UNIX Sysadmin Resources – Firewalls & UNIX Security

This content was originally created, collected, and maintained by Stokely Consulting.
As of May 2005, it is being hosted and maintained by Bill Bradford.

Security Advisories | Vendor Security Bulletins, Patches | SSH | Other Security News, Info, Products, Sites

Security Advisories:

Compromise FAQ explains what to do if your machines are compromised by an intruder, what to do if you get hacked. Part of the excellent Computer Threats and Vulnerability info from X-Force/Internet Security Systems, Inc.
incidents.org has extremely valuable information, tools and services covering all forms of computing security issues. Internet Storm Center, Intrusion database, Alerts and News, protection, detection, reaction, and security training. Also known as the SANS Emergency Incident Handler.
SANS Institute is the home of the excellent System Administration, Networking, and Security Conference. They’ll teach you about new security tools and issues. They have a good Network Security Roadmap to help tighten the security at your site. Great Intrusion Detection FAQ containing tools, contacts, software, legal issues, incident handling.
SecurityFocus.com is a site every sysadm should read often. Contains news, vulnerabilities, tools, products, mailing lists, and more for all security-related issues. Good coverage for Microsoft, Sun, Linux, Intrusion Detection Systems, Incidents and virus problems.
CIAC (Computer Incident Advisory Capability) is full of security advisories for computer systems and software. A must-see site with many security-related tools, like traceroute, nfswatch, tcpdump.
CERT Coordination Center contains all CERT advisories, summaries and vendor bulletins, and tips, security improvement modules and more.
DShield.org – Distributed Intrusion Detection System is a free and open service which provides a platform for users of firewalls to share intrusion information. Reports and database summaries of intrusion problems.
myNetWatchman is a security event aggregator, centralized, web-based firewall log analyzer, and fully automated abuse escalation and management system. Free service to individuals. Alerts via email, attacks in a knowledgebase.

Vendor Security Bulletins and Patches:

BSDI support
Cisco Security Advisories (You’ll have to find them on Cisco’s site. The webmistress has trouble finding them.)
Caldera Security Advisories
Debian GNU/Linux security information
FreeBSD CERT advisories
NetBSD Security Resources and patches
OpenBSD Security Advisories and patches
Red Hat Linux support central
SGI Security Headquarters includes Security Advisories, security patches, contacts, and more.
Sun Security Bulletin Archive contains all the Sun security bulletins, cookbooks and distributed by Sun Microsystems. Each bulletin lists the Sun patches needed or actions the system manager should take to deal with the problem. They provide Sun Public Patch Access for those without support contracts.

NT/Win95 Security Information:
(ok, it’s not Unix, but you need this information)
Microsoft Security Page, NTBugtraq mailing list archive, security exploits and bugs in NT, with NT security fixes.

Fanout allows you to run non-interactive commands on remote machines simultaneously, using SSH, collecting the output in an organized fashion.
F-Secure SSH (search for it on their site) includes terminal, SFTP, several encryption methods, key generation and distribution wizards. Runs on major Linux/Unix platforms, Windows, Mac. Commercial product.
lsh is a free implementation of ssh2. lsh is a work in progress.
MindTerm SSH client from AppGate enables secure remote access to an SSH-enabled server using any platform. Pure Java implementation, supports ssh1 and ssh2 protocols. MindTerm can run as a stand-alone application on the client workstation, or as a Java applet in a browser.
OpenSSH is a free version of the SSH suite of network connectivity tools. Includes sshd,, ssh-add, ssh-agent, ssh-keygen. Runs on many Unix versions, plus Windows, Mac, Java, VMS, and others. Cool T-shirts and posters for sale.
OpenSSH End-User HowTO is a very good tutorial. PDF format.
Using ssh-agent with OpenSSH explains how to achieve passwordless logins using ssh-agent. Written by Mark Hershberger.
SSH from SSH Communications Security is a program to log into another computer, execute commands remotely and move files. Provides strong authentication and secure communications over insecure channels. Commercial product, but free download for trial, academic or non-commercial use. Also free if you are using a non-commercial operating system such as Linux or the free BSDs.
SecureCRT, SecureFX from Van Dyke Technologies, Inc. use SSH for secure login and data transfer. Built in ZModem, scripting languages. Runs on Windows. Commercial product.

Other Security News, Information, Products, Sites:

Internet Firewalls FAQ by Marcus Ranum and Matt Curtin. This is an excellent document, and a great starting point for understanding network firewalls.
IP-Filter is a TCP/IP packet filter, suitable for use in a firewall or Network Address Translation (NAT) environment. Runs on (at least) FreeBSD, OpenBSD, NetBSD, Solaris/SunOS, IRIX, Linux.
Mark Henderson’s list of Cryptography, Firewalls, and Computer Security Links: Superb collection of resources.
New Approaches to Making Solaris More Secure by Rich Teer shows how to harden your Solaris machine. Scripts included to help modify the kernel and other important files. From SysAdmin magazine.
SANS Security Policy Project contains templates (PDF, Word formats) for many of the policies you need. The templates cover policies such as Acceptable Use, ASP Standards, Database Credentials Coding, Dial-in Access, DMZ, Router Security, and Wireless Communication. Also includes primers on security policies, HIPAA, and more. The templates and information are free.
SecurityPortal is filled with excellent articles, howtos, press releases and security news for securing your systems. Email newsletter available.
RSA Security Inc.
tcp-wrappers allows you to control and log access to TCP based services. Part of Wietse Venema’s site of great security tools and papers.
All-Internet-Security.com is a directory of Internet security resources.
Bugtraq mailing list archive contains detailed discussions of Unix security holes.
CRYPTOCard DES challenge-response token cards, software, and token administration system for Unix and NT.
E-Security offers security management software, information security management, internet security product, and firewall software.
Free Firewalls Configuration guide explains how to build your own firewall box. Well-written by Phil Brown.
Intellitactics, Inc. offers information security software for comprehensive enterprise security management, including security monitoring, log analysis, event correlation, intrusion detection, anomaly detection, and more.
Internet Security Systems, Inc. makers of scanners for system security (checks for system vulnerabilities), Internet security (checks for vulnerabilities of intranets, firewalls, and web servers), and RealSecure (real-time attack recognition and response system). Many FAQs. Free evaluation software downloads.
Jail Chroot Project is a tool that builds a chrooted environment. Jail works as a wrapper to the user shell, so when the user log in the machine Jail is launched, and the chrooted environment is activated. Then, Jail execs the real user shell. Written by Juan Manuel Casillas and provided under GPL.
Matt’s Unix Security Page includes source for Unix security software (things like COPS, crack, esniff), security papers and information, as well as DOS/Windows-based security software.
MobileBugtraq is a mailing list for the discussion of security exploits and security bugs in Mobile terminals plus related applications.
PGP – Where to get it FAQ tells you where you can get PGP, compatibility issues, legal issues.
PowerBroker, PowerPassword from Symark Software. PowerBroker allows delegation of root privileges with more granular control than sudo, while providing an indelible audit trail. PowerPassword lets system administrators control which users can log in to each Unix machine under which circumstances. Both run on most Unix platforms.
Purdue Coast Project is chock-full of info, tools, and public-domain software for the security-minded sysadm.
Privoxy is a web proxy with advanced filtering capabilities for protecting privacy, filtering web page content, managing cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious Internet junk. Privoxy is based on Internet Junkbuster. Runs on gateways of Windows(95, 98, ME, 2000, XP), Linux (RedHat, SuSE, Debian, Conectiva), Mac OSX, OS/2, AmigaOS, BeOS, FreeBSD, NetBSD, Solaris, and many more flavors of Unix.
RootShell contains security exploits, news, and security documentation.
Snake Oil Warning Signs: Encryption software to Avoid helps you evaluate cryptography products to protect your environment. Very readable. Maintained by Matt Curtin.
SOCKS establishes a secure proxy data channel between 2 computers in a client/server environment. Great site of information and free software for SOCKS and SOCKS5 for Unix and Windows.
Solaris JASS Security Toolkit, informally known as the JumpStart Architecture and Security Scripts (JASS) toolkit, provides a flexible and extensible mechanism to minimize, harden, and secure Solaris Operating Environment systems. The primary goal behind the development of this toolkit is to simplify and automate the process of securing Solaris systems. Free from Sun.
SunScreen 3.1 Lite is available free from Sun. It’s a firewall product designed to protect individual servers or very small workgroups. It is built from the same code as the full SunScreen 3.1 product, providing high-speed, dynamic stateful packet screening, with a few exceptions.
Tripwire is now a commercial product, but the vendor continues development on the free, open source TripWire 1.3.1, too. Intrusion-detection software which runs on Solaris, Redhat, NT. (HPUX and AIX versions are in the works.) Support information on the site, and via email and discussion groups.
Trusted Information Systems, Inc., makers of the Gauntlet Firewall, email security products, security training and consulting.
YASSP – Yet Another Solaris Security Package freely available scripts and tool set for Solaris 2.6 – 8. The default behavior of yassp is to turn off most of the services, which is suitable for an external (exposed) server like a firewall, a web server or a ftp server. A single configuration file enables you to control most of yassp options. The OS security tuning is performed at various levels: turning off (networked) services, changing file owner/mode, enabling logging, tuning the network stack, changing the system parameters and also providing a coherent default environment so that people knows what they can expect and where.

Scan your system/network for problems:
HackerWhacker will scan your computer for vulnerabilities, with your permission. News, information, exploits.
Gibson Research Corporation Shields Up will scan your computer for vulnerabilities.
Nessus is a freely available, open source security scanner and auditor. Nessus takes nothing for granted, is very fast, reliable, and uses a modular architecture.
SecurityMetrics sells online security tools and site certification test tools. Free Port Scan available for unlimited use. Free security bulletins, news, whitepapers and free 30 day evaluation of SecurityMetrics Appliance.
Titan is a free collection of programs, each of which either fixes or tightens one or more potential security problems with a particular aspect in the setup or configuration of a Unix system. Mainly for SunOS, Solaris and Linux, but could be adapted to other Unix versions. Written by Brad Powell.