5. Software URL download map and checklist

• Software recommended and used for the TrinityOS doc (roughly in this order). ** NOTE** Put all code in /usr/src/archive/ I personally recommend to putting ALL additional software source code, RPMs, etc in /usr/src/archive. In the "archive" directory, I make subdirectories for the various code like dns, ssh, sendmail, etc. This IS your box though so put things ANYWHERE you so wish. :)

5.1 Master site for all Internet RFCs:

• http://www.cis.ohio-state.edu/rfc/

5.2 The Master IANA site

• For all Internet port numbers, protocol numbers, etc. A VERY recommended place to go, download them ALL, and put them in /etc/iana.
  • http://www.iana.org/numbers.htm
  To create a local copy, do the following:

  ---

         mkdir /etc/iana
         cd /etc/iana/
         wget -r -l 1 -nH --no-parent http://www.iana.org/numbers.htm
    
  

  ---

5.3 Master site for all known Internet Trojan ports

• http://www.simovits.com/sve/nyhetsarkiv/1999/nyheter9902.html

5.4 Distribution Sites and Update MIRRORS:

Any Service Packs, security patches, etc. for your installed Slackware or Redhat distribution(s)

Mandrake Updates:

• Master URL: http://www.linux-mandrake.com/en/security/

Redhat Updates:

• Master MIRROR URL: http://www.redhat.com/mirrors.html

• Fast: ftp://ftp.codemeta.com/pub/mirrors/redhat/updates/;

• 5.2 only: ftp://ftp.infomagic.com/pub/mirrors/linux/RedHatUpdates/

5.5 Newest stable kernel

ftp://ftp.kernel.org/pub/linux/kernel/ or ftp://ftp.freesoftware.com/pub/linux/sunsite/kernel/

2.6.x

• 2.6.11.10 is stable

2.4.x

• 2.4.30 is stable
  • All kernels less that 2.4.20 have the lcall7 local DoS attack vunerability. No REMOTE DoS attack is possible.
  • All kernels less than 2.4.13 have a serious symlink vunerability. Please upgrade your kernel.
  • Please note that the 2.4.x series of kernels is still quite new and some aspects of it are immature in comparison to 2.2.x kernels ( PCMCIA, Power Management, etc ). But, several new aspects of the 2.4.x kernels might make you want to try it (faster IP stack, stateful firewalls, journaled filesystems, etc. )

2.2.x

• 2.2.26 is stable
  • All versions less than 2.2.22 have a local denial of service risk though no REMOTE DoS attack is possible.
  • ALL versions less than 2.2.16 have a TCP exploit that when combined with tools such as Sendmail, will leed to a root compromise.
  • All kernels below 2.2.12 have a IP fragmentation bug. This will make ALL strong IPCHAINS rule sets vulnerable!
  • 2.2.11 has a memory leak issue.

2.0.x

• 2.0.40 is stable
  • Any lower version have a DoS attack against the TCP/IP stack

5.6 IP NAT, MASQ, Load Balancing, and High Availability tools

• There are several implementations but here are the common ones:
  • A Good Master Reference to the various NAT implimentations for multiple Operating Systems
    • http://www.uq.net.au/~zzdmacka/the-nat-page/

  • Main Linux NAT, Load Balancing, and High Availability reference site:
    • http://www.linas.org/linux/load.html

  • Newer NAT implementations:
    • IPROUTE2: The primary true Many:Many NAT implimentation for 2.2.x kernels - ftp://ftp.inr.ac.ru/
      • Mirror: ftp://ftp.tux.org/people/alexey-kuznetsov/ip-routing/
      • Documentation #1: ftp://post.tepkom.ru/pub/vol2/Linux/docs/
      • Documentation #2: http://www.compendium.com.ar/policy-routing.txt
      • Advanced Routing HOWTO: This doc covers IPROUTE2, Policy-based routing (source IP), GRE tunnels, Multicast, Queueing, etc, and more - http://www.linuxdoc.org/HOWTO/Adv-Routing-HOWTO.html

    • An older NAT implimentation available here: http://proxy.iinchina.net/~wensong/ipnat/

  • Excellent tutorials on Linux NAT and the home of one of the first implementations:
    • http://www.csn.tu-chemnitz.de/HyperNews/get/linux-ip-nat.html or
    • http://www.suse.de/~mha/HyperNews/get/linux-ip-nat.html

MASQ E-mail list : By far the BEST way to get MASQ-help (very helpful!!)

• Send mail to mailto:masq-request@tiffany.indyramp.com

Linux IP Masq

2.4.x kernels

• NetFilter now provides for both 1:Many Masq-like NAT and true 1:1 NAT:
  • http://www.netfilter.org/documentation/index.html

2.2.x kernels

• NOTE: ALL versions less than 2.2.16 have a IP fragmentation bug (among other things). This will make ALL strong IPCHAINS rule sets vulnerable! Upgrade NOW!
  • IPCHAINS Main site:
    • http://www.netfilter.org/ipchains/

  IPMASQADM port forward patches:

  • http://ipmasq.webhop.net/juanjox/ or
  • ftp://ftp.compsoc.net/users/steve/ipportfw/linux21/

  The beginnings of Stateful Inspection for Linux:

  • 2.0.x kernels
    • http://www.ifi.unizh.ch/ikm/SINUS/firewall.html

  • 2.1.x / 2.2.x kernels
    • ftp://ftp.interlinx.bc.ca/pub/spf

2.0.x kernels

• IPFWADM (source must download regardless if installed with Redhat)
  • Slackware:
    • ftp://ftp.xos.nl/pub/linux/ipfwadm/ipfwadm-2.3.0.tar.gz
  • Redhat:
    • ftp://ftp.xos.nl/pub/linux/ipfwadm/ipfwadm-2.3.0-1.src.rpm

• IPFWADM patches (if required for pre-2.0.30 kernels) at:
  • http://ipmasq.cjb.net/ipfwadm-2.3.0-generic-timeout.patch.gz

• IPCHAINS support for the 2.0.3x kernels
  • http://aemiaif.lip6.fr/willy/pub/linux-patches/ipnat/
  • http://www-miaif.lip6.fr/willy/pub/linux-patches/

• IPPORTFW Port forwarding for 2.0.x kernels
  • Homepage:
    • http://www.ox.compsoc.org.uk/~steve/portforwarding.html
  • Patches:
    • ftp://ftp.ox.compsoc.org.uk/pub/users/steve/ipsubs/sub-patch-1.37.gz

• Interpreting Firewall hits:
  • This is a great URL in addition to the content in Section 10 on how to interpret your firewall logs and what all the information means:
    • http://www.robertgraham.com/pubs/firewall-seen.html

5.7 PPP - v2.4.3 (not needed for most cable modem users)

Primary site: http://www.samba.org/ppp/index.html/

5.8 ML/PPP

• PPPd now supports ML/PPP as of 2.4.x (see above)
• Strong Implimentation: http://mp.mansol.net.au/mp/
• Lots of data, little code: ftp://ftp.east.telecom.kz/pub/src/networking/ppp/multilink
• Another implementation (runs on 2.2.x+ and he is looking for testers) http://linux-mp.terz.de
• Dead link? http://mp.ins-coin.de

5.9 PPPoE (PPP over Ethernet) : Needed for some DSL and Cablemodem users

Very popular user-space client : Primary Site: http://www.roaringpenguin.com/pppoe.html

Kernel-Space client known for somewhat better performance: http://www.davin.ottawa.on.ca/pppoe/

Some other informational URLs as well:

http://www.suse.de/~bk/PPPoE-project.html

http://www.sympaticousers.org/faq.htm

5.10 Diald v1.00 (not needed for cable modem users)

Diald is now maintained by a new author and site:

http://diald.sourceforge.net

RPMS: http://ipmasq.webhop.net/juanjox/

Download the original Diald and Diald patches (Diald v0.16.5)

http://www.loonie.net/~eschenk/diald.html

5.11 Bind / Named current: 9.3.1 and 8.4.6

Sources: ftp://ftp.isc.org/isc/bind/src/

Versions: 9.2.2 requires non-vulnverable OpenSSL code. It's also recommend to download both the source code /and/ the associated .asc PGP signature for that version of BIND.

RPMs: Finding new RPMs for the newest versions of Bind isn't very easy. Once place you might have luck is the CONTRIB area of sites like Redhat and Mandrake. Those RPMs seem to work fine but some people do NOT trust someone else's compiled code, so, it's your choice.

ftp://rawhide.redhat.com/

You can also find a chroot-ed version of bind here:

ftp://ftp.fi.muni.cz/pub/users/kas/bind-chroot/

Announcement list:

Send email to bind-announce-request@isc.org with "subscribe" in the subject field.

5.12 Vlock (stock in Redhat if installed)

ftp://ftp.freesoftware.com/pub/linux/sunsite/utils/console/vlock-1.0.tar.gz

5.13 Network Sniffers

- TCPDUMP (stock in Redhat if installed) - Excellent network packet sniffer

ftp://ftp.freesoftware.com/pub/linux/sunsite/system/network/management/ or ftp://ftp.ee.lbl.gov/tcpdump.tar.Z

- IPtraf - Excellent high level network protocol watcher

- Current 2.7.0

http://iptraf.seul.org

- EtherReal - An excellent GUI decoder

- Current 0.10.11

http://ethereal.zing.org/

5.14 Sendmail current: v8.13.4, v8.12.11, and v8.11.7

ftp://ftp.sendmail.org/pub/sendmail/

Both Sendmail 8.12.9 and 8.11.7 are secure though they have a problem with the "smrsh" shell. TrinityOS doesn't use this but if you are concerned about it, a patch is available. Currently, if you plan to use 8.11.x, you need to run 8.11.7 secure it from a few recently found remote root exploits.

RPMs: The newest Sendmail is NOT available in RPM form from sendmail.org but it IS in Redhat's CONTRIB area. It seems to work fine but some people do NOT trust someone else's compiled code, so, it's your choice.

ftp://ftp.infomagic.com/pub/mirrors/linux/RedHatContrib/libc6/i386

Announcement list:

Send an email to majordomo@Lists.Sendmail.ORG with the text "subscribe sendmail-announce" in the body of the message.

5.15 POPAuth

I have taken over ownership of these documents but haven't had a chance to post them yet. If you would like to get a copy of them, please email me

For allowing remote POP-3 clients to be able to use the SMTP server to send email.

5.16 Virtual Email domains

To support multple email domains w/ Sendmail, Qmail, etc check out:

http://www.linuxdoc.org/HOWTO/Virtual-Services-HOWTO.html

5.17 DHCP Server - DHCPd v3.0.2

DHCP Faq: http://www.dhcp-handbook.com/dhcp_faq.html#hddhs

RFC Info: http://www.dhcp.org/rfc2131.html

http://www.dhcp.org/rfc2132.html

Legacy Info: http://www.cis.ohio-state.edu/rfc/rfc1542.txt

Download: http://www.isc.org/dhcp.html

5.18 DHCP Client

DHCP HOWTO: http://www.tldp.org/HOWTO/mini/DHCP/index.html

dhclient v3.0.2 comes with the server code above

DHCPcd 1.3.22-p14: http://www.phystech.com/download/dhcpcd.html

Other DHCP info:

http://www.linux-firewall-tools.com/linux/firewall/index.html

A HOWTO specific to the RoadRunner Cablemodem setup, but it's still a good site: http://www.vortech.net/rrlinux/

5.19 WU-FTP v2.6.2 - with multiple patches

FTP: ftp://ftp.wu-ftpd.org/pub/wu-ftpd/

FAQ: http://www.cetis.hvu.nl/~koos/wu-ftpd-faq.html

5.20 NetWatch

ftp://ftp.digital.com/pub/linux/redhat/powertools-5.0/i386/

5.21 Getdate (NTP) - v1.2 (Was SETTIME)

ftp://metalab.unc.edu/pub/Linux/system/network/misc/getdate_rfc868-1.2.tar.gz

5.22 NTP Clock Sources

http://www.eecis.udel.edu/~mills/ntp

5.23 Tape Back up:

- BRU (it's not free but it's the best Linux backup software out there IMHO. This is one place you just CAN'T skimp!) Recommended!

http://www.estinc.com

5.24 Mozilla v1.7.8 ( Netscape is dead)

Original Mozilla (deprecated) - 1.7.8 Firefox - 1.0.4 Thunderbird - 1.0.2

ftp://ftp.mozilla.org

5.25 SSH

Commonly used BSD licensed OpenSSH client/server (totally free) - current: 4.0p1 http://www.openssh.com/

Original Commercial SSH.com client/server (free for Linux :: for now) - current: 3.2.6.1 http://ftp.ssh.com/pub/ssh/

Additional UNIX SSH tunneling URLs:

http://www.ccs.neu.edu/groups/systems/howto/howto-sshtunnel.html

5.26 MDADM and Raidtools

MDADM v1.11.0): http://www.cse.unsw.edu.au/~neilb/source/mdadm/

Good but old info on Linux RAID: http://linas.org/linux/raid.html

Raidtools (DEPRECATED) 1.00.3: http://people.redhat.com/mingo/raidtools/

5.27 Samba current: 3.0.14a (stock in most distros if installed)

http://www.samba.org

Also, they have great docs at http://samba.anu.edu.au/

5.28 PCMCIA Services - 3.2.8

http://pcmcia-cs.sourceforge.net/

5.29 UPS software - APCUPSd and Powerchute

Original and quite nice APCUPSd open-source daemon - v3.10.17a: http://www.apcupsd.com/ or http://www.sibbald.com/apcupsd/

Official APC Powerchute for Linux - v4.5.3 - Free closed-source daemon with excellent Xwindows support: http://www.apcc.com/tools/download/index.cfm

5.30 Apache WWW server - 2.0.54 and 1.3.33

Standard Apache: http://www.apache.org or ftp://ftp.redhat.com/pub/contrib/i386/apache-1.2.6-5.i386.rpm

SSL-encrypted Apache:

http://www.apache-ssl.com/

5.31 File Integrity testing/Monitoring

TripWire:

Tripwire has gone OpenSource for LINUX! Woohoo! Though it isn't available quite yet, it will be there soon:

http://www.tripwire.org

Also, as of v2.2.1, Tripwire now runs on Glibc.

http://www.tripwiresecurity.com/products/Tripwire_ASR20.cfml

You can also get the older versions here:

ftp://coast.cs.purdue.edu/pub/COAST/Tripwire

Aide:

AIDE is a GNU version of Tripwire - v0.10

http://sourceforge.net/projects/aide

ViperDB:

ViperDB is another GNU version of Tripwire

http://www.resentment.org/projects/viperdb/index.html

5.32 RPM update tools:

AutoRPM current version: 1.9.8.1

http://www.kaybee.org/~kirk/html/linux.html

The Perl module "Libbet"

http://cpan.valueclick.com/modules/by-module/Net/

RPM Watch current version: 1.1

(does not work for Redhat 5.2+) [Will be phased out] ftp://ftp.iaehv.nl/pub/users/grimaldo/rpmwatch-1.1-1.noarch.rpm

RPMLevel (from the author of RPMWatch)

http://coralys.com/products/

5.33 Mkisofs

ftp://ftp.fokus.gmd.de/pub/unix/cdrecord/mkisofs/

5.34 Compression tools

BZip2 : http://sourceware.cygnus.com/bzip2/index.html

5.35 Bash HOWTO

http://www.linuxdoc.org/HOWTO/Bash-Prompt-HOWTO.html Also see Section 42 in TrinityOS

5.36 Dial-In Server HOWTO

http://www.swcp.com/~jgentry

5.37 SWAN / IPSEC VPN

Project home page:

http://www.xs4all.nl/~freeswan or http://www.flora.org/freeswan/

SWAN email list:

http://www.xs4all.nl/~freeswan

Overview http://www.cygnus.com/~gnu/swan.html

Download the IPSec code from:

Broken? ftp://ftp.xs4all.nl/pub/crypto/freeswan

Works ? http://ftp.xs4all.nl/pub/crypto/freeswan

or

http://www.flora.org/freeswan/download

Other Mini-HOWTOs:

https://www.seifried.org/articles/ipsec/

5.38 PPTP VPNs and client software

• Client: http://sourceforge.net/projects/pptpclient/pptp-linux-1.1.0-1.tar.gz
• PPP shim: http://sourceforge.net/projects/pptpclient/ppp-mppe-2.4.0-4.tar.gz

• Additional docs: http://pptpclient.sourceforge.net/howto.html#setup
• Addition troubleshooting: http://pptpclient.sourceforge.net/howto-diagnosis.phtml

• IPMASQ patches: ftp://ftp.rubyriver.com/pub/jhardin/masquerade/ip_masq_vpn.html

5.39 PGP Email Encryption

• PGP: http://web.mit.edu/network/pgp.html

5.40 Serial consoles and Remote TELNET

• Remote Serial HOWTO (for more details on configuring serial consoles): http://tldp.org/HOWTO/Remote-Serial-Console-HOWTO/

5.41 IP logger

ftp://ftp.tu-graz.ac.at/pub/linux/redhat-contrib/SRPMS/iplogger-0.1-1.src.rpm

5.42 Hardware Performance Tuning:

• PowerTweak - optimize the BIOS/Chipset/PCI registers http://powertweak.sourceforge.net/
• Preempt patch - make the kernel more responsive under load http://www.tech9.net/rml/linux/
• IRQTune - optimize IRQ response times - good for PPP/Modem users ftp://shell5.ba.best.com/pub/cae/irqtune.tgz
• HDparm - good for hardcore IDE performance users ftp://sunsite.unc.edu/pub/Linux/kernel/patches/diskdrives

5.43 Security Documentation, Tools, and Resources

Various Security Mailing lists and documentation

• http://www.shmoo.com

The Linux Security HOWTO

• http://www.linuxdoc.org/HOWTO/Security-HOWTO.html

Logging tools:

• CheckLogs:
  • http://www.iae.nl/users/grimaldo/chklogs.shtml

• Swatch:
  • ftp://ftp.stanford.edu/general/security-tools/swatch

• Psionic LogCheck:
  • http://www.psionic.com/abacus/logcheck

• LogSurfer: (like Swatch but with state checking!)
  • http://www.cert.dfn.de/eng/logsurf/home.html

- Nmap - v3.81 :

http://www.insecure.org/nmap/

- Nessus - 2.24 :

http://www.nessus.org/

- COPS (old)

ftp://ftp.freesoftware.com/pub/linux/sunsite/system/security/cops_104.tgz

- Saint (new version of Satan)

http://www.wwdsi.com/saint/

- SATAN (Old)

Newer: ftp://ftp.porcupine.org/pub/security/index.html

Older ftp://ftp.win.tue.nl/pub/security/satan.tar.Z

- Solar buffer-overflow fixer

ftp://ftp.huwig.de/pub/linux/mama/2.0/stack_noexec-symlink-security-fix.bz2

- Kurt Seifried's Linux Administrators Security Guide (LASG)

https://www.seifried.org/lasg/

- Ofir Arkin's paper on ICMP protocol fingerprinting

http://www.sys-security.com/archive/papers/ICMP_Scanning_v2.0.pdf

- Other URLs:

Test Exploits: http://www-miaif.lip6.fr/willy/security/

Test Exploits: http://www.rootshell.org

Test Exploits: http://www.l0pht.com

Test Exploits: http://www.geek-girl.com

Security Alerts: Subscribe to BugTraq at mailto://LISTSERV@NETSPACE.ORG

More Security:

http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html#security

http://www.ecst.csuchico.edu/~jtmurphy/

- Abacus Security Initiative

Includes host_sentry, port_sentry and logchecker.

http://www.psionic.com/abacus

- Intrusion Detection Systems (IDS) Tools SHADOW (SANS)

SHADOW (SANS): http://www.nswc.navy.mil/ISSEC/CID/step.htm

Snort: http://www.snort.com

- Network Flight Recorder

Setup HOWTO: http://www.nswc.navy.mil/ISSEC/CID/nfr.htm

NFR software: http://www.nfr.net/download/

NFR ID Attack ID Packages: http://www.nswc.navy.mil/ISSEC/CID/nfr_id.tar.gz http://www.l0pht.com/NFR/

5.44 WWW proxy (Apache or Squid)

5.45 WWW Ad banner filtering

http://www-math.uni-paderborn.de/~axel/NoShit/index.html

patch: http://www.america.com/~chrisf/web/NoShit/WebFilter_0.5.patch.gz

Example filter: http://www.america.com/~chrisf/web/NoShit/library.txt

5.46 Zip drive

http://www.torque.net/~campbell

5.47 Linux Applications:

http://www.xnet.com/~blatura/linapps.shtml

5.48 Linux Games:

X-Shipwars: http://fox.mit.edu/xsw/

5.49 Linux Instant Messenger clients:

• GAIM 1.3.0 http://gaim.sf.net
• Reviews of different IMs for Linux: http://www.linuxnetmag.com/en/issue2/m2icq1.html http://www.portup.com/~gyandl/