“The price of protection is always less than the cost of lax
security. Especially now.” (Recommended reading. — lt
ed.)
“… open-source software (née freeware) has carved a
niche for itself. UNIX systems out of the box may not be secure on
their own. The use of open-source host-security software can make
them more secure. Today, many choices are available to assist in
strengthening the host security of UNIX servers. This article
identifies and summarizes some popular and useful UNIX
host-security-related open-source software, but will not list or
discuss intrusion detection or other network security-related
tools. The tools and utilities discussed here are complex.”
“The Tripwire tool is used to detect unauthorized changes at a
file/directory level. It can manage and track changes to key system
files by maintaining an information database for the specified
files…”
“The Sudo (superuser do) utility lets the administrator delegate
root authority to users without sharing the root password. Sudo
gives authorized users access to a subset of commands, files, and
hosts on the network.”
“Secure shell is the preferred tool for remote access to system
resources by many system administrators today. ssh uses public-key
cryptography to establish a secure channel of communication over
public networks such as the Internet.”
“Tiger scripts are part of the Texas A&M University Security
Package (TAMU). The scripts analyze the system and report elements
that could pose a security threat to it.”
“The TCP Wrapper utility monitors and filters incoming requests
for network services that are usually offered under the inetd
configuration file such as telnet and ftp. The wrapper simply
intercepts all incoming requestsThe TCP Wrapper utility monitors
and filters incoming requests for network services that are usually
offered under the inetd configuration file such as telnet and ftp.
The wrapper simply intercepts all incoming requests…”
“Swatch [–] The purpose of this program is to scan the system
log files to report security-related events or other events of
interest.”
“npasswd is a complete replacement for the UNIX passwd(1M)
command.”
“Many security issues have been identified in Sendmail over the
years. The current release of Sendmail, v. 8.9.x, fixes most of the
previously discovered vulnerabilities. In addition, Sendmail has
many configuration options that provide protection against
spamming.”
“BIND version 8 has many new features, including an updated
file-configuration file syntax and tighter access control based on
port number and IP address. The current version of BIND fixes many
security problems found in the previous releases.”
“The utilities listed above are not intended to be a substitute
for commercial products. The criteria used to select a security
utility must be based on many issues such as ease of use, support
level, local knowledge base, and ease of implementation. The choice
of the security utilities must be based with the overall security
architecture of the enterprise in mind.”