Archive for the ‘ Lunix ’ Category

Nmap – Free Security Scanner For Network Exploration & Security Audits.

Nmap – Free Security Scanner For Network Exploration & Security Audits.

Nmap (“Network Mapper”) is a free and open source (license) utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are avalable for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), and a utility for comparing scan results (Ndiff).

Zenmap

Zenmap is the official Nmap Security Scanner GUI. It is a multi-platform (Linux, Windows, Mac OS X, BSD, etc.) free and open source application which aims to make Nmap easy for beginners to use while providing advanced features for experienced Nmap users. Frequently used scans can be saved as profiles to make them easy to run repeatedly. A command creator allows interactive creation of Nmap command lines. Scan results can be saved and viewed later. Saved scan results can be compared with one another to see how they differ. The results of recent scans are stored in a searchable database.

You can download Zenmap (often packaged with Nmap itself) from the Nmap download page. Zenmap is quite intuitive, but you can learn more about using it from the Zenmap User’s Guide or check out the Zenmap man page for some quick reference information.

Installation et Configuration de Snoge – System-Linux

Installation et Configuration de Snoge – System-Linux.

Snoge est un logiciel opensource qui permet de représenter dans un Google Earth en “quasi temps réel” d’où proviennent les IP attaquantes relevées par Snort : SnoGe = Snort + Google Earth.

snoge2 jpg

Comme on peut le voir sur l’image, un histogramme bleu représente le nombre d’attaque provenant d’un même FAI. Un histogramme Vert représente le nombre d’alerte par pays. Les lignes montrent les dernières attaques détectées. Plus le lien est foncé, plus l’attaque est récente.

Principe de fonctionnement :

Lorsque qu’une attaque est détectée, Snort écrit l’alerte dans un fichier de log (au format unifié)

Le daemon Snoge :

Examine périodiquement les fichiers de logs de Snort

Relève les dernières alertes

Effectue une géo localisation des IP source

Met à jour un fichier kml (Fichier Google Earth, proche du xml).

Votre Google Earth interroge périodiquement votre serveur Web, afin de récupérer ce fichier kml, et affiche les attaques sur carte mondiale.

htop – an interactive process-viewer for Linux

htop – an interactive process-viewer for Linux.

htop – an interactive process viewer for Linux

This is htop, an interactive process viewer for Linux. It is a text-mode application (for console or X terminals) and requires ncurses. Tested with Linux 2.4 and 2.6.

htop