Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Linux Host Security Scan Tool

Status
Not open for further replies.

jlaw10

Technical User
Jul 28, 2005
54
US
I need to scan and confirm security compliance for a RedHat Linux Server. I want to capture such items as the following:

- open ports
- review suid, sgid
- user password security scan
- privileged user scan
- scan for availability of critical files
- overall compliance scan

Is there a free tool out there that is recommended?
 
Linux itself probably has all of the tools you need built in. Here is a link to a check list that was designed for intruder detection and covers how to check the things you mentioned:
The link came from here which has A LOT of information that may be of interest to you.
 
I am not aware of just one tool that would do all that in one package.

You can run a simple port (open port scan) from another host against your RH box like so:

nmap -P0 IPADDRESS

Where IPADDRESS is the IP address of your RH box.
This will give you a list of open ports on this machine. You need to do that from the same subnet, otherwise if there are routers or firewalls between the test machine and the RH box you may not get very good results (as some ports could be filtered). Also do a "man nmap" to see other switches to scan for specific ports (-p PORT) or even open UDP ports, etc.

On the RH box, have a look at your /etc/passwd, /etc/shadow, etc and see if there are any issues.

As far as testing user passwords, I am not sure if you mean doing a brute force and see what you can crack as far as the passwords go. Usually when you harden the system you specify what the least strongest password should be and assume most are better than that. (eg. no less than 8 characters, alphanumeric, uppercase, etc)

There are some tools that would scan for rootkits and other things like that, but that may not be what you want.

As far as updates check you can use this to get an idea:
yum check-update

This will give you a list of what's available, it wouldn't install anything, just checks against your repo's.

Good luck!

The more you learn, the more you realize how much you don't know.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top