B.2. Analysis ToolsThe tools in this category let you audit your system. Some perform audits and check for well-known security holes; others establish databases of checksums of all of the files in a system (to allow you to watch for changes to those files); some do both.B.2.1. COPSftp://coast.cs.purdue.edu/pub/tools/unix/copsCOPS, by Dan Farmer, is the Computer Oracle and Password System, a system that checks Unix systems for common security problems (such as unsafe permissions on key files and directories).
B.2.2. Tigerftp://coast.cs.purdue.edu/pub/tools/unix/tigerTiger, by Doug Schales of Texas A&M University (TAMU), is a set of scripts that scan a Unix system looking for security problems, in the same fashion as Dan Farmer's COPS. Tiger was originally developed to provide a check of Unix systems on the A&M campus that users wanted to access from off campus. Before the packet filtering in the firewall could be modified to allow off-campus access to the system, the system had to pass the Tiger checks.
B.2.3. Tripwireftp://coast.cs.purdue.edu/pub/COAST/TripwireTripwire, by Gene H. Kim and Gene Spafford of CERIAS at Purdue University, is a file integrity checker: a utility that compares a designated set of files and directories against information stored in a previously generated database. Added or deleted files are flagged and reported, as are any files that have changed from their previously recorded state in the database. Run Tripwire against system files on a regular basis. If you do, the program will spot any file changes when it next runs, giving system administrators information to enact damage control measures immediately.
B.2.4. SATANhttp://www.fish.com/~zen/satan/satan.htmlSATAN, by Wietse Venema and Dan Farmer, is the Security Administrator Tool for Analyzing Networks. (If you don't like the name, it comes with a script named repent that changes all references from SATAN to SANTA: Security Administrator Network Tool for Analysis.) It was the first well-publicized scanning tool but is not being actively maintained.
B.2.5. SAINThttp://www.wwdsi.comSAINT is a security scanning tool aimed at system administrators; it is an update to SATAN. According to the authors: SAINT is the tool for System Administrators who are well versed in information security and want to maintain and configure security assessment tools within their own network environments.
|
|