 |  |
11.4. Security Tools
A final group of tools that should not be overlooked is security tools. Security, of course, is an essential part of systems management. While this isn't a book on network security, security is so broad a topic that there is considerable overlap with it and the issues addressed in this book. Strictly speaking, a number of the tools described in this book (such as portscan, nmap, and tcpwrappers) are frequently described as security tools. Basically, any tool that provides information about a network has both security implications and management potential. So don't overlook the tools in your security toolbox when addressing other networking problems. For example, security scanners like satan, cops, and iss can tell you a lot about how your system is configured. One particularly useful group of tools is system integrity checkers. This class of programs tracks the state of your system and allows you to determine what is changing -- such as files, permissions, timestamps. While the security implications should be obvious, management and troubleshooting implications should also be clear. Often described as tools to identify files that intruders have changed, they can be used to identify files that have been changed or corrupted for any reason. For example, they can be used to determine exactly what is changed when you install a new program. The best known of these is tripwire. It is a considerable stretch to call tripwire a networking tool, but it is an administrative tool that can make managing a system, whether networked or not, much easier.11.4.1. tripwire
tripwire was originally written by Eugene Spafford and Gene Kim. It is another product that has evolved into a commercial product. It is now marketed by Tripwire, Inc. The original free version is still available at the company's web site as the Academic Source Release. The current version, in a slightly modified form, is also available for free download for Linux. The current version is much easier to use, but the older version is usable if you are willing to take the time to learn it. tripwire creates a database of information about files on the system including cryptographic checksums. A configuration file is used to determine what information is collected and for which files it is collected. If security is a concern, the collected information should be stored offline to prevent tampering. As a security tool, tripwire is used to identify any changes that have been made to a compromised host. It doesn't prevent an attack, but it shows the scope to the attack and changes to the system. As a troubleshooting tool, it can be used to track any changes to a system, regardless of the cause -- hacker, virus, or bit rot. It can also be used to verify the integrity of transferred files or the consistency of configurations for multiple installations. If all you want is a checksum, you might consider just using the siggen program, which comes with tripwire. siggen will generate a number of checksums for a file. Here is an example:You can use an optional argument to limit which checksums you want. For example, the option -13 will calculate just the first and third checksums, the MD5 digest and the 32-bit CRC checksum. I certainly wouldn't recommend that you install tripwire just for troubleshooting. But if you have installed it as a security tool, something I would strongly recommend, then don't forget that you can use it for these other purposes. Incidentally, with some systems, such as OpenBSD, integrity checking is an integral part of the system.bsd2# siggen siggen sig0: nullsig : 0 sig1: md5 : 0EpNJLBbf7JJgh1yUdAPgZ sig2: snefru : 25I3DS:thJ3N:16UchVdNR sig3: crc32 : 0jeUpK sig4: crc16 : 00056o sig5: md4 : 02x6dNiYw7GwjSssW7IeLW sig6: md2 : 30s7ugrC1gLhk129Zo1BXW sig7: sha : EWed2qYLHGcK.i7P7bVDO2mtKvr sig8: haval : 1cqs7t9CwipMcuWPM3eRF1 sig9: nullsig : 0
|  | |
| 11.3. NTP |  | 11.5. Microsoft Windows |
