beetraham
Regular
Joined: Dec 13, 2003
Posts: 94
Location: Finland (EU)
|
 Posted:
Sat Oct 23, 2004 8:49 am |
|
In case that you are running with a LINUX server as a root, you might want to apply a *Set of Tools/Techniques* to achieve more a controlled server environment on server security issues and processes & resource allocation - as well as on automized *server's services restarts* - just to mention a few wonderful benefits as an outcome of underneath referred Tools.
Go ahead and have a glance at these free resources being dedicated for LINUX server root's - most propably you won't be disappointed:
Main Tool Vendor's Main Page : http://www.rfxnetworks.com/proj.php
Available GPL/GNU Tools:
* SIM (System Integrity Monitor) : http://www.rfxnetworks.com/sim.php
* APF (Advanced Policy Firewall) : http://www.rfxnetworks.com/apf.php
* LSM (Linux Socket Monitor) : http://www.rfxnetworks.com/lsm.php
* BFD (Brute Force Detection) : http://www.rfxnetworks.com/bfd.php
* LES (Linux Environment Security) : http://www.rfxnetworks.com/les.php
* PRM (Process Resource Monitor) : http://www.rfxnetworks.com/prm.php
* SPRI (System Priority) : http://www.rfxnetworks.com/spri.php
::: SHORT INTRODUCTIONS (source : http://www.rfxnetworks.com) :::
SIM (System Integrity Monitor) : http://www.rfxnetworks.com/sim.php
| Quote: |
SIM is a system and services monitor for ‘SysVinit’ systems. It is designed to be intuitive and modular in nature, and to provide a clean and informative status system.
It does this by consistently verifying that services are online, load averages are in check, and log files are at reasonable sizes. Many other SIM modules sport different and in-depth features to bring a well rounded tool to your disposal to stop otherwise common issues daunting internet hosts.
Features:
- Service monitoring of HTTP, FTP, DNS, SSH, MYSQL & more
- Event tracking and alert system
- Auto restart ability for downed services
- Checks against network sockets & process list to ensure services are online
- Advanced HTTP service monitoring, to prevent commonly encountered issues
- System load monitor with customizable warnings & actions
- Ability to auto restart system with definable critical load level
- Priority change configurable for services, at warning or critical load level
- Informative command line status display
- Easily customizable configuration file
- Auto configuration script
- Auto cronjob setup feature
- Simple & Informative installation script
- Integrated auto-update feature
- And more...
Download the current release of SIM, distributed under the GNU GENERAL PUBLIC LICENSE:
- http://www.r-fx.org/downloads/sim-current.tar.gz
|
APF (Advanced Policy Firewall) : http://www.rfxnetworks.com/apf.php
| Quote: |
APF is a policy based iptables firewall system designed for ease of use and configuration. It employs a subset of features to satisfy the veteran Linux user and the novice alike. Packaged in tar.gz format and RPM formats, make APF ideal for deployment in many server environments based on Linux.
.: Summary of features:
- simple & well commented configuration files
- layered firewall with independent ingress and egress filtering system
- uid based egress filtering via simple configuration variables
- global tcp/udp ports & icmp types configurtion
- configurable policies for each ip on the system with convenience vars
- prerouting rules for optimal network responce; TOS (type of service)
- icmp based rate limiting to prevent common icmp 'dos' abuses
- antidos subsystem to stop attacks before they become a significant threat
- dshield.org block list support to ban networks exhibiting suspicious activity
- advanced set of sysctl parameters for tcp/ip stack hardening
- advanced set of filter rules to remove undesired traffic
- advanced use of kernel features such as abort_on_overflow & tcp syncookies
- easy to use firewall managment script
- trust based rule files (allow/deny); with advanced syntax support
- 3rd party addon projects that compliment APF features
- and much more...
Download the current release of APF, distributed under the GNU GENERAL PUBLIC LICENSE:
- http://www.r-fx.org/downloads/apf-current.tar.gz
|
LSM (Linux Socket Monitor) : http://www.rfxnetworks.com/lsm.php
| Quote: |
LSM is a network socket monitor. It is designed to track changes to Network sockets and Unix domain sockets.
A comprehensive alert system, simple program usage & installation make LSM ideal for deployment in any linux environment (geared for web servers). Using a rather simple yet logical structure, LSM identifies changes in both Network Sockets and Unix Domain Sockets. By recording a base set of what sockets should be active then comparing the currently active socket information to that of the base comparison files, we highlight otherwise unknown services.
LSM will ignore services that are currently holding sockets open. Events are only applicable when a 'new' socket is created, be it UDS Stream Socket or TCP Network Socket, LSM will identify it. Currently LSM does not track DGRAM Unix Domain Sockets, but will in the future.
Download the current release of LSM distributed under the GNU GENERAL PUBLIC LICENSE:
- http://www.r-fx.net/downloads/lsm-current.tar.gz
|
BFD (Brute Force Detection) : http://www.rfxnetworks.com/bfd.php
| Quote: |
BFD is a modular shell script for parsing applicable logs and checking for authentication failures. There is not much complexity or detail to BFD yet and likewise it is very straight-forward in its installation, configuration and usage. The reason behind BFD is very simple; the fact there is little to no authentication and brute force auditing programs in the linux community that work in conjunction with a firewall or real-time facility to place bans.
Note: BFD default configuration is designed to work in conjunction with APF versions 0.9.3+
Download the current release of BFD, distributed under the GNU GENERAL PUBLIC LICENSE:
- http://www.r-fx.org/downloads/bfd-current.tar.gz
|
LES (Linux Environment Security) : http://www.rfxnetworks.com/les.php
| Quote: |
Linux Environment Security is intended as a facility to quickly & easily secure RedHat/RPM based environments (i.e: turbo linux, open linux). It does such by enforcing root-only permissions on system binaries (binaries that have no place being
executed by normal users), enforcing root-only path traversal on system paths, enforcing immutable bit on essential rpm package contents (i.e: coreutils), and enforcing immutable bit on shell profile scripts.
The combined usage of all les options provides an increased level of local environment security, in the hopes to stem off environment based attacks. Such attacks would consist of back-dooring system binaries; tainting the $PATH variable to point to alien paths where back-doored binaries are located; alterations to user profile scripts to activate key loggers or process based hi-jacking; traversal exploration of the system paths etc...; the possible
attack trends are endless hence the importance of hardening the local environment space.
Download the current release of LES distributed under the GNU GENERAL PUBLIC LICENSE:
- http://www.r-fx.net/downloads/les-current.tar.gz
|
PRM (Process Resource Monitor) : http://www.rfxnetworks.com/prm.php
| Quote: |
PRM monitors the process table on a given system and matches process id's with set resource limits in the config file or per-process based rules. Process id's that match or exceed the set limits are logged and killed; includes e-mail alerts, kernel logging routine and more...
Download the current release of PRM distributed under the GNU GENERAL PUBLIC LICENSE:
- http://www.r-fx.org/downloads/prm-current.tar.gz
|
SPRI (System Priority) : http://www.rfxnetworks.com/spri.php
| Quote: |
SPRI (System Priority) is a utility designed to que different processes with different priority levels based on 3 class levels of importance (high,med,low).
The problem? Linux has priority levels to thread all tasks at, these prio's are ranged from -20 to +19 (negative = high prio, positive = low prio) with 0 as the default for all processes. So this being the fact, with everything operating at prio 0 you got fights between services as to who gets what resources first.
Solution? Very simply, que different processes at different priority levels to effectively discipline the system on who gets what resource access first.
The average load level of a server can be substantialy decreased by using spri, by as much as 5-20%, of course results may vary.
Download the current release of SPRI distributed under the GNU GENERAL PUBLIC LICENSE:
- http://www.r-fx.org/downloads/spri-current.tar.gz
|
Hope you find these GPL/GNU Tools useful to apply too.
BR,
-beetraham |
_________________
- Let there be no windows at your home - |
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
