[ Search ] [ What's New? ] [ About ]
[ Bugs ] [ Misc ] [ Mailing Lists ] [ Newgroups ] [ NewsWire ] [ Papers ] [ People ]
[ Pictures ] [ Publications ] [ Responce Teams ] [ Tools ] [ Upcoming Events ] [ Web Sites ]

Title: Advance Security audit trail Analisys on uniX 1.0

Authors: B. Le Charlier, A. Mounji, I. Mathieu, N. Habra

Abstract:

Analyzing substantial amounts of data and extracting relevant information out of huge sequential files has always been a nightmare. (And ... it will probably remain so, unless you use ASAX, Advanced Security audit trail Analyzer on uniX.) Using highly sophisticated and powerful algorithms, ASAX tremendously simplifies the intelligent analysis of sequential files.

Title: chkacct v1.1

Authors: Shabbir Safdar

Abstract:

chkacct was designed to complement tools like COPS and Tiger. Instead of checking for configuration problems in the entire system, it is designed to check the settings and security of the current user's account. It then prints explanatory messages to the user about how to fix the problems. It may be preferable to have a security administrator ask problem users to run chkacct rather than directly alter files in their home directories.

Title: chklastlog v1.0

Authors: DFNCERT

Abstract:

chklastlog checks that no entries have been deleted from the lastlog file.

Title: chkwtmp v1.0

Authors: DFNCERT

Abstract:

chkwtmp checks that no entries have been deleted from the wtmp file.

Title: COPS

Authors: Dan Farmer

Abstract:

COPS is a static security checking tool that checks common procedural (nonbug) problems of a Un*x system. It basically takes a snapshot of a system, and then generates a report of it's findings.

Title: cpm

Authors: Carnegie Mellon University

Abstract:

Check for network interfaces in promiscuous mode.

Title: Crack 4.1

Authors: Alec D.E. Muffett

Abstract:

Crack is a freely available program designed to find standard Unix eightcharacter DES encrypted passwords by standard guessing techniques outlined below. It is written to be flexible, configurable and fast, and to be able to make use of several networked hosts via the Berkeley rsh program (or similar), where possible.

Title: crash me

Authors: George Carrette

Abstract:

The purpose of the crashme program is to cause instruction faults that would otherwise be only rarely seen in the normal operation of a system (where "normal" includes conditions of user programs with bugs in them, and to executable code corruption due to memory, disk, and network problems).

Title: Dig

Authors: Steve Hotz Paul Mockapetris

Abstract:

Dig (domain information groper) is a flexible command line tool which can be used to gather information from the Domain Name System servers. Dig has two modes: simple interactive mode which makes a single query, and batch which executes a query for each in a list of several query lines. All query options are accessible from the command line.

Title: DNS Walk 1.8.3

Authors: David Barr

Abstract:

dnswalk is a DNS debugger. It performs zone transfers of specified domains, and checks the database in numerous ways for internal consistency, as well as accuracy.

Title: Domain Obcenity Control

Authors: Steve Hotz, Paul Mockapetris

Abstract:

This is a the first public release of Doc Version 2.0. Doc (domain obscenity control) is a program which diagnoses misbehaving domains by sending queries off to the appropriate DNS nameservers, and performing simple analysis on the responses.

Title: Hobgoblin

Authors: Steve Hotz, Paul Mockapetris

Abstract:

hobgoblin check file system consistency against a description. hobgoblin reads file system descriptions from standard input, ifilenames on the command line, and descriptions attached to the e option on the command line, and executes specified checks on the file system's contents and writes output on stdout or ofilename.

Title: ident

Authors: *Hobbit*

Abstract:

This is a "buggered identd" that tests the quefile bug in Sendmails earlier than 8.6.10 and possibly some versions of 5.x. It responds with embedded lines that, if the receiving Sendmail is buggy, get added to the que file as control information or strage extra headers.

Title: ifstatus

Authors: David A. Curry

Abstract:

This program can be run on a UNIX system to check the network interfaces for any that are in debug or promiscuous mode. This may be the sign of an intruder performing network monitoring to steal passwords and the like (see CERTdvisory CA94:01).

Title: Internet Security Scanner (ISS)

Authors: Christopher William Klaus

Abstract:

Internet Security Scanner (ISS) is one of the first multilevel security scanners available to the public. It was designed to be flexible and easily portable to many unix platforms and do its job in a reasonable amount of time. It provides information to the administrator that will fix obvious security misconfigurations.

Title: L5

Authors: *Hobbit*

Abstract:

L5 is a minimalist solution to the unix file integrity problem. L5 simply walks down Unix or DOS filesystems, sort of like "ls R" or "find" would, generating listings of anything it finds there. It tells you everything it can about a file's status, and adds on the MD5 hash of it. Its output is rather "numeric", but it is a very simple format and is designed to be posttreated by scripts that call L5.

Title: md5check

Authors: The Regents of the University of California

Abstract:

Check to see if existing binary files match their appropriate cryptographic signatures.

Title: NFSBug

Authors: Leendert van Doorn

Abstract:

Test hosts for well known NFS problems/bugs. Among these tests are: find world wide exportable file systems, determine whether the export list really works, determine whether we can mount file systems through the portmapper, try to guess file handles, excercise the mknod bug, and the uid masking bug.

Title: Nuke

Authors: Satanic Mechanic, Tim N., *Hobbit*

Abstract:

Cleaned up version of nuke. Nuke is a program that attempts to bring down a connection between two hosts by sending one of them fake ICMP messages.

Title: Password checking routine

Authors: Clyde Hoover

Abstract:

This is a password checking program that author wrote after the infamous Internet Worm. He used the password cracking algorithm the worm used in order to check the obviousness of a password.

Title: Perl Cops

Authors: Steve Romig

Abstract:

This is a perl version of Dan's version of Bob Baldwin's Kuang program (originally written as some shell scripts and C programs). Features including Caches passwd/group file entries in an associative array for faster lookups. This is particularly helpful on insecure systems using YP where password and group lookups are slow and you have to do a lot of them, can specify target (uid or gid) on command line, can use l option to generate PAT for a goal, can use f to preload file owner, group and mode info, which is helpful in speeding things up and in avoiding file system 'shadows'.

Title: Probe TCP Ports

Authors: H. Morrow Long

Abstract:

This program will probe a machine for all open TCP ports.

Title: raudit

Authors: Michele D. Crabb

Abstract:

raudit is a Perl script which audits each user's .rhosts file and reports on various findings. Without arguments raudit will report on the total number of rhosts entries, the total number of nonoperations entries (entries for which the hosts is listed in the /etc/hosts.equiv file, the total number of remote entries. raudit will also report on any entries which may be illegal. An entrie is considered illegal if the username does not mach the username from the password file or if the entry contains a "+" or a "".

Title: RIACS Auditing Package

Authors: Matt Bishop

Abstract:

This is the RIACS Auditing Package - really, a sophisticated file scanning system. It audits a file system for possible security or accounting problems, scans the file system %%FILESYS%%, and compares these results to information in the master file %%LISTDIR%%/audit.lst.

Title: RScan

Authors: Nate Sammsons

Abstract:

Rscan 1.4.0 (formerly `Securscan'') is officially available. In short, Rscan is a facility that allows System Administrators to execute complex (or simple) scanner scripts on one (or many) machines and create clean, formatted reports in either ASCII or HTML. Rscan allows the writing of modules that have different scans for different operating systems, etc. Two modules are currently available. They are: IRIXsecurity & NetSecurity.

Title: SATAN

Authors: Dan Farmer, Wietse Venema

Abstract:

Security Administrator Tool for Analyzing Networks remotely probes systems via the network and stores its finding in a database. The results can be viewed with any Level 2 HTML browser that supports the http protocol.

Title: Secure_Sun - Check/Fix Fourteen Common Sun Security Holes

Authors: David Safford

Abstract:

This program checks for 14 common SunOS configuration security loopholes. It has been tested only on SunOS4.0.3 on Sun4, Sun3, and Sun386i machines. Each test reports its findings, and will offer to fix any problem found. The program must be run as root if you want it to fix any of the problems, But it can be run from any account if you reply \'n\' to any fix requests.

Title: Show Process Accounting Records

Authors: Doug Schales

Abstract:

'spar' is used to select records from a UNIX process accounting file. It is usually faster than most 'lastcomm's and significantly more flexible and powerful.

Title: Strobe

Authors: Julian Assange aka Proff

Abstract:

Strobe is a security/network tool that locates and describes all listening tcp ports on a (remote) host or on many hosts in a bandwidth utilisation maximising, and process resource minimising manner.

Title: tiger

Authors: Doug Schales

Abstract:

'tiger' is a set of scripts that scan a Un*x system looking for security problems, in the same fashion as Dan Farmer's COPS. 'tiger' was originally developed to provide a check of UNIX systems on the A&M campus that want to be accessed from off campus (clearance through the packet filter).

Title: Tripwire v1.2

Authors: Gene Kim Gene Spafford

Abstract:

Tripwire is a highly portable, configurable tool to monitor changes in a Unix filesystem. It keeps a database of inode information and message digests of file and directory contents based on a userdesigned configuration file. When rerun, Tripwire will compare the stored values against the configuration flags and warn the operator of any deviations (changes, additions, accesses, etc). Tripwire is extensively documented, has been ported to over 30 varieties of Unix, and is highly recommended by anyone who uses it.

Title: Trojan

Authors: Bruce Barnett

Abstract:

Trojan.pl is a trojan horse checking program. It examines your searchpath and looks at all of the executables in your searchpath, looking for people who can create a trojan hource you can execute.

Title: YPX A utility to transfer NIS maps beyond a local (broadcast) network.

Authors: Rob J. Nauta

Abstract:

ypx is a utility to transfer a NIS map from any host running a ypserv daemon. ypx is similar to ypcat, with some additions. To be able to transfer a map, a domainname must be specified. There unfortunately is no way to ask the remote host about its domainname, so it must be known already or guessed to transfer a map successfully. If none is specified, the hostname of the remote host is used as the domainname. ypx is able to guess at the remote domainname, by trying parts of the hostname, if guessing is enabled with the g option. If the s option is used, ypx will connect to the sendmail daemon, read the hostname, and parse that too, to be used as additional guesses. Finally, any additional strings on the commandline will be added to the list of domainname guesses.