|
[SYMBOL]
[A]
[B]
[C]
[D]
[E]
[F]
[G]
[H]
[I]
[J]
[K]
[L]
[M]
[N]
[O]
[P]
[R]
[S]
[T]
[U]
[V]
[W]
[X]
[Z]
sa command (process acounting)
Samba, SWAT configuration tool
sandboxed environments
[See also chroot( environment)] BIND, running in
restricting services with
chroot( )
jail( )
security enhancement with grsecurity
scrub rules (PacketFilter)
sdrop rule, Snort_inline
searching packets, Snort rule options
Sebek (honeypot monitoring package)
SecFilter keyword
SecFilterSelective keyword
sectors offsets for a partition
secure tunnels
[See tunnels, secure] securelevels (BSD systems)
security holes (system), automating patching of
security policy auditing on Windows
creating for Windows firewall
setting up for IPsec connections on FreeBSD
Security Policy Database (SPD) FreeBSD, IPsec connections
Linux, IPsec connections
security scanner (Nessus)
Self-certifying File System (SFS)
self-signed certificates
Sendmail, setting up to use TLS
sensor_id (ACID)
server clocks, keeping synchronized
services common port numbers
emulated by honeyd
attempts to access
preventing from binding to an interface
restricting with sandboxed environments
running, listing on Windows
scanning for vulnerabilities with Nessus
session cookies, attacks using
session-timeout values, setting for PacketFilter
seteuid( )
setfacl command
setkey utility
setuid( )
sfscd (SFS client daemon)
sfskey command
SGID or SUID programs, scanning for
Sguil client and server, testing
compiling and installing Barnyard
components of
configuring sguild
creating a MySQL database
database tables, creating
log_packets.sh script, setting up
op_sguil output plug-in
sensor agent script, setting up
sensors, setting up
SSL, using with
starting up sguild and xscriptd
Tcl packages required
xscriptd, setting up
shared-medium Ethernet networks, sniffers and
shares (default), disabling on Windows
sharing files, using SFS (Self-certifying File System)
shell scripts, SUID or SGID bits on
shells exploit with shell code against SSH daemon
restricted
signature verification, automating
Simple WATCHer
[See swatch] skipinterval option, SnortSam
SMTP (TLS-enabled), setting up
sniffdet tool
ARP test
DNS test
SNMP interface statistics (for SNMP daemon on a router)
snmpget utility
Snort GUI for Lamerz
[See Sguil] Snort NIDS
alerts analyzing with Sguil
tracking with ACID
automatic rule updates with Oinkmaster
Barnyard, using to increase performance
unified output format for Snort
configuration built-in preprocessors
databases
editing snort.conf file
files provided with distribution
rule signatures
database support, enabling output plug-in
downloading and installing
firewalling with SnortSam
configuring SnortSam
firewall communications, setting up
output plug-ins
rules that trigger firewall rules
flexible response
preventing and containing intrusions with Snort_inline
rules
sensor network, managing
support for sending alerts to a database
testing in sniffer mode
writing your own rules
actions, built-in
activate and dynamic actions
defining custom actions
direction of packets
IP addresses and ports for packets
online rule documentation
options
protocol, specifying for rule
rule header and options
SnortCenter
admin account information, editing
config.php file, editing
MySQL database
sensor agent, adding to main management console
sensor agents, setting up
setting up
sockets (open), listing with lsof utility
SOCKS proxy, using SSH as
sockstat command
software authenticity, checking
Solaris Sebek honeypot monitoring module
TUN/TAP driver
source entries (syslog-ng)
Spade IDS
alerts generated by
SPD
[See Security Policy Database] spoofing addresses ARP spoofing
preventing IP spoofing with egress filtering
preventing with FilterPacket
SQL-injection attacks
squid proxy over SSH
SSH -D switch
authpf shell and
exploit launched against daemon, monitoring
forwarding and encrypting traffic with
keys, automating client logins
security concerns with public keys
login keys, generating for
PPP, using with to create secure VPN tunnel
SOCKS proxy, using as
squid proxy over
tunneling connection over HTTP with httptunnel
VTun, using over
SSL Apache, installing with
certificates
encrypting and tunneling traffic with
encrypting IMAP and POP with
OpenVPN, use by
Sguil, using with
2nd
SnortCenter sensor, using with
using for HTTPS with ntop
Stackguard
stacks buffer overflows based on
PAM modules for
startup, running commands out of system rc files
startx command, -nolisten tcp option
stateless protocol
Statistical Anomaly Detection Engine
[See Spade IDS] statistics (network), collecting with firewall rules
stealth mode, running IDS sensors in
sticky bit set on directories, scanning for
stream4 preprocessor, enabling for Snort
strings, searching packets for with Snort
stunnel
configuration file, stunnel.conf
forwarding local port to remote port
su utility
sudo utility
suEXEC (Apache)
enabling and configuring
SUID bit, disabling
SUID files, monitoring on your system
SUID or SGID programs, scanning for
SUID wrapper program, used by Apache
swapping
SWAT (Samba's web-based configuration tool)
swatch (log file monitor)
regular expressions to match log messages
symlink restrictions (grsecurity)
sysctl.conf file, enabling packet forwarding
syslog aggregating logs from remote sites
Barnyard output to
centralized server, running
filtering information into separate files
integrating Windows into
syslog-ng
2nd
configuration file entries
encrypting tunnel for secure traffic between daemons
filters, defining
libol library package
macros
syslog.conf, translating to source, destination, and log entries
TCP support
web site
syslog.conf file, translating to syslog-ng configuration entries
system binaries modification by root kits
performing functions of with BusyBox
verifying for chrootkit
system calls definition of
interception by Sebek
restricting
[See systrace utility] system groups, specifying for use of sudo
system logs, protecting from tampering by intruders
system updates automating
Windows, checking for
systrace utility
aliases
policies
policy-generation tool
|