This reminds of a question I've been pondering lately, which I believe would be on topic.
I have a box on a public IP -- speaking as a person who cannot devote 24/7 to security, are there any good automated tools to verify its "openness" in terms of security vulnerabilities?
I'm not talking about just potential root exploits and the like, but also about things like file permissions, which I find are hard to get exactly right on Unix (read: Linux with no special ACL stuff installed), where the file system does not support inheritance of security attributes.
Many Linux distros come with a script that's run nightly to report potential vulnerabilities, changed files etc. There are also tools like Snort and Tripwire. I also use Munin and check it daily for signs of DOS attacks and other suspicious activity (eg., a sudden increase in the number of listening ports).
What other automated tools do people here recommend?
I use OpenBSD, with pf blocking stuff from the Internet, I don't worry about getting rooted/hacked. Now, way back then I used Linux at work before firewalls and stuff, my linux box kept filling up the disk (too many services running I didn't know about), then it got hacked via a ftp vulnerability. My advice is: use OpenBSD as a firewall, sleep well. As a side benefit, the man pages are excellent.
Good recommendation -- unfortunately (1) I can't afford to pay for buying and co-locating an additional box to act as firewall for my Linux box, and my Linux box is definitely not going to become OpenBSD in the near term; and (2) blocking malicious network traffic is only part of being secure.
I used to run the Center for Internet Security benchmarking tools on a regular basis to audit my systems (particularly after applying patches to see what they had opened up). They can be found at http://www.cisecurity.org/ [cisecurity.org].
I would say, try nessus [nessus.org]. It is a very good vulnerability mapping tool. I use it to test various *nix/windows boxes. It has a lot of options which sometimes overwhelming at the beginning. But, once you get used to it, you'll never leave without it.
Retina [eeye.com] is another excellent tool, but pricey.
nmap and nessus are always in my 'bag'. use it on a regular basis.
Microsoft Baseline Security Analyzer [microsoft.com] scans security issues for the OS and any MS software you have installed. There are command-line options, so it could be run as a scheduled task.
Oops, from the topic I thought you were talking about a Windows box. Upon re-reading your post I see you seem to be talking about a Linux box. My mistake.
Their idea of an offer you can't refuse is an offer... and you'd better
not refuse.
Open source tools? (Score:3, Interesting)
I have a box on a public IP -- speaking as a person who cannot devote 24/7 to security, are there any good automated tools to verify its "openness" in terms of security vulnerabilities?
I'm not talking about just potential root exploits and the like, but also about things like file permissions, which I find are hard to get exactly right on Unix (read: Linux with no special ACL stuff installed), where the file system does not support inheritance of security attributes.
Many Linux distros come with a script that's run nightly to report potential vulnerabilities, changed files etc. There are also tools like Snort and Tripwire. I also use Munin and check it daily for signs of DOS attacks and other suspicious activity (eg., a sudden increase in the number of listening ports).
What other automated tools do people here recommend?
Re:Open source tools? (Score:0)
Re:Open source tools? (Score:2)
Re:Open source tools? (Score:0)
Re:Open source tools? (Score:2)
Re:Open source tools? (Score:1)
Nessus (was: Re:Open source tools?) (Score:1)
Retina [eeye.com] is another excellent tool, but pricey.
nmap and nessus are always in my 'bag'. use it on a regular basis.
Re:Open source tools? (Score:2)
Re:Open source tools? (Score:2)