Security App of the Year
 

Yes, we know many of these apps are not directly comparable. The real question should be, which one does its job the best.

--jeremy

shorewall?
guarddog?

nmap is awesome. Second choice would be rkhunter.

They are so different. Can't compare them, so I'll of course vote for nmap. Clamav and firestarter would by my other choices.

Snort logs are my lifesaver

Oh, this is too difficult. There's so many worthy contenders. I would have liked to have seen metasploit listed as well.

I think I'm gonna have to have a beer whilst I think about this some more. ;)

Where's the option for AppArmor?

For a home user on one box the one I can't do without is firestarter.
Who needs anti-virus on linux?:)

Firestarter...nmap...nessus..ethereal...snort...:D...are there non exclusive radio buttons around :D

Firestarter, shorewall, guarddog ... they're all just a frontend to
a piece of kernel functionality; none of them are security apps in
their own right. Personally I highly value nmap, always good to
a) know your attackers and b) let them know they're being watched ;}

ClamAV is the one

Firestarter. But I find AppArmour should have been there.

Anyone who has:

- apache with SSL enabled
- Samba shares
- email services

Remember: while an Apache exploit really isn't a *nix vulnerability, strictly speaking (it's an app, not an OS), there are exploits in certain versions of Apache and ClamAV comes with signatures to identify the slapper variants which compile on Linux.

Likewise, if you share out files via samba (or NFS) with Windows machines, you want to scan those shares so that you don't end up being a handy storage place for viruses.

Lastly, you don't want to forward virus attachments to others, right? The viruses may not run on your machine (not even under wine!) but they can be a nuisance to others.

I don't use apache, samba and I never forward emails.:)

I like ettercap to scan for hosts on the network..

But you asked your question "Who needs AV on Linux?" as if
there was no need at all ... the fact that you believe you don't
is a whole different story; as far as I'm concerned your not
afraid enough.


Cheers,
Tink

My first post "who needs av anyway?" was tongue-in-cheek, the second one as a reply to KimVette's excellent post and why I don't need it.

:) :)

This was a tough one! I'm a security professional so I use quite a number of these tools on a daily basis...

I chose snort because it is being used and integrated into a LOT of 3rd party products (mostly security appliances) via its "inline" mode. These cheap devices are selling well and will end up making Linux the edge security OS (device) of choice for enterprises and small businesses alike. This is an area previously dominated by proprietary players like Cisco and Check Point.

Of course, a lot of these appliances also use ClamAV, but it's primary purpose is to protect Windows machines so no vote =).

nmap and Nessus are essential tools for me, but nmap hasn't changed much over the course of the year and Nessus announced that they're moving away from the GPL. IMHO, that creates a hole in the FOSS security community that I KNOW there's geeks just dying to fill. It is one of those areas that FOSS excels at and in almost all cases, the FOSS tools are superior to their commercial counterparts.

duh ... how to judge this things
since it's complement each other

anyway ... i choose snort, because
it give more logs (the disk space eater)
than another

:D

I use KMyFirewall, which sets up iptables.

It's a hard choice, but I'll put nmap as #1. JohnTheRipper makes a good #2.

nmap, t0r, p0f

nmap cause it just fork()ing works.

Firestarter. Easy to install (with a little help from Dead parrot :p ). And the wizard caught all those more or less odd services I got running.

My vote goes to Firewall Builder. I don't care it's based on KDE's QT toolkit, it simply rocks! You can not only configure your Linux firewall as strong as you want, but you can also do it for *BSD, MacOS, and even Windows®, very good application!

WHAT?!?!?!?? No Paketto Keiretsu? How could they?

http://www.doxpara.com/paketto/

Seriously.

(And btw, nmap out of what they have, then snort (though I use airsnort)).

Really, these things can't be compared farely.

Nobody should have a matter with nmap. Even with the controvcy of closing the source Nessus still is a great application (again I do not agree with closing its source).

One thing which might not be highlighted much but might have a great future is SELinux. My guess is it can be the norm in Linux security with growing implementation. Althought it changes the Linux security model in to something I never knew, it looks really promising.

nmap. But AppArmor should have it's place in this list.

security apps
 

While all of these apps serve different purposes, SELinux has done the most for me. Labeling and kernel based policy enforcement does a great job of partitioning security. I got tired of running "jails" for each service.

Ethereal. It is very important if you have any sort of a LAN or are connected to the Internet.

I agree, and I dont consider SELinux an app. Its by far the most complex technology on the list which enhances the kernel to a higher security level. Check the "Orange Book"http://www.radium.ncsc.mil/tpep/libr...00.28-STD.html, SELinux (Mandatory Access Control level) makes Linux (if well configured) far more secure than any other Windows (Discretionary Access Control) or even UNix.

I'd probably vote 8.333% for each if I can.

Where's guardog ?
 

I can see firestarter in the list but my security app of the year is guardog far more logical for me to use and configure.

Chalk one vote up for Guardog for me

Firehol is missing again? And what about ettercap?

Daemonshield
 

more on http://sourceforge.net/projects/daemonshield/. Great tool to stop the brute force SSH attacks.

Shorewall on the desktop. Easy to config and modify. Just works.

I know these aren't strictly apps but I feel much better with a dedicated Smoothwall or IPCop machine running!

Ethereal????
 

:scratch: I had to do a search. Certainly Ethereal had to be in here somewhere.

Like the Crescent Wrench for debugging net issues. Handy for so many things, but in the wrong hands...

Can we add Shorewall (Shoreline Firewall) to the list?

...click... ...click... ...click... Damn radio button!!!

Bobby

rkhunter
Tripwire
nmap
Shorewall with webmin.
f-prot

I must say IPCop is badly broken / sucks. Back orifice, trace route and many other things slip past. Port scans are never logged. I can not say enoff bad things about this firewall. Run firestarter or any other firewall behind IPCop to see just how bad it is.

Which version of IPcop (i guess were, now, lol) running?

edit: Sorry to get off topic, ppl. Just curious.

I was using 1.4.10. I just rolled my own firewall.
To get back on topic firestarter or snortsam must be the best of the year.