Wietse's tools and papers

This is my PGP public key. You can reach me personally at wietse@wzv.win.tue.nl.

Table of Contents

• Wietse's Tools

• Wietse's Papers

• Tools and Papers by other people

SATAN (satan-1.1.1.tar.Z) (README file) (PGP signature)

For more than one year the most famous piece of Internet vaporware, now materialized and available for all. SATAN closes much of the knowledge gap between intruders and system administrators, by proposing fixes instead of showing how to exploit problems.

This unusual program is the result of an even more unusual cooperation between Wietse Venema and Dan Farmer.

TCP Wrapper (tcp_wrappers_7.2.tar.gz) (BLURB file) (PGP signature)

Wietse Venema's network logger, also known as TCPD or LOG_TCP. These programs log the remote host name of incoming telnet, ftp, ,rsh, rlogin, finger etc. requests. Security options are: access control per host, domain and/or service; detection of host name spoofing or host address spoofing; booby traps to implement an early-warning system. The current version supports the System V.4 TLI network programming interface (Solaris, DG/UX) in addition to the traditional BSD sockets.

Chrootuid (chrootuid1.2.shar.Z) (BLURB file) (PGP signature)

Chrootuid makes it easy to run a network service at low privilege level and with restricted file system access. At Eindhoven University we use this program to run the gopher and www (world-wide web) network daemons in a minimal environment: the daemons have access only to their own directory tree, and run under a low-privileged userid. The arrangement greatly reduces the impact of possible loopholes in daemon software.

Portmap (portmap_3.shar.Z) (BLURB file) (PGP signature)

Replacement portmapper with access control. Makes it somewhat harder to attack your RPC daemons, for example to steal YP password maps or NFS file handles. Must be linked against a library produced with a recent tcp wrapper (log_tcp) release (see above). Tested with Ultrix [34], SunOS 4.1.x, HP-UX 8.0, AIX 3.1.5 (bsdcc compiler with -D_SUN). If you run SunOS 4, the securelib library (see above) is better because it can also cope with direct attacks on your RPC daemons (i.e. attacks without assistance from portmap). SunOS4 users should replace their NIS/portmap daemons with fixed ones from Sun that implement access control (patch 100482-xx).

Rpcbind (rpcbind_1.1.tar.Z) (README file) (PGP signature)

Replacement rpcbind program (the System V.4 portmapper) that prevents intruders from bypassing your NFS export restrictions. Derived from a legal copy of the SunOS 5.3 rpcbind source code.

Logdaemon (logdaemon-4.8.tar.gz) (README file) (PGP signature)

• Rlogin and rsh daemons that log the remote user name as well as the remote host name, with tcp_wrapper access control. These daemons are believed to be drop-in replacements for SunOS 4.x, Ultrix 4.x and SunOS 5.x (Solaris 2.x). Reportedly work with HP-UX.

• Login replacement that supports S/Key one-time passwords, per-user/host/terminal access control, and with a fascist login failure logging (tested with SunOS 4.x and 5.x). Reportedly works with HP-UX.

• Ftp daemon that supports S/Key one-time passwords, fascist login failure logging, and logging of anonymous FTP xfers (tested with SunOS 4.x and 5.x). Probably works with HP-UX.

• Rexec daemon that supports S/Key one-time passwords, fascist login failure logging, and that blocks access to the root account (tested with SunOS 4.x and 5.x) with fascist login failure logging and tcp_wrapper access control. Probably works with HP-UX.

Unproto (unproto5.shar.Z)

A program that turns your traditional C compiler into one that understands a very large subset of ANSI C. Includes stdarg->varargs translation. The program is a wrapper around the C preprocessor that on the fly translates ANSI C to traditional C. It comes with a set of ANSI include files.

Yapasswd (yapasswd.tar.Z) (PGP signature)

Yet another password command for SunOS 4.x and 5.x. No shadow support, uses insecure NIS, but we depend on it anyway.

Agetty (agetty.shar.Z)

A flexible getty (portmon) replacement for System V Release 2, SunOS 4.x, and SunOS 5.x. Automagically adapts to parity settings, erase characters etcetera. This is another program that my sanity depends on when I hook up modems or terminals to my own machines.

surrogate-syslog.tar.Z (PGP signature)

For systems that have no syslog library (or one that does not work). This version logs directly to a file (default /usr/spool/mqueue/syslog). The fakesyslog that comes with nntp seems to be OK, too.

admin-guide-to-cracking.101.Z (ascii)

Slightly updated version of an article that was posted to Usenet on December 2, 1993, titled: "Improving the security of your site by breaking into it." by Dan Farmer and Wietse Venema. The paper explains to the administrator what crackers have known for a long time.

The paper also announces a piece of security software called SATAN (Security Administrator Tool for Analyzing Networks). It took the authors more than a year to fulfill their promise.

satan_doc.tar.Z (README file) (PGP signature)

Updated version of the SATAN documentation release on March 15, 1995. This archive contains a sample database that illustrates a lot of the problems that SATAN can find for you.

ASCII version (wgkennis.txt)

Text (in Dutch) of a talk given at the "Wij geven kennis" congress on November 23, 1994, In Amsterdam. Explains to a less technical audience what kinds of risks one can expect when connecting the local network with networks of other organizations.

tcp_wrapper.ps.Z (postscript)
tcp_wrapper.txt.Z (ascii)

Presented at the 3rd UNIX Security Symposium (Baltimore, September 1992). Describes the development of the tcp wrapper tool (aka the log_tcp package) to trace a malicious Dutch computer cracker (see also: tcp_wrapper.dutch.ps.Z (postscript)
tcp_wrapper.dutch.txt.Z (ascii)

Text (in Dutch!) of a presentation given at the 23 april 1992 security meeting of the NLUUG (Dutch UNIX users group) and SURF (network provider for the Dutch universities).