Involved Projects and Packages
extrace traces all program executions occurring on a system and prints the process call hierarchy in a human-readable form.
While process tracing is exact, looking up all information is inherently sensitive to race conditions. In doubt, you can only trust the PID was written correctly.
Provides library functionality and command-line tools to
communicate with a FIDO device over USB, and to verify attestation and assertion signatures.
Supports the FIDO U2F (CTAP 1) and FIDO 2.0 (CTAP 2) protocols.
Libu2f-host provide a C library and command-line tool that implements
the host-side of the U2F protocol. There are APIs to talk to a U2F
device and perform the U2F Register and U2F Authenticate operations.
This is a C library that implements the server-side of the U2F protocol. More precisely, it provides an API for generating the JSON blobs required by U2F devices to perform the U2F Registration and U2F Authentication operations, and functionality for verifying the cryptographic operations.
To integrate decryption and parsing of YubiKey One-Time Passcodes (OTP) into your own server environment, you can use our free software libraries written in C and Java. To be useful, these packages need to be combined with a database and server component. Note that most applications typically talk to a verification server using our client libraries.
Lynis is a security and system auditing tool. It scans a system on the most interesting parts useful for audits, like:
- Security enhancements
- Logging and auditing options
- Banner identification
- Software availability
Lynis is released as a GPL licensed project and free for everyone to use.
See http://www.rootkit.nl for a full description and documentation.
The PAM U2F module provides an easy way to integrate the Yubikey (or other U2F-compliant authenticators) into your existing user authentication infrastructure. PAM is used by GNU/Linux, Solaris and Mac OS X for user authentication.
This module allows you to use the Yubikey device to authenticate to the PAM system
Control physical access to a linux computer by locking all of its virtual
terminals / consoles.
physlock is an alternative to vlock, it is equivalent to `vlock -an'. It is
written because vlock blocks some linux kernel mechanisms like hibernate and
suspend and can therefore only be used with some limitations. physlock is
designed to be more lightweight, it does not have a plugin interface and it is
not started using a shell script wrapper.
This project implements online validation of Yubikey OTPs. It is written in C and provides a shared library for use by other software.
Yubico's YubiKey can be re-programmed. This project's purpose is to provide a reference implementation for configuration of YubiKey's.
This is a command line tool to interact with the PIV applet on a YubiKey NEO. Among other functions it supports, generating keys on device, importing keys and certificates and creating certificate requests.
The YubiKey NEO supports the Privilege and Identification Card (PIV) interface specified in NIST SP 800-73 document "Cryptographic Algorithms and Key Sizes for PIV". This enables you to perform RSA or ECC sign/decrypt operations using a private key stored on the smartcard, through common interfaces like PKCS#11.
Python 3 library and command line tool for configuring a YubiKey.
YubiKey Manager (ykman) is a command line tool for configuring a YubiKey over
all transports. It is capable of reading out device information as well as
configuring several aspects of a YubiKey, including enabling or disabling
connection transports an programming various types of credentials.
This projects provides new and updated packages for cryptography and privacy and their dependencies for maintained distribution versions of openSUSE and SLE.
GNU Stow is a program for managing the installation of software
packages, keeping them separate (/usr/local/stow/emacs vs.
/usr/local/stow/perl, for example) while making them appear to be
installed in the same place (/usr/local). Software to ease the keeping
track of software built from source, making it easy to install, delete,
move etc.
The Docker Bench for Security is a script that checks for dozens of common
best-practices around deploying Docker containers in production.
The tests are all automated, and are inspired by the CIS Docker 1.11.0 Benchmark.
( https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.11.0_Benchmark_v1.0.0.pdf )
