So, since I have been so tough on "Linux", I thought I would give credit where credit is due. After years of providing enterprise class Linux system support in every imaginable form, here are the top 5x3 most useful Linux tools IMHO. Most will be of the fedora flavor, and most will work under any open source moniker. The catch is I'll be breaking the tools out into 3 different categories and 3 separate posts. The first is network security device/system, the second is linux as a server category, and the third is the Linux on a laptop category.Linux systems as a network security device:
1) By far, the most useful firewall management tool for a kernel 2.4+ linux systems is FireWall Builder. I first came across fwbuilder sometime in 2000, and it has made incredible progress since then. The best thing about fwbuilder is that it just plain works. Installation is easy, it has a very intuitive interface and it can support very complex NAT, prerouting and postrouting functions. It is any easy transition for those of you familiar with CheckPoint. (Not to mention, it makes Cisco PIX, ipf, and ipfw management pretty easy as well.) Its free for GPL'd OS users. Windoze users will have to pay. Don't change the "deny all" rule at the bottom of the default policies!! Allow only specific access to and from networks.
Down side: There are no log management tools or log analysis tools. However, you can prefix log lines.
2) OpenVPN is next on my list. It's an SSL VPN package that makes virtual private networking pretty easy. Setup is relatively difficult for the newcomer, and for the openSSL newbie, it's not for the faint of heart. There is also a nice little windoze package as well. I have had some trouble with tun/tap interfaces in the windoze world. Linux client setup is a snap if you are using NetworkManager.
Down side: if you get into a pinch, documentation is lacking, and usage is not very widespread so you'll need to dig around for answers.
3)
Snort, of course, makes this list. To Down side: Too many people expect it to work "out of the box". Snort is a collection of tools and materials, you will still need to design and build the house.
4) The HoneyNet Security Console is one of my favorites. OK, I admit, I slid out of scope a little here, this one requires evil windoze and .NET, but the juice is all opensource. It provides great reports and correlation tools. Setup is straight forward, documentation is good and it will require other packages to work. It makes my list because if you intend to use Linux systems as your primary line of network security devices you will need something like HSC to analyze and respond to your security events.
Down side: Scalability of HSC is poor, usage is not widespread, and it is a reduced functionality version of a commercial tool.
5) The last tool on my list is ntop. OK, another cross platform tool, but if it counts for anything I first started using this tool pre-winpcap integration. Ultimately, if you plan to use a Linux flavored OS as a network security device, you'll want it to speak to you. ntop will do just that. Don't get me wrong, tcpdump is a great tool, but ntop will save you as a security analyst who depends on network security devices.
Down side: You may run into scalability issues. I would advise tighter scopes and close asset proximity placement.
These are just a few security-type tools that I have found very useful over time. It's hard not to list tools like ngrep, tcpdump, or syslog-ng. You'll find them in my tool bag, and they may make future lists, but for now these get the spotlight.
Linux systems as servers:
1) The most flexible and useful server tools are rooted (pun intended) in the command line. Some tools are scripts, some are compiled code. The first to make my list is chkconfig. This is a very useful tool to get servers setup and to get the correct services running at the right run-level. A simple 'chkconfig --list |grep on' will list all of the services that are currently set to run upon system startup, organized by run level. I believe chkconfig got its start in the BSD world and can be found in big unix OS's like IRIX. Fedora flavors can have an associated python gui through the 'system-config-levels' tool which can be used if you chose to admin you server through X.
2) For the next useful tool, see FireWall Builder above. :)
3) If you don't log it, it didn't happen. Check out syslog-ng. Syslog-ng provides a very flexible logging mechanism that goes beyond standard unix style syslog. This tool also supports logging to a database.
4) LVM. It was a wonderful day when file system tools and capabilities like this came to the Linux platform free of charge. The Logical Volume Manager tools are one of the most handy toolsets when you need to save a server from downtime. LVM is about managing and changing file systems on the fly. You can shrink and grow file systems without interrupting service, in most cases. LVM refers to a typical partition as a Physical Volume (PV). A Volume Group (VG) comprises one or more physical volumes. Each volume group must be divided into Logical Volumes (LV). You may also want to look at LVM2.
5) Today, most Linux servers will have the last tool as part of a default installation. Regardless of that fact, this tool is by far the most useful tool in any admin's tool bag. I'm talking about the OpenSSH2 protocol and the associated suite of tools. If you aren't using it, you should be. You could run the world through an OpenSSH tunnel. Now that server processor speeds scream upwards of 3Ghz, overhead is not an issue as it use to be. If you use this tool, Donate to Theo de Raadt. I did. With his leadership and the help of the open source community Linux server administration was forever changed. Now you can securely administer servers, transfer files and bypass security controls anywhere :)...
Linux on a Laptop
1) Coming soon...
0 comments:
Post a Comment