16. BleachBit Replaces Easy System Cleaner
BleachBit frees up extra space on your hard drive while protecting your privacy by erasing your cookies, temporary files, history, logs and other junk. It also includes a "shredder" that completely erases all traces of files you have deleted. Operating System: Windows, Linux.

In Solaris 10, the concept of privileges was introduced. The concept of privileges (or Least Privilege, as it is officially called) is not new. At the end of the twentieth century, the National Security Agency began developing a way to make operating systems more secure. This new concept included changes to the kernel in combination with RBAC. Linux was chosen as the platform for development. In 2000, the first public release became available, based on kernel 2.2.12.

You can take your Auditor CD and start running the chkrootkit utility to see if any known rootkits are installed on the server. If you find any suspicious activity, you can take a disk image with the dd command and examine it for any possible rootkits or strange processes. You can also use the Autopsy Forensic Browser, a graphical interface that can analyze Windows, Linux, and BSD file systems (NTFS, FAT, Ext2/3) to search for files.

Over the years I have had to harden a great number of LAMP boxes, I have found some methods work for better than others. I will now share with you all my favorite 10 along with methods to implement them on Debian/Ubuntu.

10. Lock SSH access right down. I do this by disabling root logins, disabling password authentication and using denyhosts.

To disable root logins do this vi /etc/ssh/sshd_config look for the following line : PermitRootLogin yes and change it thus : PermitRootLogin no ...

If you are an old school Linux or Unix user, you probably remember the System Administrator's Tool for Scanning Networks (SATAN). In 1995, SATAN brought browser-based network auditing to the world. Despite its initial splash, SATAN fell to the wayside due to lack of updates. Thanks to the kind folks at the Advanced Research Corp., SATAN is back, in the form of the Security Auditor's Research Assistant (SARA), a kinder, gentler, easier to use, and more updated auditing tool.

If you're edgy about security for your SOHO LAN, you might want to consider moving your first line of defense out past your firewall. How about on your router, for example? If your router runs OpenWrt, you can do exactly that, by running Snort, the open source intrusion detection system (IDS) project that has become the most widely deployed IDS in the world. Throw in the firewall that comes out of the box with OpenWrt White Russian, and suddenly the perimeter seems a lot more secure.

Systrace acts as a wrapper to the actual application. It intercepts the system calls made by the application, processes them through the kernel using the /dev/systrace device, and then handles the system calls according to your policies.

You can use Systrace to restrict a daemon's access to the system by defining which files it can access and how (such as read-only), and which port it can bind to.

Whax is a stand-alone linux live cd penetration-testing distribution; what that means is that it does not run on Windows or linux or any other operating system, it is an operating system so it can 'stand-alone'; a linux live cd is a linux distribution which will run from the cd, so you start your computer with the cd in your cd drive, and instead of Windows or your regular operating system, your computer boots into linux from the cd, without the need to install anything.