Section: .. / linux / security /
| /// File Name: |
procmon.tar.gz |
Description:
|
Process Monitor v0.23 for Linux is a small kernel module that allows you to watch all programs executed on the system. It is useful for generating full listings of programs (and their supplied arguments) run by potentially dangerous users on a system.
| | Homepage: | http://freshmeat.net/projects/procmon | | Changes: | A fix for a bug which could cause an entire system to hang under very heavy loads. | | File Size: | 5224 | | Last Modified: | Dec 14 22:10:15 2002 |
| MD5 Checksum: | 79019293f8301380106fdb111d5f5f96 |
|
| /// File Name: |
linux-2.2.23-ow1.tar.gz |
Description:
|
The Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.
| | Author: | Solar Designer | | Homepage: | http://www.openwall.com/linux | | Changes: | Ported to kernel v2.2.23. | | File Size: | 26894 | | Last Modified: | Dec 5 10:33:49 2002 |
| MD5 Checksum: | cb51cfdd978eba987ca39d09960e17c3 |
|
| /// File Name: |
linux-2.2.22-ow2.tar.gz |
Description:
|
The Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.
| | Author: | Solar Designer | | Homepage: | http://www.openwall.com/linux | | Changes: | Linux 2.2.22-ow2 improves the "lcall" DoS fix for the Linux kernel to cover the NT (Nested Task) flag attack discovered by Christopher Devine. | | File Size: | 27701 | | Last Modified: | Nov 27 01:19:29 2002 |
| MD5 Checksum: | 2db63ab8503cd8a8df7b903e06c0cf0c |
|
| /// File Name: |
linux-2.2.22-ow1.tar.gz |
Description:
|
The Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.
| | Author: | Solar Designer | | Homepage: | http://www.openwall.com/linux | | Changes: | Updated for Kernel v2.2.22. | | File Size: | 27415 | | Last Modified: | Sep 20 12:33:11 2002 |
| MD5 Checksum: | acb8ef1aa99d283e7a9a06fc7ab9a406 |
|
| /// File Name: |
snare-core-0.9.1.tar.gz |
Description:
|
SNARE (System iNtrusion Analysis and Reporting Environment) is a loadable kernel module and daemon that provide a host intrusion detection facility and C2-style auditing/event logging capability for Linux similar to the Basic Security Module (BSM) for Solaris.
| | Homepage: | http://www.intersectalliance.com/projects/Snare | | Changes: | Core package was restructured, leading to better stability under extreme audit loads. Many changes recommended by the RedHat kernel team have been implemented. | | File Size: | 185551 | | Last Modified: | Sep 20 12:13:47 2002 |
| MD5 Checksum: | e59faea7c2e028a85d0e6f36e8926427 |
|
| /// File Name: |
syscalltrack-0.74.tar.gz |
Description:
|
Syscall Tracker is a very powerful tool for Linux 2.2 and 2.4 which allows you to write rules to track system calls. It includes a kernel module plus a userspace applications. Currently only logging the invocation is supported, but in the future, you will be able to fail the system call (i.e. force it to return some error code), or suspend the process executing it. Allows you find out info that is hard to find, for instance to determine which process touched a certain file.
| | Homepage: | http://syscalltrack.sourceforge.net | | Changes: | Now supports over 100 system calls! Includes infrastructure support for 64 bit system call parameters, such as long long and loff_t. This release also fixes bugs in various areas. This release has been extensively tested on 2.4 kernels. It should work on 2.5 kernels. It does not work on 2.2 kernels. | | File Size: | 404477 | | Last Modified: | Sep 13 07:44:27 2002 |
| MD5 Checksum: | adf2af846cf755cdc62d61f30fbf1f2a |
|
| /// File Name: |
linux-2.2.21-ow2.tar.gz |
Description:
|
The Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.
| | Author: | Solar Designer | | Homepage: | http://www.openwall.com/linux | | Changes: | Added many security fixes for issues with the Linux kernel. | | File Size: | 43184 | | Last Modified: | Sep 11 03:17:15 2002 |
| MD5 Checksum: | f84249514f5ae1f7c445955725738174 |
|
| /// File Name: |
local0.c |
Description:
|
Local0.c is a simple linux lkm that denies root access to remote users only. Tested on Redhat 7.2.
| | Author: | Slacko | | File Size: | 1070 | | Last Modified: | Sep 6 00:17:43 2002 |
| MD5 Checksum: | bc6350bf2a2af93eb541b9946dfcb2f2 |
|
| /// File Name: |
slog.c |
Description:
|
Slog.c is a simple linux keystroke logger without function hooking. Tested on Redhat 7.2.
| | Author: | Slacko | | File Size: | 2200 | | Last Modified: | Sep 5 01:21:52 2002 |
| MD5 Checksum: | 1527a47b813bd458beebc7b2d9ffad18 |
|
| /// File Name: |
psad-0.9.9.tar.gz |
Description:
|
Port Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap.
| | Homepage: | http://www.cipherdyne.com | | Changes: | Bugfixes for the tcpwrapper auto-blocking code on iptables and ipchains boxes. A new whois lookup strategy has been added that creates files like /var/log/psad/who.txt_IP for each scanning IP, a prelude to snort-style logging. Now uses the latest version of the whois client. The psad.8 man page and other docs have been updated. | | File Size: | 103435 | | Last Modified: | Aug 21 03:33:33 2002 |
| MD5 Checksum: | 52fa028f286ae17f9c1e3a33a9a879b1 |
|
| /// File Name: |
StMichael_LKM-0.11.tar.gz.sig |
Description:
|
StMichael LKM 0.11 GPG signature. Gpg key is available from the public keyservers or from my webpage here.
| | File Size: | 65 | | Last Modified: | Aug 7 01:49:10 2002 |
| MD5 Checksum: | 5d92414f11a72add56ef18810e738c70 |
|
| /// File Name: |
StMichael_LKM-0.11.tar.gz |
Description:
|
StMichael is a LKM that attempts to detect and divert attempts to install a kernel-module backdoor into a running linux system. This is done by monitoring the init_module and delete_module process for changes in the system call table. Detects most modern LKM's, including KIS.
| | Author: | Tim Lawless | | Homepage: | http://www.sourceforge.net/projects/stjude | | Changes: | Addition of Self Integrity Checks to Detect Attacks Against StMichael itself. Added of configuration options to hard-code memory offsets into the source instead of discovery during load time, permitting loading of Stmichael from an initrd, before init spawns and the filesystems are mounted. | | File Size: | 36028 | | Last Modified: | Aug 7 01:47:01 2002 |
| MD5 Checksum: | 77d653c5a129e32c59d85ef1451358d5 |
|
| /// File Name: |
lsat-0.5.9.tgz |
Description:
|
Linux Security Auditing Tool (LSAT) is a post install security auditing tool. It is modular in design, so new features can be added quickly. It checks inetd entries and looks for unneeded RPM packages. It is being expanded to work with Linux distributions other than Red Hat, and checks for kernel versions.
| | Homepage: | http://www.dimlight.org/~number9/lsat/ | | Changes: | The -x option was added to skip local SUID/SGID and world/group read/write. A checkcfg module was added for Red Hat. Checkcfg prints the output of chkconfig --list, giving the user a visual inspection of all services run in each runlevel. | | File Size: | 53433 | | Last Modified: | Jul 24 00:11:02 2002 |
| MD5 Checksum: | f63d85ecd7e4ebce093b92ceb3873718 |
|
| /// File Name: |
psreal.c |
Description:
|
Psreal.c for Linux kernel 2.4.x finds processes hidden even if a LKM is used.
| | Author: | ghQst | | Homepage: | http://es.xor.ru | | File Size: | 3372 | | Last Modified: | Jul 6 04:29:29 2002 |
| MD5 Checksum: | b66c0b8eddf1fcc10d9b1599f0f252e8 |
|
| /// File Name: |
lsat-0.5.8.tgz |
Description:
|
Linux Security Auditing Tool (LSAT) is a post install security auditing tool. It is modular in design, so new features can be added quickly. It checks inetd entries and looks for unneeded RPM packages. It is being expanded to work with Linux distributions other than Red Hat, and checks for kernel versions.
| | Homepage: | http://www.dimlight.org/~number9/lsat/ | | Changes: | Some basic sshd config checks were added. Buffer checks were added. | | File Size: | 52801 | | Last Modified: | Jul 4 03:54:49 2002 |
| MD5 Checksum: | 4274ed9d157c9d477d44473c493d9151 |
|
| /// File Name: |
pacgen.tar.gz |
Description:
|
Pacgen v1.0 is an Ethernet IP TCP/UDP packet generating tool for Linux. This tool enables custom packets with configurable Ethernet, IP, TCP, and UDP layers as well as custom payloads. Experimental ARP generation is included.
| | Author: | Bo Cato | | File Size: | 23517 | | Last Modified: | Jun 25 02:06:15 2002 |
| MD5 Checksum: | 4322a06ffbd0704f4583608e9346c750 |
|
| /// File Name: |
xNBTscan-1.0.tar.gz |
Description:
|
xNBTScan is a GTK 2 interface to the NBTscan program, useful for locating netbios services on a network / penetration testing windows machines from Linux. It supports all options available in NBTscan v1.0.3.
| | Author: | Daten | | Homepage: | http://md2600.dyndns.org/~daten | | File Size: | 15793 | | Last Modified: | Jun 6 01:27:20 2002 |
| MD5 Checksum: | 8b3ae02c00697e196b14d4e35236dd38 |
|
| /// File Name: |
kstat24.tgz |
Description:
|
Kstat is a powerful tool for Linux v2.4.x which displays information taken directly from kernel structures taken from /dev/kmem. This is especially useful when we can't trust output from usual sources and applications, for example after an unauthorized access to our systems. Effective if something like ps, ifconfig, lsmod, or system calls are patched.
| | Author: | Fusys | | Homepage: | http://www.s0ftpj.org | | Changes: | This is a major update of kstat, since its release for the 2.2.x kernels. This runs on 2.4.x only, and can better assist in finding and removing trojan LKMs. It sports network socket dumps, sys_call fingerprinting, stealth modules scanning and more. | | File Size: | 20741 | | Last Modified: | Jun 5 12:34:42 2002 |
| MD5 Checksum: | 01bdbde57c74a4e9a0c01c7eaf5b9794 |
|
| /// File Name: |
linux-2.2.21-ow1.tar.gz |
Description:
|
The Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.
| | Author: | Solar Designer | | Homepage: | http://www.openwall.com/linux | | Changes: | Updated for Linux 2.2.21. Permissions on /proc entries have been changed to be consistent with Linux 2.4.18-ow0, and the getcwd(2) instance of the d_path() truncation problem and the fsuid/fsgid handling inconsistency have been fixed. | | File Size: | 29327 | | Last Modified: | Jun 3 01:44:01 2002 |
| MD5 Checksum: | 0b846c829eae6276c57357fe72c3d180 |
|
| /// File Name: |
lsat-0.5.7.tgz |
Description:
|
Linux Security Auditing Tool (LSAT) is a post install security auditing tool. It is modular in design, so new features can be added quickly. It checks inetd entries and looks for unneeded RPM packages. It is being expanded to work with Linux distributions other than Red Hat, and checks for kernel versions.
| | Homepage: | http://www.dimlight.org/~number9/lsat/ | | Changes: | Fixed checkinetd (even under Red Hat 7.3), checkftpusers, and a symlink attack in checkfiles. | | File Size: | 46765 | | Last Modified: | Jun 3 01:24:35 2002 |
| MD5 Checksum: | 1cf21e26b25db0a2353bf63a7f886b54 |
|
| /// File Name: |
syscalltrack-0.71.tar.gz |
Description:
|
Syscall Tracker is a very powerful tool for Linux 2.2 and 2.4 which allows you to write rules to track system calls. It includes a kernel module plus a userspace applications. Currently only logging the invocation is supported, but in the future, you will be able to fail the system call (i.e. force it to return some error code), or suspend the process executing it. Allows you find out info that is hard to find, for instance to determine which process touched a certain file.
| | Homepage: | http://syscalltrack.sourceforge.net | | Changes: | Support was added for constants when specifying matching rules, for example, O_RDONLY, O_EXCL, and friends for open(2). Support was added for octal/hex numbers in filter expressions. Assorted internal cleanups, code refactoring, bugfixes, and memory leak plugs were done. | | File Size: | 248656 | | Last Modified: | Jun 3 00:26:20 2002 |
| MD5 Checksum: | 5541a2534f5976c0cf6b8469b82fa032 |
|
| /// File Name: |
ippersonality-20020427-2.4.18.tar.g..> |
Description:
|
The IP Personality project is a patch to Linux 2.4 kernels that adds netfilter features: it enables the emulation of other OSes at network level, thus fooling remote OS detection tools such as nmap that rely on network fingerprinting. The characteristics that can be changed are TCP Initial Sequence Number (ISN), TCP initial window size, TCP options (their types, values and order in the packet), IP ID numbers, answers to some pathological TCP packets, and answers to some UDP packets.
| | Author: | Gael Roualland and Jean-Marc Saffroy | | Homepage: | http://ippersonality.sourceforge.net | | Changes: | Ported to Linux 2.4.18 / iptables 1.2.2. | | File Size: | 8742 | | Last Modified: | May 27 04:41:39 2002 |
| MD5 Checksum: | 881fec3573f5810dc722bb1fd96fc970 |
|
| /// File Name: |
lsat-0.5.6.tgz |
Description:
|
Linux Security Auditing Tool (LSAT) is a post install security auditing tool. It is modular in design, so new features can be added quickly. It checks inetd entries and looks for unneeded RPM packages. It is being expanded to work with Linux distributions other than Red Hat, and checks for kernel versions.
| | Homepage: | http://www.dimlight.org/~number9/lsat/ | | Changes: | Fixed a false negative in checkinetd module, now always finds inetd.conf and xinetd.d files, fixes for a tempfile problem in checkset module and the sticky dir check, and cleanups to typos and output. | | File Size: | 43230 | | Last Modified: | May 19 02:41:43 2002 |
| MD5 Checksum: | ec7a6ea820a765d4f2b0aa41318b4f06 |
|
| /// File Name: |
lkh-1.1-linux-2.4.18.tgz |
Description:
|
Linux Kernel Hooker library (LKH) version 1.1 (the subject of an article in phrack #58) provides a general purpose hooking interface with easy to use C primitives. It allows you to Hijack a kernel function, Add up to 8 callbacks for the function, Access the original parameters and modify them (retroactive changes), Add or remove a callback when you want, and more. Available for kernel versions 2.4.5, 2.4.6, 2.4.7, 2.4.8, 2.4.10, 2.4.12, 2.4.13, 2.4.14, 2.4.15, 2.4.16, 2.4.17, and 2.4.18.
| | Author: | mayhem | | Homepage: | http://devhell.org/~mayhem/projects/lkh/ | | File Size: | 6728 | | Last Modified: | May 17 04:16:04 2002 |
| MD5 Checksum: | 02ce7ef2dbf416b81e013b60417c02e0 |
|
| /// File Name: |
Cerberus_beta_1.tgz |
Description:
|
Cerberus is an experimental tool kernel based for hardening systems. The main idea in local is that, except particular cases, a process can't have better privileges than his father. If Cerberus intercepts anomalies it kills the process before it starts to run. Cerberus stops remote exploits by ensuring that processes like in.telnetd or tcpd will never drop a shell.
| | Author: | Dark Angel | | File Size: | 4908 | | Last Modified: | May 17 03:52:04 2002 |
| MD5 Checksum: | 84aee1b51dca788b15c2fa462a2a3dd4 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
