5. Software URL download map and checklist

• Software recommended and used for the TrinityOS doc (roughly in this order). ** NOTE** Put all code in /usr/src/archive/ I personally recommend to putting ALL additional software source code, RPMs, etc in /usr/src/archive. In the "archive" directory, I make subdirectories for the various code like dns, ssh, sendmail, etc. This IS your box though so put things ANYWHERE you so wish. :)

5.1 Master site for all Internet RFCs:

• http://www.cis.ohio-state.edu/rfc/

5.2 The Master IANA site

• For all Internet port numbers, protocol numbers, etc. A VERY recommended place to go, download them ALL, and put them in /etc/iana.
  • http://www.isi.edu/in-notes/iana/assignments

5.3 Master site for all known Internet Trojan ports

• http://www.simovits.com/sve/nyhetsarkiv/1999/nyheter9902.html

5.4 Distribution Sites and Update MIRRORS:

Any Service Packs, security patches, etc. for your installed Slackware or Redhat distribution(s)

Mandrake Updates:

• Master URL: ftp://ftp.linux-mandrake.com/pub/updates

Redhat Updates:

• Master MIRROR URL: http://www.redhat.com/mirrors.html

• Often Busy: ftp://ftp.redhat.com/pub/redhat/updates/

• Fast: ftp://ftp.codemeta.com/pub/mirrors/redhat/updates/;

• 5.2 only: ftp://ftp.infomagic.com/pub/mirrors/linux/RedHatUpdates/

5.5 Newest stable kernel

ftp://ftp.kernel.org or ftp://ftp.freesoftware.com/pub/linux/sunsite/kernel/

2.0.x

• 2.0.39 is stable
  • Any lower version have a DoS attack against the TCP/IP stack

2.2.x

• 2.2.18 is stable
  • ALL versions less than 2.2.16 have a TCP exploit that when combined with tools such as Sendmail, will leed to a root compromise. In addition to this, all kernels below 2.2.12 have a IP fragmentation bug. This will make ALL strong IPCHAINS rule sets vulnerable! I also understand that 2.2.11 has a memory leak issue. Sounds like 2.2.16+ is the only version to go with right now.

5.6 IP NAT, MASQ, Load Balancing, and High Availability tools

• There are several implementations but here are the common ones:
  • A Good Master Reference to the various NAT implimentations for multiple Operating Systems
    • http://www.uq.net.au/~zzdmacka/the-nat-page/

  • Main Linux NAT, Load Balancing, and High Availability reference site:
    • http://www.linas.org/linux/load.html

  • Newer NAT implementations:
    • IPROUTE2: The primary true Many:Many NAT implimentation for 2.2.x kernels - ftp://ftp.inr.ac.ru/
      • Mirror: ftp://ftp.tux.org/people/alexey-kuznetsov/ip-routing/
      • Documentation #1: ftp://post.tepkom.ru/pub/vol2/Linux/docs/
      • Documentation #2: http://www.compendium.com.ar/policy-routing.txt
      • Advanced Routing HOWTO: This doc covers IPROUTE2, Policy-based routing (source IP), GRE tunnels, Multicast, Queueing, etc, and more - http://www.linuxdoc.org/HOWTO/Adv-Routing-HOWTO.html

    • An older NAT implimentation available here: http://proxy.iinchina.net/~wensong/ipnat/

  • Excellent tutorials on Linux NAT and the home of one of the first implementations:
    • http://www.csn.tu-chemnitz.de/HyperNews/get/linux-ip-nat.html or
    • http://www.suse.de/~mha/HyperNews/get/linux-ip-nat.html

MASQ E-mail list : By far the BEST way to get MASQ-help (very helpful!!)

• Send mail to mailto:masq-request@tiffany.indyramp.com

Linux IP Masq

2.4.x kernels

• NetFilter now provides for both 1:Many Masq-like NAT and true 1:1 NAT:
  • http://netfilter.kernelnotes.org/unreliable-guides/index.html

2.2.x kernels

• NOTE: ALL versions less than 2.2.16 have a IP fragmentation bug (among other things). This will make ALL strong IPCHAINS rule sets vulnerable! Upgrade NOW!
  • IPCHAINS Main site:
    • http://netfilter.kernelnotes.org/ipchains/

  IPMASQADM port forward patches:

  • http://juanjox.kernelnotes.org/ or
  • ftp://ftp.compsoc.net/users/steve/ipportfw/linux21/

  The beginnings of Stateful Inspection for Linux:

  • 2.0.x kernels
    • http://www.ifi.unizh.ch/ikm/SINUS/firewall.html

  • 2.1.x / 2.2.x kernels
    • ftp://ftp.interlinx.bc.ca/pub/spf

  ICQ module v0.56 for 2.2.x kernels

  • http://members.tripod.com/~djsf/masq-icq/

2.0.x kernels

• IPFWADM (source must download regardless if installed with Redhat)
  • Slackware:
    • ftp://ftp.xos.nl/pub/linux/ipfwadm/ipfwadm-2.3.0.tar.gz
  • Redhat:
    • ftp://ftp.xos.nl/pub/linux/ipfwadm/ipfwadm-2.3.0-1.src.rpm

• IPFWADM patches (if required for pre-2.0.30 kernels) at:
  • http://ipmasq.cjb.net/ipfwadm-2.3.0-generic-timeout.patch.gz

• IPCHAINS support for the 2.0.3x kernels
  • http://aemiaif.lip6.fr/willy/pub/linux-patches/ipnat/
  • http://www-miaif.lip6.fr/willy/pub/linux-patches/

• IPPORTFW Port forwarding for 2.0.x kernels
  • Homepage:
    • http://www.ox.compsoc.org.uk/~steve/portforwarding.html
  • Patches:
    • ftp://ftp.ox.compsoc.org.uk/pub/users/steve/ipsubs/sub-patch-1.37.gz
• IP Masq specific protocol patches:
  • ICQ module v0.52 for 2.0.x kernels
    • The master list: http://www.e-infomax.com/ipmasq/appsup.html
    • http://members.tripod.com/~djsf/masq-icq/

• Interpreting Firewall hits:
  • This is a great URL in addition to the content in Section 10 on how to interpret your firewall logs and what all the information means:
    • http://www.robertgraham.com/pubs/firewall-seen.html

5.7 PPP - v2.3.11 (not needed for most cable modem users)

Primary site: ftp://cs.anu.edu.au/pub/software/ppp/

Backup site (has older versions): ftp://ftp.freesoftware.com/pub/linux/sunsite/system/network/serial/ppp/

5.8 ML/PPP

Strong Implimentation: http://mp.mansol.net.au/mp/

Lots of data, little code: ftp://ftp.east.telecom.kz/pub/src/networking/ppp/multilink

Another implementation (runs on 2.2.x+ and he is looking for testers) http://linux-mp.terz.de

Dead link? http://mp.ins-coin.de

5.9 PPPoE (PPP over Ethernet) : Needed for some DSL and Cablemodem users

Very popular user-space client : Primary Site: http://www.roaringpenguin.com/pppoe.html

Kernel-Space client known for somewhat better performance: http://www.davin.ottawa.on.ca/pppoe/

Some other informational URLs as well:

http://www.suse.de/~bk/PPPoE-project.html

http://www.sympaticousers.org/faq.htm

5.10 PPTP VPNs to Microsoft (NOT Recommended; use IPSEC)

Primary Site: ftp://ftp.rubyriver.com/pub/jhardin/masquerade/ip_masq_vpn.html

To enable PPTP VPN encryption: http://www.moretonbay.com/PPTP/

5.11 Diald v0.99.4 (not needed for cable modem users)

Diald is now maintained by a new author and site:

http://diald.sourceforge.net

RPMS: http://juanjox.kernelnotes.org

Download the original Diald and Diald patches (Diald v0.16.5)

http://www.loonie.net/~eschenk/diald.html

5.12 NAMED current: 8.2.3 and 9.1.0

Sources: ftp://ftp.isc.org/isc/bind/src/

RPMs: Finding new RPMs for the newest versions of Bind isn't very easy. Once place you might have luck is the CONTRIB area of sites like Redhat and Mandrake. Those RPMs seem to work fine but some people do NOT trust someone else's compiled code, so, it's your choice.

ftp://rawhide.redhat.com/

You can also find a chroot-ed version of bind here:

ftp://ftp.fi.muni.cz/pub/users/kas/bind-chroot/

Announcement list:

Send email to bind-announce-request@isc.org with "subscribe" in the subject field.

5.13 Vlock (stock in Redhat if installed)

ftp://ftp.freesoftware.com/pub/linux/sunsite/utils/console/vlock-1.0.tar.gz

5.14 Network Sniffers

- TCPDUMP (stock in Redhat if installed) - Excellent network packet sniffer

ftp://ftp.freesoftware.com/pub/linux/sunsite/system/network/management/ or ftp://ftp.ee.lbl.gov/tcpdump.tar.Z

- IPtraf - Excellent high level network protocol watcher

- Current 2.1.0

ftp://ftp.cebu.mozcom.com/pub/linux/net

- EtherReal - An excellent GUI decoder

http://ethereal.zing.org/

5.15 Sendmail current: v8.11.2

ftp://ftp.sendmail.org/pub/sendmail/

RPMs: The newest Sendmail is NOT available in RPM form from sendmail.org but it IS in Redhat's CONTRIB area. It seems to work fine but some people do NOT trust someone else's compiled code, so, it's your choice.

ftp://ftp.infomagic.com/pub/mirrors/linux/RedHatContrib/libc6/i386

Announcement list:

Send an email to majordomo@Lists.Sendmail.ORG with the text "subscribe sendmail-announce" in the body of the message.

5.16 POPAuth

I have taken over ownership of these documents but haven't had a chance to post them yet. If you would like to get a copy of them, please email me

For allowing remote POP-3 clients to be able to use the SMTP server to send email.

5.17 Virtual Email domains

To support multple email domains w/ Sendmail, Qmail, etc check out:

http://www.linuxdoc.org/HOWTO/Virtual-Services-HOWTO.html

5.18 DHCP Server

RFC Info: http://www.dhcp.org/rfc2131.html

http://www.dhcp.org/rfc2132.html

Legacy Info: http://www.cis.ohio-state.edu/rfc/rfc1542.txt

Download: http://www.isc.org/dhcp.html

5.19 WU-FTP v2.6.1

FTP: ftp://ftp.wu-ftpd.org/pub/wu-ftpd/

FAQ: http://www.cetis.hvu.nl/~koos/wu-ftpd-faq.html

5.20 DHCP Client

DHCP HOWTO: http://metalab.unc.edu/pub/Linux/docs/HOWTO/mini/DHCPcd

DHCPcd client: http://www.phystech.com/download/dhcpcd.html

Other DHCP info:

http://www.linux-firewall-tools.com/linux/firewall/index.html

A HOWTO specific to the RoadRunner Cablemodem setup, but it's still a good site: http://www.vortech.net/rrlinux/

5.21 NetWatch

ftp://ftp.digital.com/pub/linux/redhat/powertools-5.0/i386/

5.22 Getdate (NTP) - v1.2 (Was SETTIME)

ftp://metalab.unc.edu/pub/Linux/system/network/misc/getdate_rfc868-1.2.tar.gz

5.23 Tape Back up:

- BRU (it's not free but it's the best Linux backup software out there IMHO. This is one place you just CAN'T skimp!) Recommended!

http://www.estinc.com

5.24 Netscape (stock in Redhat if installed)

Be sure to get the 128bit version if possible ftp://ftp.netscape.com

5.25 SSH current: ssh-1.2.31 and ssh-2.4.0

Traditional SSH client/server: http://ftp.ssh.com/pub/ssh/

New OpenSSH client/server with relaxed v2.x licensing http://www.openssh.com/

Additional UNIX SSH tunneling URLs:

http://www.ccs.neu.edu/groups/systems/howto/howto-sshtunnel.html

5.26 Raidtools

Good info on Linux RAID: http://linas.org/linux/raid.html

The drivers: http://luthien.nuclecu.unam.mx/~miguel/raid

5.27 Samba (stock in Redhat if installed)

(this version fixes an exploit on BugTraq)

http://www.samba.org

Also, they have great docs at http://samba.anu.edu.au/

5.28 PCMCIA Services

http://pcmcia-cs.sourceforge.org/

5.29 APCUPSD UPS server

Official APC Powerchute for Linux - v4.5.2 - Free closed-source daemon with excellent Xwindows support: http://www.apcc.com/tools/download/sw_kit.cfm?sku=sdw31

Original and quite nice APCUPSd open-source daemon - v3.6.2: http://www.brisse.dk/site/apcupsd/

5.30 Apache WWW server

Standard Apache: http://www.apache.org or ftp://ftp.redhat.com/pub/contrib/i386/apache-1.2.6-5.i386.rpm

SSL-encrypted Apache:

http://www.apache-ssl.com/

5.31 File Integrity testing/Monitoring

TripWire:

Tripwire has gone OpenSource for LINUX! Woohoo! Though it isn't available quite yet, it will be there soon:

http://www.tripwire.org

Also, as of v2.2.1, Tripwire now runs on Glibc.

http://www.tripwiresecurity.com/products/Tripwire_ASR20.cfml

You can also get the older versions here:

ftp://coast.cs.purdue.edu/pub/COAST/Tripwire

Aide:

AIDE is a GNU version of Tripwire

ftp://ftp.cs.tut.fi/pub/src/gnu/aide-0.4.tar.gz

ViperDB:

ViperDB is another GNU version of Tripwire

http://www.resentment.org/projects/viperdb/index.html

5.32 RPM update tools:

AutoRPM current version: 1.9.8.1

http://www.kaybee.org/~kirk/html/linux.html

The Perl module "Libbet"

http://cpan.valueclick.com/modules/by-module/Net/

RPM Watch current version: 1.1

(does not work for Redhat 5.2+) [Will be phased out] ftp://ftp.iaehv.nl/pub/users/grimaldo/rpmwatch-1.1-1.noarch.rpm

RPMLevel (from the author of RPMWatch)

http://coralys.com/products/

5.33 Mkisofs

ftp://ftp.fokus.gmd.de/pub/unix/cdrecord/mkisofs/

5.34 Compression tools

BZip2 : http://sourceware.cygnus.com/bzip2/index.html

5.35 Bash HOWTO

http://www.linuxdoc.org/HOWTO/Bash-Prompt-HOWTO.html Also see Section 42 in TrinityOS

5.36 Dial-In Server HOWTO

http://www.swcp.com/~jgentry

5.37 SWAN / IPSEC VPN

Project home page:

http://www.xs4all.nl/~freeswan or http://www.flora.org/freeswan/

SWAN email list:

http://www.xs4all.nl/~freeswan

Overview http://www.cygnus.com/~gnu/swan.html

Download the IPSec code from:

Broken? ftp://ftp.xs4all.nl/pub/crypto/freeswan

Works ? http://ftp.xs4all.nl/pub/crypto/freeswan

or

http://www.flora.org/freeswan/download

Other Mini-HOWTOs:

https://www.seifried.org/articles/ipsec/

5.38 PGP Email Encryption

• PGP: http://web.mit.edu/network/pgp.html

5.39 IP logger

ftp://ftp.tu-graz.ac.at/pub/linux/redhat-contrib/SRPMS/iplogger-0.1-1.src.rpm

5.40 Hardware Performance Tuning:

- IRQTune ftp://shell5.ba.best.com/pub/cae/irqtune.tgz

- HDparm ftp://sunsite.unc.edu/pub/Linux/kernel/patches/diskdrives

5.41 Security Documentation, Tools, and Resources

Various Security Mailing lists and documentation

• http://www.shmoo.com

The Linux Security HOWTO

• http://www.linuxdoc.org/HOWTO/Security-HOWTO.html

Logging tools:

• CheckLogs:
  • http://www.iae.nl/users/grimaldo/chklogs.shtml

• Swatch:
  • ftp://ftp.stanford.edu/general/security-tools/swatch

• Psionic LogCheck:
  • http://www.psionic.com/abaus/logcheck

• LogSurfer: (like Swatch but with state checking!)
  • http://www.cert.dfn.de/eng/logsurf/home.html

- Nmap:

http://www.insecure.org/nmap/

- Nessus:

http://www.nessus.org/

- COPS (old)

ftp://ftp.freesoftware.com/pub/linux/sunsite/system/security/cops_104.tgz

- Saint (new version of Satan)

http://www.wwdsi.com/saint/

- SATAN (Old)

Newer: ftp://ftp.porcupine.org/pub/security/index.html

Older ftp://ftp.win.tue.nl/pub/security/satan.tar.Z

- Solar buffer-overflow fixer

ftp://ftp.huwig.de/pub/linux/mama/2.0/stack_noexec-symlink-security-fix.bz2

- Kurt Seifried's Linux Administrators Security Guide (LASG)

https://www.seifried.org/lasg/

- Ofir Arkin's paper on ICMP protocol fingerprinting

http://www.sys-security.com/archive/papers/ICMP_Scanning_v2.0.pdf

- Other URLs:

Test Exploits: http://www-miaif.lip6.fr/willy/security/

Test Exploits: http://www.rootshell.org

Test Exploits: http://www.l0pht.com

Test Exploits: http://www.geek-girl.com

Security Alerts: Subscribe to BugTraq at mailto://LISTSERV@NETSPACE.ORG

More Security:

http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html#security

http://www.ecst.csuchico.edu/~jtmurphy/

- Abacus Security Initiative

Includes host_sentry, port_sentry and logchecker.

http://www.psionic.com/abacus

- Intrusion Detection Systems (IDS) Tools SHADOW (SANS)

SHADOW (SANS): http://www.nswc.navy.mil/ISSEC/CID/step.htm

Snort: http://www.snort.com

- Network Flight Recorder

Setup HOWTO: http://www.nswc.navy.mil/ISSEC/CID/nfr.htm

NFR software: http://www.nfr.net/download/

NFR ID Attack ID Packages: http://www.nswc.navy.mil/ISSEC/CID/nfr_id.tar.gz http://www.l0pht.com/NFR/

5.42 WWW proxy (Apache or Squid)

5.43 WWW Ad banner filtering

http://www-math.uni-paderborn.de/~axel/NoShit/index.html

patch: http://www.america.com/~chrisf/web/NoShit/WebFilter_0.5.patch.gz

Example filter: http://www.america.com/~chrisf/web/NoShit/library.txt

5.44 Zip drive

http://www.torque.net/~campbell

5.45 Linux Applications:

http://www.xnet.com/~blatura/linapps.shtml

5.46 Linux Games:

X-Shipwars: http://fox.mit.edu/xsw/

5.47 Linux Real Time messengers:

http://www.portup.com/~gyandl/