Audit Tools

Looking for simple tools for audit your linux system security and configuration? you may try Lynis free at no cost.

Download: http://www.rootkit.nl/projects/lynis.html

Lynis is an auditing tool for Unix (specialists). It scans the system configuration and creates an overview of system information and security issues usable by professional auditors.

This software aims in assisting automated auditing of Unix based systems and can be used in addition to other software, like security scanners, system benchmarking and fine tuning tools.

Download WinPatrol 15.5.2008, 710KB, System Optimization tools (Free to try )

Clean up your Taskbar, ActiveX and Startup programs. WinPatrol monitors and exposes adware, keyloggers, spyware, worms, cookies, and other malicious software. This program puts you back in control of your computer with no need for constant updates. WinPatrol's goal is to help you better understand what programs are running on your computer and to alert you to any new programs added without your permission. Unlike traditional security programs, WinPatrol doesn't scan your hard drive searching for

Security Task Manager displays detailed information about all running processes (applications, DLLs, BHOs, and services). For each process, it improves on Windows Task Manager, providing a security risk rating, a process description, file path, CPU usage graph, start time, embedded hidden functions (for example keyboard monitoring, autostart entry, and browser supervision or manipulation), and process type, such as visible window, systray program, DLL, and IE plug-in. The security risk rating indicates the likelihood of the process being potential spyware, malware, a Trojan, or keylogger. It also deletes traces of your Internet and computer activity, prevents keyboard input monitoring, and warns you when the registry is changed. This process viewer also recognizes stealth processes and virtual driver software hidden from the Windows Task Manager.

Everyone who has been working in audit firm or especially those working for data analytical stuff must be familiar with ACL (Audit Command Language) Audit Software. This software according to the Internal Auditor magazine is "the most widely used data extraction and analysis product" and "the most widely used product for fraud detection and prevention" used in audit profession. Of course, just ask your friend in Big 4 audit firm such PwC, EY, KPMG, Deloitte, they must have ACL installed in their laptop.

However, the price of ACL is quite expensive to be used for educational purpose or for government usage. Then the perfect alternative for this situation is Picalo. Why I said Picalo is perfect, it’s free, at no cost.

“…Picalo is currently being used by organizations like the World Bank to stop corruption in developing countries…”
http://www.picalo.org/

Free download Google open-source Web app security assessment tool from Google security team
quick download (tar.gz)
download page

A semi-automated, largely passive web application security audit tool, optimized for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex web 2.0 environments.

Detects and prioritizes broad classes of security problems, such as dynamic cross-site trust model considerations, script inclusion issues, content serving problems, insufficient XSRF and XSS defenses, and much more.

Ratproxy is currently believed to support Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments.