Here is a Top 10 Linux security tools for Linux administrator. Thus application allow administrator to scan their Linux server for any vulnerability and detects possible intrusions from the Linux server.
Please always keep in mind that these tools are not meant to harm your Linux server, but to protect them.
Nikto – security tools for Linux
Nikto is an open source (GPL licensed) web server scanner for Linux that allow you to perform comprehensive tests against 6400 potentially dangerous files/CGIs, Regularly checks for outdated versions of over 1200 servers, and solve version specific problems on over 270 servers. Administrator can also check server configurations easily such as presence of multiple index files, HTTP server options and search detail information about installed web servers and software. – Nikto
Features of Nikto Linux security tool
- SSL support
- Fully HTTP Proxy support
- Automatically and regularly check for outdated server components.
- Provide support for plain text, XML, HTML, NBE or CSV file format for report saving.
- Template Engine
- Customizable Reports
- Scan multiple ports on a server, or multiple servers via input file
- Support for LibWhisker’s IDS encoding techniques
- Scan tuning to include or exclude entire classes of vulnerability checks
- Enhanced false positive reduction via multiple methods: headers, page content, and content hashing
Ethereal – network protocol analyzer for Linux
Ethereal is a one of the most popular multi-platform network protocol analyzer used by network professionals to troubleshooting and analysis the software, protocol development and education. it offer all standard features which you expect from any protocol analyzer. – Ethereal
Features of Ethereal
- Easy to capture data from a live network connection as a "off the wire" or read from a capture file.
- Support for various file formats.
- Easy to read live data from Ethernet, FDDI, PPP, Token-Ring, IEEE 802.11, Classical IP over ATM, and loopback interfaces.
- Browse all capture network data via a GUI or via the TTY-mode "tethereal" program.
- Edit all capture data files programmatically or convert them into "editcap" program via command-line switches.
- Print or save final data as a plain text or PostScript.
- Refine your data display by using a display filter.
- Display filters can also be used to selectively highlight and color packet summary information.
Nmap – Linux security tool and network mapper
Nmap is a know as Network mapper for network exploration or security auditing. it’s free and open source software for system and network administrator to conduct many useful tasks such as network inventory, manage service upgrade schedules and monitor host or service uptime. It use Raw IP Address to find which host available for network, their services and Which operating system they are running etc.. it specially designed to scan large networks, but user can easily use them on single hosts. – Nmap
Features of Nmap
- Cross platform support
- advanced GUI and results viewer
- flexible data transfer
- Debugging tool
- Tool for Compare scan results
- packet generation and response analysis tool
- Portable yet Powerful
- free version
- Well documented
Wireshark – network protocol analyzer for Linux / Unix
Wireshark is a one of the best network protocol analyzer which help you to capture and interactively browse the traffic running on a your computer network. it’s a de facto standard across many industries and educational institutes. – Wireshark
Features of Wireshark
- Deeply inspection of hundred of protocols
- Live Capture and offline analysis
- Standard three-pane packet browser
- Multi Platform
- Browse Captured network data via a graphical user interface (GUI) or via the TTY-mode TShark utility
- Rich VoIP analysis
- Support for many different capture file formats including tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer, Sniffer Pro, and NetXray etc..
- Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others
- Coloring rules can be applied to the packet list for quick, intuitive analysis
- Easy to export final output to XML, PostScript, CSV, or plain text
Nessus vulnerability scanner for Linux
Nessus vulnerability scanner is a one of the most widely use vulnerability scanning program for system administrator to detect the potential vulnerabilities on the network systems. it’s a proprietary software but available free of cost for personal and non enterprise use. – Nessus
Features of Nessus
- High speed vulnerability discovery
- configuration auditing
- asset profiling
- sensitive data discovery,
- patch management integration
- vulnerability analysis of your security posture
- Agentless Auditing
- Content Auditing
- Customizing Reports
- In-depth Assessment
ClamAV – Antivirus Engine for Linux
ClamAV is an open source antivirus software specially designed to detect Trojans, viruses, malware and other malicious threats. It provides a high performance multi -threaded scanning daemon, command line tool for on demand file scanning, and an intelligent tool for automatic signature updates. ClamAV antivirus is a now a de facto standard for mail gateway scanning. – ClamAV
Snort – Network security and intrusion prevention tool
Snort is an open source, lightweight network intrusion prevention and detection system that help you to analysis real time traffic and packet logging on IP networks. With Snort, Administrator can perform various analysis such as protocol analysis, content searching/matching and also easily detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. – Snort
John the Ripper for Linux
John the Ripper, it’s a free and open source password cracker that help you to detect weak Unix passwords. it’s multi platform software and provide support for various password hash types such as Windows LM hashes etc. – John the Ripper
Chkrootkit Linux security tools for Rootkit checking
Chkrootkit is a known as check Rootkit. A common Unix based Rootkit checking program specially designed to help system administrator to check their system for known rootkits. it scan your Linux server regularly for intruders like Trojans and other malicious code and email report to you. – Chkrootkit
Tiger Linux based security Audit
Tiger is a Unix/Linux based security audit and intrusion detection tool. – Tiger Unix security audit