Section: .. / linux / security /
| /// File Name: |
tcpspy-1.6.tar.gz |
Description:
|
tcpspy is a linux administrator's tool that logs information about incoming and outgoing TCP/IP connections: local address, remote address and, probably the most useful feature, the user name. The current version allows you to include and exclude certain users from logging - this may be useful if you suspect one of the users on your system is up to no good but do not want to violate the privacy of the other users.
| | Author: | Tim J Robbins | | Homepage: | http://box3n.gumbynet.org/~fyre/software | | Changes: | Rules can now be read from a file. Also includes code cleanup and optimizations. | | File Size: | 14215 | | Last Modified: | Apr 27 16:49:42 2001 |
| MD5 Checksum: | a8338ef64c32e16054457b47c91b9a49 |
|
| /// File Name: |
spfx2.c |
Description:
|
spfx2.c is a linux kernel module which stops many exploits by protecting the system from code running on the stack. Works by limiting the use of key system calls to library functions. Although spfx2 does not prevent buffer-overflow related crashes, it does make it very difficult to break security with with a buffer-overflow attack, preventing most root compromises.
| | Author: | Justin Lesarge | | File Size: | 4754 | | Last Modified: | Apr 19 17:48:19 2001 |
| MD5 Checksum: | 4672dab270ac42e0779ae8e7752cdbcb |
|
| /// File Name: |
carbonite.tar.gz |
Description:
|
Carbonite v1.0 is a LKM which is designed to investigate and detect rootkits, even LKM rootkits which patch calls to /proc. It works like lsof and ps at the kernel level, querying every process in Linux's task_struct, which is the kernel structure that maintains information on every running process in Linux. It gives administrators a more reliable method to identify all running processes on the system.
| | Homepage: | http://www.foundstone.com/rdlabs/proddesc/carbonite.html | | File Size: | 21141 | | Last Modified: | Apr 16 22:22:50 2001 |
| MD5 Checksum: | 33ec818ce2fca235c1b925deb4e490df |
|
| /// File Name: |
psad-0.8.6.tar.gz |
Description:
|
Port Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap.
| | Homepage: | http://www.cipherdyne.com/psad | | File Size: | 20457 | | Last Modified: | Apr 16 20:47:59 2001 |
| MD5 Checksum: | 31a96bab23794fbfcb0391b502f9ee65 |
|
| /// File Name: |
SAStk-0.1.2.1.tgz |
Description:
|
SAStk (Slackware Administrators Security tool kit) aims to provide a set of tools and utilities to install and maintain a reasonable level of security for the Slackware GNU/Linux distribution. At the same time, it should ease administration with a new centralized initialization setup and background information on what each daemon does.
| | Homepage: | http://sourceforge.net/projects/sastk | | Changes: | This release fixes an installer issue and a potential race condition, includes more documentation, clarified XFree86 versions (not updated for X 4.0 yet), and removes shell limits. | | File Size: | 649515 | | Last Modified: | Apr 16 12:15:03 2001 |
| MD5 Checksum: | bc2e7ea2041115c1bcb96f7ccd57112b |
|
| /// File Name: |
spfx.c |
Description:
|
spfx.c is a linux kernel module which stops many exploits by protecting the system from code running on the stack.
| | File Size: | 2166 | | Last Modified: | Apr 9 01:22:45 2001 |
| MD5 Checksum: | cd17bdbfe61fba08502ab59be605cc97 |
|
| /// File Name: |
linux-2.2.19-stealth1.diff |
Description:
|
The Stealth Kernel Patch for Linux v2.2.19 makes the linux kernel discard the packets that many OS detection tools use to query the TCP/IP stack. Includes logging of the dropped query packets and packets with bogus flags. Does a very good job of confusing nmap and queso.
| | Author: | Sean Trifero | | Homepage: | http://www.innu.org/~sean | | Changes: | Now works with kernel v2.2.19. | | File Size: | 17837 | | Last Modified: | Apr 7 04:05:11 2001 |
| MD5 Checksum: | 29d386c15f8bd808ae57e44d43a61afc |
|
| /// File Name: |
lomac-v1.0.5.tar.gz |
Description:
|
LOMAC is a security enhancement for Linux that uses Low Water-Mark Mandatory Access Control to protect the integrity of processes and data from viruses, Trojan horses, malicious remote users, and compromised root daemons. LOMAC is implemented as a loadable kernel module - no kernel recompilations or changes to existing applications are required. Although not all the planned features are currently implemented, it presently provides sufficient protection to thwart script-kiddies, and is stable enough for everyday use. Whitepaper available here. Manual available here.
| | Homepage: | http://www.pgp.com/research/nailabs/secure-execution/lomac.asp | | Changes: | Revised Default Policy to allow remote level-2 root logins via ssh and improved logging. | | File Size: | 106965 | | Last Modified: | Apr 6 21:30:22 2001 |
| MD5 Checksum: | 9f8d44b9e0af30b477eb3de9ef507084 |
|
| /// File Name: |
maxty.tar.gz |
Description:
|
Maxty is a small kernel-space tty sniffer. It is a LKM which will attach to read/write syscalls and save incoming/outgoing requests to opened tty devices into separate log files. It provides a way keeping a track what is happening on virtual consoles similar to a keystroke recorder.
| | Author: | Paul | | File Size: | 4867 | | Last Modified: | Apr 6 21:04:31 2001 |
| MD5 Checksum: | 8ed7a10a7153e74d0f1495d65783dc4d |
|
| /// File Name: |
linux-2.2.19-ow1.tar.gz |
Description:
|
The Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.
| | Author: | Solar Designer | | Homepage: | http://www.openwall.com/linux | | Changes: | Updated to Linux 2.2.19, which contains security fixes not included in older versions of the patch. Readme available | | File Size: | 24414 | | Last Modified: | Mar 28 20:28:48 2001 |
| MD5 Checksum: | 944a6566a057ca99a3b1575e67db8aea |
|
| /// File Name: |
linux-2.0.39-ow3.tar.gz |
Description:
|
The Secure-Linux patch adds a few security features to the kernel which, while not a complete method of protection, will stop most of the 'cookbook' buffer overflow exploits cold. It also adds the option of restricting the use of symlinks and named pipes in +t (temp) directories which fixes most tmp-race exploits as well. It can also add a little bit more privacy to the system by restricting access to parts of /proc to root so that users may not see who else is logged on or what they're doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction, and privileged IP aliases for kernel 2.0.
| | Author: | Solar Designer | | Homepage: | http://www.openwall.com/linux | | Changes: | There are important bugfixes, including to an older kernel vulnerability fix. Readme available | | File Size: | 26383 | | Last Modified: | Mar 28 20:23:29 2001 |
| MD5 Checksum: | f444dae268d4523ac7a96cef7b23776c |
|
| /// File Name: |
libsafe-2.0.tgz |
Description:
|
The libsafe library protects against buffer overflow and format string attacks. It works by putting a wrapper around dangerous functions that contain any buffer overflows within the current stack frame, so that the return address can not be changed. Libsafe works with any existing pre-compiled executable and can be used transparently, even on a system-wide basis.
| | Author: | Navjot Singh | | Homepage: | http://www.research.avaya.com/project/libsafe | | Changes: | Ability to handle both buffer overflow and format string attacks, and extension of its protection to all the applications running on a system. | | File Size: | 517961 | | Last Modified: | Mar 28 15:48:14 2001 |
| MD5 Checksum: | 5ef42b946b8eb8d7d5c36a6946419eb4 |
|
| /// File Name: |
tcpspy-1.5.tar.gz |
Description:
|
tcpspy is a linux administrator's tool that logs information about incoming and outgoing TCP/IP connections: local address, remote address and, probably the most useful feature, the user name. The current version allows you to include and exclude certain users from logging - this may be useful if you suspect one of the users on your system is up to no good but do not want to violate the privacy of the other users.
| | Author: | Tim J Robbins | | Homepage: | http://box3n.gumbynet.org/~fyre/software | | Changes: | Bug fixes. | | File Size: | 13875 | | Last Modified: | Mar 16 20:51:16 2001 |
| MD5 Checksum: | fa5d567c487fa7f63b73fd15e2f6eddf |
|
| /// File Name: |
imsafe-full-0.2.2.tar.gz |
Description:
|
Imsafe is a host-based intrusion detection tool for Linux which does anomaly detection at the process level and tries to detect various type of attacks. Since Imsafe doesn't know anything about specific attacks, it can detect unknown and unpublished attacks or any other form of malicious use of the monitored application. Created for Linux systems but works on almost every UNIX flavor by watching strace outputs. Screenshots available here. Warning: Still in alpha.
| | Homepage: | http://imsafe.sourceforge.net | | File Size: | 561021 | | Last Modified: | Feb 26 03:48:51 2001 |
| MD5 Checksum: | f81f500184bfe3ac5785abd2cf1dd377 |
|
| /// File Name: |
SAStk-0.1.2.0.tgz |
Description:
|
SAStk (Slackware Administrators Security tool kit) aims to provide a set of tools and utilities to install and maintain a reasonable level of security for the Slackware GNU/Linux distribution. At the same time, it should ease administration with a new centralized initialization setup and background information on what each daemon does.
| | Homepage: | http://sourceforge.net/projects/sastk | | Changes: | Bugfixes with rc.local and some new functionality in suauth. | | File Size: | 642857 | | Last Modified: | Feb 15 18:20:37 2001 |
| MD5 Checksum: | d1a4c52f0fc566b39bfd1463e31b6538 |
|
| /// File Name: |
lomac-v1.0.4.tar.gz |
Description:
|
LOMAC is a security enhancement for Linux that uses Low Water-Mark Mandatory Access Control to protect the integrity of processes and data from viruses, Trojan horses, malicious remote users, and compromised root daemons. LOMAC is implemented as a loadable kernel module - no kernel recompilations or changes to existing applications are required. Although not all the planned features are currently implemented, it presently provides sufficient protection to thwart script-kiddies, and is stable enough for everyday use. Whitepaper available here. Manual available here.
| | Homepage: | http://www.pgp.com/research/nailabs/secure-execution/lomac.asp | | Changes: | Greatly improved performance of utility scripts. | | File Size: | 104082 | | Last Modified: | Feb 14 00:38:06 2001 |
| MD5 Checksum: | 85cc24f373a34b437b8a916820117442 |
|
| /// File Name: |
linux-2.2.18-ow4.tar.gz |
Description:
|
The Secure-Linux patch adds a few security features to the kernel which, while not a complete method of protection, will stop most of the 'cookbook' buffer overflow exploits cold. It also adds the option of restricting the use of symlinks and named pipes in +t (temp) directories which fixes most tmp-race exploits as well. It can also add a little bit more privacy to the system by restricting access to parts of /proc to root so that users may not see who else is logged on or what they're doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction, and privileged IP aliases for kernel 2.0.
| | Author: | Solar Designer | | Homepage: | http://www.openwall.com/linux | | Changes: | A fix for the recently announced execve(2)/ptrace(2) race condition vulnerability in the Linux kernel. Readme available | | File Size: | 25353 | | Last Modified: | Feb 10 17:26:26 2001 |
| MD5 Checksum: | 3778930319d1d3040f9fc598005cbad2 |
|
| /// File Name: |
linux-2.0.39-ow2.tar.gz |
Description:
|
The Secure-Linux patch adds a few security features to the kernel which, while not a complete method of protection, will stop most of the 'cookbook' buffer overflow exploits cold. It also adds the option of restricting the use of symlinks and named pipes in +t (temp) directories which fixes most tmp-race exploits as well. It can also add a little bit more privacy to the system by restricting access to parts of /proc to root so that users may not see who else is logged on or what they're doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction, and privileged IP aliases for kernel 2.0.
| | Author: | Solar Designer | | Homepage: | http://www.openwall.com/linux | | Changes: | A fix for the recently announced execve(2)/ptrace(2) race condition vulnerability in the Linux kernel. Readme available | | File Size: | 26114 | | Last Modified: | Feb 10 17:23:54 2001 |
| MD5 Checksum: | 448e15e2a0268611ce885dc7162ee74a |
|
| /// File Name: |
lomac-v1.0.3.tar.gz |
Description:
|
LOMAC is a security enhancement for Linux that uses Low Water-Mark Mandatory Access Control to protect the integrity of processes and data from viruses, Trojan horses, malicious remote users, and compromised root daemons. LOMAC is implemented as a loadable kernel module - no kernel recompilations or changes to existing applications are required. Although not all the planned features are currently implemented, it presently provides sufficient protection to thwart script-kiddies, and is stable enough for everyday use. Whitepaper available here. Manual available here.
| | Homepage: | http://www.pgp.com/research/nailabs/secure-execution/lomac.asp | | Changes: | A fix for a Unix-domain socket labeling bug on socket pair and abstract-name space bindings. | | File Size: | 103909 | | Last Modified: | Feb 8 14:54:33 2001 |
| MD5 Checksum: | 6bf13caba656c5430feac0f855704e87 |
|
| /// File Name: |
SAStk-0.1.1.tar.gz |
Description:
|
SAStk (Slackware Administrators Security tool kit) aims to provide a set of tools and utilities to install and maintain a reasonable level of security for the Slackware GNU/Linux distribution. At the same time, it should ease administration with a new centralized initialization setup and background information on what each daemon does.
| | Homepage: | http://sourceforge.net/projects/sastk | | File Size: | 352639 | | Last Modified: | Feb 6 15:32:59 2001 |
| MD5 Checksum: | 31ae891b30c7596bc412a9ab6b6570b3 |
|
| /// File Name: |
lomac-v1.0.2.tar.gz |
Description:
|
LOMAC is a security enhancement for Linux that uses Low Water-Mark Mandatory Access Control to protect the integrity of processes and data from viruses, Trojan horses, malicious remote users, and compromised root daemons. LOMAC is implemented as a loadable kernel module - no kernel recompilations or changes to existing applications are required. Although not all the planned features are currently implemented, it presently provides sufficient protection to thwart script-kiddies, and is stable enough for everyday use. Whitepaper available here. Manual available here.
| | Homepage: | http://www.pgp.com/research/nailabs/secure-execution/lomac.asp | | Changes: | This release improves the default policy configuration to allow the use of NFS-mounted filesystems, and also includes an update to the manual's discussion of related projects. | | File Size: | 101568 | | Last Modified: | Jan 22 21:33:50 2001 |
| MD5 Checksum: | dc05075c6c24765aefa35cef737a4b2f |
|
| /// File Name: |
lomac-v1.0.1.tar.gz |
Description:
|
LOMAC is a security enhancement for Linux that uses Low Water-Mark Mandatory Access Control to protect the integrity of processes and data from viruses, Trojan horses, malicious remote users, and compromised root daemons. LOMAC is implemented as a loadable kernel module - no kernel recompilations or changes to existing applications are required. Although not all the planned features are currently implemented, it presently provides sufficient protection to thwart script-kiddies, and is stable enough for everyday use. Whitepaper available here. Manual available here.
| | Homepage: | http://www.pgp.com/research/nailabs/secure-execution/lomac.asp | | Changes: | This release fixes a dentry reference counting bug on BIND operations and includes some minor documentation corrections. | | File Size: | 100820 | | Last Modified: | Jan 9 19:41:24 2001 |
| MD5 Checksum: | e69762ea91e3e2f9ccb55199bfaaa8de |
|
| /// File Name: |
kstat.tar.gz |
Description:
|
Kstat is a tool for Linux which can find an attacker in your system by a direct analysis of the kernel via /dev/kmem, bypassing the hiding techniques of the intruder (kernel static recompilation/use of LKMs). Kstat can find the syscalls which were modified by a LKM, list the linked LKMs, query one or all the network interfaces of the system, list all the processes and much more.
| | Author: | Fusys | | Homepage: | http://www.s0ftpj.org | | File Size: | 14523 | | Last Modified: | Jan 4 17:54:20 2001 |
| MD5 Checksum: | f6314c81beecea2df666f5c49f166c38 |
|
| /// File Name: |
lomac-v1.0.tar.gz |
Description:
|
LOMAC is a security enhancement for Linux that uses Low Water-Mark Mandatory Access Control to protect the integrity of processes and data from viruses, Trojan horses, malicious remote users, and compromised root daemons. LOMAC is implemented as a loadable kernel module - no kernel recompilations or changes to existing applications are required. Although not all the planned features are currently implemented, it presently provides sufficient protection to thwart script-kiddies, and is stable enough for everyday use. Whitepaper available here. Manual available here.
| | Homepage: | http://www.pgp.com/research/nailabs/secure-execution/lomac.asp | | Changes: | First stable release! Includes a new manual, performance benchmarks, and bug fixes. | | File Size: | 100219 | | Last Modified: | Jan 3 01:13:05 2001 |
| MD5 Checksum: | 5433c76ced7a37f836184e3704514aec |
|
| /// File Name: |
lomac-v0.3.tar.gz |
Description:
|
LOMAC is a security enhancement for Linux that uses Low Water-Mark Mandatory Access Control to protect the integrity of processes and data from viruses, Trojan horses, malicious remote users, and compromised root daemons. LOMAC is implemented as a loadable kernel module - no kernel recompilations or changes to existing applications are required. Although not all the planned features are currently implemented, it presently provides sufficient protection to thwart script-kiddies, and is stable enough for everyday use. Whitepaper available here.
| | Homepage: | http://www.pgp.com/research/nailabs/secure-execution/lomac.asp | | Changes: | This release is a clean reimplementation of the previous prototype, and is now stable enough for everyday use. | | File Size: | 104506 | | Last Modified: | Dec 30 23:38:45 2000 |
| MD5 Checksum: | 9435b2254807f09d6c839df9d4134f84 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
