I was wanting to get some recomendations on what tools to get to help find vulnerabilities in Red Hat boxes. What does everyone else use to test the security of their servers?

Also what are some of the more popular tools hackers are using to get in these days?

A good tool to use for securing your RH box, using the firewall (ipchains) that comes with RH (called iptables in RH 7.x).

To test your box, use nmap. It should be found on the powertools cd that comes with RH...I want to say RH 6.x and above will have the program. I know RH 7.x does.
Or it can be found here:
http://www.insecure.org/nmap/

This program is used to see what ports you have open, and to any extent to see what services you are running. Less services you have running, the more security. A situation where less is more.

What are the popular tools used to break into servers?...Well, pretty much the same tools that are used to test the security of a server are also used to break into a server. That simple.

Again, there are many things you can easily configure on your RH system to make it secure. From editing the hosts.deny file to read ALL:ALL to making your box 'invisible' to online scanning (by filtering out all traffic, including ICMP by using your ipchains). Can't hack what they can't find.

And what I feel as being the MOST IMPORTANT method of securing your RH server.....APPLY UPDATES AS SOON AS POSSIBLE. Which means you must check in with RH (on their web site) from time to time to see if there are any security software updates/patches or updates to any known vulnerabilites/bugs that may lead to a compromise of your system.
If you decide not to APPLY UPDATES or you ARE TOO LAZY then FORGET about a secure server. That simple, end of story, EOF.

Lilac Echo
http://www.wbglinks.net

SATAN (Security Administrator Tool for Analyzing Networks): http://www.fish.com/satan/

I use Nessus .. http://www.nessus.org .

I don't know if anyone here ever use nessus before, but I think it's awesome. It gives you informations like what port is open, what kind of vunerability, and how to patch it up, for each open port in the system you scanned.

nmap + telnet for remote auditing.
find for local auditing.

The canned tools like Satan, Nessus, Vetes Scan, etc, all fall behind the latest vulnerabilities at some point.
Updates, are of course, critical to keeping any system secure. However, you only really need to maintain the services you provide.
A functional hosting machine only needs one or two suid root binaries on the system, /bin/passwd, /bin/su - Nothing else is critical. So assuming all of your remote services are up to date, and the suid bit is removed from almost all suid root binaries, you don't generally have too much to worry about.
If you're using Bind, MAKE SURE it's chrooted, running as it's own user and up to date. If you're using wuftpd, STOP. Get something like ProFTPD or the OpenBSD FTPD.
/bin/su should also be stored in administrative users' home directories, instead of /bin.
You should have atleast a limited firewall ruleset, unless you have a valid reason for not requiring one.
Shell access should be restricted to those users who actually need it, and can explain why they need it.

Hmm, I'm missing a lot, but I can't think right now. :)

Regards,
Vince.

Nessus is great. Nessus is one of the most comprehensive exploit scanners and its client/server model allows you to scan all of your machines from one dedicated machine. Nessus is used by many script-kiddies and other hackers, so if Nessus cannot find anything, many hackers will move on.

I know a couple of people on the blackhat side of things; often they run simple portscanners and exploit tools -- if they get a hit, they turn to nessus for further probing.

Be careful though, do not run nessus on a mission critical server. Nessus can crash a target machine if the "dangerous" plugins are turned on.

I also use logcheck to look for any odd log activity. Another good tool for RH boxes is bastille-linux -- this is a nice hardening script that will walk you through many security issues.