{"id":23704,"date":"2021-09-21T11:57:10","date_gmt":"2021-09-21T11:57:10","guid":{"rendered":"https:\/\/www.devopsschool.com\/blog\/?p=23704"},"modified":"2022-04-13T15:56:39","modified_gmt":"2022-04-13T15:56:39","slug":"linux-security-tools","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/linux-security-tools\/","title":{"rendered":"Linux Security Tools"},"content":{"rendered":"\n<ul class=\"wp-block-list\"><li><strong>Vulnerability Assessment with Nessus<\/strong><\/li><li><strong>Traffic Security with Ethereal<\/strong><\/li><li><strong>Web Proxying with Squid<\/strong><\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Vulnerability Assessment with Nessus<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Nessus is a vulnerability assessment tool<\/li><li>Comes built-in with most distros<\/li><li>More than just a port scanner<\/li><li>Ability to scan a sytem for open ports and services, applications, and vulnerabilities associated with system<\/li><li>Useful to help find your systems&#8217;s<\/li><li>Can be run against local host or networked systems<\/li><li>Requires root privileges to be effective<\/li><li>Two major pieces:<\/li><li>Server(nessusd)<\/li><li>Client(nessus)<\/li><li>Server is run on host to be canned, client is for viewing scan results<\/li><li>Requires a username and password or certificate to be setup<\/li><li>Use &#8216;nessus&#8217; command with options to configure program<\/li><li>Nessus uses port 1241 by default to listen, but can be changed<\/li><li>GUI can be used to configure scans and view them<\/li><li>Many scan options can cause DOS attack against target &#8211; use with caution!<\/li><li>Scan results can tell you about vulnerabilities, possible effetcs, and how to correct them<\/li><li>Nessus uses updateable database of Vulnerabilities<\/li><li>Usually kept very current<\/li><li>Ensure you check website for latst database updates<\/li><li>Nessus Demonstration<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Traffic Security with Ethereal<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Ethereal (now Wireshark) most popular network sniffer<\/li><li>Open source and commercial versions<\/li><li>De facto sniffer used with Linux<\/li><li>Uses libcap library<\/li><li>Enables &#8220;promiscuous mode&#8221; NIC opeartion<\/li><li>Can intercept any raw traffic NIC receives<\/li><li>Use to ensure communications security of your network:<\/li><li>Determine if integrity of packets are assured<\/li><li>Determine if\/when encryption in needed<\/li><li>Determine if paswords are secured<\/li><li>Can capture real-time traffic or saved traffic for later analysis<\/li><li>Saves to a file that is readable by different programs<\/li><li>Breaks out capture by time, protocol, source, and destination IP addresses\/MAC addresses<\/li><li>Ethereal Demonstration<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Web Proxying with Squid<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>A proxy runs on a server beween two networks<\/li><li>Client establishes connection through proxy to destination server\/network<\/li><li>Client negotiates with proxy server establish connection on behalf of client between proxy server and destination<\/li><li>Proxy then receives and forwards traffic to and from the client and destination on behalf of client<\/li><li>Effectively masquuerades client for security purposes<\/li><li>Squid is the most popular open-source Web proxy for Linux<\/li><li>Uses rules to determin if requests are valid or allowed<\/li><li>Checks web responses for validity<\/li><li>Can cache web pages to enhance performance<\/li><li>Can use plug-ins to perform additional rule checking and validate content<\/li><li>Configured using command line or Webmin grapical interface<\/li><li>Denies outgoing requests by default &#8211; must be configured to allow requests<\/li><li>Squid Configuration Demostration<\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Vulnerability Assessment with Nessus Traffic Security with Ethereal Web Proxying with Squid Vulnerability Assessment with Nessus Nessus is a vulnerability assessment tool Comes built-in with most distros More than just&#8230; <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_joinchat":[],"footnotes":""},"categories":[4957],"tags":[460,7055],"class_list":["post-23704","post","type-post","status-publish","format-standard","hentry","category-linux","tag-linux","tag-linux-security"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/23704","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=23704"}],"version-history":[{"count":1,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/23704\/revisions"}],"predecessor-version":[{"id":23705,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/23704\/revisions\/23705"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=23704"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=23704"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=23704"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}