Yes, we know many of these apps are not directly comparable. The real question should be, which one does its job the best.

--jeremy

shorewall?
guarddog?

nmap is awesome. Second choice would be rkhunter.

They are so different. Can't compare them, so I'll of course vote for nmap. Clamav and firestarter would by my other choices.

Snort logs are my lifesaver

Oh, this is too difficult. There's so many worthy contenders. I would have liked to have seen metasploit listed as well.

I think I'm gonna have to have a beer whilst I think about this some more.

Where's the option for AppArmor?

For a home user on one box the one I can't do without is firestarter.
Who needs anti-virus on linux?

Firestarter...nmap...nessus..ethereal...snort......are there non exclusive radio buttons around

Firestarter, shorewall, guarddog ... they're all just a frontend to
a piece of kernel functionality; none of them are security apps in
their own right. Personally I highly value nmap, always good to
a) know your attackers and b) let them know they're being watched ;}

ClamAV is the one

Firestarter. But I find AppArmour should have been there.

Anyone who has:

- apache with SSL enabled
- Samba shares
- email services

Remember: while an Apache exploit really isn't a *nix vulnerability, strictly speaking (it's an app, not an OS), there are exploits in certain versions of Apache and ClamAV comes with signatures to identify the slapper variants which compile on Linux.

Likewise, if you share out files via samba (or NFS) with Windows machines, you want to scan those shares so that you don't end up being a handy storage place for viruses.

Lastly, you don't want to forward virus attachments to others, right? The viruses may not run on your machine (not even under wine!) but they can be a nuisance to others.

I don't use apache, samba and I never forward emails.

I like ettercap to scan for hosts on the network..