Information on Linux Servers

S

Steveswaldo

Baseband Member
Messages
25
Just a bunch of sites ive collected. maybe sitcky this or something :D


Post 1
Basics, important sites, HOWTO's, handbooks, hardening, tips
Advisories, alerts, bulletins, disclosure, mailinglists, mailing archives, knowledge bases, other sites
Hardening, distro-specific
Log analysis tools, resources
Daemons, device or application specific
More Brainfood, sites, books

Basics, important sites, HOWTO's, handbooks, hardening, tips

Checklists
UNIX Security Checklist v2.0: http://www.cert.org/tech_tips/unix_...ecklist2.0.html
SANS, The Twenty Most Critical Internet Security Vulnerabilities: http://www.sans.org/top20/
SANS SCORE Checklists for W32/Solaris/Cisco IOS/Mac OS/etc etc: http://www.sans.org/score/
SANS http://www.sans.org/infosecFAQ/linux/linux_list.htm
SANS, Reading room: http://rr.sans.org/linux/linux_list.php

Securing
CERT, Security improvements: http://www.cert.org/security-improvement/
CERT, Tech Tips: http://www.cert.org/tech_tips/
Linux Administrator's Security Guide (LASG): http://www.seifried.org/lasg/
Linux Security Administrator's Guide (SAG, old): http://www.tldp.org/LDP/sag/index.html
The Linux Network Administrator's Guide (NAG): http://www.tldp.org/LDP/nag2/index.html
Securing & Optimizing Linux: The Ultimate Solution (PDF): http://www.tldp.org/LDP/solrhe/Secu...lution-v2.0.pdf
Securing Optimizing Linux RH Edition (older): http://www.tldp.org/LDP/solrhe/Secu...v1.3/index.html
Linux Security HOWTO: http://tldp.org/HOWTO/Security-HOWTO/index.html
Linux Security HOWTO: http://www.linuxvoodoo.com/howto/HOWTO/Security-HOWTO/
Linux Security Quick Reference Guide (PDF): http://www.tldp.org/REF/ls_quickref/QuickRefCard.pdf
Security Quick-Start HOWTO for Linux,: http://tldp.org/HOWTO/Security-Quickstart-Redhat-HOWTO/
Security links at Linuxguru's: http://www.linuxguruz.org/z.php?id=914
TLPD Networking security HOWTO's: http://www.tldp.org/HOWTO/HOWTO-IND...tml#NETSECURITY

Compromise, breach of security, detection
Intruder Detection Checklist (CERT): http://www.cert.org/tech_tips/intru..._checklist.html
Detecting and Removing Malicious Code (SF): http://www.securityfocus.com/infocus/1610
Steps for Recovering from a UNIX or NT System Compromise: http://www.cert.org/tech_tips/root_compromise.html
Formatting and Reinstalling after a Security Incident (SF): http://www.securityfocus.com/infocus/1692
How to Report Internet-Related Crime (usdoj.gov CCIPS): http://www.usdoj.gov/criminal/cybercrime/reporting.htm
Related, old(er) articles/docs:
Intruder Discovery/Tracking and Compromise Analysis: http://staff.washington.edu/dittric...ckhat/blackhat/
Intrusion Detection Primer: http://www.linuxsecurity.com/featur...re_story-8.html
Through the Looking Glass: Finding Evidence of Your Cracker (LG): http://www.linuxgazette.com/issue36/kuethe.html
Recognizing and Recovering from Rootkit Attacks: http://www.cs.wright.edu/people/fac...ion/obrien.html
See also post #5 under Forensics docs

Advisories, alerts, bulletins, disclosure, mailinglists, mailing archives, knowledge bases, other sites
Bugtraq (running): http://www.mail-archive.com/bugtraq@securityfocus.com/
or http://msgs.securepoint.com/cgi-bin...aq-current.html
or http://www.der-keiler.de/Mailing-Li...yfocus/bugtraq/
Linuxsecurity: http://www.linuxsecurity.com
Securityfocus: http://www.securityfocus.com
Securiteam: http://www.securiteam.com/
CERT KB: http://www.cert.org/kb/
Securitytracker (Advisories): http://www.securitytracker.com/topics/topics.html

Neohapsis (mailinglists/archives): http://www.neohapsis.com
theaimsgroup (mailinglists/archives): http://marc.theaimsgroup.com/
Der Keiler (mailinglists/archives): http://www.der-keiler.de/
Faqchest (archives, FAQ's): http://www.faqchest.com/

Linux Gazette: http://www.linuxgazette.com
Experts exchange: http://www.experts-exchange.com
The Linux Documentation Project: http://www.tldp.org
Blacksheep (HOWTO's, whitepapers, etc): http://www.blacksheepnetworks.com/security/
IRIA: http://www.ists.dartmouth.edu/IRIA/..._base/index.htm
E-secure-db Security Information database: http://www.e-secure-db.us/dscgi/ds....Collection-1586
eBCVG.com's security portal: http://www.ebcvg.com/info.php
Linuxmag, Hardening Linux Systems: http://www.linux-mag.com/2002-09/guru_01.html
SEI: http://www.sei.cmu.edu/publications/lists.html
Matt's Unix Security Page: http://www.deter.com/unix/
Jay Beale's docs (Bastille-linux/CIS): http://www.bastille-linux.org/jay/s...ticles-jjb.html
The Unix Auditor's Practical Handbook: http://www.nii.co.in/tuaph.html
The CIT Computer Security Handbook: www.cit.nih.gov/security/handbook.html
Aging stuff from Phrack like "Unix System Security Issues": www.fc.net/phrack/files/p18/p18-7.html

Mailinglists distro specific:
RedHat
http://www.redhat.com/support/errata/
http://www.redhat.com/mailing-lists...list/index.html

Debian
Our own markus1982 on a roll! LQ HOWTO: securing debian: http://www.linuxquestions.org/quest...?threadid=61670
http://bugs.debian.org/
http://lists.debian.org/ (search for debian-security@lists.debian.org)
http://security.debian.org/

S.u.S.E.
mailto:suse-security@suse.com
mailto:suse-security-announce@suse.com
(subscribe: mailto:suse-security-subscribe@suse.com)

Mandrake Linux
http://www.linux-mandrake.com/en/security/
http://www.linux-mandrake.com/en/flists.php3
mailto:security-announce@linux-mandrake.com (subscribe for URL above)

Conectiva Linux
http://distro.conectiva.com/seguranca/
mailto:seguranca@distro.conectiva.com.br (subscribe for URL above URL; security-mailinglist Lingua Franca is Portugese, but on updates-mailinglist it's Engish. The last one always has the packages updates announced on security-mailinglist.

Slackware
http://www.slackware.com/lists/
mailto:slackware-security@slackware.com (subscribe for URL above)

Hardening, distro specific
Debian/Mandrake/Red Hat: Bastille Linux: http://www.bastille-linux.org/
Debian Security HOWTO: http://www.debian.org/doc/manuals/s...g-debian-howto/
Debian Security FAQ: http://www.debian.org/security/faq
Mandrake: msec-*.rpm: http://www.linux-mandrake.com/
SuSE: http://www.suse.de/~marc/
Slackware: Slackware Administrators Security tool kit: http://sourceforge.net/projects/sastk/

Log analysis tools, resources
Loganalysis.org (check the library): http://www.loganalysis.org/
Counterpane, Log Analysis Resources: http://www.counterpane.com/log-analysis.html
Need to add: Snare, LTK etc etc

Daemons, device or application specific
The Linux-PAM System Administrators Guide
Securing Xwindows: www.uwsg.indiana.edu/usail/external...ed/xsecure.html
How to Build, Install, Secure & Optimize Xinetd: http://www.openna.com/documentation...inetd/index.php
Installation of a secure webserver (SuSE): http://www.netsys.com/library/paper...e_webserver.txt
Linksys security (LQ notes on): http://www.linuxquestions.org/quest...7007#post157007

Auditing tools at:
Packetstorm: http://www.packetstormsecurity.org/UNIX/audit/
SecurityFocus: http://www.securityfocus.com/tools/category/1

More Brainfood, sites, books
Daryl's TCP/IP primer: www.tcpipprimer.com
Teach Yourself TCP IP in 14 Days: www.sivik.org/Books/Teach Yourself TCP IP in 14 Days/
Uri's TCP resource list: www.private.org.il/tcpip_rl.html
Macmillan's "Maximum Security"
O'Reilly's TCP/IP Network Administration
* O'Reilly has a myriad of books some of which can also be found online, just search for "O'reilly and bookshelf", "o'reilly reference bookshelf" or "o'reilly cd bookshelf".
 
APF/Netfilter/Iptables

APF: http://www.r-fx.net/apf.php (firewall)
IPTables Tutorial: http://iptables-tutorial.frozentux....s-tutorial.html
IPSysctl Tutorial: http://ipsysctl-tutorial.frozentux....l-tutorial.html
Linuxguruz.org: http://www.linuxguruz.org/iptables/
Netfilter.org Packetfiltering HOWTO: http://www.netfilter.org/unreliable...iltering-HOWTO/
Linuxsecurity.com Iptables tutorial: http://www.linuxsecurity.com/resour...s-tutorial.html
Andreasson's Iptables tutorial: http://people.unix-fu.org/andreasso...s-tutorial.html
Iptables Connection tracking: http://www.cs.princeton.edu/~jns/se..._conntrack.html
Taking care of the New-not-SYN vulnerability: http://archives.neohapsis.com/archi...03-01/0036.html

Ipchains
TLDP Ipchains HOWTO: http://www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO.html
Flounder.net Ipchains HOWTO: http://www.flounder.net/ipchains/ipchains-howto.html

Other resources/misc stuff
Basic introduction to building ipchains rules: www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO.html
Explanation of the Ipchains logformat: logi.cc/linux/ipchains-log-format.php3
Ipchains log decoder: dsl081-056-052.dsl-isp.net/dmn/decoder/decode.php
Basics on firewalling: www.linuxdoc.org/HOWTO/Firewall-HOWTO.html
linux-firewall-tools: http://www.linux-firewall-tools.com/linux/
CERT: Home Network Security: http://www.cert.org/tech_tips/home_networks.html
Firewall FAQ: http://www.faqs.org/faqs/firewalls-faq/
Assigned ports > 1024: http://www.ec11.dial.pipex.com/port-num4.shtml
Port designations: http://www.chebucto.ns.ca/~rakerman/port-table.html
Firewall Forensics FAQ (What am I seeing?): http://www.robertgraham.com/pubs/firewall-seen.html
Linux Firewall and Security Site: http://www.linux-firewall-tools.com/linux/
Auditing Your Firewall Setup (old, still usefull), : http://www.enteract.com/~lspitz/audit.html
TLDP: Firewall Piercing mini-HOWTO: http://www.tldp.org/HOWTO/mini/Fire...rcing/x189.html
Something called the "Home PC Firewall Guide": http://www.firewallguide.com/
Vendor/Ethernet MAC Address Lookup: http://www.coffer.com/mac_find/
Netfilter Iptabes/Ipchains Log Format: http://logi.cc/linux/netfilter-log-format.php3
Dshield (find out if IP was marked as used in attacks): http://www1.dshield.org/ipinfo.php
Port search (Snort): http://www.snort.org/ports.html
Neohapsis Port search: http://www.neohapsis.com/neolabs/neo-ports/
P2P ports (IPMasq): http://www.tsmservices.com/masq/cfm/main.cfm
Is "Stealth" important?: http://www.practicallynetworked.com...net.htm#Stealth
Infosyssec's Firewall Security and the Internet (badly updated site): http://www.infosyssec.net/infosyssec/firew1.htm

DoS info
SANS, Help Defeat Denial of Service Attacks: Step-by-Step: http://www.sans.org/dosstep/index.htm
SANS, ICMP Attacks Illustrated: http://rr.sans.org/threats/ICMP_attacks.php
CERT, Denial of Service Attacks: http://www.cert.org/tech_tips/denial_of_service.html
NWC, Fireproofing Against DoS Attacks (forms of): http://www.nwc.com/1225/1225f38.html

DDoS info
SANS, Consensus Roadmap for Defeating Distributed Denial of Service Attacks: http://www.sans.org/ddos_roadmap.htm
SANS, Spoofed IP Address Distributed Denial of Service Attacks: Defense-in-Depth: http://rr.sans.org/threats/spoofed.php
SANS, Understanding DDOS Attack, Tools and Free Anti-tools with Recommendation: http://rr.sans.org/threats/understa...anding_ddos.php
Juniper.net, Minimizing the Effects of DoS Attacks: http://arachne3.juniper.net/techcen...ote/350001.html
CISCO, Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks: http://www.cisco.com/warp/public/707/newsflash.html
Dave Dittrich's references: http://staff.washington.edu/dittrich/misc/ddos/
Xinetd Sensors: http://www.gate.net/~ddata/xinetd-sensors.html
Xinetd FAQ: http://synack.net/xinetd/faq.html
 
Note: vulnerability checking: CIS, SATAN, COPS, Tiger

FAQ: Network Intrusion Detection Systems: http://www.robertgraham.com/pubs/ne...-detection.html
Sniffin' the Ether v2.0: http://www.unixgeeks.org/security/n...er/sniffer.html
Lotek sniffing docs: http://www.l0t3k.org/security/documents/sniffing/
Defeating Sniffers and Intrusion Detection Systems, Phrack, http://www.phrack.org/show.php?p=54&a=10

The IDS acronym game:

IDS: Intrusion Detection System refers to an application able to examine traffic for attributes and properties that mark "benign", suspicious, restricted, forbidden or outright hostile activities.

NIDS: Network IDS refers to Intrusion Detection, like running "sensors" on various sentry or sniffer hosts while logging and/or logprocessing and alerting is done on a central host (many-to-one topology).
NIDS examples are:
Snort: http://www.snort.org/
Shoki: http://shoki.sourceforge.net/
Prelude: http://www.prelude-ids.org/
Firestorm: http://www.scaramanga.co.uk/firestorm/
Panoptis (DoS, DDoS only):
Defenseworx:
SHADOW:
Pakemon:
Some commercial/non OSS examples: Demarc PureSecure, Cisco Secure IDS (NetRanger), ISS Real Secure, Axent Net Prowler, Recourse ManHunt, NFR Network Flight Recorder, NAI CyberCop Network, Enterasys Dragon and Okena Stormfront/Stormwatch.
Snort also is available commercially these days.

HIDS: Host-based IDS. The HIDS acronym itself is subject to flamewars.
IDS examples are Snort, Shoki, Prelude, Defenseworx, Pakemon, Firestorm and Panoptis (DoS, DDoS only).

IPS: Intrusion Protection System. Passive or active (learning, like the heuristics stuff?) enforcement of rules at the application, system or access level. I suppose we're looking at stuff like Grsecurity, Solar Designer's Open Wall, LIDS, LOMAC, RSBAC, Linux trustees, Linux Extended Attributes or Systrace here.
Commercial/non OSS examples: Entercept, ISS RealSecure, Axent Intruder Alert Manager, Enterasys' Dragon, Tripwire, Okena and CA's eTrust.
Docs:
Intrusion Detection FAQ (SANS, handling ID in general): http://www.sans.org/resources/idfaq/index.php
Basic File Integrity Checking (with Aide): http://online.securityfocus.com/infocus/1408
www.networkintrusion.co.uk (IDS, NIDS, File Integrity Checkers)


Snort basics:
Using Snort as an IDS and Network Monitor in Linux (SANS): http://www.sans.org/rr/intrusion/monitor.php
Snort: IDS Installation with Mandrake 8.2, Snort, Webmin, Roxen Webserver, ACID, MySQL: http://www.linux-tip.net/workshop/i...t/ids-snort.htm
ArachNIDS (Snort/Dragon/Defenseworx/Pakemon/Shoki rule, research and info library): http://whitehats.com/ids/
Intrusion Detection and Network Auditing on the Internet: http://www.infosyssec.net/infosyssec/intdet1.htm
Snort Stealth Sniffer: Paranoid Penguin: Stealthful Sniffing, Intrusion Detection and Logging: http://www.linuxjournal.com/article.php?sid=6222

Dropping Packets with Snort:
Why not to use Snort's "flexresp": http://www.mcabee.org/lists/snort-u...3/msg00379.html
Snortsam: http://www.snortsam.net
Hogwash: http://hogwash.sourceforge.net
Snort-inline: http://www.snort.org/dl/contrib/pat...nort-inline.tgz

Snort management, log reporting and analysis:
SnortCenter: http://users.pandora.be/larc
Snort Unified Logging: Barnyard: (Sourceforge)
Snort Unified Logging: Logtopcap
Analysis Console for Intrusion Databases (ACID): http://acidlab.sourceforge.net/
HOWTO Build Snort with ACID: http://www.sfhn.net/whites/snortacid.htm
ACID HOWTO: http://www.andrew.cmu.edu/~rdanyliw.../snortacid.html
ACID FAQ: http://www.andrew.cmu.edu/~rdanyliw/snort/acid_faq.html
SPADE, Snortsnarf: http://www.silicondefense.com
Enabling Automated Detection of Security Events that affect Multiple Administrative Domains: http://www.incident.org/thesis/book1.html

Snort vs Abacus Portsentry:
Snort and PortSentry compared: http://www.linux.ie/articles/portse...ortcompared.php

Comparison of IDSs ( NFR NID, Snort, INBOUNDS, SHADOW, Dragon, Tripwire): http://zen.ece.ohiou.edu/~nagendra/compids.html

Snort help, mailinglist (archives), honeypots:
Snort: Database support FAQ: http://www.incident.org/snortdb/
Snort mailinglists, Aims: http://marc.theaimsgroup.com/
Snort IDS forum at Whitehats.com: http://whitehats.com/cgi/forum/mess...i?bbs=forum&f=4
Baby steps with a honeypot: http://www.lucidic.net/whitepapers/mcooper-4-2002.html
Honeypot & Intrusion Detection Resources: http://www.honeypots.net/
The TCP Flags Playground (Mailinglist, Neohapsis): http://archives.neohapsis.com/archi...00-03/0386.html

Sniffing (network wiretap, sniffer) FAQ: http://www.robertgraham.com/pubs/sniffing-faq.html
Apps, network monitoring (index): http://www.mirrors.wiretapped.net/s...ing-README.txt.

An Analysis of a Compromised Honeypot (Snort+Ethereal): http://www.securityfocus.com/infocus/1676
To add: Firestorm NIDS, Barnyard, Mudpit, Snort GUI's, add-ons etc etc.

File Integrity Detection Systems
Checking a filesystem's contents against one or more checksums to determine if a file (remember anything essentially is a file on a Linux FS) has been changed.
Examples are:
Aide: http://www.cs.tut.fi/~rammer/aide.html
(see also ICU http://www.algonet.se/~nitzer/ICU/)
Samhain: http://la-samhna.de/samhain/
Osiris: http://osiris.shmoo.com/
Nabou: http://www.daemon.de/en/software/nabou/
Sentinel: http://zurk.sourceforge.net/zfile.html
Viper(DB): http://panorama.sth.ac.at/viperdb/
Integrit: http://integrit.sourceforge.net/
Tripwire.
Commercial/non OSS examples: Versioner, GFI LANguard System Integrity Monitor, Ionx's Data Sentinel, Tripwire for Servers and Pedestal Software Intact.


File Integrity (SecurityFocus, tools list): http://www.securityfocus.com/tools/category/7
 
Chroot Jails Made Easy with the Jail Chroot Project: http://www.linuxorbit.com/modules.p...tpage&artid=538

Apache, PHP, MySQL: http://www.faqts.com/knowledge_base.../aid/290/fid/31
SendMail: http://www.sendmail.net/000705securitygeneral.shtml
SendMail: http://www.linuxjournal.com/article.php?sid=5753
Snort: http://www.norz.org/software/snortstart.html

OpenSSH for chrooted sessions on Linux: http://mail.incredimail.com/howto/openssh/
http://chrootssh.sourceforge.net
OpenSSH, Scponly: http://www.sublimation.org/scponly/
Using scponly for secure file transfers: http://www.sancho2k.net/filemgmt_da...es/scponly.html
OpenSSH, Rssh: http://pizzashack.org/rssh/
OpenSSH Sftp logging patch, contact Mike Martinez: mmartinez@reeusda.gov

How to chroot an Apache tree with Linux and Solaris: http://penguin.epfl.ch/chroot.html
An Overview of 'chroot jailing' Services in Linux: http://www.incidents.org/protect/borland.php
How to break out of a chroot() jail: http://www.bpfh.net/simes/computing/chroot-break.html
Breaking out of a restricted shell: http://online.securityfocus.com/infocus/1575, down at "Breaking Out of Various Restrictions"
Tech-Babble: Virtual Server Myth: http://www.pair.com/pair/current/in...tualserver.html
0x05: Why chroot(2) Sucks: http://packetstormsecurity.nl/mag/napalm/napalm-12.txt
Chuvakin A.,: http://www.linuxsecurity.com/featur...e_story-99.html
Chrooting daemons and system processes HOW-TO: http://www.networkdweebs.com/chroot.html

Other SW/HOWTO's unsorted
http://www.gsyc.inf.uc3m.es/~assman/jail
http://www.opensourcedirectory.org/projects/jailchootp/
http://people.debian.org/~pzn/howto/chroot-bind.sh.txt
http://www.linuxdocs.org/HOWTOs/Chroot-BIND-HOWTO.html
http://www.linuxdoc.org/HOWTO/Chroot-BIND8-HOWTO.html
http://www.linuxsecurity.com/docs/H...ND-HOWTO-4.html
http://www.enteract.com/~robt/Docs/...il-freebsd.html for BIND
http://hoohoo.ncsa.uiuc.edu/docs/tu...ot-example.html
http://penguin.epfl.ch/chroot.html
http://tjw.org/chroot-login-HOWTO/
http://www.ssh.com/products/ssh/adm...chrootmgr_.html
http://rr.sans.org/linux/daemons.php
http://www.defcon1.org/html/Securit...ot-enforce.html
http://www.gnumonks.org/ftp/pub/net...root-howto.html
http://www.sunbeam.franken.de/proje...root-howto.html
http://www.mlug.ca/sklav/stories/November_issue2001
http://www.floc.net/makejail/
http://www.balabit.hu/downloads/jailer
 
Forensics HOWTO's, docs
Steps for Recovering from a UNIX or NT System Compromise: http://www.cert.org/tech_tips/root_compromise.html
Open Web Application Security Project (OWASP): http://www.owasp.org/
OSSTM: Institute for Security and Open Methodologies (formerly ideahamster.org): http://www.isecom.org/projects/osstmm.htm
Forensics Basic Steps: http://staff.washington.edu/dittrich/misc/forensics/ or http://staff.washington.edu/dittric.../forensics.html
Dd and netcat cloning disks: http://www.rajeevnet.com/hacks_hint...os_cloning.html
Security Applications of Bootable Linux CD-ROMs: http://rr.sans.org/linux/sec_apps.php
Honeypot project (Hone your skills with the SOM): http://project.honeynet.org/scans/
RH8.0: Chapter 11. Incident Response (Red Hat Linux Security Guide): http://www.redhat.com/docs/manuals/...nse-invest.html
Forensics and Incident Response Resources: http://is-it-true.org/pt/ptips8.shtml
Forensics presentation by Weld Pond and Tan: http://www.cs.neu.edu/groups/acm/lectures/Forensics_NU/
Law Enforcement and Forensics Links.: http://www.computerforensics.net/links.htm
Forensics commercial svc's: http://forensic.to/links/pages/Fore..._Investigation/

Forensics tools
OSSTM Tools listing: http://www.isecom.org/projects/operationaltools.htm
The Coroners Toolkit (TCT): http://www.porcupine.org/forensics/ or http://www.fish.com/forensics/
FIRE (Forensics CD, formerly Biatchux): http://biatchux.dmzs.com/?section=main
tomsrtbt (1 floppy distro): http://www.toms.net/rb/
Trinux, (Pentest/sniff/scan/recovery/IDS/forensics CD): http://www.trinux.org/
Snarl (Forensics CD based on FreeBSD): http://snarl.eecue.com
Freeware Forensics Tools for Unix: http://online.securityfocus.com/infocus/1503
The @stake Sleuth Kit (TASK): http://sleuthkit.sourceforge.net/
Tools used by CSIRTs to Collect Incident Data/Evidence, Investigate and Track Incidents (list): http://www.uazone.org/demch/analysis/sec-inchtools.html
Freeware Forensics Tools (reflist, Linux w32).: http://www.theiia.org/itaudit/index...n=forum&fid=325
TUCOFS - The Ultimate Collection of Forensic Software, : http://www.tucofs.com/tucofs/tucofs.asp?mode=mainmenu
Response kits (precompiled static binaries for Linux, Slowaris and wintendo): http://www.incident-response.org/irtoolkits.htm
Forensic Acquisition Utilities for w32: http://users.erols.com/gmgarner/forensics/
CREED (Cisco Router Evidence Extraction Disk),: http://cybercrime.kennesaw.edu/creed/
...else check Zone-h.org, Packetstorm, Wiretapped.net, whatever.

Undelete HOWTO's
Recovering a Lost Partition Table: http://tsaling.home.attbi.com/linux/lost_partition.html
Linux Partition HOWTO: http://surfer.nmr.mgh.harvard.edu/p.../Partition.html
How to recover lost partitions: http://cvs.sslug.dk/hdmaint/hdm_rescue.html
Linux Ext2fs Undeletion mini-HOWTO: http://www.linuxdoc.org/HOWTO/mini/...Undeletion.html
Linux Partition Rescue mini-HOWTO: http://www.linux-france.org/article...mini-HOWTO.html

Rescue tools for partition table/ext2fs
Gpart: http://www.stud.uni-hannover.de/user/76201/gpart/
Testdisk: http://www.cgsecurity.org/index.html
Parted: http://www.gnu.org/software/parted/parted.html
Recover (app + info): http://recover.sourceforge.net/linux/recover/
R-Linux: http://www.r-tt.com/RLinux.shtml
Unrm: http://www.securiteam.com/tools/Unr..._for_Linux.html
Also see mc (the Midnight Commander)
TCT (above).

Rescue tools from dd image
Foremost: http://sourceforge.net/projects/foremost/

Rescue tools for FAT/VFAT/FAT32 from Linux
Fatback: http://sourceforge.net/projects/biatchux/

Partition imaging
: http://www.partimage.orgPartimage.
* For more rescue tools check Freshmeat.net, metalab.unc.edu or other depots for a /Linux/system/recovery/ dir.
 
You must log in or register to reply here.

Similar threads

office politics
  • Locked
Hardening Your Linux Server - yosti.net
Replies
0
Views
4K
office politics
office politics
Osiris
  • Locked
Linux servers under 'Phalanx' attack
Replies
0
Views
2K
Osiris
Osiris
Osiris
  • Locked
The Exploit Files
Replies
0
Views
1K
Osiris
Osiris
K
  • Locked
Linux Faq
Replies
0
Views
1K
kartook
K
K
  • Locked
Securing Linux: methodology, firewalls, daemons, root audit
Replies
0
Views
2K
kartook
K
Back
Top Bottom