På FTP-arkivet FTP.SUNET.SE finns det många användbara verktyg i katalogen /pub/security/tools, här är några exempel på verktyg som kan vara till nytta vid konstruktion och underhåll av en brandvägg.
This file: /pub/security/tools/net/01-README directory: .../net/TCP-Wrapper/ The TCP WRAPPER tool provides monitoring and control of network services, such as TFTP, EXEC, TELNET, FINGER, and many others. The TCP WRAPPER logs information about incoming IP connections. This directory contains information, the latest version and patches. directory: .../net/chrootuid/ The CHROOTUID command sets up a restricted environment for command execution. CHROOTUID combines chroot(8) and su(1) into one program. This directory contains information, the latest version and patches. directory: .../net/cpm/ [No information yet available!] directory: .../net/fremont/ Fremont is a research prototype for discovering key network characteristics, such as hosts, gateways, and topology. It runs on SunOS,and has been tested on both Sun3 and Sun4 hardware, on SunOS 4.1.1. The ARPwatch and RIPwatch Explorer Modules use the Sun's Network Interface Tap. This directory contains information, the latest version and patches. directory: .../net/fwtk/ The TIS Firewall Toolkit includes various programs which supports the easy implementation of a firewall host. directory: .../net/ifstatus/ IFSTATUS can be run on a UNIX system to check the network interfaces for any that are in debug or promiscuous mode. This may be the sign of an intruder performing network monitoring to steal passwords. This directory contains information, the latest version and patches. directory: .../net/ipacl/ IPACL is a package to filter incoming and outgoing TCP/UDP packets in the SVR4/386 kernel. Depending on source/destination addresses and port numbers packets can be passed through or dropped. This directory contains information, the latest version and patches. directory: .../net/libpcap/ This directory contains information regarding a new architecture for Packet Capture - BSD Packet Filter. The library libpcap is needed for tools like tcpdump. directory: .../net/logdaemon/ LOGDAEMON is a package which contains sources to rsh and rlogin daemons that perform logging and access control based on privileged port numbers. Also included are modified versions of login, telnetd and lib. This directory contains information, the latest version and patches. directory: .../net/packet_screen/ Packet screens are tools developed for packet filtering. They can stop unwanted network traffic from entering (or leaving) your network. directory: .../net/portmapper/ PORTMAPPER is a portmap replacement with access control facilities. It provides discouraged access to YP/NIS, NFS, and other RPC-based services registered with the portmapper. This directory contains information, the latest version and patches. directory: .../net/rpcbind/ This is an rpcbind replacement with access control in the style of the tcp/ip daemon wrapper (log_tcp) package. It provides a simple mechanism to discourage remote access to the NIS (YP), NFS, and other rpc services. This directory contains information, the latest version and patches. directory: .../net/securelib/ SECURELIB is a wrapper for SunOS daemons that use RPC, such as portmap, ypserv, mountd, etc. The SECURELIB package contains replacement routines for the three kernel calls: accept, recvfrom, recvmsg. These routines check the Internet address of remote hosts which try to connect. This directory contains information, the latest version and patches. directory: .../net/socks/ The SOCKS package provides secure network connectivity through a firewall host. The package consists of library routines which replace the usual socket library calls and the SOCKS daemon (sockd). This directory contains information, the latest version and patches. directory: .../net/tcpr/ The TCPR package is a set of perl scripts which allow to run ftp and telnet commands on an internal network through an existing firewall host to an external network. This directory contains information, the latest version and patches. directory: .../net/tftpd/ TFTPD is a hacked copy of the BSD 4.3-tahoe tftp daemon program. It has a cheap and dirty hack to add security. The program will chroot (change root directory) to whatever TFTPD_DIR is defined as. This directory contains information, the latest version and patches. directory: .../net/xinetd/ XINETD is a replacement for inetd, the internet services daemon. XINETD provides facilities like access control mechanisms or extensive logging abilities. This directory contains information, the latest version and patches.
This file: /pub/security/tools/net/TCP-Wrapper/01-README The TCP WRAPPER tool provides monitoring and control of network services, such as TFTP, EXEC, TELNET, FINGER, and many others. The TCP WRAPPER logs information about incoming IP connections. This directory contains information, the latest version and patches. file: .../TCP-Wrapper/frontd.nec.920429.tar.gz (37158 Bytes) The FRONTD is based on the TCP WRAPPER tool which provides monitoring and control of network services. New features added. (frontd: Ying-Da Lee, NEC, 1992) file: .../TCP-Wrapper/in.gate-1.01.shar.gz (7042 Bytes) IN.GATE allows control over which hosts are allowed to use services provided from inetd(8C). in.gate works by sitting between inetd(8C) and the server programs. inetd(8C) starts in.gate which then checks to see if the requesting host has permissions to use the service. If the host does have permissions then in.gate starts up the requested server, otherwise in.gate reports `Access denied' to the requesting host and exits. (in.gate v1.01: John Pochmara, Oregon Graduate Institute of Science, 1991) file: .../TCP-Wrapper/rshd-echo.shar.gz (2004 Bytes) This is a small tool to fake rshd arguments when rshd is controlled by the TCP-Wrapper. It echoes the specified arguments to the remote system after satisfying a minimal subset of the rshd protocol. (rshd-echo: Wietse Venema, Eindhoven University of Technology, 1993) file: .../TCP-Wrapper/tcp_wrapper.ps.gz (21562 Bytes) TCP Wrapper: Network monitoring, access control, and booby traps. / Wietse Venema. - Eindhoven University of Technology. - 1992. file: .../TCP-Wrapper/tcp_wrappers_6.1.shar.gz (65959 Bytes) The TCP WRAPPER tool provides monitoring and control of network services, such as TFTP, EXEC, TELNET, FINGER, and many others. The TCP WRAPPER logs information about incoming IP connections and sends it to the syslog daemon. (TCP Wrapper v6.1: Wietse Venema, Eindhoven University of Technology, 1993) file: .../TCP-Wrapper/tcp_wrappers_6.3.shar.gz (73894 Bytes) The TCP WRAPPER tool provides monitoring and control of network services, such as TFTP, EXEC, TELNET, FINGER, and many others. The TCP WRAPPER logs information about incoming IP connections and sends it to the syslog daemon. (TCP Wrapper v6.3: Wietse Venema, Eindhoven University of Technology, 1994)
This file: /pub/security/tools/net/securelib/01-README SECURELIB is a wrapper for SunOS daemons that use RPC, such as portmap, ypserv, mountd, etc. The SECURELIB package contains replacement routines for the three kernel calls: accept, recvfrom, recvmsg. These routines check the Internet address of remote hosts which try to connect. This directory contains information, the latest version and patches. file: .../securelib/securelib.ps.gz (38469 Bytes) Restricting Network Access to System Daemons under SunOS / William LeFebvre. - EECS Departement Northwestern University. - 1992. - [Documentation for securelib.tar.Z]. file: .../securelib/securelib.tar.gz (9714 Bytes) SECURELIB is a wrapper for SunOS daemons that use RPC, such as portmap, ypserv, mountd, etc. The SECURELIB package contains replacement routines for the three kernel calls: accept, recvfrom, recvmsg. These routines check the Internet address of remote hosts which try to connect. (Securelib PL3: William LeFebvre, Northwestern University, 1992)
This file: /pub/security/tools/misc/01-README file: .../misc/lsof_3.08.tar.gz (245319 Bytes) Lsof version 3.08 lists information about files opened by processes. An open file may be a regular file, a directory, a block special file, a character special file, an executing text reference, a library, a stream or a network file (Internet socket, NFS file or Unix domain socket.) (Lsof v3.08: Victor A. Abell, Purdue University Computing Center, 1994) file: .../misc/miro.tar.gz (814059 Bytes) The MIRO package consists of two visual languages for specifying file system security and various tools to manipulate and interpret those languages. The languages allow a user to specify the security configuration of a file system and general security rules. (Miro project: Allan Heydon, Carnegie Mellon University, 1992) file: .../misc/miro.users-guide.ps.gz (111924 Bytes) The Miro Editor: A User's Guide (Version 2) / Amy Moormann Zaremski and Karen Kietzke - Carnegie Mellon / Computer Science Department - February 6, 1992 file: .../misc/telnet.94.02.07.NE.tar.gz (221155 Bytes) Telnet Client that supports source-routing. - Jan. 19, 1994. file: .../misc/trimlog.tar.gz (6278 Bytes) Trimlog is used to trim system log files to keep them from growing without bound. - David A. Curry / SRI International.
This file: /pub/security/tools/audit/Watcher/01-README WATCHER is a program to watch the system, reporting only when it finds something amiss. It monitors system statistics, such as disk space, process load or machine status. In case of problems WATCHER mails the problem report to the system manager. This directory contains information, the latest version and patches. file: .../Watcher/Watcher.man (7977 Bytes) file: .../Watcher/Watcher.tar.gz (43888 Bytes) WATCHER is a program to watch the system, reporting only when it finds something amiss. It monitors system statistics, such as disk space, process load or machine status. In case of problems WATCHER mails the problem report to the system manager. (Watcher v1.3: Kenneth Ingham, University of New Mexico, 1987)
This file: /pub/security/tools/audit/netlog/01-README NETLOG is a set of three programs: The TCPLOGGER/UDPLOGGER programs log all TCP (UDP) connections (sessions) on a subnet, the EXTRACT program is used to select specific records of the log files. This directory contains information, the latest version and patches. file: .../netlog/netlog-1.03.tar.gz (32863 Bytes) NETLOG is a set of three programs: The TCPLOGGER/UDPLOGGER programs log all TCP (UDP) connections (sessions) on a subnet, the EXTRACT program is used to select specific records of the log files. (netlog v1.03: Texas A&M University, 1993) file: .../netlog/netlog-1.2.tar.gz (66892 Bytes) NETLOG is a set of three programs: The TCPLOGGER/UDPLOGGER programs log all TCP (UDP) connections (sessions) on a subnet, the EXTRACT program is used to select specific records of the log files. (netlog v1.2: Texas A&M University, 1994)
This file: /pub/security/tools/audit/swatch/01-README SWATCH is a program which monitors different log files, such as syslog, filters out unwanted data and performs user-defined actions (e.g. send mail) upon certain high-priority events (e.g. repeated login failures). This directory contains information, the latest version and patches. file: .../swatch/lisa93_paper.ps.gz (29039 Bytes) Automated System Monitoring and Notification with Swatch / Stephen E. Hansen, E. Todd Atkins. - Stanford University. - [Presented on LISA Conf.]. file: .../swatch/swatch-2.0.tar.gz (50052 Bytes) SWATCH is a program which monitors different log files, such as syslog, filters out unwanted data and performs user-defined actions (e.g. send mail) upon certain high-priority events (e.g. repeated login failures). (Swatch v2.0: Stephen E. Hansen & Todd Atkins, Stanford University, 1992) file: .../swatch/swatch-2.1.tar.gz (46865 Bytes) SWATCH is a program which monitors different log files, such as syslog, filters out unwanted data and performs user-defined actions (e.g. send mail) upon certain high-priority events (e.g. repeated login failures). (Swatch v2.1: Stephen E. Hansen & Todd Atkins, Stanford University, 1994) file: .../swatch/swatch_usenix_paper.ps.gz (25069 Bytes) Centralized System Monitoring with Swatch / Stephen E. Hansen, E. Todd Atkins. - Stanford University. - [Presented on USENIX Conf.]
This file: /pub/security/tools/admin/Tiger/01-README information about this subdirectory: TIGER is a set of shell scripts, C code and data files which are used to check for security problems. TIGER scans binaries, configuration files, file systems, etc. for possible security problems and reports them. This directory contains information, the latest version and patches. file: .../Tiger/tiger-2.2.1.tar.gz (246539 Bytes) TIGER is a set of shell scripts, C code and data files which are used to check for security problems. TIGER scans binaries, configuration files, file systems, etc. for possible security problems and reports them. (Tiger v2.2.1: Doug Schales, Texas A&M University, 1993) file: .../Tiger/tiger-2.2.3.tar.gz (265677 Bytes) TIGER is a set of shell scripts, C code and data files which are used to check for security problems. TIGER scans binaries, configuration files, file systems, etc. for possible security problems and reports them. (Tiger v2.2.3: Doug Schales, Texas A&M University, 1992)
This file: /pub/security/tools/admin/chkacct/01-README information about this subdirectory: CHKACCT checks the files in your Unix account for security problems. chkacct(1) will present each problem to you along with a short explanation as to why it is a danger. You will then be asked if you wish to ignore the problem, see more information about the problem, or have chkacct(1) fix the problem for you. This directory contains information, the latest version and patches. file: .../chkacct/chkacct.README (2094 Bytes) file: .../chkacct/chkacct.man (5817 Bytes) file: .../chkacct/chkacct.tar.gz (31725 Bytes) CHKACCT checks the files in your Unix account for security problems. chkacct(1) will present each problem to you along with a short explanation as to why it is a danger. You will then be asked if you wish to ignore the problem, see more information about the problem, or have chkacct(1) fix the problem for you. (CHKACCT v1.3: Shabbir J. Safdar, 1993)
This file: /pub/security/tools/admin/Cops/01-README information about this subdirectory: COPS (Computer Oracle and Password System) is a set of programs which check various problem areas of UNIX security, e.g. file permissions, SUID-files, password and group files, files that are run by cron, etc. COPS does not correct but reports potential security holes. This directory contains information, the latest version and patches. file: .../Cops/cops_104.tar.gz (289908 Bytes) COPS (Computer Oracle and Password System) is a set of programs which check various problem areas of UNIX security, e.g. file permissions, SUID-files, password and group files, files that are run by cron, etc. COPS does not correct but reports potential security holes. (COPS v1.04: Daniel Farmer, Carnegie Mellon University, 1992) file: .../Cops/kuang.man (2809 Bytes) file: .../Cops/tr993.ps.gz (50148 Bytes) The COPS Security Checker System / Daniel Farmer, Eugene H. Spafford. - Carnegie Mellon University; Purdue University. - Sep 19, 1991. - Purdue University Technical Report CSD-TR-993. [Presented on: Summer 1990 USENIX Conference, Anaheim, CA].
This file: /pub/security/tools/admin/Tripwire/01-README information about this subdirectory: TRIPWIRE is a file integrity checker which compares a designated set of files against information stored in a previously generated database. Any differences are logged, and optionally, a user is notified through mail. This directory contains information, the latest version and patches. file: .../Tripwire/Tripwire-1.1.tar.gz (282341 Bytes) This is the old release of Tripwire. This version added several new features as requested by users, and fixed all known, reported bugs to that time. (Tripwire v1.1: Gene Kim & Gene Spafford, Purdue University, 1993) file: .../Tripwire/Tripwire-1.2.tar.gz (299831 Bytes) This is the newest release of Tripwire. (Tripwire v1.2: Gene Kim & Gene Spafford, Purdue University, 1994) file: .../Tripwire/Tripwire-SANS.ps.gz (38071 Bytes) Experiences with Tripwire: Using Integrity Checkers for Intrusion Detection / Gene H. Kim & Eugene H. Spafford. Purdue University. - Purdue Technical Report CSD-TR-93-071. - Feb 21, 1994. file: .../Tripwire/Tripwire-appdev.ps.gz (74013 Bytes) Writing, Supporting, and Evaluating Tripwire: A Publically Available Security Tool / Gene H. Kim & Eugene H. Spafford. Purdue University. - Purdue Technical Report CSD-TR-94-019. - Mar 12, 1994. file: .../Tripwire/Tripwire-config.man (14427 Bytes) file: .../Tripwire/Tripwire.README-1.1.gz (13048 Bytes) Tripwire : README Documentation / Gene H. Kim & Gene Spafford. - The COAST Project. - Department of Computer Sciences, Purdue University. - Dec 15, 1993. file: .../Tripwire/Tripwire.man (17500 Bytes) file: .../Tripwire/Tripwire.ps.gz (39380 Bytes) The Design and Implementation of Tripwire: A File System Integrity Checker / Gene H. Kim & Eugene H. Spafford. The COAST Project. - Department of Computer Sciences, Purdue University. - Aug 29, 1994. file: .../Tripwire/Tripwire.v11.ps.gz (66800 Bytes) The Design and Implementation of Tripwire: A File System Integrity Checker / Gene H. Kim & Eugene H. Spafford. Purdue University. - Purdue Technical Report CSD-TR-93-071. - Nov 19, 1993.