< List of applications
List of applications/Security
Security
For detailed guides, see the main ArchWiki page, Security.
Network security
See also Wikipedia:Comparison of packet analyzers.
- airgeddon — Multi-use bash script to audit wireless networks
- Arpwatch — Tool that monitors ethernet activity and keeps a database of Ethernet/IP address pairings.
- bettercap — Swiss army knife for network attacks and monitoring.
- darkstat — Captures network traffic, calculates statistics about usage, and serves reports over HTTP.
- dsniff — Collection of tools for network auditing and penetration testing.
- EtherApe — Graphical network monitor for Unix modeled after etherman. Featuring link layer, IP and TCP modes, it displays network activity graphically. Hosts and links change in size with traffic. Color coded protocols display.
- Ettercap — Multipurpose Network sniffer/analyser/interceptor/logger.
- https://ettercap.github.io/ettercap/ || CLI: ettercap, GUI: ettercap-gtk
- GNOME Network Tools — GNOME interface for various networking tools.
- Honeyd — Tool that allows the user to set up and run multiple virtual hosts on a computer network.
- http://www.honeyd.org/ || honeydAUR
- hping — Command-line oriented TCP/IP packet assembler/analyzer.
- LinSSID — Graphical wireless scanner.
- Nemesis — Command-line network packet crafting and injection utility.
- Sshguard — Daemon that protects SSH and other services against brute-force attacks, similar to Fail2ban.
- Suricata — High performance Network IDS, IPS and Network Security Monitoring engine.
- https://suricata-ids.org/[dead link 2022-09-20 ⓘ] || suricataAUR
Firewall management
See iptables#Front-ends.
Threat and vulnerability detection
- Metasploit Framework — An advanced open-source platform for developing, testing, and using exploit code.
- OSSEC — Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
- https://ossec.github.io/ || ossec-localAUR, ossec-serverAUR
File security
Anti malware
- ClamTk — Graphical front-end for ClamAV using Perl and Gtk libraries. It is designed to be an easy-to-use, lightweight, on-demand antivirus scanner for Linux systems.
- https://gitlab.com/dave_m/clamtk/ || clamtk, Nautilus plugin: clamtk-gnomeAUR, Thunar plugin: thunar-sendto-clamtkAUR
Screen lockers
See also Session lock.
Warning: Only sflock, physlock, Cinnamon Screensaver, MATE Screensaver and GNOME Screensaver are able to block tty access. See Xorg#Block TTY access on how to manually block tty access.
- i3lock-blur — Fork of i3lock which can use your desktop with the blur effect applied as a background.
- sxlock — Fork of sflock with a few enhancements. Provides basic user feedback, uses PAM authentication, supports DPMS and RandR. Supports
sxlock.service
to lock the screen on suspend/hibernation. See the README for more information.
- xfce4-screensaver — A screen saver and locker that aims to have simple, sane, secure defaults and be well integrated with the xfce desktop.
Password auditing
Console
- Bitwarden — Open source password manager with desktop, mobile, browser, and CLI versions. Cloud or self-hosted.
- KeePassC — Curses-based password manager compatible to KeePass v.1.x.
- Ylva — Command-line password manager, written in C, uses OpenSSL.
- https://www.ylvapasswordmanager.com/[dead link 2022-09-20 ⓘ] || ylvaAUR
Graphical
- Ked Password Manager — A password manager that helps to manage large numbers of passwords.
- KDE Wallet Manager — Tool to manage the passwords on your system. By using the KDE wallet subsystem, it not only allows you to keep your own secrets but also to access and manage the passwords of every application that integrates with the wallet.
- Universal Password Manager — Allows you to store usernames, passwords, URLs and generic notes in an encrypted database protected by one master password.
Hash checkers
- GtkHash — A GTK utility for computing message digests or checksums
Encryption, signing, steganography
- Enigmail — A security extension to Mozilla Thunderbird and Seamonkey. It enables you to write and receive email messages signed and/or encrypted with the OpenPGP standard.
- Keybase — Key directory mapping social media identities, with cross platform encrypted chat, cloud storage, and git repositories.
- passphrase2pgp — Reproducibly generate private key in OpenPGP/OpenSSH formats accroding to user input passphrase and optionally sign message in one go
Data-at-rest encryption
Privilege elevation
- sudo — Command to delegate the ability to run commands as root or another user while providing an audit trail.
gollark: IT FRAMED GIBSON
gollark: THAT IS IT
gollark: YES
gollark: ESOBOT WAS SENTIENT
gollark: This is somewhat uncool. sqlx won't let me shove 128-bit integers into SQLite.
This article is issued from Archlinux. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.