By Pascal Etienne (pascal.etienne at boran.com) for SecurityPortal
Weekly Security Tools Digest Archive
http://securityportal.com/research/research.wst.html
To receive this digest via Email:
http://securityportal.com/subscribe.html
This is a summary of changes to free security tools over the last week.
Updates to General free tools this week include OpenSSH SRP, Stunnel patches and PinePGP.
Auditing and Intrusion Monitoring tools include Snort-Stat.pl, SnortPHP, SARA, NetSaint, PIKT, gPIKT, Syslog-ng, ICU, FireStorm NIDS and Tamandua NIDS.
Firewalls for UNIX/Linux/BSD & Cross-platform include Securepoint Firewall Server SB, GuardDog and rTables.
Tools for Linux/Unix/Cross Platform include Bastille Linux, OpenCL, SILC, BeeCrypt, BeeCrypt for Java, Kaladix Linux and DansGuardian.
Tools for Windows include Eraser, Qfecheck, Qchain, DUN and Mailscanner for Postfix.
SSH
OpenSSH SRP patch 2.9p1-srp8 - Dr. Tom
http://members.tripod.com/professor_tom/archivesThis patch adds Secure Remote Password (SRP) support to OpenSSH. The Stanford SRP distribution is not required, although this is compatible with that (it will use your existing SRP configuration files, if they exist).
Changes: a lot of changes in this new version. Refer to the changelog file for more information.
SSL
Stunnel 3.14 - Michal Trojnara
http://www.stunnel.orgThe Stunnel program is designed to work as an SSL encryption wrapper between remote client and local (inetd-startable) or remote server. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs' code. It will negotiate an SSL connection using the OpenSSL or SSLeay libraries. It calls the underlying crypto libraries, so Stunnel supports whatever cryptographic algorithms you compiled into your crypto package. Runs on Windows and UNIX.
Changes: 5 new patches for Stunnel 3.14: libwrap_bri.patch allows the use of --with-libwrap and --without-libwrap at compile time, delay-lookup.baccala.patch delays DNS lookups until connect time (run-time option), delay-lookup.michaelb.patch delays DNS lookups until connect time (run-time option), bandwidth-limiting_dj.patch enables bandwidth-limiting options to Stunnel and smtp_martin.patch modifies STARTTLS negotiation.
PGP
PinePGP 0.15.4-1 - Peter Hanecak
http://www.megaloman.com/~hany/software/pinepgpPinePGP provides PGP and GnuPG filters for pine. PGP versions 2.6.x, 5.x, and 6.5.x are supported.
Changes: makefile.in: reworked install process so only required items are installed; thus no errors will be produced when installing filters which were not required. pinegpgp.in: removed "recode" sed command - looks like it is not necessary anymore. Makefile.in: fixed missing exec_prefix. README: additions to 'TODO' section regarding S/MIME x.509.
Snort 1.7 - Martin Roesch
http://www.snort.orgSnort-Stat.pl 1.15.2.1 - Yen-Ming Chen
http://www.snort.org/snort-files.htmSnort-Stat.pl is a Perl script that provides a statistical analysis of syslog alerts produced by Snort.
Note: first time in the Tools Digest.
SnortPHP 1.0 - Jason Robertson
http://www.snort.org/snort-files.htmSnortPHP is a PHP4 Script to display Snort Data in a more organized form, from a PostgreSQL database.
Note: first time in the Tools Digest.
SARA 3.4.3 - Advanced Research Corporation
http://www-arc.com/saraSecurity Auditor's Research Assistant (SARA) is a security analysis tool based on Satan. Checks for common old holes, backdoors, trust relationships, default CGI, common logins, open shares, and much more.
Changes: fixed problem RED/YELLOW repeats for Vulnerable Web Server, downgraded cim.sara color to yellow due to difficulty in assessing all components, added tests for: iPlanet 4.1 buffer overflow vulnerability, Oracle Application Server buffer overflow, PDG_Cart exploits, remote root backdoors, Cheese backdoor, rpc.yppasswdd backdoors and vulnerability, ftp anonymous directory traversal and Mailman Web exploit. Upgraded pop3 test for additional vulnerable QPOP servers.
NetSaint Network Monitor 0.0.7 beta5 - Ethan Galstad
http://www.netsaint.orgNetSaint is a program that will monitor hosts and services on your network. It has the ability to email or page you when a problem arises and when it gets resolved. NetSaint is written in C and is designed to run under Linux, although it should work under most other Unix variants. It can run either as a normal process or as a daemon, intermittently running checks on various services that you specify. The actual service checks are performed by external "plugins" which return service information to NetSaint. Several CGI programs are included with NetSaint in order to allow you to view the current service status, history, etc. via a web browser.
Changes: beta 5 of the 0.0.7 release is now available. It fixes a segmentation fault in outages CGI, a bug in monthly log rotation time calculation in CGIs, a display bug in availability CGI that affected state percentages for hosts in the hostgroup display mode and a bug in PostgreSQL code for comment and retention data. This version also fixes miscellaneous minor bugs.
PIKT - Problem Informant/Killer Tool 1.13.1 - Devel: 1.14.0pre3 - Robert Osterlund
http://pikt.uchicago.edu/piktPIKT is a cross-platform (AIX, FreeBSD, HP-UX, IRIX, Linux, Solaris, SunOS), multi-functional toolkit for monitoring systems, reporting and fixing problems, and managing system configurations. It consists of an embedded scripting language with unique, labor-saving features, a script and system config file preprocessor, a scheduler, an installer, and other tools.
Changes: release of the third pre-release (beta) of the 1.14.0 series: added the 'pikt +C <cmd>' option, added the #exec and #piktexec (also #pexec) preprocessor directives, fixed it so that doing a '#include "/dev/null" [<proc>]' won't clobber /dev/null, added the 'piktc -E' option for doing a dump of all PIKT config elements and fixed some security flaws in master-slave network communications.
gPIKT 0.9 - Michel Blanc
http://gpikt.sourceforge.netgPIKT is a PIKT graphical user interface. It is written using Perl/GTK. As of now, no other external modules are required. It's basic philosophy is to present the user a tree of systems and their elements. All of them can be dragged to "publish list", and the list can then be published with a simple click. Each system and element have a context menu, where almost all command line piktc options are implemented. gPIKT actually has the following features: add to publish list (adds the current element(s) to the publish list), install, delete, diff, check, double check, alert daemon/restart, alert daemon/kill, service daemon/restart and service daemon/kill.
Note: first time in the Tools Digest.
Syslog-ng 1.4.11 - Devel: 1.5.7 - Balazs Scheidler
http://www.balabit.hu/en/products/syslog-ngSyslog-ng is a syslogd replacement, but with new functionality for the new generation. The original syslogd allows messages only to be sorted based on priority/facility pair, Syslog-ng adds the possibility to filter based on message contents using regular expressions. The new configuration scheme is intuitive and powerful. Syslog-ng includes filtering using regular expressions, logging forwarding and hash protected logging (planned in version 1.5). It is multi-platform and requires libol-0.2.17.
Changes: fixed various problems, including: typos in the new chroot code when resolving usernames/groups, fixed portability problems in nscache.c and fixed filter() name resolving.
Integrity checking utility 0.5 (Devel) - Andreas Östling
http://nitzer.dhs.org/ICU/ICU.htmlICU (Integrity Checking Utility) is a Perl program used for executing AIDE filesystem integrity checks on remote hosts from an ICU server and sending reports via email. This is done with help from SSH.
Changes: configuration file parser code now moved to external module. Timestamp format in ICU's logs changed to be same as in syslog, also in the filenames of the databases etc. Removed a couple of obsolete OpenSSH options from ICU.conf. If database or config had changed on the remote host, it will also have ...-MD5-mismatch-... in the filename when saved on the ICU server, just as the binary would. Usage of File::Copy instead of /bin/cp. Recent version of OpenSSH is now required on the server. DSA key support for use with SSH protocol version 2 (OpenSSH only, both on ICU clients and server). Added option "key_options" to ICU.conf containing additional options for the public keys. Option "abort_if_root" is removed - ICU always quits if started as root. Minor modifications in all default AIDE configurations. Option to compress the tarball when adding a new client. Sanity check is now also run before generating the keys. You can now use your own variables in ICU.conf (see ICU.conf for more info). Many bug fixes and minor enhancements. Documentation updates.
Firestorm NIDS 0.1.4 - Scaramanga
http://www.scaramanga.co.uk/firestormFirestorm will be a fully featured network intrusion detection system. It aims to support lots of open standards. At the moment it is just a sensor, but plans are to support central correlation databases and an analyst console. Firestorm should compile on any POSIX-like OS. So far only Linux is tested. Current features are: fully pluggable, capture from libpcap files, Snort rule support, almost as many matchers as Snort, support for IP, Ethernet and other common protocols, string match, TTL, and IP ID matchers.
Changes: lots of compile fixes, FreeBSD, and SunOS/Solaris now supported, removed dependency on libpcap, configure has --with-libpcap-includes option, TCP flags, urgent pointer, window size, seq and ack matchers, DSIZE matcher, matches total packet data size, favor BSD style tcphdr struct, targets can let packets continue, ICMP SEQ/ID matchers, IP ID match bug fix and alert slightly more verbose. Plugin dirs, capture devices, etc.. can all be configured from config file. Can now drop root privileges (not tested). Sensor can run chrooted (not tested). Libpcap live capture plugin. Plugin configuration via global variables. Snort parser bug fix. Snort parser understands variables and Snort strings allow embedding binary data.
Tamandua Network Intrusion Detection 1.0 - Tamandua Laboratories
http://tamandua.axur.orgTamandua NIDS has the following features: distributed sensors, centralized console, multi-layered signatures, session-based network analysis, multi-threaded packet capture, de-fragmented packets analysis, human readable signatures, packet save session database, convert your personal snort signs, easy-to-install and easy-to-use. Tamandua NIDS runs under AIX, BSDI, Digital UNIX/Alpha, FreeBSD, HP-UX, IRIX, Linux, NetBSD, OpenBSD, POSIX, Solaris, SunOS, UNIX and UnixWare.
Note: first time in the Tools Digest.
Securepoint Firewall Server SB 1.166 - Lutz Hausmann
http://www.securepoint.ccThe Securepoint Firewall Server is a high-performance, commercial-grade application designed to offer full protection for network assets. The Securepoint is a complete software system with an operation system, based on a secure Linux. You can use the firewall on a standard PC with two or three network cards, and is easy to install and administer.
Changes: update of the server: the Securepoint Firewall Server and Securepoint RC1 are now compatible with email virus scanner from TrendMicro and AntiVir.
GuardDog 1.0.0 - Devel: 1.9.2 - Simon Edwards
http://www.simonzone.com/software/guarddogGuardDog is a user friendly firewall generation/management utility for KDE on Linux. It allows you simply specify which protocols should be allowed and requires no knowledge of port numbers. It is intended for client machines and currently does not support router/gateway configurations. Generates scripts for IPchains. Sane defaults for new firewalls, RPM packages for Redhat and Mandrake, and display glitch fixes.
Changes: development version 1.9.2 released. Kernel 2.4 NetFilter/IPtables is now supported along side older IPchains. The IPtables support includes the new stateful connection tracking features and also advanced logging with rate limiting and also warning messages when rate limiting is being applied. Also the zones now accept domain names as addresses and not just IP addresses. An RPM for Mandrake 8 is now in the download section. The RPM will only work on Mandrake 8.
rTables Linux Firewall 1.06.13.0 (Devel) - Rebby
http://rtables.rebby.comrTables is a detailed, custom, IPtables firewall for Linux 2.4.x, easily implemented on boxes with one to three network interfaces. It is currently set up to handle a single external LAN, single internal LAN, and a single internal DMZ with support for multiple LANs/DMZs to follow.
Changes: added code to flush the NAT table and changed the source directory structure.
Bastille Linux 1.2.0 - Jay Beale
http://www.bastille-linux.orgThe Bastille Hardening System attempts to "harden" or "tighten" the Linux operating system. It currently supports Red Hat and Mandrake systems. We attempt to provide the most secure, yet usable, system possible.
Changes: release of Bastille Linux version 1.2.0. This new version is much more stable than any previous and it also offers the following features: support for Red Hat 7 and Mandrake 8, new Graphic User Interface and much enhanced intelligence.
OpenCL 0.7.3 - Jack Lloyd
http://opencl.sourceforge.netOpenCL is a C++ cryptographic class library which aims for high portability and ease of use. It currently includes a wide selection of block and stream ciphers, hash functions, MACs, various utility functions and classes, and a high level filter interface.
Changes: fix build problems on Solaris/SPARC, fix build problems with Perl versions < 5.6, fixed some stupid code that broke on a few compilers, added string handling functions to Pipe and MISTY1 optimizations.
SILC 0.3 (Client and Toolkit) - 0.3.2 (Server) - Pekka Riikonen
http://silc.pspt.fiSILC (Secure Internet Live Conferencing) is a protocol which provides secure conferencing services in the Internet over insecure channels. SILC superficially resembles IRC, although they are very different internally. The purpose of SILC is to provide secure conferencing services. Strong cryptographic methods are used to secure all traffic.
Changes: new version 0.3 of SILC client and SILC toolkit, new version of SILC server 0.3.2. A lot of changes since the previous version. Please refer to http://silc.pspt.fi/changes.txt for more details.
BeeCrypt 2.1.0 - Bob Deblier
http://beecrypt.virtualunlimited.comBeeCrypt is an ongoing project to provide strong and fast cryptography in the form of a toolkit usable by commercial and open source projects. Included in the library are entropy sources, random generators, block ciphers, hash functions, message authentication codes, multiprecision integer routines, and public key primitives. This is a different project from BUGS/bcrypt at http://www.bcrypt.com.
Changes: added support for automake, autoheader and libtool, which should make compiling the library even easier. Changed DHAES API to conform to IEEE P.1363 submission and to allow for uneven key splitting. Improved PKCS#5 padding routines. Added a hash reset to the hashFunctionContextInit function. Fixed problem with configuring on i486-pc-linux-gnu. Fixed problem in the C version of mp32sub where carry would sometimes be missed. Revised entropy gathering system to do timeouts and asynchronous I/O where possible, to avoid hangs in case there's no noise on the audio device (i.e. digital silence), or when no data is available on /dev/random. Changed mp32opt i386 assembler routines for slight performance improvement. Changed mp32opt sparcv9 assembler multiplication routines for slight performance improvement. Added sparcv8 assembler routines for multi-precision multiplication. Added arm assembler routines for multi-precision multiplication. Added prototype 64-bit ia64 assembler routines for multi-precision integer operations.
BeeCrypt for Java 2.0 - Bob Deblier
http://beecrypt.virtualunlimited.comBeeCrypt for Java is an open source Java JCE 1.2-compatible Cryptographic Service Provider based on the standard BeeCrypt Cryptography library, which is written in C and assembler. The package contains two providers: one written in pure Java, and the second (optional) provider links with BeeCrypt's optimized native code.
Note: first time in the Tools Digest.
Kaladix Linux pre 0.2 - Kaladis
http://www.maganation.com/~kaladixKaladix Linux is designed to be a hyper-secure Linux distribution. It comes shipped with Mandatory Access Control and Access Control Lists (RSBAC), extensive logging facilities (Syslog-NG), protection against format string vulnerabilities, buffer overflows, and /tmp race condition vulnerabilities (Openwall, Formatguard, Libsafe 2). Nearly all daemons are chrooted by default, cryptography support is integrated, encryption of partitions is supported, strong firewall and intrusion detection systems are included, both the stack and the heap are non-executable, and very tight permissions are set by default.
Note: first time in the Tools Digest.
DansGuardian 1.1.0 - Daniel Barron
http://dansguardian.orgDansGuardian is a filtering proxy that uses Squid to do all the fetching. It filters using four methods: First, it checks the actual content of the pages against a configurable denied phrase list. This list contains profanities and phrases often associated with pornography and other undesirable content. Second, it implements PICS filtering. Third, it checks the MIME type of the requested file and checks this against a configurable denied MIME type list. Fourth, it checks the file extension of the requested file against a configurable denied file extension list. The filtering has a configurable URL exception list. It does not implement a URL check against a list of sites like squidGuard; it checks the actual content of the pages.
Changes: this version comes with improved logging and is easier to install due to not requiring a separate String library.
Eraser 5.1 - Sami Tolvanen
http://www.tolvanen.com/eraserEraser is an advanced security tool for Windows, which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns. It runs under Windows 95, 98, ME, NT 4.0 and 2000.
Changes: no information about the changes.
Qfecheck - Microsoft Corporation
http://support.microsoft.com/support/kb/articles/Q282/7/84.ASPQfecheck is a tool which inspects a system to ensure that hotfixes are installed correctly on Win2K systems. Hotfix information is stored in the registry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates. Qfecheck reads information from that key and compares the information to files on the system to ensure those files are the proper versions. Qfecheck also ensures that the Windows File Protection (WFP) subsystem has the information it needs to protect those files from tampering.
Note: first time in the Tools Digest.
Qchain - Microsoft Corporation
http://www.microsoft.com/technet/support/kb.asp?ID=296861Qchain lets you install multiple hotfixes without having to reboot after each one. Qchain runs on Windows 2000 and Windows NT. To use Qchain, you first install each required hotfix (in proper sequence) with the -z command-line switch, which tells the installation program not to reboot the OS after installing the fix. Then run Qchain, which, according to article Q296861, cleans the Pending File Rename Operations key in the registry to make sure that only the latest version of a file is installed after the computer is rebooted.
Note: first time in the Tools Digest.
DUN 1.4 - Microsoft Corporation
http://support.microsoft.com/support/kb/articles/Q285/1/89.ASPThe DUN upgrade offers Windows 9x users support for 128-bit encryption with PPTP and also improves the stability of PPTP connections. The DUN 1.4 release includes all of the features of all previous DUN releases, as well as those that are included in the Integrated Services Digital Network (ISDN) version 1.1 release. In addition, DUN 1.4 has multilink support and support for internal ISDN adapters and connection-time scripting, which helps automate nonstandard connections.
Note: first time in the Tools Digest.
Mailscanner for Postfix 0.0.4 - Devel: 0.0.5 - Peter Turczak
http://www.securityfocus.com/tools/2069This program is invoked from the .forward file of a user and scans the incoming mails for .vbs .exe .com .bat, and similar attachments. If a message is clean, it is inserted into the users qmail-style Maildir. Otherwise, it is bounced. Mailscanner for Postfix runs under Windows 95/98 and Windows NT.
Changes: minor feature enhancements.
Note: tools announced on forums are not necessarily updates or new or free, it's just that someone posted an announcement. We try out best to only notify you only of new or updated free tools.
© Copyright 2001, SecurityPortal Inc. & Pascal Etienne, All Rights Reserved, Last Update: 14 juin, 2001 |