Free chicago transit authority software for linux

Graphical certification authority project is a graphical user interface to OpenSSL, RSA/DSA public keys, certificates, signing requests and revokation lists.
The keys have an internal counter, counting its use to avoid a duplicate use of a key for creating a certificate or request.
The Keys are of course encrypted in the db file.
Xca supports next to the usual PEM and DER format of certificates the import and export of PKCS#12 (aka *.pfx) files and the Certificate import from PKCS#7 files.
Certificates can be created by self signing it, by signing it by an other (usually CA) certificate or by signing a PKCS#10 request. Netscape SPKAC is supported since version 0.4.6. The validity dates and x509.v3 extensions can be adjusted to fit ones needs. The use of multiple certificates in CA chains is supported and a tree view of the certificates reflects the dependencies. The application takes care to not create duplicate certificates by checking the serial number(s) on import and creation of certificates.
Certificate Templates can be used to preset the input dialog with reasonable values and to simplify the process of creating certificates and requests.
Issued certificates can be revoked and the revokation list can be created and exported. External revokation lists can be imported and examined.
Enhancements:
- This version fixes an issue where some CA signed certificates were not sorted correctly below that CA.
- Malformed certificates no longer cause a crash.
- The string encoding rules for the distinguished name can now be set in the options dialog and PKCS#10 attributes can be set and inspected.

Hierarchical Grid Site Managment is a front-end to the database that keeps information about the grid sites (clusters), their admins, email and phone contacts, other contact people, site nodes and resources, downtimes etc.
These sites are organized by country and countries are organized by regions. The admins of each site can also update the information about the site.
To summarize the design, the applications supports only one GOC (Grid Operation Center), assuming that it is used for only one grid. It can have several ROCs (Regional Operation Centers), each ROC can have several countries, and each country can have several sites.
Each ROC, country and site can have one (or more) admins, which are able to modify the data of the structure (record) which they admin (ROC, country or site), and to manage substructures as well.
Managing substructures means that they can also validate/appoint the admins of the substructures, e.g. a country admin can validate/appoint the site admins. The admins are recognized automatically by their certificate (without the need to use passwords).
For each structure (ROC, country, site), contact info about it are stored, including email and phone. For the sites, general info about it are stored, contact info, info about its resources and capacities, site contacts, site downtimes, and info about its nodes. For more details see the DB design: hgsm_design.sql.
In the pages where a user has edit rights (in the node where he is admin and in all the subnodes), an Edit button is displayed. Clicking in this button, the page will be displayed in the edit mode, where the fields of information can be modified, the rows of the lists can be edited or deleted, new rows can be added in the lists, etc. The id and the admins of a node can be modified only by an admin of the parent node.
Main features:
- Has a database with information about a hierarchical structure (GOC-->ROCs-->Countries-->Sites-->Nodes).
- This information is published to the www by a web application.
- Each node of the tree has also one or more admins, which can modify the data of the node which they admin, and also the data of the subnodes.
- The admins of a node can appoint (set/modify/delete) the admins of the subnodes and leave up to them the modification/update of the subnode information (to make their job easier and for decentralization).
- Authentication (recognizing that somebody is admin of a node and has the rights to modify it) is done automatically by the application, using personal certificates, which are issued and verified by a certain certification authority. This means that everybody that is an admin, must have a valid certificate installed in his browser.
- The application also supports i18n and l10n (is multilingual, can be translated into several languages).
Enhancements:
- This release includes full internationalization and localization support for Albanian and Croatian.
- It also contains bdii.php?type1+type2+type3 and ldap2mysql.py the scripts.
- Some small improvements and bugfixes were made.

Dartmouth OpenCA-LiveCD project is an KNOPPIX remaster.

Dartmouth OpenCA-LiveCD is a bootable CD with an installation script to help people have an OpenCA Certificate Authority ready for testing in just a few minutes.

This CD works on most Intel architecture PCs regardless of what operating system is installed on its hard disk and even without any hard disk installed. It will not modify any contents of your hard disk unless you specifically ask it to do so.

On boot, you will be asked to provide your Organization, Location (state), and the email address of the OpenCA administrator. Default values will be used if no answers are provided.

Fast Secure File System exports existing directories securely over the network, letting users store and retrieve encrypted data in a scalable and transparent way. FSFS is written in C and works on GNU/Linux systems on x86 and PPC architectures, with help from FUSE and OpenSSL.
File systems are easily the most evident, from the point of view of users, component of an operating system. Through file systems it is possible to organize data in a wide variety of ways, and access resources through a common interface.
Users can nowadays not only store and retrieve documents, but also find information on running processes and system settings (through ProcFS), access and manipulate e-mail (for example with GmailFS), or perform several other operations.
In several circumstances and scenarios it is desirable to protect stored files and directories from manipulation by unknown or malicious users: financial or health-related data, confidential documents, or any kind of personal or sensitive data may need to be stored securely, in such a way that it can not be examined or modified freely by third parties.
Most file systems do not take action in this sense, and external cryptographic utilities are sometimes employed to secure data before storage. While this can be a perfectly secure solution, it is not transparent to users.
Distributed file systems propose efficient ways of accessing data remotely as if it resided on the local machine; when it comes to dealing with securely stored data as in the examples above, care must be taken to preserve confidentiality and integrity also during network transfer.
Not all distributed file systems accomplish this task, weakening the overall security of the system, or do so inefficiently, making it inconvenient for users.
FSFS is a secure, distributed file system in users space, written in C with much help from FUSE and OpenSSL. It lets users store and retrieve data securely and transparently, knowing that it is protected both on permanent storage devices and while in transit over the network.
It is also concerned with scalability, therefore separates data cryptography from the server, leaving it to the clients; this approach is similar to the one used in CFS, and opposite to those taken on by other secure file system solutions (like NFS on top of IPsec).
FSFS is written as a pair of user space daemons that act as client and server. Because of this, it needs no kernel support (unlike NFS over IPsec), save the FUSE loadable kernel module on clients, included in Linux since 2.6.14; servers dont use FUSE and depend only on user space OpenSSL libraries.
Servers export an existing file system (of virtually any kind) to clients over the network through two separate channels: a TLS connection set up with OpenSSL, and a clear channel. Requests from the clients to the servers are sent via the TLS socket, thus they are encrypted and authenticated, according to TLS v1 specifications, by the channel itself and decrypted on receipt, as they are usually very short and the relevant cryptography does not constitute a great overhead; simple server replies undergo the same process.
Cryptography in this case happens at both ends of the transmission.
In a distributed file system, large amounts of data may be transferred between clients and servers, thus encrypting and decrypting everything may become too cumbersome for both parties, and as more clients are added to the system the server may severely lose performance; moreover, file data should be stored encrypted anyway, so the cryptography could be moved to the clients, in such a way that each encrypts data before a write operation sends it over the network to the server, and decrypts it after a read retrieves it.
This way servers only deal with TLS details and can concentrate on serving client requests by doing the relevant I/O on the underlying, "physical" file system. As the data is already encrypted, it does not need to go through the TLS channel and the corresponding overhead, but can be sent via the clear channel, provided the messages are authenticated.
Enhancements:
- This release fixes two bugs. One bug related to socket creation and would cause problems on some systems (namely OpenSUSE 10.2). The other bug related to server configuration creation when using the Python configuration utilities. Users dont need to upgrade to this release if theyre not experiencing problems or are not using the Python configuration utilities.

UPS Track shipping module for LiteCommerce provides you with up-to-the-minute shipping status reports to your customers right from within your online store. Such feature encourages your customers to return to your shop and track their shipments or check the delivery status of their orders.
Namely, the UPS Track shipping add-on allows your customers to check the current status of their orders in LiteCommerce using online tracking option on the "Orders history" page.
The UPS Track shipping module for LiteCommerce displays the complete tracking information that is available in the UPS by the moment customers perform the request. Notice, the tracking information is updated each time tracking labels are scanned in the UPS delivery system.
There are the following options available in the tracking activity records:
- Origin and destination addresses Origin and destination addresses
- Pick up and delivery dates Pick up and delivery dates
- All UPS locations where the shipping label was scanned All UPS locations where the shipping label was scanned
- Current location of the shipment Current location of the shipment
- Current status of the shipment Current status of the shipment: In Transit, Delivered, Exception, Pickup, Manifest Pickup

GeoTIFF Viewer is a simple viewer for GeoTIFF files, which are georeferenced raster images, typically used for maps.
Ive noticed that there really arent any programs for Linux that just view maps. There are several GIS packages, but if all you want to do is look, theyre overkill. I wrote GeoTIFF Viewer to be a simple viewer of digital raster graphics.
It uses libtiff and libgeotiff for the heavy lifting of reading the TIFF and associated GeoTIFF tags, and GTK+, GDK, and GLib for the widgets and graphical utilities. As such, it should run on any platform that these do, which is to say, most modern operating systems.
Digital raster graphics for California can be freely obtained at The California Spatial Information Library. The USGS and the Tennessee Valley Authority have data for the rest of the country.
Installation:
The simplest way to compile this package is:
1. `cd to the directory containing the packages source code and type `./configure to configure the package for your system. If youre using `csh on an old version of System V, you might need to type `sh ./configure instead to prevent `csh from trying to execute `configure itself.
Running `configure takes awhile. While running, it prints some messages telling which features it is checking for.
2. Type `make to compile the package.
3. Optionally, type `make check to run any self-tests that come with the package.
4. Type `make install to install the programs and any data files and documentation.
5. You can remove the program binaries and object files from the source code directory by typing `make clean. To also remove the files that `configure created (so you can compile the package for a different kind of computer), type `make distclean. There is also a `make maintainer-clean target, but that is intended mainly for the packages developers. If you use it, you may have to get all sorts of other programs in order to regenerate files that came with the distribution.
Enhancements:
- This release fixes calculation of seconds when lat/long is being displayed.

gnoMint is a Certification Authority management tool for GTK/Gnome.
gnoMint is a tool for an easy creation and management of Certification Authorities. It allows a fancy visualization of all the pieces that conform a CA: x509 certificates, CSRs, CRLs...
Currently, this first v0.1.0 allows the creation of CAs, CSRs and Certificates. It can export both public and private parts of them into PEM formatted files.
This is the first public release. It has known bugs, and it is not feature-completed yet.
However, gnoMint is now perfectly usable for managing a CA that emits certificates able to:
- Authenticate people or machines in VPNs (IPSec or other protocols);
- Secure HTTP communications with SSL/TLS secured web servers;
- Authenticate and cipher HTTP communications through web-client certificates;
- Sign and/or crypt e-mails
Enhancements:
- This version can import the public part of Certificate Signing Requests made by other applications as long as they are formatted in PEM or in DER formats.
- This way, gnoMint can make certificates for remote users or systems that can create their CSRs with other instances of gnoMint or other software.
- This version has updated its DB format, and ensures that there wont be two or more CSRs in the database with the same Distinguished Name (DN).
- It also fixes some nasty bugs.

Packet filtering setup script by Anthony C. Zboralski. Adapted by Didi Damian for iptables version 1.0.0

Sample:

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

# Set up variables
EXT_IF="eth0"
INT_IF="eth1"
EXT_IP=24.x.x.x/32
INT_IP=192.168.0.1/32
EXT_NET=24.x.x.0/24
INT_NET=192.168.0.0/24
MASQ_NETS="192.168.0.0/24"
LOCAL_ADDRS="127.0.0.0/8 192.168.0.1/32 24.x.x.x/32"
MAIL_RELAY=24.x.x.x/32
SMB_ACCESS="192.168.0.2/32"
SMB_BCAST="192.168.0.255/32"

# Turn on IP forwarding
echo Turning on IP forwarding.
echo 1 > /proc/sys/net/ipv4/ip_forward

# Load the ip_tables module
echo Loading ip_tables module.
/sbin/modprobe ip_tables || exit 1
# I let the kernel dynamically load the other modules

echo Flush standard tables.
iptables --flush INPUT
iptables --flush OUTPUT
iptables --flush FORWARD
echo Deny everything until firewall setup is completed.
iptables --policy INPUT DROP
iptables --policy OUTPUT DROP
iptables --policy FORWARD DROP

CHAINS=`iptables -n -L |perl -n -e /Chains+(S+)/ && !($1 =~ /^(INPUT|FORWARD|OUTPUT)$/) && print "$1 "`
echo Remove remaining chains:
echo $CHAINS
for chain in $CHAINS; do
iptables --flush $chain
done
# 2nd step cause of dependencies
for chain in $CHAINS; do
iptables --delete-chain $chain
done

for net in $MASQ_NETS; do
# I delete all the rules so you can rerun the scripts without bloating
# your nat entries.
iptables -D POSTROUTING -t nat -s $MASQ_NETS -j MASQUERADE 2>/dev/null
iptables -A POSTROUTING -t nat -s $MASQ_NETS -j MASQUERADE || exit 1
done
iptables --policy FORWARD ACCEPT

# Create a target for logging and dropping packets
iptables --new LDROP 2>/dev/null
iptables -A LDROP --proto tcp -j LOG --log-level info
--log-prefix "TCP Drop "
iptables -A LDROP --proto udp -j LOG --log-level info
--log-prefix "UDP Drop "
iptables -A LDROP --proto icmp -j LOG --log-level info
--log-prefix "ICMP Drop "
iptables -A LDROP --proto gre -j LOG --log-level info
--log-prefix "GRE Drop "

iptables -A LDROP -f -j LOG --log-level emerg
--log-prefix "FRAG Drop "
iptables -A LDROP -j DROP

# Create a table for watching some accepting rules
iptables --new WATCH 2>/dev/null
iptables -A WATCH -m limit -j LOG --log-level warn --log-prefix "ACCEPT "
iptables -A WATCH -j ACCEPT


echo Special target for local addresses:
iptables --new LOCAL 2>/dev/null
echo $LOCAL_ADDRS
for ip in $LOCAL_ADDRS; do
iptables -A INPUT --dst $ip -j LOCAL
# iptables -A INPUT --src $ip -i ! lo -j LDROP # lame spoof protect
done
echo Authorize mail from mail relay.
iptables -A LOCAL --proto tcp --syn --src $MAIL_RELAY --dst $EXT_IP --dport 25 -j ACCEPT


echo Authorizing samba access to:
echo $SMB_ACCESS
iptables --new SMB 2>/dev/null
for ip in $SMB_ACCESS; do
iptables -A SMB -s $ip -j ACCEPT
done
iptables -A LOCAL --proto udp -i ! $EXT_IF --dport 135:139 -j SMB
iptables -A LOCAL --proto tcp -i ! $EXT_IF --dport 135:139 -j SMB
iptables -A LOCAL --proto tcp -i ! $EXT_IF --dport 445 -j SMB
iptables -A INPUT -i ! $EXT_IF --dst $SMB_BCAST -j ACCEPT #lame samba broadcast

echo Drop and log every other incoming tcp connection attempts.
iptables -A LOCAL -i ! lo --proto tcp --syn --j LDROP

echo Authorize dns access for local nets.
for net in $MASQ_NETS 127.0.0.0/8; do
iptables -A INPUT --proto udp --src $net --dport 53 -j ACCEPT
done


echo Enforcing up ICMP policies, use iptables -L ICMP to check.
# If you deny all ICMP messages you head for trouble since it would
# break lots of tcp/ip algorythm (acz)
iptables --new ICMP 2>/dev/null
iptables -A INPUT --proto icmp -j ICMP
iptables -A ICMP -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A ICMP -p icmp --icmp-type destination-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type network-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type host-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type protocol-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type port-unreachable -j ACCEPT
iptables -A ICMP -p icmp --icmp-type fragmentation-needed -j LDROP
iptables -A ICMP -p icmp --icmp-type source-route-failed -j WATCH
iptables -A ICMP -p icmp --icmp-type network-unknown -j WATCH
iptables -A ICMP -p icmp --icmp-type host-unknown -j WATCH
iptables -A ICMP -p icmp --icmp-type network-prohibited -j WATCH
iptables -A ICMP -p icmp --icmp-type host-prohibited -j WATCH
iptables -A ICMP -p icmp --icmp-type TOS-network-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type TOS-host-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type communication-prohibited -j WATCH
iptables -A ICMP -p icmp --icmp-type host-precedence-violation -j LDROP
iptables -A ICMP -p icmp --icmp-type precedence-cutoff -j LDROP
iptables -A ICMP -p icmp --icmp-type source-quench -j LDROP
iptables -A ICMP -p icmp --icmp-type redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type network-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type host-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type TOS-network-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type TOS-host-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type echo-request -j WATCH
iptables -A ICMP -p icmp --icmp-type router-advertisement -j LDROP
iptables -A ICMP -p icmp --icmp-type router-solicitation -j LDROP
iptables -A ICMP -p icmp --icmp-type time-exceeded -j WATCH
iptables -A ICMP -p icmp --icmp-type ttl-zero-during-transit -j WATCH
iptables -A ICMP -p icmp --icmp-type ttl-zero-during-reassembly -j WATCH
iptables -A ICMP -p icmp --icmp-type parameter-problem -j WATCH
iptables -A ICMP -p icmp --icmp-type ip-header-bad -j WATCH
iptables -A ICMP -p icmp --icmp-type required-option-missing -j WATCH
iptables -A ICMP -p icmp --icmp-type timestamp-request -j LDROP
iptables -A ICMP -p icmp --icmp-type timestamp-reply -j LDROP
iptables -A ICMP -p icmp --icmp-type address-mask-request -j LDROP
iptables -A ICMP -p icmp --icmp-type address-mask-reply -j LDROP
iptables -A ICMP -p icmp -j LDROP

echo Authorize tcp traffic.
iptables -A INPUT --proto tcp -j ACCEPT

echo Authorize packet output.
iptables --policy OUTPUT ACCEPT

#echo reject ident if you drop em you gotta wait for timeout
#iptables -I LOCAL --proto tcp --syn --dst $EXT_IP --dport 113 -j REJECT

echo Drop and log all udp below 1024.
iptables -A INPUT -i ! lo --proto udp --dport :1023 -j LDROP

echo Drop rpc dynamic udp port:
RPC_UDP=`rpcinfo -p localhost|perl -n -e /.*udps+(d+)s+/ && print $1,"n"|sort -u`
echo $RPC_UDP
for port in $RPC_UDP; do
iptables -A LOCAL -i ! lo --proto udp --dport $port -j LDROP
done

echo Authorize udp above 1024.
iptables -A INPUT --proto udp --dport 1024: -j ACCEPT