First One!

Discuss open-source security software and projects

Moderators: scrumpy, Dave, leihog

First One!

Postby vciaglia on Fri Aug 04, 2006 5:21 pm

No posts here but we want to start talking about something. Could be interesting to discuss with you what are your favourite security-oriented package, why you use it/them and in which way you want to improve it/them.
vciaglia
 
Posts: 60
Joined: Wed Jun 14, 2006 4:32 pm
Location: Italy

Favorite Security Orientated Service...

Postby shadowteller on Tue Aug 08, 2006 1:14 am

A poll on this would be cool, but I would say I love these Apps and use them quite a lot in both the military and on the civilian side.

1)AIDE (http://www.cs.tut.fi/~rammer/aide.html) Advanced Intrusion Detection Enviroment. To use this tool you would install your OS, add your applications then run this tool before you put it on the network. It will allow you to see files that have been tampered with in any way. It goes beyond what Tripwire does so I feel it is a little better, plus it is totally free.

2)PyFLAG (http://pyflag.sourceforge.net/) Python Forensic and Log Analysis GUI. Great tool for sifting through log file data. It uses a database backend to speed things up. You can install it on a central server (I installed it to a liveCD and have the dB on a thumbdrive) and then execute it from anywhere on the network. Pretty much just use it for log analysis, but it can also be used for automation and scripting.

3)cnet (http://www.csse.uwa.edu.au/cnet/) is a network simulation tool. It can be deployed before designing a network to seek out possible vulnerabilities. After an attack you can check to see where vulnerabilities existed narrowing down where you may need to look.

4)Snort with Barnyard. A very aggressive IDS and IPS system. It is probably one of the most widely used systems. With barnyard it has an even faster output. You should use it daily to examine possible attacks and “train” it. It will automatically block stuff it suspects based on rules that are setup. If something becomes overly suspicious you can then investigate it further. You need to “train” it because some websites such as MSN and Google get blocked because of it frequented use by users.

5)amap (http://www.thc.org/thc-amap/) Use this tool in conjuction with nmap. This tool scans for applications even if they are running on different ports. By using trigger packets and referencing responses it can identify non-ascii based applications so if you forgot where you installed possible program that has an opening or even had a auto-installer of some sort install it and it isn’t running where it normally should for instance I usually configure SSH to run on port 444, but sometimes it gets install else where such as on port 44 I can find it with amap, where nmap would just say the port is open..

6)Egressor (http://www.packetfactory.net/projects/egressor/) Like titan is to servers this is to routers. I use it because it allows companies or individuals to check your/their routers for configuration problems that may possibly allow DDoS attacks.

7)Finally Bastille (http://www.bastille-linux.org/)...this is a great tool for hardening your linux system. Very fast and easy to install and run.
shadowteller
 
Posts: 7
Joined: Tue Aug 08, 2006 1:06 am

Re: Favorite Security Orientated Service...

Postby vciaglia on Tue Aug 08, 2006 3:48 am

shadowteller,

shadowteller wrote:A poll on this would be cool, but I would say I love these Apps and use them quite a lot in both the military and on the civilian side.


Thank you very much for your very interesting post. We'll consider some tools to include them in the next releases of EnGarde Secure Linux.
vciaglia
 
Posts: 60
Joined: Wed Jun 14, 2006 4:32 pm
Location: Italy

Re: Favorite Security Orientated Service...

Postby eric on Tue Aug 08, 2006 11:34 am

shadowteller,

Have you considered building any of these packages for EnGarde (aside from AIDE since it comes installed)?
Also is there anything that Bastille does to harden the system that EnGarde doesn't do out of the box that is of interest to you?

Eric
eric
Site Admin
 
Posts: 234
Joined: Wed Jun 14, 2006 11:15 am
Location: New Jersey, USA

Postby shadowteller on Tue Aug 08, 2006 4:50 pm

@eric

Ooops I thought Engarde only came with Tripwire. That is why I included AIDE on my list. My bad. Was downloading software for first time as I was posting.

Since I listed seven tools I guess I could make it my mission to implement the seven tools. Well Six since AIDE is already implemented.

I will find out more about Bastille vs Engarde, once I get an Engarde system up and running. After that I will report back to see if Bastille picks anthing up ;)

So I will attempt to install PyFLAG, cnet, Barnyard (since snort is already included), and amap.

Not sure if Egressor would be useful to Engarde since it is designed for routers. I just threw those tools up there because I believed the question to be a genral security question towards linux not towards engarde. But I am up for the challenge to see what ones would work.

Finally just to throw a monkey wrench into my own mess. I am going to try to implement litespeed tech webserver instead apache. IMHO it performs a lot better.
shadowteller
 
Posts: 7
Joined: Tue Aug 08, 2006 1:06 am

Re: Favorite Security Orientated Service...

Postby eric on Wed Aug 09, 2006 12:10 pm

shadowteller,
Prior to EnGarde 3.x, it did only come with Tripwire, so in that sense you are correct. If you do build these packages, let me know so we can make them available to the community for others who would like to take advantage of them.

Eric
eric
Site Admin
 
Posts: 234
Joined: Wed Jun 14, 2006 11:15 am
Location: New Jersey, USA

Mission Launch

Postby shadowteller on Fri Aug 11, 2006 11:14 pm

Well I have a spare AMD x64 with 3 80GB HDs, going to RAID 5 once things load. Problem is doing an automatic install goes pretty well except on bootup, the system hangs at the normal bootloader stage...All I get is an "L" at the top left of the screen...I assume without looking that Engarde uses Lilo? So I have even used a recovery CD (Gentoo) and did an FDISK. And formated the HD with I XFS just to wipe over everything.

Did the install again, and got the same boring old "L". Suggestions???

Thanx in advance.
~prestN
shadowteller
 
Posts: 7
Joined: Tue Aug 08, 2006 1:06 am

RE: First One!

Postby eric on Tue Aug 15, 2006 1:57 pm

shadowteller,

The first thing I have to ask for more information about your hardware. What type of controller are you using?
Next, if the only thing you are getting is an 'L' out of Lilo, then I would take a look at http://learnlinux.tsf.org.za/courses/build/sys-admin/apas02.html. There is an error code table about 1/2 way down the page that maybe able to provide both you and I more insight into the problem.

Eric
eric
Site Admin
 
Posts: 234
Joined: Wed Jun 14, 2006 11:15 am
Location: New Jersey, USA

RE: First One!

Postby shadowteller on Wed Aug 16, 2006 10:58 pm

CPU: AMD Athlon™ 64 3400+ Processor
Chipset: ATI® RS482
Memory: 512MB DDR SDRAM (2 × 512MB), PC3200
Hard Drive: 3x80GB (7200rpm, 8MB cache)
Optical Drive: 16x DVD±RW multiformat double layer drive
*Media Reader: 8-in-1 digital media manager (Secure Digital™ (SD), Smart Media, Micro Drive, Memory Stick®, Memory Stick Pro®, Compact Flash, Mulitimedia Card, USB 2.0)
Video: ATI® Radeon® Xpress 200 (PCI-Express® )
Up to 128MB DDR shared video memory BIOS controllable
*Sound: AC '97 Audio, Dolby 5.1 (6-channel)
Network: 2x10/100Mbps integrated Ethernet LAN(Realtek)

*Built-in but don't intend to use.


Its just a single "L" nothing else follows.....I looked at the Lilo boot errors and none match up. I am going to try a different box here pretty soon if I can't get this one to work. I have an old dell 4550 3.06 1GB laying around.

~prestN
shadowteller
 
Posts: 7
Joined: Tue Aug 08, 2006 1:06 am

RE: First One!

Postby eric on Thu Aug 17, 2006 3:09 pm

shadowteller,

Is it SATA or IDE?

Eric
eric
Site Admin
 
Posts: 234
Joined: Wed Jun 14, 2006 11:15 am
Location: New Jersey, USA

RE: First One!

Postby shadowteller on Fri Aug 18, 2006 6:53 pm

Eric,

Oops forgot to specify...this system can handle SATA and IDE, but the current HD is IDE.

Goodtimes....

~prestN
shadowteller
 
Posts: 7
Joined: Tue Aug 08, 2006 1:06 am

RE: First One!

Postby shadowteller on Tue Aug 22, 2006 2:16 am

Just won't fire off from that system...as I don't have memory fo the old clunky dell who will only accept PC2700 I am deviating a bit. I have VMware Server on my laptop I will try to run it from there on the non 64bit version.

I am so dieing to see the management console of Engarde.

~prestN
shadowteller
 
Posts: 7
Joined: Tue Aug 08, 2006 1:06 am

RE: First One!

Postby eric on Tue Aug 22, 2006 3:30 pm

shadowteller,

It appears that someone experienced a similar problem recently. The root of the problem ended up being jumper issues on the HD. Ensure the jumpers are correctly set on the HD. If this still does not fix the issue, try taking off cable select and forcing master/slave as appropriate. See if this works. Let me know.

Eric
eric
Site Admin
 
Posts: 234
Joined: Wed Jun 14, 2006 11:15 am
Location: New Jersey, USA

RE: First One!

Postby shadowteller on Wed Sep 27, 2006 2:18 am

Finally got it to work...the problem was (for future note) the hard drives that were inside of the machine used to be in another machine in a RAID 1 on boot and 0 for / setup... so the problem was the system was trying to detect the RAID and hanging on that. Found the help on another distros site by mistake. SO I am now playing with Engarde in a virtual system. Works quite nicely.

~prestN
shadowteller
 
Posts: 7
Joined: Tue Aug 08, 2006 1:06 am


Return to Secure Open Source. Free Software.

Who is online

Users browsing this forum: No registered users and 1 guest

cron