Linux applications

From Gender and Tech Resources

Revision as of 10:48, 15 July 2015 by Lilith2 (Talk | contribs)

Linux distributions include great software by default and their repositories. And with so many flavours of linux, finding the right application for getting things done can be tough. Hence my proposal to share interesting apps. The page was kicked off with a short explanation on installing, and a few categories. Add your 2 cents! If a fitting category is not available, create it.

For each application its license is mentioned. For more on licensing see Captivating capital and copyfighting.

Caek repository

Installing applications

There are many ways to install applications, via graphical front-ends and via the command-line. You can use all of them. It used to be a problem when apt-get did not track which packages were automatically installed while aptitude did, but now that both packages share this list, there is no reason to avoid switching back and forth between the two or between one and front-ends related to the other.

Graphical front-ends

The Gnome PackageKit is one of two graphical package managers installed out of the box if and when you installed GNOME as desktop manager in Ubuntu. In older GNOME you can access it from the menu at Applications > System Tools > Add/Remove Software. PackageKit is designed to unify all the software graphical tools used in different distributions. It abstracts the various underlying package management technologies like yum, apt, smart etc. and provides unified graphical and command line frontends.

The Software Center is the graphical package manager developed by and default available on Ubuntu. You can access it from Applications > System Tools > Administration > Software Center in GNOME. It is a very high-level, new-user-friendly GUI. It will hide most of the packaging details and will only present installed/available applications. Software is nicely categorized so that, if you're not exactly sure what app you want, you can find what you need quickly. The Software Center also allows you to purchase commercial applications, just in case you wish to roleplay "consumer".

Software-center.png

Update-manager is a simple front-end for installing security updates and other daily upgrades (especially useful if you are running testing versions). When the upgrade is too complicated for update-manager, it will suggest to run synaptic.

Synaptic.png

Synaptic used to be the graphical package managers on debian-based distributions. You can start it from the menu: Applications > System Tools > Administration > Synaptic Package Manager in GNOME or System -> Administration -> Synaptic Package Manager in MATE.

Aptitude is a console-based GUI APT front-end. Run aptitude from the command-line without parameter, and it will start a powerful console-based GUI. Much like synaptic, you can have multiple views of the installed/available packages and mark packages for installation/upgrade/removal/purge before executing everything at once. It is very similar to apt-get and on occasion seems to deal better with odd and unexpected dependency situations. So if you have a problem with that for a particular application, you can try aptitude.

Aptitude.png

Command-line based package managers and apt front-ends

In debian-based distributions, installing and managing software from the command-line can be done with apt-get and other components of the Advanced Packaging Tool (APT). For example, to install an application like Ubuntu’s Software Center, you can do: 

$ sudo apt-get install software-center

You can find out more by reading the man page. Just type man apt-get on the command-line. It's a handy tool if you know the exact package name of what you want to install and don't want to spend time clicking through a GUI to get it.

Some noteworthy alternatives to apt-get are cupt and wajig. These two do not use libapt. Cupt wraps several tools including apt-get, and wajig is a (partial) APT reimplementation.

apt

Apt makes collection of software available to the user and does the dirty work of downloading all the required packages and installing them by calling dpkg in the correct order to respect the dependencies. Apt is a library and several frontends have been developed on top of that library, of which apt-get is one.

dpkg

Package managers like apt-get, aptitude, synaptic, and the Ubuntu Software Center are all just front-ends to either dpkg or apt, which is in itself a front-end to dpkg. This is the low-level tool that takes a .deb file and extracts its content on the disk, or that takes the name of a package to remove the associated files, etcetera

Stealth install of applications

  • Launch Synaptic on the off-line computer you wish to install software packages on.
  • Mark the packages you wish to install.
  • Choose File-> Generate package download script.
  • Save the script to your USB stick.
  • Take the USB stick to an online linux computer and run the script on the USB stick. It will download only the packages required by the offline computer to the USB stick.
  • Insert the USB stick into the offline computer.
  • Launch Synaptic and click on File-> Add downloaded packages
  • Select the directory on your USB stick containing the downloaded *.deb files and click Open. The packages will be installed.

Graphical environment

From the bottom up:

  • Xorg, XFree86 and X11 are display servers https://en.wikipedia.org/wiki/Display_server. This creates the graphical environment.
  • [gkxsw]dm, lxdm, lightdm and nodm are display managers alias login managers https://wiki.debian.org/DisplayManager. This is the first X program run by the system if the system (not the user) is starting X and allows you to log on to the local system, or network systems.
  • A window manager controls the placement and decoration of windows http://xwinman.org/intro.php. That is, the window border and controls are the decoration. Some of these are stand alone (WindowMaker, sawfish, fvwm, etc). Some depend on an accompanying desktop environment.
  • A desktop environment such as XFCE, KDE or GNOME are a suite of applications designed to integrate well with each other to provide a consistent experience.
  • A terminal emulator, terminal application, term, or tty for short, is a program that emulates a video terminal within some other display architecture.

In theory (and mostly so in practice) any of those components are interchangeable.

Window managers

openbox

Openbox is included in most popular linux distributions. It can be run within GNOME and KDE. And can also be used without a desktop environment (the lightweight approach). You can install additional features yourself, making it very customisable. It does not work well straight out of the box. You will probably need to install tools for power mangement, networking, managing displays, etc. Openbox comes with a default autostart which sets up an environment for both GNOME and KDE applications to run properly in (if you have them installed), as well as providing support for SCIM language input. See the autostart documentation for more details on setting it up. It is excellent for spending some experimentation time on, gaining insights in how window managers work and how else they could work.

awesome

Awesome (GNU GPLv2) is a configurable framework window manager for X. It is primarly targeted at power users, developers and any people dealing with every day computing tasks and who want to have fine-grained control on their graphical environment using the Lua programming language.

Terminal emulator management

terminator

Terminator (GPL-2.0+) is a useful tool for arranging terminals, inspired by programs such as gnome-multi-term, quadkonsole, etc. in that the main focus is arranging terminals in grids (tabs is the most common default method, which Terminator also supports).

tmux

tmux is a terminal multiplexer and lets you switch easily between several programs in one terminal, detach them (they keep running in the background) and reattach them to a different terminal.

Shell

Computers understand the language of zeros and ones known as binary language. If not familiar with number conversions, a decent tutorial can be found in http://www.cstutoringcenter.com/tutorials/general/convert.php In the early days of computing, instructions were provided using binary language, which is difficult for all of us to read and write. In linux, the shell accepts human readable commands and translates them into something the kernel can read and process.

  • The shell is a user program or it is an environment provided for user interaction.
  • It is a command language interpreter that executes commands read from the standard input device such as keyboard or from a file.
  • The shell gets started when you log in or open a console (terminal).
  • Quick and dirty way to execute utilities.
  • The shell is not part of system kernel, but uses the system kernel to execute programs, create files etc.
  • Common shells available for linux are:
    • bash ( Bourne-Again SHell ) - Most common shell in Linux. It's Open Source.
    • csh (C SHell) - The C shell's syntax and usage are very similar to the C programming language.
    • ksh (Korn SHell) - Created by David Korn at AT & T Bell Labs. The Korn Shell also was the base for the POSIX Shell standard specifications.
    • tcsh - an enhanced but completely compatible version of the Berkeley UNIX C shell (CSH).

Each shell does the same job, but each understands different command syntax and provides different built-in functions. The Kinky linux command-line page is based on bash.

zsh

Zsh is a shell designed for interactive use, although it is also a powerful scripting language. Many of the useful features of bash, ksh, and tcsh were incorporated into zsh; many original features were added. The introductory document details some of the unique features of zsh. It assumes basic knowledge of the standard UNIX shells; the intent is to show a reader already familiar with one of the other major shells what makes zsh more useful or more powerful. This document is not at all comprehensive; read the manual entry for a description of the shell that is complete, concise and up-to-date, although somewhat overwhelming and devoid of examples. Alternatively, the user guide offers wordy explanations of many of the shell's features.

Security applications

Anti-Malware

rkhunter

Rootkit Hunter (GNU GPL) is a Unix-based tool that scans for rootkits, backdoors and possible local exploits. Specifically, rkhunter is a shell script which carries out various checks on the local system to try and detect known rootkits and malware. It also performs checks to see if commands have been modified, if the system startup files have been modified, and various checks on the network interfaces, including checks for listening applications. rkhunter has been written to be as generic as possible, and so should run on most Linux and UNIX systems. It is provided with some support scripts should certain commands be missing from the system, and some of these are Perl scripts.

chrootkit

chkrootkit (Free software) is a tool to locally check for signs of a rootkit. It tests the following applications: aliens, asp, bindshell, lkm, rexedcs, sniffer, w55808, wted, scalper, slapper, z2, chkutmp, amd, basename, biff, chfn, chsh, cron, crontab, date, du, dirname, echo, egrep, env, find, fingerd, gpm, grep, hdparm, su, ifconfig, inetd, inetdconf, identd, init, killall, ldsopreload, login, ls, lsof, mail, mingetty, netstat, named, passwd, pidof, pop2, pop3, ps, pstree, rpcinfo, rlogind, rshd, slogin, sendmail, sshd, syslogd, tar, tcpd, tcpdump, top, telnetd, timed, traceroute, vdir, w, and write.

Encryption

gnupg

GnuPG (GNU GPL v3+) stands for GNU Privacy Guard and is a tool for secure communication and data storage. The software has two main uses. The first is to encrypt data to ensure its privacy. The second is to "sign" data so that others can determine it is authentic and unmodified. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC 2440. GnuPG is a command line tool with features for easy integration with other applications. The default public key algorithms are DSA and Elgamal, but RSA is also supported. Symmetric algorithms available are AES (with 128, 192, and 256 bit keys), 3DES, Blowfish, CAST5 and Twofish. Digest algorithms available are MD5, RIPEMD/160, SHA-1, SHA-256, SHA-384, and SHA-512. Compression algorithms available are ZIP, ZLIB, and BZIP2 (with libbz2 installed).

mcrypt

mcrypt (GPLv2) is a replacement for the old crypt package and crypt command, with extensions. It allows developers to use a wide range of encryption functions, without making drastic changes to their code. It allows users to encrypt files or data streams without having to be cryptographers. The companion to mCrypt is libmcrypt, which contains the actual encryption functions themselves, and provides a standardized mechanism for accessing them.

steghide

steghide (GNU GPL) is a steganography program that is able to hide data in various kinds of image- and audio-files. Steghide employs an algorithm which is undetectable by color-frequency based statistical tests. Steghide uses a graph-theoretic approach to steganography. The default encryption algorithm is Rijndael with a key size of 128 bits (which is AES - the advanced encryption standard) in the cipher block chaining mode.

stunnel

Stunnel (GNU GPL v2) is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer). It allows for securing non-SSL aware daemons and protocols (like POP, IMAP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code. Stunnel does not contain any crytographic code itself -- instead it relies on external SSL libraries.

veracrypt

VeraCrypt is disk encryption software forked from the discontinued TrueCrypt software. VeraCrypt adds enhanced security to the algorithms used for system and partitions encryption, and solves many vulnerabilities and security issues found in TrueCrypt.

ciphershed

CipherShed (will carry an OSI approved license (probably either Apache or BSD)) is free (as in free-of-charge and free-speech) encryption software and was started in June 2014 as a response to the end of life announcement for TrueCrypt. As of October 2014 CipherShed source code is hosted at GitHub. CipherShed is a program that can be used to create encrypted files or encrypt entire drives (including USB flash drives and external HDDs). There’s no complicated commands or knowledge required; a simple wizard guides you step-by-step through every process. After creating an encrypted file or disk drive, the encrypted volume is mounted through CipherShed. The mounted volume shows up as a regular disk that can be read and written to on-the-fly. The encryption is transparent to the operating system and any programs. When finished, the volume can be unmounted, and stored or transported elsewhere, fully secured. Encryption volumes can be moved from OS-to-OS (eg, Windows to Mac) with full compatibility.

Firewalls/Network Gateways

firestarter

Firestarter (GNU General Public License) is an Open Source visual firewall program. The software aims to combine ease of use with powerful features, therefore serving both Linux desktop users and system administrators. You can use the firewall creation wizard to create a basic firewall, then streamline it further using the powerful dynamic rules modifiers. Open and close ports with a few clicks, or stealth your services giving access only to a select few. Watch the real-time hit monitor as attackers probe your machine for open ports, in vain. Firestarter makes full advantage of GNOME but also works in most environments. While it protects both the firewall host itself as well as any client hosts connected to a local network from intrusion attempts, it does not impose restrictions on the services that the protected hosts themselves can access.

gufw

Gufw (GNU GPL v3) is for users bamboozled by firewalls. It has an easy to use interface for setting up inbound and outbound traffic rules for apps/services and ports. It is designed for beginners.

netfilter

Netfilter (GNU GPL v2) is a framework that provides a set of hooks inside the Linux kernel that allows kernel modules to register callback functions with the network stack. A registered callback function is then called back for every packet that traverses the respective hook within the network stack. Software inside this framework enables packet filtering, network address [and port] translation (NA[P]T) and other packet mangling. iptables is a generic table structure for the definition of rulesets. Each rule within an IP table consists of a number of classifiers (iptables matches) and one connected action (iptables target).

Intrusion detection

aide

The Advanced Intrusion Detection Environment (GPL), or aide, is a file integrity checker. It creates a database from the regular expression rules that it finds from the config file(s). Once this database is initialized it can be used to verify the integrity of the files. It has several message digest algorithms (md5, sha1, rmd160, tiger, crc32, sha256, sha512, whirlpool (additionally with libmhash: gost, haval, crc32b)) that are used to check the integrity of the file. All of the usual file attributes (File type, Permissions, Inode, Uid, Gid, Link name, Size, Block count, Number of links, Mtime, Ctime and Atime) can also be checked for inconsistencies. It can read databases from older or newer versions.

tripwire

Open Source Tripwire is a free software security and data integrity tool useful for monitoring and alerting on specific file change(s) on a range of systems. Open Source Tripwire functions as a host-based intrusion detection system. It is suitable for monitoring a small number of servers where centralized control and reporting is not needed and professional support is not a requirement.

snort

Snort (GNU GPL v2) is an open source network intrusion prevention and detection system sing a rule-driven language, which combines the benefits of signature, protocol and anomaly based inspection methods. It can perform real-time traffic analysis, alerting, blocking and packet logging on IP networks. It utilizes a combination of protocol analysis and pattern matching in order to detect a anomalies, misuse and attacks. It detects a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort uses a flexible rules language to describe activity that can be considered malicious or anomalous as well as an analysis engine that incorporates a modular plugin architecture. Snort is capable of detecting and responding in real-time, sending alerts, performing session sniping, logging packets, or dropping sessions/packets when deployed in-line.

Network monitoring

nagios

Nagios (GNU GPL v2) is a host and service monitor designed to inform you of network problems. The monitoring daemon runs periodic checks on hosts and services specified using external "plugins" which return status information to Nagios. When problems are encountered, the daemon can send notifications out to administrative contacts in a variety of different ways (email, instant message, SMS, etc.). Current status information, historical logs, and reports can all be accessed via a web browser. Although Nagios is powerful and flexible, it does require some time for it to be installed and configured correctly.

tcpdump

Tcpdump is a common computer network debugging tool that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. This program allows you to dump the traffic on a network. It can be used to print out the headers of packets on a network interface, filter packets that match a certain expression. You can use this tool to track down network problems, to detect "ping attacks" or to monitor network activities.

Traffic analysis

kismet

Kismet (GNU GPL) is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic. Kismet identifies networks by passively collecting packets and detecting standard named networks, detecting (and given time, decloaking) hidden networks, and inferring the presence of nonbeaconing networks via data traffic.

wireshark

Wireshark (GNU GPL v2) is a network packet analyzer. A network packet analyzer captures network packets and tries to display that packet data as detailed as possible. A network packet analyzer can be regarded as a measuring device to examine what's going on inside a network cable, just like a voltmeter is used by an electrician to examine what's going on inside an electric cable (but at a higher level, of course). It is developed and maintained by a global team of protocol experts. It used to be known as Ethereal, and was renamed to Wireshark in May 2006.

tcptrace

tcptrace (GNU GPL) is a tool designed for analysis of TCP dump files. It can tell you detailed information about TCP connections by sifting through dump files. Specifically, tcptrace can produce several different types of output containing information on each connection seen, such as elapsed time, bytes and segments sent and recieved, retransmissions, round trip times, window advertisements, throughput, and more. It can also produce a number of graphs for further analysis.

Packet crafting

hping

Hping3 (GNU GPL v2) is a command-line oriented TCP/IP packet assembler/analyser. The interface is inspired from the ping unix command, but hping isn't only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features. hping3 can handle fragmentation, and almost arbitrary packet size and content, using the command line interface.

scapy

Scapy (GNU GPL v2) is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, etc. It can handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.).

Port scanning

ipscan

Angry IP Scanner (GNU GPL v2) is an open-source and cross-platform network scanner designed to be fast and simple to use. It scans IP addresses and ports.

Vulnerability scanning

tiger

Tiger (GNU GPL) is a security tool that can be use both as a security audit and intrusion detection system. It is a set of scripts that scan a Un*x system looking for security problems, in the same fashion as Dan Farmer's COPS. It was originally developed to provide a check of UNIX systems on the A&M campus that want to be accessed from off campus (clearance through the packet filter). Unlike other tools, Tiger needs only of POSIX tools and is written entirely in shell language.

Data removal

bleachbit

BleachBit deletes unnecessary files to free valuable disk space, maintain privacy, and remove junk. It removes cache, Internet history, temporary files, cookies, and broken shortcuts. It handles cleaning of Adobe Reader, Bash, Beagle, Epiphany, Firefox, Flash, GIMP, Google Earth, Java, KDE, OpenOffice.org, Opera, RealPlayer, rpmbuild, Second Life Viewer, VIM, XChat, and more. Beyond simply erasing junk files, BleachBit wipes free disk space (to hide previously deleted files for privacy and to improve compression of images), vacuums Firefox databases (to improve performance without deleting data), and securely shreds arbitrary files.

Password Management

keepassx

KeePassX (GNU GPL v2) is a multi-platform port of KeePass, an open source and cross-platform password manager. This utility helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key-disk. This lets users only need to remember one single master password or insert the key-disk to unlock the whole database. The databases are encrypted using the algorithms AES (alias Rijndael) or Twofish using a 256 bit key. KeePassX currently uses same the database file format as the KeePass 1.x (Classic) password manager software for Windows.

VPN

openvpn

OpenVPN (GNU GPL v2) is a full-featured virtual private network (VPN) solution accomodating a wide range of configurations, including remote access, site-to-site VPNs, WiFi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. OpenVPN implements OSI layer 2 or 3 secure network extension using the industry standard SSL/TLS protocol, supports flexible client authentication methods based on certificates, smart cards, and/or 2-factor authentication, and allows user or group-specific access control policies using firewall rules applied to the VPN virtual interface.

Related

References

Retrieved from "https://gendersec.tacticaltech.org/wiki/index.php?title=Linux_applications&oldid=3318"