Last Updated on March 11, 2022
This article needs updating/deleting.
Security is paramount. Security involves defense in depth. Approaching security one step at a time, with consistency and rigour, you can mitigate threats, and keep intruders at bay.
Intruders use a variety of different techniques in an attempt to compromise a system. For example, systems can be attacked by denial of service, cracking, intrusion, snooping (intercepting the data of another user), or viruses/worms/Trojan horses. To have a secure box, a system therefore needs a variety of defenses.
The aim of this article is to provide the user with a starting point for improving the security of a Linux machine. Basic system security (e.g. having a regular backup strategy, using hard-to-guess passwords, removing services that you don’t need) is essential administration in protecting your data. But you need a more sophisticated approach to keep intruders out.
We have identified 80 of the best Linux security applications which help to protect the integrity of a system. For each application we have compiled its own portal page, providing a detailed description of the software, its features, with links to other relevant resources.
All of the software featured in this article is free to download, and almost all released under the GNU General Public License.
| Security Applications | |
|---|---|
| AMaViS | Mail virus scanner |
| Avast! | Virus protection, with anti-spyware and anti-rootkit software |
| AVG Free | Anti-virus and Anti-spyware software |
| ClamAV IRC | Anti-virus toolkit for e-mail scanning on mail gateways |
| P3Scan | Scans email messages |
| chkrootkit | Check for signs of a rootkit |
| OSSEC | Rootkit detection |
| Nixory | Anti Spyware program open source for Mozilla Firefox |
| rkhunter | Scans for rootkits, backdoors and possible local exploits |
| GnuPG | Encrypt and sign data and communication |
| MailCrypt | Simple interface to public key cryptography with PGP |
| MCrypt | Developer tool for adding a wide range of encryption functions |
| OpenSignature | Digital signature of documents |
| PeaZip | Portable, open source archiving, encryption and file split tool |
| Seahorse | GNOME application for managing encryption keys |
| Steghide | Hide data in various kinds of image- and audio-files |
| Stunnel | Encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) |
| TrueCrypt | Disk encryption software |
| ClearOS | Dedicated firewall and Internet server/gateway |
| FireHOL | Stateful iptables packet filtering firewall configurator |
| Firestarter | Visual firewall program |
| Netfilter | Packet filtering framework |
| IPCop | Linux firewall distribution |
| ShellTer | Iptables-based firewall |
| Shorewall | High-level tool for configuring Netfilter |
| Untangle | Quality open source alternative to SonicWALL and WatchGuard |
| Turtle Firewall | Firewall configuration project based on Linux 2.4.x/2.6.x and iptables |
| Vuumuur | Powerful firewall manager built on top of iptables |
| AFICK | Monitor the changes on your filesystems |
| BASE | Web front-end to query and analyze the alerts from a SNORT IDS system |
| Bro | Passively monitors network traffic and looks for suspicious activity |
| Kismet | Wireless network detector, sniffer, and intrusion detection system |
| OSSEC | Host-based Intrusion Detection System |
| Sguil | Analyst Console for Network Security Monitoring |
| SNARE | System iNtrusion Analysis and Reporting Environment |
| Snort | Network intrusion prevention and detection |
| Snort_inline | Modified version of Snort |
| Tripwire | Provides configuration audit and control features |
| AIM Sniff | Monitoring and archiving AOL Instant Messenger and MSN messages |
| Argus | Fixed-model Real Time Flow Monitor |
| Nagios | Host and network monitoring tool |
| Nipper | Network Infrastructure Configuration Parser |
| NSAT | Network Security Analysis Tool |
| ntop | Network traffic probe that shows the network usage |
| SEC | Simple Event Correlator |
| SniffDet | Remote Sniffer Detection Tool/Library |
| tcpdump | Network debugging tool |
| dsniff | Collection of tools for network auditing and penetration testing |
| Ettercap | Multipurpose sniffer/interceptor/logger for switched LAN |
| ngrep | Network grep |
| Kismet | Wireless network detector, sniffer, and intrusion detection system |
| Wireshark | Network protocol analyzer |
| Hping3 | TCP/IP packet assembler/analyzer |
| Nemesis | Packet crafting and injection utility |
| Scapy | Interactive packet manipulation program |
| Yersinia | Network tool to take advantage of weaknesses in network protocols |
| Angry IP Scanner | Fast and friendly network scanner |
| Knocker | TCP security port scanner |
| Unicornscan | User-land Distributed TCP/IP stack |
| Nessus | Comprehensive vulnerability scanning software |
| SARA | Third generation security analysis tool that is based on the SATAN model |
| Tiger | Perform a security audit of UNIX systems |
| AWStats | Advanced web, streaming, ftp or mail server statistics, graphically |
| IPtables Log Analyzer | Analyzes the log output from an iptables firewall |
| tcpreplay | Use previously captured traffic in libpcap format to test network devices |
| tcptrace | Analyze TCP dump files |
| The Webalizer | Web server log file analysis |
| Darik's Boot and Nuke | Self-contained boot floppy that securely wipes hard disks |
| Wipe | Secure file wiping utility |
| Figaro's PM | GNOME application that allows password to be securely stored |
| KeePassX | Lightweight and easy-to-use password manager |
| Poptop | PPTP server solution |
| OpenVPN | Full-featured SSL VPN solution |
| SSL Explorer | Fully-featured, web-based SSL VPN server |
| ODESSA | Open Digital Evidence Search and Seizure Architecture |
| Denyhosts | SSH attack prevention |
| iptables | Configure the Netfilter tables, chains, and rules |
| mtr | Network diagnostic tool |
| Netcat | Reads and writes data across network connections |
| Nikto | Web server scanner performing tests against web servers |
| OpenSSH | SSH connectivity tools |
| Smart Sign | Smartcard based digital signature |
 Read our complete collection of recommended free and open source software. Our curated compilation covers all categories of software. The software collection forms part of our series of informative articles for Linux enthusiasts. There are hundreds of in-depth reviews, open source alternatives to proprietary software from large corporations like Google, Microsoft, Apple, Adobe, IBM, Cisco, Oracle, and Autodesk. There are also fun things to try, hardware, free programming books and tutorials, and much more. |