Free smbd audit software for linux

Qmail Auditor consists of a email auditing tool.
QMail Auditor provides simple a method for auditing emails. It is easy to configure and uses regular expressions as rules.
The format of audit file is :
Any e-mail (outbound or inbound) have passed at this filter.
The valids "field header"(s) :
all - field from or to of e-mails
to - field to
from - field from
In case of regular expression you read the
# man re_format
# man regex
E-mail to forward is a valid mail account to redirect.
Example of this :
from nelio@walk.* auditoria@spyware.walk.com.br
to nelio@spyware.* auditoria@spyware.walk.com.br
Enhancements:
- Now the config file name has renamed.
- From audit (in /var/qmail/control for /var/qmail/control/auditor) and qmail-queue-real-audit for qmail-queue-real-auditor.

glibc-audit is a modified version of glibc for application developers who check their code with an automatic memory access checker such as valgrind, Insure++, or Purify.
glibc-audit has been audited and cleaned up so that reports from the developers use of a memory access checker are more likely to be interesting to the developer, with less "noise" from the C library itself. Typically, glibc-audit initializes all of its local variables and structs before use. Ordinary glibc uses uninitialized dummy variables that are "dont-care" to its logic but reported by the memory access checker.
Also, the r_debug.r_brk protocol has been enhanced to co-operate with a co-resident auditor. If the auditor sets .r_brk, then the runtime loader will call the auditor directly whenever a shared library event occurs.
This is much more convenient than using breakpoints. By default the old breakpoint protocol works just like before. The new protocol is binary compatible with the old on machines where a pointer to a function is the same size as an ordinary pointer. Platforms where a pointer to a function is larger (such as HP-PA RISC, Alpha processor, or PowerPC) are not binary backward compatible, and will have to increment r_debug.r_version. Exising clients (such as gdb) also will see an ignorable type mismatch error when they are built. But for now, it is worth more not to antagonize gdb at runtime on x86.
The patch modifies 91 files. Compared to glibc-2.3.2-27.9, the additional code occupies 18 more bytes of .text, and 24 fewer bytes in the .so. On a nano-scopic scale, the typical execution cost is 0 to 3 CPU cycles per affected routine; the estimated median total impact is less than 1 second per machine per day. In the case of *printf(), glibc-audit is faster than glibc because the cleaned-up source helps gcc-3.2 avoid generating atrocious code when initializing printf_spec.info for parse_one_spec() in stdio-common/printf-parse.h.
Glibc-audit was constructed by running a memory access checker on the internal testcases of glibc, then analyzing the reported errors and modifying the source. The process revealed 10 memory access bugs in glibc-2.3.2-11.9. Seven were fixed in glibc-2.3.2-27.9, two more have been fixed in CVS, and one is a design flaw that probably will not be fixed.
Predecessor patches to glibc-audit-1 were submitted to the glibc project, but those patches were ignored [user "guest", password "guest"], declined, or rejected. There is enough improvement in usability and reliability to publish glibc-audit-1 separately.
The unmodified glibc-2.3.2-27.9.src.rpm is available from RedHat mirrors. rpmbuild -ba --target i686 took about 4 hours and 2.5GB of disk space on a machine with 1.1GHz CPU, 384MB RAM, UDMA100 disk.
Enhancements:
- The patches were updated to glibc-2.4-4.
- A glibc bug that interfered with gdb stop-on-solib-events was fixed.
- On x86, x86-64, and PowerPC, the __NR_open system call was improved to avoid leaking information from the user to the kernel.

audit package contains the user-space utilities for creating audit rules. As well as for storing and searching the audit records generate by the audit subsystem in the Linux 2.6 kernel.
Usage:
Examples usage of utilities:
General:
Window 1:
./auditd
Window 2 (you dont have to have the daemon running to try this, but
enabled has to be 1):
./auditctl -s
./auditctl -a entry,always -S open
ls
./auditctl -d entry,always -S open
Identity tracking:
./auditctl -a exit,always -S all -F loginuid=2000
./auditctl -L 2000,"test uid"
Enhancements:
- Updates were made to system-config-audit. auditctl was updated to better handle watching of directories with older kernels.
- Memory leaks and an invalid free in auditd were fixed along with interpretations in auparse.

Spike PHP Security Audit Tool project is a tool that performs a static analysis of PHP code for security exploits.
Usage:
To install, unzip Spike phpSecAudit package.
> unzip spike_phpSecAudit.zip
Change directory to your php repository.
> cd /path/to/code/to/audit
Execute the run.php, passing the file name or directory to audit.
> php /path/to/spike_phpSecAudit/run.php test_file.php
or
> php /path/to/spike_phpSecAudit/run.php dir_name
Enhancements:
- Modified to be PHP 4 friendly.
- A few functions have been added to the knowledge base: extract, shell_exec, pcntl_exec, and exec.
- The organization of the knowledge base file (vuln_db.xml) has been slightly improved.
- The _getAllPhpFiles function may miss a few (unverified).
- The tokenizer needs to be able to differentiate between a native function call and class method call of the same name, i.e. mail() and $class->mail().

CCSAT provides an automated configuration security audit tool for Cisco routers and switches.

CCSAT (Cisco Configuration Security Auditing Tool) is a tool for automated auditing of configuration security for large numbers of Cisco routers and switches.

The tool is based upon industry best practices, including Cisco, NSA, and SANS security guides and recommendations.

It is flexible and can report details down to individual device interfaces, lines, ACLs, and ASs, etc.

This tool has been tested and used successfully on FreeBSD, Solaris 8, and Linux, and should work on all major UNIX platforms (POSIX.2).

HOW-TO:

1) To start, have this script (ccsat) in your working directory /root/Desktop;
2) Within that directory, create subdirectories /root/Desktop/config and /root/Desktop/report;
3) Put config files in /root/Desktop/config and ensure same file extension (default .txt);
4) If none, then add file extension (commands provided here);
5) Run ./ccsat 12.3 (assuming 12.3 is the latest IOS);
6) The main report will be /root/Desktop/report/audit-results.

The aim of CMS Made Simple is to supply a simple and effective way of managing content of primarily static sites. Before you can ask why you need a content management system for a site that doesnt change its content, let me tell you.
There are tons of content management systems out there but they are basically all the same. Other CMS systems are great if you have a lot of news or articles on your site, but what if your site content doesnt change a lot, or only small parts of it change? Doesnt make a lot of sense to create a new entry in your blog style site just for a simple update, and whats the point of having time stamped blog entries if you are constantly updating them? Voila, in comes CMS Made Simple.
CMS lets you update your pages and keep the content on a static page that will not become stale regardless of how much other content gets placed on your site, unlike a blog style site where entries get pushed off the page and your users have to check the archives or know an obscure link to get to the original story.
Main features:
- Easy user and group management
- Group-based permission system
- Intelligent caching mechanism to only get what is necessary from the database
- Full template support, for unlimted looks without changing a line of content
- Easy wizard based install and upgrade procedures
- Minimal requirements
- Admin panel with multiple language support
- Integrated, Optional WYSIWYG
- Content hierarchy with unlimited depth and size
- Optional self-generating menus
- Integrated file manager w/ upload capabilities
- Module API for unlimited expandability
- Integrated audit log
- Included News module
- Included RSS module
- Ability to program simple PHP coded plugins right inside the admin
- Friendly support in forums and irc

Packit (Packet toolkit) is a network auditing tool. Its value is derived from its ability to customize, inject, monitor, and manipulate IP traffic.
By allowing you to define (spoof) nearly all TCP, ICMP, IP, ARP, UDP, RARP, and Ethernet header options, Packit can be useful in testing firewalls, intrusion detection/prevention systems, port scanning, simulating network traffic, and general TCP/IP auditing. Packit is also an excellent tool for learning TCP/IP.
Packit 1.0 requires libnet 1.1.2 or greater as well as libpcap. It has been successfully compiled and tested to run on FreeBSD, NetBSD, OpenBSD, MacOS X and Linux.
Due to shifting priorities, this project is now in maintenance mode. If you find a bug, either submit a patch or email me the details. Ill do my best to put out fix in a reasonable amount of time.
Enhancements:
Injection:
- Bugfix NULL bytes in the payload (patch contributed by: Jason Copenhaver)
General:
- Updates to several build routines to support libnet 1.1.2+