diff options
author | Dmitry Marakasov <amdmi3@FreeBSD.org> | 2016-05-19 10:53:05 +0000 |
---|---|---|
committer | Dmitry Marakasov <amdmi3@FreeBSD.org> | 2016-05-19 10:53:05 +0000 |
commit | 1f8b48b772b2d0ac0ed48a8259d2117ea3236a90 (patch) | |
tree | 06f11bc7b351f3abf3bf5507405afdba5374614e /security | |
parent | 4e942b64191e2ef98dce2c5af31047a8640db768 (diff) | |
download | ports-1f8b48b772b2d0ac0ed48a8259d2117ea3236a90.tar.gz ports-1f8b48b772b2d0ac0ed48a8259d2117ea3236a90.zip |
Notes
Diffstat (limited to 'security')
122 files changed, 366 insertions, 366 deletions
diff --git a/security/amavisd-new/pkg-descr b/security/amavisd-new/pkg-descr index cc331ca83ab6..49c7f2b3224b 100644 --- a/security/amavisd-new/pkg-descr +++ b/security/amavisd-new/pkg-descr @@ -1,8 +1,8 @@ -amavisd-new is a performance-enhanced daemonized version of amavis-perl +amavisd-new is a performance-enhanced daemonized version of amavis-perl Note that the installation is different than the original package, and the integration into your MTA can be different, so please read the README and -INSTALL files very carefully. +INSTALL files very carefully. amavisd-new also supports SpamAssassin integration. diff --git a/security/apache-xml-security-c/pkg-descr b/security/apache-xml-security-c/pkg-descr index 8d8124b7a168..84e59084c173 100644 --- a/security/apache-xml-security-c/pkg-descr +++ b/security/apache-xml-security-c/pkg-descr @@ -1,7 +1,7 @@ Apache XML Security for C++ -The Apache XML Security for C++ library is an implementation of the XML -Digital Signature and Encryption specifications, along with some +The Apache XML Security for C++ library is an implementation of the XML +Digital Signature and Encryption specifications, along with some additional XKMS code. WWW: http://santuario.apache.org/cindex.html diff --git a/security/base/pkg-descr b/security/base/pkg-descr index eea4af510e79..b20251ee839d 100644 --- a/security/base/pkg-descr +++ b/security/base/pkg-descr @@ -1,11 +1,11 @@ BASE is the Basic Analysis and Security Engine. It is based on the code -from the ACID project. This application provides a PHP-based web front-end -to query and analyze the alerts coming from a Snort IDS system. +from the ACID project. This application provides a PHP-based web front-end +to query and analyze the alerts coming from a Snort IDS system. BASE is a web interface to perform analysis of intrusions that Snort has detected on your network. It uses a user authentication and role-base system, so that you as the security admin can decide what and how much information each user can see. It also has a simple to use, web-based -setup program for people not comfortable with editing files directly. +setup program for people not comfortable with editing files directly. WWW: http://secureideas.sourceforge.net/ diff --git a/security/beecrypt/pkg-descr b/security/beecrypt/pkg-descr index 69b82959f026..9c0497d157bf 100644 --- a/security/beecrypt/pkg-descr +++ b/security/beecrypt/pkg-descr @@ -5,19 +5,19 @@ some other crypto libraries, BeeCrypt is not designed to solve one specific problem, like file encryption, but to be a general purpose toolkit which can be used in a variety of applications. -The BeeCrypt library currently includes: - - Entropy sources for initializing pseudo-random generators - - Pseudo-random generators: FIPS-186, Mersenne Twister - - Block ciphers: Blowfish - - Hash functions: MD5, SHA-1, SHA-256 - - Keyed hash functions: MD5/HMAC, SHA-1/HMAC, SHA-256/HMAC - - Multi-precision integer library, with assembler-optimized routines +The BeeCrypt library currently includes: + - Entropy sources for initializing pseudo-random generators + - Pseudo-random generators: FIPS-186, Mersenne Twister + - Block ciphers: Blowfish + - Hash functions: MD5, SHA-1, SHA-256 + - Keyed hash functions: MD5/HMAC, SHA-1/HMAC, SHA-256/HMAC + - Multi-precision integer library, with assembler-optimized routines - Probabilistic primality testing, with optimized small prime trial - division - - Discrete logarithm parameter generation over a prime field - - Diffie-Hellman key agreement - - DHAES encryption scheme - - ElGamal signature scheme (two variants) - - Basic RSA primitives and key pair generation + division + - Discrete logarithm parameter generation over a prime field + - Diffie-Hellman key agreement + - DHAES encryption scheme + - ElGamal signature scheme (two variants) + - Basic RSA primitives and key pair generation WWW: http://sourceforge.net/projects/beecrypt diff --git a/security/bsdsfv/pkg-descr b/security/bsdsfv/pkg-descr index c1cc32794a4f..1a079ef199c7 100644 --- a/security/bsdsfv/pkg-descr +++ b/security/bsdsfv/pkg-descr @@ -1,4 +1,4 @@ -BSDsfv is a flexible and highly compatible SFV checksum utility. +BSDsfv is a flexible and highly compatible SFV checksum utility. Features: diff --git a/security/certificate-transparency/pkg-descr b/security/certificate-transparency/pkg-descr index 651db339cfce..74341b0115cc 100644 --- a/security/certificate-transparency/pkg-descr +++ b/security/certificate-transparency/pkg-descr @@ -3,6 +3,6 @@ and auditing SSL certificates in nearly real time. It makes it possible to detect SSL certificates that have been mistakenly issued by a certificate authority or maliciously acquired from an otherwise unimpeachable certificate authority. It also makes it possible to identify certificate authorities -that have gone rogue and are maliciously issuing certificates. +that have gone rogue and are maliciously issuing certificates. WWW: https://www.certificate-transparency.org/ diff --git a/security/checkpassword/pkg-descr b/security/checkpassword/pkg-descr index 3dc3bb130298..45b89677b48e 100644 --- a/security/checkpassword/pkg-descr +++ b/security/checkpassword/pkg-descr @@ -1,5 +1,5 @@ Checkpassword provides a simple, uniform password-checking interface to all root applications. It is suitable for use by applications such as -login, ftpd, and pop3d. +login, ftpd, and pop3d. WWW: http://cr.yp.to/checkpwd.html diff --git a/security/cisco-torch/pkg-descr b/security/cisco-torch/pkg-descr index 1a2e0d6323bb..6bbc296d8c0b 100644 --- a/security/cisco-torch/pkg-descr +++ b/security/cisco-torch/pkg-descr @@ -1,11 +1,11 @@ Cisco-torch is a mass Cisco Vulnerability Scanner. -The main feature that makes Cisco-torch different from similar -tools is the extensive use of forking to launch multiple scanning -processes on the background for maximum scanning efficiency. Also, -it uses several methods of application layer fingerprinting simultaneously, -if needed. We wanted something fast to discover remote Cisco hosts running -Telnet, SSH, Web, NTP and SNMP services and launch dictionary attacks +The main feature that makes Cisco-torch different from similar +tools is the extensive use of forking to launch multiple scanning +processes on the background for maximum scanning efficiency. Also, +it uses several methods of application layer fingerprinting simultaneously, +if needed. We wanted something fast to discover remote Cisco hosts running +Telnet, SSH, Web, NTP and SNMP services and launch dictionary attacks against the services discovered. WWW: http://www.hackingciscoexposed.com/?link=tools diff --git a/security/clamd-stream-client/pkg-descr b/security/clamd-stream-client/pkg-descr index c8425f1435ef..505036944756 100644 --- a/security/clamd-stream-client/pkg-descr +++ b/security/clamd-stream-client/pkg-descr @@ -1,6 +1,6 @@ Small client to ask a clamav antivirus server -if a file containt a virus. May be used with -procmail or maildrop rules. Clamav library +if a file containt a virus. May be used with +procmail or maildrop rules. Clamav library is not required to be installed on the running host. diff --git a/security/clamtk/pkg-descr b/security/clamtk/pkg-descr index 8d8cf639f10e..b5a07198579e 100644 --- a/security/clamtk/pkg-descr +++ b/security/clamtk/pkg-descr @@ -1,4 +1,4 @@ ClamTk is a GUI front-end for ClamAV using gtk2-perl. It is designed to -be an easy-to-use frontend for Unix systems. +be an easy-to-use frontend for Unix systems. WWW: http://clamtk.sourceforge.net/ diff --git a/security/cmd5checkpw/pkg-descr b/security/cmd5checkpw/pkg-descr index 3c3409443f51..8246aac2e731 100644 --- a/security/cmd5checkpw/pkg-descr +++ b/security/cmd5checkpw/pkg-descr @@ -1,6 +1,6 @@ -cmd5checkpw is a checkpassword compatible authentication program that uses -CRAM-MD5 authentication mode. It was designed primary to work with qmail -but it can be used by any other program that knows how to use checkpassword -compatible authentication. +cmd5checkpw is a checkpassword compatible authentication program that uses +CRAM-MD5 authentication mode. It was designed primary to work with qmail +but it can be used by any other program that knows how to use checkpassword +compatible authentication. WWW: http://members.elysium.pl/brush/cmd5checkpw/ diff --git a/security/cryptlib/pkg-descr b/security/cryptlib/pkg-descr index 3831ec3314f6..9ff9a67de8fa 100644 --- a/security/cryptlib/pkg-descr +++ b/security/cryptlib/pkg-descr @@ -1,14 +1,14 @@ -cryptlib is a powerful security toolkit which allows even inexperienced -crypto programmers to easily add encryption and authentication services to -their software. The high-level interface provides anyone with the ability to -add strong security capabilities to an application in as little as half an -hour, without needing to know any of the low-level details which make the -encryption or authentication work. Because of this, cryptlib dramatically +cryptlib is a powerful security toolkit which allows even inexperienced +crypto programmers to easily add encryption and authentication services to +their software. The high-level interface provides anyone with the ability to +add strong security capabilities to an application in as little as half an +hour, without needing to know any of the low-level details which make the +encryption or authentication work. Because of this, cryptlib dramatically reduces the cost involved in adding security to new or existing applications. cryptlib provides a standardised interface to a number of popular encryption -algorithms, as well as providing a high-level interface which hides most of -the implementation details and provides an operating-system-independent +algorithms, as well as providing a high-level interface which hides most of +the implementation details and provides an operating-system-independent encoding method which makes it easy to transfer secured data from one operating environment to another. diff --git a/security/cryptopp/pkg-descr b/security/cryptopp/pkg-descr index 70c4b7293242..d21d6769558a 100644 --- a/security/cryptopp/pkg-descr +++ b/security/cryptopp/pkg-descr @@ -1,7 +1,7 @@ Crypto++ Library is a free C++ class library of cryptographic schemes. -One purpose of Crypto++ is to act as a repository of public domain (not -copyrighted) source code. Although the library is copyrighted as a -compilation, the individual files in it (except for a few exceptions listed -in the license) are in the public domain. +One purpose of Crypto++ is to act as a repository of public domain (not +copyrighted) source code. Although the library is copyrighted as a +compilation, the individual files in it (except for a few exceptions listed +in the license) are in the public domain. WWW: http://www.cryptopp.com/ diff --git a/security/cyrus-sasl2-saslauthd/pkg-descr b/security/cyrus-sasl2-saslauthd/pkg-descr index 44c43a457039..6ed81176a400 100644 --- a/security/cyrus-sasl2-saslauthd/pkg-descr +++ b/security/cyrus-sasl2-saslauthd/pkg-descr @@ -1,6 +1,6 @@ saslauthd is a daemon process that handles plaintext authentication requests on behalf of the SASL library. - + The server fulfills two roles: it isolates all code requiring superuser privileges into a single process, and it can be used to provide proxy authentication services to clients that do not diff --git a/security/d0_blind_id/pkg-descr b/security/d0_blind_id/pkg-descr index 60e191745cad..091937910426 100644 --- a/security/d0_blind_id/pkg-descr +++ b/security/d0_blind_id/pkg-descr @@ -1,4 +1,4 @@ -Cryptographic library to perform identification using Schnorr +Cryptographic library to perform identification using Schnorr Identification scheme and Blind RSA Signatures. WWW: https://github.com/divVerent/d0_blind_id diff --git a/security/denyhosts/pkg-descr b/security/denyhosts/pkg-descr index fc884f1b1fdf..ac7d932a85ca 100644 --- a/security/denyhosts/pkg-descr +++ b/security/denyhosts/pkg-descr @@ -1,8 +1,8 @@ -DenyHosts is a script intended to be run by *ix system administrators to +DenyHosts is a script intended to be run by *ix system administrators to help thwart ssh server attacks. -If you've ever looked at your ssh log (/var/log/auth.log ) you may be alarmed -to see how many hackers attempted to gain access to your server. +If you've ever looked at your ssh log (/var/log/auth.log ) you may be alarmed +to see how many hackers attempted to gain access to your server. Denyhosts helps you: - Parses /var/log/auth.log to find all login attempts - Can be run from the command line, cron or as a daemon (new in 0.9) @@ -11,9 +11,9 @@ Denyhosts helps you: - Keeps track of each non-existent user (eg. sdada) when a login attempt failed. - Keeps track of each existing user (eg. root) when a login attempt failed. - Keeps track of each offending host (hosts can be purged ) -- Keeps track of suspicious logins +- Keeps track of suspicious logins - Keeps track of the file offset, so that you can reparse the same file -- When the log file is rotated, the script will detect it +- When the log file is rotated, the script will detect it - Appends /etc/hosts.allow - Optionally sends an email of newly banned hosts and suspicious logins. - Resolves IP addresses to hostnames, if you want diff --git a/security/digest/pkg-descr b/security/digest/pkg-descr index 003c8b42ddd1..49e9b0427590 100644 --- a/security/digest/pkg-descr +++ b/security/digest/pkg-descr @@ -1,5 +1,5 @@ The digest utility is a wrapper for the md5, sha1, sha256, sha384, -sha512, rmd160, tiger and whirlpool message digest algorithms (also +sha512, rmd160, tiger and whirlpool message digest algorithms (also known as hashes, checksums or "fingerprints"). WWW: http://cvsweb.NetBSD.org/bsdweb.cgi/pkgsrc/pkgtools/digest/ diff --git a/security/doscan/pkg-descr b/security/doscan/pkg-descr index fdcd563489d4..a171475a6c5f 100644 --- a/security/doscan/pkg-descr +++ b/security/doscan/pkg-descr @@ -1,21 +1,21 @@ -Doscan is a tool to quickly scan your network for machines listening on a +Doscan is a tool to quickly scan your network for machines listening on a TCP port, opening thousands of TCP connections in parallel. Features - High scanning rate: five to ten minutes per 100,000 addresses (which + High scanning rate: five to ten minutes per 100,000 addresses (which are sparsely populated with hosts), with rather conservative timeouts. - Load distribution: doscan scans the addresses in a seemingly random -order. If your scan host is connected to a central router, this ensures -that the load is distributed across your network, and you are + Load distribution: doscan scans the addresses in a seemingly random +order. If your scan host is connected to a central router, this ensures +that the load is distributed across your network, and you are stress-testing just a single router, and not your edge devices. - Low memory consumption: memory usage is proportional to the number -of hosts which have responded so far, and to the number of parallel -connections. The total number of addresses does not influence memory usage + Low memory consumption: memory usage is proportional to the number +of hosts which have responded so far, and to the number of parallel +connections. The total number of addresses does not influence memory usage in any way. - Can collect responses: doscan optionally records data which is sent -by the hosts which are being scanned. You can even specify a regular -expression to extract part of a server banner, and a message to send to + Can collect responses: doscan optionally records data which is sent +by the hosts which are being scanned. You can even specify a regular +expression to extract part of a server banner, and a message to send to trigger a response (great for determining HTTP server versions). - Extensibility: It is possible to add special handlers for TCP-based + Extensibility: It is possible to add special handlers for TCP-based protocols, using a straightforward interface. It supports scanning the vulnerable Microsoft DCOM implementation. diff --git a/security/fakeident/pkg-descr b/security/fakeident/pkg-descr index 8be4d30f7323..747ad28b6281 100644 --- a/security/fakeident/pkg-descr +++ b/security/fakeident/pkg-descr @@ -1,5 +1,5 @@ -Fake Identd is a tool that replies with a standard answer to all incoming -identd requests on a host, making it nearly perfect for a masquerading +Fake Identd is a tool that replies with a standard answer to all incoming +identd requests on a host, making it nearly perfect for a masquerading router. WWW: http://hangout.de/fakeidentd/index.html diff --git a/security/fragroute/pkg-descr b/security/fragroute/pkg-descr index 456efae7b6d9..358402d495f7 100644 --- a/security/fragroute/pkg-descr +++ b/security/fragroute/pkg-descr @@ -1,12 +1,12 @@ "Fragroute intercepts, modifies, and rewrites egress traffic destined for a specified host, implementing most of the attacks described in the Secure Networks "Insertion, Evasion, and Denial of Service: Eluding -Network Intrusion Detection" paper of January 1998. +Network Intrusion Detection" paper of January 1998. It features a simple ruleset language to delay, duplicate, drop, fragment, overlap, print, reorder, segment, source-route, or otherwise monkey with all outbound packets destined for a target host, with -minimal support for randomized or probabilistic behaviour. +minimal support for randomized or probabilistic behaviour. This tool was written in good faith to aid in the testing of network intrusion detection systems, firewalls, and basic TCP/IP stack diff --git a/security/fswatch/pkg-descr b/security/fswatch/pkg-descr index e2a14a96a45e..f369be474c99 100644 --- a/security/fswatch/pkg-descr +++ b/security/fswatch/pkg-descr @@ -13,6 +13,6 @@ fswatch: - is one of many similar utilities. the main difference is the configuration. you can define different settings for every directory in a directory tree. - moreover, it is very small and fast. + moreover, it is very small and fast. WWW: http://fswatch.sourceforge.net diff --git a/security/fwbuilder/pkg-descr b/security/fwbuilder/pkg-descr index 630225955878..013a5bc24259 100644 --- a/security/fwbuilder/pkg-descr +++ b/security/fwbuilder/pkg-descr @@ -5,7 +5,7 @@ objects and services (hosts, routers, firewalls, networks, protocols). Firewall Builder helps user maintain database of objects and allows policy editing using simple drag-and-drop operations. -Preferences and objects databases are stored in XML format. +Preferences and objects databases are stored in XML format. GUI and policy compilers are completely independent. Support for a new firewall platform can be added to GUI without any changes done to the program, although new policy compiler must be written. This provides for consistent abstract @@ -13,6 +13,6 @@ model and the same GUI for different firewall platforms. Currently three most popular free firewalls are supported: ipchains, iptables and ipfilter. Because of this, Firewall Builder can be used to manage firewalls built on variety of platforms including, but not limited to, Linux running ipchains or -iptables and FreeBSD or Solaris running ipfilter. +iptables and FreeBSD or Solaris running ipfilter. WWW: http://www.fwbuilder.org/ diff --git a/security/gcr/pkg-descr b/security/gcr/pkg-descr index 5560b6690c45..7ce97cbad1e3 100644 --- a/security/gcr/pkg-descr +++ b/security/gcr/pkg-descr @@ -1,5 +1,5 @@ -Gcr is a library for bits of crypto and security UI, parsing etc. It used +Gcr is a library for bits of crypto and security UI, parsing etc. It used to be part of gnome-keyring. It also provides a viewer and importer for -certificates and private keys. +certificates and private keys. WWW: https://live.gnome.org/GnomeKeyring diff --git a/security/gorilla/pkg-descr b/security/gorilla/pkg-descr index 68e5fcb6cb79..918328aabac0 100644 --- a/security/gorilla/pkg-descr +++ b/security/gorilla/pkg-descr @@ -1,4 +1,4 @@ -Password Gorilla is cross-platform Password Manager. It is +Password Gorilla is cross-platform Password Manager. It is compatible with "Password Safe" from Windows. It uses TCL/Tk and runs on most platforms supported by Tcl/Tk. diff --git a/security/gpass/pkg-descr b/security/gpass/pkg-descr index 7ff7e4b3f5ae..32f617ee2064 100644 --- a/security/gpass/pkg-descr +++ b/security/gpass/pkg-descr @@ -11,7 +11,7 @@ Features: * Quick-search facility. * Username and password may easily be copied to the clipboard. * Encryption is done using the OpenSSL cryptographics library. - * The built-in password generator helps you generate secure passwords. + * The built-in password generator helps you generate secure passwords. * You can launch a website and the associated username/passwords direct from GPass diff --git a/security/gpgdir/pkg-descr b/security/gpgdir/pkg-descr index 18649da709c0..15e355e3f9dc 100644 --- a/security/gpgdir/pkg-descr +++ b/security/gpgdir/pkg-descr @@ -1,4 +1,4 @@ -gpgdir is a perl script that uses the CPAN GnuPG::Interface module -to encrypt and decrypt directories using a gpg key specified in ~/.gpgdirrc. +gpgdir is a perl script that uses the CPAN GnuPG::Interface module +to encrypt and decrypt directories using a gpg key specified in ~/.gpgdirrc. WWW: http://www.cipherdyne.org/gpgdir/ diff --git a/security/gsfv/pkg-descr b/security/gsfv/pkg-descr index 20535c55737d..e2953bf615ad 100644 --- a/security/gsfv/pkg-descr +++ b/security/gsfv/pkg-descr @@ -1,5 +1,5 @@ -GSFV is a graphical interface written in GTK+ for manipulating .sfv -(Simple File Verification) files. +GSFV is a graphical interface written in GTK+ for manipulating .sfv +(Simple File Verification) files. The Simple File Verification (SFV) system is a file integrity verification system which is popular on some platforms. A software package may be diff --git a/security/hackbot/pkg-descr b/security/hackbot/pkg-descr index 56bc87d6a964..d8eb04734773 100644 --- a/security/hackbot/pkg-descr +++ b/security/hackbot/pkg-descr @@ -1,4 +1,4 @@ -Hackbot is a host exploration tool and bannergrabber. It scans numerous +Hackbot is a host exploration tool and bannergrabber. It scans numerous services and vulnerabilities. WWW: http://hackbot.stream-portal.org/ diff --git a/security/honggfuzz/pkg-descr b/security/honggfuzz/pkg-descr index 699c88c8b054..4d9236699536 100644 --- a/security/honggfuzz/pkg-descr +++ b/security/honggfuzz/pkg-descr @@ -1,5 +1,5 @@ Honggfuzz is a general-purpose fuzzing tool. Given a starting corpus of test files, Hongfuzz supplies and modifies input to a test program and utilize the -ptrace() API/POSIX signal interface to detect and log crashes. +ptrace() API/POSIX signal interface to detect and log crashes. WWW: http://code.google.com/p/honggfuzz/ diff --git a/security/hotssh/pkg-descr b/security/hotssh/pkg-descr index 278d6e9cd2ac..0eab96dd4c23 100644 --- a/security/hotssh/pkg-descr +++ b/security/hotssh/pkg-descr @@ -6,10 +6,10 @@ existing terminal window. * Also display and search of local (Avahi) SSH servers * Tabbed display with automatic session saving (Firefox style) * Status bar with information like latency to server and output of - remote uptime + remote uptime * Close integration with OpenSSH features like connection sharing (near-instant new tabs) * NetworkManager integration to easily reconnect after a network - change, great for laptops + change, great for laptops WWW: http://projects.gnome.org/hotssh/ diff --git a/security/hpenc/pkg-descr b/security/hpenc/pkg-descr index deeb45f771c6..59d01783231f 100644 --- a/security/hpenc/pkg-descr +++ b/security/hpenc/pkg-descr @@ -4,8 +4,8 @@ Hpenc is a fast encryption command line tool with the following features: detection. * Parallel processing - hpenc uses block IO and you can process multiple blocks simultaneously, which is extremely useful if you have multi-core environment. -* Strong ciphers - hpenc uses the state-of-art aes-gcm and chacha20 ciphers -* Easy interface +* Strong ciphers - hpenc uses the state-of-art aes-gcm and chacha20 ciphers +* Easy interface * Hardware acceleration - hpenc can utilize all its advanced cryptography functions defined for AES-NI and PCLMULQDQ instructions (that must be supported by openssl). For those with old or embedded CPU (such @@ -14,6 +14,6 @@ as ARM), hpenc provides portable and fast chacha20 cipher. * Secure random numbers generator - hpenc can work as pseudo-random numbers generator. In a set of standard tests (diehard) on the generated sequences hpenc generates secure sequences of pseudo-random numbers on a very high -speed (gigabytes per second). +speed (gigabytes per second). WWW: https://github.com/vstakhov/hpenc/ diff --git a/security/i2p/pkg-descr b/security/i2p/pkg-descr index 86b562a8edd2..7fcb5cbbd4ab 100644 --- a/security/i2p/pkg-descr +++ b/security/i2p/pkg-descr @@ -11,6 +11,6 @@ average person. No network can be "perfectly anonymous". The continued goal of I2P is to make attacks more and more difficult to mount. Its anonymity will get stronger as the size of the network increases and with -ongoing academic review. +ongoing academic review. WWW: http://geti2p.net/ diff --git a/security/idea/pkg-descr b/security/idea/pkg-descr index d31ac7343ee6..799288272aaf 100644 --- a/security/idea/pkg-descr +++ b/security/idea/pkg-descr @@ -1,4 +1,4 @@ -A command line idea encryption and decryption utility written by +A command line idea encryption and decryption utility written by Dr. Richard De Moliner. IDEA (International Data Encryption Algorithm) is a block cipher devel- diff --git a/security/ipfilter2dshield/pkg-descr b/security/ipfilter2dshield/pkg-descr index 94cc0d4de97c..67a1ce626980 100644 --- a/security/ipfilter2dshield/pkg-descr +++ b/security/ipfilter2dshield/pkg-descr @@ -1,8 +1,8 @@ -This perl script is an official DShield client who's purpose is to +This perl script is an official DShield client who's purpose is to read your FreeBSD ipfilter firewall ipmon log file and convert the -log records to the standard DShield reporting record format, and -imbed the converted log records into the body of an email that gets -sent to DShield for automatic addition to their database and abuse +log records to the standard DShield reporting record format, and +imbed the converted log records into the body of an email that gets +sent to DShield for automatic addition to their database and abuse reporting to the offenders ISP if you are an subscribed DShield member. Script contains user customable defaults which can be overridden with diff --git a/security/isnprober/pkg-descr b/security/isnprober/pkg-descr index e7c199b333fe..ea076f08fa07 100644 --- a/security/isnprober/pkg-descr +++ b/security/isnprober/pkg-descr @@ -1,5 +1,5 @@ -- ISNprober / Tom Vandepoel (Tom.Vandepoel@ubizen.com) -- -ISNprober is a tool that samples TCP Initial Sequence Numbers or IP ID's -and can use that information to determine if a set of IP addresses belong +ISNprober is a tool that samples TCP Initial Sequence Numbers or IP ID's +and can use that information to determine if a set of IP addresses belong to the same TCP/IP stack (machine) or not. diff --git a/security/krb5-112/pkg-descr b/security/krb5-112/pkg-descr index d11e2e6d1c15..5940aeab0176 100644 --- a/security/krb5-112/pkg-descr +++ b/security/krb5-112/pkg-descr @@ -1,24 +1,24 @@ -Kerberos V5 is an authentication system developed at MIT. +Kerberos V5 is an authentication system developed at MIT. WWW: http://web.mit.edu/kerberos/ Abridged from the User Guide: - Under Kerberos, a client sends a request for a ticket to the - Key Distribution Center (KDC). The KDC creates a ticket-granting - ticket (TGT) for the client, encrypts it using the client's - password as the key, and sends the encrypted TGT back to the + Under Kerberos, a client sends a request for a ticket to the + Key Distribution Center (KDC). The KDC creates a ticket-granting + ticket (TGT) for the client, encrypts it using the client's + password as the key, and sends the encrypted TGT back to the client. The client then attempts to decrypt the TGT, using - its password. If the client successfully decrypts the TGT, it - keeps the decrypted TGT, which indicates proof of the client's - identity. The TGT permits the client to obtain additional tickets, + its password. If the client successfully decrypts the TGT, it + keeps the decrypted TGT, which indicates proof of the client's + identity. The TGT permits the client to obtain additional tickets, which give permission for specific services. - Since Kerberos negotiates authenticated, and optionally encrypted, + Since Kerberos negotiates authenticated, and optionally encrypted, communications between two points anywhere on the internet, it provides a layer of security that is not dependent on which side of a firewall either client is on. - The Kerberos V5 package is designed to be easy to use. Most of the + The Kerberos V5 package is designed to be easy to use. Most of the commands are nearly identical to UNIX network programs you are already - used to. Kerberos V5 is a single-sign-on system, which means that you - have to type your password only once per session, and Kerberos does - the authenticating and encrypting transparently. + used to. Kerberos V5 is a single-sign-on system, which means that you + have to type your password only once per session, and Kerberos does + the authenticating and encrypting transparently. Jacques Vidrine <n@nectar.com> diff --git a/security/krb5-113/pkg-descr b/security/krb5-113/pkg-descr index d11e2e6d1c15..5940aeab0176 100644 --- a/security/krb5-113/pkg-descr +++ b/security/krb5-113/pkg-descr @@ -1,24 +1,24 @@ -Kerberos V5 is an authentication system developed at MIT. +Kerberos V5 is an authentication system developed at MIT. WWW: http://web.mit.edu/kerberos/ Abridged from the User Guide: - Under Kerberos, a client sends a request for a ticket to the - Key Distribution Center (KDC). The KDC creates a ticket-granting - ticket (TGT) for the client, encrypts it using the client's - password as the key, and sends the encrypted TGT back to the + Under Kerberos, a client sends a request for a ticket to the + Key Distribution Center (KDC). The KDC creates a ticket-granting + ticket (TGT) for the client, encrypts it using the client's + password as the key, and sends the encrypted TGT back to the client. The client then attempts to decrypt the TGT, using - its password. If the client successfully decrypts the TGT, it - keeps the decrypted TGT, which indicates proof of the client's - identity. The TGT permits the client to obtain additional tickets, + its password. If the client successfully decrypts the TGT, it + keeps the decrypted TGT, which indicates proof of the client's + identity. The TGT permits the client to obtain additional tickets, which give permission for specific services. - Since Kerberos negotiates authenticated, and optionally encrypted, + Since Kerberos negotiates authenticated, and optionally encrypted, communications between two points anywhere on the internet, it provides a layer of security that is not dependent on which side of a firewall either client is on. - The Kerberos V5 package is designed to be easy to use. Most of the + The Kerberos V5 package is designed to be easy to use. Most of the commands are nearly identical to UNIX network programs you are already - used to. Kerberos V5 is a single-sign-on system, which means that you - have to type your password only once per session, and Kerberos does - the authenticating and encrypting transparently. + used to. Kerberos V5 is a single-sign-on system, which means that you + have to type your password only once per session, and Kerberos does + the authenticating and encrypting transparently. Jacques Vidrine <n@nectar.com> diff --git a/security/krb5-114/pkg-descr b/security/krb5-114/pkg-descr index d11e2e6d1c15..5940aeab0176 100644 --- a/security/krb5-114/pkg-descr +++ b/security/krb5-114/pkg-descr @@ -1,24 +1,24 @@ -Kerberos V5 is an authentication system developed at MIT. +Kerberos V5 is an authentication system developed at MIT. WWW: http://web.mit.edu/kerberos/ Abridged from the User Guide: - Under Kerberos, a client sends a request for a ticket to the - Key Distribution Center (KDC). The KDC creates a ticket-granting - ticket (TGT) for the client, encrypts it using the client's - password as the key, and sends the encrypted TGT back to the + Under Kerberos, a client sends a request for a ticket to the + Key Distribution Center (KDC). The KDC creates a ticket-granting + ticket (TGT) for the client, encrypts it using the client's + password as the key, and sends the encrypted TGT back to the client. The client then attempts to decrypt the TGT, using - its password. If the client successfully decrypts the TGT, it - keeps the decrypted TGT, which indicates proof of the client's - identity. The TGT permits the client to obtain additional tickets, + its password. If the client successfully decrypts the TGT, it + keeps the decrypted TGT, which indicates proof of the client's + identity. The TGT permits the client to obtain additional tickets, which give permission for specific services. - Since Kerberos negotiates authenticated, and optionally encrypted, + Since Kerberos negotiates authenticated, and optionally encrypted, communications between two points anywhere on the internet, it provides a layer of security that is not dependent on which side of a firewall either client is on. - The Kerberos V5 package is designed to be easy to use. Most of the + The Kerberos V5 package is designed to be easy to use. Most of the commands are nearly identical to UNIX network programs you are already - used to. Kerberos V5 is a single-sign-on system, which means that you - have to type your password only once per session, and Kerberos does - the authenticating and encrypting transparently. + used to. Kerberos V5 is a single-sign-on system, which means that you + have to type your password only once per session, and Kerberos does + the authenticating and encrypting transparently. Jacques Vidrine <n@nectar.com> diff --git a/security/krb5-appl/pkg-descr b/security/krb5-appl/pkg-descr index f261a1cdf166..5ad320948b82 100644 --- a/security/krb5-appl/pkg-descr +++ b/security/krb5-appl/pkg-descr @@ -1,26 +1,26 @@ -Kerberos V5 is an authentication system developed at MIT. +Kerberos V5 is an authentication system developed at MIT. This package/port contains the applications which used to be in the MIT Kerberos distribution. WWW: http://web.mit.edu/kerberos/ Abridged from the User Guide: - Under Kerberos, a client sends a request for a ticket to the - Key Distribution Center (KDC). The KDC creates a ticket-granting - ticket (TGT) for the client, encrypts it using the client's - password as the key, and sends the encrypted TGT back to the + Under Kerberos, a client sends a request for a ticket to the + Key Distribution Center (KDC). The KDC creates a ticket-granting + ticket (TGT) for the client, encrypts it using the client's + password as the key, and sends the encrypted TGT back to the client. The client then attempts to decrypt the TGT, using - its password. If the client successfully decrypts the TGT, it - keeps the decrypted TGT, which indicates proof of the client's - identity. The TGT permits the client to obtain additional tickets, + its password. If the client successfully decrypts the TGT, it + keeps the decrypted TGT, which indicates proof of the client's + identity. The TGT permits the client to obtain additional tickets, which give permission for specific services. - Since Kerberos negotiates authenticated, and optionally encrypted, + Since Kerberos negotiates authenticated, and optionally encrypted, communications between two points anywhere on the internet, it provides a layer of security that is not dependent on which side of a firewall either client is on. - The Kerberos V5 package is designed to be easy to use. Most of the + The Kerberos V5 package is designed to be easy to use. Most of the commands are nearly identical to UNIX network programs you are already - used to. Kerberos V5 is a single-sign-on system, which means that you - have to type your password only once per session, and Kerberos does - the authenticating and encrypting transparently. + used to. Kerberos V5 is a single-sign-on system, which means that you + have to type your password only once per session, and Kerberos does + the authenticating and encrypting transparently. Jacques Vidrine <n@nectar.com> diff --git a/security/kripp/pkg-descr b/security/kripp/pkg-descr index f60b9f500cf7..4a690ef9de9b 100644 --- a/security/kripp/pkg-descr +++ b/security/kripp/pkg-descr @@ -1,6 +1,6 @@ KRIPP is a very simple and extremely lightweight network passwords sniffer written in Perl, which uses only the tcpdump utility as an -underlying traffic interceptor. Supported protocols are ICQ, POP3, +underlying traffic interceptor. Supported protocols are ICQ, POP3, FTP and HTTP. WWW: http://konst.org.ua/kripp diff --git a/security/libgringotts/pkg-descr b/security/libgringotts/pkg-descr index 6fc5fcd0e8ab..c65114c837ae 100644 --- a/security/libgringotts/pkg-descr +++ b/security/libgringotts/pkg-descr @@ -3,7 +3,7 @@ developed for Gringotts; its purpose is to encapsulate data (generic: ASCII, but also binary data) in an encrypted and compressed structure, to be written in a file or used elseway. It makes use of strong encryption algorithms, to ensure the data are as safe as possible, and allow the user to have the -complete control over all the algorithms used in the process. +complete control over all the algorithms used in the process. For encryptions, libGringotts makes use of the MCrypt and MHash libs by Nikos Mavroyanopoulos. diff --git a/security/libident/pkg-descr b/security/libident/pkg-descr index c4876fa449a0..f4de7a3d7b44 100644 --- a/security/libident/pkg-descr +++ b/security/libident/pkg-descr @@ -12,10 +12,10 @@ COMMENTS: This is the second stab at a small library to interface to the Ident protocol server. Maybe this will work correctly on some machines.. :-) - + The ident-tester.c file is a small daemon (to be started from Inetd) that does an ident lookup on you if you telnet into it. Can be used to verify that your Ident server is working correctly. - + I'm currently running this "ident-tester" on port 114 at lysator.liu.se (130.236.254.1) if you wish to test your server. diff --git a/security/libtasn1/pkg-descr b/security/libtasn1/pkg-descr index ab16342c4e6b..f66e351a7c7e 100644 --- a/security/libtasn1/pkg-descr +++ b/security/libtasn1/pkg-descr @@ -1,11 +1,11 @@ libtasn1 library was developed for ASN1 (Abstract Syntax Notation One) -structures management. +structures management. The main features of this library are: -- on-line ASN1 structure management that does not require any C code +- on-line ASN1 structure management that does not require any C code file generation; -- off-line ASN1 structure management with C code file generation +- off-line ASN1 structure management with C code file generation containing an array; - DER (Distinguish Encoding Rules) encoding; - no limits for INTEGER and ENUMERATED values diff --git a/security/luasec/pkg-descr b/security/luasec/pkg-descr index e35dd0496f2c..61040cc9240d 100644 --- a/security/luasec/pkg-descr +++ b/security/luasec/pkg-descr @@ -1,4 +1,4 @@ -LuaSec is a binding for OpenSSL library to provide TLS/SSL communication. This +LuaSec is a binding for OpenSSL library to provide TLS/SSL communication. This version delegates to LuaSocket the TCP connection establishment between the client and server. Then LuaSec uses this connection to start a secure TLS/SSL session. diff --git a/security/maia/pkg-descr b/security/maia/pkg-descr index a1a95b31c6c0..6096d679b00d 100644 --- a/security/maia/pkg-descr +++ b/security/maia/pkg-descr @@ -1,7 +1,7 @@ -Maia Mailguard is a web-based interface and management system based on the -popular amavisd-new e-mail scanner and SpamAssassin. Written in Perl and PHP, -Maia Mailguard gives end-users control over how their mail is processed by -virus scanners and spam filters, while giving mail administrators the power +Maia Mailguard is a web-based interface and management system based on the +popular amavisd-new e-mail scanner and SpamAssassin. Written in Perl and PHP, +Maia Mailguard gives end-users control over how their mail is processed by +virus scanners and spam filters, while giving mail administrators the power to configure site-wide defaults and limits. WWW: http://www.maiamailguard.com/ diff --git a/security/matrixssl/pkg-descr b/security/matrixssl/pkg-descr index feea6994205d..42907357df26 100644 --- a/security/matrixssl/pkg-descr +++ b/security/matrixssl/pkg-descr @@ -1,6 +1,6 @@ PeerSec Networks MatrixSSL is an embedded SSL implementation designed for small footprint applications and devices. PeerSec Networks offers a fully -supported, commercial version as well as an open source version that is +supported, commercial version as well as an open source version that is available for download. WWW: http://www.matrixssl.org/ diff --git a/security/md5deep/pkg-descr b/security/md5deep/pkg-descr index 4abdbba537d4..a15694e77ddd 100644 --- a/security/md5deep/pkg-descr +++ b/security/md5deep/pkg-descr @@ -1,8 +1,8 @@ -md5deep is a cross-platform set of programs to compute +md5deep is a cross-platform set of programs to compute various types of message digests on an arbitrary -number of files. The programs run on Windows, Linux, *BSD, +number of files. The programs run on Windows, Linux, *BSD, OS X, Solaris, and should run on most other platforms. -md5deep is similar to the md5sum program found in the +md5deep is similar to the md5sum program found in the GNU Coreutils package, but has many additional features. WWW: http://md5deep.sourceforge.net diff --git a/security/medusa/pkg-descr b/security/medusa/pkg-descr index 6a2a37565538..bddcb2e7239f 100644 --- a/security/medusa/pkg-descr +++ b/security/medusa/pkg-descr @@ -1,5 +1,5 @@ Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. The goal is to support as many services which allow remote -authentication as possible. +authentication as possible. WWW: http://www.foofus.net/jmk/medusa/medusa.html diff --git a/security/meek/pkg-descr b/security/meek/pkg-descr index 678d402116e1..a6ed2035bcec 100644 --- a/security/meek/pkg-descr +++ b/security/meek/pkg-descr @@ -1,6 +1,6 @@ Meek is a transport that uses HTTP for carrying bytes and TLS for obfuscation. Traffic is relayed through a third-party server (Google App Engine). It uses a trick to talk to the third party so that it looks like it is talking to an -unblocked server. +unblocked server. WWW: https://trac.torproject.org/projects/tor/wiki/doc/meek diff --git a/security/nessus-libnasl/pkg-descr b/security/nessus-libnasl/pkg-descr index 2a37b48b4e1f..a0d91f82873b 100644 --- a/security/nessus-libnasl/pkg-descr +++ b/security/nessus-libnasl/pkg-descr @@ -6,10 +6,10 @@ can not do anything nasty except performing a given security test against a given target. Thus, NASL allows you to easily forge IP packets, or to send regular packets. It provides you some convenient functions that will make the test of web and ftp server more easy to write. NASL -garantees you that a NASL script : +garantees you that a NASL script : - will not send any packet to a host other than the target host - will not execute any commands on your local system + will not send any packet to a host other than the target host + will not execute any commands on your local system NASL is not a powerful scripting language. Its purpose is to make scripts that are security tests. So, do not expect to write a third generation web diff --git a/security/nessus-plugins/pkg-descr b/security/nessus-plugins/pkg-descr index 3e1496be2199..69a68e183c3a 100644 --- a/security/nessus-plugins/pkg-descr +++ b/security/nessus-plugins/pkg-descr @@ -1,13 +1,13 @@ Nessus is a security scanner. That is, it's a program which will scan a given network and will seek for vulnerabilities which could be exploited -by some remote intruder. +by some remote intruder. -The Nessus Project was originally started by Renaud Deraison -(deraison@worldnet.fr). Many people contributed in many ways to the +The Nessus Project was originally started by Renaud Deraison +(deraison@worldnet.fr). Many people contributed in many ways to the project, and the Nessus core team is now made up of Alexis de Bernis -(alexisb@mygale.org), who is the Java specialist, Noam Rathaus +(alexisb@mygale.org), who is the Java specialist, Noam Rathaus (dolittle@isrealmail.com) who is in charge of the Nessus client for -Windows, and Renaud Deraison who is still here and who is the project -leader. +Windows, and Renaud Deraison who is still here and who is the project +leader. WWW: http://www.nessus.org/ diff --git a/security/opencdk/pkg-descr b/security/opencdk/pkg-descr index 3a8180e3bd89..e52ce9e47db5 100644 --- a/security/opencdk/pkg-descr +++ b/security/opencdk/pkg-descr @@ -11,5 +11,5 @@ or to sign/verify and packet routines. Hint: Because of the fact that sentensive data is used, the library doesn't contain any real cryptographic code. For all crypto routines we referring to the Libgcrypt library! - + WWW: http://www.gnutls.org/ diff --git a/security/opensaml2/pkg-descr b/security/opensaml2/pkg-descr index 9673c4147508..0695cd489160 100644 --- a/security/opensaml2/pkg-descr +++ b/security/opensaml2/pkg-descr @@ -1,4 +1,4 @@ -OpenSAML 2, a re-rewrite of OpenSAML 1, supports SAML 1.0, 1.1, 2.0 but is +OpenSAML 2, a re-rewrite of OpenSAML 1, supports SAML 1.0, 1.1, 2.0 but is not backwards compatible with OpenSAML 1. WWW: https://wiki.shibboleth.net/confluence/display/OpenSAML/Home diff --git a/security/openscep/pkg-descr b/security/openscep/pkg-descr index dfd57c161d24..1231ace23386 100644 --- a/security/openscep/pkg-descr +++ b/security/openscep/pkg-descr @@ -3,6 +3,6 @@ routers for certificate enrollment to build VPNs. It implements most of the draft specification. OpenSCEP includes a client and a server implementation, as well as some CGI -programs to simplify certificate and revocation list management. +programs to simplify certificate and revocation list management. WWW: http://openscep.othello.ch/ diff --git a/security/openssh-portable/pkg-descr b/security/openssh-portable/pkg-descr index 4aa11afe57fd..cf8408d34365 100644 --- a/security/openssh-portable/pkg-descr +++ b/security/openssh-portable/pkg-descr @@ -5,11 +5,11 @@ version for the OpenBSD project. The OpenSSH Portability Team takes that pure version and adds portability code so that OpenSSH can run on many other operating systems (Unfortunately, in particular since OpenSSH does authentication, it runs into a *lot* of differences between Unix operating -systems). +systems). The portable OpenSSH follows development of the official version, but releases are not synchronized. Portable releases are marked with a 'p' (e.g. 3.1p1). The official OpenBSD source will never use the 'p' suffix, but will instead -increment the version number when they hit 'stable spots' in their development. +increment the version number when they hit 'stable spots' in their development. WWW: http://www.openssh.org/portable.html diff --git a/security/openvpn-auth-ldap/pkg-descr b/security/openvpn-auth-ldap/pkg-descr index 2d64385b7a5b..d965158ad4e2 100644 --- a/security/openvpn-auth-ldap/pkg-descr +++ b/security/openvpn-auth-ldap/pkg-descr @@ -1,5 +1,5 @@ -The OpenVPN Auth-LDAP Plugin implements username/password authentication via -LDAP for OpenVPN 2.x. It also includes some integration with the OpenBSD +The OpenVPN Auth-LDAP Plugin implements username/password authentication via +LDAP for OpenVPN 2.x. It also includes some integration with the OpenBSD packet filter, supporting adding and removing VPN clients from PF tables. WWW: http://code.google.com/p/openvpn-auth-ldap/ diff --git a/security/openvpn-auth-radius/pkg-descr b/security/openvpn-auth-radius/pkg-descr index a59118ec8b5a..7286f96d8939 100644 --- a/security/openvpn-auth-radius/pkg-descr +++ b/security/openvpn-auth-radius/pkg-descr @@ -1,4 +1,4 @@ -The OpenVPN Radius Plugin provides RADIUS authentication +The OpenVPN Radius Plugin provides RADIUS authentication and accounting support for OpenVPN. WWW: http://www.nongnu.org/radiusplugin/index.html diff --git a/security/p5-Authen-PAAS/pkg-descr b/security/p5-Authen-PAAS/pkg-descr index 7fd623826758..19e53d5863a2 100644 --- a/security/p5-Authen-PAAS/pkg-descr +++ b/security/p5-Authen-PAAS/pkg-descr @@ -1,22 +1,22 @@ -The Authen::PAAS distribution provides a Perl API for authenticating and -authorizing users of computing services. Its design is inspired by -existing pluggable authentication services such as PAM and Java's JAAS, so -people familiar with those two services should be comfortable with the -concepts in Authen::PAAS. At its heart, Authen::PAAS provides a login -service, with pluggable modules for performing different authentication -schemes. The pluggable framework enables the system administrator, rather -than the application developer to define what method is used to +The Authen::PAAS distribution provides a Perl API for authenticating and +authorizing users of computing services. Its design is inspired by +existing pluggable authentication services such as PAM and Java's JAAS, so +people familiar with those two services should be comfortable with the +concepts in Authen::PAAS. At its heart, Authen::PAAS provides a login +service, with pluggable modules for performing different authentication +schemes. The pluggable framework enables the system administrator, rather +than the application developer to define what method is used to authentication with a particular application. -One might ask, why not just use PAM directly via the existing Authen::PAM -Perl bindings. While this works well for applications which wish to -authenticate against real UNIX user accounts (eg FTP, Telnet, SSH), it is -not particularly well suited to applications with 'virtualized' user -accounts. For example, a web application may maintain a set of virtual -user accounts in a database, or a chat server, may maintain a set of user -accounts in a text configuration file. Since it merely delegates through -to the underlying C libraries, the Authen::PAM module does not provide a -convenient means to write new authentication schemes in Perl. Thus the +One might ask, why not just use PAM directly via the existing Authen::PAM +Perl bindings. While this works well for applications which wish to +authenticate against real UNIX user accounts (eg FTP, Telnet, SSH), it is +not particularly well suited to applications with 'virtualized' user +accounts. For example, a web application may maintain a set of virtual +user accounts in a database, or a chat server, may maintain a set of user +accounts in a text configuration file. Since it merely delegates through +to the underlying C libraries, the Authen::PAM module does not provide a +convenient means to write new authentication schemes in Perl. Thus the Authen::PAAS distribution provides a pure Perl API for authentication. WWW: http://search.cpan.org/dist/Authen-PAAS/ diff --git a/security/p5-Authen-Ticket/pkg-descr b/security/p5-Authen-Ticket/pkg-descr index 6fbb3667caa7..78a0a3e98d79 100644 --- a/security/p5-Authen-Ticket/pkg-descr +++ b/security/p5-Authen-Ticket/pkg-descr @@ -1,5 +1,5 @@ -Authen::Ticket provides the framework for implementing a ticketing system -for web authentication. Both the client website and ticket server code +Authen::Ticket provides the framework for implementing a ticketing system +for web authentication. Both the client website and ticket server code can be constructed from Authen::Ticket. The framework allows for customization at all phases in the process. This includes not only the login screens, but the cookie creation and optional digital signature algorithm as well. Consult diff --git a/security/p5-Crypt-AppleTwoFish/pkg-descr b/security/p5-Crypt-AppleTwoFish/pkg-descr index 4cf2df76ce3d..4c67e611db0c 100644 --- a/security/p5-Crypt-AppleTwoFish/pkg-descr +++ b/security/p5-Crypt-AppleTwoFish/pkg-descr @@ -1,10 +1,10 @@ -This code appears to have only cursory resemblance to Bruce Schneier's +This code appears to have only cursory resemblance to Bruce Schneier's blowfish and twofish algorithms in that it too has a table-based decoder. -Derivation from FairKeys code by Jon Lech Johanson at nanocrew.net. +Derivation from FairKeys code by Jon Lech Johanson at nanocrew.net. If you don't know what that is, don't bother looking here further. This is -a Pure Perl implementation. I doubt there is any need for xs coding for -what would mainly be processing 16 bytes at a time. This code is part of an -ongoing effort to clone portions of the Apple iTMS in Perl for portability. +a Pure Perl implementation. I doubt there is any need for xs coding for +what would mainly be processing 16 bytes at a time. This code is part of an +ongoing effort to clone portions of the Apple iTMS in Perl for portability. See www.hymn-project.org for prior efforts by others. WWW: http://search.cpan.org/dist/Crypt-AppleTwoFish/ diff --git a/security/p5-Crypt-Dining/pkg-descr b/security/p5-Crypt-Dining/pkg-descr index 88e306076605..58b4957beaf0 100644 --- a/security/p5-Crypt-Dining/pkg-descr +++ b/security/p5-Crypt-Dining/pkg-descr @@ -1,19 +1,19 @@ -The dining cryptographers' protocol is documented in Bruce Schneier's book +The dining cryptographers' protocol is documented in Bruce Schneier's book as a kind of "cryptographic ouija board". It works as follows: -A number of cryptographers are dining at a circular table. At the end of -the meal, the waiter is summoned and asked for the bill. He replies, -"Thank you, sir. The bill has been paid." The cryptographers now have the -problem of working out whether someone at the table paid the bill, or -whether the NSA has paid it as some sort of veiled threat. The protocol +A number of cryptographers are dining at a circular table. At the end of +the meal, the waiter is summoned and asked for the bill. He replies, +"Thank you, sir. The bill has been paid." The cryptographers now have the +problem of working out whether someone at the table paid the bill, or +whether the NSA has paid it as some sort of veiled threat. The protocol proceeds. -Each cryptographer flips a coin, and shows the result ONLY to the -participant on his RIGHT. Each cryptographer then compares his coin with -that on his LEFT, and raises his hand if they show different faces. If any -participant paid the bill, he "cheats" and does the opposite, that is, he -raises his hand if the coins show the same face. Now, the hands are -counted. An odd number means that someone at the table paid the bill. An +Each cryptographer flips a coin, and shows the result ONLY to the +participant on his RIGHT. Each cryptographer then compares his coin with +that on his LEFT, and raises his hand if they show different faces. If any +participant paid the bill, he "cheats" and does the opposite, that is, he +raises his hand if the coins show the same face. Now, the hands are +counted. An odd number means that someone at the table paid the bill. An even number means that the NSA paid. WWW: http://search.cpan.org/dist/Crypt-Dining/ diff --git a/security/p5-Crypt-GOST_PP/pkg-descr b/security/p5-Crypt-GOST_PP/pkg-descr index a1ee45e1f4f9..1e46d1e4ac41 100644 --- a/security/p5-Crypt-GOST_PP/pkg-descr +++ b/security/p5-Crypt-GOST_PP/pkg-descr @@ -1,7 +1,7 @@ -Crypt::GOST_PP is a pure perl implementation of GOST, a 64-bit +Crypt::GOST_PP is a pure perl implementation of GOST, a 64-bit symmetrical block cipher with a 256-bit key from the former Soviet -Union. Please read the Pod documentation contained in the module -itself for additional information, including the rationale behind +Union. Please read the Pod documentation contained in the module +itself for additional information, including the rationale behind the writing of this module. WWW: http://search.cpan.org/dist/Crypt-GOST_PP/ diff --git a/security/p5-Crypt-HCE_MD5/pkg-descr b/security/p5-Crypt-HCE_MD5/pkg-descr index 828023fdb1fc..d61fd7041bc8 100644 --- a/security/p5-Crypt-HCE_MD5/pkg-descr +++ b/security/p5-Crypt-HCE_MD5/pkg-descr @@ -1,14 +1,14 @@ This module implements a chaining block cipher using a one way hash. This method of encryption is the same that is used by radius (RFC2138) and is also described in Applied -Cryptography. +Cryptography. Two interfaces are provided in the module. The first is straight block encryption/decryption the second does base64 -mime encoding/decoding of the encrypted/decrypted blocks. +mime encoding/decoding of the encrypted/decrypted blocks. The idea is the two sides have a shared secret that supplies one of the keys and a randomly generated block of bytes provides the second key. The random key is passed in -cleartext between the two sides. +cleartext between the two sides. An example client and server are packaged as modules with this module. They are used in the tests. diff --git a/security/p5-Crypt-HCE_SHA/pkg-descr b/security/p5-Crypt-HCE_SHA/pkg-descr index 17d4e2486c69..83f4b60cb27a 100644 --- a/security/p5-Crypt-HCE_SHA/pkg-descr +++ b/security/p5-Crypt-HCE_SHA/pkg-descr @@ -2,15 +2,15 @@ way hash. This method of encryption is the same that is used by radius (RFC2138) and is also described in Applied Cryptography. - + Two interfaces are provided in the module. The first is straight block encryption/decryption the second does base64 mime encoding/decoding of the encrypted/decrypted blocks. - + The idea is that the two sides have a shared secret that supplies one of the keys and a randomly generated block of bytes provides the second key. The random key is passed in cleartext between the two sides. - + An example client and server are packaged as modules with this module. They are used in the tests. diff --git a/security/p5-Crypt-NULL/pkg-descr b/security/p5-Crypt-NULL/pkg-descr index 5c8c7f9d151b..3bb76373a849 100644 --- a/security/p5-Crypt-NULL/pkg-descr +++ b/security/p5-Crypt-NULL/pkg-descr @@ -1,7 +1,7 @@ This is Crypt::NULL. Perl module for NULL Encryption Algorithm. The NULL Encryption Algorithm is a symmetric block cipher described in -RFC 2410 by Rob Glenn and Stephen Kent. +RFC 2410 by Rob Glenn and Stephen Kent. This module implements NULL encryption. It supports the Crypt::CBC. diff --git a/security/p5-Crypt-OpenSSL-AES/pkg-descr b/security/p5-Crypt-OpenSSL-AES/pkg-descr index 5ee7bb51dfa9..9a4493a800cd 100644 --- a/security/p5-Crypt-OpenSSL-AES/pkg-descr +++ b/security/p5-Crypt-OpenSSL-AES/pkg-descr @@ -1,4 +1,4 @@ -The Crypt::OpenSSL::AES module implements a wrapper around +The Crypt::OpenSSL::AES module implements a wrapper around OpenSSL's AES (Rijndael) library. WWW: http://search.cpan.org/dist/Crypt-OpenSSL-AES/ diff --git a/security/p5-Crypt-OpenSSL-X509/pkg-descr b/security/p5-Crypt-OpenSSL-X509/pkg-descr index be26db546195..4628a51c98a0 100644 --- a/security/p5-Crypt-OpenSSL-X509/pkg-descr +++ b/security/p5-Crypt-OpenSSL-X509/pkg-descr @@ -1,9 +1,9 @@ This implement a large majority of OpenSSL's useful X509 API. The email() method supports both certificates where the - subject is of the form: - "... CN=Firstname lastname/emailAddress=user@domain", and also - certificates where there is a X509v3 Extension of the form + subject is of the form: + "... CN=Firstname lastname/emailAddress=user@domain", and also + certificates where there is a X509v3 Extension of the form "X509v3 Subject Alternative Name: email=user@domain". WWW: http://search.cpan.org/dist/Crypt-OpenSSL-X509/ diff --git a/security/p5-Crypt-xDBM_File/pkg-descr b/security/p5-Crypt-xDBM_File/pkg-descr index 3a69da6d1e94..c51edec91c1f 100644 --- a/security/p5-Crypt-xDBM_File/pkg-descr +++ b/security/p5-Crypt-xDBM_File/pkg-descr @@ -1,16 +1,16 @@ -Crypt::xDBM_File encrypts/decrypts the data in a gdbm, ndbm, sdbm (and -maybe even berkeleyDB, but I didn't test that) file. It gets tied to a -hash and you just access the hash like normal. The crypt function can -be any of the CPAN modules that use encrypt, decrypt, keysize, blocksize +Crypt::xDBM_File encrypts/decrypts the data in a gdbm, ndbm, sdbm (and +maybe even berkeleyDB, but I didn't test that) file. It gets tied to a +hash and you just access the hash like normal. The crypt function can +be any of the CPAN modules that use encrypt, decrypt, keysize, blocksize (so Crypt::IDEA, Crypt::DES, Crypt::Blowfish, ... should all work) -***IMPORTANT*** Encryption keys (the key you pass in on the tie line) -will be padded or truncated to fit the keysize(). Data (the key/values of -the hash) is padded to fill complete blocks of blocksize(). +***IMPORTANT*** Encryption keys (the key you pass in on the tie line) +will be padded or truncated to fit the keysize(). Data (the key/values of +the hash) is padded to fill complete blocks of blocksize(). -The padding is stripped before being returned to the user so you shouldn't -need to worry about it (except truncated keys). Read the doc that comes -with crypt function to get an idea of what these sizes are. If keysize +The padding is stripped before being returned to the user so you shouldn't +need to worry about it (except truncated keys). Read the doc that comes +with crypt function to get an idea of what these sizes are. If keysize or blocksize returns a zero the default is set to 8 bytes (64 bits). WWW: http://search.cpan.org/dist/Crypt-xDBM_File/ diff --git a/security/p5-Digest-BubbleBabble/pkg-descr b/security/p5-Digest-BubbleBabble/pkg-descr index a071ac261c72..135d51ec9168 100644 --- a/security/p5-Digest-BubbleBabble/pkg-descr +++ b/security/p5-Digest-BubbleBabble/pkg-descr @@ -5,7 +5,7 @@ Bubble babble is a method of representing a message digest as a string of "real" words, to make the fingerprint easier to remember. The "words" are not necessarily real words, but they look more like words than a string of hex characters. - + Bubble babble fingerprinting is used by the SSH2 suite (and, consequently, by Net::SSH::Perl, the Perl SSH implementation) to display easy-to-remember key fingerprints. diff --git a/security/p5-Digest-Nilsimsa/pkg-descr b/security/p5-Digest-Nilsimsa/pkg-descr index 61c929438005..37af21579dc0 100644 --- a/security/p5-Digest-Nilsimsa/pkg-descr +++ b/security/p5-Digest-Nilsimsa/pkg-descr @@ -1,5 +1,5 @@ A nilsimsa signature is a statistic of n-gram occurrence in a piece of text. It is a 256 bit value usually represented in hex. This module is a wrapper -around nilsimsa implementation in C by cmeclax. +around nilsimsa implementation in C by cmeclax. WWW: http://search.cpan.org/dist/Digest-Nilsimsa/ diff --git a/security/p5-Net-OpenID-JanRain/pkg-descr b/security/p5-Net-OpenID-JanRain/pkg-descr index 5c9b29e741ba..85994a1de578 100644 --- a/security/p5-Net-OpenID-JanRain/pkg-descr +++ b/security/p5-Net-OpenID-JanRain/pkg-descr @@ -4,7 +4,7 @@ or goes out of business. An OpenID identity is just a URL. You can have multiple identities in the same way you can have multiple URLs. All OpenID does is provide a -way to prove that you own a URL (identity). +way to prove that you own a URL (identity). Anybody can run their own site using OpenID, and anybody can be an OpenID server, and they all work with each other without having to diff --git a/security/p5-Net-OpenID-Server/pkg-descr b/security/p5-Net-OpenID-Server/pkg-descr index c1b15b22663b..dd84604b80a9 100644 --- a/security/p5-Net-OpenID-Server/pkg-descr +++ b/security/p5-Net-OpenID-Server/pkg-descr @@ -4,7 +4,7 @@ or goes out of business. An OpenID identity is just a URL. You can have multiple identities in the same way you can have multiple URLs. All OpenID does is provide a -way to prove that you own a URL (identity). +way to prove that you own a URL (identity). Anybody can run their own site using OpenID, and anybody can be an OpenID server, and they all work with each other without having to diff --git a/security/p5-Net-SSLeay/pkg-descr b/security/p5-Net-SSLeay/pkg-descr index 2197e01531a4..20734384d0da 100644 --- a/security/p5-Net-SSLeay/pkg-descr +++ b/security/p5-Net-SSLeay/pkg-descr @@ -1,4 +1,4 @@ -This module offers +This module offers - some high level convenience functions for accessing web pages on SSL servers - a sslcat() function for writing your own clients diff --git a/security/p5-String-MkPasswd/pkg-descr b/security/p5-String-MkPasswd/pkg-descr index 9a1c98973ab0..428375135792 100644 --- a/security/p5-String-MkPasswd/pkg-descr +++ b/security/p5-String-MkPasswd/pkg-descr @@ -1,5 +1,5 @@ This Perl library defines a single function, mkpasswd(), to generate -random passwords. The function is meant to be a simple way for +random passwords. The function is meant to be a simple way for developers and system administrators to easily generate a relatively secure password. diff --git a/security/p5-Text-Password-Pronounceable/pkg-descr b/security/p5-Text-Password-Pronounceable/pkg-descr index 6c779818e636..571ce1b29233 100644 --- a/security/p5-Text-Password-Pronounceable/pkg-descr +++ b/security/p5-Text-Password-Pronounceable/pkg-descr @@ -1,6 +1,6 @@ Text::Password::Pronounceable - Generate pronounceable passwords -This module generates pronuceable passwords, based the +This module generates pronuceable passwords, based the English digraphs by D Edwards. WWW: http://search.cpan.org/dist/Text-Password-Pronounceable/ diff --git a/security/p5-openxpki-i18n/pkg-descr b/security/p5-openxpki-i18n/pkg-descr index 5cba1bc18a80..36d72ff1807c 100644 --- a/security/p5-openxpki-i18n/pkg-descr +++ b/security/p5-openxpki-i18n/pkg-descr @@ -1,4 +1,4 @@ -Translation files for +Translation files for security/p5-openxpki diff --git a/security/pam_google_authenticator/pkg-descr b/security/pam_google_authenticator/pkg-descr index 7b1e31d52cfa..f0dac3797f79 100644 --- a/security/pam_google_authenticator/pkg-descr +++ b/security/pam_google_authenticator/pkg-descr @@ -1,4 +1,4 @@ -The PAM module can add a two-factor authentication +The PAM module can add a two-factor authentication step to any PAM-enabled application. WWW: http://code.google.com/p/google-authenticator/ diff --git a/security/pcsc-tools/pkg-descr b/security/pcsc-tools/pkg-descr index f30145504943..5f3b3adf9dcd 100644 --- a/security/pcsc-tools/pkg-descr +++ b/security/pcsc-tools/pkg-descr @@ -1,4 +1,4 @@ -These tools are used to test a PC/SC driver, card or reader or send commands +These tools are used to test a PC/SC driver, card or reader or send commands in a friendly environment (text or graphical user interface). WWW: http://ludovic.rousseau.free.fr/softwares/pcsc-tools/ diff --git a/security/pear-Auth_OpenID/pkg-descr b/security/pear-Auth_OpenID/pkg-descr index e4c6d5aa24a5..46758cdd3350 100644 --- a/security/pear-Auth_OpenID/pkg-descr +++ b/security/pear-Auth_OpenID/pkg-descr @@ -1,5 +1,5 @@ -The PHP OpenID library lets you enable OpenID authentication on sites built -using PHP. It features the OpenID consumer, Store implementations, and an +The PHP OpenID library lets you enable OpenID authentication on sites built +using PHP. It features the OpenID consumer, Store implementations, and an OpenID server. WWW: http://openidenabled.com/php-openid/ diff --git a/security/pecl-tcpwrap/pkg-descr b/security/pecl-tcpwrap/pkg-descr index b7f1c38f8eae..5430daabcf1e 100644 --- a/security/pecl-tcpwrap/pkg-descr +++ b/security/pecl-tcpwrap/pkg-descr @@ -1,4 +1,4 @@ -This tcpwrap extension for PHP handles /etc/hosts.allow +This tcpwrap extension for PHP handles /etc/hosts.allow and /etc/hosts.deny files. WWW: http://pecl.php.net/package/tcpwrap/ diff --git a/security/pgpgpg/pkg-descr b/security/pgpgpg/pkg-descr index 83d9a9fe07e2..eb4ce38ebaa9 100644 --- a/security/pgpgpg/pkg-descr +++ b/security/pgpgpg/pkg-descr @@ -1,5 +1,5 @@ pgpgpg is a wrapper around Gnu Privacy Guard which takes PGP 2.6 -command line options, translates them, and calls GnuPG (Gnu Privacy +command line options, translates them, and calls GnuPG (Gnu Privacy Guard) to perform the desired action. WWW: http://www.nessie.de/mroth/pgpgpg/ diff --git a/security/pidgin-otr/pkg-descr b/security/pidgin-otr/pkg-descr index 3c6c9a770f66..4fb669987d01 100644 --- a/security/pidgin-otr/pkg-descr +++ b/security/pidgin-otr/pkg-descr @@ -1,18 +1,18 @@ -Off-the-Record (OTR) Messaging allows you to have private +Off-the-Record (OTR) Messaging allows you to have private conversations over instant messaging by providing: * Encryption No one else can read your instant messages. * Authentication - You are assured the correspondent is who you think it is. + You are assured the correspondent is who you think it is. * Deniability The messages you send do not have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is - assured the messages he sees are authentic and unmodified. + assured the messages he sees are authentic and unmodified. * Perfect forward secrecy - If you lose control of your private keys, no previous + If you lose control of your private keys, no previous conversation is compromised. WWW: http://www.cypherpunks.ca/otr/ diff --git a/security/pixiewps/pkg-descr b/security/pixiewps/pkg-descr index e230a226759b..98eadb250328 100644 --- a/security/pixiewps/pkg-descr +++ b/security/pixiewps/pkg-descr @@ -1,6 +1,6 @@ Pixiewps is a tool written in C used to bruteforce offline the WPS pin exploiting the low or non-existing entropy of some APs (pixie dust attack). -It is meant for educational purposes only. +It is meant for educational purposes only. All credits for the research go to Dominique Bongard. WWW: https://github.com/wiire/pixiewps diff --git a/security/pkcrack/pkg-descr b/security/pkcrack/pkg-descr index 930281756312..c7a9673c6fef 100644 --- a/security/pkcrack/pkg-descr +++ b/security/pkcrack/pkg-descr @@ -16,6 +16,6 @@ the plaintext think of the following situations: you can recover the password and decrypt the other files. - You need to know only a part of the plaintext (at least 13 bytes). Many files have commonly known headers, like DOS .EXE-files. Knowing a reasonably long - header you can recover the password and decrypt the entire file. + header you can recover the password and decrypt the entire file. WWW: http://www.unix-ag.uni-kl.de/~conrad/krypto/pkcrack.html diff --git a/security/pks/pkg-descr b/security/pks/pkg-descr index 688a67eb4482..4c88a2ef2c24 100644 --- a/security/pks/pkg-descr +++ b/security/pks/pkg-descr @@ -1,4 +1,4 @@ -This program implements a standard PGP Key Server, which can be assumed +This program implements a standard PGP Key Server, which can be assumed to be in addition to the public key server at MIT. WWW: http://www.mit.edu/people/marc/pks/ diff --git a/security/portsentry/pkg-descr b/security/portsentry/pkg-descr index 5bb09a4eb00b..134f2f199d80 100644 --- a/security/portsentry/pkg-descr +++ b/security/portsentry/pkg-descr @@ -1,5 +1,5 @@ -PortSentry is part of the Abacus Project suite of security tools. -It is a program designed to detect and respond to port scans against -a target host in real-time. There are other port scan detectors that -perform similar detection of scans, but PortSentry has some unique +PortSentry is part of the Abacus Project suite of security tools. +It is a program designed to detect and respond to port scans against +a target host in real-time. There are other port scan detectors that +perform similar detection of scans, but PortSentry has some unique features that may make it worth looking into. diff --git a/security/ppars/pkg-descr b/security/ppars/pkg-descr index c0722c21ebb7..fe9b61b19033 100644 --- a/security/ppars/pkg-descr +++ b/security/ppars/pkg-descr @@ -1,21 +1,21 @@ Welcome to the Proactive Abuse Reporting System. -In an effort to be proactive in doing my part to stop the massive -quantities of internet traffic probing for open ports or more -specifically the probing for known ports that Windows spy ware, -Trojans, and what ever other Windows ports are commonly probed -which result in increasing my bandwidth usage changes, I wrote this -perl application for reporting that abuse to the senders ISP, with -the hopes they will monitor the abuser and terminate the abuser's +In an effort to be proactive in doing my part to stop the massive +quantities of internet traffic probing for open ports or more +specifically the probing for known ports that Windows spy ware, +Trojans, and what ever other Windows ports are commonly probed +which result in increasing my bandwidth usage changes, I wrote this +perl application for reporting that abuse to the senders ISP, with +the hopes they will monitor the abuser and terminate the abuser's internet account and or take legal action. -Script is installed into /usr/local/sbin where you can edit the +Script is installed into /usr/local/sbin where you can edit the defaults to meet your requirements. Issue rehash command to enable. Run abuse.Reporting.system.pl script for complete overview description of system. 6/1/2004 Author: Joe Barbish, I bequeath these perl scripts to public -domain. It can be copied and distributed for free by anyone to anyone +domain. It can be copied and distributed for free by anyone to anyone by any manner. WWW: http://www.dshield.org/linux_clients.php#freebsd diff --git a/security/proftpd-mod_clamav/pkg-descr b/security/proftpd-mod_clamav/pkg-descr index 7ac6d796fb69..7730c41a175b 100644 --- a/security/proftpd-mod_clamav/pkg-descr +++ b/security/proftpd-mod_clamav/pkg-descr @@ -1,3 +1,3 @@ ProFTPD module mod_clamav -WWW: https://github.com/jbenden/mod_clamav +WWW: https://github.com/jbenden/mod_clamav diff --git a/security/pssh/pkg-descr b/security/pssh/pkg-descr index bbe89f2ede7a..8f1131da1ddd 100644 --- a/security/pssh/pkg-descr +++ b/security/pssh/pkg-descr @@ -1,11 +1,11 @@ This package provides parallel versions of the openssh tools. Included -in the distribution: +in the distribution: - - Parallel ssh (pssh) - - Parallel scp (pscp) - - Parallel rsync (prsync) - - Parallel nuke (pnuke) - - Parallel slurp (pslurp) + - Parallel ssh (pssh) + - Parallel scp (pscp) + - Parallel rsync (prsync) + - Parallel nuke (pnuke) + - Parallel slurp (pslurp) What are these tools good for? Mainly for controlling large collections of nodes in the wide-area. diff --git a/security/py-clamav/pkg-descr b/security/py-clamav/pkg-descr index 49ca29c0af5c..bc3ef7c85411 100644 --- a/security/py-clamav/pkg-descr +++ b/security/py-clamav/pkg-descr @@ -1,8 +1,8 @@ -pyClamAV is a python binding to libclamav written +pyClamAV is a python binding to libclamav written in C. -By using pyClamAV, you can add virus detection -capabilities to your python software in an efficient +By using pyClamAV, you can add virus detection +capabilities to your python software in an efficient and easy way. WWW: http://xael.org/norman/python/pyclamav/ diff --git a/security/py-crits/pkg-descr b/security/py-crits/pkg-descr index 44ee79d629f5..d3a4f0d526a4 100644 --- a/security/py-crits/pkg-descr +++ b/security/py-crits/pkg-descr @@ -1,7 +1,7 @@ CRITs is a web-based tool which combines an analytic engine with a cyber threat database that not only serves as a repository for attack data and malware, but also provides analysts with a powerful platform for conducting malware -analyses, correlating malware, and for targeting data. These analyses and +analyses, correlating malware, and for targeting data. These analyses and correlations can also be saved and exploited within CRITs. CRITs employs a simple but very useful hierarchy to structure cyber threat information. This structure gives analysts the power to 'pivot' on metadata to discover diff --git a/security/py-fchksum/pkg-descr b/security/py-fchksum/pkg-descr index aff9600176b1..dff3a7fc8682 100644 --- a/security/py-fchksum/pkg-descr +++ b/security/py-fchksum/pkg-descr @@ -1,5 +1,5 @@ fchksum is a Python module to find the checksum of files. Currently it -supports crc32 and md5 checksums. +supports crc32 and md5 checksums. The advantage of using fchksum over the python md5 and zlib(.crc32) modules is both ease of use and speed. You only need to tell it the filename and the diff --git a/security/py-tlslite/pkg-descr b/security/py-tlslite/pkg-descr index 5423ef391927..7404e7ca4f81 100644 --- a/security/py-tlslite/pkg-descr +++ b/security/py-tlslite/pkg-descr @@ -1,8 +1,8 @@ -TLS Lite is a free python library that implements SSL 3.0, TLS 1.0, and TLS -1.1. TLS Lite supports non-traditional authentication methods such as SRP, -shared keys, and cryptoIDs in addition to X.509 certificates. TLS Lite is pure -Python, however it can access OpenSSL, cryptlib, pycrypto, and GMPY for faster -crypto operations. TLS Lite integrates with httplib, xmlrpclib, poplib, -imaplib, smtplib, SocketServer, asyncore, and Twisted. +TLS Lite is a free python library that implements SSL 3.0, TLS 1.0, and TLS +1.1. TLS Lite supports non-traditional authentication methods such as SRP, +shared keys, and cryptoIDs in addition to X.509 certificates. TLS Lite is pure +Python, however it can access OpenSSL, cryptlib, pycrypto, and GMPY for faster +crypto operations. TLS Lite integrates with httplib, xmlrpclib, poplib, +imaplib, smtplib, SocketServer, asyncore, and Twisted. WWW: http://trevp.net/tlslite/ diff --git a/security/py-trustedpickle/pkg-descr b/security/py-trustedpickle/pkg-descr index 929ae9bf5b82..a6bbc41a6086 100644 --- a/security/py-trustedpickle/pkg-descr +++ b/security/py-trustedpickle/pkg-descr @@ -1,7 +1,7 @@ TrustedPickle is a Python module that can save most any arbitrary Python object in a signed pickle file. There are two big differences between this module and - the standard pickle module. First, TrustedPickle can pickle a module, but the -standard pickle module cannot. Second, TrustedPickle includes a signature that + the standard pickle module. First, TrustedPickle can pickle a module, but the +standard pickle module cannot. Second, TrustedPickle includes a signature that can verify the data's origin before the data is unpickled. WWW: http://trustedpickle.sourceforge.net/index.html diff --git a/security/py-twistedConch/pkg-descr b/security/py-twistedConch/pkg-descr index 70cd97358782..aa28b57e3d84 100644 --- a/security/py-twistedConch/pkg-descr +++ b/security/py-twistedConch/pkg-descr @@ -1,10 +1,10 @@ -Twisted Conch is an SSHv2 implementation written in Python. SSH is a protocol -designed to allow remote access to shells and commands, but it is generic -enough to allow everything from TCP forwarding to generic filesystem access. +Twisted Conch is an SSHv2 implementation written in Python. SSH is a protocol +designed to allow remote access to shells and commands, but it is generic +enough to allow everything from TCP forwarding to generic filesystem access. Since conch is written in Python, it interfaces well with other Python projects, such as Imagination. Conch also includes a implementations of the telnet and vt102 protocols, as well as support for rudamentary line editing behaviors. A new implementation of Twisted's Manhole application is also -included, featuring server-side input history and interactive syntax coloring. +included, featuring server-side input history and interactive syntax coloring. WWW: http://twistedmatrix.com/ diff --git a/security/py-twofish/pkg-descr b/security/py-twofish/pkg-descr index 87f46522fcf1..c17d839dfe87 100644 --- a/security/py-twofish/pkg-descr +++ b/security/py-twofish/pkg-descr @@ -1,5 +1,5 @@ A pure python implementation of the Rijndael encryption algorithm. Useful for quick string encryption in python programs but probably is not fast enough for -anything too big. +anything too big. WWW: http://sourceforge.net/projects/twofish-py/ diff --git a/security/racoon2/pkg-descr b/security/racoon2/pkg-descr index e2ad4fe034aa..acf3c734b7f9 100644 --- a/security/racoon2/pkg-descr +++ b/security/racoon2/pkg-descr @@ -11,7 +11,7 @@ Currently the system supports the following specification: PF_KEY Key Management API, Version 2 RFC2367 - + The Internet Key Exchange (IKE) RFC2409 diff --git a/security/ranpwd/pkg-descr b/security/ranpwd/pkg-descr index a46eae4ecfa9..095685d13fd7 100644 --- a/security/ranpwd/pkg-descr +++ b/security/ranpwd/pkg-descr @@ -1,5 +1,5 @@ ranpwd uses /dev/random or /dev/urandom to generate cryptographically secure -passwords. +passwords. Generated passwords may consist of any specified length and any combination of upper- or lower-case alphanumeric characters or punctuation. ranpwd can also diff --git a/security/retranslator/pkg-descr b/security/retranslator/pkg-descr index d3ea936846d2..9eb284517f35 100644 --- a/security/retranslator/pkg-descr +++ b/security/retranslator/pkg-descr @@ -1,5 +1,5 @@ The update utility is designed to download and save updates and modules -of the Kaspersky Lab's applications into a separate folder. +of the Kaspersky Lab's applications into a separate folder. With the help of the utility you can download updates for selected Kaspersky Lab's applications installed either in your network or at diff --git a/security/rubygem-net-scp/pkg-descr b/security/rubygem-net-scp/pkg-descr index c42d8e297dbe..4a75e84dbfde 100644 --- a/security/rubygem-net-scp/pkg-descr +++ b/security/rubygem-net-scp/pkg-descr @@ -1,5 +1,5 @@ Net::SCP is a pure-Ruby implementation of the SCP protocol. This operates over -SSH (and requires the Net::SSH library), and allows files and directory trees +SSH (and requires the Net::SSH library), and allows files and directory trees to copied to and from a remote server. * Transfer files or entire directory trees to or from a remote host via SCP diff --git a/security/rubygem-net-ssh-gateway/pkg-descr b/security/rubygem-net-ssh-gateway/pkg-descr index a91076ebcc49..714b605d5015 100644 --- a/security/rubygem-net-ssh-gateway/pkg-descr +++ b/security/rubygem-net-ssh-gateway/pkg-descr @@ -1,6 +1,6 @@ -Net::SSH::Gateway is a library for programmatically tunneling connections to -servers via a single "gateway" host. It is useful for establishing Net::SSH -connections to servers behind firewalls, but can also be used to forward ports +Net::SSH::Gateway is a library for programmatically tunneling connections to +servers via a single "gateway" host. It is useful for establishing Net::SSH +connections to servers behind firewalls, but can also be used to forward ports and establish connections of other types, like HTTP, to servers with i restricted access. diff --git a/security/rubygem-origami/pkg-descr b/security/rubygem-origami/pkg-descr index 1f87ecf89792..81b4a8b8722f 100644 --- a/security/rubygem-origami/pkg-descr +++ b/security/rubygem-origami/pkg-descr @@ -1,12 +1,12 @@ Origami is NOT a PDF rendering library. It aims at providing a scripting tool to generate and analyze malicious PDF files. As well, it can be used to create on-the-fly customized PDFs, or to inject (evil) code into already existing -documents. -- Create PDF documents from scratch. -- Parse existing documents, modify them and recompile them. +documents. +- Create PDF documents from scratch. +- Parse existing documents, modify them and recompile them. - Explore documents at the object level, going deep into the document structure, uncompressing PDF object streams and desobfuscating names and - strings. + strings. - High-level operations, such as encryption/decryption, signature, file attachments... - A GTK interface to quickly browse into the document contents. diff --git a/security/sancp/pkg-descr b/security/sancp/pkg-descr index 6150d36c4d24..37815af2ffce 100644 --- a/security/sancp/pkg-descr +++ b/security/sancp/pkg-descr @@ -1,14 +1,14 @@ -Sancp is a network security tool designed to collect -statistical information regarding network traffic, as -well as, collect the traffic itself in pcap format, all -for the purpose of: auditing, historical analysis, and -network activity discovery. Rules can be used to distinguish -normal from abnormal traffic and support tagging connections -with: rule id, node id, and status id. From an intrusion -detection standpoint, every connection is an event that must -be validated through some means. Sancp uses rules to identify, -record, and tag traffic of interest. 'Tagging' a connection -is a new feature since v1.4.0 Connections ('stats') can be -loaded into a database for further analysis. +Sancp is a network security tool designed to collect +statistical information regarding network traffic, as +well as, collect the traffic itself in pcap format, all +for the purpose of: auditing, historical analysis, and +network activity discovery. Rules can be used to distinguish +normal from abnormal traffic and support tagging connections +with: rule id, node id, and status id. From an intrusion +detection standpoint, every connection is an event that must +be validated through some means. Sancp uses rules to identify, +record, and tag traffic of interest. 'Tagging' a connection +is a new feature since v1.4.0 Connections ('stats') can be +loaded into a database for further analysis. WWW: http://www.metre.net/sancp.html diff --git a/security/scanlogd/pkg-descr b/security/scanlogd/pkg-descr index 7f3fc5db8e59..3dbdf916c8e5 100644 --- a/security/scanlogd/pkg-descr +++ b/security/scanlogd/pkg-descr @@ -1,6 +1,6 @@ -scanlogd is a TCP port scan detection tool, originally designed to illustrate -various attacks an IDS developer has to deal with. Unlike some of the other -port scan detection tools out there, scanlogd is designed to be totally safe +scanlogd is a TCP port scan detection tool, originally designed to illustrate +various attacks an IDS developer has to deal with. Unlike some of the other +port scan detection tools out there, scanlogd is designed to be totally safe to use. WWW: http://openwall.com/scanlogd/ diff --git a/security/silktools/pkg-descr b/security/silktools/pkg-descr index 5290def87736..1a26641e5e6f 100644 --- a/security/silktools/pkg-descr +++ b/security/silktools/pkg-descr @@ -3,6 +3,6 @@ netflow tools developed by the CERT/NetSA (Network Situational Awareness) Team to facilitate security analysis in large networks. SiLK consists of a suite of tools which collect and examine netflow -data, allowing analysts to rapidly query large sets of data. +data, allowing analysts to rapidly query large sets of data. WWW: http://tools.netsa.cert.org/silk/ diff --git a/security/slush/pkg-descr b/security/slush/pkg-descr index d67e006bb128..29b4f72e5ad4 100644 --- a/security/slush/pkg-descr +++ b/security/slush/pkg-descr @@ -1,6 +1,6 @@ slush - SSL remote shell -slush is a simple telnet-like application which communicates over a +slush is a simple telnet-like application which communicates over a secure SSL channel. It uses X509 certificates for authentication and can be compiled with TCP wrappers support (service name "slushd"). diff --git a/security/snort/pkg-descr b/security/snort/pkg-descr index 411db18aef54..ca53f84a328b 100644 --- a/security/snort/pkg-descr +++ b/security/snort/pkg-descr @@ -1,8 +1,8 @@ -Snort is a libpcap-based packet sniffer/logger which can be used as a +Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging -and can perform content searching/matching in addition to being used to detect +and can perform content searching/matching in addition to being used to detect a variety of other attacks and probes, such as buffer overflows, stealth port -scans, CGI attacks, SMB probes, and much more. Snort has a real-time alerting +scans, CGI attacks, SMB probes, and much more. Snort has a real-time alerting capability, with alerts being sent to syslog, a separate "alert" file, or even to a Windows computer via Samba. @@ -11,11 +11,11 @@ based upon the IP address of the remote peer. This allows Snort to be used as a sort of "poor man's intrusion detection system" if you specify what traffic you want to record and what to let through. -For instance, I use it to record traffic of interest to the six computers in -my office at work while I'm away on travel or gone for the weekend. It's -also nice for debugging network code since it shows you most of the Important +For instance, I use it to record traffic of interest to the six computers in +my office at work while I'm away on travel or gone for the weekend. It's +also nice for debugging network code since it shows you most of the Important Stuff(TM) about your packets (as I see it anyway). The code is pretty easy -to modify to provide more complete packet decoding, so feel free to make +to modify to provide more complete packet decoding, so feel free to make suggestions. WWW: http://www.snort.org/ diff --git a/security/sshit/pkg-descr b/security/sshit/pkg-descr index aed2ed154601..9f6db2079a3b 100644 --- a/security/sshit/pkg-descr +++ b/security/sshit/pkg-descr @@ -1,7 +1,7 @@ sshit is a perl script, which works along with ipfw, ipfw2, and pf. It parses the output of syslogd, find out SSH/FTP bruteforce attacks. If the number of failed login is more than a threshold that administarator -set, sshit will block the source IP via firewall for a while -(administrators can set the period of blocking). +set, sshit will block the source IP via firewall for a while +(administrators can set the period of blocking). WWW: http://anp.ath.cx/sshit/ diff --git a/security/sshpass/pkg-descr b/security/sshpass/pkg-descr index 4be9b3e72ff5..2584e7286111 100644 --- a/security/sshpass/pkg-descr +++ b/security/sshpass/pkg-descr @@ -1,5 +1,5 @@ Sshpass is a tool for non-interactively performing password authentication -with SSH's so called "interactive keyboard password authentication". +with SSH's so called "interactive keyboard password authentication". Most user should use SSH's more secure public key authentication instead. WWW: http://sourceforge.net/projects/sshpass/ diff --git a/security/subversion-gnome-keyring/pkg-descr b/security/subversion-gnome-keyring/pkg-descr index 396062d2c91e..2da38f0dccc2 100644 --- a/security/subversion-gnome-keyring/pkg-descr +++ b/security/subversion-gnome-keyring/pkg-descr @@ -1,4 +1,4 @@ -Subversion is a version control system designed to be as similar to cvs(1) +Subversion is a version control system designed to be as similar to cvs(1) as possible, while fixing many outstanding problems with cvs(1). This port adds Gnome Keyring support to Subversion. diff --git a/security/subversion-kwallet/pkg-descr b/security/subversion-kwallet/pkg-descr index b3fc023e11d8..356a6a43a6de 100644 --- a/security/subversion-kwallet/pkg-descr +++ b/security/subversion-kwallet/pkg-descr @@ -1,4 +1,4 @@ -Subversion is a version control system designed to be as similar to cvs(1) +Subversion is a version control system designed to be as similar to cvs(1) as possible, while fixing many outstanding problems with cvs(1). This port adds KDE KWallet support to Subversion. diff --git a/security/sudoscript/pkg-descr b/security/sudoscript/pkg-descr index fc425b04ad1e..9acf36a1a70a 100644 --- a/security/sudoscript/pkg-descr +++ b/security/sudoscript/pkg-descr @@ -4,8 +4,8 @@ They agree on the location of a FIFO, which the daemon opens for read. Sudoshell then runs script(1) with the FIFO as a typescript. The daemon stamps each line of the script(1) output with a session id, then passes the data over to another daemon. This daemon timestamps the data and stores -it in a log file which is /var/log/sudoscript. This daemon also keeps an eye -on the size of log files, and forks a rotator/compressor when it exceeds 2 +it in a log file which is /var/log/sudoscript. This daemon also keeps an eye +on the size of log files, and forks a rotator/compressor when it exceeds 2 MBytes. WWW: http://www.egbok.com/sudoscript diff --git a/security/tcpcrypt/pkg-descr b/security/tcpcrypt/pkg-descr index c31af0022c18..71be10ef3c75 100644 --- a/security/tcpcrypt/pkg-descr +++ b/security/tcpcrypt/pkg-descr @@ -6,6 +6,6 @@ end does not support Tcpcrypt, in which case connections will gracefully fall back to standard clear-text TCP. Install Tcpcrypt and you'll feel no difference in your every day user experience, but yet your traffic will be more secure and you'll have made life much harder -for hackers. +for hackers. WWW: http://www.tcpcrypt.org/ diff --git a/security/tinyca/pkg-descr b/security/tinyca/pkg-descr index 68a56eb831ef..ec5fa3995fcc 100644 --- a/security/tinyca/pkg-descr +++ b/security/tinyca/pkg-descr @@ -1,4 +1,4 @@ -TinyCA is a simple graphical userinterface written in Perl/Tk to manage a +TinyCA is a simple graphical userinterface written in Perl/Tk to manage a small CA (Certification Authority). Currently TinyCA supports the following features: @@ -6,14 +6,14 @@ Currently TinyCA supports the following features: * support for creating and managing SubCAs * Creation and Revocation of x509 - S/MIME certificates * PKCS#10 Requests can be imported and signed - * RSA and DSA keys can be generated and used + * RSA and DSA keys can be generated and used * Servercertificates o Certificates can be exported as: PEM, DER, TXT and PKCS#12 - o Certificates may be used with e.g. Apache, Postfix, OpenLDAP, + o Certificates may be used with e.g. Apache, Postfix, OpenLDAP, Cyrus and FreeS/WAN * Clientcertificates o Certificates can be exported as: PEM, DER, TXT and PKCS#12 - o Certificates may be used with e.g. Netscape, Konqueror, Opera, + o Certificates may be used with e.g. Netscape, Konqueror, Opera, Internet Explorer, Outlook (Express) and FreeS/WAN * Certificate Revocation List o CRLs can be exported as: PEM, DER and TXT diff --git a/security/tlswrap/pkg-descr b/security/tlswrap/pkg-descr index 7d4fdee701ce..17b0a2b57c07 100644 --- a/security/tlswrap/pkg-descr +++ b/security/tlswrap/pkg-descr @@ -1,4 +1,4 @@ TLSWrap is a TLS/SSL FTP wrapper/proxy for UNIX and Windows, allowing you to -use your favourite FTP client with any TLS/SSL-enabled FTP server. +use your favourite FTP client with any TLS/SSL-enabled FTP server. WWW: http://www.tlswrap.com/ diff --git a/security/trinokiller/pkg-descr b/security/trinokiller/pkg-descr index 15d0062a4de6..082bb3b8f7de 100644 --- a/security/trinokiller/pkg-descr +++ b/security/trinokiller/pkg-descr @@ -1,4 +1,4 @@ -This program remotely kills trino nodes on version 1.07b2+f3 and below. +This program remotely kills trino nodes on version 1.07b2+f3 and below. It abuses the careless coding in trinoo nodes and causes them to exit. It requires that you either know the node password or think it's the default password. diff --git a/security/truecrypt/pkg-descr b/security/truecrypt/pkg-descr index 2b0617f25c07..b1534b556e1f 100644 --- a/security/truecrypt/pkg-descr +++ b/security/truecrypt/pkg-descr @@ -1,15 +1,15 @@ Free open-source disk encryption software Main Features: -* Creates a virtual encrypted disk within a file and mounts it as +* Creates a virtual encrypted disk within a file and mounts it as a real disk. -* Encrypts an entire partition or storage device such as USB flash +* Encrypts an entire partition or storage device such as USB flash drive or hard drive. * Encryption is automatic, real-time (on-the-fly) and transparent. * Parallelization and pipelining allow data to be read and written as fast as if the drive was not encrypted. -* Provides plausible deniability, in case an adversary forces you +* Provides plausible deniability, in case an adversary forces you to reveal the password: - Hidden volume (steganography) and hidden operating system. + Hidden volume (steganography) and hidden operating system. WWW: http://www.truecrypt.org/ diff --git a/security/vinetto/pkg-descr b/security/vinetto/pkg-descr index 333894b70591..e01f7978a40a 100644 --- a/security/vinetto/pkg-descr +++ b/security/vinetto/pkg-descr @@ -1,4 +1,4 @@ -Vinetto extracts the thumbnails and associated metadata from the Thumbs.db +Vinetto extracts the thumbnails and associated metadata from the Thumbs.db files. The Windows systems (98, ME, 2000, XP and 2003 Server) can store thumbnails diff --git a/security/vnccrack/pkg-descr b/security/vnccrack/pkg-descr index 026369f1623e..9ebda8a036d7 100644 --- a/security/vnccrack/pkg-descr +++ b/security/vnccrack/pkg-descr @@ -1,7 +1,7 @@ -VNCcrack is a fast offline password cracker for VNC passwords. -By sniffing a VNC challenge-response sequence off the network -(typically when VNC is used without a decent cryptographic -wrapper like SSH or SSL), you can recover the password fairly +VNCcrack is a fast offline password cracker for VNC passwords. +By sniffing a VNC challenge-response sequence off the network +(typically when VNC is used without a decent cryptographic +wrapper like SSH or SSL), you can recover the password fairly easily and quickly by letting VNCcrack pound on it. WWW: http://www.randombit.net/projects/vnccrack/ diff --git a/security/webfwlog/pkg-descr b/security/webfwlog/pkg-descr index 28e703b3b1dd..027914bc7bb1 100644 --- a/security/webfwlog/pkg-descr +++ b/security/webfwlog/pkg-descr @@ -1,7 +1,7 @@ -Webfwlog is a flexible web-based analysis and reporting tool for firewall +Webfwlog is a flexible web-based analysis and reporting tool for firewall logs. It supports log files in standard ipfilter or ipfw format. -With Webfwlog you can design reports to use on your firewall logs in whatever +With Webfwlog you can design reports to use on your firewall logs in whatever configuration you desire. Included are example reports as a starting point. You can sort a report with a single click, "drill-down" on the reports all the way to the packet level, and save your reports for later use. You can diff --git a/security/xinetd/pkg-descr b/security/xinetd/pkg-descr index 80126e4f12a7..14ef2c0e127e 100644 --- a/security/xinetd/pkg-descr +++ b/security/xinetd/pkg-descr @@ -6,7 +6,7 @@ does not require that the services in its configuration file be listed in /etc/services. Its configuration file has a different format than inetd's one -and it understands different signals. However the signal-to-action +and it understands different signals. However the signal-to-action assignment can be changed. WWW: http://www.xinetd.org/ diff --git a/security/zxid/pkg-descr b/security/zxid/pkg-descr index 0b725c90d326..0817ef701d4c 100644 --- a/security/zxid/pkg-descr +++ b/security/zxid/pkg-descr @@ -6,6 +6,6 @@ ZXID is light weight, has a small foot print, and is implemented in C. It is suitable for both high performance and embedded applications. Scripting languages are supported using SWIG, including Perl, PHP and Java. The "full stack" nature of ZXID means it's self contained and -has minimal external library dependencies (see downloads). +has minimal external library dependencies (see downloads). WWW: http://zxid.org/ |