Security tools

There are a number of security analysis, monitoring and logging tools. This is a brief summary of some of the more (in)famous and useful tools available for Linux.


SATAN - the Security Administrator's Tool for Analyzing Networks.

SATAN is a tool that probes for a range of common network security problems and advises the administrator on the weaknesses. It has a set of tutorials that explain each security problem and how to rectify the problem.

It is probably the most controversial security tool of all time, and not just because of the name. A lot of people honestly believe that the good guys should not have access to tools like this because the tools can be misused by attackers to gather information for breaking into computer systems.

SATAN v1.1.1 does not compile out of the box for Linux; grab the patched version from the sunsite Linux mirror.


COPS is an earlier security tool that is now somewhat outdated, but still may be worth using.


chkexploit is a Linux-specific tool that examines your system for a myriad of security holes and old versions of programs with security bugs, listing the problem and how to fix it. For example:

ldt: Not vulnerable
  Problem: Local users can gain root access.
  Fix:  Upgrade to a newer Linux Kernel: >= 1.3.20.
  Problem: Local users can use .forward to exec programs.
  Fix: replace /bin/sh by smrsh as your program mailer.

abuse: Not Found
  Problem: Local users can run arbitrary commands as root.
  Fix: Remove SUID bit.


The lastcomm command allows you to view a history of the commands executed by a particular user.


ttysnoop allows the super-user to monitor activity on a pseudo-terminal, such as an incoming telnet connection. The ethics of this are often considered dubious, but it does have uses...


syslog is an under-rated program: it can be configured in a number of ways, including sending log messages to a printer or another computer, which is useful when an attacker can only penetrate one of the computers.

It should be noted that syslog is vulnerable to various attacks, including forgery, denial of service and flooding.

Prev | Home | Next