOUR UNIX SYSTEMS