Useful Tools For Your Linux System

There are different tools to increase security, depending on the type of defense or security method there are tools for different times and phases.

Hardening is presented as a method where the operating system administrator seeks to maximize his security to prevent an attacker from taking control of that system. A very effective security tool that can be used is Grsecurity , it establishes numerous Linux system controls through a Kermel patch-like system.

Preventive measures

These are the tools we use to prevent vulnerability problems, such as SHOREWALL which is a robust and very flexible high-level tool for configuring firewall walls or distribution for using Firewall as PFSENSE . These tools are responsible for preventing possible intrusions into our server.

Reactive measures

These are the tools that respond to the threat by taking measures to stop the attack and defend the system.

Example: Mod_security is a firewall used as an Apache module and provides protection against various attacks on web applications, another tool is Fail2ban which is an application written in Python to prevent intruders, which acts by penalizing or blocking a remote connection, acting by sanctioning against IP address, blocking it/them.

Detection measures

These tools are used to detect if an attack has occurred or is happening in real time, HIDS: chkrootkit, AIDE, rkhunter . And also NIDS: darken . These tools seek to detect rootkits, backdoor, and exploits, and most of them are terminal programs since they run on a server without a graphical interface and are configured to establish work for periodic and automatic execution.

Recovery measures

They allow data recovery in case the attack leaves backups and disk images on the server. You can use Clonesil for this.

There are also several software that manage protection globally.

AppArmor: Proactively protects the operating system and applications from external or internal threats. Create a running application profile and an intermediate apparmor between the application and the operating system. If any change occurs in this profile during execution, then it blocks the application. It is an alternative to SELinux

SELinux: Security Enhanced Linux is a security module for the Linux kernel that offers an access control mechanism, and its architecture focuses on separating application decisions, similar to the previous one.

With the adoption of all these measures to strengthen and protect your server or computer, we must always update tools, review tool logs to see what messages are produced, remove unnecessary services, constantly check firewall and iptablets to see ips block and if there is any problem.