ClamAV clamd service - an anti-virus daemon process.
You can find more information about clam anti-virus at
WWW: http://www.clamav.net/
File::Scan::ClamAV was originally based on the Clamd module
Submitted by: Jan-Peter Koopmann <Jan-Peter.Koopmann at seceidos.de>
an open source intrusion detection system.
The actual interface and GUI server are written in tcl/tk.
Sguil also relies on other open source software
in order to function properly.
The client requires gpg, iwidgets and other tcl packages and may
also use wireshark, festival and tls depending on your selection
of options. Run "make config" in the port to see what options
are available.
Sguil currently functions as an analysis interface and has
no snort sensor or rule management capabilities.
WWW: http://sguil.sourceforge.net/index.phppauls@utdallas.edu
PR: ports/105496
Submitted by: Paul Schmehl <pauls at utdallas.edu>
Platform-independent tool for Authenticode signing of EXE/CAB files - uses
OpenSSL and libcurl. It also supports timestamping.
PR: ports/105353
Submitted By: Nick Barkas <snb@threerings.net>
Approved By: flz (mentor)
Security Monitoring (NSM). NSM is the collection,
analysis, and escalation of indications and warnings
to detect and respond to intrusions. NSM tools are
used more for network audit and specialized
applications than traditional alert-centric "intrusion
detection" systems.
Want to learn more about Network Security Monitoring
(NSM)? Then check out Richard Bejtlich's recently
released book, The Tao of Network Security Monitoring:
Beyond Intrusion Detection. An excerpt reads:
"Network security monitoring (NSM) equips security
staff to deal with the inevitable consequences of too
few resources and too many responsibilities. NSM collects
the data needed to generate better assessment, detection,
and response processes--resulting in decreased impact from
unauthorized activities."
WWW: http://sguil.sourceforge.net/index.phppauls@utdallas.edu
PR: ports/104227
Submitted by: Paul Schmehl <pauls at utdallas.edu>
(www.snort.org), an open source intrusion detection system.
The actual interface and GUI server are written in tcl/tk
(www.tcl.tk). Sguil also relies on other open source software
in order to function properly.
The sensor list includes security/barnyard, security/snort,
security/sancp, tcpdump (a part of the OS) and devel/tcltls as
well as lang/tcl84 and lang/tclX. Care has been taken to ensure
that everything you need to build a working sguil operation is
in the FreeBSD ports system or part of the OS already.
Sguil currently functions as an analysis interface and has
no snort sensor or rule management capabilities.
WWW: http://sguil.sourceforge.net/index.phppauls@utdallas.edu
PR: ports/95018
Submitted by: Paul Schmehl <pauls at utdallas.edu>
This is the Metasploit Project. The goal is to provide useful
information to people who perform penetration testing, IDS signature
development, and exploit research. This site was created to fill the
gaps in the information publicly available on various exploitation
techniques and to create a useful resource for exploit developers. The
tools and information on this site are provided for legal penetration
testing and research purposes only.
This port is an in-development version of the upcoming Metasploit Framework.
It is based on Ruby instead of perl, and has a different license.
WWW: http://www.metasploit.org
PR: ports/101280
Submitted by: Yonatan <onatan at gmail.com>
over time. It does this by checking for changes on the target
machine(s), which includes the details about the services running on
them as well as the service state. PBNJ parses the data from a scan
and stores it in a database. PBNJ uses Nmap to perform scans.
WWW: http://www.sf.net/projects/pbnj
PR: ports/100904
Submitted by: Joshua D. Abraham <jabra(at)ccs.neu.edu>
your files, is immune to filenames containing spaces, carriage returns,
dashes, or any other special characters. You can use it in place of rm
in cron jobs, together with "find ... -print0". The output of fwipe0 is
specially designed to be parsed easily by machine, so it can be embedded
in other applications which need secure file erasure.
WWW: http://jeenyus.net/~budney/linux/software/fwipe.html
PR: ports/103488
Submitted by: David Thiel <lx(at)redundancy.redundancy.org>
Simple HTTP Scanner is a creation made for web site pen testing. You can
check for directories and files on the remote web server and get some
server information like the webserver running.
WWW: http://sourceforge.net/projects/shttpscanner/
Author: Paisterist <paisterist@users.sourceforge.net>
1.1. TLS Lite supports non-traditional authentication methods such as SRP,
shared keys, and cryptoIDs in addition to X.509 certificates. TLS Lite is pure
Python, however it can access OpenSSL, cryptlib, pycrypto, and GMPY for faster
crypto operations. TLS Lite integrates with httplib, xmlrpclib, poplib,
imaplib, smtplib, SocketServer, asyncore, and Twisted.
WWW: http://trevp.net/tlslite/
PR: ports/102923
Submitted by: Alexander Botero-Lowry <alex at foxybanana.com>
It was designed to protect servers and users from known and
unknown flaws in PHP applications and the PHP core.
Suhosin comes in two independent parts, that can be used
separately or in combination. The first part is a small patch
against the PHP core, that implements a few low-level
protections against bufferoverflows or format string
vulnerabilities and the second part is a powerful PHP extension
that implements all the other protections.
Suhosin is binary compatible to normal PHP installation,
which means it is compatible to 3rd party binary extension
like ZendOptimizer.
WWW: http://www.suhosin.org/
SSL 3.0 protocols. The library does not include any patented algorithms and
is available under the GNU Lesser GPL license.
Important features of the GnuTLS library include:
- Thread safety
- Support for both TLS 1.0 and SSL 3.0 protocols
- Support for both X.509 and OpenPGP certificates
- Support for basic parsing and verification of certificates
- Support for SRP for TLS authentication
- Support for TLS Extension mechanism
- Support for TLS Compression Methods
Additionaly GnuTLS provides an emulation API for the widely used
OpenSSL library, to ease integration with existing applications.
WWW: http://www.gnutls.org/
SinFP is a new approach to OS fingerprinting, which bypasses
limitations that nmap has.
Nmap approaches to fingerprinting as shown to be efficient for years.
Nowadays, with the omni-presence of stateful filtering devices,
PAT/NAT configurations and emerging packet normalization technologies,
its approach to OS fingerprinting is becoming to be obsolete.
SinFP uses the aforementioned limitations as a basis for tests to be
obsolutely avoided in used frames to identify accurately the remote
operating system. That is, it only requires one open TCP port, sends
only fully standard TCP packets, and limits the number of tests to 2
or 3 (with only 1 test giving the OS reliably in most cases).
WWW: http://www.gomor.org/sinfp
By sniffing a VNC challenge-response sequence off the network
(typically when VNC is used without a decent cryptographic
wrapper like SSH or SSL), you can recover the password fairly
easily and quickly by letting VNCcrack pound on it.
WWW: http://www.randombit.net/projects/vnccrack/
PR: ports/102279
Submitted by: Pankov Pavel <pankov_p at mail.ru>
Kerberos V5 is an authentication system developed at MIT.
(Linux version)
WWW: http://web.mit.edu/kerberos/
- New port: security/linux-openssl
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, full-featured, and Open Source toolkit implementing
the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security
(TLS v1) protocols with full-strength cryptography world-wide. The
project is managed by a worldwide community of volunteers that use
the Internet to communicate, plan, and develop the OpenSSL tookit
and its related documentation.
OpenSSL is based on the excellent SSLeay library developed by Eric
A. Young and Tim J. Hudson. The OpenSSL toolkit is licensed under
an Apache-style licence, which basically means that you are free
to get and use it for commercial and non-commercial purposes subject
to some simple license conditions.
(Linux version)
WWW: http://www.openssl.org/
Approved by: garga (mentor)
The GNOME Password Manager - GPass for short - is a simple
application, written for the GNOME 2 desktop, that lets you manage a
collection of passwords. The password collection is stored in an
encrypted file, protected by a master-password.
GPass is released under the GNU GPL2 licence.
Features:
* Clean and easy-to-use user interface.
* Quick-search facility.
* Username and password may easily be copied to the clipboard.
* Encryption is done using the OpenSSL cryptographics library.
* The built-in password generator helps you generate secure passwords.
* You can launch a website and the associated username/passwords
direct from GPass
Author: Kouji TAKAO <kouji -at- netlab.jp>
WWW: http://projects.netlab.jp/gpass/
PR: ports/100845
Submitted by: ports_at_c0decafe.net <ports at c0decafe.net>
Approved by: garga (mentor)
connections into Tor.
trans-proxy-tor is a transparent proxy
that uses PF to redirect TCP connections
through Tor (http://tor.eff.org/).
Programs that aren't aware of Tor
will use it without their knowledge,
and their traffic no longer leaves the
system unencrypted.
PR: ports/99034
Submitted by: Fabian Keil <fk at fabiankeil.de>
dns-proxy-tor is a DNS server that stops
DNS leaks with applications that don't support
or aren't configured to use socks4a or Tor's DNS
resolution.
WWW: http://http://p56soo2ibjkx23xo.onion/
PR: ports/99033
Submitted by: Fabian Keil <fk at fabiankeil.de>
to use Crypt::Rijndael where available. This implementation is really
slow, but I am working on it.
WWW: http://search.cpan.org/dist/Crypt-Rijndael_PP/
PR: ports/100262
Submitted by: Gea-Suan Lin <gslin at gslin.org>
come standard on most unix-like distributions. This allows you to check
passwords against dictionaries of words to ensure some minimal level of
password security.
From the cracklib README
CrackLib makes literally hundreds of tests to determine whether you've
chosen a bad password.
* It tries to generate words from your username and gecos entry to tries
to match them against what you've chosen.
* It checks for simplistic patterns.
* It then tries to reverse-engineer your password into a dictionary
word, and searches for it in your dictionary.
- after all that, it's PROBABLY a safe(-ish) password. 8-)
WWW: http://pecl.php.net/package/crack
PR: ports/94244
Submitted by: Bill Moran <wmoran at collaborativefusion.com>
meaning that you cannot administrate an OpenVPN server with it (Look for kvpnc
if you want such a program). You can use it to connect and disconnect without
needing to open a console. You can also input username and/or password that
might be needed.
In Short: It can do everything an end-user want's for his everyday work with
OpenVPN.
WWW: http://www.enlighter.de/
--Anderson S. Ferreira <anderson@cnpm.embrapa.br>
PR: ports/95709
Submitted by: anderson@cnpm.embrapa.br
It can be loaded using code, config file or command line and
will pass any function call by openssl to a PKCS#11 module.
Engine_pkcs11 is meant to be used with smart cards and software
for using smart cards in PKCS#11 format, such as OpenSC.
WWW: http://www.opensc-project.org/engine_pkcs11/
Note: the port requires the OpenSSL installed from ports,
since dynamic engine loading is disabled in base system.
See PR bin/79570 for details.
for using crpytographic tokens such as smart cards and
usb crypto tokens for authentication.
Pam_p11 uses libp11 to access any PKCS#11 module.
It should be compatible with any implementation, but it
is primarely developed using OpenSC.
Pam_p11 implements two authentication modules:
* pam_p11_openssh authenticates the user using his
openssh ~/.ssh/authorized_keys file.
* pam_p11_opensc authenticates the user using
certificates found in ~/.eid/authorized_certificates.
Pam_p11 is very simple, it has no config file, no options
other than the PKCS#11 module file, does not know about
certificate chains, certificate authorities, revocation
lists or OCSP. Perfect for the small installation with no
frills.
WWW: http://www.opensc-project.org/pam_p11/
authentication algorithm used by Microsoft.
NTLM authentication scheme is used in DCOM and HTTP environment. It is
used to authenticate DCE RPC packets in DCOM. It is also used to
authenticate HTTP packets to MS Web Proxy or MS Web Server.
Currently, it is the authentication scheme Internet Explorer chooses to
authenticate itself to proxies/web servers that supports NTLM.
WWW: http://search.cpan.org/dist/Authen-NTLM/
PR: ports/98684
Submitted by: James Thomason <james@divide.org>
The pam_authsrv module provides TIS authsrv authentication to PAM-aware
applications. It has been tested under AIX 4.3.3 (using the Linux-PAM for
AIX patch) and 5.1, Solaris 8 and 9, RedHat Linux 7.2, and HP-UX 11.00.
The pam_authsrv source code is available from:
ftp://ftp.feep.net/pub/software/PAM/pam_authsrv/pam_authsrv-1.0.2.tar.gz
Binaries of pam_authsrv are available as Encap packages for a variety of
platforms.
For further information, please see the enclosed README file.
WWW: http://www.feep.net/PAM/pam_authsrv/
PR: ports/97157
Submitted by: Jim Pirzyk <pirzyk@FreeBSD.org>
in a signed pickle file. There are two big differences between this module and
the standard pickle module. First, TrustedPickle can pickle a module, but the
standard pickle module cannot. Second, TrustedPickle includes a signature that
can verify the data's origin before the data is unpickled.
WWW: http://trustedpickle.sourceforge.net/index.html
PR: ports/96691
Submitted by: Alexander Botero-Lowry <alex@foxybanana.com>
Approved by: lawrance (mentor)
that uses the courier-authlib authentication library to find user credentials.
Its interface follows that of Daniel J. Bernstein's checkpassword program.
WWW: http://www.arda.homeunix.net/store/
PR: ports/96572
Submitted by: Andrew St. Jean <andrew@arda.homeunix.net>
information and simplifies the tasks of searching and entering password data.
KedPM is written as an extensible framework, which allows users to plug in
custom password database back-ends and custom user interface front-ends.
Currently, only the Figaro PM back-end supported. To control KedPM user can
choose between CLI and GTK2 based GUI front-ends.
WWW: http://kedpm.sourceforge.net
PR: ports/96321
Submitted by: Tim Welch <twelch@thepentagon.org>
fswatch is a utility to guard changes in a file system. fswatch is composed
of three simple programs: fswbuild, fswcmp, fswshow. fswbuild builds file
system information database. fswcmp compairs two database files and returns
what changes a in file system have been introduced. fswshow shows contents of
database file. a file information database is platform independend.
fswatch can collect the following information about files (and directories):
inode, links, uid, gid, mode, size, flags, ctime, checksum (sha1) ; and can
show which files were added, deleted or changed.
PR: ports/95973
Submitted by: dominik karczmarski <dominik@karczmarski.com> (maintainer)
Reworked by: jmelo
Approved by: mnag (mentor)
FreeBSD, it is now extremely obsolete. In any case it doesn't compile. Earlier
version of this port can still be used on older versions of FreeBSD of course.
prevent brute-force attacks on services like SSH or Telnet. It's highly
configurable and very fast.
WWW: http://mbsd.msk.ru/pam_af.html
PR: ports/94113
Submitted by: Stanislav Sedov <ssedov@mbsd.msk.ru>
It uses TCL/Tk and runs on most platforms supported by Tcl/Tk.
WWW: http://www.fpx.de/fp/Software/Gorilla
PR: ports/93179
Submitted by: Kay Lehmann <kay_lehmann@web.de>
