Security Applications

David A. Bandel

Issue #89, September 2001

One of David's pet peeves is security, or rather the lack of it.

One of my pet peeves is security or, should I say, the lack of it. It's a near-universal phenomena. Out of the box, most Linux distributions are about as wide open and easy to subvert as the standard Windows box. And this shouldn't be (though fortunately, it is changing). Anyone who connects to a public network (the Internet) should be responsible for that system and its use. We hold gun owners accountable for how their guns are used. The same should hold true for computer owners. But distribution makers should also help their customers in this regard, and a poorly secured system is child's play to break into. As evidence, a large number of script kiddies are teenagers. These children commit DDoS (distributed denial of service) attacks using IRC bots. They won't be punished even as minors, but they can put an internet commerce site out of business on a whim. All it would take is a properly configured Linux firewall in most homes to prevent this problem. And with the new Netfilter, it would be easy to put something together. The biggest roadblock seems to be educating users that they need this, lest their system be used for nefarious purposes.

Free Practice Management:

http://www.freepm.org/

I must say, up front, I am not a fan of Zope, and I was unable to get FreePM running via Apache with the provided instructions. Personally, I would have used Perl, PostgreSQL and Apache. But people tend to program using tools they know, I guess. That said, FreePM is more than worth a look for a medical practice. It is extremely well done even if Zope overly complicates its setup. It has support for everything a medical practice needs, including a prescription database, accounting, patient records and more, all well-tied together. Requires: Zope, Python.

Bugtrack:

www.agstools.com/products/bt.html

Extremely easy to install and administer, this utility is very lightweight. If you need a simple bug-tracking solution for Linux or just about any platform, you might want to take a look at this one. It is simple and easily customizable, and I always choose simplicity. Who wants to read documents for days to get something running? For that much effort, I could write the program myself. Requires: a database (MySQL, PostgreSQL, others with ODBC), Perl, DBI module for the database, web server, web browser.

nPULSE:

http://www.horsburgh.com/

Another easy-to-install and use utility, this one allows you to monitor your network through a web browser. nPULSE relies on nmap to scan your network for open ports to tell you if services are still running. This means nPULSE doesn't rely on SNMP, but it also means you'll have to adjust PortSentry or similar programs to account for the “scanning” activity. However, you may want to modify the HTML sources on this slightly. I find the black background with white writing a bit difficult to read (but that may just be my monitor resolution: 1280 × 1024, 16-bit color on a 19" screen). Requires: nmap, Perl, Perl modules Net::SSLeay and Mail::Mailer, OpenSSL (optional), Java (optional).

SendIP:

www.earth.li/projectpurple/progs/sendip.html

This tool is a must-have for all firewall administrators. Until the new iptables includes a check function, you'll need some way to test your firewall. The SendIP utility will allow you to do exactly that. You can send an IP packet (TCP, UDP) or an ICMP packet spoofing the source address to see what happens on your firewall. Works with IPv4 and IPv6, so you can test the iptables IPv6 rules as well. Requires: glibc.

Sentry Firewall CD:

http://www.sentryfirewall.com/

Now this is some CD. You boot from this CD, and with a few preconfigured files on a floppy (on which you've flipped the write-protect switch to read-only) you have a running firewall. Everything is either burned onto the CD or is in memory. If by some quirk, someone actually does manage to break in to this firewall, all you need is a reboot. All files deposited by the attacker are gone when the RAM re-initializes. This particular CD is based on Slackware. So if you have an old system with two NICs that will boot from the CD-ROM, you've got a firewall. Requires: system capable of booting from a CD-ROM, a way to burn a CD-ROM ISO image.

File System Saint:

http://www.insecure.dk/

Don't get me wrong, I like Tripwire. It was the first, but it's certainly not the easiest thing to set up. What I dislike about difficult things is not just that I'm lazy (I am), but difficult often means someone, somewhere will misconfigure or otherwise nullify all the good the program should do. This program is fast and easy. Not necessarily better, but different. Requires: Perl and Perl module Digest::MD5.

datedif:

download only: buschencrew.hypermart.net/software/datedif/datedif-0.9.1-4.tar.gz

This small C program will calculate the number of days between any two dates. Granted, this has somewhat limited use, but the author does present an example. It is most useful in scripts. How many days until Christmas? Requires: glibc.

motion:

http://motion.technolust.cx/

I like this little application. It was designed so that you could connect a (surveillance) camera to your system, run motion, and it would take pictures each time the image changed. You can make a movie, even send an e-mail. Yep, great for security. But I (ab)use it differently. I connect my video camera after taking a home movie, let motion grab frames every second. Then I load all the images into xv and delete what I don't want and rename what I do want. Much faster and easier than doing it manually—a lot of options. This is a keeper. Requires: libjpeg, libmysqlclient, libz, libcrypt, libnsl, libm, glibc.

Until next month.

David A. Bandel (dbandel@pananix.com) is a Linux/UNIX consultant currently living in the Republic of Panama. He is coauthor of Que Special Edition: Using Caldera OpenLinux.