[ Main / Projects / Docs / Files / FAQ / Links ]

Unless otherwise stated, all of my projects on this page are licensed under the GNU GPL v2. Please note that the GPL v2 is the only acceptable license; the clause from the standard GPL v2 that allows the FSF to change license terms for my software is explicitly disallowed, similar to the license used by the Linux kernel.

ncron

ncron is a cron daemon designed above all else to be secure. Reliability and performance are secondary but important goals. It is written in C for maximum portability and performance. ncron relies on no external libraries aside from the C standard library.

Backwards compatibility with existing cron is not a high priority, so ncron requires manual conversion of existing configure files to use. ncron is mostly a superset of standard cron's functionality, so conversion should not be difficult. However, there currently is no automated conversion program and I have no plans to write one.

ncron can run both as a multiuser cron and as a single user daemon for increased security. ncron preserves job run times across system restarts, and has support for journalling job run times. This saving of runtimes is extremely useful on machines that are not always running (laptops, dual boot machines) or are unstable.

ncron is licensed under the GNU LGPL.

ndhc

ndhc is a privilege-seperated dhcp client. It takes advantage of the POSIX capabilities support in Linux so that it may perform dhcp client duties while remaining non-root and confined to a chroot jail. ndhc is written in C and relies on no external libraries aside from the C standard library. Security is obviously ndhc's primary goal.

ndhc consists of two programs, ndhc and ifchd. ifchd listens on a UNIX domain socket to manage interface change requests. ndhc is a minimal dhcp client, derived from udhcpc, that handles dhcp protocol issues and communicates with ifchd to request configuration changes.

ndhc currently only supports systems that run the Linux kernel (>=2.2). ndhc is written with portability as a goal, and it would not be difficult to port it to run properly on BSD-derived systems. I outline the platform dependencies in the ndhc documentation.

ndyndns

ndyndns is an update client for dyndns.org's hostname services. It can handle dynamic, static, and custom hosts. It is, at least to the best of my knowledge, fully compliant with dyndns.org's update protocol and client reccomendations. It's written to be small and secure, running as a regular user inside of a chroot jail. It is capable of performing updates via https. It preserves as much state as possible on disk, minimizing updates as much as is possible. It's dependent on cURL's libcURL library.

vpidentd

vpidentd is an attempt to write a "very paranoid ident daemon". Its development was largely motivated by a desire to better learn Objective Caml.

vpidentd is designed with security and privacy in mind. Notably, vpidentd denies ident requests by default, allows for user configurable responses that can vary by hosts and ports, provides a configurable logging mechanism, and has the capability to return user configurable MD5 hashes as ident queries.

vpidentd relies on an inet server such as inetd or tcps.

rrd-scripts

My RRDTool (Round Robin Traffic Grapher) scripts are written in Python and graph many system properties. They will need to be adapted to your system, and will need to be configured to run from a cron daemon (see above), but are quite comprehensive. If you're going to be setting up graphs for your servers or workstations, starting out from a working base will save you a lot of time.

ninit

ninit is an extremely small init daemon that does nothing more than call shell scripts in response to events and reap zombies. It only works on Linux-based systems. ninit is stable and works fine for me, but I've not bothered to package it for outsiders to use. Nonetheless, with a bit of trivial source editing, it can easily be adapted to suit most Linux systems.

tcps

tcps is a replacement for inetd, xinetd, tcpserver, and other similar tcp server daemons. It attempts to be small, secure, and feature-orthogonal. It is most similar to tcpserver, but it is more lightweight.

Since modern UNIX machines have robust firewalling support in the kernel, it does not attempt to provide tcpd-like functionality.

tcps will rate-limit incoming connections so that the machine will not spawn arbitrary numbers of server processes. It will do so in a manner that will not be disruptive to connecting clients -- they will merely wait a while for the connection to be processed.

tcps has internal support for changing uid and gid as well as chroots and use of POSIX capabilities.

Minor Projects

Note that there are many other patches and tools that I have written that are less documented and unsorted in my unix files directory.

keepnick-nk

keepnick is a nick-keeping script that intelligently handles both nickserv identification and ghosting. Load it, then use /keepnick to set your nicks and passwords. It's a modification of keepnick.pl by Peder Stray, which has not been updated in several years.

Nicholas J. Kain  | n i c h o l a s | a t | k a i n | d o t | u s |