FIXME: More content needed.
Debian provides also a number of security tools that can make a Debian box suited for security testing purposes.
The tools provided by Debian to perform remote vulnerability assesment are:
By far, the most complete and up-to-date tools is nessus
which is
composed of a client (nessus
) used as a GUI and a server
(nessusd
) which launches the programmed attacks. Nessus includes
remote vulnerabilities for quite a number of systems including network
appliances, ftp servers, www servers, etc. The latest releases are able even
to parse a web site and try to discover which interactive pages are available
which could be attacked. There are also Java and Win32 clients (not included
in Debian) which can be used to contact the management server.
Whisker
is a web-only vulnerability assessment scanner including
anti-IDS tactics (most of which are not anti-IDS anymore). It is one
of the best cgi-scanners available, being able to detect WWW servers and launch
only a given set of attacks against it. The database used for scanning can be
easily modified to provide for new information.
Bass
(Bulk Auditing Security Scanner) and Satan
(Security Auditing Tool for Analysing Networks) must be thought of more like
"proof of concept" programs than as tools to be used while performing
audits. Both are quite ancient and are not kept up-to-date. However, SATAN
was the first tool to provide vulnerability assesment in a simple (GUI) way and
Bass is still a very high-perfomance assesment tool.
Debian does provide some tools used for remote scanning of hosts (but not vulnerability assesment). These tools are, in some cases, used by vulnerability assesment scanners as the first type of "attack" run against remote hosts in an attempt to determine remote services available. Currently Debian provides:
Whileas queso
and xprobe
provide only remote
operating system detection (using TCP/IP fingerprinting), nmap
and
knocker
do both operating system detection and port scanning of
the remote hosts. On the other hand, hping2
and
icmpush
can be used for remote ICMP attack techniques.
Designed specifically for Netbios networks, nbtscan
can be used to
scan IP networks and retrieve name information from SMB-enabled servers,
including: usernames, network names, MAC addresses...
Currently, only the tiger
tool used in Debian can be used to
perform internal (also called white box) audit of hosts in order to determine
if the filesystem is properly setup, which processes are listening on the host,
etc.
Debian provides two packages that can be used to audit C/C++ source code programs and find programming errors that might lead to potential security flaws:
FIXME: Content needed
Debian provides quite a number of package to setup encrypted virtual private networks:
vtun
tunnelv
cipe
vpnd
tinc
secvpn
pptp
freeswan
IPsec (i.e. FreeSWAN) is probably the best choice overall since it promises to interoperate with most anything that runs IPsec, but these other packages can help you get a secure tunnel up in a hurry. PPTP is a Microsoft protocol for VPN. It is supported under Linux, but is known to have serious security issues.
For more information read VPN-Masquerade
HOWTO
(covers IPsec and PPTP) VPN HOWTO
(covers PPP over SSH), and Cipe
mini-HOWTO
, PPP and SSH
mini-HOWTO
.
When considering a PKI you are confronted to a wide variety of tools:
You can use some of the software available in Debian GNU/Linux to cover some of
this tools, this includes openSSL (for certificate generation), OpenLDAP (as a
directory to hold the certificates), gnupg and freeswan (with X.509) support.
However, the operating system does not provide (as of the woody release, 3.0)
any of the freely availabe Certificate Authorities available such as pyCA,
OpenCA
or the CA samples from
OpenSSL. For more information read the Open PKI book
.
There are not that many antivirus tools in Debian, probably because GNU/Linux users are not that much plagued currently by virii. There have been, however, worms and virii for GNU/Linux even if there has not (yet, hopefully) been any virus that has spread on the wild over any Debian distribution. In any case, administrators might want to build up antivirus gateways or protect themselves against them.
Debian provides currently the following tools for building antivirus environments:
sanitizer
, a
tool that can be used to filter email from procmail and remove virii.
amavis-postfix
, a
script that provides an interface from the mail transport agent to one or more
virus scanners (this package provides the postfix version).
As you can see, Debian does not currently provide any antivirus software
itself. There are, however, free software antivirus projects which might (in
th future) be included in Debian openantivirus
and jvirus
(slow chances for this since it is completely Java based). Also, Debian will
never provide commercial antivirus software like: Panda
Antivirus
, NAI
Netshield (uvscan)
, Sophos
Sweep
, TrendMicro
Interscan
, RAV
.... For more pointers see
the Linux
antivirus software mini-FAQ
.
Securing Debian Manual
v2.2 27 april 2002Tue, 23 Apr 2002 20:56:15 +0200jfs@computer.org