Ports 搜索

Osiris is a Host Integrity Management System that periodically monitors one or more hosts for change. It maintains detailed logs of changes to the file system, user and group lists, resident kernel modules, and more. Osiris can be configured to email these logs to the administrator. Hosts are periodically scanned and, if desired, the records can be maintained for forensic purposes. Osiris keeps an administrator apprised of possible attacks and/or nasty little trojans. The purpose here is to isolate changes that indicate a break-in or a compromised system. Osiris makes use of OpenSSL for encryption and authentication in all components.

This is the base class for a system of objects that encapsulate passphrases. An object of this type is a passphrase recogniser: its job is to recognise whether an offered passphrase is the right one. For security, such passphrase recognisers usually do not themselves know the passphrase they are looking for; they can merely recognise it when they see it. There are many schemes in use to achieve this effect, and the intent of this class is to provide a consistent interface to them all, hiding the details. The CPAN package Authen::Passphrase contains implementations of several specific passphrase schemes in addition to the base class.

This code appears to have only cursory resemblance to Bruce Schneier's blowfish and twofish algorithms in that it too has a table-based decoder. Derivation from FairKeys code by Jon Lech Johanson at nanocrew.net. If you don't know what that is, don't bother looking here further. This is a Pure Perl implementation. I doubt there is any need for xs coding for what would mainly be processing 16 bytes at a time. This code is part of an ongoing effort to clone portions of the Apple iTMS in Perl for portability. See www.hymn-project.org for prior efforts by others.

PBKDF2 is a secure password hashing algorithm that uses the techniques of "key strengthening" to make the complexity of a brute-force attack arbitrarily high. PBKDF2 uses any other cryptographic hash or cipher (by convention, usually HMAC-SHA1, but Crypt::PBKDF2 is fully pluggable), and allows for an arbitrary number of iterations of the hashing function, and a nearly unlimited output hash size (up to 2**32 - 1 times the size of the output of the backend hash). The hash is salted, as any password hash should be, and the salt may also be of arbitrary size. See also: RFC2898, PKCS#5 version 2.0: http://tools.ietf.org/html/rfc2898

Net::Daemon is an abstract base class for implementing portable server applications in a very simple way. The module is designed for Perl 5.005 and threads, but can work with fork() and Perl 5.004. The Net::Daemon class offers methods for the most common tasks a daemon needs: Starting up, logging, accepting clients, authorization, restricting its own environment for security and doing the true work. You only have to override those methods that aren't appropriate for you, but typically inheriting will safe you a lot of work anyways.

Binwalk is a tool for searching a given binary image for embedded files and executable code. Specifically, it is designed for identifying files and code embedded inside of firmware images. Binwalk uses the libmagic library, so it is compatible with magic signatures created for the Unix file utility. Binwalk also includes a custom magic signature file which contains improved signatures for files that are commonly found in firmware images such as compressed/archived files, firmware headers, Linux kernels, bootloaders, filesystems, etc. More details are available at:

Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts, that can be used separately or in combination. The first part is a small patch against the PHP core, that implements a few low-level protections against bufferoverflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections. Suhosin is binary compatible to normal PHP installation, which means it is compatible to 3rd party binary extension like ZendOptimizer.

This package provides an interface to the cracklib (libcrack) libraries that come standard on most Unix-like distributions. This allows you to check passwords against dictionaries of words to ensure some minimal level of password security. From the cracklib README CrackLib makes literally hundreds of tests to determine whether you've chosen a bad password. * It tries to generate words from your username and gecos entry to tries to match them against what you've chosen. * It checks for simplistic patterns. * It then tries to reverse-engineer your password into a dictionary word, and searches for it in your dictionary. - after all that, it's PROBABLY a safe(-ish) password. 8-)

Off-the-Record (OTR) Messaging allows you to have private conversations over instant messaging by providing: * Encryption No one else can read your instant messages. * Authentication You are assured the correspondent is who you think it is. * Deniability The messages you send do not have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is assured the messages he sees are authentic and unmodified. * Perfect forward secrecy If you lose control of your private keys, no previous conversation is compromised.

In short: getting and installing SSL/TLS certificates made easy. The Let's Encrypt Client is a tool to automatically receive and install X.509 certificates to enable TLS on servers. The client will interoperate with the Let's Encrypt CA which will be issuing browser-trusted certificates for free. It's all automated: The tool will prove domain control to the CA and submit a CSR (Certificate Signing Request). If domain control has been proven, a certificate will get issued and the tool will automatically install it.