VPNC - Client for Cisco 3000 VPN Concentrator
A VPN client compatible with Cisco's EasyVPN equipment.
Supports IPSec (ESP) with Mode Configuration and Xauth.
Supports only shared-secret IPSec authentication, 3DES, MD5,
and IP tunneling. It runs entirely in userspace
PR: 60283
Submitted by: Christian Lackas
Graphical certification authority is an interface for managing
RSA keys and certificates, and the creation and signing of PKCS#10 requests.
It uses the OpenSSL library and a Berkeley DB for key and certificate storage.
It supports importing and exporting keys and PEM DER PKCS8 certificates,
signing and revoking of PEM DER PKCS12, and selection of x509v3 extensions.
A tree view of certificates is presented.
Author: Christian Hohnstaedt <christian@hohnstaedt.de>
WWW: http://www.hohnstaedt.de/xca.html
PR: 58378
Submitted by: Valentin Zahariev <curly@e-card.bg>
While pam(8) refers Linux-PAM Guides at ``SEE ALSO'' section,
it seems no documentation is in ports/ tree.
I think reading those docs takes good understanding of PAM
in RELENG_4, and also OpenPAM in HEAD.
PR: ports/53490
Submitted by: Hideyuki KURASHINA <rushani@FreeBSD.org>
A small SSH Askpass replacement written with GTK2. Features
fullscreen dialog and translucent background.
PR: ports/56537
Submitted by: Manuel Rabade <mig@mig-29.net>
security/opensc port that works with Estonian Electronic ID card
This is modified version of the OpenSC port that works with
Estonian Electronic ID card (EstEID).
WWW: http://marie.vtl.ee/esteid/
PR: ports/56612
Submitted by: Sven Petai <hadara@bsd.ee>
autossh is a program to start a copy of ssh and monitor it, restarting
it as necessary should it die or stop passing traffic.
The original idea and the mechanism were from rstunnel (Reliable SSH
Tunnel). With this version the method changes: autossh uses ssh to
construct a loop of ssh forwardings (one from local to remote, one
from remote to local), and then sends test data that it expects to
get back. (The idea is thanks to Terrence Martin.)
WWW: http://www.harding.motd.ca/autossh/
Destroy, A program that destroys files on the hard disk by
writing null and random bytes to the file, then unlinking
it.
PR: ports/50291
Submitted by: Shane Kinney <shane@freebsdhackers.net>
This is a commercial stand-alone solution written in C not a PERL script +
myriads of dependencies + some AV...
Licenses for private (individual, non-commercial) use, e.g. for protecting
your family's home network, can be applied for free of charge.
Submitted by: Marius Strobl <marius@alchemy.franken.de>
Dropbear is an SSH 2 server, designed to be usable in small
memory environments.
It supports:
* Main features of SSH 2 protocol
* Implements X11 forwarding, and authentication-agent forwarding
for OpenSSH clients
* Compatible with OpenSSH ~/.ssh/authorized_keys public key
authentication
WWW: http://matt.ucc.asn.au/dropbear/dropbear.html
PR: ports/55795
Submitted by: Clement Laforet <sheepkiller@cultdeadsheep.org>
One-file-port, from @stake. This dumps information from
remote RPC. Much like "rpcinfo -p host" on unix hosts.
Please check my patches: I removed an unused function so
this wouldn't be marked as a security sensitive port, and
I'm not sure my Makefile change respects CFLAGS.
PR: ports/46991
Submitted by: Yonatan@xpert.com <Yonatan@xpert.com>
Web server fingerprinting tool, used to identify web servers
that changed thier banners.
PR: ports/50754
Submitted by: Yonatan@xpert.com <Yonatan@xpert.com>
multiprecision integer arithmetic libraries. Presently,
many though not all of the arithmetic operations that
OpenSSL provides are exposed to perl. In addition,
this module can be used to provide access to bignum
values produced by other OpenSSL modules, such as key
parameters from Crypt::OpenSSL::RSA.
TinyCA is a simple graphical userinterface written in Perl/Tk
to manage a small CA (Certification Authority).
PR: 54571
Submitted by: Janos Mohacsi <janos.mohacsi@bsd.hu>
mail admins
Scan Apache log files for CodeRed, Nimda, FormMail, proxy
scanners and other malicious probes. For each one found,
track down the contact email from WHOIS data and send a
notice. Built-in rate controls prevent flooding an admin
even when his machines are scanning at high rates. Runs as
a non-privileged cron job to not interfere with the HTTP
daemon's operation.
Notes to committer:
1. This port installs a user and a group "hunch". It doesn't
meet the conditions listed in the handbook for a "reserved"
uid/gid.
2. portlint will complain about the port. A lot. To the
best of my judgment all of the warnings can be ignored
with the exception of the one about BATCH which I could
find no documentation for. Therefore it is setting
IS_INTERACTIVE.
PR: ports/44836
Submitted by: Dan Pelleg <daniel+hunch@pelleg.org>
Module::Signature adds cryptographic authentications to CPAN
distributions, via the special SIGNATURE file.
If you are a module user, all you have to do is to remember
running "cpansign -v" (or just "cpansign") before issuing
"perl Makefile.PL" or "perl Build.PL"; that will ensure the
distribution has not been tampered with.
For module authors, you'd want to add the SIGNATURE file to
your MANIFEST, then type "cpansign -s" before making a distribution.
Submitted by: autrijus@autrijus.org
ADM smb is a security scanner for Samba
/* based on the src of the smbclient from the samba team */
ADMsmb will perform a complete audit of samba for you on a host you
provide.
PR: ports/53696
Submitted by: Jacek Serwatynski <tutus@trynet.eu.org>
This module lets you generate secure random passwords
with a reasonable amount of pronounceability. It avoids
the problems associated with the FIPS-181 NIST standard
as used by Crypt::RandPasswd. See perldoc for more
details.
PR: 55575
Submitted by: andrew@scoop.co.nz
