[ pt
en ]
All of the following programs, made by me, are available
under the GNU
GPL version 2,
unless otherwise specified.
Things I made:
-
ipconf
- IPConf helps the configuration of a firewall.
New connections are allowed only if the destination ip:port
are in a list of allowed connections.
Different lists exist for input, output and routed connections,
as well as if UDP or TCP.
top
-
webpam.tar.gz
- WebPam provides a way for remotely
configuring PAM. It has some interesting features: no temporary
files are used; all alterations are made only when decided by the
user, no intermediate changes; has on-line help and information
about PAM; and only allows the use of modules where legal.
This program was made as a school work for Systems Administration
of the course of
LESI at University of
Minho, Portugal, jointly with my colleague
Ricardo Costa.
This program is given to public domain.
top
-
bash-2.05b-loghist.patch
- This is a small patch that enables bash to log commands executed by
users to syslog.
Versions:
How to use:
The compiling and configuration options are:
- -DLOGHIST: enables the code that logs the commands
- -DLOGFAC=LOG_FACILITY: defines which service should
the commands be logged as (USER, AUTH, DAEMON, man syslog.conf
for more information)
By default the service used is LOG_USER.
- -DLOGPRI=LOG_LEVEL: defines the level of logging
(EMERG, CRIT, etc., see the man page).
By default it's used level LOG_INFO.
- -DNAMELEN=n: defines the size of buffers for storing
the name of the user, group, etc. By default the size is 32
bytes, more than enough for an usual system.
- -DLOGNUMERIC: log the numeric values of pid, uid,
etc., instead of their respective names.
- -DLOGMINUID=uid: only log commands executed by users
which uid is higher than the specified.
By default, all users' commands are logged.
- -DLOGGROUP=gid: log only commands executed by users
which gid (group) is the one specified.
- -DLOGNOTGROUP=gid: only log commands executed by
users that have the same gid as the one specified.
top
- randfile.c
- This program randomly selects and returns a file from the files
available under some directory. It may return a different file
each time the current one is opened and read, or as soon as
some period of time elapses.
Generic usage:: randfile -<type> [<cycles>]
<destination file> <source directory>
Cycles: as soon as the program as cycled over the files in
the directory the specified number of times, it exits.
Types of work:
- -p:
named pipe or fifo
This method guarantees that each time a program opens the
destination file it gets a different one. Also, this is
the most resource conservative method. But it has the
disadvantage that not every program will work (notably KDM),
because the opened file can't be mmap(2)ed, nor lseek(2)ed.
- -f:
symbolic link
This method recreates the destination file each time it
detects that the current one has been read. The destination
file is a symbolic link when supported by the filesystem,
otherwise the original file in the source directory will be
copied over to the new destination. This way, every type
of program is supported, but at the cost of copying files,
if symlink(2) is not supported, and for using some resources
to check if the file has been read (albeit very few).
- -t<time>:
periodic substitution
This is the same method as the previous one, with the
difference that it doesn't check whether the current file
as already been read, it just replaces the file after
a certain period of time.
- -l:
list
This type results only in the program displaying the
generated random list of files on the screen. Be careful
to specify the maximum number of cycles the program my
run, or it will run indefinitely!
top
- ptun.c &
predir.c
- The
ptun program creates a tcp/ip tunnel through a
proxy server to some other server, as long as not limited by the
configuration of the proxy server.
The predir program allows the destination server to
redirect those connections to services or servers.
It becomes necessary when the proxy server is only configured
to allow CONNECTs to HTTPS servers (port 443), so you can only
connect to a single service in your server. But in this case,
by running the predir in your server, you may then
redirect the connections to the proper place (SSH/IMAP/etc.).
Usage:
- Compiling
cc -o ptun ptun.c
cc -o predir predir.c
- Running
ptun: server:port [ local_port [ proxy
[ proxy's_port [ predir's_service ] ] ] ]
predir: service_name:server:port ....
it is only necessary to specify either the service
name, the server, or the port, the other values
get their default from the given on.
See the header of the source code for more
information.
top
-
rootjail-0.1.tar.gz
- RootJail was made to help create root jails.
This cages allow a program to run without access to the system's
and other programs' filesystem. Its topmost directory is
changed so that it can't do any harm to other files.
The creation of this jails is restricted to the super-user, root, so
to any program be run inside that jail it needs to have root rights,
but if it keeps them after being jailed, it will be able to get
out very easily. And to change a program to drop those priviledges
isn't a trivial task. It isn't that hard anyway, but it all gets
much easier with this program: all you have to do is prepare
the jail and specify the directory, the final user rights (not
root, but a normal user), and the program to execute. This program
then takes care of jailing, dropping permissions, execution of
the program, and re-execute it if it terminates (preserving against
DoS).
See the README file for more information.
top
-
xcorner.c
- Xcorner is a nifty little program to
execute commands when the mouse pointer goes to a corner of the
screen.
The commands can be executed normally, or under a gnome-terminal
(GNOME), konsole (KDE) or xterm (X) window.
For information on how to specify those options, which command
to define to which corner and some other options see the
header of the source code.
top
-
inb-0.1.0.tar.gz
- Personally I fell that the best strategy game yet is
StarCraft.
However, it has a flaw in that it doesn't allow Multiplayer games
between people not in the same physical network without using
Battle.Net.
So I created INB, or
InterNetworkBridge, that is nothing more than a transparent
bridge (device that interconnects more two or more physical networks
in a transparent way, thus creating a single logical network), with
the additional feature of not being limited to directly connected
physical networks by being able to use normal TCP/IP connections
(cable, xDSL, frame relay, HDLC, etc.).
cable or adsl, dedicated line FR, HDLC, etc.).
Details on how to compile and execute and security considerations
can be found in the documentation provided in the package.
top
-
squash-dgux-x86.c
- This is a generic program to exploit vulnerabilities in
Data General's Unix (DGUX) programs,
and thus obtain adicional privileges.
The assembly code inserted into the vulnerable program is
described in this file
and the vulnerabilities found are listed
here.
The advisory sent by me to Bugtraq can found in
Security
Focus,
Security
Team and
Security Tracker.
top
-
plug.c
- This is a daemon alike to predir above: it listens in a given port
and redirects all connections to other port in the same or other
server.
It has the adicional feature of logging the data transmitted in each
connection.
top
-
Antiquities
-
Here you will find some very old programs of
mine, that as time passed lost bits and bytes and pieces,
and became obsolete...
As example, there's a mini-howto
on how to change ProFTPd to work under a root jail but the
patch to the daemon itself is lost, but that's ok, ProFTPd
already supports natively root jails per users, and some
security problems on ProFTPd have been found and corrected...
The antiquities are autologin, chrooted proftpd, halt.com,
hexd.c, stat.c, play.bas.
top
(c) 2002, Luciano Rocha
(GPG Public Key)