This
is CGI-Wrap - a gateway that allows more secure user access to CGI programs
on an HTTPd server than is provided by the http server itself. The primary
function of CGIwrap is to make certain that any CGI script runs with
the permissions of the user who installed it, and not those of the server.
CGIwrap works with NCSA httpd, Apache, CERN httpd, NetSite Commerce
and Communications servers, and probably any other Unix based web server
software that supports CGI.
Download:
http://cgiwrap.unixtools.org/
Chrootuid
makes it easy to run a network service at low privilege level and with
restricted file system access.
Download:
ftp://ftp.porcupine.org/pub/security/
Drawbridge
is a bridging IP filter package that runs on an IBM PC equiped with
two ethernet interfaces.
Download:
http://www.net.tamu.edu/ftp/security/TAMU/drawbridge-archive/
The
program fix-modes runs on Solaris 2.4 and 2.5 and changes system file
and directory permissions. The new permissions make it harder for non-root
users to become root, and for non-root users to modify system files.
Download:
http://www.sun.com/blueprints/tools/FixModes_license.html
Ipacl is
a SYSV.4 streams module that implements packet filtering within the
kernel.
Download:
http://www.ja.net/CERT/Software/ipacl/
An ident
utility.
Download:
ftp://ftp.cerias.purdue.edu/pub/tools/unix/logutils/klaxon
This
kit builds a DES encryption library and a DES encryption program. It
supports ecb, cbc, ofb, cfb, triple ecb, triple cbc, triple ofb, triple
cfb, and MIT's pcbc encryption modes and also has a fast implementation
of crypt(3). The routines are best compiled with gcc or any other good
optimising compiler (libdes.93-10-08 and libdes-3.14 will compile with
cc).
Download:
http://www.ja.net/CERT/Software/des/
lsof lists
open files for running Unix processes.
Download:
ftp://vic.cc.purdue.edu/pub/tools/unix/lsof/
Merlin
is a tool for managing and enhancing existing security tools. It provides
a graphical front-end to many popular tools, such as SPI, Tiger, COPS,
Crack, and Tripwire. Merlin makes these tools easier to use, while at
the same time extending their capabilities.
Download:
ftp://ciac.llnl.gov/pub/ciac/sectools/unix/merlin
MindTerm
is a pure java implementation of the SSH protocol. It also contains
a rather complete xterm/vt100 terminal package making it a fully fledged
SSH-client. It has FTP-tunneling and built-in SCP file-transfer as interesting
additional features.
Download:
http://www.appgate.com/ag.asp?template=products&level1=product_mindterm
NukeNabber
sets itself up to listen on TCP and UDP ports commonly attacked over
the internet. A total of 50 ports can be monitored simultaneously. ICMP
dest_unreach attacks are now logged. It is designed to give you the
information you need in order to trace an attacker including a method
of finding an attacker's nickname on IRC (mIRC, VIRC and PIRCH clients
are supported).
Download:
http://www.dynamsol.com/puppet/nukenabber.html
Portable
ident daemon.
Download:
http://www2.lysator.liu.se/~pen/pidentd/
PGP
is a program that encrypts files, therefore protecting the privacy of
electronic mail and files in your computer. It can also be used as a
tamper-proof digital signature system to verify if the files or electronic
mail messages have not been modified.
Download:
http://www.pgpi.org/
Replacement
portmapper with access control. Makes it somewhat harder to attack your
RPC daemons, for example to steal YP password maps or NFS file handles.
Download:
ftp://ftp.porcupine.org/pub/security/portmap_4.tar.gz
This
is a replacement portmap program. It provides access control is in the
style of the tcp wrapper (log_tcp) package. This portmapper provides
a simple mechanism to discourage access to the NIS (YP), NFS, and other
services.
Download:
ftp://ftp.porcupine.org/pub/security/
An advanced
finger daemon.
Download:
http://www.ja.net/CERT/Software/rfingerd/
This
is an rpcbind replacement with tcp wrapper style access control. It
provides a simple mechanism to discourage remote access to the NIS (YP),
NFS, and other rpc services.
Download:
ftp://ftp.porcupine.org/pub/security/
Securelib
protects your RPC daemons against access from arbitrary systems. These
replacement routines for three kernel calls: accept, recvfrom, and recvmsg
are compatible with the originals, with the additional functionality
that they check the Internet address of the machine initiating the connection
to make sure that it is "allowed" to connect.
Download:
http://www.ja.net/CERT/Software/securelib/
The
sendmail program by Eric Allman. This version is a successor to the
version described in the sendmail book from O'Reilly and Associates,
and is much newer than the versions shipped by most UNIX vendors. In
addition to a number of improvements and bug fixes, this version has
all known sendmail security holes fixed. It is likely that this version
of sendmail is more secure than the versions shipped by any UNIX vendor.
Download:
http://www.sendmail.org/
SFS (Secure
File System) is a disk encryption system for MSDOS.
Download:
http://www.cs.auckland.ac.nz/~pgut001/sfs/
sftp
(secure ftp) is an ftp replacement that runs over an ssh tunnel. Two
programs are included - sftp and sftpserv. When sftp is run and a host
is connected to (either by running 'sftp remotehost' or 'open remotehost'
from the sftp prompt), an ssh connection is initiated to the remote
host, and sftpserv is run. So, sftpserv must be in your path on the
remote host. Note that since sftpserv is run from ssh, no root privileges
are necessary.
Download:
http://www.xbill.org/sftp/download/
smrsh
(sendmail restricted shell) is a restricted shell utility that provides
the ability to specify, through a configuration, an explicit list of
executable programs. When used in conjunction with sendmail, smrsh effectively
limits sendmail's scope of program execution to only those programs
specified in smrsh's configuration.
Download:
ftp://ftp.uu.net/pub/security/smrsh/
SNP(Secure
Network Protocol) System, is a system which provides a secure communication
over an open network. All data transmissions are encrypted in DES algorithm
guaranteeing that the password and contents of the session are private.
The SNP system supports the Internet services, telnet, ftp,and rlogin.
Download:
ftp://ftp.csie.nctu.edu.tw/pub/CSIE/snp/
Ssh
(Secure Shell) is a program to log into another computer over a network,
to execute commands in a remote machine, and to move files from one
machine to another. It provides strong authentication and secure communications
over insecure channels. ssh supports the Internet services rlogin, rsh
and rcp.
Download:
http://www.ssh.com/products/ssh/download.cfm
Secure
Shell is the secure login program that has changed remote management
of networks hosts over the Internet. It is a powerful, yet easy-to-use
application that uses strong cryptography for protecting all transmitted
confidential data, including passwords, binary files, and administrative
commands.
Download:
http://www.ssh.fi/sshprotocols2/
Trimlog
(by David A. Curry) is used to trim system log files to keep them from
growing without bound. It reads commands from a configuration file and
determines which files to trim, how to trim them, and by how much they
should be trimmed.
Download:
http://www.ja.net/CERT/Software/trimlog/
On
most machines, UFC-crypt runs 30-60 times faster than crypt(3) when
invoked repeated times with the same salt and varying passwords. With
alternating salts, performance is only about twice that of crypt(3).
Download:
ftp://ftp.uu.net/usenet/comp.sources.misc/volume28/ufc-crypt
|
