“Three Linux Security Tools”
Charles Huhn
ITT-Technical Institute

Abstract: UNIX/Linux operating system have hundreds of security tools out there for protecting valuable information. Out of the many tools on the market, I’ve researched three and wrote about them. The three tools that I’ve research are Nmap, Nessus, and Chkrootkit. In this paper I’ll go over how they enforce security, what threats these tools are designed to eliminate, and what organization is behind the tool.

The first security tool I researched is called Nmap Security Scanner. Nmap stands for “Network Mapper”. It can be downloaded for free and comes with a full source code that you can modify and redistribute. Nmap has been used to scan huge networks of literally hundreds of thousands of machines and also works fine with a single host. Not only is it used for Linux, but it runs on all other major computer operating systems like Windows and Mac OS X. Nmap allows you to explore and audit a network. It uses IP packets to determine what hosts are available on the network, what services those hosts are offering, what operating systems they are running, what type of firewalls are being used, and many other characteristics. Network administrators find it useful for tasks like network inventory, managing service upgrade schedules, and monitoring host or service uptime. In addition to the classic command-line, the Nmap suite includes an advanced GUI called Zenmap. Nmap comes with no warranty and there is no organization behind it. It is supported by a community of developers and users. Another cool thing I found out is that Nmap was seen in eight movies including, The Matrix Reloaded, Die Hard 4, and The Bourne Ultimatum.
The next Linux security tool I researched is called Nessus Vulnerability Scanner. The Nessus Project was started by Renaud Deraison in 1998 to provide to the Internet community a free remote security scanner that was also open source. On October 5, 2005, Tenable Network Security changed Nessus 3 to a proprietary license. The Nessus 3 tool is still free of charge; however the professional feed costs $1200 for a one year subscription which gives access to support and additional scripts. Nessus 3 has the ability to perform configuration audits, technical support, SCADA vulnerability audits, the latest network checks and patch audits, the ability to audit anti-virus configurations. It also has the ability to perform sensitive data searches to look for credit card, social security number and many other types of corporate data. Although the high price, it is the world’s most popular vulnerability scanner and used in over 75,000 organizations world-wide. Nessus probes your network machines against an up-to-date security vulnerability database, alerting the user of security holes, with details on how to fix each hole. In typical operation, Nessus begins by doing a port scan with one of its four internal port scanners to determine which ports are open on the target and then tries various exploits on the open ports. Tenable Network Security produces several dozen new vulnerability checks each week. These checks are available for free to the general public. In my opinion, the Nessus Vulnerability Scanner seems to be the best port scanner on the market considering all of its other features for a single host user. The final security tool that caught my eye is Chkrootkit which means Check Rootkit. There are no know organizations behind the tool, but includes software developed by the DFN-CERT, Univ. of Hamburg and small portions of its ifconfig was developed by Fred N. van Kempen. Chkrootkit is a tool designed to locally check for signs of a root kit on your Linux machine. Root kits are files that can hide on your machine after a break in that allows an attacker to gain access to your computer in the future. Chkrootkit is a collection of tools to detect the presence of rootkits. It is a free, open source utility, and it detects almost all the latest rootkits out there because the open source community of contributors keeps it up to date. Chkrootkit is a Unix-based program intended to help system administrators check their system for known rootkits. It is a shell script using common UNIX/Linux tools like the grep commands to search core system programs for signatures and for comparing a traversal of the /proc file system with the output of the process status command to look for discrepancies. A few great features of chkrootkit are that it detects more than 60 old and new kits, is capable of detecting network interfaces in promiscuous mode, can efficiently detect altered lastlog and wtmp files, has easy command-line access with straightforward options, and has a wordy output mode to help admins automate tasks. This tool is packed with other tools to help check for signs of a rootkit which are as follows… * chkrootkit: shell script that checks system binaries for rootkit modification. * ifpromisc.c: checks if the interface is in promiscuous mode. * chklastlog.c: checks for lastlog deletions. * chkwtmp.c: checks for wtmp deletions. * check_wtmpx.c: checks for wtmpx deletions. * chkproc.c: checks for signs of LKM trojans. * chkdirs.c: checks for signs of LKM trojans. * strings.c: quick and dirty strings replacement. * chkutmp.c: checks for utmp deletions.
In my opinion, this a great tool for checking rootkits and other security issues. One of the smart things about this program is that it comes with other helpful programs too. In conclusion, I never realized just how many security tools are out there for Linux. With all the hackers and security threats networks face every day, it’s mandatory to have some kind of security set up. A network should always be monitored for attacks and an administrator should always be ready if it were to happen.

Works referenced

Bradley, T. (n.d.). Internet / network security. Retrieved from http://netsecurity.about.com/cs/toolsutilities/p/aapf100403.htm

Chkrootkit — eliminate the enemy within. (2011, October 1). Retrieved from http://www.linuxforu.com/2011/10/chkrootkit-eliminate-enemy-within/

Linux tips, tricks, and opinions. (2007, January 3). Retrieved from http://www.foogazi.com/2007/01/03/the-best-linux-security-tools/

Tenable network security. (n.d.). Retrieved from https://store.tenable.com/?main_page=inde&xcPath=1

Wikipedea, nessus (software). (n.d.). Retrieved from http://en.wikipedia.org/wiki/Nessus_(software)

(n.d.). Retrieved from http://sectools.org/