Slashdot Mirror

← Back to Stories (view on slashdot.org)

Missing Open Source Security Tools?

Posted by simoniker on from the swiss-army-knife dept.

Kinetic writes "There are many great open source security tools out there, Nmap, Nessus, and DSniff, just to name a few. However, with the world of security constantly changing, this begs the question, what open source security tools are missing? What commercial security tools have no viable open source alternatives? When securing/testing/exploring networks (home or enterprise), what security tools/applications/functionality are lacking (or non-existent) in the open source world?"

12 of 362 comments (clear)

  1. Sniffer Pro by Nonesuch · · Score: 5, Informative
    Sniffer Pro has features which neither "ntop" nor "ethereal" come anywhere near, both in the realtime monitoring of traffic and also in some of the "expert" functionality.

    I've yet to find an open source tool that can show a "matrix" graph of source and destination talkers by MAC/IP/IPX name in realtime as found in Sniffer. Other tools show some of this information, but do not render the same graphical display (chords of a circle) as Sniffer.

    With ethereal there's to do this with snapshots using graphviz, but not realtime...

    --

    I do not deploy Linux. Ever.
    1. Re:Sniffer Pro by pkey · · Score: 5, Informative

      If I'm understanding what you're looking for (I've never seen Sniffer Pro in action), I think EtherApe might do it. It hasn't been updated since January of 2003, but the current version works fine for me.

  2. There are open security methodologies and tools! by bandrzej · · Score: 5, Informative
    Sheez, post something of importance, and get a bunch of smart ass flack.

    If you are looking for a proven open standard methodology for performing security tests, then Open Source Security Testing Methodology Manual (OSSTMM) is the way to go.

    In addition, there is the linux distro of Trinux, which includes most of the common linux open source security auditing tools.

    --

    LainTheWired = isgod( int Lain, int denial, float truth)

  3. Re:Your favorite tools by Lancer · · Score: 5, Informative
    My favorite tool?

    knoppix-std

    Most every security tool a network admin (or script kiddie) could want in a convenient iso package.

    --
    Outside of a dog, a book is man's best friend. Inside a dog it's too dark to read. - Groucho Marx
  4. Re:Open source virus scanners by Mc+Fly · · Score: 5, Informative

    Duh.
    Dude, you should see clamav, a full opensource antivirus for Linux, FreeBSD and even Windows, which integrates nicely with virtually every mailer out there.

    --
    He is the Path, the Truth and the Life
  5. tcpdump has src and dest filters by rdunnell · · Score: 3, Informative

    You can do stuff like tcpdump -i xl0 src 10.0.0.1 and dst 10.0.0.2 and stuff like that.

  6. Re:Open source virus scanners by gmuslera · · Score: 5, Informative
    What about ClamAV or OpenAntivirus or a lot in the same league?

    There are also a lot of integrity checkings tools, that if well don't count as "antivirus", at least they report changes that could mean something nasty running, and not to forget things like chkrootkit.

  7. Re:Security by bgeer · · Score: 4, Informative

    Um no. Ethereal was running about 1 remote-shell vuln a week for a long time. Snort has had a couple too. I guess you could argue that they're all fixed now, but you certainly can't be sure of that.

  8. Re:tcpdump is great by Nothinman · · Score: 3, Informative
    You could also look at ngrep, but learning tcpdump's filter syntax should probably be your first priority since you use it every day and it's available on just about every system.

    Description: grep for network traffic ngrep strives to provide most of GNU grep's common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular expressions to match against data payloads of packets. It currently recognizes TCP, UDP and ICMP across Ethernet, PPP, SLIP and null interfaces, and understands bpf filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.

  9. Password auditing by siliconjunkie · · Score: 4, Informative

    I am unaware of open source software that meets the functionality of PWSEX or LC5.

  10. Re:user by DaveAtFraud · · Score: 4, Informative

    find already does most of what you're looking for:

    find . -perm u=xrw,g=xrw,o=xrw -print

    finds all mode 777 files under the current directory (the initial ".", substitute a path like /var/www if that's where you want to look). If you run it as root (probably required for what you want to do), you can use -user or -uid to find all of the files owned by a particular user name or UID.

    Play with the -perm or +perm flags if need be to refine the result.

    --
    They that can give up essential liberty to obtain a little temporary safety deserve neither safety nor liberty.
    Ben
  11. Re:Your favorite tools by alecthomas · · Score: 5, Informative

    A more appropriate tool might be linux-vserver, which lets you assign each virtual server its own disk quota, process space and IP addresses.