Jim Lippard's Security Software
These are some software tools, all in Perl, which I've developed for
my own use. Others are welcome to use them for noncommercial use,
with no warranty. All were originally written for OpenBSD.
In the absence of other license information within each package,
assume that each is copyrighted by Jim Lippard, with all rights
reserved, with license granted for noncommercial use. Assume
a BSD-3 license.
Also see Github: https://github.com/lippard661
- discord.org-2024-pkg.pub: signify public key for verifying signed packages
- accttools.tgz: Process accounting tools (written for *BSD) for generating
a baseline and auditing for divergences from the baseline. Current version is a beta (really more of
a proof-of-concept), 0.5, 2012-12-23.
- add_host-1.3.tgz: add_host/remove_host, Perl script for adding and removing IPs from
files used for firewalling (and from pf tables). Current version is 1.3, 2023-01-29.
- arpwatch-3.6 OpenBSD package. This is Lawrence Livermore Labs' arpwatch, patched for OpenBSD to use
unveil and _arpwatch user. The patches are approximately equivalent to the
standard OpenBSD package, which uses arpwatch-2.1a15 and does not use unveil.
(I attempted to use pledge as well, but the restricted mode of pledge
doesn't allow the bpf-related system calls, such as BIOCSETF.)
- faild.pl: Monitors an Internet connection for uptime, fails over to an
alternate connection if one is available. Current version is 1.9a, 2024-07-20.
- portcheck.pl: Updates OpenBSD ports tree. Current version 1.3, 2024-08-03.
- reportnew-1.19a.tgz: Monitors logs for new entries and generates email reports
for entries matching certain criteria. Works for syslog, cyclog, and multilog formats, and for BSD process accounting logs. Current
version is 1.19a, 2024-08-02. Available here or on Github as an OpenBSD-style package.
- rsync-client.pl: Managed synchronization of files between systems
via an unprivileged user. Current version is 2024-09-02. Packaged together with some other rsync tools as rsync-tools-20240902.tgz. The latter is available here or on Github as an OpenBSD-style package.
- sha2_create.pl/sha2_compare.pl/sha3_create.pl/sha3_compare.pl: Creates databases of SHA2/SHA3 digests and compares against them. Also supports SHA1, but that is deprecated. Intended for setting baselines for use in forensic
analysis, similar to the Sun Solaris Fingerprint Database, and for finding and
removing unused files after an upgrade -- that use case now obsoleted by OpenBSD's sysclean. The following databases of
OpenBSD SHA2/SHA3 digests are available:
- OpenBSD 6.9 amd64 (SHA3),
OpenBSD 6.9 amd64 (SHA2)
- OpenBSD 6.8 amd64 (SHA3),
OpenBSD 6.8 amd64 (SHA2)
- OpenBSD 6.7 amd64 (SHA3),
OpenBSD 6.7 amd64 (SHA2)
- OpenBSD 6.6 amd64 (SHA3),
OpenBSD 6.6 amd64 (SHA2)
- OpenBSD 6.5 amd64 (SHA3),
OpenBSD 6.5 amd64 (SHA2)
- OpenBSD 6.4 amd64 (SHA3),
OpenBSD 6.4 amd64 (SHA2)
- OpenBSD 6.3 amd64 (SHA3),
OpenBSD 6.3 amd64 (SHA2)
- OpenBSD 6.2 amd64 (SHA3),
OpenBSD 6.2 amd64 (SHA2)
- OpenBSD 6.2 i386 (SHA3),
OpenBSD 6.2 i386 (SHA2)
- OpenBSD 6.1 amd64 (SHA3),
OpenBSD 6.1 amd64 (SHA2)
- OpenBSD 6.1 i386 (SHA3),
OpenBSD 6.1 i386 (SHA2)
- OpenBSD 6.0 amd64 (SHA3),
OpenBSD 6.0 amd64 (SHA2)
- OpenBSD 6.0 i386 (SHA3),
OpenBSD 6.0 i386 (SHA2)
- OpenBSD 5.9 amd64 (SHA3),
OpenBSD 5.9 amd64 (SHA2)
- OpenBSD 5.9 i386 (SHA3),
OpenBSD 5.9 i386 (SHA2)
- OpenBSD 5.8 amd64 (SHA3),
OpenBSD 5.8 amd64 (SHA2)
- OpenBSD 5.8 i386 (SHA3),
OpenBSD 5.8 i386 (SHA2)
- OpenBSD 5.7 amd64 (SHA2)
- OpenBSD 5.7 i386 (SHA2)
- OpenBSD 5.6 amd64 (SHA2)
- OpenBSD 5.6 i386 (SHA2)
- OpenBSD 5.5 amd64 (SHA2)
- OpenBSD 5.5 i386 (SHA2)
- OpenBSD 5.4 amd64 (SHA2)
- OpenBSD 5.4 i386 (SHA2)
- OpenBSD 5.3 amd64 (SHA2)
- OpenBSD 5.3 i386 (SHA2)
- OpenBSD 5.2 amd64 (SHA2)
- OpenBSD 5.2 i386 (SHA2)
- OpenBSD 5.1 amd64 (SHA2)
- OpenBSD 5.1 i386 (SHA2)
- OpenBSD 5.0 amd64 (SHA2)
- OpenBSD 5.0 i386 (SHA2)
- OpenBSD 4.9 i386 (SHA2)
- OpenBSD 4.8 i386 (SHA2)
- OpenBSD 4.8 macppc (SHA2)
- OpenBSD 4.7 i386 (SHA2)
- OpenBSD 4.7 macppc (SHA2)
- OpenBSD 4.6 i386 (SHA2)
- OpenBSD 4.6 macppc (SHA2)
- OpenBSD 4.5 i386 (SHA2)
- OpenBSD 4.5 macppc (SHA2)
- OpenBSD 4.4 i386 (SHA2)
- OpenBSD 4.4 macppc (SHA2)
- OpenBSD 4.3 i386 (SHA2)
- OpenBSD 4.3 macppc (SHA2)
- OpenBSD 4.2 i386 (SHA2)
- OpenBSD 4.2 macppc (SHA2)
- OpenBSD 4.1 i386 (SHA2)
- OpenBSD 4.1 macppc (SHA2)
- OpenBSD 4.0 i386 (SHA2)
- OpenBSD 4.0 macppc (SHA2)
- OpenBSD 3.9 i386 (SHA2)
- OpenBSD 3.9 macppc (SHA2)
- OpenBSD 3.8 i386 (SHA2)
- OpenBSD 3.8 macppc (SHA2).
- Signify-1.0c.tgz: Signify.pm, perl module wrapper for OpenBSD signify. Current version is 1.0b, 2024-08-01. Available here or on Github as an OpenBSD-style package.
- sigtree-1.19c.tgz: Tripwire/Samhain-like program, monitors file
system integrity. Written for *BSD, macOS, and Linux. Current version is 1.19c, 2024-09-01. Available here or on Github as an OpenBSD-style package. v1.19c allows child forks with Parallel::ForkManager and uses Signify.pm, 1.18d is last version without Signify.pm dependency.
- syslock/sysunlock: Sets system files immutable, so that they cannot be changed by root unless the system is brought into single-user mode. Written for OpenBSD, but will work with *BSD with the appropriate changes
to the locations of commands (e.g. chflags). Current version: 1.8a, 1 September 2024. Available here or on Github as an OpenBSD-style package.