strength. To achieve this noble aim it uses the well known cracklib toolkit,
hence the name.
PR: ports/83603
Submitted by: Vsevolod Stakhov <vsevolod@highsecure.ru>
through a database, which provides a much more flexible PKI than with OpenSSL,
such as seeking a certificate with a search engine.
CA implementation.
PR: ports/83387
Submitted by: Vsevolod Stakhov <vsevolod@highsecure.ru>
through a database, which provides a much more flexible PKI than with OpenSSL,
such as seeking a certificate with a search engine.
GUI client that uses wxWidgets.
PR: ports/83386
Submitted by: Vsevolod Stakhov <vsevolod@highsecure.ru>
through a database, which provides a much more flexible PKI than with OpenSSL,
such as seeking a certificate with a search engine.
PR: ports/83385
Submitted by: Vsevolod Stakhov <vsevolod@highsecure.ru>
It all started with a reader driver library to provide a framework for people
writing drivers for smart card readers. The idea was to provide all the usual
stuff (T=0, T=1, serial vs. USB device handling, etc) in a single place, and
reduce driver writing to interaction with the device itself.
OpenCT provides a native OpenCT, CT-API and PC/SC Lite IFD interface with an
OpenCT ifdhandler resource manager.
PR: ports/82990
Submitted by: Janos Mohacsi <janos.mohacsi@bsd.hu>
This is a tool that uses ARP poisoning to have a scenario
like this: we have a LAN and we want offer connectivity to every-
one coming here with his laptop for example. It could happen that
our customer has his network parameters already configured to
work correctly in his own LAN, but not working here. We can have
then this scenario:
Customer's host (10.0.0.2/8 and default gateway set to 10.0.0.1)
Our LAN (192.168.0.0/24 with real gateway 192.168.0.254).
All that we want is that our customer plugs his laptop and joins
the internet without changing nothing of his network parameters.
Here comes this tool installed in my real gw(192.168.0.254) It's
a sort of sniffer, because it sniffs broadcast ARP requests for
the gateway and answers that the gateway is itself In our example
our customer's laptop sends this request: arp who-has 10.0.0.1
tell 10.0.0.2 Now our gateway does the following: 1) Sends back
this reply to 10.0.0.2: arp reply 10.0.0.1 is-at his_mac_address
2)Create the alias 10.0.0.254 (ARP is not routable so we need one
alias for each subnet that is not our one) 3)Sends itself an ARP
reply to refresh his ARP cache
It is different from proxy arp for two reasons: first it runs in
user space, then in this case we can plug machines belonging to
whatever subnet, while proxy arp is used in the case of only two
different ones.
PR: ports/79676
Submitted by: Luigi Pizzirani <sviat@opengeeks.it>
Sancp is a network security tool designed to collect
statistical information regarding network traffic, as
well as, collect the traffic itself in pcap format, all
for the purpose of: auditing, historical analysis, and
network activity discovery.
PR: ports/77426
Submitted by: Paul Schmehl
Approved by: nectar (mentor)
login attemtps and cooperates with pf firewall. When given IP gains
specific number of fails, bruteforceblocker adds this IP to the pf's
table. This is useful for people who are getting large number of
these attempts.
PR: ports/80211
Submitted by: Daniel Gerzo <danger@rulez.sk>
installed setuid root and executable by members of a particular group. It is
intended to be used in situations where an unprivileged user is being granted
full root access, but wants the convenience of a sudo-style log.
PR: ports/80752
Submitted by: Zak Johnson <zakj@nox.cx>
OpenSCEP is an open source implementation of the SCEP protocol used by Cisco
routers for certificate enrollment to build VPNs. It implements most of the
draft specification.
OpenSCEP includes a client and a server implementation, as well as some CGI
programs to simplify certificate and revocation list management.
WWW: http://openscep.othello.ch/
PR: ports/81264
Submitted by: Vsevolod Stakhov <vsevolod@highsecure.ru>
PEAR::Crypt_RSA allows you to use two-key strong cryptography like RSA with
arbitrary key length.
PR: ports/80939
Submitted by: Antonio Carlos Venancio Junior <antonio@php.net>
CSP is a Perl class and script for running multiple CAs. OpenSSL is used
for all operations. CSP can also generate a small CA website used to
distribute certificates and CRLs.
WWW: http://devel.it.su.se/projects/CSP/
PR: ports/79885
Submitted by: David Thiel <lx@redundancy.redundancy.org>
Internet Drafts: SECSH-TRANS(22), SECSH-USERAUTH(25), SECSH-CONNECTION(23),
SECSH-ARCH(20), SECSH-FILEXFER(06)*, SECSH-DHGEX(04), and SECSH-NUMBERS(10).
for SSL/TLS servers though perhaps useful for other (non-SSL/TLS)
circumstances.
Also includes a self-contained network abstraction library (libnal), and the
sslswamp SSL/TLS benchmark/test utility.
PR: ports/79879
Submitted by: Marcel Prisi <marcel.prisi@virtua.ch>
though perhaps useful for other (non-SSL/TLS) circumstances.
Also includes a self-contained network abstraction library (libnal), and the
sslswamp SSL/TLS benchmark/test utility.
PR: ports/79878
Submitted by: Marcel Prisi <marcel.prisi@virtua.ch>
Preference Manager is a class to handle user preferences in a web application,
looking them up in a table using a combination of their userid, and the
preference name to get a value, and (optionally) returning a default value for
the preference if no value could be found for that user.
It is designed to be used alongside the PEAR Auth class, but can be used with
anything that allows you to obtain the user's id - including your own code.
PR: ports/79556
Submitted by: Antonio Carlos Venancio Junior <antonio@php.net>
program coded purely in C with the ability to gather as much information as
possible about a host.
PR: ports/77142
Submitted by: Vaida Bogdan <vaidab@phenix.rootshell.be>,
James Greig <james@mor-pah.net>
With PEAR::File_SMBPasswd you can maintain smbpasswd-files, usualy used by
SAMBA.
PR: ports/78642
Submitted by: Antonio Carlos Venancio Junior <antonio@php.net>
Currently these types of CHAP are supported:
* CHAP-MD5
* MS-CHAPv1
* MS-CHAPv2
PR: ports/78641
Submitted by: Antonio Carlos Venancio Junior <antonio@php.net>
BASE is the Basic Analysis and Security Engine. It is based on the code
from the ACID project. This application provides a PHP-based web front-end
to query and analyze the alerts coming from a Snort IDS system.
BASE is a web interface to perform analysis of intrusions that Snort has
detected on your network. It uses a user authentication and role-base
system, so that you as the security admin can decide what and how much
information each user can see. It also has a simple to use, web-based
setup program for people not comfortable with editing files directly.
WWW: http://secureideas.sourceforge.net/
PR: ports/74492 [1], ports/77103 [2]
Submitted by: Linh Pham <question+fbsdports@closedsrc.org> [1],
Paul Schmhel <pauls@utdallas.edu> [2]
Certificate Enrollment Protocol). SSCEP is designed for OpenBSD's isakmpd,
but it will propably work with any Unix system with a recent compiler and
OpenSSL toolkit libraries installed.
PR: ports/77595
Submitted by: Vsevolod Stakhov <vsevolod(at)highsecure.ru>
produces graphs of clean emails, spam emails and infected emails broken down by
virus, from amavis log entries. RRD files are created and updated by a perl
script run from cron. Graphs are generated by a php script and viewed with a
web browser.
PR: ports/68934
Submitted by: Mantas Kaulakys <stone@tainet.lt>
from the Snort network intrusion detection system and allows Snort to
run at full speed. It accepts binary inputs from snort and outputs
human readable files to disc or to a database. At present, barnyard
is designed to accept binary inputs from snort and produce either human
readable files for parsing by log parsers or feed data directly to a
database (either mysql or postgresql at present.).
PR: ports/77044, ports/77322
Submitted by: Paul Schmehl <pauls@utdallas.edu>
In an effort to be proactive in doing my part to stop the massive
quantities of internet traffic probing for open ports or more
specifically the probing for known ports that MS Windows spyware,
Trojans, and whatever other MS Windows ports are commonly probed
which result in increasing my bandwidth usage charges, I wrote this
perl application for reporting that abuse to the sender's ISP, with
the hopes they will monitor the abuser and terminate the abuser's
internet account and or take legal action.
WWW: http://www.dshield.org/linux_clients.php#freebsd
Author: Joe Barbish <fbsd_user@a1poweruser.com>
PR: ports/68662
Submitted by: Joe Barbish <fbsd_user@a1poweruser.com>
This perl script is an official DShield client whose purpose is to
read your FreeBSD ipfilter firewall ipmon log file and convert the
log records to the standard DShield reporting record format, and
embed the converted log records into the body of an email that gets
sent to DShield for automatic addition to their database and abuse
reporting to the offenders ISP if you are an subscribed DShield member.
PR: ports/68661
Submitted by: Joe Barbish <fbsd_user@a1poweruser.com>
