|
anlpasswd - a perl based drop in replacement for passwd that incorporates an on the fly rule checker for new passwds passwd+ - another drop in replacement for passwd npasswd - drop in replacement for passwd that includes aging and NIS support yapasswd - another replacemnet passwd program for sunos and solaris shadow - a replacement for login and passwd that uses shadowed passwd and group files sudo - allow unprivileged users to execute privileged commands based on an access control file op isa tool designed to allow customizable super user access; you can do everthing from emulating giving a super user shell for nothing to only allowing one or two users access via login names, or special passwords that are neither root, nor their own. Plus, as an added bonus, for those commands that you would like users to be able to use, but need to place restrictions on the arguments, you can configure that as well. runas allows an administrator to run a process as any user on a Unix operating system, including the super-user in a non-interactive manner without having to login as that user . Additionally, it provides a secure way for allowing normally unpriviledged users to execute selected programs as a super-user (or any other user on the system) in a secure manner. osh (operator shell) is a setuid root, security enhanced, restricted shell. It allows the administrator to carefully limit the access of special commands and files to the users whose duties require their use, while at the same time automatically maintaining audit records. SFW (simple file wrapper) is a simple and secure UNIX command wrapper, enabling systems administrators to delegate routine functions without distributing root authority to a large group of people. spar - show process accounting records (much faster and more flexible than lastcomm) swatch - a log file watcher and filter program chrootuid - runs network services as a low privileged UID and with a chrooted directory surrogate - replacement syslog library securelib - shared library drop in for SunOS 4.x replacing accept, recvfrom, and recvmsg kernel calls. sra - secure RPC authentication for telnet and ftp from Texas A & M. |
dig (domain information groper) is a flexible command line tool which can be used to gather information from the Domain Name System servers. Dig has two modes: simple interactive mode, which makes a single query, and batch, which executes a query for each in a list of several query lines. All query options are accessible from the command line. dnswalk is a DNS database debugger that works by initiating a zone transfer of a current zone, inspecting individual records for inconsistencies with other data, and generating warnings and errors. It is not a parser of DNS datafiles, it works strictly via existing DNS query methods on a "live" system. ppgen generates passphrases using strings of words, long enough to have an arbitrary level of entropy. It can use any dictionary and the best available source of randomness, including PGP's cryptographic RNG if you have version 2.6.2. It is written in portable C, and it is fairly fast. pwdiff takes multiple password files and compares them in an intelligent way so that passwd files may be merged into one large site-wide passwd file. For instance, it will report on different names with the same uid, but let pass the same name with the same uid. watcher is a system monitoring program which watches the system and reports when outputs from specific commands exceed expected bounds. The program reads commands from a control file to determine which system elements to watch. sfingerd s a secure replacement for the standard unix finger daemon. The goal is to have the smallest and safest code. showid is a tool for examining the effective and actual user id and group id of a program once it is executing. smrsh is a restricted shell utility that provides the ability to specify, through a configuration, an explicit list of executable programs. When used in conjunction with sendmail, smrsh effectively limits sendmail's scope of program execution to only those programs specified in smrsh's configuration. ttywatcher allows the user to monitor every tty on the system, as well as interact with them. Aside from monitoring and controlling TTYs, individual connections can be logged to either a raw logfile for later playback or to a text file. procmail can be used with sendmail as a /bin/mail replacement, resulting in more security and the ability to do filtering on the fly without the use of a .forward file. mail.local is distributed as part of the sendmail contrib directory (but not maintained by sendmail) and can be used as a more secure drop in replacement of /bin/mail. |