Focus on Software

logtool, log_analysis, fwlogwatch and more.

Internets, Intranets, LANs, WANs and more. Frankly, I don't care how a system is connected, be it Ethernet, Token Ring, FDDI, Frame Relay, dial-up PPP, wireless, ham radio, satellite or two cans and a string. If it's connected to something else, even intermittently, it's vulnerable. Recently, Red Hat demonstrated to the world that installing unsecure, vulnerable and, even worse, unnecessary services is a highly security-challenged proposition to the Nth. I don't want to pick on Red Hat; most distributions do similar security-challenged things. But they shouldn't. For my money, no service should be turned on by default, whether the customer asked for a full install or not. Even worse, few distros explain logs and all they offer in their little getting started book. The syslog files (/etc/syslog.conf and the logs themselves) are not “black arts” stuff. They're just boring. Or so we hope. If you have an intruder, or attempted intrusions, these logs can be rather interesting. I've found myself on the edge of my chair as I read through the logs, watching an intrusion and wondering if this wannabe cracker or script kiddie is going to make it in. Okay, so I'm eccentric. But I'm hoping a few offerings centered on system logs might spark a little interest in a bunch of dull log files.

logtool: http://users.digitex.net/~max/

The logtool utility is another of those small things that sometimes go a long way. All a logtool does is colorize log entries. It makes the date-time stamp one color, originating system another, the facility a third color and the message itself a fourth color. This really breaks out a log entry when you have a large number of them on the screen at one time, making reading entries easier. Requires: glibc.

log_analysis: linux.umbc.edu/~mabzug1/log_analysis.html

The name of this package is a bit of a misnomer. Yes, it does do some log file correlations, but it also shows other things, like currently logged in users (w), filesystem status (df -k), last dump (/etc/dumpdates), the logs. I would say it's more of a system analysis. This won't replace other log file tools that search for anomalies but will give an “executive overview” of a system. Requires: Perl.

fwlogwatch: www.kyb.uni-stuttgart.de/boris/software.shtml

If you're running ipchains, netfilter or a Cisco firewall, this utility can grep your logs and display statistics regarding the traffic passing through (or even just to) your system. You must generate the iptables/ipchains rules for logging (-j LOG in iptables) whatever you want fwlogwatch to look for. If you enable netfilter debugging, it's like logging every single packet you see. So I don't recommend that just because of the sheer volume of logging, but it will definitely show you what your system is seeing. Requires: glibc.

MasarLabs System Monitor: www.masarlabs.com/msysm.html

This is another graphical utility used to show various settings and loadings on your system. It is highly configurable and modular, with modules that show apm, clock, CPU, disk status, mail, memory, network status, serial status, swap, network IP, PCMCIA and ppptime. Mix and match in any order you want, in one row across, one row down or in various rows across. Want to just “fill a hole”? Select the empty module. My only complaint is the inability to resize the graphics, which look fine on a screen up to 1024 x 768 but is too small on a screen of 1600 x 1200. Requires: libX11, libXpm, libdl, glibc.

Automated Password Generator and tkapg: http://www.adel.nursat.kz/

This password generator can be configured to produce pronounceable passwords as well as totally random “white noise” passwords. apg can further check these passwords against a dictionary file. This utility comes as a standard program as well as a dæmon that can be run by inetd to service requests on the network (this may not be a good idea unless all network traffic is encrypted). The author also provides separately a tk utility to access and display generated passwords. These two programs make short work of excuses for bad passwords. Requires: glibc; tkapg also requires Tcl/Tk.

pppstatus: http://pppstatus.sourceforge.net/

This utility, designed to be run in a video terminal (VT), shows the status of your PPP connection. All statistics are shown, including IP address and a graphical display of throughput. It's perfect if you have a system that acts as a firewall/dial-up. Its one drawback is it doesn't have an option to lock the screen when invoked so you can leave it up while unattended. Requires: libncurses, glibc.

Text WINdows Manager: http://linuz.sns.it/~max/twin/

Any of you remember the old DOS (DR-DOS or MS-DOS) programs like the Norton Window utility (the name slips my mind) that gave you a window in DOS? How would you like a trip down memory lane? Well TWIN can provide you that trip. It can also provide you with an extremely lightweight term window (or multiple term windows) on one VT. Nice thing is, it also works in X if you're so inclined. I think my laptop just became a non-X piece of hardware. Requires: glibc.

OpenRealty: http://jonroig.com/freecode/openrealty/

If you are a realtor, or know any realtors, then this software will be of interest. It claims to be simple enough for a realtor to set up, and I imagine that means techn-eaderthal realtors. Well, that may be a slight exaggeration but not much of one. It will require that someone make adjustments to the index.php page, but, beyond that, this is the simplest package to administer I've seen in a while. I wish realtors had something like this set up the last time I was looking for a house in the States. If you're not in the US, you might need to make some adjustments (including translations), but it would be a trivial undertaking. Requires: web server with MySQL and PHP4, web browser.

Until next month.

David A. Bandel (dbandel@pananix.com) is a Linux/UNIX consultant currently living in the Republic of Panama. He is coauthor of Que Special Edition: Using Caldera OpenLinux.

______________________

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix