MYNITOR.COM

Iptables has been considered as the user space utility or application. It has been designed to allow the system administrator to arrange those tables supplied through the Linux kernel Firewall.

It also allows the user to have better control on the chains and the rules that the system use to store.

There are different types of kernel modules and several programs have been used at the present time in order to make the correct use of several protocols like

• iptables applies to IPv4
• ip6tables to IPv6,
• arptables to ARP
• ebtables for Ethernet frame

Iptables is also needed on order to elevate the benefits of operating and needs to be operated by the root users. If the root user will not use it, then it may not function really well.

For most of the Linux systems, Iptables needs to be installed by going through the user menu/sbin and the Iptables. It should be documented with the ma page and it can be opened while using the man Iptables during the installation time. Users for Iptables can also find it at the sbin/ Iptables.

However, it’s the Iptables which is not at all an important binary and can be considered as a service. The packet filtering is something that I have always a hard time to get my head over. Not the; this is simple enough. It is just an incredible level of the detail, difficulty to keep that all in head at one time.

And after that, obviously, there are all different flavors: ipfilters, ipfw, ipchains, as wella s now iptables. That gets more than a bit confusing, as well as I have never taken a time for more than the cursory look on any of this.

Well, time for changing this. I required to learn little more about the iptables as SME Server firewall or mail server that I used selling uses this.

Basics

Basic idea of packet filtering is look at the network packet as well as choose what you can do with that: and accept that as it is & let that go on way, stop that dead, and change it in a few way (that generally involves to send that somewhere other where it was headed originally).

Chains & Tables

The Iptables begins with 3 built in chains and you may also add more of chains, (normally for the convenience). Let is now understand what that comes with initially.

* OUTPUT

* INPUT

* FORWARD

It is very important to first know what packets the chains see.

Now day’s safety is one of the most important parts on the Internet world. Security is such a type of thing that can affect every computer users. Now day’s many people are worry about the security factor of their system.

Computer hackers are the most important problematic issue in the online world today. However, there are many security packages invented to protect the system from hacking and also from other hazards. By using such packages system administrators can protect their system from hacking. In the current days Linux is one of the ideal security packages for beginners.

Due to such strong defense program Linux has managed more attention for the system administrators. By understanding some basic things about Linux you can use the Linux security program on your computer.

By going online you can find basic Linux security described in the user’s manual. From web hosting service provider you can easily get some detail about Linux security. For easy set up of Linux security you need an online connection for your system. Linux security

packages perform under TCP and IP protocol. It is a great advantage for beginners to use Linux security packages and save their computers from getting any type of hazards.

Whereas there are far, fewer worms & viruses for the Linux, and there are a few script kiddie attacks as well as vulnerabilities in the major subsystems from every time.
With this in your mind, here is a few advice for about to connect the Linux system to Internet for first time. While planning the installation, you may take benefit of a few of kernel’s features to make system tougher target. For instance, kernel will mount filesystems read only.

So, by making /usr subdirectory the separate file system, you may mount that read only that makes it more difficult for attacker to upload the root kit or modify files in /usr.

In case, you are concerned about the physical security, then you must password protect BIOS settings so attacker will not boot a system off floppy and CD ROM, and you must as well password protect boot loader (LILO and GRUB) configuration so she will not change kernel command line.

The Modern Linux systems generally make use of MD5 that generates 128bit hash from the arbitrary length input as well as is much, harder to crack.

Iptables is also known as the user space utility which is a kind of program that needs to be operated by the root users, otherwise it may lack in the performance level. You can take Iptables as a service because this has not been considered as an essential binary. With this sort of approach with the Iptables, the location for such program will remain at the /user/sbin. In order to refer the components located at the kennel level Iptables can also be used. It’s the kennel level which has been termed as the x tables and also carries several codes that are the shared portion. These shared codes have been used by the basic four modules that are also representing the API which is in use for the extension purposes. Additionally x tables are also in use to represent the entire firewall structure in a hassle free manner.

This sort of addition is also allowing the system administrator to explain certain kind of tables that comprises of chains and certain rules that can treat the packets. These tables are linked with several packet processing. Packets can be processed by traversing the rules in chains. Rules in the chain can make the right call for go to or jump to other chain like option and this sort of facility can be repeated for your desired nesting. In case, the packet comes from machine (is made by the application running on the machine), it may go to OUTPUT chain.

The packet coming to machine traverses INPUT chain.

The packet now going somewhere makes use of FORWARD.

That is not how IPCHAINS works. The packet going somewhere do not see the INPUT with the iptables. In the same way, forwarded packet do not see OUTPUT chain with the iptables. In a few ways it makes iptables simpler to understand, however in case, you have ipchains stuck in the head, that makes it very confusing. One more major difference is iptables is very stateful; this is, that keeps track of every connection. You may look at the connections just by examining /proc or net ip_connact. Here is a bit from the machine:

You need ip_connact module having iptables understand relationship between control & data sides of ftp connection. In case, it makes not any sense now, you may want to read ftp section in Security or dslsecure.html.

Security is one of the major problems for the internet users today. It is affects every user in their smooth work.

It is a big concern for the user if you are using Linux operating system.

Although Linux is one of the best operating system but there are some concern about the security issue of Linux operating system, especially for beginners.

Therefore, it is necessary for beginners to know the procedure to keep their system secure enough for safe usage. One of the best things you can do to secure your system by stay aware about the security concern.

If you are a beginner then you have to know some security tips to protect your computer from any type of damage.  As a beginner you don’t have to be a security guru to be safe but you have to know some basic thing to safe your system.

You have to understand the principles of the TCP/IP protocol before knowing something about security. Tcp and udp are the two parts of TCP/IP protocol. The main difference between tcp and udp is the tcp is connection oriented but the udp is connectionless.

Both tcp and udp have several advantages and disadvantages and they both are used differently. The traditional UNIX systems encrypted users’ passwords using algorithm named salt+crypt and after that stored then the results in /etc/passwd file.

On the login, system will take login password, encrypt that in same way as well as compare that with entry in /etc/passwd. In case, two agreed, then user was been considered authenticated. Solution to first problem was to switch to stronger encryption algorithm.

There are 2 problems with this and first, there is fact that, whereas salt+crypt is one-way algorithm (and you will not decrypt contents of /etc/passwd) it is not strong, as well as is limited to 8 character passwords.

Worse, file /etc/passwd needs to get readable by users, as that relates the user ID numbers to names, and locates home directories as well as has other information regarding the users.

It makes vulnerable to the so called dictionary attacks, where attacker takes dictionary (many systems have for the spell checking), encrypts each word in that, and after that compares them against encrypted passwords in /etc/passwd.

While match is found, attacker just looks up corresponding word in dictionary & this is password.

Today, safety is the prime concern in the online world. This type of issue can affect each and every person in several ways. These days, many system administrators are thinking to protect their system from unwanted applications and most importantly from hackers.

Now, there are several types of security packages available through which system users are protecting their system successfully. However, Linux is one of the best operating systems and provide the best in terms of security packages among other security applications.

As per the present market scenario, Linux security package has managed to draw more importance from system users due to offer strong defense programs, and good services. If you want to take chance for using the Linux security at your system, then you need to understand basic things of the Linux.

The basic of Linux security has described in the user’s manual which are available at online media. Often, you can get the details about Linux security from web hosting service providers. At the time of installation of Linux in your PC, you don’t have to configure your windows. However, you will need an online connection at your system so that you can easily setup the Linux security in your system. The Linux security is directly connected to the TCP and IP protocol.

When the system is set up, then there are some routine tasks that will further improve the security: Remove mention of the Linux distribution as well as version numbers from the banner files such as /etc/issue as well as /etc/issue.net Add warnings regarding unauthorised use & logging to the system banners Configure the daemons that is named to listen on interfaces you would like them on.

In case, you actually want to nail down system, then consider installing & running the comprehensive system script such as Bastille Linux (http://www.bastille-linux.org/). It makes plenty of the detailed changes on the system.

As Bastille runs, that tells you what is it doing; you may select to skip some steps, however you can certainly learn much about the security all along way. One of worst things that will happen is for the attacker to compromise the system, pilfer files, as well as then make use of system to launch attack on another victim, whereas you sit blissfully not aware of what is going on. In order, to ensure that the alarm bells ring while someone tampers with setup, then you must install the intrusion detection system.

Basic Linux securities for beginners are more important for the system or Internet users to secure their system data from the hackers. Linux security users have a few inbuilt advantages more their equals like the Windows users in case of security.  Linux is much secure and effective than the Windows based systems. However, the Linux systems have the less frequently instead of the Windows systems.  On the other hand, many users have focused to disconnect the network connection, switched off from their system for better security reasons. These processes may some how secure but it is not a long term solution that every user faces to protecting servers from the outside intrusion.

Now day’s there are many computer systems connecting with the Internet directly or through the local area networks. So, it is much difficult or expensive for the user to make any sorts of change in their system setting for the security reasons. However, the user can avoid the security problem from their without disconnect the network connection from their system only by the proper planning and change the system configuration to create a better security environment. In this regard, the users only want to follow the basic Linux security for beginners. It comes in 2 basic flavours: the host integrity verification, as well as network intrusion detection. The host inegrity verification system that makes snapshot of critical files on the system: configuration files in /etc, binary program files in the /bin, /sbin, /lib as well as under /usr, the critical files in /var, many more. In order, to do this, that records fingerprint for every file: file pathname, date or time stamps, size, permissions and ownership, inode number as well as most importantly – MD5 of file’s contents.

That stores all information in digitally signed database, then runs the periodic checks and see in case, anything has changed. Obviously, in case, it has, then you know somebody is of no good. Examples of the host integrity verification include Tripwire that is included in a lot of distributions & AIDE. Both of these have to get set up before hand of system to be exposed to shark infested waters of Internet, but; in case, you have not prepared before hand and you are also concerned your system may have the root kit to be installed, then try to chkrootkit.

Recently one of my servers was hacked and my first reaction was to freak out and panic.  After I calmed myself down, I immediately stopped the front door the attackers had gotten to the server by shutting down the apache server.

After that, I had no idea where to start looking for backdoors that maybe installed on the system.  So i downloaded highly recommended rootkits for exactly these types of situations.  The following rootkits helped me identify the issues on my system and figure out what to do.

1. Rootkit Hunter – scans files and systems for known and unknown rootkits, backdoors, sniffers, and malware. The application consists of the main shell script, a few text-based databases, and optional Perl scripts. It can recognise and run external applications like ‘skdet’ and ‘unhide’. It should run on almost every Unix clone.
2. chkrootkit – a tool to locally check for signs of a rootkit. It contains a chkrootkit: shell script that checks system binaries for rootkit modification. The following tests are made: aliens, asp, bindshell, lkm, rexedcs, sniffer, wted, z2, amd, basename, biff, chfn, chsh, cron, date, du, dirname, echo, egrep, env, find, fingerd, gpm, grep, hdparm, su, ifconfig, inetd, inetdconf, identd, killall, login, ls, mail, mingetty, netstat, named, passwd, pidof, pop2, pop3, ps, pstree, rpcinfo, rlogind, rshd, slogin, sendmail, sshd, syslogd, tar, tcpd, top, telnetd, timed, traceroute, and write.
3. OSSEC HIDS – a host-based intrusion detection system. It performs log analysis, integrity checking, rootkit detection, time-based alerting, and active response.
4. Zeppoo – allows you to detect rootkits on the i386 architecture under Linux by using /dev/kmem and /dev/mem. It can also detect hidden tasks, modules, syscalls, some corrupted symbols, and hidden connections. Anti-Rootkits which don’t use these methods can be fooled easily.
5. Rkdet – a small daemon intended to catch someone installing a rootkit or running a packet sniffer. It takes a snapshot of processes and network connections, then disconnects from the network. It may be built to watch arbitrary files such as Web pages.

Secure Shell (SSH) is an awesome protocol that has been around for years now and has replaced all the insecure ways of communication between different network devices.  It uses a secure, encrypted channel between the devices it communicates with thus making network sniffers useless to grab account credentials or other sensitive content.

Many of us don’t realize that SSH is beyond just connecting between two devices.  For example, it can be setup as a proxy server, use various services in an encrypted tunnel, reverse proxy, secure backup/restore and so much more.  In this article, I’ve listed over 50 different tools that either manages or makes use of SSH to extend it’s usability beyond it’s original purpose.

1. Sshguard -  Sshguard monitors services through their logging activity. It reacts to messages about dangerous activity by blocking the source address with the local firewall. Sshguard employs a clever parser that can transparently recognize several logging formats at once (syslog, syslog-ng, metalog, multilog, raw messages), and detects attacks for many services out of the box, including SSH, several ftpds, and dovecot. It can operate all the major firewalling systems, and features support for IPv6, whitelisting, suspension, and log message authentication.
2. PAC -  PAC provides a GUI to configure SSH and Telnet connections, including usernames, passwords, EXPECT regular expressions, and macros. It is similar in function to SecureCRT or Putty. It is intended for people who connect to many servers through SSH. It can automate logins and command executions.
3. csshX -  csshX is a tool to allow simultaneous control of multiple SSH sessions. csshX will attempt to create an SSH session to each remote host in separate Terminal.app windows. A master window will also be created. All keyboard input in the master will be sent to all the slave windows.
4. tlssh -  tlssh is like SSH, but based on TLS. With tlssh, users log in using client certificates, never usernames or passwords.
5. libssh -  libssh is a C library to access SSH services from a program. It can remotely execute programs, transfer files, and serve as a secure and transparent tunnel for remote programs. Its Secure FTP implementation can play with remote files easily, without third-party programs other than libcrypto (from OpenSSL) or libgcrypt.
6. Digmia Enterprise SSH -  DSSH was written as a direct replacement for the OpenSSH client. It adds SSH over SSH tunneling capabilities (for example, to log in to a network hidden by a firewall), scripting support (using BeanShell), an advanced agent (which allows storing of passwords) and “su -” interactive logging for machines that have disabled direct root login. All of this was done to enable automated scripting and logging to many machines based on a few simple rules.
7. SSH Keys exchange -  SshKeysExchange is a Korn shell script to create, exchange, and remove ssh keys between hosts within seconds rather than minutes. This tool is also included in DynDNSToolKit and oraToolKit project.
8. CocTunnel -   CocTunnel is a simple SSH manager.
9. Config::Model::OpenSsh -   Config::Model::OpenSsh is a graphical configuration editor for OpenSSH configuration files (e.g. /etc/ssh/sshd_config, /etc/ssh/ssh_config, or ~/.ssh/config). Other user interfaces (curses and terminal) are also available. Programmers can choose to use the Perl API to modify or validate OpenSSH configuration. This program is based on Config::Model.
10. MindTerm -  MindTerm is a complete ssh-client in pure Java. It can be used either as a standalone Java application or as a Java applet.
11. bcvi -   Bcvi is a tool that works with SSH to provide a secure “back channel” for sending commands back from the server to your workstation. For example, using bcvi and a shell alias, you can log into a server and type “vi filename”. Instead of running vi in the terminal window, on the remote server, bcvi will send a message back to your workstation, where a listener process will invoke gvim (a GUI version of vim) and pass it an scp://… URL for the remote file. Bcvi has a plugin architicture that allows you to add support for any process you want to launch on your workstation by running a command on the server.
12. sshdfilter -  sshdfilter automatically blocks ssh brute force attacks by reading sshd log output in real time and adding iptables rules based on authentication failures.
13. keychain -  keychain helps you to manage ssh keys in a convenient and secure manner. It acts as a frontend to ssh-agent and gpg-agent, but allows you to easily have one long running ssh-agent process per system, rather than the norm of one ssh-agent per login session.
14. Meerkat -  Meerkat is an easy to use SSH tunnel manager built specifically for the Mac. It includes features such as application triggers, automatic reconnection on system sleep and network change, Growl integration, Bonjour support, command line and AppleScript integration, and much more.
15. OmniSSH -  OmniSSH is a program that is used to execute a command or upload files on many servers in a cluster in a parallel, reliable, and well-documented fashion.
16. lshell – lshell lets you restrict a user’s shell environment to limited sets of commands, choose to enable or disable any command over SSH (e.g. SCP, SFTP, rsync, etc.), log user’s commands, implement timing restrictions, and more.
17. Orion SSH2 – Orion SSH2 is a library that implements the SSH-2 protocol in pure Java. It allows one to connect to SSH servers from within Java programs, for remote shell and command execution, local and remote port forwarding, local stream forwarding, X11 forwarding, and file transfer using SCP and SFTP.
18. chain-ssh – This package provides a tool for ‘chained’ SSH access to remote hosts via a number of proxy hosts. It can be used for ssh, scp, and as a transport for rsync.
19. secpanel – secpanel provides a GUI for managing SSH connection profiles. It supports handling of ssh-agents and the generation and distribution of public keys. It integrates SFTP using different file browsers and can use different X terminals.
20. ccgfs – ccgfs is a transport-agnostic network filesystem using FUSE. Transport is arranged by helper programs, such as SSH. The PUSH transport mode acts like a “reverse” NFS and makes it possible to export a filesystem from a firewalled host without defeating the security model.
21. Ganymed SSH-2 for Java – Ganymed SSH-2 for Java is a library that implements the SSH-2 protocol in pure Java (tested on J2SE 1.4.2, 5, and 6). It allows one to connect to SSH servers from within Java programs.
22. pssh – pssh provides parallel versions of the OpenSSH tools that are useful for controlling large numbers of machines simultaneously. It includes parallel versions of ssh, scp, and rsync, as well as a parallel kill command.
23. remote-ssh-access – remote-ssh-access is an application for creating handy SSH client shortcuts. It allows varying remote SSH keys, SSH protocol versions, remote target hosts, and remote commands for automated processes.
24. Kippo – Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker.
25. sslh – sslh lets one accept both HTTPS and SSH connections on the same port. It makes it possible to connect to an SSH server on port 443 (e.g. from inside a corporate firewall) while still serving HTTPS on that port.
26. ssh-multiadd – ssh-multiadd adds multiple ssh keys to the ssh authentication agent. These may use the same passphrase. When run without arguments, it adds $HOME/.ssh/identity and $HOME/.ssh/id_dsa.
27. SSHatter – SSHatter uses a brute force technique to determine the how to log into an SSH server. It simply tries each combination in a list of usernames and passwords to determine which ones successfully log in.
28. classh – classh is yet another wrapper around ssh for running commands on a number of hosts concurrently.
29. sshutout – sshutout is a daemon that periodically monitors log files, looking for multiple failed login attempts via the Secure Shell daemon.
30. Tunnel Manager – Tunnel Manager is a program that manages regularly used SSH tunnels. It supports both SSHv1 and SSHv2 tunnels and can be configured to manage the keys in your ssh-agent.
31. sshdo – sshdo issues remote commands or puts or gets files to multiple hosts sequentially. Hosts are read from stdin (one per line). sshdo will use SSH key agent, if available, to avoid repetitive password entry.
32. Cluster SSH - Cluster SSH opens terminal windows with connections to specified hosts and an administration console. Any text typed into the administration console is replicated to all other connected and active windows. This tool is intended for, but not limited to, cluster administration where the same configuration or commands must be run on each node within the cluster. Performing these commands all at once via this tool ensures all nodes are kept in sync.
33. FastSSHer – Provides fast connections to Linux/Unix hosts over the SSH protocol. You don’t need to remember the IP address, hostname, login, or password. Just select a server from the list and press “Connect”.
34. Dropbear SSH – Dropbear is an SSH 2 server and client that is designed to be small enough to be used in low-memory embedded environments, while still being functional and secure for general use.
35. SSHMenu – SSHMenu is a GNOME panel applet that makes starting up a new terminal window with an SSH connection to a remote host just a click away.
36. spread – spread provides SSH based Unix mass administration. It distributes commands or files from one central administration server onto classes of hosts.
37. mpssh – mpssh is a program that can execute commands on many machines via SSH and get nicely formatted output.
38. yessh – Yessh is a bash program that uses the SSH client. It provides fast connections to Linux/Unix hosts. Just type the name you have chosen for a host, and yessh will connect you via SSH.
39. ssh-curse – intended to be a simple but enhancing GUI for using SSH on the terminal.
40. SSH Askpass Keyring – SSH Askpass Keyring is an alternative ssh-askpass utility with support for the gnome-keyring.
41. shmux – shmux is a program for executing the same command on many hosts in parallel.
42. yaSSH – The yaSSH software package is a fast, dual-licensed implementation of SSH. It will include an SSH client, a client library, a server, and a server library. It is focused on speed, limited memory requirements, a simple API, portability, and use in an embedded setting.
43. SSH Filesystem – SSH Filesystem uses the SSH File Transfer Protocol (SFTP), which is supported by most SSH servers. It is based on Filesystem in Userspace (FUSE), and hence root privilege is not required for mounting a remote filesystem. No setup is necessary and it is very easy to use.
44. sshpass – Sshpass is a tool for non-interactivly performing password authentication with SSH’s so called “interactive keyboard password authentication”. Most users should use SSH’s more secure public key authentication instead.
45. Autossh – Autossh is a program to monitor and automatically reestablish SSH connections.
46. Proxytunnel – Proxytunnel is a program that connects stdin and stdout to a server somewhere in the Internet through an industry standard HTTPS proxy. It’s mostly used as a backend for OpenSSH’s ProxyCommand, and as a proxy backend for Putty. It can also be used for other proxy-traversing purposes.
47. SSH Factory - SSH Factory is a set of Java based client components for communicating with SSH and telnet servers.
48. sshfp – sshfp generates DNS SSHFP records from SSH public keys. sshfp can take public keys from a knownhosts file or from scanning the host’s sshd daemon.
49. SSH Enchanter – Enchanter is a small library that helps you script SSH sessions in a manner similar to Expect.
50. MySecureShell – MySecureShell is a secure FTP server that uses SSH. It is easy to install and manage.

Keeping your servers secure is a fundamental task to survive long-term.   The following is a list of 10 great monitoring tools for Unix systems that don’t get as much publicity but are not short of what they can do.

The EDDIE Tool

The EDDIE Tool is a system and network monitoring, security, and performance analysis agent developed entirely in threaded Python. Its key features are portability, extendibility, and powerful configuration.

• Download EDDIE Tool

ZoneMinder

ZoneMinder is an integrated set of applications which provide a complete surveillance solution allowing capture, analysis, recording and monitoring of any CCTV or security cameras attached to a Linux based machine. It is designed to run on distributions which support the Video For Linux (V4L) interface and has been tested with video cameras attached to BTTV cards, various USB cameras and IP network cameras.

• Download ZoneMinder

OS-SIM

OSSIM stands for Open Source Security Information Management. Its goal is to provide a comprehensive compilation of tools which, when working together, grant network/security administrators with a detailed view over each and every aspect of his or her networks, hosts, physical access devices, server, etc.

OSSIM features the following software components:

• Arpwatch – used for MAC anomaly detection.
• P0f – used for passive OS detection and OS change analysis.
• Pads – used for service anomaly detection.
• Nessus – used for vulnerability assessment and for cross correlation (IDS vs Security Scanner).
• Snort – the IDS, also used for cross correlation with nessus.
• Spade – the statistical packet anomaly detection engine. Used to gain knowledge about attacks without signatures.
• Tcptrack – used for session data information which can prove useful for attack correlation.
• Ntop – which builds an impressive network information database from which we can identify aberrant behavior/anomaly detection.
• Nagios – fed from the host asset database, it monitors host and service availability information.
• Osiris – a great HIDS.
• OCS-NG – cross-platform inventory solution.
• OSSEC – integrity, rootkit, registry detection, and more.
• Download OS-SIM

Aware

The Aware project is an effort to create a software framework for measuring, monitoring, and controlling computer system resources. It is intended to enable system administrators to tune system variables, set monitoring/security alarms, and build adaptive distributed systems. Aware modules may be linked into applications making them ‘aware’ and able to participate in the larger managed system.

Deep Network Analyzer

The output adaptor component of the DNA architecture, encompassing a powerful data dictionary and plugable resource adaptors, is responsible for transforming processsed data objects to a portable format and trasmiting them to external resource managers.

• Download Deep Network Analyzer

RootkitHunter

Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, sniffers, and malware. The application consists of the main shell script, a few text-based databases, and optional Perl scripts. It can recognise and run external applications like ‘skdet’ and ‘unhide’. It should run on almost every Unix clone.

• Download RootkitHunter

ModSecurity

ModSecurity is an intrusion detection and prevention engine for Web applications (sometimes called a Web application firewall). Operating embedded or as part of an Apache reverse proxy, it increases Web application security, protecting Web applications from known and unknown attacks. It is flexible and easy to configure. It monitors HTTP traffic (including POST payloads), detects or prevents attacks, enhances logging, performs anti-evasion, and allows administrators to create custom rules to suit their specific needs. It excels in HTTP traffic monitoring and just-in-time vulnerability patching.

• Download ModSecurity

PIKT

PIKT® is cross-categorical, multi-purpose software for monitoring and configuring computer systems, administering networks, organizing system security, and much more.  PIKT is intended primarily for system monitoring, and secondarily for configuration management, but its versatility and extensibility evoke many other wide-ranging uses.

• Download PIKT

Apache httpd tools

Apache httpd tools is a collection of administrative and security tools originally developed for the book Apache Security (O’Reilly). Included are tools for Apache httpd monitoring, statistics, log analysis, DoS detection, and defense.

• Download Apache httpd tools

TorApplet

TorApplet is a simple GNOME applet for managing and monitoring the basic activities of the Tor daemon. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet.

• Download TorApplet