Pakistan Computer Emergency Response Team

The Security Standard


HOME | ABOUT US | SERVICES | ADVISORIES | RESOURCES | DEFACEMENT ARCHIVE | MEMBERS AREA | TRAINING | CONTACT US

Copyright | Disclaimer

 

 

 


 

RESOURCE TOOLS > OTHER TOOLS

CGI-Wrap

This is CGI-Wrap - a gateway that allows more secure user access to CGI programs on an HTTPd server than is provided by the http server itself. The primary function of CGIwrap is to make certain that any CGI script runs with the permissions of the user who installed it, and not those of the server. CGIwrap works with NCSA httpd, Apache, CERN httpd, NetSite Commerce and Communications servers, and probably any other Unix based web server software that supports CGI.

Download:
http://cgiwrap.unixtools.org/

chrootuid

Chrootuid makes it easy to run a network service at low privilege level and with restricted file system access.

Download:
ftp://ftp.porcupine.org/pub/security/

Drawbridge

Drawbridge is a bridging IP filter package that runs on an IBM PC equiped with two ethernet interfaces.

Download:
http://www.net.tamu.edu/ftp/security/TAMU/drawbridge-archive/

Fix-Modes

The program fix-modes runs on Solaris 2.4 and 2.5 and changes system file and directory permissions. The new permissions make it harder for non-root users to become root, and for non-root users to modify system files.

Download:
http://www.sun.com/blueprints/tools/FixModes_license.html

Ipacl

Ipacl is a SYSV.4 streams module that implements packet filtering within the kernel.

Download:
http://www.ja.net/CERT/Software/ipacl/

Klaxon

An ident utility.

Download:
ftp://ftp.cerias.purdue.edu/pub/tools/unix/logutils/klaxon

libdes

This kit builds a DES encryption library and a DES encryption program. It supports ecb, cbc, ofb, cfb, triple ecb, triple cbc, triple ofb, triple cfb, and MIT's pcbc encryption modes and also has a fast implementation of crypt(3). The routines are best compiled with gcc or any other good optimising compiler (libdes.93-10-08 and libdes-3.14 will compile with cc).

Download:
http://www.ja.net/CERT/Software/des/

lsof

lsof lists open files for running Unix processes.

Download:
ftp://vic.cc.purdue.edu/pub/tools/unix/lsof/

Merlin

Merlin is a tool for managing and enhancing existing security tools. It provides a graphical front-end to many popular tools, such as SPI, Tiger, COPS, Crack, and Tripwire. Merlin makes these tools easier to use, while at the same time extending their capabilities.

Download:
ftp://ciac.llnl.gov/pub/ciac/sectools/unix/merlin

MindTerm

MindTerm is a pure java implementation of the SSH protocol. It also contains a rather complete xterm/vt100 terminal package making it a fully fledged SSH-client. It has FTP-tunneling and built-in SCP file-transfer as interesting additional features.

Download:
http://www.appgate.com/ag.asp?template=products&level1=product_mindterm

NukeNabber

NukeNabber sets itself up to listen on TCP and UDP ports commonly attacked over the internet. A total of 50 ports can be monitored simultaneously. ICMP dest_unreach attacks are now logged. It is designed to give you the information you need in order to trace an attacker including a method of finding an attacker's nickname on IRC (mIRC, VIRC and PIRCH clients are supported).

Download:
http://www.dynamsol.com/puppet/nukenabber.html

pidentd

Portable ident daemon.

Download:
http://www2.lysator.liu.se/~pen/pidentd/

PGP

PGP is a program that encrypts files, therefore protecting the privacy of electronic mail and files in your computer. It can also be used as a tamper-proof digital signature system to verify if the files or electronic mail messages have not been modified.

Download:
http://www.pgpi.org/

portmap

Replacement portmapper with access control. Makes it somewhat harder to attack your RPC daemons, for example to steal YP password maps or NFS file handles.

Download:
ftp://ftp.porcupine.org/pub/security/portmap_4.tar.gz

portmapper

This is a replacement portmap program. It provides access control is in the style of the tcp wrapper (log_tcp) package. This portmapper provides a simple mechanism to discourage access to the NIS (YP), NFS, and other services.

Download:
ftp://ftp.porcupine.org/pub/security/

rfingerd

An advanced finger daemon.

Download:
http://www.ja.net/CERT/Software/rfingerd/

rpcbind

This is an rpcbind replacement with tcp wrapper style access control. It provides a simple mechanism to discourage remote access to the NIS (YP), NFS, and other rpc services.

Download:
ftp://ftp.porcupine.org/pub/security/

Securelib

Securelib protects your RPC daemons against access from arbitrary systems. These replacement routines for three kernel calls: accept, recvfrom, and recvmsg are compatible with the originals, with the additional functionality that they check the Internet address of the machine initiating the connection to make sure that it is "allowed" to connect.

Download:
http://www.ja.net/CERT/Software/securelib/

Sendmail

The sendmail program by Eric Allman. This version is a successor to the version described in the sendmail book from O'Reilly and Associates, and is much newer than the versions shipped by most UNIX vendors. In addition to a number of improvements and bug fixes, this version has all known sendmail security holes fixed. It is likely that this version of sendmail is more secure than the versions shipped by any UNIX vendor.

Download:
http://www.sendmail.org/

SFS

SFS (Secure File System) is a disk encryption system for MSDOS.

Download:
http://www.cs.auckland.ac.nz/~pgut001/sfs/

sftp (Secure FTP)

sftp (secure ftp) is an ftp replacement that runs over an ssh tunnel. Two programs are included - sftp and sftpserv. When sftp is run and a host is connected to (either by running 'sftp remotehost' or 'open remotehost' from the sftp prompt), an ssh connection is initiated to the remote host, and sftpserv is run. So, sftpserv must be in your path on the remote host. Note that since sftpserv is run from ssh, no root privileges are necessary.

Download:
http://www.xbill.org/sftp/download/

smrsh

smrsh (sendmail restricted shell) is a restricted shell utility that provides the ability to specify, through a configuration, an explicit list of executable programs. When used in conjunction with sendmail, smrsh effectively limits sendmail's scope of program execution to only those programs specified in smrsh's configuration.

Download:
ftp://ftp.uu.net/pub/security/smrsh/

SNP

SNP(Secure Network Protocol) System, is a system which provides a secure communication over an open network. All data transmissions are encrypted in DES algorithm guaranteeing that the password and contents of the session are private. The SNP system supports the Internet services, telnet, ftp,and rlogin.

Download:
ftp://ftp.csie.nctu.edu.tw/pub/CSIE/snp/

SSH

Ssh (Secure Shell) is a program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. It provides strong authentication and secure communications over insecure channels. ssh supports the Internet services rlogin, rsh and rcp.

Download:
http://www.ssh.com/products/ssh/download.cfm

SSH

Secure Shell is the secure login program that has changed remote management of networks hosts over the Internet. It is a powerful, yet easy-to-use application that uses strong cryptography for protecting all transmitted confidential data, including passwords, binary files, and administrative commands.

Download:
http://www.ssh.fi/sshprotocols2/

Trimlog

Trimlog (by David A. Curry) is used to trim system log files to keep them from growing without bound. It reads commands from a configuration file and determines which files to trim, how to trim them, and by how much they should be trimmed.

Download:
http://www.ja.net/CERT/Software/trimlog/

Ultra Fast Crypt

On most machines, UFC-crypt runs 30-60 times faster than crypt(3) when invoked repeated times with the same salt and varying passwords. With alternating salts, performance is only about twice that of crypt(3).

Download:
ftp://ftp.uu.net/usenet/comp.sources.misc/volume28/ufc-crypt

All rights reserved. Copyright© PakCERT 2000-2017