Osiris is a Host Integrity Management System that periodically monitors
one or more hosts for change. It maintains detailed logs of changes to
the file system, user and group lists, resident kernel modules, and
more. Osiris can be configured to email these logs to the administrator.
Hosts are periodically scanned and, if desired, the records can be
maintained for forensic purposes. Osiris keeps an administrator apprised
of possible attacks and/or nasty little trojans. The purpose here is
to isolate changes that indicate a break-in or a compromised system.
Osiris makes use of OpenSSL for encryption and authentication in all
components.
This is the base class for a system of objects that encapsulate
passphrases. An object of this type is a passphrase recogniser: its
job is to recognise whether an offered passphrase is the right one.
For security, such passphrase recognisers usually do not themselves
know the passphrase they are looking for; they can merely recognise it
when they see it. There are many schemes in use to achieve this
effect, and the intent of this class is to provide a consistent
interface to them all, hiding the details.
The CPAN package Authen::Passphrase contains implementations of
several specific passphrase schemes in addition to the base class.
This code appears to have only cursory resemblance to Bruce Schneier's
blowfish and twofish algorithms in that it too has a table-based decoder.
Derivation from FairKeys code by Jon Lech Johanson at nanocrew.net.
If you don't know what that is, don't bother looking here further. This is
a Pure Perl implementation. I doubt there is any need for xs coding for
what would mainly be processing 16 bytes at a time. This code is part of an
ongoing effort to clone portions of the Apple iTMS in Perl for portability.
See www.hymn-project.org for prior efforts by others.
PBKDF2 is a secure password hashing algorithm that uses the techniques of
"key strengthening" to make the complexity of a brute-force attack arbitrarily
high. PBKDF2 uses any other cryptographic hash or cipher (by convention,
usually HMAC-SHA1, but Crypt::PBKDF2 is fully pluggable), and allows for an
arbitrary number of iterations of the hashing function, and a nearly unlimited
output hash size (up to 2**32 - 1 times the size of the output of the backend
hash). The hash is salted, as any password hash should be, and the salt may
also be of arbitrary size.
See also: RFC2898, PKCS#5 version 2.0: http://tools.ietf.org/html/rfc2898
Net::Daemon is an abstract base class for implementing portable server
applications in a very simple way. The module is designed for Perl 5.005
and threads, but can work with fork() and Perl 5.004.
The Net::Daemon class offers methods for the most common tasks a daemon
needs: Starting up, logging, accepting clients, authorization,
restricting its own environment for security and doing the true work.
You only have to override those methods that aren't appropriate for you,
but typically inheriting will safe you a lot of work anyways.
Binwalk is a tool for searching a given binary image for embedded
files and executable code. Specifically, it is designed for identifying
files and code embedded inside of firmware images. Binwalk uses the
libmagic library, so it is compatible with magic signatures created
for the Unix file utility.
Binwalk also includes a custom magic signature file which contains
improved signatures for files that are commonly found in firmware
images such as compressed/archived files, firmware headers, Linux
kernels, bootloaders, filesystems, etc.
More details are available at:
Suhosin is an advanced protection system for PHP installations.
It was designed to protect servers and users from known and
unknown flaws in PHP applications and the PHP core.
Suhosin comes in two independent parts, that can be used
separately or in combination. The first part is a small patch
against the PHP core, that implements a few low-level
protections against bufferoverflows or format string
vulnerabilities and the second part is a powerful PHP extension
that implements all the other protections.
Suhosin is binary compatible to normal PHP installation,
which means it is compatible to 3rd party binary extension
like ZendOptimizer.
This package provides an interface to the cracklib (libcrack) libraries that
come standard on most Unix-like distributions. This allows you to check
passwords against dictionaries of words to ensure some minimal level of
password security.
From the cracklib README
CrackLib makes literally hundreds of tests to determine whether you've
chosen a bad password.
* It tries to generate words from your username and gecos entry to tries
to match them against what you've chosen.
* It checks for simplistic patterns.
* It then tries to reverse-engineer your password into a dictionary
word, and searches for it in your dictionary.
- after all that, it's PROBABLY a safe(-ish) password. 8-)
Off-the-Record (OTR) Messaging allows you to have private
conversations over instant messaging by providing:
* Encryption
No one else can read your instant messages.
* Authentication
You are assured the correspondent is who you think it is.
* Deniability
The messages you send do not have digital signatures that
are checkable by a third party. Anyone can forge messages
after a conversation to make them look like they came from
you. However, during a conversation, your correspondent is
assured the messages he sees are authentic and unmodified.
* Perfect forward secrecy
If you lose control of your private keys, no previous
conversation is compromised.
In short: getting and installing SSL/TLS certificates made easy.
The Let's Encrypt Client is a tool to automatically receive and install
X.509 certificates to enable TLS on servers. The client will
interoperate with the Let's Encrypt CA which will be issuing
browser-trusted certificates for free.
It's all automated:
The tool will prove domain control to the CA and submit a CSR
(Certificate Signing Request).
If domain control has been proven, a certificate will get issued and
the tool will automatically install it.