Free to audit software for linux

SMBD Audit application is a set of VFS audit module for Samba 3 and web frontend to view and search samba audit logs.

Module stores logs directly into MySQL database with libmysqlclient.

You can search database by Login, Address, Share, Action, Log Message(specify filename or directory name), From and To Date.

Here is a very short list of what SMBD Audit package includes, and what it does.

- a VFS audit module, to provide logging to MySQL database

- a web front end to view and search logs.

SLAD is a tool for performing local security checks against GNU/Linux systems.

SLAD has been primarily developed for the BOSS project to work together with Nessus to enhance its local scanning capabilities. For example, scanning for weak passwords with a tool like John-the-Ripper is something that simply cannot be achieved by a network scan.

Therefore, SLAD is required to be installed on every GNU/Linux system where local auditing needs to be done. SLAD can then be used as a stand-alone application or more conveniently through Nessus. For usage with Nessus two NASL plugins are provided for interfacing between Nessus and SLAD

The Version 2.0 provides a XML Interface for Parameters and easy integration of additional audit-parameters and tools. To help the administrator to integrate a new feature-set, a development-documentation is provided with the cvs.

SLAD has been tested and verified on the following platforms:

RedHat Fedora Core 3
SuSe 9.2
Debian 3.0 (woody)
Debian 3.1 (sarge)
ERPOSS3
Gentoo Linux 2004.3

SLAD is implemented in Perl and provides an extendable plugin architecture allowing to use various GPL-based security scanners and auditing tools under one common framework. Currently, SLAD comes packaged with

John-the-Ripper
Chkrootkit
LSOF
ClamAV
Tripwire
TIGER

As a result SLAD delivers reports of these locally installed auditing and analysis tools. When used with Nessus the individual reports are wrapped into a standard Nessus report.

SLAD as well as the SLAD NASL Plugins can be downloaded from this Website in their current stable release V2.0.

Installation:

You can use our "easy-to-use" GTK installer, this installer downloads the lastest SLAD Release Binary, and install it on the target system. You only need to provide the login for the traget system.

glibc-audit is a modified version of glibc for application developers who check their code with an automatic memory access checker such as valgrind, Insure++, or Purify.
glibc-audit has been audited and cleaned up so that reports from the developers use of a memory access checker are more likely to be interesting to the developer, with less "noise" from the C library itself. Typically, glibc-audit initializes all of its local variables and structs before use. Ordinary glibc uses uninitialized dummy variables that are "dont-care" to its logic but reported by the memory access checker.
Also, the r_debug.r_brk protocol has been enhanced to co-operate with a co-resident auditor. If the auditor sets .r_brk, then the runtime loader will call the auditor directly whenever a shared library event occurs.
This is much more convenient than using breakpoints. By default the old breakpoint protocol works just like before. The new protocol is binary compatible with the old on machines where a pointer to a function is the same size as an ordinary pointer. Platforms where a pointer to a function is larger (such as HP-PA RISC, Alpha processor, or PowerPC) are not binary backward compatible, and will have to increment r_debug.r_version. Exising clients (such as gdb) also will see an ignorable type mismatch error when they are built. But for now, it is worth more not to antagonize gdb at runtime on x86.
The patch modifies 91 files. Compared to glibc-2.3.2-27.9, the additional code occupies 18 more bytes of .text, and 24 fewer bytes in the .so. On a nano-scopic scale, the typical execution cost is 0 to 3 CPU cycles per affected routine; the estimated median total impact is less than 1 second per machine per day. In the case of *printf(), glibc-audit is faster than glibc because the cleaned-up source helps gcc-3.2 avoid generating atrocious code when initializing printf_spec.info for parse_one_spec() in stdio-common/printf-parse.h.
Glibc-audit was constructed by running a memory access checker on the internal testcases of glibc, then analyzing the reported errors and modifying the source. The process revealed 10 memory access bugs in glibc-2.3.2-11.9. Seven were fixed in glibc-2.3.2-27.9, two more have been fixed in CVS, and one is a design flaw that probably will not be fixed.
Predecessor patches to glibc-audit-1 were submitted to the glibc project, but those patches were ignored [user "guest", password "guest"], declined, or rejected. There is enough improvement in usability and reliability to publish glibc-audit-1 separately.
The unmodified glibc-2.3.2-27.9.src.rpm is available from RedHat mirrors. rpmbuild -ba --target i686 took about 4 hours and 2.5GB of disk space on a machine with 1.1GHz CPU, 384MB RAM, UDMA100 disk.
Enhancements:
- The patches were updated to glibc-2.4-4.
- A glibc bug that interfered with gdb stop-on-solib-events was fixed.
- On x86, x86-64, and PowerPC, the __NR_open system call was improved to avoid leaking information from the user to the kernel.

Spike PHP Security Audit Tool project is a tool that performs a static analysis of PHP code for security exploits.
Usage:
To install, unzip Spike phpSecAudit package.
> unzip spike_phpSecAudit.zip
Change directory to your php repository.
> cd /path/to/code/to/audit
Execute the run.php, passing the file name or directory to audit.
> php /path/to/spike_phpSecAudit/run.php test_file.php
or
> php /path/to/spike_phpSecAudit/run.php dir_name
Enhancements:
- Modified to be PHP 4 friendly.
- A few functions have been added to the knowledge base: extract, shell_exec, pcntl_exec, and exec.
- The organization of the knowledge base file (vuln_db.xml) has been slightly improved.
- The _getAllPhpFiles function may miss a few (unverified).
- The tokenizer needs to be able to differentiate between a native function call and class method call of the same name, i.e. mail() and $class->mail().

RefactorIT project is a tool for Java developers. A developer can take source code of any size and complexity and rework it into well-designed code by means of over 30 automated refactorings.
In addition, it provides a comprehensive set of smart query functions, a graphical dependency analyzer, and over 100 quality metrics and audits that make it possible to analyze and track large volumes of code.
It may be used as a stand-alone tool or installed as an add-in to NetBeans, Sun ONE Studio, JDeveloper, and JBuilder.
Speed and flexibility, innovativeness and aesthetics, power and appeal - todays developers and software architects expect a lot from their software development tools.
Spontaneity is especially important: we all want to be able to put our plans into action quickly.
RefactorIT is the ideal development tool for people who enjoy their freedom - it is the first comprehensive refactoring and code analyses tool that goes everywhere you want to take it - no matter...
- what IDE your team is working with - by choice or force,
- what kind of Java technologies you are developing with,
- how daring your refactoring project may seem.
RefactorIT provides
- Automatic Refactoring Operations,
- Code Searches and Analysis,
- Audits and Corrective Actions,
- Metrics,
- IDE integrations,
- Full JSP support.

Network Security Analysis Tool is a fast, stable bulk security scanner designed to audit remote network services and check for versions, security problems, gather information about the servers and the machine, and much more.

A manpage providing extensive information on NSAT has been included in the distribution. It is available after a make install, or just by typing man doc/nsat.8 from this dir. It is suggested that you inform yourself at least about the -v (scan verbosity) option and edit the configuration file. To learn about changes in this version, please consult doc/CHANGES.

New to this version is support for distributed scanning. The manpage describes how to do a distributed scan. Note that distributed scanning in this version is just a preliminary, proof-of-concept, implementation with no guarantees for its security, reliability, or performance.

Check for updated vulnerability lists, config files, etc. from
http://nsat.sourceforge.net

Currently, these are lists of vulnerabilities:

nsat.cgi (CGI scripts)
nsat.conf (configuration)
src/mod/snmp.h (SNMP community names)

MfGames.Utility is a collection of useful C# classes that have no dependencies outside of the core libraries.
The MfGames.Utility library for C# and VB.NET is a general purposes library that contains many useful functions, but requires no additional libraries outside of itself and the core.
Main features:
- Random Number Generation
- Simple Logging
- Auditing Framework
- Tiny Functions
Enhancements:
- log4net has been merged as an optional compile.
- This release adds basic vector, matrix, quaternion, and euler rotation objects.
- The Auditable framework has been enhanced to allow for nested reporting of issues.