By Sean Boran (sean at boran.com) for SecurityPortal
Weekly Security Tools Digest Archive
http://securityportal.com/research/research.wst.html
To receive this digest via Email:
http://securityportal.com/subscribe.html
This is a summary of changes to free security tools over the last week.
Updates to favourite free tools this week include PGP tools, sftp, iXplorer, mod_ssl.
Auditing and Intrusion Monitoring tools include PIKT, chkrootkit, syslog-ng
Firewall tools include hap-linux, ferm.
General Cross Platform security tools include lsof, tightVNC, silc.
Tools for Windows include Sygate personal firewall.
PGP
- PGP Corporate Desktop Security Suite v7.1 beta
http://www.pgp.com/beta/corporate-desktop-security/cdss71.asp
U.S. readers only can try out this beta of the complete PGP suite for windows.
WinPT 0.2.0
http://www.winpt.org/
WinPT is a so called "Frontend" for the GnuPG. It supports all common commands for en- and decryption, key transport with the clipboard and of course to create and the verification of signatures.
SSH (Secure Shell)
- iXplorer v0.14
Lars Gunnarsson
http://www.i-tree.org
The software is a front end for the Windows SSH putty/pscp.
Bug Fixes:(Another Windows 9x bug) The problem when connecting to two different host is now solved. It only worked under Windows NT/2000 before.
Improvements:It is now possible to delete/rename and add folders in the tree view on the remote hosts. Changing permissions is still outstanding. The ability to perform these actions in the file list view is also not yet implemented.
- sftp 0.9.7
Brian Wellington
http://www.xbill.org/sftp/
This is a UNIX/Linux port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups. OpenSSH also features an independent implementation of the SSH2 protocol.
Changes: It fixes a few minor bugs and improves the help command. This is basically just a maintenance release. Now that OpenSSH supports the ssh2 sftp protocol, there's probably no reason to use this program anymore, unless you like it better. There probably won't be any new versions, for the same reason.
Jim Forester has updated the ports list, and placed it back online. Richard Howlett describes the procedures to configure the Windows port of Snort to monitor an IS A Server.
mod_ssl 2.8.3-1.3.19
http://www.modssl.org/Changes: Allow loadcacert.cgi script to work inside mod_perl. Fixed typo in the directive descriptions in mod_ssl.c. Fixed EAPI context usage in http_request.c: a context pointer potentially can be NULL requests and can cause a segfault if dereferenced. Fixed ENGINE support: the engine support is are now already loaded at configure time. Else mod_ssl fails to find them. Fixed typo in httpd.conf-dist.
John the ripper 1.6.24-de v (Password Cracker)
http://www.openwall.com/john/
PIKT (Problem Informant/Killer Tool) 1.13.0
Robert Fosterling
http://pikt.uchicago.edu/pikt/index.html
syslog-ng 1.5.6
Balabit IT
http://www.balabit.hu/en/products/syslog-ng/
Changes: added explicit chown/chmoding of files/directories for easier permission
management added the possibility to use sync() on TCP destinations. Syslog-ng
now outputs connection properties when a connection is broken added special
message parsing used by AIX (last message repeated & Message forwarded
from)
SAINT 3.2.3
World Wide Digital Security,
Inc.
http://www.wwdsi.com/saint
Saint is a security scanning tool based on Satan.
The new version is not
freely available, so we'll stop listing Saint changes here in the future.
chkrootkit 0.32
Angelica Informative
http://www.chkrootkit.org/
t0rn v8 detection; LPD Worm detection; kenny-rk detection; Adore LKM detection; (thanks to Patrick Duane Dunston). Solaris bug fixes. (thanks to Steve Campbell)
Mytop 0.7
Jeremy D. Zawodny
http://freshmeat.net/projects/mytop/
mytop is a Perl program which allows you to monitor MySQL servers by viewing active threads, queries and overall server performance numbers.
psad 0.8.8
http://www.cipherdyne.com/psad
Port Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans.
Changes: Whois lookups against scanning IPs were added. An uninstall option was added to install.pl. A bug in the 'stop' routine in psad-init was fixed. A bug in the syslog restart system call in install.pl was fixed.
StMichael_LKM 0.01
Tim Lawless
http://www.sourceforge.net/projects/stjude
StMichael is a LKM that attempts to detect and divert attempts to install a kernel-module backdoor into a running linux system. This is done by monitoring the init_module and delete_module process for changes in the system call table. This is a experimental version, and a spin off from the Saint Jude Project.
prelude 0.3
http://www.linux-mandrake.com/prelude
Prelude is a Network Intrusion Detection system which captures packets
and performs data analysis and reporting. Important and current features
of Prelude include an IP defragmentation stack and detection plugins with
persistent state.
Changes: Now includes on-demand SSL authentication
and encryption between Prelude client and the Report server, an HTML reporting
plugin, support for PPPOE layer, avoids duplicate operations between report
plugins, and report server support for long options. The backup interface
has been improved.
mimedefang 1.1
David F. Skoll
www.roaringpenguin.com/mimedefang
MIME Defanger is a flexible MIME e-mail scanner designed to protect Windows
clients from viruses and other harmful executables. It works with Sendmail
8.10 / 8.11 and will alter or delete various parts of a MIME message according
to a flexible configuration file.
Changes: Better error checking and
logging, the ability to add new headers to an e-mail message, and support
for ORBS- and MAPS-style real-time open-relay blacklists.
fireparse v2.4
http://aaron.marasco.com/linux.html
"fireparse" is a perl script that is executed daily that reports on all packets that have been logged by the kernel's ipchains and iptables packet filtering subsystems.
hap-linux 2.2.19-3
www.doutlets.com/downloadables/hap.phtml
HAP-Linux is a collection of security related patches which are designed to be applied after Solar Designers Openwall patches are installed.
Changes include some extra information in the printks, and the ability to allow hard links to files you don't own which are in your group, and the ability to follow links & pipes in +t directories if they are not world-writable. This is useful for getting various daemons to run chrooted as a non-root user, and some secure drop- directory stuff. Changes: A fix for a compile bug on non-x86 platforms, and a fix for weakening hardlink restrictions when CONFIG_SECURE_NOTSOMUCH is enabled.
ferm 1.0pl3 (Stable)
sofar
http://freshmeat.net/projects/ferm/
ferm is a tool to maintain and setup complicated firewall rules. It allows
one to reduce the tedious task of carefully inserting rules and chains,
thus enabling the firewall administrator to spend more time on developing
good rules, and less time on the proper implementation of those rules. These
rules will be executed by the preferred kernel interface, such as ipchains
and iptables, and in one pass. Firewall rules can also be split into different
files and loaded at will.
Changes: A general bug with deny target has
been fixed.
Firewall Builder v0.9
Vadim Kurland
http://freshmeat.net/projects/fwbuilder/
Firewall Builder consists of a GUI and set of policy compilers for various firewall platforms. It helps users maintain a database of objects and allows policy editing using simple drag-and-drop operations. The GUI and policy compilers are completely independent, and support for a new firewall platform can be added to the GUI without any changes to the program (only a new policy compiler is needed). This provides for a consistent abstract model and the same GUI for different firewall platforms. It currently supports iptables and ipfilter
grsecurity 1.1
spender
http://freshmeat.net/projects/grsecurity/
grsecurity is a set of security patches based on code from hap-linux and openwall which have been ported to the 2.4 kernel. It features a non-executable stack, /proc restrictions, chroot restrictions, linking and fifo restrictions, exec and set*id logging, secure file descriptors, stealth networking enhancements, signal logging, failed fork logging, time change logging, and others.
Lsof 4.56W
Vic Abell
ftp://vic.cc.purdue.edu/pub/tools/unix/lsof
is an extremely powerful unix diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system. It easily pinpoints which process is using each network connection / open port.
Changes: Fixes memory usage errors, adds support for FreeBSD 4.3 and 5.0, nonstop clusters, and CFS. Also includes fixes for Solaris and Linux.
SILC 0.2.3
Pekka Riikonen
http://silc.pspt.fi
SILC (Secure Internet Live Conferencing) is a protocol which provides secure conferencing services in the Internet over insecure channels. SILC superficially resembles IRC, although they are very different internally. The purpose of SILC is to provide secure conferencing services. Strong cryptographic methods are used to secure all traffic.
TightVNC 1.1p9
Nadir
http://freshmeat.net/projects/tightvnc/
http://www.tightvnc.com/
TightVNC optimizes VNC for operation on slow links. It implements a new encoding algorithm (tight encoding), which is adapted for low-bandwidth networks, and includes additional minor features such as SSH tunneling support in the Unix vncviewer.
pdfcrypt 1.1
SANFACE Software
http://freshmeat.net/projects/pdfcrypt/
pdfcrypt allows you to set permissions on a PDF file. For example, you can publish a document without permitting users to print it. The button to print the file will be disabled in the Acrobat Reader application. It can be used as a batch application to set permissions on a large group of PDF files, or as a filter in a Unix pipeline, or within a CGI application. Only binary executables are distributed, but the original Perl source code may be requested.
Keytime
Forix
http://www.forixnt.com/keytime.zip
Keytime is a new ForixNT utility that allows an NT admin to retrieve the LastWrite time from a Registry key. This is a useful functionality, particular when performing configuration checks of systems, or when responding to an incident. Keytime takes a Registry key as an argument, and returns the LastWrite time in readable format. This version of keytime is demo of functionality that will be added to the new version of ForixNT to be released in June, '01.
Sygate Personal Firewall v4 Build 670
http://www.sygate.com/free/spf_download.htm
Great little tool! See also out analysis of Personal Firewalls on http://www.securityportal.com/articles/pf_main20001023.html
Stealth HTTP Security Scanner 1.0 b22
Felipe Moniz
http://www.hideaway.net/Server_Security/Software/Auditing/auditing.html
Description: This tool is designed especially for the system administrators,
security consultants and IT professionals to check the possible security holes
and to confirm any present security vulnerabilities that hackers can exploit.
Totally free for commercial and non-commercial use. Stealth 1.0 includes the
following features:- Designed to evade intrusion detection.- Scanner can work
via proxy, Different Anti-IDS tactics Can test webserver Denial-of-Service,
Support virtual host scan, Enables administrators to create tests for their
specific security needs, Stealth correctly processes the custom made "success"
pages and "not found" errors, reducing the number of false positives.
Comment:
No sources are provided, which makes it hard to check for trojans....
Note: tools announced on forums are not necessarily updates or new or free, it's just that someone posted an announcement. We try out best to only notify you only of new or updated free tools.
© Copyright 2001, SecurityPortal Inc. & Sean Boran, All Rights Reserved, Last Update: 10 May, 2001 |