System Management: Make full use of Linux security protection tools (1)

Linux security protection is inseparable from various tools. The open source nature of Linux also promotes the development of these excellent security protection tools. Currently, there are a wide variety of security tools in Linux. This article selects some common and representative introductions, including system management tools and network management tools.

They are basically open-source, and are generally released along with release kits such as Red Hat Linux and Debian Linux. Some of them are not included in the release kits, and users can download and use them as provided in this Article. Due to the length of the article, this article only provides a guiding introduction to the usage, principles, and usage of these tools. To learn more about the usage, you can find and use these tools based on the introduction in this article.

◆ Protocol analysis tool-Ethereal

Ethereal is a famous network port detector. It is a network listening software that can run on Linux, Solaris, SGI, and other platforms, it monitors the machines running the protocol for the insecure TCP/IP protocol. Its function is equivalent to Sniffer in Windows. It captures and analyzes data packets in a shared network environment, and can freely add some plug-ins for it to implement additional functions.

The most common function is that attackers can detect the plaintext transmission data on the attacked computer through port 23 telnet) and Port 110pop3 to easily obtain the user's logon password and email account password. In general, Ethereal is basically a tool used by Destructors. For network administrators, packet capture analysis can also be used, to determine abnormal traffic and abnormal user communication within the LAN, such as P2P application software traffic such as Bit Torrent, which currently occupies network bandwidth, by using the software to determine the traffic, the network administrator can use the traffic control TC method to allocate bandwidth resources in a standardized and reasonable manner and improve the network utilization.

Ethereal can be used in http://www.ethereal

. Download com/download.html. The software has an extremely convenient and friendly graphical user interface, and allows users to display multiple NICs and protocols through graphical configuration and selection, the results are very good. The latest version is ethereal 0.10.12.

# Cp ethereal-0.10.12.tar.bz2/usr/local/src/

# Cd/usr/local/src/

# Bzip2-d ethereal-0.10.12.tar.bz2

# Tar xvf ethereal-0.10.12.tar

In addition, like Tcpdump, before compiling Ethereal, you should first determine that the pcap library libpcap has been installed), which is required for compiling Ethereal. If the library has been installed, run the following command to compile and install Ethereal:

# Cd ethereal-0.10.12

#./Configure

# Make

# Make install

After compilation and installation of Ethereal, you can run the "ethereal" command to start Ethereal. Before using Ethereal to intercept data packets, you should set appropriate filter rules for them to capture only the data packets of interest. Ethereal uses filtering rules similar to Tcpdump, and can easily store configured filtering rules.

Ethereal and other graphical sniffer use a similar interface. The entire window is divided into three parts: the top is the data packet list, which is used to display the summative information of each intercepted data packet; the Protocol tree is used in the middle to display the protocol information of the selected data packet. The bottom is the content of the data packet in hexadecimal format, which is used to display the final form of the data packet during physical layer upload and transmission. Ethereal can be used to conveniently analyze intercepted data packets, including the source address, destination address, and Protocol of the data packet.