michaelrash

Pop	279.79
Vit	28.23

fwknop implements an authorization scheme called Single Packet Authorization that requires only a single encrypted packet to communicate various pieces of information, including desired access through an iptables, ipfw, or pf firewall policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap. Also supported is a robust port knocking implementation based around iptables log messages.

Pop	264.53
Vit	24.36

fwsnort translates snort rules into an equivalent iptables ruleset. By making use of the iptables string match module, fwsnort can detect application layer signatures which exist in many snort rules. fwsnort adds a --hex-string option to iptables, which allows snort rules that contain hex characters to be input directly into iptables rulesets without modification. In addition, fwsnort makes use of the IPTables::Parse Perl module in order to (optionally) restrict the snort rule translation to only those rules that specify traffic that could potentially be allowed through an existing iptables policy.

Pop	16.76
Vit	42.21

Gootrude takes a set of search terms for Yahoo! and graphs the numeric results returned over time. It collects information through normal Web queries and graphs it with Gnuplot. It supports search term queries as well as queries for the number of backwards links to a site.

Pop	175.46
Vit	8.80

gpgdir is a script that encrypts and decrypts directories using a GPG key specified in ~/.gpgdirrc. It supports recursively descending through a directory in order to make sure it encrypts or decrypts every file in a directory and all of its subdirectories. All file mtime and atime values are preserved across encryption and decryption operations. In addition, gpgdir is careful not to encrypt hidden files and directories.

Pop	608.98
Vit	43.27

The Port Scan Attack Detector (psad) is a collection of three system daemons that are designed to work with the Linux iptables firewalling code to detect port scans and other suspect traffic. It features a set of highly configurable danger thresholds (with sensible defaults), verbose alert messages, email alerting, DShield reporting, and automatic blocking of offending IP addresses. Psad incorporates many of the packet signatures included in Snort to detect various kinds of suspicious scans, and implements the same passive OS fingerprinting algorithm used by p0f.

Pop	18.19
Vit	1.00

shwatchr is a small Perl script that audits logins to shell accounts on Linux/*NIX machines that originate from arbitrary hosts on the Internet. When a successful login occurs and a shell is spawned, shwatchr is executed from the shell rc file and compares the host from which the login originates against a list of known/allowed hosts. If a match is not found then shwatchr can be configured to either send an email to a separate alert email address that contains the time and host from which the login took place or issue a warning and proceed to kill all user shells. shwatchr does not require root to execute and hence users can have some measure of knowledge and security over who is logging into their accounts even if they can't modify firewall or tcpwrapper rulesets, or look at system logs.