Ubuntu Security Programs List
The Following table and help is a advanced Security Tools list from
www.ubuntugeek.com
Rewritten and maintained by lee Johnstone. it is here to help u keep upmost
up-to-date with your server and security for your Ubuntu machine.
The Ubuntu repositories contain several useful tools for maintaining a secure
network and network administration.
This security tools include network
scanning, attack detection, Virus Detection etc.
Table Of Contents
1) Wire shark
2) Nessus
3) Nmap
4) Etherape
5) Kismet
6) Chkrootkit
7) Rkhunter
9) GnuPG
10) Sea Horse
11) Nemisis
12) Tcpdump
13) OpenSSH
14) DenyHosts
15) Snort
16) Firestarter
17) Clamav
18) Ettercap
19) Netcat
20) MTR
21) Hping3
22) Ngrep
23) John
24) TcpTrace
25) NetDude
26) TcpReplay
27) Dsniff
28) Scapy
29) Ntop
30) NBTScan
31) Tripwire
1) Wireshark - network traffic analyzer
Wireshark is a network traffic analyzer, or “sniffer”, for Unix and Unix-like
operating systems. A sniffer is a tool used to capture packets off the wire.
Wireshark decodes numerous protocols (too many to list).This package provides
wireshark (the GTK+ version)
Install Wireshark in Ubuntu
sudo aptitude install wireshark
2) Nessus - Remote network security auditor
The Nessus® vulnerability scanner, is the world-leader in active scanners,
featuring high speed discovery, configuration auditing, asset profiling,
sensitive data discovery and vulnerability analysis of your security posture.
Nessus scanners can be distributed throughout an entire enterprise, inside DMZs,
and across physically separate networks.
Install nessus in ubuntu
sudo aptitude install nessus
Nmap (”Network Mapper”) is a free and open source (license) utility for
network exploration or security auditing. Many systems and network
administrators also find it useful for tasks such as network inventory, managing
service upgrade schedules, and monitoring host or service uptime. Nmap uses raw
IP packets in novel ways to determine what hosts are available on the network,
what services (application name and version) those hosts are offering, what
operating systems (and OS versions) they are running, what type of packet
filters/firewalls are in use, and dozens of other characteristics. It was
designed to rapidly
scan large networks, but works fine against single hosts. Nmap runs on all
major computer operating systems, and both console and graphical versions are
available.
Install nmap ubuntu
sudo aptitude install nmap
If you want nmap frontend install the following package
sudo aptitude install zenmap
4) Etherape - graphical network monitor modeled after etherman
EtherApe is a graphical network monitor for Unix modeled after etherman.
Featuring link layer, ip and TCP modes, it displays network activity
graphically. Hosts and links change in size with traffic. Color coded protocols
display.It supports Ethernet, FDDI, Token Ring, ISDN, PPP and SLIP devices. It
can filter traffic to be shown, and can read traffic from a file as well as live
from the network.
Install Etherape in ubuntu
sudo aptitude install etherape
5) Kismet - Wireless 802.11b monitoring tool
Kismet is an 802.11 layer2
wireless network detector, sniffer, and intrusion detection system. Kismet
will work with any wireless card which supports raw monitoring (rfmon) mode, and
can sniff 802.11b, 802.11a, and 802.11g traffic.
Kismet identifies networks by passively collecting packets and detecting
standard named networks, detecting (and given time, decloaking) hidden networks,
and infering the presence of nonbeaconing networks via data traffic.
Install Kismet in ubuntu
sudo aptitude install kismet
6) Chkrootkit - Checks for signs of rootkits on the local system
chkrootkit identifies whether the target computer is infected with a rootkit.
Some of the rootkits that chkrootkit identifies are:
1. lrk3, lrk4, lrk5, lrk6 (and some variants);
2. Solaris rootkit;
3. FreeBSD rootkit;
4. t0rn (including latest variant);
5. Ambient’s Rootkit for Linux (ARK);
6. Ramen Worm;
7. rh[67]-shaper;
8. RSHA;
9. Romanian rootkit;
10. RK17;
11. Lion Worm;
12. Adore Worm.
Please note that this is not a definitive test, it does not ensure that the
target has not been cracked. In addition to running chkrootkit, one should
perform more specific tests.
Install chkrootkit in ubuntu
sudo aptitude install chkrootkit
7) Rkhunter - rootkit, backdoor, sniffer and exploit scanner
Rootkit Hunter scans systems for known and unknown rootkits, backdoors,
sniffers and exploits.
It checks for:
- MD5 hash changes;
- files commonly created by rootkits;
- executables with anomalous file permissions;
- suspicious strings in kernel modules;
- hidden files in system directories;
and can optionally scan within files. Using rkhunter alone does not guarantee
that a system is not compromised. Running additional tests, such as chkrootkit,
is recommended.
Install rkhunter in ubuntu
sudo aptitude install rkhunter
tiger - Report system security vulnerabilities
TIGER, or the ‘tiger’ scripts, is a set of Bourne shell scripts, C
programs and data files which are used to perform a security audit of UNIX
systems. TIGER has one primary goal: report ways ‘root’ can be
compromised.Debian’s TIGER incorporates new checks primarily oriented towards
Debian distribution including: md5sums checks of installed files, location of
files not belonging to packages, check of security advisories and analysis of
local listening processes.
Install tiger in ubuntu
sudo aptitude install tiger
GnuPG is GNU’s tool for secure communication and data storage. It can be used
to encrypt data and to create
digital signatures. It includes an advanced key management facility and is
compliant with the proposed OpenPGP Internet standard as described in
RFC2440.GnuPG does not use any patented algorithms so it cannot be compatible
with PGP2 because it uses IDEA (which is patented worldwide).
Install gnupg in Ubuntu
sudo aptitude install gnupg
If you want gnupg GUI tool use this
10) Seahorse - A Gnome front end for GnuPG
Seahorse is a GNOME application for managing encryption keys. It also
integrates with nautilus, gedit and other places for encryption operations.
Install seahorse in ubuntu
sudo aptitude install seahorse
11) Nemesis - TCP/IP Packet Injection Suite
Nemesis is a command-line network packet crafting and injection utility for
UNIX-like and Windows systems. Nemesis, is well suited for testing Network
Intrusion Detection Systems, firewalls, IP stacks and a variety of other tasks.
As a command-line driven utility, Nemesis is perfect for automation and
scripting.
Nemesis can natively craft and inject ARP, DNS, ETHERNET, ICMP, IGMP, IP,
OSPF, RIP, TCP and UDP packets. Using the IP and the Ethernet injection modes,
almost any custom packet can be crafted and injected.
Install nemesis in ubuntu
sudo aptitude install nemesis
12) Tcpdump - A powerful tool for network monitoring and data
acquisition
This program allows you to dump the traffic on a network. tcpdump is able to
examine IPv4, ICMPv4, IPv6, ICMPv6, UDP, TCP, SNMP, AFS BGP, RIP, PIM, DVMRP,
IGMP, SMB, OSPF, NFS and many other packet types.
It can be used to print out the headers of packets on a network interface,
filter packets that match a certain expression. You can use this tool to track
down network problems, to detect “ping attacks” or to monitor network
activities.
Install tcpdump in ubuntu
sudo aptitude install tcpdump
13) OpenSSH - secure shell server
This is the portable version of OpenSSH, a free implementation of the Secure
Shell protocol as specified by the IETF secsh working group.Ssh (Secure Shell)
is a program for logging into a remote machine and for executing commands on a
remote machine. It provides secure encrypted communications between two
untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP
ports can also be forwarded over the secure channel. It is intended as a
replacement for rlogin, rsh and rcp, and can be used to provide applications
with a secure communication channel.This package provides the sshd server.
In some countries it may be illegal to use any encryption at all without a
special permit.
Install Openssh server in ubuntu
sudo aptitude install openssh-server
14) Denyhosts - an utility to help sys admins thwart ssh hackers
DenyHosts is a program that automatically blocks ssh brute-force attacks by
adding entries to /etc/hosts.deny. It will also inform Linux administrators
about offending hosts, attacked users and suspicious logins.Syncronization with
a central server is possible too.
Differently from other software that do same work, denyhosts doesn’t need
support for packet filtering or any other kind of firewall in your kernel
Install Denyhosts server in ubuntu
sudo aptitude install denyhosts
15) Snort - Flexible Network Intrusion Detection System
Snort is a libpcap-based packet sniffer/logger which can be used as a
lightweight network intrusion detection system. It features rules based logging
and can perform content searching/matching in addition to being used to detect a
variety of other attacks and probes, such as buffer overflows, stealth port
scans, CGI attacks, SMB probes, and much more. Snort has a real-time alerting
capability, with alerts being sent to syslog, a separate “alert” file, or even
to a Windows computer via Samba.
This package provides the plain-vanilla snort distribution and does not provide
database (available in snort-pgsql and snort-mysql) support.
Install snort in ubuntu
sudo aptitude install snort
16) Firestarter - gtk program for managing and observing your
firewall
Firestarter is a complete firewall tool for Linux machines. It features an
easy to use firewall wizard to quickly create a firewall. Using the program you
can then open and close ports with a few clicks, or stealth your machine giving
access only to a select few. The real-time hit monitor shows attackers probing
your machine.
Install firestarter in ubuntu
sudo aptitude install firestarter
17) clamav - anti-virus utility for Unix - command-line interface
Clam
AntiVirus is an anti-virus toolkit for Unix. The main purpose of this
software is the integration with mail servers (attachment scanning). The package
provides a flexible and scalable multi-threaded daemon in the clamav-daemon
package, a command-line scanner in the clamav package, and a tool for automatic
updating via the Internet in the clamav-freshclam package. The programs are
based on libclamav3, which can be used by other software.
This package contains the command line interface. Features:
- built-in support for various archive formats, including Zip, RAR, Tar,
Gzip, Bzip2, OLE2, Cabinet, CHM, BinHex, SIS and others;
- built-in support for almost all mail file formats;
- built-in support for ELF executables and Portable Executable files
compressed with UPX, FSG, Petite, NsPack, wwpack32, MEW, Upack and
obfuscated with SUE, Y0da Cryptor and others;
- built-in support for popular document formats including Microsoft
Office and Mac Office files, HTML, RTF and PDF.
For scanning to work, a virus database is needed. There are two options for
getting it:
- clamav-freshclam: updates the database from Internet. This is
recommended with Internet access.
- clamav-data: for users without Internet access. The package is
not updated once installed. The clamav-getfiles package allows
creating custom packages from an Internet-connected computer.
Install Clamav in ubuntu
sudo aptitude install clamav
18) Ettercap - Multipurpose sniffer/interceptor/logger for switched
LAN
Ettercap supports active and passive dissection of many protocols (even
ciphered ones) and includes many feature for network and host analysis.Data
injection in an established connection and filtering (substitute or drop a
packet) on the fly is also possible, keeping the connection synchronized.
Many sniffing modes were implemented to give you a powerful and complete
sniffing suite. It’s possible to sniff in four modes: IP Based, MAC Based, ARP
Based (full-duplex) and PublicARP Based (half-duplex).
It has the ability to check whether you are in a switched LAN or not, and to use
OS fingerprints (active or passive) to let you know the geometry of the LAN.
Install ettercap in ubuntu
sudo aptitude install ettercap
If you want to install ettercap GUI install following package
sudo aptitude install ettercap-gtk
19) Netcat - TCP/IP swiss army knife
A simple Unix utility which reads and writes data across network connections
using TCP or UDP protocol. It is designed to be a reliable “back-end” tool that
can be used directly or easily driven by other programs and scripts. At the same
time it is a feature-rich network debugging and exploration tool, since it can
create almost any kind of connection you would need and has several interesting
built-in capabilities.
Install netcat in ubuntu
sudo aptitude install netcat
As mtr starts, it investigates the network connection between the host mtr
runs on and a user-specified destination host. After it determines the address
of each network hop between the machines, it sends a sequence ICMP ECHO requests
to each one to determine the quality of the link to each machine. As it does
this, it prints running statistics about each machine.
Install mtr in ubuntu
Download .deb package from
here
dpkg -i mtr_0.39-1.deb
21) Hping3 - Active Network Smashing Tool
hping3 is a network tool able to send custom ICMP/UDP/TCP packets and to
display target replies like ping does with ICMP replies. It handles
fragmentation and arbitrary packet body and size, and can be used to transfer
files under supported protocols. Using hping3, you can test firewall rules,
perform (spoofed) port scanning, test network performance using different
protocols, do path MTU discovery, perform traceroute-like actions under
different protocols, fingerprint remote operating systems, audit TCP/IP stacks,
etc. hping3 is scriptable using the TCL language.
Install hping3 in ubuntu
sudo aptitude install hping3
22) ngrep - grep for network traffic
ngrep strives to provide most of GNU grep’s common features, applying them to
the network layer. ngrep is a pcap-aware tool that will allow you to specify
extended regular expressions to match against data payloads of packets. It
currently recognizes TCP, UDP and ICMP across Ethernet, PPP, SLIP and null
interfaces, and understands bpf filter logic in the same fashion as more common
packet sniffing tools, such as tcpdump and snoop.
Install ngrep in ubuntu
sudo aptitude install ngrep
23) john - active password cracking tool
john, mostly known as John the Ripper, is a tool designed to help systems
administrators to find weak (easy to guess or crack through brute force)
passwords, and even automatically mail users warning them about it, if it is
desired.
It can also be used with different cyphertext formats, including Unix’s DES and
MD5, Kerberos AFS passwords, Windows’ LM hashes, BSDI’s extended DES, and
OpenBSD’s Blowfish.
Install john in ubuntu
sudo aptitude install john
24) tcptrace - Tool for analyzing tcpdump output
Tcptrace is a tool for analyzing and reporting on tcpdump (or other libpcap)
dump files. It can summarize the data or generate graph data for use with the
gnuplot tool from the gnuplot package. Graph data can be created for throughput,
RTT, time sequences, segment size, and cwin.
Install tcptrace in ubuntu
sudo aptitude install tcptrace
25) netdude - NETwork DUmp data Displayer and Editor for tcpdump
trace files
It is a GUI-based tool that allows you to make detailed changes to packets in
tcpdump trace files, in particular, it can currently do the following:
* Set the value of any field in IP, TCP and UDP packet headers.
* Copy, move and delete packets in the trace file.
* Fragment and reassemble IP packets.
* Netdude constantly communicates with a tcpdump process to update
the familiar tcpdump output that corresponds to the trace. This
also means that any changes made to your local version of tcpdump
are reflected in Netdude.
* Plugin architecture: people can easily add plugins for specific
tasks. The code comes with a plugin for checksum correction in IP,
TCP and UDP, and a dummy plugin.
* Through the plugin mechanism, Netdude provides a good facility for
writing tcpdump trace file filters.
Install netdude in ubuntu
sudo aptitude install netdude
26) tcpreplay - Tool to replay saved tcpdump files at arbitrary
speeds
Tcpreplay is aimed at testing the performance of a NIDS by replaying real
background network traffic in which to hide attacks. Tcpreplay allows you to
control the speed at which the traffic is replayed, and can replay arbitrary
tcpdump traces. Unlike programmatically-generated artificial traffic which
doesn’t exercise the application/protocol inspection that a NIDS performs, and
doesn’t reproduce the real-world anomalies that appear on production networks
(asymmetric routes, traffic bursts/lulls, fragmentation, retransmissions, etc.),
tcpreplay allows for exact replication of real traffic seen on real networks.
Install tcpreplay in ubuntu
sudo aptitude install tcpreplay
27) Dsniff - Various tools to sniff network traffic for cleartext
insecurities
This package contains several tools to listen to and create network traffic:
* arpspoof - Send out unrequested (and possibly forged) arp replies.
* dnsspoof - forge replies to arbitrary DNS address / pointer queries
on the Local Area Network.
* dsniff - password sniffer for several protocols.
* filesnarf - saves selected files sniffed from NFS traffic.
* macof - flood the local network with random MAC addresses.
* mailsnarf - sniffs mail on the LAN and stores it in mbox format.
* msgsnarf - record selected messages from different Instant Messengers.
* sshmitm - SSH monkey-in-the-middle. proxies and sniffs SSH traffic.
* sshow - SSH traffic analyser.
* tcpkill - kills specified in-progress TCP connections.
* tcpnice - slow down specified TCP connections via “active”
traffic shaping.
* urlsnarf - output selected URLs sniffed from HTTP traffic in CLF.
* webmitm - HTTP / HTTPS monkey-in-the-middle. transparently proxies.
* webspy - sends URLs sniffed from a client to your local browser
(requires libx11-6 installed).
Install dsniff ubuntu
sudo aptitude install dsniff
28) scapy - Packet generator/sniffer and network scanner/discovery
Scapy is a powerful interactive packet manipulation tool, packet generator,
network scanner, network discovery, packet sniffer, etc. It can for the moment
replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f,
….
In scapy you define a set of packets, then it sends them, receives answers,
matches requests with answers and returns a list of packet couples (request,
answer) and a list of unmatched packets. This has the big advantage over tools
like nmap or hping that an answer is not reduced to (open/closed/filtered), but
is the whole packet.
Install scapy in ubuntu
sudo aptitude install scapy
29) Ntop - display network usage in top-like format
ntop is a Network Top program. It displays a summary of network usage by
machines on your network in a format reminiscent of the unix top utility.It can
also be run in web mode, which allows the display to be browsed with a web
browser.
Install ntop in ubuntu
sudo aptitude install ntop
30) NBTscan - A program for scanning networks for NetBIOS name
information
NBTscan is a program for scanning IP networks for NetBIOS name information.
It sends NetBIOS status query to each address in supplied range and lists
received information in human readable form. For each responded host it lists IP
address, NetBIOS computer name, logged-in user name and MAC address (such as
Ethernet).
Install nbtscan in ubuntu
sudo aptitude install nbtscan
31) tripwire - file and directory integrity checker
Tripwire is a tool that aids system administrators and users in monitoring a
designated set of files for any changes. Used with system files on a regular
(e.g., daily) basis, Tripwire can notify system administrators of corrupted or
tampered files, so damage control measures can be taken in a timely manner.
Install tripwire ubuntu
sudo aptitude install tripwire
