Three network security tools used in Linux system

One, John the Ripper

In Linux, passwords are stored in hash format, you cannot reverse the analysis of a password from the hash table, but you can compare it to a set of word hashes, and then guess the password if the same. So it is critical to have a password that is difficult to guess. Generally you cannot use a word in a dictionary as a password, which is fairly easy to guess. In addition, it is not possible to use some of the usual rules of alphanumeric arrangement as a password, to 123abc and so on.

John the Ripper is an efficient and easy to use password guessing program.

Download the tar.gz-formatted for UNIX program and then use tar xvfz john*.tar.gz to unlock any directory. Enter the SRC directory and break into make linux-x86-any-elf (I use Redhat 6.1) to generate several execution files in the run directory, including the main program John. Now you need to crack the password to run./john/etc/passwd.

John can also crack a password generated by HTPASSWD to authenticate the Apache user, and if you create a user with htpasswd-c apachepasswd user and generate a password, you can also use John APACHEPASSWD to make a guess.

John guesses the password and prints it on the terminal and saves the guessed password in the John.pot file.

Another password cracker is the classic cracker that everyone knows.

Second, Logcheck

Logcheck is a tool for automatically checking system security intrusion events and abnormal activity records, analyzing various Linux log files, like/var/log/messages,/var/log/secure,/var/log/maillog, etc. Then generate a problem report that may have security problems automatically send email to admin. You can set it on an hourly basis, or use Crond to come from a dynamic operation every day.

Logcheck tool after downloading with tar Xvfz logcheck* to a temporary directory such as/TMP, and then use./make Linux automatically generate the corresponding files to the/usr/local/etc,/usr/local/bin/directory, You may change settings such as send a notification to who's mail account, default to send to root, you can set root mail alias account to a group of people, change settings to ignore certain types of messages such as your mail record file PLUG-GW, because PLUG-GW do reverse IP lookup, If it is not found, record a warning message to the/var/log/maillog,logcheck default record all these warnings are sent to you, and you can ignore them by setting them. Use the Logcheck tool to analyze all your logfile and avoid checking them manually every day, saving time and improving efficiency.

Third, tripwire

Tripwire is a very useful tool for verifying file integrity, and you can define which files/directories need to be checked, but the default setting meets most requirements, running in four models: Database generation mode, database update mode, file integrity check, interactive database update. When initializing a database, it generates a database file of various information about an existing file, and if later your system files or various configuration files are accidentally altered, replaced, deleted, it will compare existing files based on the original database on a daily basis and find out which files have been changed. You can determine whether there is a system intrusion and other unexpected events according to the results of the email.

If you use Redhat Linux 6.1, you can also get the latest Tripwire-1.2.3 for 6.1 reconstruction

When you manually change the configuration file or program in the system, you can manually generate the database file again, run tripwire-initialize to create the databases directory under the current directory and generate a new system database file in the directory, then CP to/var/spool/ The tripwire directory overwrites the old