این مطلب رو از توی صفحات ذخیره شده خودم پیدا کردم، به نظر سازنده می نمود، پس منعکس شد..... (شرمنده که ترجمه نشد)



Welcome to the Server Expert Security How To!
From Dataracks.net

Big Thanks to unSpawn for creating the origional link listing.

This information originally posted at linuxquestions.org

If you want to secure a Linux box, its nothing really to far fetched, it just takes some reading and a bit of organization to make sure all the important dots have been connected.

The following is a few lists of links about linux security:

1: Basics, important sites, HOWTO's, handbooks, tips, advisories, mailinglists, hardening, log analysis, sites, books
2: Apf, Netfilter, firewall, Iptables, Ipchains, DoS, DDoS
3: Intrusion detection, integrity checks
4: Chroot, chrooting, jailing, comparimization
5: Forensics, recovery, undelete

Some texts contain step by step directions for newbies, and some are directed at intermediate or expert users.
Just read 'em, and post your questions in the forum.
Comments/additions/corrections are welcome, just mail me.
benoit[at]dataracks.net

Post 1
Basics, important sites, HOWTO's, handbooks, hardening, tips
Advisories, alerts, bulletins, disclosure, mailinglists, mailing archives, knowledge bases, other sites
Hardening, distro-specific
Log analysis tools, resources
Daemons, device or application specific
More Brainfood, sites, books

Basics, important sites, HOWTO's, handbooks, hardening, tips

Checklists
UNIX Security Checklist v2.0: http://www.cert.org/tech_tips/unix_...ecklist2.0.html
SANS, The Twenty Most Critical Internet Security Vulnerabilities: http://www.sans.org/top20/
SANS SCORE Checklists for W32/Solaris/Cisco IOS/Mac OS/etc etc: http://www.sans.org/score/
SANS http://www.sans.org/infosecFAQ/linux/linux_list.htm
SANS, Reading room: http://rr.sans.org/linux/linux_list.php

Securing
CERT, Security improvements: http://www.cert.org/security-improvement/
CERT, Tech Tips: http://www.cert.org/tech_tips/
Linux Administrator's Security Guide (LASG): http://www.seifried.org/lasg/
Linux Security Administrator's Guide (SAG, old): http://www.tldp.org/LDP/sag/index.html
The Linux Network Administrator's Guide (NAG): http://www.tldp.org/LDP/nag2/index.html
Securing & Optimizing Linux: The Ultimate Solution (PDF): http://www.tldp.org/LDP/solrhe/Secu...lution-v2.0.pdf
Securing Optimizing Linux RH Edition (older): http://www.tldp.org/LDP/solrhe/Secu...v1.3/index.html
Linux Security HOWTO: http://tldp.org/HOWTO/Security-HOWTO/index.html
Linux Security HOWTO: http://www.linuxvoodoo.com/howto/HOWTO/Security-HOWTO/
Linux Security Quick Reference Guide (PDF): http://www.tldp.org/REF/ls_quickref/QuickRefCard.pdf
Security Quick-Start HOWTO for Linux,: http://tldp.org/HOWTO/Security-Quickstart-Redhat-HOWTO/
Security links at Linuxguru's: http://www.linuxguruz.org/z.php?id=914
TLPD Networking security HOWTO's: http://www.tldp.org/HOWTO/HOWTO-IND...tml#NETSECURITY

Compromise, breach of security, detection
Intruder Detection Checklist (CERT): http://www.cert.org/tech_tips/intru..._checklist.html
Detecting and Removing Malicious Code (SF): http://www.securityfocus.com/infocus/1610
Steps for Recovering from a UNIX or NT System Compromise: http://www.cert.org/tech_tips/root_compromise.html
Formatting and Reinstalling after a Security Incident (SF): http://www.securityfocus.com/infocus/1692
How to Report Internet-Related Crime (usdoj.gov CCIPS): http://www.usdoj.gov/criminal/cybercrime/reporting.htm
Related, old(er) articles/docs:
Intruder Discovery/Tracking and Compromise Analysis: http://staff.washington.edu/dittric...ckhat/blackhat/
Intrusion Detection Primer: http://www.linuxsecurity.com/featur...re_story-8.html
Through the Looking Glass: Finding Evidence of Your Cracker (LG): http://www.linuxgazette.com/issue36/kuethe.html
Recognizing and Recovering from Rootkit Attacks: http://www.cs.wright.edu/people/fac...ion/obrien.html
See also post #5 under Forensics docs

Advisories, alerts, bulletins, disclosure, mailinglists, mailing archives, knowledge bases, other sites
Bugtraq (running): http://www.mail-archive.com/bugtraq@securityfocus.com/
or http://msgs.securepoint.com/cgi-bin...aq-current.html
or http://www.der-keiler.de/Mailing-Li...yfocus/bugtraq/
Linuxsecurity: http://www.linuxsecurity.com
Securityfocus: http://www.securityfocus.com
Securiteam: http://www.securiteam.com/
CERT KB: http://www.cert.org/kb/
Securitytracker (Advisories): http://www.securitytracker.com/topics/topics.html

Neohapsis (mailinglists/archives): http://www.neohapsis.com
theaimsgroup (mailinglists/archives): http://marc.theaimsgroup.com/
Der Keiler (mailinglists/archives): http://www.der-keiler.de/
Faqchest (archives, FAQ's): http://www.faqchest.com/

Linux Gazette: http://www.linuxgazette.com
Experts exchange: http://www.experts-exchange.com
The Linux Documentation Project: http://www.tldp.org
Blacksheep (HOWTO's, whitepapers, etc): http://www.blacksheepnetworks.com/security/
IRIA: http://www.ists.dartmouth.edu/IRIA/..._base/index.htm
E-secure-db Security Information database: http://www.e-secure-db.us/dscgi/ds....Collection-1586
eBCVG.com's security portal: http://www.ebcvg.com/info.php
Linuxmag, Hardening Linux Systems: http://www.linux-mag.com/2002-09/guru_01.html
SEI: http://www.sei.cmu.edu/publications/lists.html
Matt's Unix Security Page: http://www.deter.com/unix/
Jay Beale's docs (Bastille-linux/CIS): http://www.bastille-linux.org/jay/s...ticles-jjb.html
The Unix Auditor's Practical Handbook: http://www.nii.co.in/tuaph.html
The CIT Computer Security Handbook: www.cit.nih.gov/security/handbook.html
Aging stuff from Phrack like "Unix System Security Issues": www.fc.net/phrack/files/p18/p18-7.html

Mailinglists distro specific:
RedHat
http://www.redhat.com/support/errata/
http://www.redhat.com/mailing-lists...list/index.html

Debian
Our own markus1982 on a roll! LQ HOWTO: securing debian: http://www.linuxquestions.org/quest...?threadid=61670
http://bugs.debian.org/
http://lists.debian.org/ (search for debian-security@lists.debian.org)
http://security.debian.org/

S.u.S.E.
mailto:suse-security@suse.com
mailto:suse-security-announce@suse.com
(subscribe: mailto:suse-security-subscribe@suse.com)

Mandrake Linux
http://www.linux-mandrake.com/en/security/
http://www.linux-mandrake.com/en/flists.php3
mailto:security-announce@linux-mandrake.com (subscribe for URL above)

Conectiva Linux
http://distro.conectiva.com/seguranca/
mailto:seguranca@distro.conectiva.com.br (subscribe for URL above URL; security-mailinglist Lingua Franca is Portugese, but on updates-mailinglist it's Engish. The last one always has the packages updates announced on security-mailinglist.

Slackware
http://www.slackware.com/lists/
mailto:slackware-security@slackware.com (subscribe for URL above)

Hardening, distro specific
Debian/Mandrake/Red Hat: Bastille Linux: http://www.bastille-linux.org/
Debian Security HOWTO: http://www.debian.org/doc/manuals/s...g-debian-howto/
Debian Security FAQ: http://www.debian.org/security/faq
Mandrake: msec-*.rpm: http://www.linux-mandrake.com/
SuSE: http://www.suse.de/~marc/
Slackware: Slackware Administrators Security tool kit: http://sourceforge.net/projects/sastk/

Log analysis tools, resources
Loganalysis.org (check the library): http://www.loganalysis.org/
Counterpane, Log Analysis Resources: http://www.counterpane.com/log-analysis.html
Need to add: Snare, LTK etc etc

Daemons, device or application specific
The Linux-PAM System Administrators Guide
Securing Xwindows: www.uwsg.indiana.edu/usail/external...ed/xsecure.html
How to Build, Install, Secure & Optimize Xinetd: http://www.openna.com/documentation...inetd/index.php
Installation of a secure webserver (SuSE): http://www.netsys.com/library/paper...e_webserver.txt
Linksys security (LQ notes on): http://www.linuxquestions.org/quest...7007#post157007

Auditing tools at:
Packetstorm: http://www.packetstormsecurity.org/UNIX/audit/
SecurityFocus: http://www.securityfocus.com/tools/category/1

More Brainfood, sites, books
Daryl's TCP/IP primer: www.tcpipprimer.com
Teach Yourself TCP IP in 14 Days: www.sivik.org/Books/Teach Yourself TCP IP in 14 Days/
Uri's TCP resource list: www.private.org.il/tcpip_rl.html
Macmillan's "Maximum Security"
O'Reilly's TCP/IP Network Administration
* O'Reilly has a myriad of books some of which can also be found online, just search for "O'reilly and bookshelf", "o'reilly reference bookshelf" or "o'reilly cd bookshelf".

Post 2

APF/Netfilter/Iptables

APF: http://www.r-fx.net/apf.php (firewall)
IPTables Tutorial: http://iptables-tutorial.frozentux....s-tutorial.html
IPSysctl Tutorial: http://ipsysctl-tutorial.frozentux....l-tutorial.html
Linuxguruz.org: http://www.linuxguruz.org/iptables/
Netfilter.org Packetfiltering HOWTO: http://www.netfilter.org/unreliable...iltering-HOWTO/
Linuxsecurity.com Iptables tutorial: http://www.linuxsecurity.com/resour...s-tutorial.html
Andreasson's Iptables tutorial: http://people.unix-fu.org/andreasso...s-tutorial.html
Iptables Connection tracking: http://www.cs.princeton.edu/~jns/se..._conntrack.html
Taking care of the New-not-SYN vulnerability: http://archives.neohapsis.com/archi...03-01/0036.html

Ipchains
TLDP Ipchains HOWTO: http://www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO.html
Flounder.net Ipchains HOWTO: http://www.flounder.net/ipchains/ipchains-howto.html

Other resources/misc stuff
Basic introduction to building ipchains rules: www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO.html
Explanation of the Ipchains logformat: logi.cc/linux/ipchains-log-format.php3
Ipchains log decoder: dsl081-056-052.dsl-isp.net/dmn/decoder/decode.php
Basics on firewalling: www.linuxdoc.org/HOWTO/Firewall-HOWTO.html
linux-firewall-tools: http://www.linux-firewall-tools.com/linux/
CERT: Home Network Security: http://www.cert.org/tech_tips/home_networks.html
Firewall FAQ: http://www.faqs.org/faqs/firewalls-faq/
Assigned ports > 1024: http://www.ec11.dial.pipex.com/port-num4.shtml
Port designations: http://www.chebucto.ns.ca/~rakerman/port-table.html
Firewall Forensics FAQ (What am I seeing?): http://www.robertgraham.com/pubs/firewall-seen.html
Linux Firewall and Security Site: http://www.linux-firewall-tools.com/linux/
Auditing Your Firewall Setup (old, still usefull), : http://www.enteract.com/~lspitz/audit.html
TLDP: Firewall Piercing mini-HOWTO: http://www.tldp.org/HOWTO/mini/Fire...rcing/x189.html
Something called the "Home PC Firewall Guide": http://www.firewallguide.com/
Vendor/Ethernet MAC Address Lookup: http://www.coffer.com/mac_find/
Netfilter Iptabes/Ipchains Log Format: http://logi.cc/linux/netfilter-log-format.php3
Dshield (find out if IP was marked as used in attacks): http://www1.dshield.org/ipinfo.php
Port search (Snort): http://www.snort.org/ports.html
Neohapsis Port search: http://www.neohapsis.com/neolabs/neo-ports/
P2P ports (IPMasq): http://www.tsmservices.com/masq/cfm/main.cfm
Is "Stealth" important?: http://www.practicallynetworked.com...net.htm#Stealth
Infosyssec's Firewall Security and the Internet (badly updated site): http://www.infosyssec.net/infosyssec/firew1.htm

DoS info
SANS, Help Defeat Denial of Service Attacks: Step-by-Step: http://www.sans.org/dosstep/index.htm
SANS, ICMP Attacks Illustrated: http://rr.sans.org/threats/ICMP_attacks.php
CERT, Denial of Service Attacks: http://www.cert.org/tech_tips/denial_of_service.html
NWC, Fireproofing Against DoS Attacks (forms of): http://www.nwc.com/1225/1225f38.html

DDoS info
SANS, Consensus Roadmap for Defeating Distributed Denial of Service Attacks: http://www.sans.org/ddos_roadmap.htm
SANS, Spoofed IP Address Distributed Denial of Service Attacks: Defense-in-Depth: http://rr.sans.org/threats/spoofed.php
SANS, Understanding DDOS Attack, Tools and Free Anti-tools with Recommendation: http://rr.sans.org/threats/understa...anding_ddos.php
Juniper.net, Minimizing the Effects of DoS Attacks: http://arachne3.juniper.net/techcen...ote/350001.html
CISCO, Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks: http://www.cisco.com/warp/public/707/newsflash.html
Dave Dittrich's references: http://staff.washington.edu/dittrich/misc/ddos/
Xinetd Sensors: http://www.gate.net/~ddata/xinetd-sensors.html
Xinetd FAQ: http://synack.net/xinetd/faq.html

Post 3

Note: vulnerability checking: CIS, SATAN, COPS, Tiger

FAQ: Network Intrusion Detection Systems: http://www.robertgraham.com/pubs/ne...-detection.html
Sniffin' the Ether v2.0: http://www.unixgeeks.org/security/n...er/sniffer.html
Lotek sniffing docs: http://www.l0t3k.org/security/documents/sniffing/
Defeating Sniffers and Intrusion Detection Systems, Phrack, http://www.phrack.org/show.php?p=54&a=10

The IDS acronym game:

IDS: Intrusion Detection System refers to an application able to examine traffic for attributes and properties that mark "benign", suspicious, restricted, forbidden or outright hostile activities.

NIDS: Network IDS refers to Intrusion Detection, like running "sensors" on various sentry or sniffer hosts while logging and/or logprocessing and alerting is done on a central host (many-to-one topology).
NIDS examples are:
Snort: http://www.snort.org/
Shoki: http://shoki.sourceforge.net/
Prelude: http://www.prelude-ids.org/
Firestorm: http://www.scaramanga.co.uk/firestorm/
Panoptis (DoS, DDoS only):
Defenseworx:
SHADOW:
Pakemon:
Some commercial/non OSS examples: Demarc PureSecure, Cisco Secure IDS (NetRanger), ISS Real Secure, Axent Net Prowler, Recourse ManHunt, NFR Network Flight Recorder, NAI CyberCop Network, Enterasys Dragon and Okena Stormfront/Stormwatch.
Snort also is available commercially these days.

HIDS: Host-based IDS. The HIDS acronym itself is subject to flamewars.
IDS examples are Snort, Shoki, Prelude, Defenseworx, Pakemon, Firestorm and Panoptis (DoS, DDoS only).

IPS: Intrusion Protection System. Passive or active (learning, like the heuristics stuff?) enforcement of rules at the application, system or access level. I suppose we're looking at stuff like Grsecurity, Solar Designer's Open Wall, LIDS, LOMAC, RSBAC, Linux trustees, Linux Extended Attributes or Systrace here.
Commercial/non OSS examples: Entercept, ISS RealSecure, Axent Intruder Alert Manager, Enterasys' Dragon, Tripwire, Okena and CA's eTrust.
Docs:
Intrusion Detection FAQ (SANS, handling ID in general): http://www.sans.org/resources/idfaq/index.php
Basic File Integrity Checking (with Aide): http://online.securityfocus.com/infocus/1408
www.networkintrusion.co.uk (IDS, NIDS, File Integrity Checkers)


Snort basics:
Using Snort as an IDS and Network Monitor in Linux (SANS): http://www.sans.org/rr/intrusion/monitor.php
Snort: IDS Installation with Mandrake 8.2, Snort, Webmin, Roxen Webserver, ACID, MySQL: http://www.linux-tip.net/workshop/i...t/ids-snort.htm
ArachNIDS (Snort/Dragon/Defenseworx/Pakemon/Shoki rule, research and info library): http://whitehats.com/ids/
Intrusion Detection and Network Auditing on the Internet: http://www.infosyssec.net/infosyssec/intdet1.htm
Snort Stealth Sniffer: Paranoid Penguin: Stealthful Sniffing, Intrusion Detection and Logging: http://www.linuxjournal.com/article.php?sid=6222

Dropping Packets with Snort:
Why not to use Snort's "flexresp": http://www.mcabee.org/lists/snort-u...3/msg00379.html
Snortsam: http://www.snortsam.net
Hogwash: http://hogwash.sourceforge.net
Snort-inline: http://www.snort.org/dl/contrib/pat...nort-inline.tgz

Snort management, log reporting and analysis:
SnortCenter: http://users.pandora.be/larc
Snort Unified Logging: Barnyard: (Sourceforge)
Snort Unified Logging: Logtopcap
Analysis Console for Intrusion Databases (ACID): http://acidlab.sourceforge.net/
HOWTO Build Snort with ACID: http://www.sfhn.net/whites/snortacid.htm
ACID HOWTO: http://www.andrew.cmu.edu/~rdanyliw.../snortacid.html
ACID FAQ: http://www.andrew.cmu.edu/~rdanyliw/snort/acid_faq.html
SPADE, Snortsnarf: http://www.silicondefense.com
Enabling Automated Detection of Security Events that affect Multiple Administrative Domains: http://www.incident.org/thesis/book1.html

Snort vs Abacus Portsentry:
Snort and PortSentry compared: http://www.linux.ie/articles/portse...ortcompared.php

Comparison of IDSs ( NFR NID, Snort, INBOUNDS, SHADOW, Dragon, Tripwire): http://zen.ece.ohiou.edu/~nagendra/compids.html

Snort help, mailinglist (archives), honeypots:
Snort: Database support FAQ: http://www.incident.org/snortdb/
Snort mailinglists, Aims: http://marc.theaimsgroup.com/
Snort IDS forum at Whitehats.com: http://whitehats.com/cgi/forum/mess...i?bbs=forum&f=4
Baby steps with a honeypot: http://www.lucidic.net/whitepapers/mcooper-4-2002.html
Honeypot & Intrusion Detection Resources: http://www.honeypots.net/
The TCP Flags Playground (Mailinglist, Neohapsis): http://archives.neohapsis.com/archi...00-03/0386.html

Sniffing (network wiretap, sniffer) FAQ: http://www.robertgraham.com/pubs/sniffing-faq.html
Apps, network monitoring (index): http://www.mirrors.wiretapped.net/s...ing-README.txt.

An Analysis of a Compromised Honeypot (Snort+Ethereal): http://www.securityfocus.com/infocus/1676
To add: Firestorm NIDS, Barnyard, Mudpit, Snort GUI's, add-ons etc etc.

File Integrity Detection Systems
Checking a filesystem's contents against one or more checksums to determine if a file (remember anything essentially is a file on a Linux FS) has been changed.
Examples are:
Aide: http://www.cs.tut.fi/~rammer/aide.html
(see also ICU http://www.algonet.se/~nitzer/ICU/)
Samhain: http://la-samhna.de/samhain/
Osiris: http://osiris.shmoo.com/
Nabou: http://www.daemon.de/en/software/nabou/
Sentinel: http://zurk.sourceforge.net/zfile.html
Viper(DB): http://panorama.sth.ac.at/viperdb/
Integrit: http://integrit.sourceforge.net/
Tripwire.
Commercial/non OSS examples: Versioner, GFI LANguard System Integrity Monitor, Ionx's Data Sentinel, Tripwire for Servers and Pedestal Software Intact.


File Integrity (SecurityFocus, tools list): http://www.securityfocus.com/tools/category/7

Post 4

Chroot Jails Made Easy with the Jail Chroot Project: http://www.linuxorbit.com/modules.p...tpage&artid=538

Apache, PHP, MySQL: http://www.faqts.com/knowledge_base.../aid/290/fid/31
SendMail: http://www.sendmail.net/000705securitygeneral.shtml
SendMail: http://www.linuxjournal.com/article.php?sid=5753
Snort: http://www.norz.org/software/snortstart.html

OpenSSH for chrooted sessions on Linux: http://mail.incredimail.com/howto/openssh/
http://chrootssh.sourceforge.net
OpenSSH, Scponly: http://www.sublimation.org/scponly/
Using scponly for secure file transfers: http://www.sancho2k.net/filemgmt_da...es/scponly.html
OpenSSH, Rssh: http://pizzashack.org/rssh/
OpenSSH Sftp logging patch, contact Mike Martinez: mmartinez@reeusda.gov

How to chroot an Apache tree with Linux and Solaris: http://penguin.epfl.ch/chroot.html
An Overview of 'chroot jailing' Services in Linux: http://www.incidents.org/protect/borland.php
How to break out of a chroot() jail: http://www.bpfh.net/simes/computing/chroot-break.html
Breaking out of a restricted shell: http://online.securityfocus.com/infocus/1575, down at "Breaking Out of Various Restrictions"
Tech-Babble: Virtual Server Myth: http://www.pair.com/pair/current/in...tualserver.html
0x05: Why chroot(2) Sucks: http://packetstormsecurity.nl/mag/napalm/napalm-12.txt
Chuvakin A.,: http://www.linuxsecurity.com/featur...e_story-99.html
Chrooting daemons and system processes HOW-TO: http://www.networkdweebs.com/chroot.html

Other SW/HOWTO's unsorted
http://www.gsyc.inf.uc3m.es/~assman/jail
http://www.opensourcedirectory.org/projects/jailchootp/
http://people.debian.org/~pzn/howto/chroot-bind.sh.txt
http://www.linuxdocs.org/HOWTOs/Chroot-BIND-HOWTO.html
http://www.linuxdoc.org/HOWTO/Chroot-BIND8-HOWTO.html
http://www.linuxsecurity.com/docs/H...ND-HOWTO-4.html
http://www.enteract.com/~robt/Docs/...il-freebsd.html for BIND
http://hoohoo.ncsa.uiuc.edu/docs/tu...ot-example.html
http://penguin.epfl.ch/chroot.html
http://tjw.org/chroot-login-HOWTO/
http://www.ssh.com/products/ssh/adm...chrootmgr_.html
http://rr.sans.org/linux/daemons.php
http://www.defcon1.org/html/Securit...ot-enforce.html
http://www.gnumonks.org/ftp/pub/net...root-howto.html
http://www.sunbeam.franken.de/proje...root-howto.html
http://www.mlug.ca/sklav/stories/November_issue2001
http://www.floc.net/makejail/
http://www.balabit.hu/downloads/jailer

Post 5

Forensics HOWTO's, docs
Steps for Recovering from a UNIX or NT System Compromise: http://www.cert.org/tech_tips/root_compromise.html
Open Web Application Security Project (OWASP): http://www.owasp.org/
OSSTM: Institute for Security and Open Methodologies (formerly ideahamster.org): http://www.isecom.org/projects/osstmm.htm
Forensics Basic Steps: http://staff.washington.edu/dittrich/misc/forensics/ or http://staff.washington.edu/dittric.../forensics.html
Dd and netcat cloning disks: http://www.rajeevnet.com/hacks_hint...os_cloning.html
Security Applications of Bootable Linux CD-ROMs: http://rr.sans.org/linux/sec_apps.php
Honeypot project (Hone your skills with the SOM): http://project.honeynet.org/scans/
RH8.0: Chapter 11. Incident Response (Red Hat Linux Security Guide): http://www.redhat.com/docs/manuals/...nse-invest.html
Forensics and Incident Response Resources: http://is-it-true.org/pt/ptips8.shtml
Forensics presentation by Weld Pond and Tan: http://www.cs.neu.edu/groups/acm/lectures/Forensics_NU/
Law Enforcement and Forensics Links.: http://www.computerforensics.net/links.htm
Forensics commercial svc's: http://forensic.to/links/pages/Fore..._Investigation/

Forensics tools
OSSTM Tools listing: http://www.isecom.org/projects/operationaltools.htm
The Coroners Toolkit (TCT): http://www.porcupine.org/forensics/ or http://www.fish.com/forensics/
FIRE (Forensics CD, formerly Biatchux): http://biatchux.dmzs.com/?section=main
tomsrtbt (1 floppy distro): http://www.toms.net/rb/
Trinux, (Pentest/sniff/scan/recovery/IDS/forensics CD): http://www.trinux.org/
Snarl (Forensics CD based on FreeBSD): http://snarl.eecue.com
Freeware Forensics Tools for Unix: http://online.securityfocus.com/infocus/1503
The @stake Sleuth Kit (TASK): http://sleuthkit.sourceforge.net/
Tools used by CSIRTs to Collect Incident Data/Evidence, Investigate and Track Incidents (list): http://www.uazone.org/demch/analysis/sec-inchtools.html
Freeware Forensics Tools (reflist, Linux w32).: http://www.theiia.org/itaudit/index...n=forum&fid=325
TUCOFS - The Ultimate Collection of Forensic Software, : http://www.tucofs.com/tucofs/tucofs.asp?mode=mainmenu
Response kits (precompiled static binaries for Linux, Slowaris and wintendo): http://www.incident-response.org/irtoolkits.htm
Forensic Acquisition Utilities for w32: http://users.erols.com/gmgarner/forensics/
CREED (Cisco Router Evidence Extraction Disk),: http://cybercrime.kennesaw.edu/creed/
...else check Zone-h.org, Packetstorm, Wiretapped.net, whatever.

Undelete HOWTO's
Recovering a Lost Partition Table: http://tsaling.home.attbi.com/linux/lost_partition.html
Linux Partition HOWTO: http://surfer.nmr.mgh.harvard.edu/p.../Partition.html
How to recover lost partitions: http://cvs.sslug.dk/hdmaint/hdm_rescue.html
Linux Ext2fs Undeletion mini-HOWTO: http://www.linuxdoc.org/HOWTO/mini/...Undeletion.html
Linux Partition Rescue mini-HOWTO: http://www.linux-france.org/article...mini-HOWTO.html

Rescue tools for partition table/ext2fs
Gpart: http://www.stud.uni-hannover.de/user/76201/gpart/
Testdisk: http://www.cgsecurity.org/index.html
Parted: http://www.gnu.org/software/parted/parted.html
Recover (app + info): http://recover.sourceforge.net/linux/recover/
R-Linux: http://www.r-tt.com/RLinux.shtml
Unrm: http://www.securiteam.com/tools/Unr..._for_Linux.html
Also see mc (the Midnight Commander)
TCT (above).

Rescue tools from dd image
Foremost: http://sourceforge.net/projects/foremost/

Rescue tools for FAT/VFAT/FAT32 from Linux
Fatback: http://sourceforge.net/projects/biatchux/

Partition imaging
: http://www.partimage.orgPartimage.
* For more rescue tools check Freshmeat.net, metalab.unc.edu or other depots for a /Linux/system/recovery/ dir.

منبع (http://www.serverexpert.com/forum/viewtopic.php?t=589)

Great Thanks
:thnx: :thnx:

:موفق: :flower:

OMID RULEZZZ ! :لبخند: