Bill Stearns' web site
Thanks for showing up! This is one of the mirror sites holding my software. The packages here are either ones I've written or ones I package for someone else ("RPMs" in the description).
Please note that these are not all complete packages. Some of them are simple scripts that I use, with little in the way of documentation or installation routines.
Software packages
For a complete list of all files, see filelist.html.
If you'd only like the most current rpms of the software I write, see neweststable.
Project Description
apply-quilt-patches Applies all the patches in a quilt collection to a source tree.
apptrace This straces any app, however it's called. Useful for daemons, startup scripts and any tools you don't call directly. See doc/apptrace.v0.1.html for an article on its use.
askfirst Shell function to ask the user if they want to run a particular command. Handles sudo.
blockrules Create iptables, ipchains, ipfwadm, IOS, ipfilter, and snort block rules for specified traffic. Can be run as a cgi script; see http://www.incidents.org/cgi-bin/blockrules for a demo.
buildkernel This builds a linux kernel from scratch.
checkformail / mail Mail handling scripts and info.
defragfile (Untested) script for defragmenting files on a Linux system.
detectlib This library and associated frontends detect and remove worms from a Linux system. Adorefind, Ramenfind, XCfind and Lionfind are here.
dibs Perl script that sends a second copy of all icmp unreachables to a collector machine. Designed for the DIBS project, a project that detects worm activity from the unreachables caused by worms probing for non-existant machines.
diffsplit Breaks up diffs/patches into their component files.
dns-check A script that compares dns records to stored copies. Allows you to verify that your dns servers are not handing out incorrect data.
doc Here are the (generally security related) papers I've written over the last few years.
fanout This tool will run commands on multiple machines at the same time via ssh.
ford
uml-coop Documents and scripts about the UML Coop project (see also slartibartfast, the existing Coop.
uml-coop Documents and scripts about the UML Coop project (see also slartibartfast, the existing Coop.
firebricks (Now called modwall, please update any bookmarks) A set of independent firewall modules that can be inserted into an existing firewall.
fist Stackable filesystem templates, currently just logeventfs. See the fist home page for more info on fist.
filldisk Fills a disk with a repeating string to overwrite deleted files and exercise the drives block checking ability.
freedups This frees up space on Linux filesystems by hardlinking identical files.
freeze This halts all the running applications on a Linux system, while leaving the current console running so the analyst can continue to perform forensic analysis of an attacked system.
hack A wrapper around your favourite editor that saves dated backups of the file, among other things.
html2sgml A simple converter from html to sgml.
htmlfilelist Create an html format file listing for a directory. Used on this site - see filelist.html for sample output.
hostlookup Looks up the hostnames of IPs given on the command line or on stdin.
i2i The firewall conversion routines, ipfwadm2ipchains and ipchains2iptables.
icons A collection of icons.
indebug Debugging tool for the Intermezzo project.
ipchains2iptables Converts an ipchains (2.2 kernel) firewall into an iptables (2.4 kernel) firewall. Because of the structural differences between the two types of firewalls, this program will do as much as it can, but only provides a starting point.
ipfwadm2ipchains This converts an ipfwadm (2.0 kernel) firewall into an ipchains (2.2 kernel) firewall.
ipt_dsize An iptables match module to allow one to match the length of the data portion of the packet without the IP and protocol header.
livedrives Just lists the physical ide and scsi drives on a system.
mason The Mason automatic firewall builder for linux.
mirror Tools for managing a software repository mirror.
mkrootfs Makes root filesystems for User Mode Linux.
modwall A set of independent firewall modules that can be inserted into an existing firewall.
moveuser Moves a user to a new UID (and optionally GID). Use with caution.
netreply Perl script that sends back an echo reply for echo requests. Useful for letting your attackers think that non-existant machines exist. :-)
neweststable All of the RPMs for software I write.
noads Block ads with the jesred squid redirector.
openmail Opens up a mail folder with pine.
padip Pads out an IP address to nnn.nnn.nnn.nnn format
passer A Passive Service sniffer written in python.
patches Miscellaneous patches I wrote or modified and sent off to Linux developers
pcap BPF / pcap packet capture files.
pom26convert Converts the netfilter patch-o-matic 2.4 config.in and .configure.help files over to the 2.6 kernel's Kconfig format.
pomlist Creates a hypertext listing of all the netfilter patch-o-matic modules.
portstatus Checks to see if specified ports on a system are responding.
randomsig Create a random signature with different quotes, some included.
razor-caching-proxy A caching proxy for the Razor spam filtering system.
redhat Spec file template.
routeprobe Checks for rogue routers - masquerading or straight routing - on a LAN.
rsync-backup This tool allows for secure backups via rsync, ssh and chroot.
rsync-mirror A simple wrapper script for mirroring directories between machines.
sa-blacklist A blacklist of sender addresses for Spamassassin.
samlib
(formerly sam) A library of shell functions used by some of the other tools.
(formerly sam) A library of shell functions used by some of the other tools.
shun Program that blocks all communication with given IP's on an iptables or ipchains capable host.
snort2iptables Converts rules in the snort rulebase over to iptables firewall rules.
socketwatch Listen for incoming connections on a given port and immediately block the person scanning it.
ssh-keyinstall Automates the creation and installation of ssh keys.
slartibartfast/
zaphod/
uml-coop Documents and scripts about the UML Coop project (see also ford, the upcoming 64 bit Coop.
zaphod/
uml-coop Documents and scripts about the UML Coop project (see also ford, the upcoming 64 bit Coop.
staticiso An ISO image of statically linked binaries, good for forensics and system recovery.
syncapture Script to capture syn packets for later analysis. Useful for p0f.
tcpsed Perl app to replace fields in a pcap file.
TF2 Maps About 900 team fortress 2 maps (approx 11GB) in compressed and uncompressed format.
tunnel Scripts to help set up ip tunneling.
uml Patches and files for the User-Mode Linux project.
uml-root Root filesystems for the User-Mode Linux project. Note these are only at www.stearns.org.
vmod Virtual Machine On Demand - a script that will eventually automatically start and stop User-Mode Linux virtual machines based on load. In progress, not much yet.
RPMS I package of other peoples software
Project Description Reference URL
dnstop RPMs. http://dnstop.measurement-factory.com/ and http://www.caida.org/tools/utilities/dnstop/
libcss RPMS.
mkisofs RPMs. http://www.fokus.gmd.de/research/cc/glone/
employees/joerg.schilling/private/cdrecord.html
employees/joerg.schilling/private/cdrecord.html
nc statically compiled RPMs - please read the readme first.
omi RPMs.
pdumpq RPMs. Accepts packets from netfilter and outputs them in libpcap format http://rouxdoo.freeshell.org/dmn/pdumpq/
perl RPMs for some perl modules
I have some additional old / unmaintained projects and rpms as well.
Full mirrors of this site
FTP - ftp.stearns.org HTTP - www.stearns.org FTP - uml.ists.dartmouth.edu Thanks, Bob G! HTTP - www.linuxgrill.org Thanks, Matt M! The site is also available via rsync:
Many thanks to Bascom, who were kind enough to host a mirror for many years.
rsync rsync.stearns.org::wstearns/
Partial mirrors of this site
HTTP - www.pobox.com (newest files only, only some packages) HTTP - users.dhp.com (newest files only, only some packages) HTTP - ISTS (detection tools and documents only) Thanks, Alex! HTTP - Wiretapped, Australia (Mason only, updated nightly) Thanks Grant! FTP - Wiretapped, Australia (Mason only, updated nightly) Thanks Grant!
Other related sites.
ISTS works on all kinds of national security issues, including Internet and Linux security. Sans. I teach for this world-class security training organization and manage their networks.
Presentations
I gave a webcast on ssh in September 2003 (follow that link to hear it anytime). Many thanks to Sans and VanDyke software for sponsoring it.
I also gave a webcast on Spam in February 2004 (again, available for listening anytime). Many thanks to Sans and Mailfrontier for sponsoring it.
Here's an interview about Internet Security that showed up on New Hampshire Public TV's Outlook program. Jump 6 minutes, 40 seconds in.
Julie Bresnick of Newsforge wrote an article about my work on open source programs. Thanks, Julie.
Personal
If you need to get a hold of me, try:
- email: wstearns@pobox.com
- I'll have this address forever.
I have a diary running. I expect to update irregularly, when something interesting happens.
Here's my pgp key. I'd strongly suggest that you download this from more than one of the mirror sites and compare the two (so you can't be fooled if one of the mirror sites gets hacked). This key has not changed since 1998. It can also be found on the public key servers, such as the one at MIT.
This key is used to sign any rpms I build.
Here are some funny images and files.
Here's the cruise my wife and I took in August, 2001.
Finally, a few shots of me waterskiing on Lake Sunapee in New Hampshire, USA.
![[image]](http://mowser.com/img?url=http%3A%2F%2Fwww.stearns.org%2Fimage%2Fwc001b.jpg)
![[image]](http://mowser.com/img?url=http%3A%2F%2Fwww.stearns.org%2Fimage%2Fwc002a.jpg)
![[image]](http://mowser.com/img?url=http%3A%2F%2Fwww.stearns.org%2Fimage%2Fbill-aybabtu.jpg)
Last edited: 3/19/2008
Best viewed with something that can show web pages... <grin>
Please don't email the following address - it's part of a study: spleet@portsladescientific.comYou are viewing a mobilized version of this site...
View original page here
