FIXME: More content needed.
Debian provides also a number of security tools that can make a Debian box
suited for security testing purposes. Some of them are provided when
The tools provided by Debian to perform remote vulnerability assesment are:
By far, the most complete and up-to-date tools is
nessus which is
composed of a client (
nessus) used as a GUI and a server
nessusd) which launches the programmed attacks. Nessus includes
remote vulnerabilities for quite a number of systems including network
appliances, ftp servers, www servers, etc. The latest releases are able even
to parse a web site and try to discover which interactive pages are available
which could be attacked. There are also Java and Win32 clients (not included
in Debian) which can be used to contact the management server.
Whisker is a web-only vulnerability assessment scanner including
anti-IDS tactics (most of which are not anti-IDS anymore). It is one
of the best cgi-scanners available, being able to detect WWW servers and launch
only a given set of attacks against it. The database used for scanning can be
easily modified to provide for new information.
Bass (Bulk Auditing Security Scanner) and
(Security Auditing Tool for Analysing Networks) must be thought of more like
"proof of concept" programs than as tools to be used while performing
audits. Both are quite ancient and are not kept up-to-date. However, SATAN
was the first tool to provide vulnerability assesment in a simple (GUI) way and
Bass is still a very high-perfomance assesment tool.
Debian does provide some tools used for remote scanning of hosts (but not vulnerability assesment). These tools are, in some cases, used by vulnerability assesment scanners as the first type of "attack" run against remote hosts in an attempt to determine remote services available. Currently Debian provides:
xprobe provide only remote
operating system detection (using TCP/IP fingerprinting),
knocker do both operating system detection and port scanning of
the remote hosts. On the other hand,
icmpush can be used for remote ICMP attack techniques.
Designed specifically for Netbios networks,
nbtscan can be used to
scan IP networks and retrieve name information from SMB-enabled servers,
including: usernames, network names, MAC addresses...
Currently, only the
tiger tool used in Debian can be used to
perform internal (also called white box) audit of hosts in order to determine
if the filesystem is properly setup, which processes are listening on the host,
Debian provides two packages that can be used to audit C/C++ source code programs and find programming errors that might lead to potential security flaws:
FIXME: Content needed
Debian provides quite a number of package to setup encrypted virtual private networks:
IPsec (i.e. FreeSWAN) is probably the best choice overall since it promises to interoperate with most anything that runs IPsec, but these other packages can help you get a secure tunnel up in a hurry. PPTP is a Microsoft protocol for VPN. It is supported under Linux, but is known to have serious security issues.
For more information read
HOWTO (covers IPsec and PPTP)
(covers PPP over SSH), and
PPP and SSH
When considering a PKI you are confronted to a wide variety of tools:
You can use some of the software available in Debian GNU/Linux to cover some of
this tools, this includes openSSL (for certificate generation), OpenLDAP (as a
directory to hold the certificates), gnupg and freeswan (with X.509) support.
However, the operating system does not provide (as of the woody release, 3.0)
any of the freely availabe Certificate Authorities available such as pyCA,
OpenCA or the CA samples from
OpenSSL. For more information read the
Open PKI book.
Debian does provide some SSL certificates with the distribution so they can be
installed locally. SSL certificates are distributed in the
ca-certificates. This package provides a central repository of
certificates that have been submitted to Debian and approved (that is,
verified) by the package maintainer.
FIXME: read debian-devel to see if there was something added to this.
There are not that many anti-virus tools in Debian, probably because GNU/Linux users are not that much plagued currently by virii. There have been, however, worms and virii for GNU/Linux even if there has not (yet, hopefully) been any virus that has spread on the wild over any Debian distribution. In any case, administrators might want to build up anti-virus gateways or protect themselves against them.
Debian provides currently the following tools for building anti-virus environments:
sanitizer, a tool that can be used to filter email from procmail and remove virii.
amavis-postfix, a script that provides an interface from the mail transport agent to one or more virus scanners (this package provides the postfix version).
As you can see, Debian does not currently provide any anti-virus software
itself. There are, however, free software anti-virus projects which might (in
the future) be included in Debian
(less chances for this since it is completely Java based). Also, Debian will
never provide commercial anti-virus software like:
RAV.... For more pointers see
anti-virus software mini-FAQ.
For more information on how to setup an a virus detection system read Dave
Building an E-mail
Virus Detection System for Your Network.
Securing Debian Manual2.5 (beta) 29 augusti 2002Sat, 17 Aug 2002 12:23:36 +0200