shwatchr is a small Perl script that audits logins to shell accounts on Linux/*NIX machines that originate from arbitrary hosts on the Internet. When a successful login occurs and a shell is spawned, shwatchr is executed from the shell rc file and compares the host from which the login originates against a list of known/allowed hosts. If a match is not found then shwatchr can be configured to either send an email to a separate alert email address that contains the time and host from which the login took place or issue a warning and proceed to kill all user shells. shwatchr does not require root to execute and hence users can have some measure of knowledge and security over who is logging into their accounts even if they can't modify firewall or tcpwrapper rulesets, or look at system logs.
The Port Scan Attack Detector (psad) is a collection of three system daemons that are designed to work with the Linux iptables firewalling code to detect port scans and other suspect traffic. It features a set of highly configurable danger thresholds (with sensible defaults), verbose alert messages, email alerting, DShield reporting, and automatic blocking of offending IP addresses. Psad incorporates many of the packet signatures included in Snort to detect various kinds of suspicious scans, and implements the same passive OS fingerprinting algorithm used by p0f.
gpgdir is a script that encrypts and decrypts directories using a GPG key specified in ~/.gpgdirrc. It supports recursively descending through a directory in order to make sure it encrypts or decrypts every file in a directory and all of its subdirectories. All file mtime and atime values are preserved across encryption and decryption operations. In addition, gpgdir is careful not to encrypt hidden files and directories.
fwsnort translates snort rules into an equivalent iptables ruleset. By making use of the iptables string match module, fwsnort can detect application layer signatures which exist in many snort rules. fwsnort adds a --hex-string option to iptables, which allows snort rules that contain hex characters to be input directly into iptables rulesets without modification. In addition, fwsnort makes use of the IPTables::Parse Perl module in order to (optionally) restrict the snort rule translation to only those rules that specify traffic that could potentially be allowed through an existing iptables policy.
fwknop implements an authorization scheme called Single Packet Authorization that requires only a single encrypted packet to communicate various pieces of information, including desired access through an iptables, ipfw, or pf firewall policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap. Also supported is a robust port knocking implementation based around iptables log messages.
Re: gpgdir no longer working with perl 5.10
> Since I have updated to Perl 5.10,
> gpgdir is no longer working; I get the
> following message:
> "/usr/bin/perl: symbol lookup
> undefined symbol:
> Could you make a suggestion?
> Many thanks !
Hi, can you try re-installing gpgdir by either using the install.pl script in the gpgdir tarball, or by using the automated RPM builder?:
# ./cd_rpmbuilder -p gpgdir
Re: Extra external IP source
> You can use as IP source also the
> following Webpage:
Thanks, yes that page works great as an additional auto-resolution URL with the --URL option to the fwknop client.