Synth is a custom packge repository builder for FreeBSD and DragonFly.
It is intended to replace Portmaster, portupgrade, and poudriere for
the average user. It is simple to learn (the powerful options are
limited in number) and user-friendly, but it is extremely fast due
to its parallel building capability. It will "drop-in" on any system
as it leverages the stock pkg(8) facilities. All ports are built
in a clean environment, so it is finally safe to build ports as
needed on a live system. The default profile is the system itself, not
a new jail, which can be a valuable feature for some environments.
To bring a system up-to-date only requires one command after the ports
tree is updated:
> synth upgrade-system
During the building process, a curses-based display will show the status
of all the builders and the entire bulk run process. Synth is intended
to be grasped and utilized by novice users within minutes, but offers
most of the same powerful features as Poudriere for the power users.
Synth requires no preparation; it works immediately upon installation.
Tinderbox is a package building system for FreeBSD ports, based on
official Portbuild scripts used on pointyhat building cluster.
Tinderbox was written by Joe Marcus Clarke.
You can define multiple jails (base system versions) and multiple
portstrees. The combination of jail and portstree is called a build.
A Tinderbox jail is not what is understood as a jail in FreeBSD,
it is in fact a given world in a chroot. Tinderbox supports automatic
tracking of dependencies and only rebuilds packages that changed
since last run. Tinderbox has support for email notification of
failed builds. Tinderbox also integrates well with ccache.
Tinderbox is designed to easily provide package sets of ports you
need, for platforms and architectures you need. Tinderbox is also
excellent tool for testing new ports and port upgrades, especially
for testing dependencies and packing lists. It's also useful for
testing ports on various releases of FreeBSD, since you can run
FreeBSD 6.X world as a jail on FreeBSD 7.X/8.X host.
Kerberos V5 is an authentication system developed at MIT.
Abridged from the User Guide:
Under Kerberos, a client sends a request for a ticket to the
Key Distribution Center (KDC). The KDC creates a ticket-granting
ticket (TGT) for the client, encrypts it using the client's
password as the key, and sends the encrypted TGT back to the
client. The client then attempts to decrypt the TGT, using
its password. If the client successfully decrypts the TGT, it
keeps the decrypted TGT, which indicates proof of the client's
identity. The TGT permits the client to obtain additional tickets,
which give permission for specific services.
Since Kerberos negotiates authenticated, and optionally encrypted,
communications between two points anywhere on the internet, it
provides a layer of security that is not dependent on which side of a
firewall either client is on.
The Kerberos V5 package is designed to be easy to use. Most of the
commands are nearly identical to UNIX network programs you are already
used to. Kerberos V5 is a single-sign-on system, which means that you
have to type your password only once per session, and Kerberos does
the authenticating and encrypting transparently.
Jacques Vidrine <n@nectar.com>
Kerberos V5 is an authentication system developed at MIT.
This package/port contains the applications which used to be in the
MIT Kerberos distribution.
Abridged from the User Guide:
Under Kerberos, a client sends a request for a ticket to the
Key Distribution Center (KDC). The KDC creates a ticket-granting
ticket (TGT) for the client, encrypts it using the client's
password as the key, and sends the encrypted TGT back to the
client. The client then attempts to decrypt the TGT, using
its password. If the client successfully decrypts the TGT, it
keeps the decrypted TGT, which indicates proof of the client's
identity. The TGT permits the client to obtain additional tickets,
which give permission for specific services.
Since Kerberos negotiates authenticated, and optionally encrypted,
communications between two points anywhere on the internet, it
provides a layer of security that is not dependent on which side of a
firewall either client is on.
The Kerberos V5 package is designed to be easy to use. Most of the
commands are nearly identical to UNIX network programs you are already
used to. Kerberos V5 is a single-sign-on system, which means that you
have to type your password only once per session, and Kerberos does
the authenticating and encrypting transparently.
Jacques Vidrine <n@nectar.com>
Kerberos V5 is an authentication system developed at MIT.
Abridged from the User Guide:
Under Kerberos, a client sends a request for a ticket to the
Key Distribution Center (KDC). The KDC creates a ticket-granting
ticket (TGT) for the client, encrypts it using the client's
password as the key, and sends the encrypted TGT back to the
client. The client then attempts to decrypt the TGT, using
its password. If the client successfully decrypts the TGT, it
keeps the decrypted TGT, which indicates proof of the client's
identity. The TGT permits the client to obtain additional tickets,
which give permission for specific services.
Since Kerberos negotiates authenticated, and optionally encrypted,
communications between two points anywhere on the internet, it
provides a layer of security that is not dependent on which side of a
firewall either client is on.
The Kerberos V5 package is designed to be easy to use. Most of the
commands are nearly identical to UNIX network programs you are already
used to. Kerberos V5 is a single-sign-on system, which means that you
have to type your password only once per session, and Kerberos does
the authenticating and encrypting transparently.
Jacques Vidrine <n@nectar.com>
Kerberos V5 is an authentication system developed at MIT.
Abridged from the User Guide:
Under Kerberos, a client sends a request for a ticket to the
Key Distribution Center (KDC). The KDC creates a ticket-granting
ticket (TGT) for the client, encrypts it using the client's
password as the key, and sends the encrypted TGT back to the
client. The client then attempts to decrypt the TGT, using
its password. If the client successfully decrypts the TGT, it
keeps the decrypted TGT, which indicates proof of the client's
identity. The TGT permits the client to obtain additional tickets,
which give permission for specific services.
Since Kerberos negotiates authenticated, and optionally encrypted,
communications between two points anywhere on the internet, it
provides a layer of security that is not dependent on which side of a
firewall either client is on.
The Kerberos V5 package is designed to be easy to use. Most of the
commands are nearly identical to UNIX network programs you are already
used to. Kerberos V5 is a single-sign-on system, which means that you
have to type your password only once per session, and Kerberos does
the authenticating and encrypting transparently.
Jacques Vidrine <n@nectar.com>
This package implements an algorithm for breaking the PkZip cipher that was
devised by Eli Biham and Paul Kocher.
This program applies a known plaintext attack to an encrypted file.
A known-plaintext-attack recovers a password using the encrypted file and
(part of) the unencrypted file.
Please note that cryptographers use the word 'plaintext' for any kind of
unencrypted data - not necessarily readable ASCII text.
Before you ask why somebody may want to know the password when he already knows
the plaintext think of the following situations:
- Usually there's a large number of files in a ZIP-archive. Usually all these
files are encrypted using the same password. So if you know one of the files,
you can recover the password and decrypt the other files.
- You need to know only a part of the plaintext (at least 13 bytes). Many files
have commonly known headers, like DOS .EXE-files. Knowing a reasonably long
header you can recover the password and decrypt the entire file.
Snort is a libpcap-based packet sniffer/logger which can be used as a
lightweight network intrusion detection system. It features rules based logging
and can perform content searching/matching in addition to being used to detect
a variety of other attacks and probes, such as buffer overflows, stealth port
scans, CGI attacks, SMB probes, and much more. Snort has a real-time alerting
capability, with alerts being sent to syslog, a separate "alert" file, or even
to a Windows computer via Samba.
Packets are logged in their decoded form to directories which are generated
based upon the IP address of the remote peer. This allows Snort to be used as
a sort of "poor man's intrusion detection system" if you specify what traffic
you want to record and what to let through.
For instance, I use it to record traffic of interest to the six computers in
my office at work while I'm away on travel or gone for the weekend. It's
also nice for debugging network code since it shows you most of the Important
Stuff(TM) about your packets (as I see it anyway). The code is pretty easy
to modify to provide more complete packet decoding, so feel free to make
suggestions.
This script provides functionality for manipulating collections of
configuration files which can be organised so as to alter the
personality of a system.
Initially, the "base" personality is established. This personality
contains the "reference" copies of configuration files, and is used
when creating new personalities. The files which are currently
considered part of the system's personality are those contained in
the base personality.
A new personality is established by making a copy of the base
personality under a new name. Each personality maintains a separate
copy of all configuration files under /etc/personality.
To install a new personality, the files currently in place are
saved back to the current personality as indicated in
/etc/personality/current, and the files for the new personality
copied into place. The 'select' and 'menu' commands which perform
these installations are implemented in such a fashion as to only
require the tools available on the root filesystem, so that they
may be invoked at the earliest stage during system startup.
The sortu program is a replacement for the sort and uniq programs. It is
common for Unix script writers to want to count how many separate patterns
are in a file. For example, if you have a list of addresses, you may want
to see how many are from each state. So you cut out the state part, sort
these, and then pass them through uniq -c. Sortu does all this for you in a
fraction of the time.
Sortu uses a hash table and some decent line processing to provide this
functionality. For a relatively small number of keys, it can be signifcantly
smaller than using sort, because it does not have to keep temporary files.
If you are dealing with a large number of unique keys then sortu will run out
of memory and stop. Sortu has some basic field and delimiter handling which
should do most basic awk or cut features to separate out the field that you
are sorting on.