JDisk Report Utility

JDiskReport enables you to understand how much space the files and directories consume on your disk drives, and it helps you find obsolete files and folders. The tool analyses your disk drives and collects several statistics which you can view as overview charts and details tables.  This is ad-free uncrippled no-charge binary multi-platform software that never expires.

More info and Download:
http://www.jgoodies.com/freeware/jdiskreport/

NeoPI – webshell detection

NeoPI is a Python script that uses a variety of statistical methods to detect obfuscated and encrypted content within text and script files. The intended purpose of NeoPI is to aid in the identification of hidden web shell code. The development focus of NeoPI was creating a tool that could be used in conjunction with other established detection methods such as Linux Malware Detect or traditional signature/keyword based searches.

NeoPI is platform independent and can be run on any system with Python 2.6 installed. The user running the script should have read access to all of the files that will be scanned.

NeoPI recursively scans through the file system from a base directory and will rank files based on the results of a number of tests. The ranking helps identify with a higher probability which files may be encrypted web shells. It also presents a “general” score derived from file rankings within the individual tests.

Read this really interesting page at Infosec Resources and also download the script:
http://resources.infosecinstitute.com/web-shell-detection/

Linux Malware Detect

Linux Malware Detect (LMD) is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection. In addition, threat data is also derived from user submissions with the LMD checkout feature and from malware community resources. The signatures that LMD uses are MD5 file hashes and HEX pattern matches, they are also easily exported to any number of detection tools such as ClamAV.

The driving force behind LMD is that there is currently limited availability of open source/restriction free tools for Linux systems that focus on malware detection and more important that get it right. Many of the AV products that perform malware detection on Linux have a very poor track record of detecting threats, especially those targeted at shared hosted environments.

More details and to download and use, see:
http://www.rfxn.com/projects/linux-malware-detect/

.htaccess attacks article

Sucuri have an interesting article on .htaccess attacks:

Attackers have been using the .htaccess file for a while. They use this file to hide malware, to redirect search engines to their own sites (think blackhat SEO), and for many other purposes (hide backdoors, inject content, to modify the php.ini values, etc).

Why do they use the .htaccess file? For multiple reasons. First, the .htaccess is a hidden file (starting with a “.”), so some site owners might not find them in their FTP clients. Secondly, it is a powerful file that allows you to make multiple changes to the web server and PHP behavior. This makes a .htaccess the attack hard to find and to clean up.

Read the complete article at Securi:
http://blog.sucuri.net/2011/05/understanding-htaccess-attacks-part-1.html


mRemoteNG

mRemoteNG is a fork of mRemote, an open source, tabbed, multi-protocol, remote connections manager. mRemoteNG adds bug fixes and new features to mRemote. It allows you to view all of your remote connections in a simple yet powerful tabbed interface.

mRemoteNG supports the following protocols:

  • RDP (Remote Desktop/Terminal Server)
  • VNC (Virtual Network Computing)
  • ICA (Citrix Independent Computing Architecture)
  • SSH (Secure Shell)
  • Telnet (TELecommunication NETwork)
  • HTTP/HTTPS (Hypertext Transfer Protocol)
  • rlogin
  • Raw Socket Connections

I’ve been using it for a week now from my Windows 7 PC and it’s going to replace my PuttyCM setup. More info and Download: http://www.mremoteng.org

SQL Map – automatic SQL injection and database takeover tool

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

More info and download here: http://sqlmap.org/

XArp – Advanced ARP Spoofing Detection

XArp is a security application that uses advanced techniques to detect ARP based attacks. ARP attacks allow an attacker to silently eavesdrop or manipulate all your data that is sent over the network. This include documents, emails and VoiceIP conversations. ARP spoofing attacks are undetected by firewalls and operating system security features: firewalls don’t protect you against ARP based attack! XArp has been developed to target this problem: it uses advanced techniques to detect ARP attacks and thus helps you to keep your data private.

Works on Windows and Linux – more info here and you can purchase a pro version.

Free reserved space in ext3/ext4 file systems

The partitions that contains the ext3 and ext4 filesystems reserve the 5% of the total size of the filesystm by default. The idea here is even when you run out of disk space, the root user should still be able to log in and system services should still run. Without this option, the root user could be not able to acces and “clean up” since the system may become unstable, trying to log to in a filesytem full at 100%, for example. The other reason is to help the general optimization with less fragmentation of the filesystem.

Full article at Linuxaria