Host auditing
Assuria Auditor
Assuria Auditor provides deep configuration and vulnerability scanning, inventory reporting, compliance assessment and powerful change detection through an extensible and flexible architecture. It provides vital information assurance and protection for critical business servers and helps maintain systems in a secure ‘known state’. Assuria Auditor utlises a comprehensive built-in Knowledge Base of known security vulnerabilities, security control configurations, up to date patch checks and security best practice information to enable organisations to easily bring their IT infrastructures up to high standards of security, especially servers. Internal IT security knowledge or experience is not necessary, because the built-in Assuria Auditor knowledge base includes not only the thousands of individual checks for a wide range of operating platforms, but also explanations of the implications of each vulnerability and step by step instructions on remediation.
ipacl
The ipacl package from Siemens forces all TCP and UDP packets to pass through an access control list facility. The configuration file allows packets to be accepted, rejected, conditionally accepted, and conditionally rejected based on characteristics such as source address, destination address, source port number, and destination port number. Should be portable to any system that uses System V STREAMS for its network code.
IPchains
IPchains is the user interface to the packet filtering code in the Linux kernel. It can be used to install packet filters on a linux-based router or firewall to protect the router itself and devices behind it from attack across the network.
Ipfilter
Ipfilter provides host-based firewalling software for the BSD, Solaris and Linux kernels. Packets can be restricted by IP address, port etc.; rules can be written to protect an individual host or to implement a dedicated firewall.
ISS Internet Scanner
Internet Scanner performs scheduled and selective probes of communication services, operating systems, applications and routers to uncover and report systems vulnerabilities that might be open to attack.
tcpd (tcpwrapper)
tcpd is the daemon which comes with tcpwrapper. It works on one-off programs like telnet which start running when inetd sees an incoming request on a port. It won't work for programs that run all the time. In short, tcpd is told by inetd what program to start. Before starting that program tcpd checks against its rules file to determine whether the client IP address is permitted to connect to this service. If not, then a variety of other actions can be taken. tcpd can log all connection requests and the action it took with each of them.
tripwire
The utility tripwire is a file integrity checker, which works with cryptographical checksums. The program monitors key attributes of files that should not change, including binary signature, size, expected change of size, etc. The current state of these attributes can be compared against a snapshot taken at a previous time to detect unauthorised changes.
