jnettop – Visualises network traffic monitoring tool

Jnettop is visualising active network traffic as the top does with processes. It displays active network streams sorted by bandwidth used. This is often usable when you want to get a fast grip on what is going on on your outbound router. Jnettop was done as a basic analysis tool and does not interpret most of the protocols on Internet. Namely, it can only interpret TCP/UDP/IP (v4 as well as v6 since 0.10) on EtherNet or Linux “any” device. This is one of the active visualises network traffic monitoring tool in Linux.

Features

  • list connections going across this host in a nice way
  • runs on almost any Unix flavor (see Porting)
  • supports IPv6
  • It supports customizable text output for further analysis
  • Jnettop supports machine-friendly mode to support further analysis
jnettop

visualises network traffic tool

 

jnettop installation

RPM Installation

Download the latest nux-dextop-release rpm from

http://li.nux.ro/download/nux/dextop/el7/x86_64/

Install nux-dextop-release rpm:

rpm -Uvh nux-dextop-release*rpm
yum install jnettop
jnettop -h
Usage: jnettop [-hv] [-i interface] [-d filename]

-h, –help display this help message
-v, –version display version information

-b, –bit-units show BPS in bits per second, not bytes per second
-c, –content-filter disable content filtering
-d, –debug filename write debug information into file (or syslog)
–display type type of display (curses, text, uia)
-f, –config-file name reads configuration from file. defaults to ~/.jnettop
–format format list of fields to list in text output
-i, –interface name capture packets on specified interface
–local-aggr arg set local aggregation to none/host/port
-n, –no-resolver disable resolving of addresses
-p, –promiscuous enable promisc mode on the devices
–remote-aggr arg set remote aggregation to none/host/port
-s, –select-rule rule selects one of the rules defined in config file
by it’s name
-t, –timeout sec timeout in seconds after which jnettop ends (text display)
-x, –filter rule allows for specification of custom filtering rule
this follows tcpdump(1) syntax. don’t forget to
enclose the filter into quotes when running from shell

 

Source Installation

Download source file from http://jnettop.kubs.info/wiki/?id=Download

If you just want jnettop to detect what’s available and compile, run:

gzip -dc jnettop-<version>.tar.gz | tar xf -
cd jnettop-<version>
./configure
make
make install

you’re done.

 

 

Lynis security audit tool for linux

Lynis is an open source and one of the most trusted automated auditing tool for software patch management, malware scanning and vulnerability detecting in Unix based systems. This tool is useful for auditors, network and system administrators, security specialists and penetration testers. This Lynis security audit tool for linux.

Lynis performs hundreds of individual tests, to determine the security state of the system. The security scan itself consists of performing a set of steps, from initializing the program, up to the displaying the report.

security audit tool

security audit tool

What Lynis is doing?

  • Determine operating system
  • Search for available tools and utilities
  • Check for Lynis update
  • Run tests from enabled plugins
  • Run security tests per category
  • Report status of security scan
  • During the scan, technical details about the scan are stored in a log file. At the same time findings (warnings, suggestions, data collection), are stored in a report file.

Download and Install

Download latest version from https://cisofy.com/download/lynis/

Login your server using root permission

[[email protected]]# wget https://cisofy.com/files/lynis-2.2.0.tar.gz
[[email protected]]# tar -zxvf lynis-2.2.0.tar.gz
[[email protected]]# cd lynis

[[email protected] lynis]# ./lynis audit system

[ Lynis 2.1.8 ]

################################################################################
comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
welcome to redistribute it under the terms of the GNU General Public License.
See the LICENSE file for details about using this software.

Copyright 2007-2016 – CISOfy, https://cisofy.com
Enterprise support and plugins available via CISOfy
################################################################################

[+] Initializing program
————————————
– Detecting OS… [ DONE ]

—————————————————
Program version: 2.1.8
Operating system: Linux
Operating system name: CentOS
Operating system version: CentOS Linux release 7.1.1503 (Core)
Kernel version: 3.10.0
Hardware platform: x86_64
Hostname: testvm1
Auditor: [Unknown]
Profile: ./default.prf
Log file: /var/log/lynis.log
Report file: /var/log/lynis-report.dat
Report version: 1.0
Plugin directory: ./plugins
—————————————————
– Checking profile file (./default.prf)…
– Program update status… [ SKIPPED ]

[+] System Tools
————————————
– Scanning available tools…
– Checking system binaries…

[+] Plugins (phase 1)
————————————
Note: plugins have more extensive tests, which may take a few minutes to complete

– Plugin: pam
[.]

[+] Boot and services
————————————
– Service Manager [ systemd ]
– Checking UEFI boot [ DISABLED ]
– Checking presence GRUB [ OK ]
– Checking presence GRUB2 [ FOUND ]
– Checking for password protection [ WARNING ]
– Check running services (systemctl) [ DONE ]
Result: found 14 running services
– Check enabled services at boot (systemctl) [ DONE ]
Result: found 18 enabled services
– Check startup files (permissions) [ OK ]

[ Press [ENTER] to continue, or [CTRL]+C to stop ]
use help option for more information

[[email protected] lynis]# ./lynis –help

[ Lynis 2.2.0 ]

################################################################################
comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
welcome to redistribute it under the terms of the GNU General Public License.
See the LICENSE file for details about using this software.

Copyright 2007-2016 – CISOfy, https://cisofy.com/lynis/
Enterprise support and plugins available via CISOfy
################################################################################

[+] Initializing program
————————————

Usage: lynis [options] mode
Mode:

audit
audit system : Perform security scan
audit dockerfile <file> : Analyze Dockerfile

update
update info : Show update details
update release : Update Lynis release
Scan options:
–auditor “<name>” : Auditor name
–dump-options : See all available options
–no-log : Don’t create a log file
–pentest : Non-privileged scan (useful for pentest)
–profile <profile> : Scan the system with the given profile file
–quick (-Q) : Quick mode, don’t wait for user input
–tests “<tests>” : Run only tests defined by <tests>
–tests-category “<category>” : Run only tests defined by <category>

Layout options:
–no-colors : Don’t use colors in output
–quiet (-q) : No output, except warnings
–reverse-colors : Optimize color display for light backgrounds

Misc options:
–debug : Debug logging to screen
–view-manpage (–man) : View man page
–version (-V) : Display version number and quit

Enterprise options:
–plugin-dir “<path>” : Define path of available plugins
–upload : Upload data to central node
More scan options are available. See man page and online documentation for details.

 

Docker – Container technology in Cloud

Docker is a container virtualization technology that offers the promise of a more efficient, lightweight approach to application deployment than most organizations are currently implementing. Docker uses the resource isolation features of the Linux kernel such as cgroups and kernel namespaces, and a union-capable filesystem such as aufs and others to allow independent “containers” to run within a single Linux instance, avoiding the overhead of starting and maintaining virtual machines.

Docker is a tool that is designed to benefit both developers and system administrators, making it a part of many DevOps (developers + operations) toolchains. For developers, it means that they can focus on writing code without worrying about the system that it will ultimately be running on. It also allows them to get a head start by using one of thousands of programs already designed to run in a Docker container as a part of their application. For operations staff, Docker gives flexibility and potentially reduces the number of systems needed because of its small footprint and lower overhead.

Docker Security

There are three major areas to consider when reviewing Docker security:

  • the intrinsic security of the kernel and its support for namespaces and cgroups;
  • the attack surface of the Docker daemon itself;
  • loopholes in the container configuration profile, either by default, or when customized by users.
    the “hardening” security features of the kernel and how they interact with containers.

One of the many security feature is provided by modern Linux kernels. It is also possible to leverage existing, well-known systems like TOMOYO, AppArmor, SELinux, GRSEC, etc. with Docker.

docker

docker container

Docker installation

You can review all other platform installation here

Docker installation on Centos

It should be need kernel version 3.10 at minimum.

You can install Docker engine using the yum package manager. Log into your machine as a user with sudo or root privileges.

Make sure your existing yum packages are up-to-date.

# yum update

Add the yum repo.

vi /etc/yum.repos.d/docker.repo
[dockerrepo]
name=Docker Repository
baseurl=https://yum.dockerproject.org/repo/main/centos/$releasever/
enabled=1
gpgcheck=1
gpgkey=https://yum.dockerproject.org/gpg
EOF

Install the Docker package.

# yum install docker

Start the Docker daemon.

#service docker start

Thats it. Check your docker container status.

#docker ps