Security Software

Below is a list of programs used to improve security of computers running a Unix operating system. (A good number of these programs also have non-Unix versions.)

This site does not list commercial products. We do link to others that list commercial products. If you are a vendor looking to have your product listed, please contact those other sites.

Abacus Sentry

Detects the use of a port scanner in real-time.
Availability and Additional Info: Abacus Sentry

AIDE

AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire. It does the same things as the semi-free Tripwire and more.
Availability and Additional Info: AIDE

Anonftpd

anonftpd is a read-only anonymous FTP server.
Availability: anonymous ftp at koobera.math.uic.edu
Additional Info: anonftd

Argus

Argus is a powerful tool for monitoring IP networks. It provides tools for sophisticated analysis of network activity that can be used to verify the efforcement of network security policies, network performance analysis and more.
Availability: anonymous ftp at ftp.andrew.cmu.edu

Arpwatch

An ethernet monitor program that keeps tracks of ethernet/IP address pairings.
Availability: anonymous ftp at ftp.ee.lbl.gov

COPS (Computer Oracle and Password System)

Identifies security risks on a Unix system. It checks for empty passwords in /etc/passwd, world-writable files, misconfigure anonymous ftp and many others.
Availability: anonymous ftp at ftp.cerias.purdue.edu

Courtney

It is a program that tries identifies the use of SATAN on a subnet. The program tcpdump will also be needed in order to run Courtney. See below for information above tcpdump.
Availability: anonymous ftp at ciac.llnl.gov
Additional Info: CIAC Notes 08

Crack lib

Checks plaintext words against through generated by Crack.
Availability: anonymous ftp at ftp.cerias.purdue.edu

Deslogin

Provides a more secure method for remote login than telnet or rlogin in untrusted networks. Deslogin encrypts the connection using DES.
Availability: anonymous ftp at ftp.uu.net

Dig

Dig is a network utility which queries Domain Name Servers similar to nslookup but it's more reflexible.
Availability: anonymous ftp at venera.isi.edu

Drawbridge

Powerful bridging filter package.
Availability: anonymous ftp at net.tamu.edu

Fcheck

It is an open source PERL script providing intrusion detection and policy enforcement of Windows 95/98/NT/3.x and Unix server administration through the use of comparative system snapshots.
Additional Info: anonymous ftp at The Fcheck Homepage

Fping

An efficient way to test whether a large number of hosts are up.
Availability: anonymous ftp at ftp.stanford.edu

Icmpinfo

It displays unusual ICMP messages received by a host and this can be used to detect suspicious network activity.
Availability: anonymous ftp at hplyot.obspm.fr
Additional Info: icmpinfo man page

Iss

Checks hosts within a specified range of IP address for various security vulnerabilities in sendmail, anonymous FTP setup, NFS and many more.
Availability: anonymous ftp at ftp.cerias.purdue.edu
Additional Info: CERT Advisory 93:14.Internet.Security.Scanner

IPACL

Filters incoming and outgoing TCP and UDP in a SVR4/386 kernel.
Availability: anonymous ftp at ftp.porcupine.org

Jetmon

Java based client-server link monitoring tool fo rNOC operations.
Availability and Additional Info: Home of Jetmon

Kerberos

Kerberos is an authentication system used to protect unsecurity networks. (Export restricted)
Availability: WWW at web.mit.edu
Additional Info: Kerberos: The Network Authentication Protocol

Klaxon

It is a daemon that is used to identify the use of port scanners like ISS and SATAN.
Availability: anonymous ftp at ftp.eng.auburn.edu

L6

Provides a flexible and intelligent interface for periodic integrity checks of data using Perl
Availability: anonymous ftp at L6
Additional Info: L6

Lcrzo

Network library that allows easy creation of network programs.
Availability and Additional Info: Lcrzo Network library

Lcrzoex

Contains over 200 functionalities using the Lcrzo network library.
Availability and Additional Info: Lcrzoex Network test toolbox

Logdaemon

Replacement for system ftp, rlogin, rexec, rsh daemons and login program that have added security features such as login in failures and S/Key one-time password support.
Availability: anonymous ftp at ftp.porcupine.org
Additional Info: Wietse's tools and papers

Logsurfer

Analyzes any text-based log files "on-the-fly" using contexts and executes a corresponding action.
Availability: anonymous ftp at ftp.cert.dfn.de
Additional Info: Lo gsurfer Homepage

Lsof

Displays all open files on a UNIX system.
Availability: anonymous ftp at vic.cc.purdue.edu

Mangle

It is a utility that either checks existing passwords for weakness or forces users to choose good passwords.
Availability: anonymous ftp at ftp.informatik.uni-erlangen.de
Additional Info: Readme file for Mangle

Mason

Mason is a tool that interactively builds a firewall using Linux' ipfwadm or ipchains firewalling. You leave mason running on the firewall machine while you are making all the kinds of connections that you want the firewall to support (and want it to block). Mason gives you a list of firewall rules that exactly allow and block those connections.
Availability: http at Mason

Merlin

Merlin is an interface to five popular security package to make it easier to analyze and manage the data.
Availability: anonymous ftp at ciac.llnl.gov
Additional Info: Merlin Information

MD5

MD5 is a hash function using to the authenticity of a file.
Availability: anonymous ftp at rsa.com
Additional Info: RFC 1544, www.rsa.com

MIME Object Security Services (MOSS)

It is an extension of Multi-purpose Internet Mail Extensions (MIME) that provides authentication, integrity, and confidentiality of an email message. (export restricted)
Availability: anonymous ftp at ftp.tis.com
Additional Info: MOSS FAQ

The Nessus Project

The "Nessus" Project aims to provide to the internet community a free, powerful, up-to-date and easy to use remote security scanner.
Additional Info: The Nessus Project

Netlog

Network logging and monitoring of all TCP and UDP connections on a subnet. Netlog also includes tools to analyzing the output.
Availability: anonymous ftp at net.tamu.edu

Network Security Scanner (NSS)

NSS is a perl that scans one host on subnet or an entire subnet for various simple security problems.
Availability: anonymous ftp at jhunix.hcf.jhu.edu

NFSWatch

NFSWatch monitors NFS requests and measures response time for each RPC.
Availability: anonymous ftp at ftp.cerias.purdue.edu

Nmap

Utility for stealthily port scanning large networks. See Syn for tracking these types of scans.
Additional Info: Information and download for UNIX Nmap
NT Download

Npasswd

It is a replacement for the system passwd command that does not accept poor passwords.
Availability: anonymous ftp at ftp.cc.utexas.edu
Additional Info: Information about npasswd

OPIE

This software provides the ability to generate and use one time passwords. Related tools are also available for Windows, DOS and Mac.
Availability: anonymous ftp at ftp.nrl.navy.mil

Osh

Osh is a restricted C shell that allows the administrator to control access to files and directories and to provide logging.
Availability: anonymous ftp at ftp.c3.lanl.gov
Additional Info: The Operator Shell

Passwd+

Passwd+ is a proactive password checker which replaces the system passwd command. It enforces the selection of good passwords.
Availability: anonymous ftp at ftp.dartmouth.edu

PGP

Pretty Good Privacy (PGP) protects documents such as email from unauthorized reading using public key encryption. (Some versions are export restricted)
Availability: USA and Canada--anonymous ftp at www.eff.org or via web form
Availability: International-- anonymous ftp at ftp.ifi.uio.no
Additional Info: Cryptography, PGP, and Your Privacy

Pidentd

Identd tries to identify the remote user name of a TCP/IP connection. Identd is an implementation of RFC 1413.
Availability: anonymous ftp at ftp.lysator.liu.se
or ftp.csc.ncsu.edu Additional Info: RFC 1413

PingLogger

PingLogger detects and logs ICMP ECHO REQUESTS.
Availability: world wide web at www.students.uiuc.edu

Portmapper

It is a modified version of portmapper that reduces the vulnerabilities and disallows proxy access.
Availability: anonymous ftp at ftp.porcupine.org

RIPEM

Riordan's Internet Privacy Enhanced Mail (RIPEM) improves the security of email by verifying the authenticity of the message sender among other things. ( Export restricted)
Availability: anonymous ftp at ripem.msu.edu
Additional Info: Information about RIPEM

Rpcbind

A modified version of rpcbind (System V.4 portmapper) that prevents intruders from bypassing NFS export restrictions.
Availability: anonymous ftp at porcupine.org

Rscan

Rscan is a extensible network scanner that checks for common network problems and SGI specific vulnerabilities.
Availability: anonymous ftp at ftp.vis.colostate.edu
Additional Info: Rscan: Heterogeneous Network Interrogation

SAINT

SAINT is the Security Administrator's Integrated Network Tool. In its simplest mode, it gathers as much information about remote hosts and networks as possible by examining such network services as finger, NFS, NIS, ftp and tftp, rexd, statd, and other services.
Availability: anonymous ftp at ftp.cerias.purdue.edu.

SARA

SARA, Security Auditor's Research Assitant, is a third generation security analysis tool that is based on the SATAN model, covered by the GNU GPL-like open license, fosters a collaberative environment and is updated periodically to address hte latest security threats.
Availability and additional info: SARA

SATAN

SATAN is a program that gathers network information such the type of machines and services available on these machine as well as potential security flaws.
Availability: anonymous ftp at ftp.cerias.purdue.edu. Also see wzv.win.tue.nl for a list of mirror sites.
Additional Info: Cert Advisory CA-95:06.satan

Scan-Detector

Scan-detector determines when an automated scan of UDP/TCP ports is being done on a host running this program. Logs to either syslog or strerr.
Availability: anonymous ftp at ftp.cerias.purdue.edu
Additional Info: COAST Projects' Tools

Sendmail

A replacement for the system sendmail. This version includes all of the latest patches.
Availability: anonymous ftp at ftp.cs.berkeley.edu

Sendmail Wrapper

The sendmail wrapper provides limited protection against local sendmail attacks.
Availability: anonymous ftp at ftp.auscert.org.au

SENSS

A flexible, Java-based security tool that enables organizations to audit and secure their systems and networks in a modern, heterogeneous, corporate intranet. Availability and more info: Sun Enterprise Network Security Service

Shadow

This package including everything that is necessary to use shadow password file.
Availability: anonymous ftp at ftp.cs.widener.edu

Simple Socksd

It is another implementation of Version 4 SOCKS protocol that is fast, easy to compile and simple to configure.
Availability: http at Simple SOCKS Daemon
Additional Info: Simple SOCKS Daemon

SKey

S/Key generated one time passwords to gain authenticated access to computer hosts.
Availability: anonymous ftp at thumper.bellcore.com or ftp.cerias.purdue.edu

Simple Key-Management For Internet Protocols (SKIP)

SKIP adds privacy and authentication at the network level.
Availability: USA and Canada--via web form
Availability: International--anonymous ftp at ftp.elvis.ru
Additional Info: SKIP Information and SKIP in Russia

Siphon

A protable passive network mapping suite. Maps TCP ports and operating systemidentification.
Availability and more info: The Siphon Project

Smrsh

Smrsh is a restricted shell for sendmail to limit the number of programs that can be executed by sendmail.
Availability: anonymous ftp at ftp.nec.com

Socks

Socks is a package which allows various Internet service such as gopher, ftp and telnet to be used through a Firewall.
Availability: anonymous ftp at ftp.nec.com
Additional Info: Welcome to SOCKS

SSH

SSH (Secure Shell) is an enhance versions of rlogin, rsh and rcp that provides RSA authentication and encryption of communications as well as many other security improvements. This program has export restrictions for US, France, Russia and possibly other countries!
Availability: anonymous ftp at ftp.cs.hut.fi
Additional Info: Ssh (Secure Shell) Home Page or Ssh FAQ

STEL

STEL is a system replacement for telnet which provides strong mutual authentication and encryption.
Availability: anonymous ftp at idea.sec.dsi.unimi.it

Strobe

Strobe displays all active listening TCP port on remote hosts. It uses an algorithm which efficiently uses network bandwidth.
Availability: anonymous ftp at suburbia.apana.org or minnie.cs.adfa.oz.au

Sudo

Sudo allows a system administrator to give limited root privileges to user and log their activities. This version of Sudo is also known as CU-sudo.
Availability: anonymous ftp at ftp.cs.colorado.edu
Additional Info: Sudo - a utility to allow restricted root access

Swatch

Swatch is a package used to monitor and filter log files and executes a specified action depending of pattern in the log.
Availability: anonymous ftp at ftp.stanford.edu

Syn

Perl utility for tracking stealth port scanning
Availability: anonymous ftp at Syn
Additional Info: Syn

TCP Wrapper

Allows a Unix System Administrator to control access to various network services through the use of access control list. It also provide logging information of wrapped network services which may be used to prevent or monitor of network attacks.
Availability: anonymous ftp at ftp.porcupine.org
Additional Info: TCP Wrapper

Tcpdump

It captures and dumps protocol packets to monitor or debug a network.
Availability: anonymous ftp at ftp.ee.lbl.gov

Tcpr

Tcpr is a set of perl scripts that forwards ftp and telnet commands across a firewall.
Availability: anonymous ftp at ftp.alantec.com

Tiger

Checks for known security vulnerabilities of Unix workstations. It is similar to Cops with many extensions.
Availability: anonymous ftp at net.tamu.edu

TIS Firewall Toolkit

Firewall Toolkit is a software package to build and maintain a system which is used to protect a network from unwanted network activities.
Availability: anonymous ftp at ftp.tis.com
Additional Info: TIS Firewall Toolkit Overview

Traceroute

Traceroute traces the route IP packets take from the current system to a destination system.
Availability: anonymous ftp at ftp.psc.edu

Tripwire

Monitor for changes in system binaries.
Availability: anonymous ftp at ftp.cerias.purdue.edu
Additional Info: Tripwire

TTY-Watcher

TTY-Watcher monitors, logs and interacts with all of the tty on a system. Availability: anonymous ftp at ftp.cerias.purdue.edu
Additional Info: TTY-Watcher

Wu-ftpd

A replacement ftp server for UNIX systems that many features including extensive logging and a way of limiting number of ftp users.
Availability: anonymous ftp at wuarchive.wustl.edu

Xinetd

It's a replacement for inetd which has extensive logging and access control capabilities for both TCP and UDP services.
Availability: anonymous ftp at qiclab.scn.rain.com

Xp-BETA

It is an application gateway for X11 protocol that uses Socks and/or CERN WWW Proxy.
Availability: anonymous ftp at ftp.mri.co.jp

YPX

It is a utility used to retrieve a NIS map from a host running NIS daemon.
Availability: anonymous ftp at ftp.uu.net or WWW server at mls.saic.com

Disclaimer: There is no implied fitness to the programs listed above. Many if not all of these programs work well but I do not guarantee this to be so. Also READ any license agreement or export restrictions file before downloading the software.