|
(Page 4 of 6) < Prev 1 2 3 4 5 6 Next > Category: Replacement mcrypt Added 2001-10-22 mcrypt is a program for encrypting files or streams. It is intended to be a replacement for the old UNIX crypt. It uses well-known and well-tested algorithms like DES, BLOWFISH, TWOFISH, ARCFOUR, CAST-128, and more in several modes (CBC, CFB, etc.). It also has a compatibility mode with the old UNIX crypt and Solaris des. sftp Added 2001-10-22 Secure FTP (sftp) implements a file transfer protocol using ssh/rsh as the transport mechanism. When the client is invoked, a remote shell is spawned and the server is run. sftp is mainly useful over a secure ssh session since passwords are not exposed. It also has the advantage that no root access is required, since the server runs as a user process. psftp Added 2001-10-22 Psftp is basically an ftp-like program that uses ssh 1.x as its backend. Psftp provides a cli ftp-like interface on top of scp and ssh. Secfingerd Added 2001-10-22 Secfingerd is a replacement for the standard finger daemon that comes with most UN*Xes. It allows each user to control whether-or-not they want to be fingered and if they do, what information about them is displayed as well as the formatting used. Secfingerd does not support empty and indirect queries. User's can stop themselves from being fingered by creating a ".nofinger" file in their home directory, this release of secfingerd also supports a global nofinger file which can be used to stop users such as "bin" from being fingered without putting a ".nofinger" file in "/bin". psftp Added 2001-10-22 Psftp is basically an ftp-like program that uses ssh 1.x as its backend. Psftp provides a cli ftp-like interface on top of scp and ssh. msystem Added 2001-10-22 The file msystem.c contains a version of system(3), popen(3), and pclose(3) that provide considerably more security than the standard C functions. They are named msystem, mpopen, and mpclose, respectively. While I don't guarantee them to be PERFECTLY secure, they do constrain the environment of the child quite tightly, tightly enough to close the obvious holes. Osh - Operator Shell Added 2001-10-22 The Operator Shell (Osh) is a setuid root, security enhanced, restricted shell for providing fine- grain distribution of system privileges for a wide range of usages and requirements. PortMap 3 Added 2001-10-22 This is the 3rd enhanced portmapper release. The code compiles fine with SunOS 4.1.x, Ultrix 4.x and ESIX System V release 4.0, but it will work with many other UNIX flavors. Tested with SunOS 4.1.1; an earlier version was also tested with Ultrix 3.0. SysV.4 uses a different program that the portmapper, however; rpcbind is the name, and it can do much more than the old portmapper. This is a portmapper replacement with access control in the style of the tcp wrapper (log_tcp) package. It provides a simple mechanism to discourage access to the NIS (YP), NFS, and other services registered with the portmapper. In some cases, better or equivalent alternatives are available. The SunOS portmap that is provided with patch id100482-02 should close the same security holes. In addition, it provides NIS daemons with their own access control lists. This is better than just portmapper access control. The "securelib" shared library (eecs.nwu.edu:/pub/securelib.tar) implements access control for all kinds of (RPC) services, not just the portmapper. Reportedly, Irix 4.0.x already has a secured portmapper. However, many vendors still ship portmap implementations that allow anyone to read or modify its tables and that will happily forward any request so that it appears to come from the local system. Rpcbind Added 2001-10-22 This is a rpcbind replacement with access control in the style of the tcp/ip daemon wrapper (log_tcp) package. It provides a simple mechanism to discourage remote access to the NIS (YP), NFS, and other rpc services. It also has host access control on IP addresses. Note that the local host is considered authorized and host access control requires the libwrap.a library that comes with recent tcp/ip daemon wrapper (log_tcp) implementations. If a port requests that are forwarded by the rpcbind process will be forwarded through an unprivileged port. In addition, the rpcbind process refuses to forward requests to rpc daemons that do, or should, verify the origin of the request: at present. The list includes most of the calls to the NFS mountd/nfsd daemons and the NIS daemons securelib Added 2001-10-22 The securelib package by William LeFebvre. Provides a replacement shared library from SunOS 4.1.x systems that offers new versions of the accept, recvfrom, and recvmsg networking system calls. These calls are compatible with the originals, except that they check the address of the machine initiating the connection to make sure it is allowed to connect, based on the contents of the configuration file. The advantage of this approach is that it can be installed without recompiling any software. Browse by category |
|
|
Privacy Statement |
