Monitor whether your network is under attack

Do you want to harden your Linux computer? In fact, this is not difficult. There are five tools to help you achieve this goal.

Chkrootkit

First, we need to introduce chkrootkit. This program is designed to check the list of many well-known rootkits available on the chkrootkit website ). Running chkrookit is very simple: Download the source code, unpack the software package, and enter make in the directory where the file is unlocked. After that, chkrootkit will be ready at any time. Here is an example of the output of chkrootkit on my machine:

[Root @ jd chkrootkit-0.34] #./chkrootkit
ROOTDIR is '/'
Checking 'amd '... not found
Checking 'basename'... not infected
Checking 'biiff '... not found
Checking 'chfn '... not infected
Checking 'chsh'... not infected
Checking 'cron'... not infected
Checking 'date'... not infected
Checking 'du'... not infected
Checking 'dirname'... not infected
Checking 'echo '... not infected
Checking 'egrep '... not infected
Checking 'enabled'... not infected
Checking 'Find '... not infected
[...]
Chkrootkit is a good utility that can further convince us that our machine is not hacked.
In this case, I have been looking for such a group of good tools to achieve network monitoring and basic network security. During this research, I encountered the following programs, including NetSaint, OpenNMS, nmap, Bastille Linux, and Snort.

NetSaint

NetSaint is a simple Web-based utility that monitors your network. It even has a WAPWireless Access Protocol) interface. It supports a powerful plug-in mechanism to add additional functions and features. When I was playing with NetSaint, the only thing I did not like was that it claimed to be a sub-project in the open source community.

If the following characteristics are met, NetSaint may be a sub-project in the open source community:

1. There are many features
2. There are not many documents
3. Scattered release plans
4. No Technical Support
5. Difficult Installation
6. The file is not packaged into an RPM file.
I am particularly annoyed at, but I have been stuck in open source for a long time. While compiling PostgreSQL or Apache to customize parameters and optimize performance, I am also tired of dealing with all these source code. I just want to input rpm-I to finish the job. In any case, I seem to have taken the topic far away.

OpenNMS

In our introduction, OpenNMS seems to be a good program. I have downloaded and installed it before, but I cannot make it work normally. But after all, it is a previous task. I think it has made many improvements since then.
If you are familiar with Hp's OpenView Network Node management product, you will like OpenNMS. OpenNM
S requires support from Java, SNMP, and PostgreSQL. Installing OpenNMS requires no effort, because developers make this product mature and can compete with commercial software, sometimes even better than commercial software ).

Nmap

If you want to perform a port scan in the network to see if all the ports of the lock are locked, I suggest you use nmap. Below are some nmap output examples:

Interesting ports on (192.168.1.1 ):
(The 1545 ports scanned but not shown below are in state: closed)
PortState Service
22/tcp open ssh
53/tcp open domain
2030/tcpopen device2
32778/tcp filtered sometimes-rpc19

Remote operating system guess: Linux 2.1.19-2.2.17
Uptime 10.959 days (since Sun Oct 7 16:26:15 2001)

Nmap is finished. It takes 3 seconds to scan a host with an average IP address.
Nmap supports several different types of scans, including Stealth, Fin, and connection-based scans. You can apply it to operating system detection and scanning of different types of protocols, such as TCP ping and ICMP ping.

You can also have nmap report the vulnerability information of the machine you are scanning. A warning about running nmap: If you want to use nmap for scanning-you need to make sure that the host performing the scan is in the portsentry. ignore file of the scanned host. If not, you will find that your machine is blocked by the machine you are scanning.

Bastille Linux

Bastille Linux is a software package designed to protect and enhance Linux. Bastille Linux supports systems based on Red Hat and Mandrake. I used Bastille in the past and it worked very well. One thing I really appreciate about Bastille is that it will teach you when you use it. Each step you perform in this program is described. It will tell you why this is good, and will influence those potential places. These features make Bastille not only a powerful Security Enhancement tool, but also a teaching tool.

Snort

The last tool I want to introduce is Snort. Snort is an open source code and supports a series of features of network intrusion detection systems. It is widely valued in the network security circle. It has a custom rule set and the function of recording logs to the database. It can also work with other programs such as tcpdump.