Samhain for SLES9

Samhain is a multiplatform, open source solution for centralized file integrity checking / host-based intrusion detection on POSIX systems (Unix, Linux, Cygwin/Windows). It has been designed to monitor multiple hosts with potentially different operating systems from a central location, although it can also be used as standalone application on a single host.

SOURCE

This is a tutorial on how to install and configure Samhain IDS for Suse Linux Enterprise Server 9.

Linux, Network Security, Tutorials/Whitepapers Read More

SlackFire firewall for Slackers

$ whatis slackfire

SlackFire is an iptables script written especially for Slackware, my favourite Linux distribution in this corner of the Galaxy. The main purpose of the script is to protect a stand-alone machine or a small network with a stateful firewall. SlackFire isn’t perfect (yet) but have you seen a perfect iptables script? 
Anyway, I hope that README and this screenshot will give an idea of how it works and how it doesn’t.
SlackFire may be freely used, modified, and distributed under the terms of the GNU General Public License with any Linux distribution except Caldera and those RedHat releases which are not legally available for free download.Source: http://slackfire.berlios.de/

Firewalls, Linux, Network Security, Tutorials/Whitepapers Read More

ClamAV Antivirus for Slackware

The reason I decided to set this up was because firewall isn’t enough, even for linux. Remember teh firewall I wrote about a little while ago? ~~>Firewall Tutorial<~~ Well I was checking my logs and found that it was blocking a trojan trying to make an external connection to some outside ip, and another trying to make a connection to my internal gateway. So I’d thought I’d set this ClamAV up to scan my box to see what it came up with. As far as I know this is the only AntiVirus scanner for linux.

Linux, Network Security, Tutorials/Whitepapers Read More

Verify Open Ports and Identify Service

When I’m asked to do a security review for the business unit one of the steps of my review is to identify all open and listening ports.  I also attempt to find out what service is running on the port.  My first step is to run nmap against the server to see what ports are listening for TCP connections.  You can simply run nmap localhost or nmap -sT -O localhost for OS detection. It should give you an output like the following:

Linux, Network Security Read More