After examining Tripwire and deciding that it was *way* overkill for my
own purposes...
...L5 simply walks down Unix or DOS filesystems, sort of like "ls -R" or
"find" would, generating listings of anything it finds there. It tells
you everything it can about a file's status, and adds on an MD5 hash of
it. Its output is rather "numeric", but it is a very simple format and
is designed to be post-treated by scripts that call L5...
...Unlike Tripwire itself, this is NOT a complete toolkit -- one is
expected to use it as a small, reliable part of a larger system...
_H*
Andrew McNaughton <andrew@scoop.co.nz>
BASE is the Basic Analysis and Security Engine. It is based on the code
from the ACID project. This application provides a PHP-based web front-end
to query and analyze the alerts coming from a Snort IDS system.
BASE is a web interface to perform analysis of intrusions that Snort has
detected on your network. It uses a user authentication and role-base
system, so that you as the security admin can decide what and how much
information each user can see. It also has a simple to use, web-based
setup program for people not comfortable with editing files directly.
OpenID is a decentralized identity system, but one that's actually
decentralized and doesn't entirely crumble if one company turns evil
or goes out of business.
An OpenID identity is just a URL. You can have multiple identities in
the same way you can have multiple URLs. All OpenID does is provide a
way to prove that you own a URL (identity).
Anybody can run their own site using OpenID, and anybody can be an
OpenID server, and they all work with each other without having to
register with or pay anybody to "get started". An owner of a URL can
pick which OpenID server to use.
OpenID is a decentralized identity system, but one that's actually
decentralized and doesn't entirely crumble if one company turns evil
or goes out of business.
An OpenID identity is just a URL. You can have multiple identities in
the same way you can have multiple URLs. All OpenID does is provide a
way to prove that you own a URL (identity).
Anybody can run their own site using OpenID, and anybody can be an
OpenID server, and they all work with each other without having to
register with or pay anybody to "get started". An owner of a URL can
pick which OpenID server to use.
CRITs is a web-based tool which combines an analytic engine with a cyber threat
database that not only serves as a repository for attack data and malware, but
also provides analysts with a powerful platform for conducting malware
analyses, correlating malware, and for targeting data. These analyses and
correlations can also be saved and exploited within CRITs. CRITs employs a
simple but very useful hierarchy to structure cyber threat information. This
structure gives analysts the power to 'pivot' on metadata to discover
previously unknown related content.
### WHAT IS PHPSECINFO?
PHPSecInfo is a PHP environment security auditing tool modeled after the
phpsecinfo() function. From a single function call, PHPSecInfo runs a
series of tests on your PHP environment to identify potential security
issues and offer suggestions. It can be useful as part of a multilayered
security approach.
#### WHAT IS PHPSECINFO NOT?
* It is not a replacement for secure coding practices
* It does not audit PHP code
* It is not comprehensive test for either your hosting environment
or your web application
* It is not the "final word." PHPSecInfo identifies *potential* problems
and offers suggestions for improvement. Your environment may _require_
certain settings that trigger cautions or warnings.
libpwstor is a library implementing a password storage format
for C programmers. This format provides a reasonable level of
security by utilizing SHA-256 in addition to a random salt to
mitigate dictionary and rainbow table attacks.
In addition to the core functionality, libpwstor also offers
some additional functions such as Base64 encoding and decoding.
All functionality is implemented and designed in such a way as
to be easy to use for C programmers of varying skill levels,
while preserving reasonable security in the underlying storage
format.
The OATH Toolkit contains a shared library, command line tool
and a PAM module that makes it possible to build one-time
password authentication systems. Supported technologies include
the event-based HOTP algorithm and the time-based TOTP algorithm.
OATH is the Open AuTHentication organization which specify
the algorithms.
The components included in the package is:
- liboath: A shared and static C library for OATH handling.
- oathtool: A command line tool for generating and validating OTPs.
- pam_oath: A PAM module for pluggable login authentication for OATH.
Sudoscript provides an audited shell using sudo(8) and script(1).
The front end script, sudoshell(1) contacts the daemon, sudoscriptd(8).
They agree on the location of a FIFO, which the daemon opens for read.
Sudoshell then runs script(1) with the FIFO as a typescript. The daemon
stamps each line of the script(1) output with a session id, then passes
the data over to another daemon. This daemon timestamps the data and stores
it in a log file which is /var/log/sudoscript. This daemon also keeps an eye
on the size of log files, and forks a rotator/compressor when it exceeds 2
MBytes.
wpa_supplicant is a client (supplicant) with support for WPA and WPA2
(IEEE 802.11i / RSN). It is suitable for both desktop/laptop computers and
embedded systems. Supplicant is the IEEE 802.1X/WPA component that is used
in the client stations. It implements key negotiation with a WPA
Authenticator and it controls the roaming and IEEE 802.11 authentication/
association of the wlan driver.
wpa_supplicant is designed to be a "daemon" program that runs in the
background and acts as the backend component controlling the wireless
connection. wpa_supplicant supports separate frontend programs and a
text-based frontend (wpa_cli) and a GUI (wpa_gui) are included with
wpa_supplicant.