Installing Security Tools
The Ubuntu repositories contain several useful tools for maintaining a secure network and network administration. This page attempts to list the most popular and useful of these utilities, a brief description of them, and how to install them.
Wireshark (Previously called Ethereal) - a popular network traffic analyzing tool, that can capture both off the wire and from existing capture files. It features a helpful GUI to ease analysis. Note: The Universe package adds a menu entry that expects the user to have a root account. To use ethereal in Ubuntu, use gksudo in a terminal. You should only run it using sudo if need to capture packets live; root privileges are not required to read saved capture files. For Ubuntu 6.06 and earlier install the ethereal and ethereal-common packages from the Universe Repository.
For Ubuntu 6.10 onwards install install the wireshark and wireshark-common packages from the Universe Repository.
''Nessus'' - a powerful remote network security auditor, with a nice GUI. Nessus supports plugins and offers a usually current attack database. It also features useful scripting abilities, allowing you to automate many tasks. Nessus is no longer open source, but is available free for personal use.
''OpenVAS'' (The Open Vulnerability Assessment System) is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. The actual security scanner is accompanied with a daily updated feed of Network Vulnerability Tests (NVTs), over 20,000 in total (as of January 2011). All OpenVAS products are Free Software. Most components are licensed under the GNU General Public License (GNU GPL). (forum thread on how to install and use.)
Nmap - the standard network mapper. Has a thousand and one uses. To install Nmap install the nmap package.
Etherape - an etherman clone. It displays network activity with an intuitive UI. Install the etherape package from the Universe Repository.
Kismet - a wireless sniffing tool. Includes support for GPS map scanning with in use of the gpsdrive package. Install the kismet package from the Universe Repository.
Chkrootkit - chkrootkit can be used to help determine if a machine has been compromised. While not what you should use for the 'final word' on if you have been compromised, it runs a lot of useful checks and can direct suspicions towards finding a solution. To install chkrootkit install the chkrootkit package.
Rkhunter (Ubuntu 6.06 and above only) - another rootkit detection software. Install the rkhunter package from the Universe Repository.
tiger - Tiger is a package consisting of Bourne Shell scripts, C code and data files which is used for checking for security problems on a UNIX system. It scans system configuration files, file systems, and user configuration files for possible security problems and reports them. Install tiger chkrootkit john.
GnuPG - also known as GPG, is an open source PGP replacement implementing the OpenPGP standard. Lacks support for IDEA, but is incredibly useful. Included by default. GnuPG will allow you to encrypt emails, digitally sign, and integrates well into the Evolution mail client as well as Thunderbird.
Seahorse - a light-weight Gnome frontend for GPG, makes managing keys much easier. Install the seahorse package from the Universe Repository.
Nemesis - a command-line based packet injection utility. Requires a bit of reading the documentation to get full use from. To install nemesis install the nemesis package from the Universe Repository.
Tcpdump - while its name suggests that it works for only TCP, tcpdump also supports UDP, BGP, NFS, and a lot of other packet types. It is a powerful network utility that should be in every admins toolbox, allowing you to pull in everything off the wire. In combination with ethereal it doesn't miss much. To install tcpdump install the tcpdump package.
OpenSSH - OpenSSH almost singlehandedly stopped admins from using telnet, an insecure protocol. The OpenSSH client is installed by default. Generally you want to use SSH instead of telnet or rsh. In some situations, such as large number of clients, you might want to pursue other options, such as telnet with ssl. To install the ssh server install the openssh-server package.
denyhosts (Ubuntu 6.10 and above only) - scans your SSH logs to find brute-force attacks, and then blocks the IPs they came from. To install denyhosts install the denyhosts package.