[ Search ] [ What's New? ] [ About ] [ Bugs ] [ Misc ] [ Mailing Lists ] [ Newgroups ] [ NewsWire ] [ Papers ] [ People ] [ Pictures ] [ Publications ] [ Responce Teams ] [ Tools ] [ Upcoming Events ] [ Web Sites ] Substitute Tools Title: bsd-tftp Authors: University of California Abstract: A hacked copy of the BSD 4.3tahoe tftpd program. Title: fingerd v1.2 Authors: Mike Shanzer Abstract: A fingerd that offers: logging, access control lists so you can restrict finger requests to certain hosts (and certain users if you trust ident), a message of the day file, and binding programs to certain users. Title: logdaemon v4.6 Authors: Wietse Venema Abstract: This archive contains the result of years of gradual transformations on BSD source. (1) rsh and rlogin daemons that log the remote user name and perform logging and access control in tcp/ip daemon wrapper style. (2) ftpd, rexecd and login software with fascist login failure logging and with support for optional S/Key onetime passwords. Title: mail.local Authors: Eric Allman Abstract: mail.local is a replacement for them /bin/mail program. It is only a delivery agent for sendmail and does not have a user interface. Title: msystem.tar.Z Authors: Matt Bishop Abstract: The file msystem.c contains a version of system(3), popen(3), and pclose(3) that provide considerably more security than the standard C functions. They are named msystem, mpopen, and mpclose, respectively. While the author does not guarantee them to be PERFECTLY secure, they do constrain the environment of the child quite tightly, tightly enough to close the obvious holes. Title: passwdd v1.2 Authors: Anders Ellefsrud Abstract: This package consists of two parts. One server based passwd/chsh/chfn replacement, and a server based /etc/group editor which gives each and every user the ability to privately manage one group on his own. Title: patchsym Authors: der Mouse Abstract: Drop in code for SunOs 4.1.x systems to make it more difficult to guess sequence numbers and spoof packets. It treats tcp_iss as a CRC accumulator into which it hashes every IP output packet. Title: permissions Authors: deraadt@cpsc.ucalgary.ca Abstract: In a basic BSD environment only three utilities let people onto a machine: login, rshd, and ftpd. The programs are modified to check a YP map called 'permissions' which determines wheter a person is allowed to login. Control over login is given based on four parameters: hostname, ttyname, login nad groups. Title: portmapper v3 Authors: Wietse Venema Abstract: Replacement portmapper with access control in the style of the tcp wrapper (log_tcp) package and a handfull of other enhancements Title: rfingerd Authors: jseng@technet.sg Abstract: Perl finger deamon with additional logging. It logs information like who is at the other end of the connection (via rfc931), who does he/she finger and any other information which is sent through the finger port. Its programmed to deny chain fingering, and stop immediatly if it detects special symbols in the input stream. It can be easily modified to filter out information, deny fingering of certain person, deny fingering from certain host, filter finger information, etc without the trouble of recompiling since it is written in perl. Title: rpcbind v1.1 Authors: Wietse Venema Abstract: This is an rpcbind replacement with tcp wrapper style access control. It provides a simple mechanism to discurage remote access to the NIS (YP), NFS, and other rpc services. Title: securelib Authors: William LeFebvre Abstract: This package contains replacement routines for these three kernel calls: accept, recvfrom, recvmsg. These replacements are compatible with the originals, with the additional functionality that they check the Internet address of the machine initiating the connection to make sure that it is "allowed" to connect. Title: sfingerd v1.8 Authors: Laurent Demailly Abstract: sfingerd is a secure replacement for the standard unix finger deamon. The goal is to have the smallest and safest code. Title: smrsh Authors: Eric Allman Abstract: smrsh is a restricted shell utility that provides the ability to specify, through a configuration, an explicit list of executable programs. When used in conjunction with sendmail, smrsh effectively limits sendmail's scope of program execution to only those programs specified in smrsh's configuration. Title: surrogate-syslog Authors: Wietse Venema Abstract: For systems that have no syslog library. This version logs directly to a file (default /usr/spool/mqueue/syslog). The fake syslog that comes with nntp seems to be OK, too. Title: tftpd Authors: Scott M. Ballew Abstract: This version of ftpd is a hacked version from the 4.3 Reno tftpd.The features are chroot() to a restricted directory, syslog() all accesses (and failures) to include the accessor, the file, and the access type (read or write) even when chroot() was in effect, and have the ability to control which files or subdirectories of the tftp directory were accessible to which clients based on the incoming IP address. Title: yppapasswd v1.0 Authors: Matthew Scott Abstract: yppapasswd is designed to do proactive password checking based upon the passwd program given in the O'Reilly book on perl (ISBN 093717564-1). This program has a subrutine called 'goodenough' that can easily be extended to perform any type of password checks that you feel are becessary, that aren't already being done. yppapasswd extends this program to be used with NIS. To accomplish this there is a demon, yppapasswdd that runs on the NIS master in replacement of yppasswdd. yppapasswd uspports f and s options that change finger and shell information. This also woirks across the NIs domain so that you do not have to be on the NIS master server to change your password info. Aleph One / aleph1@underground.org Copyright © 1996 Computer Underground Society. All rights reserved.