Section: .. / linux / security /
| /// File Name: |
kpatch.sh |
Description:
|
kpatch.sh is a shell script illustrating runtime kernel memory patching. For demonstration purposes it shows how to break the kguard module. kpatch does not create any files on the system it runs on. So it is even possible to patch the kernel memory without creating any file on the target machine. It only requires basic shell utilities to work.
| | Author: | kilian klimek | | File Size: | 4447 | | Last Modified: | Feb 5 22:56:17 2006 |
| MD5 Checksum: | e872f9b2a0a9779b9c9083cefc77e03b |
|
| /// File Name: |
kstat.tar.gz |
Description:
|
Kstat is a tool for Linux which can find an attacker in your system by a direct analysis of the kernel via /dev/kmem, bypassing the hiding techniques of the intruder (kernel static recompilation/use of LKMs). Kstat can find the syscalls which were modified by a LKM, list the linked LKMs, query one or all the network interfaces of the system, list all the processes and much more.
| | Author: | Fusys | | Homepage: | http://www.s0ftpj.org | | File Size: | 14523 | | Last Modified: | Jan 4 17:54:20 2001 |
| MD5 Checksum: | f6314c81beecea2df666f5c49f166c38 |
|
| /// File Name: |
kstat24.tgz |
Description:
|
Kstat is a powerful tool for Linux v2.4.x which displays information taken directly from kernel structures taken from /dev/kmem. This is especially useful when we can't trust output from usual sources and applications, for example after an unauthorized access to our systems. Effective if something like ps, ifconfig, lsmod, or system calls are patched.
| | Author: | Fusys | | Homepage: | http://www.s0ftpj.org | | Changes: | This is a major update of kstat, since its release for the 2.2.x kernels. This runs on 2.4.x only, and can better assist in finding and removing trojan LKMs. It sports network socket dumps, sys_call fingerprinting, stealth modules scanning and more. | | File Size: | 20741 | | Last Modified: | Jun 5 12:34:42 2002 |
| MD5 Checksum: | 01bdbde57c74a4e9a0c01c7eaf5b9794 |
|
| /// File Name: |
kstat24_v1.1-2.tgz |
Description:
|
Kernel Security Therapy Anti-Trolls (KSTAT) is a very powerful security tool to detect many kinds of rogue kernel rootkits. It analyzes the kernel through /dev/kmem and detects modified syscalls as well as various other problems. This version runs on 2.4.x only, and can assist in finding and removing trojan LKMs. It supports network socket dumps, sys_call fingerprinting, stealth module scanning, and more.
| | Author: | FuSyS | | Homepage: | http://www.s0ftpj.org/en/site.html | | File Size: | 24472 | | Last Modified: | Nov 30 22:53:12 2003 |
| MD5 Checksum: | 96954a3d4b4dd623480b5ed05a7b7523 |
|
| /// File Name: |
libformat-1.0pre5.tar.gz |
Description:
|
libformat is a library for the Linux operating system that intercepts, among others, calls to the printf() family of functions to prevent format string attacks, in which a possibly malicious user supplied format string is used. This is a programming error, but has recently been used to break computer security. This library can be used to protect against compromises due to yet undiscovered vulnerabilities in privileged programs. libformat checks for format strings containing the %n format specifier in writable parts of a process' address space, and if found, the process is terminated with the KILL signal.
| | Author: | Tim J Robbins | | Homepage: | http://box3n.gumbynet.org/~fyre/software | | File Size: | 5211 | | Last Modified: | Nov 13 14:53:12 2000 |
| MD5 Checksum: | a013ee406d07defa367ceaece04bf493 |
|
| /// File Name: |
libsafe-1.3.tgz |
Description:
|
The libsafe library protects a process against the exploitation of buffer overflow vulnerabilities in process stacks. Libsafe works with any existing pre-compiled executable and can be used transparently, even on a system-wide basis. It works by putting a wrapper around dangerous functions that contain any buffer overflows within the current stack frame, so that the return address can not be changed.
| | Author: | Navjot Singh | | Homepage: | http://www.bell-labs.com/org/11356/libsafe.html | | File Size: | 296807 | | Last Modified: | Apr 21 22:01:58 2000 |
| MD5 Checksum: | c79bdb6059d2dd5fa2ec14be46f44d2f |
|
| /// File Name: |
libsafe-2.0.tgz |
Description:
|
The libsafe library protects against buffer overflow and format string attacks. It works by putting a wrapper around dangerous functions that contain any buffer overflows within the current stack frame, so that the return address can not be changed. Libsafe works with any existing pre-compiled executable and can be used transparently, even on a system-wide basis.
| | Author: | Navjot Singh | | Homepage: | http://www.research.avaya.com/project/libsafe | | Changes: | Ability to handle both buffer overflow and format string attacks, and extension of its protection to all the applications running on a system. | | File Size: | 517961 | | Last Modified: | Mar 28 15:48:14 2001 |
| MD5 Checksum: | 5ef42b946b8eb8d7d5c36a6946419eb4 |
|
| /// Directory: |
/ lids / |
Description:
|
Unavailable.
| | Total Files: | 63 | | Last Modified: | Dec 13 18:33:26 2007 |
|
| /// File Name: |
linux-2.0.38-ow4.tar.gz |
Description:
|
This patch (for kernel version 2.0.38) is a collection of security-related features for the Linux kernel, all configurable via the new 'Security options' configuration section. In addition to the new features, some versions of the patch contain various security fixes. The number of such fixes changes from version to version, as some are becoming obsolete (such as because of the same problem getting fixed with a new kernel release), while other security issues are discovered.
| | Homepage: | http://www.openwall.com/linux/ | | File Size: | 25659 | | Last Modified: | Oct 27 16:53:49 1999 |
| MD5 Checksum: | 247a853497a9864d913c86ea4725fdee |
|
| /// File Name: |
linux-2.0.39-ow2.tar.gz |
Description:
|
The Secure-Linux patch adds a few security features to the kernel which, while not a complete method of protection, will stop most of the 'cookbook' buffer overflow exploits cold. It also adds the option of restricting the use of symlinks and named pipes in +t (temp) directories which fixes most tmp-race exploits as well. It can also add a little bit more privacy to the system by restricting access to parts of /proc to root so that users may not see who else is logged on or what they're doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction, and privileged IP aliases for kernel 2.0.
| | Author: | Solar Designer | | Homepage: | http://www.openwall.com/linux | | Changes: | A fix for the recently announced execve(2)/ptrace(2) race condition vulnerability in the Linux kernel. Readme available | | File Size: | 26114 | | Last Modified: | Feb 10 17:23:54 2001 |
| MD5 Checksum: | 448e15e2a0268611ce885dc7162ee74a |
|
| /// File Name: |
linux-2.0.39-ow3.tar.gz |
Description:
|
The Secure-Linux patch adds a few security features to the kernel which, while not a complete method of protection, will stop most of the 'cookbook' buffer overflow exploits cold. It also adds the option of restricting the use of symlinks and named pipes in +t (temp) directories which fixes most tmp-race exploits as well. It can also add a little bit more privacy to the system by restricting access to parts of /proc to root so that users may not see who else is logged on or what they're doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction, and privileged IP aliases for kernel 2.0.
| | Author: | Solar Designer | | Homepage: | http://www.openwall.com/linux | | Changes: | There are important bugfixes, including to an older kernel vulnerability fix. Readme available | | File Size: | 26383 | | Last Modified: | Mar 28 20:23:29 2001 |
| MD5 Checksum: | f444dae268d4523ac7a96cef7b23776c |
|
| /// File Name: |
linux-2.2.12-ow6.tar.gz |
Description:
|
The Secure-Linux patch adds a few security features to the kernel which, while not a complete method of protection, will stop most of the 'cookbook' buffer overflow exploits cold. It also adds the option of restricting the use of symlinks in +t (temp) directories which fixes most tmp-race exploits as well. It can also add a little bit more privacy to the system by restricting access to parts of /proc to root so that users may not see who else is logged on or what they're doing.
| | Author: | Solar Designer | | File Size: | 24545 | | Last Modified: | Oct 12 14:33:52 1999 |
| MD5 Checksum: | 40457e12e96bbc0c9305d1a6dfb88cf4 |
|
| /// File Name: |
linux-2.2.13-ow1.tar.gz |
Description:
|
This patch (for kernel version 2.2.13) is a collection of security-related features for the Linux kernel, all configurable via the new 'Security options' configuration section. In addition to the new features, some versions of the patch contain various security fixes. The number of such fixes changes from version to version, as some are becoming obsolete (such as because of the same problem getting fixed with a new kernel release), while other security issues are discovered.
| | Homepage: | http://www.openwall.com/linux/ | | File Size: | 19873 | | Last Modified: | Oct 27 16:53:38 1999 |
| MD5 Checksum: | 416792c6dfbedf0e4b71f6c642372f78 |
|
| /// File Name: |
linux-2.2.14-ow1.tar.gz |
Description:
|
This patch (for kernel version 2.2.14) is a collection of security-related features for the Linux kernel, all configurable via the new 'Security options' configuration section. Features a Non-executable user stack area, Restricted links in /tmp, Restricted FIFOs in /tmp, Restricted /proc, Special handling of fd 0, 1, and 2, Enforce RLIMIT_NPROC on execve(2), Destroy shared memory segments not in use, and Privileged IP aliases.
| | Homepage: | http://www.openwall.com/linux/ | | File Size: | 21992 | | Last Modified: | Jan 7 20:37:44 2000 |
| MD5 Checksum: | 0069ea6077f5bcad6113e2f1554f22b6 |
|
| /// File Name: |
linux-2.2.14-ow2.tar.gz |
Description:
|
The Secure-Linux patch adds a few security features to the kernel which, while not a complete method of protection, will stop most of the 'cookbook' buffer overflow exploits cold. It also adds the option of restricting the use of symlinks in +t (temp) directories which fixes most tmp-race exploits as well. It can also add a little bit more privacy to the system by restricting access to parts of /proc to root so that users may not see who else is logged on or what they're doing.
| | Homepage: | http://www.openwall.com/linux/ | | Changes: | Now works on kernel 2.2.14! | | File Size: | 20899 | | Last Modified: | Feb 29 03:56:52 2000 |
| MD5 Checksum: | ffde0d2742e866b5d92ef7a944710641 |
|
| /// File Name: |
linux-2.2.14-stealth3.diff |
Description:
|
Patch for linux kernel 2.2.14 to discard packets that many OS detection tools use to query the TCP/IP stack.
| | Author: | Sean Trifero | | Homepage: | http://www.innu.org/~sean | | Changes: | Patch3 actually works! Includes logging of the dropped query packets. | | File Size: | 5565 | | Last Modified: | Feb 10 17:19:52 2000 |
| MD5 Checksum: | 49cf985220d9f9f7914dd7f6a1c3df3f |
|
| /// File Name: |
linux-2.2.14-stealth4.diff |
Description:
|
Patch for linux kernel 2.2.14 to discard packets that many OS detection tools use to query the TCP/IP stack. Includes logging of the dropped query packets.
| | Author: | Sean Trifero | | Homepage: | http://www.innu.org/~sean | | Changes: | Version 4 is handled by sysctl. Note that the kernel config options are now under networking. | | File Size: | 7807 | | Last Modified: | Feb 11 15:40:37 2000 |
| MD5 Checksum: | d52ea3b06390d3000b096d46b10ef99c |
|
| /// File Name: |
linux-2.2.14-stealth6.diff |
Description:
|
Patch for linux kernel 2.2.14 to discard packets that many OS detection tools use to query the TCP/IP stack. Includes logging of the dropped query packets.
| | Author: | Sean Trifero | | Homepage: | http://www.innu.org/~sean | | Changes: | Module support! | | File Size: | 14468 | | Last Modified: | Mar 1 16:26:27 2000 |
| MD5 Checksum: | 07aeb534f91f4e9c676972c8649306da |
|
| /// File Name: |
linux-2.2.14-stealth7.diff |
Description:
|
Patch for linux kernel 2.2.14 to discard packets that many OS detection tools use to query the TCP/IP stack. Includes logging of the dropped query packets.
| | Author: | Sean Trifero | | Homepage: | http://www.innu.org/~sean | | Changes: | Version 7 has added module sysctl support, and now blocks res1 and res2 packets (bogus flags). | | File Size: | 17717 | | Last Modified: | Mar 24 23:45:12 2000 |
| MD5 Checksum: | 6714a44ace69d33649002399050c669b |
|
| /// File Name: |
linux-2.2.15-ow1.tar.gz |
Description:
|
The Secure-Linux patch adds a few security features to the kernel which, while not a complete method of protection, will stop most of the 'cookbook' buffer overflow exploits cold. It also adds the option of restricting the use of symlinks and named pipes in +t (temp) directories which fixes most tmp-race exploits as well. It can also add a little bit more privacy to the system by restricting access to parts of /proc to root so that users may not see who else is logged on or what they're doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction, and priveledged IP aliases for kernel 2.0.
| | Homepage: | http://www.openwall.com/linux/ | | Changes: | Now works on kernel 2.2.15! Readme available | | File Size: | 23489 | | Last Modified: | May 7 18:19:35 2000 |
| MD5 Checksum: | b1c235e1b3ce9a7b35c11f61cbd32cca |
|
| /// File Name: |
linux-2.2.16-ow1.tar.gz |
Description:
|
The Secure-Linux patch adds a few security features to the kernel which, while not a complete method of protection, will stop most of the 'cookbook' buffer overflow exploits cold. It also adds the option of restricting the use of symlinks and named pipes in +t (temp) directories which fixes most tmp-race exploits as well. It can also add a little bit more privacy to the system by restricting access to parts of /proc to root so that users may not see who else is logged on or what they're doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction, and priveledged IP aliases for kernel 2.0.
| | Author: | Solar Designer | | Homepage: | http://www.openwall.com/linux | | Changes: | Now works on kernel 2.2.16! Readme available | | File Size: | 23329 | | Last Modified: | Jul 8 02:49:12 2000 |
| MD5 Checksum: | 6645dc1717ea40439d94aad3e3aea608 |
|
| /// File Name: |
linux-2.2.16-stealth1.diff |
Description:
|
Patch for linux kernel 2.2.16 to discard packets that many OS detection tools use to query the TCP/IP stack. Includes logging of the dropped query packets and packets with bogus flags.
| | Author: | Sean Trifero | | Homepage: | http://www.innu.org/~sean | | Changes: | Now works with kernel v2.2.16. | | File Size: | 17368 | | Last Modified: | Jun 8 15:45:21 2000 |
| MD5 Checksum: | 5d0d1cbdfbe5918267ee27122975c6c2 |
|
| /// File Name: |
linux-2.2.17-ow1.tar.gz |
Description:
|
The Secure-Linux patch adds a few security features to the kernel which, while not a complete method of protection, will stop most of the 'cookbook' buffer overflow exploits cold. It also adds the option of restricting the use of symlinks and named pipes in +t (temp) directories which fixes most tmp-race exploits as well. It can also add a little bit more privacy to the system by restricting access to parts of /proc to root so that users may not see who else is logged on or what they're doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction, and priveledged IP aliases for kernel 2.0.
| | Author: | Solar Designer | | Homepage: | http://www.openwall.com/linux | | Changes: | Now works on kernel 2.2.17! Readme available | | File Size: | 23355 | | Last Modified: | Sep 12 17:11:29 2000 |
| MD5 Checksum: | a1f3c71fadf1ae585e07078e0bd34f15 |
|
| /// File Name: |
linux-2.2.17-stealth1.diff |
Description:
|
Patch for linux kernel 2.2.17 to discard packets that many OS detection tools use to query the TCP/IP stack. Includes logging of the dropped query packets and packets with bogus flags.
| | Author: | Sean Trifero | | Homepage: | http://www.innu.org/~sean | | Changes: | Now works with kernel v2.2.17. | | File Size: | 17725 | | Last Modified: | Sep 5 22:01:30 2000 |
| MD5 Checksum: | 53833b817e53285259d8e0a1426920f4 |
|
| /// File Name: |
linux-2.2.18-ow1.tar.gz |
Description:
|
The Secure-Linux patch adds a few security features to the kernel which, while not a complete method of protection, will stop most of the 'cookbook' buffer overflow exploits cold. It also adds the option of restricting the use of symlinks and named pipes in +t (temp) directories which fixes most tmp-race exploits as well. It can also add a little bit more privacy to the system by restricting access to parts of /proc to root so that users may not see who else is logged on or what they're doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction, and priveledged IP aliases for kernel 2.0.
| | Author: | Solar Designer | | Homepage: | http://www.openwall.com/linux | | Changes: | Now works on kernel 2.2.18! Also includes workarounds for GNU MailMan and Courier Mail. Readme available | | File Size: | 24200 | | Last Modified: | Dec 15 03:38:45 2000 |
| MD5 Checksum: | 5e901962c353d8424e51297ff4158b50 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
