|
COPS - a UNIX system checker put out by Dan Farmer, and ncarp (New COPS Analysis and Report Program), by Diego Zamboni, which analyzes and reports on multiple COPS result files created with the -v flag. tiger scripts - system checker put out by Texas A&M University (the next generation of COPS). tripwire - binary signature database that uses md5 hashes and removable media. L5 is a program that walks down the filesystem, much like "ls -R" or "find" would, generating listings of anything it finds there. It tells you everything it can about a file's status, and adds on an MD5 hash of it. Its output is rather "numeric," but it is a very simple format and is designed to be post-treated by scripts that call L5. merlin is a tool for managing and enhancing existing security tools. It can provide a graphical front-end to many popular tools, such as SPI-NET, Tiger, COPS, Crack, and Tripwire. raudit is a Perl script which audits each user's .rhosts file and reports on various findings, including invalid entries, the total number of rhosts entries, the total number of non-operations entries (entries for which the hosts is listed in the /etc/hosts.equiv file), and the total number of remote entries. binaudit, the RIACS Intelligent Audit and Control System is a network-oriented file system auditing tool. It allows you to generate master checklists and compare the state of the file system to the state captured in this list; changes (additions, deletions, modifications) are reported. crack and cracklib - brute force password cracker and password library John the Ripper by Solar Designer - a UNIX password cracker, currently available for UNIX, DOS, WinNT/Win95. Out of the box, John supports (and autodetects) the following ciphertext formats: standard and double-length DES-based, BSDI's extended DES-based, FreeBSD's (and not only) MD5-based, and OpenBSD's Blowfish-based with optimized routines for all of them. |
MONKEY is a program that works similarly in nature to Alec Muffet's crack, but for s/key passwords. In essence it takes the md4 value in either HEX or English words and compares it to a dictionary. Once the secret password is known, one time password schemes based off of it are useless as the appropriate response can be generated based upon the current challenge. chkacct - checks the settings and security of the current user's account. It then prints explanatory messages to the user about how to fix the problems. chkwtmp and chklastlog check the wtmp and lastlog files for inconsistencies and entries that were overwritten with zeros. tklogger is a useful tool for watching logs created by syslog (or other logging mechanism). No special files or interface to syslog are needed because it works on plain text files and watches for updates to the files specified.The type events watched is user configurable and based either upon file type, pattern matching, or a mixture of the two. nfsbug tests hosts for well known NFS problems/bugs. Among these tests are: find world wide exportable file systems, determine whether the export list really works, determine whether one can mount file systems through the portmapper, try to guess file handles, excercise the mknod bug, and the uid masking bug. nfswatch lets you monitor NFS requests to any given machine, or the entire local network. It mostly monitors NFS client traffic (NFS requests); it also monitors the NFS reply traffic from a server in order to measure the response time. nfstrace and rpcspy derives approximate traces of NFS activity by non-intrusively monitoring the Ethernet traffic to and from the file server. The toolkit uses a promiscuous Ethernet listener interface (such as the Packetfilter) to read and reconstruct NFS-related RPC packets intended for the server. It produces traces of the NFS activity as well as a plausible set of corresponding client system calls. trojan.pl s a trojan horse checking program. It examines your searchpath and looks at all of the executables in your searchpath, looking for users who can create a trojan horse on your system. |