Introduction to three commonly used network security tools under Linux system

First, John the ripper In Linux, passwords are stored in hash format. You cannot reversely analyze passwords from the hash data table, but can be a group. After the word hash is compared with it, if it is the same, the password is guessed. It is very important to have a password that is difficult to guess. Generally, you can never use a word that exists in a dictionary as a password, which is quite easy to guess. In addition, you can't use some common regular alphanumeric arrangements as passwords, such as 123abc. John the ripper is an efficient and easy to use password guessing program. Its home page is at http://www.openwall.com/john/. Download the tar.gz format for UNIX program, and then use tar xvfz john*.tar.gz to open it to any directory. Enter the src directory, type make linux-x86-any-elf (I use redhat 6.1) will generate several executable files in the run directory, including the main program john. Now you need the Crack password to run ./john /etc/passwd. John can also crack the password generated by htpasswd to verify the apache user. If you create a user user with htpasswd -c apachepasswd user and generate a password, you can also use john apachepasswd to guess. John outputs the password on the terminal when he guesses the password, and saves the guessed password in the john.pot file. Another password cracker is known as the classic Cracker. The home page is at http://www.users.dircon.co.uk/~crypto/2. Logcheck Logcheck is used to automatically check system security intrusion events and abnormal activity records. Tool, which analyzes various Linux log files, such as /var/log/messages, /var/log/secure, /var/log/maillog, etc., and then generates a problem report that may have security issues. Automatically send an email to the administrator. . You can set it to run on an hourly basis, or automatically with crond every day. The logcheck tool's home page is downloaded from http://www.psionic.com/abacus/logcheck/and then tar xvfz logcheck* is used to open a temporary directory such as /tmp, and then use ./make linux to automatically generate the corresponding file to /Usr /local /etc, /usr /local /bin /and other directories, you may change the settings such as the mail account to send notifications, by default sent to root, you can set the root mail alias account to a group of people, change the settings Let it ignore certain types of messages such as plug-gw in your mail log file, because plug-gw does reverse IP lookup, if not found, logs a warning message to /var/log/maillog, logcheck default record All these warnings are sent to you and you can ignore them by setting them. Analyze all your logfiles with the logcheck tool, eliminating the need to manually check them every day, saving time and increasing efficiency. Tripwire Tripwire is a very useful tool for verifying file integrity. You can define which files/directories need to be verified, but the default settings can satisfy most of the requirements. It runs under four modes: database generation mode. , database update mode, file integrity check, interactive database update. When initializing the database generation, it generates a database file of various information about the existing files. In case your system files or various configuration files are accidentally changed, replaced, deleted, it will be based on the original database pair every day. Existing files are compared to find out which files have been changed. You can judge whether there are system intrusions or other unexpected events based on the results of the email. Tripwire's home page is at http://www.tripwiresecurity.com, and the version of tripwire-1.2.3 is free to use. If you use Redhat Linux 6.1, you can also get the latest Tripwire-1.2.3 rebuilt for 6.1. When you manually change the configuration file or program in the system, you can manually generate the database file again, run tripwire-initialize to create the databases directory in the current directory and generate a new system database file in the directory, then cp to /var/Overwrite the old one in the spool/tripwire directory.