Shulou(Shulou.com)06/01 Report--

This article mainly introduces the commonly used network security tools in the Linux system, which have a certain reference value, interested friends can refer to, I hope you can learn a lot after reading this article, the following let the editor take you to understand it.

1. John the ripper in Linux, the password is stored in hash format, you can not reverse from the hash data table to analyze the password, but you can compare with it with a set of words hash, if the same, guess the password. Therefore, a password that is difficult to guess is very critical. In general, you should never use a word that exists in the dictionary as a password, which is quite easy to guess. In addition, some common regular alphanumeric arrangements can not be used as passwords, such as 123abc, etc.

John the ripper is an efficient and easy-to-use password guessing program.

Download the for UNIX program in tar.gz format, and then unlock it to any directory with tar xvfz john*.tar.gz. After entering the src directory and typing into make linux-x86-any-elf (I use redhat 6.1), several execution files are generated in the run directory, including the main program john. Now run. / john / etc/passwd for the Crack password.

John can also Crack the password generated by htpasswd to authenticate apache users. If you use htpasswd-c apachepasswd user to create a user user and generate a password, you can also use john apachepasswd to guess.

John outputs the guessed password on the terminal and stores the guessed password in the john.pot file.

Another password Cracker is known as the classic Cracker.

Second, LogcheckLogcheck is a tool used to automatically check system security intrusion events and abnormal activity records, it analyzes various Linux log files, such as / var/log/messages, / var/log/secure,/var/log/maillog, etc., and then generates a problem report that may have security problems and automatically sends email to the administrator. You can set it on an hourly basis, or use crond to run automatically every day.

After downloading the logcheck tool, use tar xvfz logcheck* to unlock it to a temporary directory such as / tmp, and then use. / make linux to automatically generate the corresponding files to / usr/local/etc,/usr/local/bin/ and other directories. You may change the settings such as sending notification to whose email account is sent to root by default, and you can set the email alias account of root to a group of people. Change the setting to ignore certain types of messages such as plug-gw in your email log file, because plug-gw does a reverse IP lookup, and if it can't find it, log a warning message to / var/log/maillog,logcheck to record all these warnings sent to you by default, you can ignore them by setting them. Use the logcheck tool to analyze all your logfile, avoiding you from checking them manually every day, saving time and improving efficiency.

Third, TripwireTripwire is a very useful tool for checking file integrity, you can define which files / directories need to be verified, but the default setting can meet most of the requirements, it runs in four modes: database generation mode, database update mode, file integrity check, interactive database update. Initialize the database generation, it generates a variety of information on the existing files of the database files, in case later your system files or various configuration files are accidentally changed, replaced, deleted, it will be based on the original database to compare the existing files to find which files have been changed, you can determine whether there is a system intrusion and other unexpected events based on the results of email.

If you use Redhat Linux 6.1, you can also get the latest Tripwire-1.2.3 rebuilt for 6.1.

When you manually change the configuration file or program in the system, you can manually generate the database file again, run tripwire-initialize to create the databases directory in the current directory and generate a new system database file in that directory, and then cp to the / var/spool/tripwire directory to overwrite the old one

Thank you for reading this article carefully. I hope the article "what are the network security tools commonly used in the Linux system" shared by the editor will be helpful to you. At the same time, I also hope that you will support us and pay attention to the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.