ClamTk is a GUI front-end for ClamAV using gtk2-perl. It is designed to
be an easy-to-use frontend for Unix systems.
WWW: http://clamtk.sourceforge.net/
Author: Dave M <dave.nerd@gmail.com>
provides Web Single SignOn (SSO) across or within organizational
boundaries. It allows sites to make informed authorization decisions
for individual access of protected online resources in a
privacy-preserving manner.
This software is a C++ implementation of the Service Provider
component of the Shibboleth can be used in Apache Web servers. The
service provider manages secured resources. User access to resources
is based on assertions received by the service provider (SP) from
an identity provider.
WWW: http://shibboleth.internet2.edu/
PR: ports/114663
Submitted by: Janos Mohacsi <janos.mohacsi@bsd.hu>
Alliance standards; it defines processes for federated identities,
single sign-on and related protocols. Lasso is built on top of
libxml2, XMLSec and OpenSSL and is licensed under the GNU General
Public License (with an OpenSSL exception).
WWW: http://lasso.entrouvert.org/
PR: ports/114639
Submitted by: Gea-Suan Lin <gslin at gslin.org>
management and identity web services protocols. Initial goal is
supporting SP role, followed by ID-WSF WSC and IdP roles.
ZXID is light weight, has a small foot print, and is implemented in C.
It is suitable for both high performance and embedded applications.
Scripting languages are supported using SWIG, including Perl, PHP and
Java. The "full stack" nature of ZXID means it's self contained and
has minimal external library dependencies (see downloads).
WWW: http://zxid.org/
PR: ports/114346
Submitted by: Gea-Suan Lin <gslin at gslin.org>
This package provides parallel versions of the openssh tools. Included
in the distribution:
- Parallel ssh (pssh)
- Parallel scp (pscp)
- Parallel rsync (prsync)
- Parallel nuke (pnuke)
- Parallel slurp (pslurp)
What are these tools good for? Mainly for controlling large collections
of nodes in the wide-area.
WWW: http://www.theether.org/pssh/
intercept Instant Text Messaging. Optionally, intercepted text messages can be
stored onto an RDMBS (Only mySQL is supported for now). Given that mySQL is
used, stored instant messages can be read through a browser interface that is
written in PHP language. Please see the INSTALL.txt file for instructions on
how to install, configure and run EnderUNIX scanhill.
WWW: http://www.enderunix.org/scanhill/
ExecWrap is a super-user exec wrapper for the lighttpd web-server, but
it can be used in any environment as long as arguments can be passed
from the server to its children via the environment.
WWW: http://cyanite.org/execwrap/
Author: Sune Foldager <cryo@cyanite.org>
This implement a large majority of OpenSSL's useful X509 API.
The email() method supports both certificates where the
subject is of the form:
"... CN=Firstname lastname/emailAddress=user@domain", and also
certificates where there is a X509v3 Extension of the form
"X509v3 Subject Alternative Name: email=user@domain".
Submitted by: kftseng@iyard.org
2007-04-27 security/op: no longer available from any mastersite
2007-05-15 shells/bash2: Old, unmaintained version, use shells/bash instead
2007-05-19 sysutils/xperfmon: irrelevant for supported FreeBSD releases
smap is a simple scanner for SIP enabled devices
smap sends off various SIP requests awaiting responses from SIP
enabled DSL router, proxies and user agents. It could be considered
a mashup of nmap and sipsak ;)
WWW: http://www.wormulon.net/
Author: Hendrik Scholz <hscholz@raisdorf.net>
2007-03-28 graphics/hobbes-icons-xpm: Archaic port
2007-04-10 japanese/firefox-ja: Incomplete pkg-plist
2007-04-10 japanese/lookup-xemacs: Does not install
2007-04-10 lang/linux-hla: Does not compile
2007-04-10 mail/vmailmgr: Incomplete pkg-plist
2007-04-10 multimedia/qvamps: Touches filesystem prior to 'make install'
2007-03-10 net-mgmt/sting: Broken on all supported versions of FreeBSD
2007-04-10 net-mgmt/tas: Incomplete pkg-plist
2007-04-10 net-p2p/verlihub-plugins: Does not configure, it needs at least verlihub 1.0
2007-04-10 news/inn-stable: Fails to patch
2007-04-10 palm/malsync: Does not build with new pilot-link
2007-04-10 russian/elm.language: Leaves behind files on deinstall
2007-04-10 russian/pine.language: Leaves behind config file on deinstall
2007-04-01 science/py-scipy03: Replaced by py-scipy
2007-04-10 security/php4-cryptopp: Does not compile
scanning engine for primary scan but has in addition to that a system of
system of internal heuristics devised to search for unknown viruses.
Please note that the license explicitly permits that F-Prot Antivirus BSD
Mail Servers be used for evaluation purposes only, without charge for a
period of no more than 60 days. If you use this software after the 60 day
evaluation period, then you must register and pay a license fee.
WWW: http://www.f-prot.com/
PR: ports/110107
Submitted by: Scot W. Hetzel <swhetzel at gmail.com>
as Cryptoki) modules accessible from within Java. A PKCS#11 module is a
software library with a defined API which allows access to cryptographic
hardware. It usually comes with hardware security modules (HSM), smart
cards and crypto tokens (e.g. USB tokens). Thus, the PKCS#11 Wrapper
provides Java software access to almost any crypto hardware. For
example, a Java application can use it to integrate a HSM or a smart
card to create digital signatures, to decrypt data or to unwrap keys.
WWW: http://jce.iaik.tugraz.at/sic/products/core_crypto_toolkits/pkcs_11_wrapper
Jeta is the Horde wrapper around various Java SSH applets. It allows users
to login via a terminal window to the server on which the Horde application is
running.
WWW: http://www.horde.org/jeta/
PR: ports/109095
Submitted by: Beech Rintoul <beech@alaskaparadise.com>
to the execve() function provided by libc as to log every call
to syslog (authpriv). system administrators may find snoopy
useful in tasks such as light/heavy system monitoring, tracking other
administrator's actions as well as getting a good 'feel' of
what's going on in the system (for example apache running cgi
scripts).
WWW: http://sourceforge.net/projects/snoopylogger/
PR: ports/108691
Submitted by: Philippe Audeoud <jadawin at tuxaco.net>
AES, Blowfish, Cast5, IDEA and DES cyphers.
WWW: http://www.aolserver.com/
- Martin Matuska
martin@matuska.org
PR: ports/105781
Submitted by: Martin Matuska <martin@matuska.org>
Approved by: erwin (mentor)
with PKCS#11 providers for end-user applications.
pkcs11-helper allows using multiple PKCS#11 providers at
the same time, enumerating available token certificates, or
selecting a certificate directly by serialized id, handling
card removal and card insert events, handling card re-insert
to a different slot, supporting session expiration and much
more all using a simple API.
pkcs11-helper is not designed to manage card content, since
object attributes are usually vendor specific, and 99% of
application need to access existing objects in order to
perform signature and decryption.
WWW: http://www.opensc-project.org/pkcs11-helper/
2006-12-01 print/ec-fonts-mftraced: Installs files before 'make install'
2006-12-01 print/yatex-xemacs-mule: hangs during build
2006-12-01 security/gnu-crypto: Does not compile
2006-12-01 www/linux-beonex: Security issues. From http://www.beonex.com/ 'The currently available Beonex Communicator 0.8 builds have several known security bugs'
files.
The Windows systems (98, ME, 2000, XP and 2003 Server) can store thumbnails
and metadata of the picture files contained in the directories of its FAT32
or NTFS filesystems.
The thumbnails and associated metadata are stored in Thumbs.db files.
The Thumbs.db files are undocumented OLE structured files.
Once a picture file has been deleted from the filesystem, the related thumbnail
and associated metada remain stored in the Thumbs.db file. So, the data
contained in those Thumbs.db files are an helpful source of information
for the forensics investigator.
WWW: http://vinetto.sourceforge.net/
PR: ports/107235
Submitted by: Aleksander Fafula <alex at BSDGuru.org>
Pantera uses an improved version of SpikeProxy to provide a powerful web
application analysis engine.
Goals:
The primary goal of Pantera is to combine automated capabilities with complete
manual testing to get the best penetration testing results.
WWW: http://www.owasp.org/index.php/Category:OWASP_Pantera_Web_Assessment_Studio_Project
PR: ports/105291
Submitted by: Yonatan <onatan at gmail.com>
decentralized and doesn't entirely crumble if one company turns evil
or goes out of business.
An OpenID identity is just a URL. You can have multiple identities in
the same way you can have multiple URLs. All OpenID does is provide a
way to prove that you own a URL (identity).
Anybody can run their own site using OpenID, and anybody can be an
OpenID server, and they all work with each other without having to
register with or pay anybody to "get started". An owner of a URL can
pick which OpenID server to use.
WWW: http://www.openidenabled.com/openid/libraries/perl/
specification as well as making API changes that should make
integration with applications easier.
This library allows the use of XRI as OpenID identifiers, allowing users
to log in with their i-names. For full XRI compatibility,
relying parties integrating this library should take note of the user's
CanonicalID, as described in the "Identifying the End User" section of
the OpenID 2.0 specification.
WWW: http://www.openidenabled.com/openid/libraries/python/
maintains compatibility with Password Safe files. MyPasswordSafe has the
following features:
* Safes are encrypted when they are stored to disk.
* Passwords never have to be seen, because they are copied to the clipboard.
* Random passwords can be generated.
* Window size, position, and column widths are remembered.
* Passwords remain encrypted until they need to be decrypted at the dialog and
file levels.
* A safe can be made active so it will always be opened when MyPasswordSafe
starts.
* Supports Unicode in the safes.
* Languages supported: English and French.
WWW: http://www.semanticgap.com/myps/
Python secure hash and message digest module MD5, SHA1, SHA224, SHA256,
SHA384 and SHA512 (backported from Python 2.5 for use on 2.3 and 2.4)
WWW: http://code.krypto.org/python/hashlib/
examines the sequence of client-server exchanges, their relative
layer 7 payload sizes, and transmission intervals (as opposed to
inspecting the contents, which is what most passive fingerprinters
and "smart" sniffers would do to analyze transmissions). This is
then matched against a database of traffic pattern signatures to
infer some interesting facts about the traffic.
PR: ports/106351
Submitted by: trasz <trasz at pin.if.uz.zgora.pl>
ClamAV clamd service - an anti-virus daemon process.
You can find more information about clam anti-virus at
WWW: http://www.clamav.net/
File::Scan::ClamAV was originally based on the Clamd module
Submitted by: Jan-Peter Koopmann <Jan-Peter.Koopmann at seceidos.de>
an open source intrusion detection system.
The actual interface and GUI server are written in tcl/tk.
Sguil also relies on other open source software
in order to function properly.
The client requires gpg, iwidgets and other tcl packages and may
also use wireshark, festival and tls depending on your selection
of options. Run "make config" in the port to see what options
are available.
Sguil currently functions as an analysis interface and has
no snort sensor or rule management capabilities.
WWW: http://sguil.sourceforge.net/index.phppauls@utdallas.edu
PR: ports/105496
Submitted by: Paul Schmehl <pauls at utdallas.edu>
Platform-independent tool for Authenticode signing of EXE/CAB files - uses
OpenSSL and libcurl. It also supports timestamping.
PR: ports/105353
Submitted By: Nick Barkas <snb@threerings.net>
Approved By: flz (mentor)
Security Monitoring (NSM). NSM is the collection,
analysis, and escalation of indications and warnings
to detect and respond to intrusions. NSM tools are
used more for network audit and specialized
applications than traditional alert-centric "intrusion
detection" systems.
Want to learn more about Network Security Monitoring
(NSM)? Then check out Richard Bejtlich's recently
released book, The Tao of Network Security Monitoring:
Beyond Intrusion Detection. An excerpt reads:
"Network security monitoring (NSM) equips security
staff to deal with the inevitable consequences of too
few resources and too many responsibilities. NSM collects
the data needed to generate better assessment, detection,
and response processes--resulting in decreased impact from
unauthorized activities."
WWW: http://sguil.sourceforge.net/index.phppauls@utdallas.edu
PR: ports/104227
Submitted by: Paul Schmehl <pauls at utdallas.edu>
(www.snort.org), an open source intrusion detection system.
The actual interface and GUI server are written in tcl/tk
(www.tcl.tk). Sguil also relies on other open source software
in order to function properly.
The sensor list includes security/barnyard, security/snort,
security/sancp, tcpdump (a part of the OS) and devel/tcltls as
well as lang/tcl84 and lang/tclX. Care has been taken to ensure
that everything you need to build a working sguil operation is
in the FreeBSD ports system or part of the OS already.
Sguil currently functions as an analysis interface and has
no snort sensor or rule management capabilities.
WWW: http://sguil.sourceforge.net/index.phppauls@utdallas.edu
PR: ports/95018
Submitted by: Paul Schmehl <pauls at utdallas.edu>
This is the Metasploit Project. The goal is to provide useful
information to people who perform penetration testing, IDS signature
development, and exploit research. This site was created to fill the
gaps in the information publicly available on various exploitation
techniques and to create a useful resource for exploit developers. The
tools and information on this site are provided for legal penetration
testing and research purposes only.
This port is an in-development version of the upcoming Metasploit Framework.
It is based on Ruby instead of perl, and has a different license.
WWW: http://www.metasploit.org
PR: ports/101280
Submitted by: Yonatan <onatan at gmail.com>
over time. It does this by checking for changes on the target
machine(s), which includes the details about the services running on
them as well as the service state. PBNJ parses the data from a scan
and stores it in a database. PBNJ uses Nmap to perform scans.
WWW: http://www.sf.net/projects/pbnj
PR: ports/100904
Submitted by: Joshua D. Abraham <jabra(at)ccs.neu.edu>
your files, is immune to filenames containing spaces, carriage returns,
dashes, or any other special characters. You can use it in place of rm
in cron jobs, together with "find ... -print0". The output of fwipe0 is
specially designed to be parsed easily by machine, so it can be embedded
in other applications which need secure file erasure.
WWW: http://jeenyus.net/~budney/linux/software/fwipe.html
PR: ports/103488
Submitted by: David Thiel <lx(at)redundancy.redundancy.org>
Simple HTTP Scanner is a creation made for web site pen testing. You can
check for directories and files on the remote web server and get some
server information like the webserver running.
WWW: http://sourceforge.net/projects/shttpscanner/
Author: Paisterist <paisterist@users.sourceforge.net>
1.1. TLS Lite supports non-traditional authentication methods such as SRP,
shared keys, and cryptoIDs in addition to X.509 certificates. TLS Lite is pure
Python, however it can access OpenSSL, cryptlib, pycrypto, and GMPY for faster
crypto operations. TLS Lite integrates with httplib, xmlrpclib, poplib,
imaplib, smtplib, SocketServer, asyncore, and Twisted.
WWW: http://trevp.net/tlslite/
PR: ports/102923
Submitted by: Alexander Botero-Lowry <alex at foxybanana.com>
It was designed to protect servers and users from known and
unknown flaws in PHP applications and the PHP core.
Suhosin comes in two independent parts, that can be used
separately or in combination. The first part is a small patch
against the PHP core, that implements a few low-level
protections against bufferoverflows or format string
vulnerabilities and the second part is a powerful PHP extension
that implements all the other protections.
Suhosin is binary compatible to normal PHP installation,
which means it is compatible to 3rd party binary extension
like ZendOptimizer.
WWW: http://www.suhosin.org/
SSL 3.0 protocols. The library does not include any patented algorithms and
is available under the GNU Lesser GPL license.
Important features of the GnuTLS library include:
- Thread safety
- Support for both TLS 1.0 and SSL 3.0 protocols
- Support for both X.509 and OpenPGP certificates
- Support for basic parsing and verification of certificates
- Support for SRP for TLS authentication
- Support for TLS Extension mechanism
- Support for TLS Compression Methods
Additionaly GnuTLS provides an emulation API for the widely used
OpenSSL library, to ease integration with existing applications.
WWW: http://www.gnutls.org/
SinFP is a new approach to OS fingerprinting, which bypasses
limitations that nmap has.
Nmap approaches to fingerprinting as shown to be efficient for years.
Nowadays, with the omni-presence of stateful filtering devices,
PAT/NAT configurations and emerging packet normalization technologies,
its approach to OS fingerprinting is becoming to be obsolete.
SinFP uses the aforementioned limitations as a basis for tests to be
obsolutely avoided in used frames to identify accurately the remote
operating system. That is, it only requires one open TCP port, sends
only fully standard TCP packets, and limits the number of tests to 2
or 3 (with only 1 test giving the OS reliably in most cases).
WWW: http://www.gomor.org/sinfp
By sniffing a VNC challenge-response sequence off the network
(typically when VNC is used without a decent cryptographic
wrapper like SSH or SSL), you can recover the password fairly
easily and quickly by letting VNCcrack pound on it.
WWW: http://www.randombit.net/projects/vnccrack/
PR: ports/102279
Submitted by: Pankov Pavel <pankov_p at mail.ru>
Kerberos V5 is an authentication system developed at MIT.
(Linux version)
WWW: http://web.mit.edu/kerberos/
- New port: security/linux-openssl
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, full-featured, and Open Source toolkit implementing
the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security
(TLS v1) protocols with full-strength cryptography world-wide. The
project is managed by a worldwide community of volunteers that use
the Internet to communicate, plan, and develop the OpenSSL tookit
and its related documentation.
OpenSSL is based on the excellent SSLeay library developed by Eric
A. Young and Tim J. Hudson. The OpenSSL toolkit is licensed under
an Apache-style licence, which basically means that you are free
to get and use it for commercial and non-commercial purposes subject
to some simple license conditions.
(Linux version)
WWW: http://www.openssl.org/
Approved by: garga (mentor)
The GNOME Password Manager - GPass for short - is a simple
application, written for the GNOME 2 desktop, that lets you manage a
collection of passwords. The password collection is stored in an
encrypted file, protected by a master-password.
GPass is released under the GNU GPL2 licence.
Features:
* Clean and easy-to-use user interface.
* Quick-search facility.
* Username and password may easily be copied to the clipboard.
* Encryption is done using the OpenSSL cryptographics library.
* The built-in password generator helps you generate secure passwords.
* You can launch a website and the associated username/passwords
direct from GPass
Author: Kouji TAKAO <kouji -at- netlab.jp>
WWW: http://projects.netlab.jp/gpass/
PR: ports/100845
Submitted by: ports_at_c0decafe.net <ports at c0decafe.net>
Approved by: garga (mentor)
connections into Tor.
trans-proxy-tor is a transparent proxy
that uses PF to redirect TCP connections
through Tor (http://tor.eff.org/).
Programs that aren't aware of Tor
will use it without their knowledge,
and their traffic no longer leaves the
system unencrypted.
PR: ports/99034
Submitted by: Fabian Keil <fk at fabiankeil.de>
dns-proxy-tor is a DNS server that stops
DNS leaks with applications that don't support
or aren't configured to use socks4a or Tor's DNS
resolution.
WWW: http://http://p56soo2ibjkx23xo.onion/
PR: ports/99033
Submitted by: Fabian Keil <fk at fabiankeil.de>
to use Crypt::Rijndael where available. This implementation is really
slow, but I am working on it.
WWW: http://search.cpan.org/dist/Crypt-Rijndael_PP/
PR: ports/100262
Submitted by: Gea-Suan Lin <gslin at gslin.org>
come standard on most unix-like distributions. This allows you to check
passwords against dictionaries of words to ensure some minimal level of
password security.
From the cracklib README
CrackLib makes literally hundreds of tests to determine whether you've
chosen a bad password.
* It tries to generate words from your username and gecos entry to tries
to match them against what you've chosen.
* It checks for simplistic patterns.
* It then tries to reverse-engineer your password into a dictionary
word, and searches for it in your dictionary.
- after all that, it's PROBABLY a safe(-ish) password. 8-)
WWW: http://pecl.php.net/package/crack
PR: ports/94244
Submitted by: Bill Moran <wmoran at collaborativefusion.com>
meaning that you cannot administrate an OpenVPN server with it (Look for kvpnc
if you want such a program). You can use it to connect and disconnect without
needing to open a console. You can also input username and/or password that
might be needed.
In Short: It can do everything an end-user want's for his everyday work with
OpenVPN.
WWW: http://www.enlighter.de/
--Anderson S. Ferreira <anderson@cnpm.embrapa.br>
PR: ports/95709
Submitted by: anderson@cnpm.embrapa.br
It can be loaded using code, config file or command line and
will pass any function call by openssl to a PKCS#11 module.
Engine_pkcs11 is meant to be used with smart cards and software
for using smart cards in PKCS#11 format, such as OpenSC.
WWW: http://www.opensc-project.org/engine_pkcs11/
Note: the port requires the OpenSSL installed from ports,
since dynamic engine loading is disabled in base system.
See PR bin/79570 for details.
for using crpytographic tokens such as smart cards and
usb crypto tokens for authentication.
Pam_p11 uses libp11 to access any PKCS#11 module.
It should be compatible with any implementation, but it
is primarely developed using OpenSC.
Pam_p11 implements two authentication modules:
* pam_p11_openssh authenticates the user using his
openssh ~/.ssh/authorized_keys file.
* pam_p11_opensc authenticates the user using
certificates found in ~/.eid/authorized_certificates.
Pam_p11 is very simple, it has no config file, no options
other than the PKCS#11 module file, does not know about
certificate chains, certificate authorities, revocation
lists or OCSP. Perfect for the small installation with no
frills.
WWW: http://www.opensc-project.org/pam_p11/
authentication algorithm used by Microsoft.
NTLM authentication scheme is used in DCOM and HTTP environment. It is
used to authenticate DCE RPC packets in DCOM. It is also used to
authenticate HTTP packets to MS Web Proxy or MS Web Server.
Currently, it is the authentication scheme Internet Explorer chooses to
authenticate itself to proxies/web servers that supports NTLM.
WWW: http://search.cpan.org/dist/Authen-NTLM/
PR: ports/98684
Submitted by: James Thomason <james@divide.org>
The pam_authsrv module provides TIS authsrv authentication to PAM-aware
applications. It has been tested under AIX 4.3.3 (using the Linux-PAM for
AIX patch) and 5.1, Solaris 8 and 9, RedHat Linux 7.2, and HP-UX 11.00.
The pam_authsrv source code is available from:
ftp://ftp.feep.net/pub/software/PAM/pam_authsrv/pam_authsrv-1.0.2.tar.gz
Binaries of pam_authsrv are available as Encap packages for a variety of
platforms.
For further information, please see the enclosed README file.
WWW: http://www.feep.net/PAM/pam_authsrv/
PR: ports/97157
Submitted by: Jim Pirzyk <pirzyk@FreeBSD.org>
in a signed pickle file. There are two big differences between this module and
the standard pickle module. First, TrustedPickle can pickle a module, but the
standard pickle module cannot. Second, TrustedPickle includes a signature that
can verify the data's origin before the data is unpickled.
WWW: http://trustedpickle.sourceforge.net/index.html
PR: ports/96691
Submitted by: Alexander Botero-Lowry <alex@foxybanana.com>
Approved by: lawrance (mentor)
that uses the courier-authlib authentication library to find user credentials.
Its interface follows that of Daniel J. Bernstein's checkpassword program.
WWW: http://www.arda.homeunix.net/store/
PR: ports/96572
Submitted by: Andrew St. Jean <andrew@arda.homeunix.net>
information and simplifies the tasks of searching and entering password data.
KedPM is written as an extensible framework, which allows users to plug in
custom password database back-ends and custom user interface front-ends.
Currently, only the Figaro PM back-end supported. To control KedPM user can
choose between CLI and GTK2 based GUI front-ends.
WWW: http://kedpm.sourceforge.net
PR: ports/96321
Submitted by: Tim Welch <twelch@thepentagon.org>
fswatch is a utility to guard changes in a file system. fswatch is composed
of three simple programs: fswbuild, fswcmp, fswshow. fswbuild builds file
system information database. fswcmp compairs two database files and returns
what changes a in file system have been introduced. fswshow shows contents of
database file. a file information database is platform independend.
fswatch can collect the following information about files (and directories):
inode, links, uid, gid, mode, size, flags, ctime, checksum (sha1) ; and can
show which files were added, deleted or changed.
PR: ports/95973
Submitted by: dominik karczmarski <dominik@karczmarski.com> (maintainer)
Reworked by: jmelo
Approved by: mnag (mentor)
FreeBSD, it is now extremely obsolete. In any case it doesn't compile. Earlier
version of this port can still be used on older versions of FreeBSD of course.
prevent brute-force attacks on services like SSH or Telnet. It's highly
configurable and very fast.
WWW: http://mbsd.msk.ru/pam_af.html
PR: ports/94113
Submitted by: Stanislav Sedov <ssedov@mbsd.msk.ru>
It uses TCL/Tk and runs on most platforms supported by Tcl/Tk.
WWW: http://www.fpx.de/fp/Software/Gorilla
PR: ports/93179
Submitted by: Kay Lehmann <kay_lehmann@web.de>
SiLK, the System for Internet-Level Knowledge, is a collection of
netflow tools developed by the CERT/NetSA (Network Situational
Awareness) Team to facilitate security analysis in large networks.
SiLK consists of a suite of tools which collect and examine netflow
data, allowing analysts to rapidly query large sets of data.
WWW: http://silktools.sourceforge.net
PR: ports/94623
Submitted by: David Thiel <lx@redundancy.redundancy.org>
function from the popular TCP Wrappers security package. This
allows validation of network access from perl programs against
the system-wide hosts.allow file.
WWW: http://search.cpan.org/dist/Authen-Libwrap
PR: ports/92855
Submitted by: Zach Thompson <hideo@lastamericanempire.com>
offer really good functionality for doing this in a safe way.
The Input Filter extension is meant to address this issue by implementing
a set of filters and mechanisms that users can use to safely access their
input data.
WWW: http://pecl.php.net/package/filter
PR: ports/92198
Submitted by: Alexander Zhuravlev <zaa@zaa.pp.ru>
supports the following features:
- User authentication via explicit username/password, or using a
public-key/private-key pair.
- Port forwarding, both from the local host to a remote computer via
the remote host, and from the remote host to the local host.
- Execute processes on the remote machine, both interactively and
non-interactively ("batch").
PR: ports/91828
Submitted by: Roderick van Domburg <r.s.a.vandomburg@student.utwente.nl>
The ldap_integration Drupal module allows users to authenticate against
a LDAP directory. Additionally, users can read and modify their data in
the LDAP directory subject to administrative restrictions.
verification of BIR entries. It only implements a subset of the BioAPI
specification but should provide enough functionallity for basic account
management.
PR: ports/91749
Submitted by: Fredrik Lindberg <fli@shapeshifter.se>
Expiretable is a utility used to remove entries from the pf(4) table
based on their age.
The age in question being the amount of time that has passed since
the statistics for each entry in the target table was last cleared.
WWW: http://expiretable.fnord.se/
PR: ports/91481
Submitted by: cris <cris@gufi.org>
Updating the Samhain integrity checking system to 2.1.0, a
bugfix release.
It's been requested by several people to break Samhain out
into separate client and server ports. This PR does that,
with a samhain-client and samhain-server port, as slave
ports off of samhain. I'm not sure the best way to submit
a PR to do this kind of action, but here is a shar of all
three ports. If another format is desired, please let me
know. I'm also interested in feedback on the approach used
for splitting these out.
PR: ports/90305
Submitted by: David Thiel <lx@redundancy.redundancy.org>
Updating the Samhain integrity checking system to 2.1.0, a
bugfix release.
It's been requested by several people to break Samhain out
into separate client and server ports. This PR does that,
with a samhain-client and samhain-server port, as slave
ports off of samhain. I'm not sure the best way to submit
a PR to do this kind of action, but here is a shar of all
three ports. If another format is desired, please let me
know. I'm also interested in feedback on the approach used
for splitting these out.
PR: ports/90305
Submitted by: David Thiel <lx@redundancy.redundancy.org>
The attached shar is for security/cutlass - an encrypted
peer-to-peer voice, text, and file transmission protocol
entended to bring encrypted Internet use to the masses.
Also included is a sample application using the protocol.
Please note that the patch ommited from the PR will have to be added
when ports/91035 : [UPDATE]: security/botan is commited.
PR: ports/91072
Submitted by: Wesley Shields <wxs@csh.rit.edu>
implementation of MD4 (like `Digest::Perl::MD5'). Because of this, it is
slow but avoids platform specific complications. For efficiency you
should use `Digest::MD4' instead of this module if it is available.
WWW: http://search.cpan.org/dist/Digest-Perl-MD4
PR: ports/90771
Submitted by: Gabor Kovesdan
Secure Hash Standard. It gives Perl programmers a convenient way
to calculate SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512 message
digests. The module can handle all types of input, including
partial-byte data.
Digest::SHA::PurePerl is written entirely in Perl. If your platform
has a C compiler, you should install the functionally-equivalent
(but much faster) Digest::SHA module.
WWW: http://search.cpan.org/dist/Digest-SHA-PurePerl
PR: ports/90773
Submitted by: Gabor Kovesdan
of MD5. It is written in perl only and because of this it is slow but it
works without C-Code. You should use "Digest::MD5" instead of this
module if it is available. This module is only usefull for
computers where you cannot install "Digest::MD5" (e.g. lack of a
C-Compiler).
WWW: http://search.cpan.org/dist/Digest-Perl-MD5
PR: ports/90772
Submitted by: Gabor Kovesdan
algorithm presented in "Fast Hashing of Variable Length Text Strings"
- ACM 1990. This hashing technique yields good distribution of hashed results
for variable length input strings on the range 0-255, and thus, it is well
suited for data load balancing.
If you prefer a fast implementation, you might want to
consider Digest::Pearson instead.
WWW: http://search.cpan.org/dist/Digest-Pearson-PurePerl
PR: ports/90770
Submitted by: Gabor Kovesdan
certificate elements. It is based on the generic ASN.1 module by Graham Barr,
on the x509decode example by Norbert Klasen and contributions on the
perl-ldap-dev-Mailinglist by Chriss Ridd.
WWW: http://search.cpan.org/dist/Crypt-X509
PR: ports/90716
Submitted by: Gabor Kovesdan
salted (or seeded) hashes of clear text data. The original formalization of
this concept comes from RFC-3112 and is extended by the use of different
digital agorithms.
WWW: http://search.cpan.org/dist/Crypt-SaltedHash
PR: ports/90698
Submitted by: Gabor Kovesdan
designed by Vincent Rijmen, Joan Daemen, Bart Preneel, Antoon
Bosselaers, and Erik De Win.
WWW: http://search.cpan.org/dist/Crypt-Shark
PR: ports/90699
Submitted by: Gabor Kovesdan
1760) implemented in Perl. It exports the function `key' by default, and
may optionally export the function `compute'.
`compute_md4', `compute_md5', `key_md4', and `key_md5' are provided as
convenience functions for selecting either MD4 or MD5 hashes. The
default is MD4; this may be changed with with the `$Crypt::SKey::HASH'
variable, assigning it the value of `MD4' or `MD5'. You can access any
of these functions by exporting them in the same manner as `compute' in
the above example.
Most S/Key systems use MD4 hashing, but a few (notably OPIE) use MD5.
WWW: http://search.cpan.org/dist/Crypt-SKey
PR: ports/90695
Submitted by: Gabor Kovesdan
designed by Lawrie Brown, Josef Pieprzyk, and Jennifer Seberry. The default
key length in this implementation is 128 bits. Loki97 was one of the 15
candidates for the AES.
WWW: http://search.cpan.org/dist/Crypt-Loki97
PR: ports/90694
Submitted by: Gabor Kovesdan
looking for a hash pointer in the caller program called $ptr2_License. The
hash contains the path to the License file and an optional 'private' key list
of modules which will decrypt only with the 'private' key. OR, a hash key of
'next' with no particular value that indicates to look to the next caller on
the stack for the License pointer. If the pointer is not present or the
License file is not found successfully, then no further action is taken. If the
License file is successfully opened, and the contents validated then the
attached encrypted module is loaded and the seconds remaining until License
expiration are returned or now() in the case of no expiration. Undef is
returned for an expired license (module fails to load).
WWW: http://search.cpan.org/dist/Crypt-License
PR: ports/90693
Submitted by: Gabor Kovesdan
Paulo S. L. M. Barreto, Khazad is a NESSIE finalist for legacy-level block
ciphers. Khazad has many similarities with Rijndael, and has an extremely
high rate of diffusion.
WWW: http://search.cpan.org/dist/Crypt-Khazad
PR: ports/90692
Submitted by: Gabor Kovesdan
used during World War II. The cipher calculations are based on actual Enigma
values and the resulting ciphered values are as would be expected from an
Enigma Machine.
The implementation allows for all of the Rotors and Reflectors available to the
real world Enigma to be used. A Steckerboard has also been implemented,
allowing letter substitutions to be made.
WWW: http://search.cpan.org/dist/Crypt-Enigma
PR: ports/90683
Submitted by: Gabor Kovesdan
chroot_safe, a tool to chroot any application in a sane
manner without requring binaries, shared libraries etc
within the chroot or any support from the application. Works
with any dynamically linked application.
WWW: http://sourceforge.net/projects/chrootsafe
PR: ports/90341
Submitted by: Gabor Kovesdan <gabor.kovesdan@t-hosting.hu>
symmetrical block cipher with a 256-bit key from the former Soviet
Union. Please read the Pod documentation contained in the module
itself for additional information, including the rationale behind
the writing of this module.
WWW: http://search.cpan.org/dist/Crypt-GOST_PP
PR: ports/90685
Submitted by: Gabor Kovesdan
key developed in the former Soviet Union. Some information on it
is available at http://vipul.net/gost/ .
This module implements GOST encryption. It supports the Crypt::CBC
interface, with the functions described below. It also provides
an interface that is backwards- compatible with Crypt::GOST 0.41,
but its use in new code is discouraged.
WWW: http://search.cpan.org/dist/Crypt-GOST
PR: ports/90684
Submitted by: Gabor Kovesdan
Encryption Algorithm (DEA) is a semi-strong encryption and
decryption algorithm.
The module is 100 % compatible to Crypt::DES but is implemented
entirely in Perl. That means that you do not need a C compiler
to build and install this extension.
WWW: http://search.cpan.org/dist/Crypt-DES_PP
PR: ports/90682
Submitted by: Gabor Kovesdan
The protocol was shown to be INSECURE. This module is therefore released for
purely academic curiosity.
WWW: http://search.cpan.org/dist/Crypt-Chimera
PR: ports/90681
Submitted by: Gabor Kovesdan
stream ciphers, invented by Martin Boesgaard, Mette Vesterager,
Thomas Pedersen, Jesper Christiansen, and Ove Scavenius of Cryptico A/S.
WWW: http://search.cpan.org/dist/Crypt-Rabbit
PR: ports/90615
Submitted by: Gabor Kovesdan
or you intend to send information through the Internet. Another reason might
be to assure users cannot modify their previously entered data in a follow-up
step of a long Web transaction where you don't want to deal with server-side
session data. The goal of Crypt::Lite was to have a pretty simple way to
encrypt and decrypt data without the need to install and compile huge
packages with lots of dependencies.
Crypt::Lite generates every time a different encrypted hash when you
re-encrypt the same data with the same secret string. Nevertheless you
are able to make double or tripple-encryption with any data to increase
the security. Decryption works also on hashes that have been encrypted
on a foreign host (try this with an unpatched IDEA installation ;-).
WWW: http://search.cpan.org/dist/Crypt-Lite
PR: ports/90614
Submitted by: Gabor Kovesdan
constructs a stream cipher from a block cipher or cryptographic hash funtion
and returns it as an object. Any block cipher in the Crypt:: class can be
used, as long as it supports the blocksize and keysize methods. Any hash
function in the Digest:: class can be used, as long as it supports
the add method.
WWW: http://search.cpan.org/dist/Crypt-Ctr
PR: ports/90613
Submitted by: Gabor Kovesdan
constructs a stream cipher from a block cipher or cryptographic hash funtion
and returns it as an object. Any block cipher in the Crypt:: class can be
used, as long as it supports the blocksize and keysize methods. Any hash
function in the Digest:: class can be used, as long as it supports the
add method.
WWW: http://search.cpan.org/dist/Crypt-CFB
PR: ports/90611
Submitted by: Gabor Kovesdan
blowfish and twofish algorithms in that it too has a table-based decoder.
Derivation from FairKeys code by Jon Lech Johanson at nanocrew.net.
If you don't know what that is, don't bother looking here further. This is
a Pure Perl implementation. I doubt there is any need for xs coding for
what would mainly be processing 16 bytes at a time. This code is part of an
ongoing effort to clone portions of the Apple iTMS in Perl for portability.
See www.hymn-project.org for prior efforts by others.
WWW: http://search.cpan.org/dist/Crypt-AppleTwoFish
PR: ports/90610
Submitted by: Gabor Kovesdan
presented in "Fast Hashing of Variable Length Text Strings" - ACM 1990. This
hashing technique yields good distribution of hashed results for variable
length input strings on the range 0-255, and thus, it is well suited for
data load balancing.
The implementation is in C, so it is fast. If you prefer a pure Perl version
and can tolerate slower speed, you might want to consider
Digest::Pearson::PurePerl instead.
WWW: http://search.cpan.org/dist/Digest-MD5-Pearson
PR: ports/90578
Submitted by: Gabor Kovesdan
one-way hash of data. Due to the nature of the formula used, it is impossible
to reverse it.
This module provides functions to search several online MD5 hashes database and
return the results (or return undefined if no match found).
WWW: http://search.cpan.org/dist/Digest-MD5-Reverse
PR: ports/90576
Submitted by: Gabor Kovesdan
developed by Bob Jenkins from within Perl programs. The algorithm takes as
input a message of arbitrary length and produces as output a 32-bit
"message digest" of the input in the form of an unsigned long integer.
See http://burtleburtle.net/bob/hash/doobs.html for more information.
WWW: http://search.cpan.org/dist/Digest-JHash
PR: ports/90564
Submitted by: Gabor Kovesdan
ElfHash generates resonably 32 bit integer value from a string in a
reasonably short period of time.
WWW: http://search.cpan.org/dist/Digest-Elf
PR: ports/90561
Submitted by: Gabor Kovesdan
Unlike HMAC, which reuses an existing one-way hash function, such as
MD5, SHA-1 or RIPEMD-160, EMAC reuses an existing block cipher to
produce a secure message authentication code (MAC).
WWW: http://search.cpan.org/dist/Digest-EMAC
PR: ports/90560
Submitted by: Gabor Kovesdan
Unlike HMAC, which reuses an existing one-way hash function, such as
MD5, SHA-1 or RIPEMD-160, EMAC reuses an existing block cipher to
produce a secure message authentication code (MAC).
WWW: http://search.cpan.org/dist/Digest-DMAC
PR: ports/90550
Submitted by: Gabor Kovesdan
32-bit unsigned value for any variable-length input string. An equivalent pure
Perl version is also available: Digest::DJB::PurePerl.
WWW: http://search.cpan.org/dist/Digest-DJB
PR: ports/90549
Submitted by: Gabor Kovesdan
functions with the correct parameters for CRC-CCITT, CRC-16 and CRC-32.
WWW: http://search.cpan.org/dist/Digest-CRC
PR: ports/90546
Submitted by: Gabor Kovesdan
in RFC 1950. The interface provided by this module is specified in Digest,
but no functional interface is provided.
WWW: http://search.cpan.org/dist/Digest-Adler32
PR: ports/90545
Submitted by: Gabor Kovesdan
Yuliang Zheng, Josef Pieprzyk, and Jennifer Seberry. The number of rounds can
be 3, 4, or 5, while the hash length can be 128, 160, 192, 224, or 256 bits.
Thus, there are a total of 15 different outputs. For better security, however,
this module implements the 5-round, 256-bit output.
WWW: http://search.cpan.org/dist/Digest-Haval256
PR: ports/90534
Submitted by: Gabor Kovesdan
This is a fake IKE daemon supporting just enough of the standards and Cisco
extensions to attack commonly found insecure Cisco PSK+XAUTH VPN setups.
If you know the pre-shared key, also known as shared secret or group password,
you can impersonate the VPN gateway in IKE phase 1, and learn XAUTH user
credentials in phase 2.
PR: 90372
Submitted by: Daniel Roethlisberger <daniel@roe.ch>
This port contains a script for generating portaudit reports
for jails running on a FreeBSD system.
Jailaudit runs in the Host-system and uses portaudit to
create reports for every jail currently running.
It can also be used to send specific report-mails to the
owner of a jail by running it as a cronjob.
/etc/crontab example:
0 4 * * * * root /usr/local/bin/jailaudit mail admin@foo.bar "foo.example.com bar.example.com"
Sends reports-mails of the jails with the hostnames
foo.example.com and bar.example.com to the mailaddr.
admin@example.com.
WWW: http://outpost.h3q.org/software/jailaudit/
PR: ports/87581
Submitted by: Philipp Wuensche <cryx-ports@h3q.com>
KlamAV - Clam Anti-Virus on the KDE Desktop
KlamAV is a KDE 3 front-end to Clam Anti-Virus. It includes
the following features:
- 'On Access' Scanning
- Manual Scanning
- Quarantine Management
- Downloading Updates
- Mail Scanning (KMail/Evolution)
PR: ports/84342
Submitted by: Anderson S. Ferreira <anderson@cnpm.embrapa.br>
