DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD Security

FreeBSD Security Securing FreeBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 2nd May 2008
syrushcw syrushcw is offline
Port Guard
 
Join Date: May 2008
Posts: 17
Default Programs

What are good security programs to know on FreeBSD all I know is Nmap and metasploit. Whats your favorite security program and what is it used for?
Reply With Quote
  #2   (View Single Post)  
Old 2nd May 2008
anomie's Avatar
anomie anomie is offline
Local
 
Join Date: Apr 2008
Location: Texas
Posts: 445
Default

[ As you know "security program" is a really broad category. ]

I have lots of favorites, but I appreciate the aide HIDS a lot. Another HIDS may be just as effective, but aide is what I'm accustomed to. My understanding is it's modeled after tripwire. Anyway, it has made my life a lot easier in situations where there are a couple sudoers on a box that I'd like to monitor for file changes in certain directories.

I also find the lsof utility surprisingly useful for what could be considered security purposes. If there is a process on my system I don't recognize, I can easily take a look at what files it has open by using the process's PID. Contrived example (using a PID associated with cupsd):
Code:
# lsof -p 1032
COMMAND  PID USER   FD     TYPE     DEVICE SIZE/OFF    NODE NAME
cupsd   1032 root  cwd     VDIR      0,110      512 6994944 /usr/home/jail/10.0.0.101
cupsd   1032 root  rtd     VDIR      0,110      512 6994944 /usr/home/jail/10.0.0.101
cupsd   1032 root  jld     VDIR      0,110      512 6994944 /usr/home/jail/10.0.0.101
cupsd   1032 root  txt     VREG      0,110   620223 7160487 /usr/home/jail/10.0.0.101/usr/local/sbin/cupsd
cupsd   1032 root  txt     VREG      0,110   161600 6995046 /usr/home/jail/10.0.0.101/libexec/ld-elf.so.1
cupsd   1032 root  txt     VREG      0,110    64284 6995044 /usr/home/jail/10.0.0.101/lib/libz.so.3
cupsd   1032 root  txt     VREG      0,110   543878 7113945 /usr/home/jail/10.0.0.101/usr/local/lib/libgnutls.so.13
cupsd   1032 root  txt     VREG      0,110   340868 7090128 /usr/home/jail/10.0.0.101/usr/local/lib/libgcrypt.so.13
cupsd   1032 root  txt     VREG      0,110    13975 7090089 /usr/home/jail/10.0.0.101/usr/local/lib/libgpg-error.so.0
cupsd   1032 root  txt     VREG      0,110   501095 7160438 /usr/home/jail/10.0.0.101/usr/local/lib/libcups.so.2
cupsd   1032 root  txt     VREG      0,110    94448 6995023 /usr/home/jail/10.0.0.101/lib/libm.so.4
cupsd   1032 root  txt     VREG      0,110    28680 6995022 /usr/home/jail/10.0.0.101/lib/libcrypt.so.3
cupsd   1032 root  txt     VREG      0,110   140200 6995040 /usr/home/jail/10.0.0.101/lib/libpthread.so.2
cupsd   1032 root  txt     VREG      0,110   929420 6995020 /usr/home/jail/10.0.0.101/lib/libc.so.6
cupsd   1032 root  txt     VREG      0,110    39998 7843917 /usr/home/jail/10.0.0.101/usr/local/lib/libintl.so.8
cupsd   1032 root  txt     VREG      0,110  1041012 7822254 /usr/home/jail/10.0.0.101/usr/local/lib/libiconv.so.3
cupsd   1032 root    0u  KQUEUE 0xc3814d00                  count=0, state=0x2
cupsd   1032 root    1r    VCHR       0,10    0t600      10 /usr/home/jail/10.0.0.101/dev (devfs) (like character special /dev/random)
cupsd   1032 root    2u    VREG      0,110   105077 6995665 /usr/home/jail/10.0.0.101/var/log/cups/error_log
cupsd   1032 root    3u    IPv4 0xc37e8570      0t0     TCP printer.bunnyland.local:ipp (LISTEN)
cupsd   1032 root    4u    unix 0xc3611590      0t0         /var/run/cups.sock
cupsd   1032 root    5u    IPv4 0xc3612ec4      0t0     UDP printer.bunnyland.local:ipp
cupsd   1032 root    6u    PIPE 0xc3597660    16384         ->0xc3597718
cupsd   1032 root    7u    PIPE 0xc3597718        0         ->0xc3597660
cupsd   1032 root    8u    VREG      0,110     5094 6995918 /usr/home/jail/10.0.0.101/var/log/cups/page_log
cupsd   1032 root    9u    VREG      0,110   107499 6995575 /usr/home/jail/10.0.0.101/var/log/cups/access_log
__________________
Kill your t.v.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Uncompatable BSD programs and drivers oscurochu FreeBSD General 11 25th August 2009 06:22 PM
[Link] Runnable Userspace Meta Programs in NetBSD 5.0 s0xxx NetBSD General 1 23rd May 2009 07:05 AM
problem passing /dev/fd/n to programs TerryP Programming 2 15th April 2009 08:24 AM
Distributed Computing Programs JMJ_coder General software and network 0 25th November 2008 08:50 PM


All times are GMT. The time now is 03:21 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick