Section: .. / linux / security /
| /// File Name: |
snoopy-1.3.tar.gz |
Description:
|
Snoopy is designed to log all commands executed by providing a transparent wrapper around calls to execve() via LD_PRELOAD. Logging is done via syslogd and written to authpriv, allowing secure offsite logging of activity.
| | Author: | Mike Baker | | Changes: | Integrity checking, a new method of logging, and faster logging. | | File Size: | 10686 | | Last Modified: | Dec 21 00:21:59 2000 |
| MD5 Checksum: | 2a74982e2830a16159a7a6754476c6ee |
|
| /// File Name: |
linux-2.2.18-stealth1.diff |
Description:
|
The Stealth Kernel Patch for Linux v2.2.18 makes the linux kernel discard the packets that many OS detection tools use to query the TCP/IP stack. Includes logging of the dropped query packets and packets with bogus flags. Does a very good job of confusing nmap and queso.
| | Author: | Sean Trifero | | Homepage: | http://www.innu.org/~sean | | Changes: | Fixed 2.2->2.4 connectivity problems and ported to kernel 2.2.18. | | File Size: | 17836 | | Last Modified: | Dec 20 16:03:03 2000 |
| MD5 Checksum: | a0a77e93859e7bd2b2dba329fc459516 |
|
| /// File Name: |
linux-2.2.18-ow1.tar.gz |
Description:
|
The Secure-Linux patch adds a few security features to the kernel which, while not a complete method of protection, will stop most of the 'cookbook' buffer overflow exploits cold. It also adds the option of restricting the use of symlinks and named pipes in +t (temp) directories which fixes most tmp-race exploits as well. It can also add a little bit more privacy to the system by restricting access to parts of /proc to root so that users may not see who else is logged on or what they're doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction, and priveledged IP aliases for kernel 2.0.
| | Author: | Solar Designer | | Homepage: | http://www.openwall.com/linux | | Changes: | Now works on kernel 2.2.18! Also includes workarounds for GNU MailMan and Courier Mail. Readme available | | File Size: | 24200 | | Last Modified: | Dec 15 03:38:45 2000 |
| MD5 Checksum: | 5e901962c353d8424e51297ff4158b50 |
|
| /// File Name: |
stealth-2.2.18.diff |
Description:
|
Stealth IP Stack is a kernel patch for Linux 2.2.18 which makes your machine almost invisible on the network without impeding normal network operation. Many denial of service attacks, such as stream, are much less effective with this patch installed, and port scanners slow to a crawl. It works by restricting TCP RST packets (no "Connection Refused"), restricting ICMP_UNREACH on udp (Prevents UDP portscans), restricting all ICMP and IGMP requests. A sysctl interface is used so these features can be turned on and off on the fly.
| | Author: | Robert Salizar | | Homepage: | http://www.energymech.net/madcamel/fm | | Changes: | Ported to Linux 2.2.18. | | File Size: | 7043 | | Last Modified: | Dec 13 00:02:12 2000 |
| MD5 Checksum: | 50a37ed3eb2e15a3dcdd2d76310cada7 |
|
| /// File Name: |
rsbac-v1.1.0.tar.gz |
Description:
|
Rule Set Based Access Control (RSBAC) is an open source security extension for current Linux kernels. It is based on the Generalized Framework for Access Control (GFAC) and provides a flexible system of access control implemented with the help of a kernel patch. All security relevant system calls are extended by security enforcement code. This code calls the central decision component, which in turn calls all active decision modules and generates a combined decision. This decision is then enforced by the system call extensions.
| | Homepage: | http://www.rsbac.org | | Changes: | This version was ported to 2.4.0-test11. sys_mmap and sys_mprotect are now intercepted. | | File Size: | 421092 | | Last Modified: | Dec 11 20:38:03 2000 |
| MD5 Checksum: | 3708122519a8dae5376bdaef92ba95cd |
|
| /// File Name: |
tcpspy-1.4.tar.gz |
Description:
|
tcpspy is a linux administrator's tool that logs information about incoming and outgoing TCP/IP connections: local address, remote address and, probably the most useful feature, the user name. The current version allows you to include and exclude certain users from logging - this may be useful if you suspect one of the users on your system is up to no good but do not want to violate the privacy of the other users.
| | Author: | Tim J Robbins | | Homepage: | http://box3n.gumbynet.org/~fyre/software | | Changes: | Can now log the filename of the executable that created or accepted connections. Assorted bug fixes and code cleanups. | | File Size: | 11051 | | Last Modified: | Dec 7 13:41:09 2000 |
| MD5 Checksum: | 320900fd99bc47d1f81a86cd78e934e7 |
|
| /// File Name: |
fpf.tar.gz |
Description:
|
FPF is a lkm for Linux which changes the TCP/IP stack in order to emulate other OS's TCP fingerprint. The package contains the lkm and a parser for the nmap file that let you choose directly the os you want.
| | Author: | Fusys, Cyrax | | Homepage: | http://www.pkcrew.org | | File Size: | 6456 | | Last Modified: | Dec 2 21:10:23 2000 |
| MD5 Checksum: | 96e0d902d790672c9e645fca88cc09e7 |
|
| /// File Name: |
pax-linux-2.2.17.patch |
Description:
|
PaX is an implementation of non-executable pages for IA-32 processors (i.e. pages which user mode code can read or write, but cannot execute code in). Since the processor's native page table/directory entry format has no provision for such a feature, it is a non-trivial task. The project was designed to provide Linux with protection from buffer overflows. Making parts of the memory pages read/write access enabled, but not executable provides the protection.
| | Author: | PaX | | Homepage: | http://pageexec.virtualave.net | | File Size: | 27234 | | Last Modified: | Nov 15 22:14:52 2000 |
| MD5 Checksum: | 49103bb0e247182182de7b1ece4708b0 |
|
| /// File Name: |
tcpspy-1.1.tar.gz |
Description:
|
tcpspy is a linux administrator's tool that logs information about incoming and outgoing TCP/IP connections: local address, remote address and, probably the most useful feature, the user name. The current version allows you to include and exclude certain users from logging - this may be useful if you suspect one of the users on your system is up to no good but do not want to violate the privacy of the other users.
| | Author: | Tim J Robbins | | Homepage: | http://box3n.gumbynet.org/~fyre/software | | File Size: | 5995 | | Last Modified: | Nov 13 14:55:49 2000 |
| MD5 Checksum: | bc76149841ec3fa415839855d27a181a |
|
| /// File Name: |
libformat-1.0pre5.tar.gz |
Description:
|
libformat is a library for the Linux operating system that intercepts, among others, calls to the printf() family of functions to prevent format string attacks, in which a possibly malicious user supplied format string is used. This is a programming error, but has recently been used to break computer security. This library can be used to protect against compromises due to yet undiscovered vulnerabilities in privileged programs. libformat checks for format strings containing the %n format specifier in writable parts of a process' address space, and if found, the process is terminated with the KILL signal.
| | Author: | Tim J Robbins | | Homepage: | http://box3n.gumbynet.org/~fyre/software | | File Size: | 5211 | | Last Modified: | Nov 13 14:53:12 2000 |
| MD5 Checksum: | a013ee406d07defa367ceaece04bf493 |
|
| /// File Name: |
ip_scfw-0.9.1.tar.gz |
Description:
|
The SYN cookie firewall implements syn cookie syn flood protection on all hosts behind it. Contains a patch to Linux kernel 2.2.17 and an administration tool.
| | Homepage: | http://www.bronzesoft.org/projects/scfw | | File Size: | 18678 | | Last Modified: | Oct 21 03:02:27 2000 |
| MD5 Checksum: | 35b808ade7e0faa9571b7feb2fb0c5c4 |
|
| /// File Name: |
11logger-0.1.3.tar.gz |
Description:
|
11logger is a small kernel patch, a module and some userspace tools to add SIGSEGV logging and history capabilities to Linux 2.2.x. 11logger is very useful in security auditing and general debugging.
| | Author: | Antirez | | Homepage: | http://www.kyuzz.org/antirez/sigsegv | | Changes: | This release fixes a problem with the kernel patch which didn't unlock the spin lock in signal.c, and segvdump now reports more information on i386. | | File Size: | 14925 | | Last Modified: | Oct 17 03:03:04 2000 |
| MD5 Checksum: | 8549e144fe49292e8d94bff8765b1cd4 |
|
| /// File Name: |
pam_watch-0.2.tar.gz |
Description:
|
Pam_watch is a pam module that installs two fifos for each console and allows you to take control by using them. One fifo can be used to read from STDOUT of the user console and the other to write to the STDIN of it. A simple client utility that uses these features is included.
| | Homepage: | http://frida.fri.utc.sk/~behan/devel/pam_watch/ | | File Size: | 8747 | | Last Modified: | Oct 15 20:19:20 2000 |
| MD5 Checksum: | c547f515652e1c2a3e6bfd47b53ae491 |
|
| /// File Name: |
snoopy-1.2.tar.gz |
Description:
|
Snoopy is designed to log all commands executed by providing a transparent wrapper around calls to execve() via LD_PRELOAD. Logging is done via syslogd and written to authpriv, allowing secure offsite logging of activity.
| | Author: | Mike Baker | | Changes: | A fix for a very manacing bug. | | File Size: | 10126 | | Last Modified: | Oct 15 18:54:20 2000 |
| MD5 Checksum: | 4013da8d2d80503ce7c9c4923adacbe9 |
|
| /// File Name: |
11logger-0.1.2.tar.gz |
Description:
|
11logger is a small kernel patch, a module and some userspace tools to add SIGSEGV logging and history capabilities to Linux 2.2.x. 11logger is very useful in security auditing and general debugging.
| | Author: | Antirez | | Homepage: | http://www.kyuzz.org/antirez/sigsegv | | File Size: | 14278 | | Last Modified: | Oct 15 16:17:33 2000 |
| MD5 Checksum: | 97cb589fc62c6686a733897e1eea8076 |
|
| /// File Name: |
stealth-2.2.17.diff |
Description:
|
Stealth IP Stack is a kernel patch for Linux 2.2.17 which makes your machine almost invisable on the network without impeding normal network operation. Many denial of service attacks, such as stream, are much less effective with this patch installed, and port scanners slow to a crawl. It works by restricting TCP RST packets (no "Connection Refused"), restricting ICMP_UNREACH on udp (Prevents UDP portscans), restricting all ICMP and IGMP requests. A sysctl interface is used so these features can be turned on ande off on the fly.
| | Author: | Robert Salizar | | Homepage: | http://www.energymech.net/madcamel/fm | | File Size: | 7725 | | Last Modified: | Sep 18 16:14:40 2000 |
| MD5 Checksum: | 0372ec661f9d9bcf82f9185203c75632 |
|
| /// File Name: |
envcheck.tgz |
Description:
|
Klogd Local Exploit. Envcheck is a Linux kernel module which detects and prevents exploitation of the recent glibc vulnerabilities by intercepting the execve system call and sanitising the enviroment passed. At the cost of a very small performance penalty, it has advantages over a glibc upgrade, including logging of exploit attempts, it works with statically linked binaries, it is transparent to applications that may be sensitive to a change of glibc, and it partially protects libc5.
| | Author: | Lionel Cons | | Homepage: | http://c.home.cern.ch/c/cons/www/security/ | | File Size: | 6481 | | Last Modified: | Sep 13 16:40:21 2000 |
| MD5 Checksum: | f094b9437a462e5c8b6ef4b047751b0e |
|
| /// File Name: |
linux-2.2.17-ow1.tar.gz |
Description:
|
The Secure-Linux patch adds a few security features to the kernel which, while not a complete method of protection, will stop most of the 'cookbook' buffer overflow exploits cold. It also adds the option of restricting the use of symlinks and named pipes in +t (temp) directories which fixes most tmp-race exploits as well. It can also add a little bit more privacy to the system by restricting access to parts of /proc to root so that users may not see who else is logged on or what they're doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction, and priveledged IP aliases for kernel 2.0.
| | Author: | Solar Designer | | Homepage: | http://www.openwall.com/linux | | Changes: | Now works on kernel 2.2.17! Readme available | | File Size: | 23355 | | Last Modified: | Sep 12 17:11:29 2000 |
| MD5 Checksum: | a1f3c71fadf1ae585e07078e0bd34f15 |
|
| /// File Name: |
linux-2.2.17-stealth1.diff |
Description:
|
Patch for linux kernel 2.2.17 to discard packets that many OS detection tools use to query the TCP/IP stack. Includes logging of the dropped query packets and packets with bogus flags.
| | Author: | Sean Trifero | | Homepage: | http://www.innu.org/~sean | | Changes: | Now works with kernel v2.2.17. | | File Size: | 17725 | | Last Modified: | Sep 5 22:01:30 2000 |
| MD5 Checksum: | 53833b817e53285259d8e0a1426920f4 |
|
| /// File Name: |
medusa-0.7.12.tar.gz |
Description:
|
Medusa DS9 is used to increase Linux's security. It consists of two major parts, Linux kernel changes and the user-space daemon. Kernel changes do the monitoring of syscalls, filesystem actions, and processes, and they implement the communication protocol. The security daemon communicates with the kernel using the character device to send and receive packets.
| | Author: | Marek Zelem and Martin Ockajak | | Homepage: | http://medusa.fornax.sk | | Changes: | Filesystem capabilities support has been added to the constable, a fix for a compilation problem when syscall tracing is disabled, new sample configuration file, and documentation changes. | | File Size: | 119194 | | Last Modified: | Aug 18 15:04:03 2000 |
| MD5 Checksum: | 91c7927fe6eb6ac586c83efed60c1760 |
|
| /// File Name: |
ippersonality-20000727-2.4.0-test4...> |
Description:
|
The Linux IP Personality patch fools OS detection by changing some characteristics of the network traffic. Among the things that can be changed are the TCP Initial Sequence Number (ISN), TCP initial window size, TCP options (their types, but also their order in the packet), answers to some pathological TCP packets, and answers to some UDP packets.
| | Author: | Gael Roualland | | Homepage: | http://ippersonality.sourceforge.net | | File Size: | 208892 | | Last Modified: | Jul 27 22:37:34 2000 |
| MD5 Checksum: | 00fe261a0a8609e014e586d7f22b77b0 |
|
| /// File Name: |
scandetect.tar.gz |
Description:
|
Scan Detect prevents attackers from running TCP port scanners against your Linux system by listening on a given TCP port and if any host on the internet connects to that TCP port, Scan Detect will use Ipchains to block that host completely.
| | Author: | Ryan Mann | | Homepage: | http://personal.mia.bellsouth.net/mia/k/f/kf4dez | | File Size: | 1531 | | Last Modified: | Jul 27 13:18:41 2000 |
| MD5 Checksum: | f8a50e5fa7da5758967174ea523038bf |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
