LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   Vulnerability Scanner? (https://www.linuxquestions.org/questions/linux-software-2/vulnerability-scanner-74848/)

AquamaN 07-22-2003 09:22 AM
Vulnerability Scanner?
 
Hey everyone,

I just dipped into the world of webservers and of course I'm concerned about the vulnerability issue when it comes to them. I know of a program for Windows that is called Retina and it scans for just about every vulnerability known to man on any platform.. but the problem is that it is for windows and I don't like to be in windows too much at all... So, is there a program that is it's equivilent for linux? (I know there are tons, but I need something that is moderately easy to use and maintain). I want to be able to just plug in the IP addy of my webserver and scan it, find out what vulnerabilities it has and then Patch them. The nice thing about Retina is that it tells me how or where I could patch the vulnerability that was on my servers. Thanks for any insight! :D

-AquamaN

TheCoffeeMug 07-22-2003 09:53 AM
I don't know any scanner that especially deals with webservers, but it is always good to scan for rootkits:

http://www.chkrootkit.org/

dkaplowitz 07-22-2003 09:58 AM
If you are talking different functionality than that of nmap (port scanner), then you may want to check out COPS, which you can run nightly with cron to tell you about vulnerabilities and gives you an idea of what to do to correct those issues.

There is another called SAINT, which evolved from SATAN. This is probably closer to what you want, since it knows a lot about Unix servers and can tell you more about what to do to fix any vulnerabilities.

Good luck.

AquamaN 07-22-2003 09:58 AM
Excelent, thanks a lot! I'll try all those out and let you know how it goes. Thanks again!

-AquamaN

DrOzz 07-22-2003 10:00 AM
do a search in LQ.org for saint, cause the program is not free anymore, and i posted a link to someone where you can get saint 3.5 for free.

dkaplowitz 07-22-2003 10:12 AM
Oops...I noticed SAINT is not freeware/opensource, though I'm pretty sure SATAN was/is. Sorry 'bout that. There's likely something similar in the open source world, but I'm not sure what exactly that might be. COPS should do you pretty good in the meantime though.

dkaplowitz 07-22-2003 10:18 AM
I noticed dr0zz's previous post (thanks man!).

Here's the link for SAINT 3.5:

http://linux.iconet.com.br/internet/...654_32413.html

AquamaN 07-22-2003 10:39 AM
Thanks again!!! :)

-AquamaN

ranger12002 07-22-2003 11:03 AM
you can also try nessus it scans for like 1200 vulnerabilities (last time i checked) an i am pretty sure its free


All times are GMT -5. The time now is 08:04 PM.