Search from web
Top Linux ToolsÊØ´ÂÍ´ tools ·Õè·Ø¡¤¹¤ÇÃÁÕ ¨´ æ äÇé¹Ð¤ÃѺ ÊӤѵèͪÕÇÔµ¤¹·Óserver |
| LSM (Linux Security Modules) linux | "The Linux Security Modules (LSM) project provides a lightweight, general purpose framework for access control. Contemporary computing environments are increasingly hostile. Adding enhanced access control models to the kernel improves host security and can help a server survive malicious attacks. Security research has provided many types of enhanced access controls effective for different environments. The LSM framework allows access control models to be implemented as loadable kernel modules." |
| LIDS (Linux Intrusion Detection System) linux | "LIDS is an enhancement for the Linux kernel. It implements several security features that are not in the Linux kernel natively. Some of these include: mandatory access controls (MAC), a port scan detector, file protection (even from root), and process protection." |
| Bastille Linux linux | "The Bastille Hardening System attempts to "harden" or "tighten" Unix operating systems. Bastille Linux draws from every available major reputable source on Linux Security." |
| grsecurity linux | "grsecurity is a complete security system for Linux 2.4 that implements a detection/prevention/containment strategy. It prevents most forms of address space modification, confines programs with least privilege via its process-based MAC system, hardens syscalls, provides full-featured auditing, and implements many of the OpenBSD randomness features." |
| Vulnerability Assessment | |
| Nessus linux, windows | "Nessus is the premier remote security scanning tool. It is plug-in-based, has a client-server architecture, has a GTK interface, and performs over 1200 remote security checks." |
| Nikto linux, windows | "Nikto is a web server scanner which performs comprehensive tests against web servers for multiple items, including over 2200 potentially dangerous files/CGIs, versions on over 140 servers, and problems on over 210 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired)." |
| MBSA (Microsoft Baseline Security Analyzer) windows | "MBSA runs on Windows 2000, Windows XP, and Windows Server 2003 systems and will scan for common system misconfigurations in the following products: Windows NT 4.0, Windows 2000, Windows XP, Windows Server 2003, Internet Information Server (IIS) 4.0 and 5.0, SQL Server 7.0 and 2000, Internet Explorer (IE) 5.01 and later, and Office 2000 and 2002. MBSA will also scan for missing security updates for the following products: Windows NT 4.0, Windows 2000, Windows XP, Windows Server 2003, IIS 4.0 and 5.0, SQL Server 7.0 and 2000, IE 5.01 and later, Exchange 5.5 and 2000, and Windows Media Player 6.4 and later." |
| Chkrootkit linux | "Chkrootkit is a tool to locally check for signs of a rootkit." |
| dsniff linux | "dsniff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). Arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). Sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI." |
| Paketto Keiretsu linux | "Paketto Keiretsu is a collection of tools that use new and unusual strategies for manipulating TCP/IP networks. They tap functionality within existing infrastructure and stretch protocols beyond what they were originally intended for. It includes Scanrand, an unusually fast network service and topology discovery system, Minewt, a user space NAT/MAT router, Linkcat, which presents a Ethernet link to stdio, Paratrace, which traces network paths without spawning new connections, and Phentropy, which uses OpenQVIS to render arbitrary amounts of entropy from data sources in three dimensional phase space." |
| nbtscan linux, windows | "This is a command-line tool that scans for open NETBIOS nameservers on a local or remote TCP/IP network, and this is a first step in finding of open shares. It is based on the functionality of the standard Windows tool nbtstat, but it operates on a range of addresses instead of just one. For each responded host it lists IP address, NetBIOS computer name, logged-in user name, resource records, and MAC address." |
| Winfingerprint windows | "Winfingerprint is a Win32 Host/Network Enumeration Scanner. Winfingerprint is capable of performing SMB, TCP, UDP, ICMP, RPC, and SNMP scans. Using SMB, winfingerprint can enumerate OS, users, groups, SIDs, password policies, services, service packs and hotfixes, NetBIOS shares, transports, sessions, disks, security event log, and time of day in either an NT Domain or Active Directory environment." |
| Intrusion Detection Systems (IDS) | |
| Snort linux, windows | "Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. Snort has a real-time alerting capability as well, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages to Windows clients using Samba's smbclient. Snort has three primary uses. It can be used as a straight packet sniffer like tcpdump(1), a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion detection system." |
| SnortCenter, for Snort linux, windows | "SnortCenter is a web-based client-server management system written in PHP and Perl. It will help you to configure Snort and keep the signatures up-to-date." |
| File System Integrity Audit | |
| samhain linux, windows | "samhain is a file system integrity and intrusion detection tool that allows to trace what changes have occured on a file system, when these changes have occured, and who was logged into the system at the respective time. samhain is designed for intuitive configuration and tamper-resistance, and can be configured as a client/server application to monitor many hosts on a network from a single central location. samhain uses a database of file signatures, including a cryptographic checksum, compares the current state of files and directories against this database, identifies changes, and reports on them if a policy violation is detected. samhain can be run as a daemon process, and is designed to leave a recognizeable trace if the daemon is stopped and re-started." |
| AIDE (Advanced Intrusion Detection Environment) linux | "AIDE is a free replacement for Tripwire. It does the same things as the semi-free Tripwire and more. It creates a database from the regular expression rules that it finds from the config file. Once this database is initialized it can be used to verify the integrity of the files. It has several message digest algorithms (md5,sha1,rmd160,tiger,haval,etc.) that are used to check the integrity of the file. More algorithms can be added with relative ease. All of the usual file attributes can also be checked for inconsistencies." |
| Tripwire linux | "Tripwire software is a tool that checks to see what has changed on your system. The program monitors key attributes of files that should not change, including binary signature, size, expected change of size, etc. Tripwire is originally known as an intrusion detection tool, but can be used for many other purposes such as integrity assurance, change management, policy compliance and more." |
| Password Audit | |
| John the Ripper linux, windows | "John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP LM hashes, plus several more with contributed patches." |
| Cain & Abel windows | "Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary & Brute-Force attacks, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols." |
| Network Analysis and Monitoring | |
| nmap linux, windows | "nmap ("Network Mapper") is an open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (ports) they are offering, what operating system (and OS version) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. nmap runs on most types of computers, and both console and graphical versions are available. nmap is free software, available with full source code under the terms of the GNU GPL." |
| Ethereal linux, windows | "Ethereal is a free network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, viewing summary and detail information for each packet. Ethereal has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session." |
| Ettercap linux, windows | "Ettercap is a multipurpose sniffer/interceptor/logger for switched LAN. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis." |
| Nagios linux | "Nagios is a host and service monitor designed to inform you of network problems before your clients, end-users or managers do. The monitoring daemon runs intermittent checks on hosts and services you specify using external "plugins" which return status information to Nagios. When problems are encountered, the daemon can send notifications out to administrative contacts in a variety of different ways (email, instant message, SMS, etc.). Current status information, historical logs, and reports can all be accessed via a web browser." |
| Network Utilities | |
| netcat linux, windows | "netcat has been dubbed the network [connections] swiss army knife. It is a simple Unix utility which reads and writes data across network connections, using TCP or UDP protocol. It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities." |
| ntop linux, windows | "ntop is a network traffic probe that shows the network usage, similar to what the popular top Unix command does. ntop users can use a web browser (e.g. netscape) to navigate through ntop (that acts as a web server) traffic information and get a dump of the network status." |
| ngrep linux, windows | "ngrep strives to provide most of GNU grep's common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently recognizes TCP, UDP and ICMP across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands bpf filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop." |
| fport windows | "fport reports all open TCP/IP and UDP ports and maps them to the owning application. This is the same information you would see using the 'netstat -an' command, but it also maps those ports to running processes with the PID, process name and path. fport can be used to quickly identify unknown open ports and their associated applications." |
| lsof linux | "LiSt Open Files (lsof) is an extremely powerful and versatile UNIX diagnostic tool that lists information about files that are open by the processes running on a UNIX system. It is useful in listing communications open by each process and detecting signs of intrusion." |
| Packet Shaping and Construction | |
| nemesis linux | "nemesis is a command-line UNIX network packet injection suite." |
| hping2 linux | "hping is a command-line oriented TCP/IP packet assembler/analyzer that has been dubbed the TCP/IP packets swiss army knife. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features." |
| fragroute linux, windows | "fragroute intercepts, modifies, and rewrites egress traffic destined for a specified host, implementing most of the attacks described in the Secure Networks "Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection" paper. It features a simple ruleset language to delay, duplicate, drop, fragment, overlap, print, reorder, segment, source-route, or otherwise monkey with all outbound packets destined for a target host, with minimal support for randomized or probabilistic behaviour. This tool was written in good faith to aid in the testing of network intrusion detection systems, firewalls, and basic TCP/IP stack behaviour." |
| Firewalls | |
| Firewall Builder linux | "Firewall Builder is multi-platform firewall configuration and management tool. It consists of a GUI and set of policy compilers for various firewall platforms. Firewall Builder uses object-oriented approach, it helps administrator maintain a database of network objects and allows policy editing using simple drag-and-drop operations. Firewall Builder currently supports iptables, ipfilter, OpenBSD PF and Cisco PIX." |
| Securepoint Freeware linux | "Securepoint is a full-featured suite of firewall tools designed for enterprisewide deployment. Not only can it protect an internal network from outside attacks, it also helps segregate parts of your internal network and define custom protection rules for each. Securepoint lets you create and manage VPN tunnels for remote users and define traffic accounting, filters, reports, and alerts for your entire network. " |
| IPCop linux | "IPCop Firewall is a Linux firewall distribution geared towards home and SOHO (Small Office/Home Office) users. The IPCop interface is very user-friendly and task-based. IPCop offers the critical functionality of an expensive network appliance using stock, or even obsolete, hardware and OpenSource Software. " |
| Devil-Linux linux | "Devil-Linux is a special Linux distribution, which is used for firewalls/routers/gateways. The goal of Devil-Linux is to have a small, customizable and secure (what is secure in the Internet ?) Linux." |
| Coyote Linux linux | "Coyote Linux is a single floppy distribution of Linux that is designed for the sole purpose of sharing an Internet connection. The floppy can be created using either a Microsoft Windows "wizard", or by using a set of Linux shell scripts. In addition to being designed to have very low hardware requirements, the floppy release of Coyote Linux is able to provide the performance and uptime that is expected from any Linux based system." |
| LEAF (Linux Embedded Appliance Firewall) linux | "Linux Embedded Appliance Firewall is an easy to use embedded Linux network appliance for use in small office, home office, and home automation environments. Although it can be used in other ways, it's primarily used as a gateway/router/firewall for Internet leaf sites." |
| Firestarter linux | "Firestarter is a management tool. It consists of a GUI and set of policy compilers for various firewall platforms. Firewall Builder uses object-oriented approach, it helps administrator maintain a database of network objects and allows policy editing using simple drag-and-drop operations. Firewall Builder currently supports iptables, ipfilter, OpenBSD PF and Cisco PIX." |
| General Security | |
| OpenSSH linux, windows | "OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks. Additionally, OpenSSH provides a myriad of secure tunneling capabilities, as well as a variety of authentication methods. The OpenSSH suite includes the ssh program which replaces rlogin and telnet, scp which replaces rcp, and sftp which replaces ftp. Also included is sshd which is the server side of the package, and the other basic utilities like ssh-add, ssh-agent, ssh-keysign, ssh-keyscan, ssh-keygen and sftp-server. OpenSSH supports SSH protocol versions 1.3, 1.5, and 2.0." |
| PuTTY windows | "PuTTY is a free implementation of Telnet and SSH for Win32 platforms, along with an xterm terminal emulator." |
| OpenSSL linux, windows | "The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library." |
| Stunnel linux, windows | "Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code." |
| GnuPG (GNU Privacy Guard) linux, windows | "GnuPG is a complete and free replacement for PGP. GnuPG itself is a commandline tool without any graphical stuff. It is the real crypto engine which can be used directly from a command prompt, from shell scripts or by other programs. GnuPG is a tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard." |
| Eraser windows | "Eraser is an advanced security tool (for Windows), which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns." |
| DBAN (Darik's Boot and Nuke) linux, windows | "Darik's Boot and Nuke (DBAN) is a self-contained boot floppy that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which makes it an appropriate utility for bulk or emergency data destruction." |
| Jacksum linux, windows | "Jacksum is a free checksum utility entirely written in Java. It supports most common checksum algorithms (Adler32, BSD sum, POSIX cksum, CRC-16, CRC-32, MD2, MD4, MD5, RIPEMD-128, RIPEMD-160, SHA-1, Unix System V sum and Whirlpool)." |
| Linux Kernel Patchset/Patches | |
| WOLK (Working Overloaded Linux Kernel) linux | "The WOLKs are stable and development kernels, containing many useful patches from many projects: includes O(1) Scheduler, RMAP VM, GRsecurity, Crypto, XFS, KDB, Preempt, Systrace, Super FreeS/WAN, Trustees, IPVS, i2c/lmsensors, TUX, EVMS, BadMEM, ftpfs, HostAP, all known security fixes, all known filesystem fixes, and many more. Goal: Stability, Scalability, Performance and Security." |
| User-Mode Linux | |
| User-Mode Linux linux | "User-Mode Linux is a safe, secure way of running Linux versions and Linux processes. Run buggy software, experiment with new Linux kernels or distributions, and poke around in the internals of Linux, all without risking your main Linux setup. User-Mode Linux gives you a virtual machine that may have more hardware and software virtual resources than your actual, physical computer. Disk storage for the virtual machine is entirely contained inside a single file on your physical machine. You can assign your virtual machine only the hardware access you want it to have. With properly limited access, nothing you do on the virtual machine can change or damage your real computer, or its software." |
| Web-based System Administration | |
| Webmin linux | "Webmin is a web-based interface for system administration. Using any browser that supports tables and forms (and Java for the File Manager module), you can setup user accounts, Apache, DNS, file sharing and so on. " |
| Honeypots | |
| Honeyd linux | "Honeyd is a small daemon that creates virtual hosts on a network. The hosts can be configured to run arbitrary services, and their personality can be adapted so that they appear to be running certain operating systems. Honeyd improves cyber security by providing mechanisms for threat detection and assessment. It also deters adversaries by hiding real systems in the middle of virtual systems." |
| Proxy | |
| Squid Web Proxy Cache linux, windows | "Squid is a high-performance proxy caching server for web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid supports SSL, extensive access controls, and full request logging. By using the lightweight Internet Cache Protocol, Squid caches can be arranged in a hierarchy or mesh for additional bandwidth savings." |
| httpf linux | "httpf is a content proxy which is able to analyse and mofify the data stream floating between your browser and web servers you want to surf to." |
| Spam, Ads, and Content Filtering | |
| AdZapper, for Squid linux | "AdZapper is a redirector for squid that intercepts advertising (banners, popup windows, flash animations, etc), page counters and some web bugs (as found). This has both aesthetic and bandwidth benefits. It's also easy to install." |
| SpamAssassin linux | "SpamAssassin is a mail filter to identify spam. Using its rule base, it uses a wide range of heuristic tests on mail headers and body text to identify "spam", also known as unsolicited commercial email." |
| MailScanner linux | "MailScanner scans all e-mail for viruses, spam and attacks against security vulnerabilities. It is not tied to any particular virus scanner, but can be used with any combination of 14 different virus scanners, allowing sites to choose the "best of breed" virus scanner. MailScanner is already a highly-respected open source e-mail security system, with more users than AOL and Hotmail combined. It processes 500 million e-mail messages every day, removing 2 million viruses and identifying 75 million spam messages. MailScanner is used at 20,000 sites around the world protecting top government departments, commercial corporations and educational institutions." |
| SpamBayes linux, windows | "SpamBayes will attempt to classify incoming email messages as 'spam', 'ham' (good, non-spam email) or 'unsure'. This means you can have spam or unsure messages automatically filed away in a different mail folder, where it won't interrupt your email reading. First SpamBayes must be trained by each user to identify spam and ham. Essentially, you show SpamBayes a pile of email that you like (ham) and a pile you don't like (spam). SpamBayes will then analyze the piles for clues as to what makes the spam and ham different." |
| POPFile linux, windows | "POPFile is an email classification tool with a Naive Bayes classifier, a POP3 proxy and a web interface. Once properly set up and trained, it will work in the background of your computer, scanning mail as it arrives and filing it however you wish. You can give it a simple job, like separating out junk e-mail, or a complicated one - like filing mail into a dozen folders. Think of it as a personal assistant for your inbox. POPFile uses Bayesian Analysis." |
| Stress and Load Testing | |
| JMeter linux, windows | "JMeter is a 100% pure Java desktop application designed to load test functional behavior and measure performance. It was originally designed for testing Web Applications but has since expanded to other test functions. JMeter may be used to test performance both on static and dynamic resources (files, Servlets, Perl scripts, Java Objects, Data Bases and Queries, FTP Servers and more). It can be used to simulate a heavy load on a server, network or object to test its strength or to analyze overall performance under different load types. You can use it to make a graphical analysis of performance or to test your server/script/object behavior under heavy concurrent load." |
| Forensic Tools | |
| TCT (The Coroner's Toolkit) linux | "Notable TCT components are the grave-robber tool that captures information, the ils and mactime tools that display access patterns of files dead or alive, the unrm and lazarus tools that recover deleted files, and the findkey tool that recovers cryptographic keys from a running process or from files." |
| The Sleuth Kit linux | "The Sleuth Kit (previously known as TASK) is a collection of UNIX-based command line file system forensic tools that allow an investigator to examine NTFS, FAT, FFS, EXT2FS, and EXT3FS file systems of a suspect computer in a non-intrusive fashion. The tools have a layer-based design and can extract data from internal file system structures. Because the tools do not rely on the operating system to process the file systems, deleted and hidden content is shown." |
| The Autopsy Forensic Browser linux | "The Autopsy Forensic Browser is a graphical interface to the command line digital forensic analysis tools in The Sleuth Kit. Together, The Sleuth Kit and Autopsy provide many of the same features as commercial digital forensics tools for the analysis of Windows and UNIX file systems (NTFS, FAT, FFS, EXT2FS, and EXT3FS)." |
| Rescue and Recovery | |
| KNOPPIX linux, windows | "KNOPPIX is a bootable CD with a collection of GNU/Linux software, automatic hardware detection, and support for many graphics cards, sound cards, SCSI and USB devices and other peripherals. KNOPPIX can be used as a rescue system. It is not necessary to install anything on a hard disk. Due to on-the-fly decompression, the CD can have up to 2 GB of executable software installed on it." |
| tomsrtbt linux, windows | "tomsrtbt stands for "Tom's floppy which has a root filesystem and is also bootable." tomsrtbt is "The most GNU/Linux on one floppy disk" for: rescue recovery panic & emergencies, tools to keep in your shirt pockets, and whenever you can't use a hard drive." |
| Backup and Cloning | |
| Bacula linux, windows | "Bacula is a set of computer programs that permit you (or the system administrator) to manage backup, recovery, and verification of computer data across a network of computers of different kinds. In technical terms, it is a network client/server based backup program. Bacula is relatively easy to use and efficient, while offering many advanced storage management features that make it easy to find and recover lost or damaged files." |
| Partition Image linux | "Partition Image is an utility to save partitions (ext2/3fs, reiserfs, fat16, fat32, hpfs, ntfs, and more) into an image file. Only used blocks of the partition are saved, and the image can be compressed in gzip or bzip2 format. Partitions can be saved across the network." |
| SystemImager linux | "SystemImager makes it easy to do automated installs (clones), software distribution, content or data distribution, configuration changes, and operating system updates to your network of Linux machines." |
| BackupPC linux | "BackupPC is a high-performance, enterprise-grade system for backing up Linux and WinXX PCs and laptops to a server's disk. BackupPC is highly configurable and easy to install and maintain. Given the ever decreasing cost of disks and raid systems, it is now practical and cost effective to backup a large number of machines onto a server's local disk or network storage. This is what BackupPC does. For some sites, this might be the complete backup solution." |
| g4u (ghost for unix) linux, windows | "g4u ("ghost for unix") is a NetBSD-based bootfloppy/CD-ROM that allows easy cloning (bit by bit) of PC harddisks to deploy a common setup on a number of PCs using FTP. The floppy/CD offers two functions. First is to upload the compressed image of a local harddisk to a FTP server. Other is to restore that image via FTP, uncompress it and write it back to disk; network configuration is fetched via DHCP. As the harddisk is processed as a image, any filesystem and operating system can be deployed using g4u. Easy cloning of local disks is also supported." |
| Amanda (Advanced Maryland Automatic Network Disk Archiver) linux | "Amanda is a backup system that allows the administrator of a LAN to set up a single master backup server to back up multiple hosts to a single large capacity tape drive. Amanda uses native dump and/or GNU tar facilities and can back up a large number of workstations running multiple versions of Unix. Recent versions can also use SAMBA to back up Microsoft Windows hosts." |
| Traffic Monitoring | |
| MRTG (The Multi Router Traffic Grapher) linux, windows | "MRTG is a tool to monitor the traffic load on network-links. MRTG generates HTML pages containing graphical images which provide a LIVE visual representation of this traffic." |
| Log Analysis | |
| Analog linux, windows | "Analog is the most popular logfile analyser in the world." |
| Report Magic, for Analog linux, windows | "Report Magic uses the Computer Readable Output format created by Analog. Using this and some simple settings you provide, Report Magic formats beautiful reports with tables, descriptions and graphs." |
| ACID (Analysis Console for Intrusion Databases), for Snort linux, windows | "ACID is a PHP-based analysis engine to search and process a database of security events generated by various IDSes, firewalls, and network monitoring tools." |
| AWStats linux, windows | "AWStats is short for Advanced Web Statistics. It's a free powerful and featureful tool that generates advanced web (but also ftp or mail) server statistics, graphically. This log analyzer works as a CGI or from command line and shows you all possible information your log contains, in few graphical web pages. It uses a partial information file to be able to process large log files, often and quickly. It can analyze log files from IIS (W3C log format), Apache log files (NCSA combined/XLF/ELF log format or common/CLF log format), WebStar and most of all web, proxy, wap, streaming servers (and ftp servers or mail logs)." |
| Logging | |
| syslog-ng linux | "syslog-ng is a syslogd replacement, but with new functionality for the new generation. The original syslogd allows messages only to be sorted based on priority/facility pairs; syslog-ng adds the possibility to filter based on message contents using regular expressions. The new configuration scheme is intuitive and powerful. Forwarding logs over TCP and remembering all forwarding hops makes it ideal for firewalled environments." |
| cronolog linux, windows | "cronolog is a simple program that reads log messages from its input and writes them to a set of output files, the names of which are constructed using a template and the current date and time. With cronolog it is possible to create new log files each day in a directory hierarchy structured by date, something not easily done with other loggers." |
| Log Watchdogs | |
| Logsurfer linux | "Logsurfer is designed to monitor any text-based logfiles on your system in realtime. The large amount of loginformation collected (like all messages handled by the syslog-daemon or logfiles from your information services FTP, WWW etc.) makes it nearly impossible to check your logs manually to find any unusual activity. Due to the limited possibilities of swatch (especially the limitation on single lines and the missing possibility to parse substrings of the message as arguments to external programs) the logsurfer program was developed (writen in C, rather than perl)." |
| SEC (simple event correlator) linux | "SEC is a free and platform independent event correlation tool that was designed to fill the gap between commercial event correlation systems and homegrown solutions that usually comprise of a few simple shell scripts. SEC accepts input from regular files, named pipes, and standard input, making it suitable to employ with any application that is able to write its output to a file stream." |
| Swatch linux | "Swatch started out as the "simple watchdog" for activly monitoring log files produced by UNIX's syslog facility. It has since been evolving into a utility that can monitor just about any type of log." |
| Virtual Network Computing (VNC) | |
| TightVNC linux, windows | "TightVNC, an enhanced version of VNC, includes a lot of new features, improvements, optimizations and bugfixes over the original VNC version. TightVNC is still free, cross-platform and compatible with the standard VNC. Many users agree that TightVNC is the most advanced free remote desktop package. And it's being actively developed so you can expect that TightVNC will become even better." |
| RealVNC linux, windows | "RealVNC is the official home of VNC, staffed by the original team who created and developed it whilst at AT&T. The mission of RealVNC is to act as the focal point for open source VNC. RealVNC continues to improve VNC with new features and by evaluating features developed by others in the open source community and incorporating the best of them into the official codebase. RealVNC also offers commercial support and development services around open source VNC." |
| VNC linux, windows | "VNC is, in essence, a remote display system which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. AT&T Laboratory VNC is the original VNC." |
| Virtual Private Network (VPN) | |
| FreeS/WAN linux | "FreeS/WAN is an implementation of IPSEC & IKE for Linux. IPSEC is Internet Protocol SECurity. It uses strong cryptography to provide both authentication and encryption services. Authentication ensures that packets are from the right sender and have not been altered in transit. Encryption prevents unauthorised reading of packet contents." |
| FTP | |
| FileZilla windows | "FileZilla is a powerful FTP-client for Windows 9x, ME, NT4, 2000 and XP. It has been designed for ease of use and with support for as many features as possible, while still being fast and reliable. Client and server versions." |
| Pure-FTPd linux | "Pure-FTPd is a free (GPL), secure, production-quality and standard-conformant FTP server based upon Troll-FTPd. It doesn't provide useless bells and whistles, but focuses on efficiency and ease of use. It provides simple answers to common needs, plus unique useful features for personal users as well as hosting providers." |
| qmail linux | "qmail is a secure, reliable, efficient, simple message transfer agent. It is designed for typical Internet-connected UNIX hosts. As of October 2001, qmail is the second most common SMTP server on the Internet, and has by far the fastest growth of any SMTP server." |
| Procmail linux | "Procmail can be used to create mail-servers, mailing lists, sort your incoming mail into separate folders/files (very convenient when subscribing to one or more mailing lists or for prioritising your mail), preprocess your mail, start any programs upon mail arrival (e.g. to generate different chimes on your workstation for different types of mail) or selectively forward certain incoming mail automatically to someone." |
| fetchmail linux, windows | "Fetchmail is a full-featured, robust, well-documented remote-mail retrieval and forwarding utility intended to be used over on-demand TCP/IP links. It supports every remote-mail protocol now in use on the Internet: POP2, POP3, RPOP, APOP, KPOP, all flavors of IMAP, ETRN, and ODMR. It can even support IPv6 and IPSEC. Fetchmail retrieves mail from remote mail servers and forwards it via SMTP, so it can then be read by normal mail user agents. It allows all your system MTA's filtering, forwarding, and aliasing facilities to work just as they would on normal mail. Fetchmail offers better security than any other Unix remote-mail client. It supports APOP, KPOP, OTP, Compuserve RPA, Microsoft NTLM, and IMAP RFC1731 encrypted authentication methods including CRAM-MD5 to avoid sending passwords en clair. It can be configured to support end-to-end encryption via tunneling with ssh, the Secure Shell." |
| Mutt linux | "Mutt is a small but very powerful text-based MIME mail client. Mutt is highly configurable, and is well suited to the mail power user with advanced features like key bindings, keyboard macros, mail threading, regular expression searches and a powerful pattern matching language for selecting groups of messages." |
| SquirrelMail linux, windows | "SquirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 (with no JavaScript required) for maximum compatibility across browsers. It has very few requirements and is very easy to configure and install. SquirrelMail has all the functionality you would want from an email client, including strong MIME support, address books, and folder manipulation." |
| Newsreaders (Usenet) | |
| slrn linux, windows | "slrn ("s-lang read news'') is a newsreader, i.e. a program that accesses a newsserver to read messages from the Internet News service (also known as "Usenet''). It runs in console mode on various Unix-like systems (including Linux), 32-bit Windows, OS/2, BeOS, Mac OS X and VMS. Beside the usual features of a newsreader, slrn supports scoring rules to highlight, sort or kill articles based on information from their header. It is highly customizable, allows free key-bindings and can easily be extended using the sophisticated s-lang macro language. Offline reading is possible by using either slrnpull (shipped with slrn) or a local newsserver." |
| PHP News Reader linux, windows | "PHP News Reader is a web based News Reader. It supports the standard NNTP protocol (RFC 977) for reading, posting, deleting, forwarding and replying news articles. IMAP or Database support for PHP is NOT necessary." |
| List Manager | |
| Mailman linux | "Mailman is free software for managing electronic mail discussion and e-newsletter lists. Mailman is integrated with the web, making it easy for users to manage their accounts and for list owners to administer their lists. Mailman supports built-in archiving, automatic bounce processing, content filtering, digest delivery, spam filters, and more." |
| Domain Name System (DNS) | |
| djbdns linux | "djbdns. It works for Lycos. It works for citysearch.com. It works for pobox.com. It works for 1.85 million more .com's. It works for several of the Internet's largest domain-hosting companies: directNIC, MyDomain/NamesDirect, Interland, Dotster, Easyspace, Namezero, and Netfirms. It'll work for you too." |
| Simple Network Management Protocol (SNMP) | |
| net-snmp linux | "net-snmp provides tools and libraries relating to the Simple Network Management Protocol including: An extensible agent, An SNMP library, tools to request or set information from SNMP agents, tools to generate and handle SNMP traps, etc. " |
| Network Time Protocol (NTP) | |
| NTP (The Network Time Protocol) project linux | "The NTP project, is the official reference implementation of the NTP protocol. NTP is a protocol designed to synchronize the clocks of computers over a network." |