B.6. Utilities
A number of additional utilities
provide services you'll find useful when you build and maintain
your firewall.
B.6.3. chrootuid
ftp://coast.cs.purdue.edu/pub/tools/unix/chrootuid
chrootuid, from Wietse Venema, makes it easy to
run a network service at a low-privilege level and with restricted
filesystem access. The program can be used to run Gopher, HTTP, WAIS,
and other network daemons in a minimal environment: the daemons have
access only to their own directory tree and run under a
low-privileged
userid. The arrangement greatly
reduces the impact of possible security problems in daemon software.
B.6.4. inzider
http://ntsecurity.nu/toolbox/
inzider, written by Arne Vidstrom, is a Windows
NT tool that shows what processes are listening on what ports. It is
a useful tool for understanding what network services are doing on a
Windows NT machine.
B.6.5. MRTG
http://ee-staff.ethz.ch/~oetiker/webtools/mrtg/mrtg.html
The Multi Router Traffic Grapher (MRTG) is a tool that generates web
pages with graphs of data about your network. Originally, it was
designed to show data from routers, gathered with SNMP, but it is
easy to use it to show any data that can be gathered via SNMP, and
only slightly harder to adapt it for other ways of getting numeric
values. It provides historical data (that is, it shows values over
time), but it updates the web pages in real time, as information
comes in. These graphs are very useful for recognizing patterns and
trends in network usage.
B.6.6. NOCOL
http://www.netplex-tech.com/software/nocol/
NOCOL is a system and network monitoring system that runs on Unix
systems and can poll many kinds of devices, using a variety of
methods. It can watch
syslog, use SNMP, and test
machines with ICMP, for instance. Additional monitors can easily be
added; there are C and
perl APIs to help you
write them.
B.6.7. NetCat
http://www.l0pht.com/~weld/netcat/
NetCat is a utility, available for Unix and Windows NT, that allows
you to read and write data using arbitrary TCP and UDP ports. It is
invaluable in debugging and in otherwise investigating network
services.
B.6.8. NetSaint
http://www.netsaint.org
NetSaint is a network monitoring program that checks the status of
services and notifies you when there are problems with them. It can
use electronic mail or a pager for notification. NetSaint is written
in C and is designed to run under Linux (and most other Unix
variants) as a background process, intermittently running checks on
various services that you specify. The actual service checks are
performed by separate programs that return the status of the checks
to NetSaint. Several CGI programs are included with NetSaint to allow
you to view the current service status, problem history, notification
history, and log file via the Web.
B.6.9. PGP
http://www.pgp.com
PGP, by Phil Zimmerman, is a suite of encryption tools, available for
both Unix and Windows NT, that provides encryption for electronic
mail and suitable file encryption for protecting binaries that you
intend to leave on bastion hosts but don't want intruders to
have access to.
B.6.10. trimlog
ftp://coast.cs.purdue.edu/pub/tools/unix/trimlog
trimlog, by David A. Curry, is a program that
helps you manage log files. It reads a configuration file to
determine which files to trim, how to trim them, how much they should
be trimmed, and so on. The program helps keep your logs from growing
until they consume all available disk space.
B.6.12. tcpdump
ftp://coast.cs.purdue.edu/pub/tools/unix/tcpdump/
tcpdump is a Unix tool for collecting network
traffic. It can be used for network monitoring and debugging and is
the basis for a number of other tools that deal with packet-level
information.
 |  |  |
| B.5. Daemons |  | C. Cryptography |
