Section: .. / linux / security /
| /// File Name: |
medusa-0.7.10.tar.gz |
Description:
|
Medusa DS9 is used to increase Linux's security. It consists of two major parts, Linux kernel changes and the user-space daemon. Kernel changes do the monitoring of syscalls, filesystem actions, and processes, and they implement the communication protocol. The security daemon communicates with the kernel using the character device to send and receive packets.
| | Author: | Marek Zelem and Martin Ockajak | | Homepage: | http://medusa.fornax.sk | | Changes: | New features include ptrace handling, and an improved i386 entry.S offset generator, and automake support. Documentation fixes were made, and a bug in constable was fixed. | | File Size: | 111625 | | Last Modified: | Feb 25 16:47:49 2000 |
| MD5 Checksum: | d635ea6d3f497c8889fcf7223f6c98a4 |
|
| /// File Name: |
lomac-v1.1.2.tar.gz |
Description:
|
LOMAC is a dynamically-loadable security module for Free UNIX kernels that uses Low Water-Mark Mandatory Access Control (MAC) to protect the integrity of processes and data from viruses, Trojan horses, malicious remote users, and compromised network server daemons. The LOMAC loadable kernel module can be used to harden Linux systems without any changes to existing kernels, applications, or configuration files. Due to its simplicity, LOMAC itself requires no configuration, regardless of the users and applications present on the system.
| | Author: | Tim Fraser | | Homepage: | http://alum.wpi.edu/~tfraser/Software/LOMAC/index.html | | Changes: | Please see changelog. | | File Size: | 107978 | | Last Modified: | Apr 23 00:12:08 2007 |
| MD5 Checksum: | e40c49b94b67238e60dae49f95706557 |
|
| /// File Name: |
motiontrack-0.1.0.tar.gz |
Description:
|
Motiontrack is a set of tools that detects motion between two images. It is able to successfully distinguish random flicker from real object movement by applying a set of filters to the images, and can optionally ignore given colors and/or image regions. The roadmap provides for being able to identify objects by pattern detection and AI routines. Currently, this tool is able to turn line-art images into ASCII-art text as a demo feature.
| | Author: | Corvus V Corax | | Homepage: | http://motiontrack.sourceforge.net/ | | Changes: | Pixel scaler added, image manipulator functions changed, base behaviour has changed. | | File Size: | 107121 | | Last Modified: | Mar 21 16:44:00 2004 |
| MD5 Checksum: | 2715c39defe4ac4499248a21d9355b8c |
|
| /// File Name: |
lomac-v1.0.5.tar.gz |
Description:
|
LOMAC is a security enhancement for Linux that uses Low Water-Mark Mandatory Access Control to protect the integrity of processes and data from viruses, Trojan horses, malicious remote users, and compromised root daemons. LOMAC is implemented as a loadable kernel module - no kernel recompilations or changes to existing applications are required. Although not all the planned features are currently implemented, it presently provides sufficient protection to thwart script-kiddies, and is stable enough for everyday use. Whitepaper available here. Manual available here.
| | Homepage: | http://www.pgp.com/research/nailabs/secure-execution/lomac.asp | | Changes: | Revised Default Policy to allow remote level-2 root logins via ssh and improved logging. | | File Size: | 106965 | | Last Modified: | Apr 6 21:30:22 2001 |
| MD5 Checksum: | 9f8d44b9e0af30b477eb3de9ef507084 |
|
| /// File Name: |
lomac-v0.3.tar.gz |
Description:
|
LOMAC is a security enhancement for Linux that uses Low Water-Mark Mandatory Access Control to protect the integrity of processes and data from viruses, Trojan horses, malicious remote users, and compromised root daemons. LOMAC is implemented as a loadable kernel module - no kernel recompilations or changes to existing applications are required. Although not all the planned features are currently implemented, it presently provides sufficient protection to thwart script-kiddies, and is stable enough for everyday use. Whitepaper available here.
| | Homepage: | http://www.pgp.com/research/nailabs/secure-execution/lomac.asp | | Changes: | This release is a clean reimplementation of the previous prototype, and is now stable enough for everyday use. | | File Size: | 104506 | | Last Modified: | Dec 30 23:38:45 2000 |
| MD5 Checksum: | 9435b2254807f09d6c839df9d4134f84 |
|
| /// File Name: |
lomac-v1.0.4.tar.gz |
Description:
|
LOMAC is a security enhancement for Linux that uses Low Water-Mark Mandatory Access Control to protect the integrity of processes and data from viruses, Trojan horses, malicious remote users, and compromised root daemons. LOMAC is implemented as a loadable kernel module - no kernel recompilations or changes to existing applications are required. Although not all the planned features are currently implemented, it presently provides sufficient protection to thwart script-kiddies, and is stable enough for everyday use. Whitepaper available here. Manual available here.
| | Homepage: | http://www.pgp.com/research/nailabs/secure-execution/lomac.asp | | Changes: | Greatly improved performance of utility scripts. | | File Size: | 104082 | | Last Modified: | Feb 14 00:38:06 2001 |
| MD5 Checksum: | 85cc24f373a34b437b8a916820117442 |
|
| /// File Name: |
lomac-v1.0.3.tar.gz |
Description:
|
LOMAC is a security enhancement for Linux that uses Low Water-Mark Mandatory Access Control to protect the integrity of processes and data from viruses, Trojan horses, malicious remote users, and compromised root daemons. LOMAC is implemented as a loadable kernel module - no kernel recompilations or changes to existing applications are required. Although not all the planned features are currently implemented, it presently provides sufficient protection to thwart script-kiddies, and is stable enough for everyday use. Whitepaper available here. Manual available here.
| | Homepage: | http://www.pgp.com/research/nailabs/secure-execution/lomac.asp | | Changes: | A fix for a Unix-domain socket labeling bug on socket pair and abstract-name space bindings. | | File Size: | 103909 | | Last Modified: | Feb 8 14:54:33 2001 |
| MD5 Checksum: | 6bf13caba656c5430feac0f855704e87 |
|
| /// File Name: |
psad-0.9.9.tar.gz |
Description:
|
Port Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap.
| | Homepage: | http://www.cipherdyne.com | | Changes: | Bugfixes for the tcpwrapper auto-blocking code on iptables and ipchains boxes. A new whois lookup strategy has been added that creates files like /var/log/psad/who.txt_IP for each scanning IP, a prelude to snort-style logging. Now uses the latest version of the whois client. The psad.8 man page and other docs have been updated. | | File Size: | 103435 | | Last Modified: | Aug 21 03:33:33 2002 |
| MD5 Checksum: | 52fa028f286ae17f9c1e3a33a9a879b1 |
|
| /// File Name: |
motiontrack-0.0.9.tar.gz |
Description:
|
Motiontrack is a set of tools that detects motion between two images. It is able to successfully distinguish random flicker from real object movement by applying a set of filters to the images, and can optionally ignore given colors and/or image regions. The roadmap provides for being able to identify objects by pattern detection and AI routines. Currently, this tool is able to turn line-art images into ASCII-art text as a demo feature.
| | Author: | Corvus V Corax | | Homepage: | http://motiontrack.sourceforge.net/ | | Changes: | Image manipulation code for ImageMagick has been optimized. | | File Size: | 101881 | | Last Modified: | Mar 18 11:24:03 2004 |
| MD5 Checksum: | 641656f2401b94634e76c712d36993e5 |
|
| /// File Name: |
lomac-v1.0.2.tar.gz |
Description:
|
LOMAC is a security enhancement for Linux that uses Low Water-Mark Mandatory Access Control to protect the integrity of processes and data from viruses, Trojan horses, malicious remote users, and compromised root daemons. LOMAC is implemented as a loadable kernel module - no kernel recompilations or changes to existing applications are required. Although not all the planned features are currently implemented, it presently provides sufficient protection to thwart script-kiddies, and is stable enough for everyday use. Whitepaper available here. Manual available here.
| | Homepage: | http://www.pgp.com/research/nailabs/secure-execution/lomac.asp | | Changes: | This release improves the default policy configuration to allow the use of NFS-mounted filesystems, and also includes an update to the manual's discussion of related projects. | | File Size: | 101568 | | Last Modified: | Jan 22 21:33:50 2001 |
| MD5 Checksum: | dc05075c6c24765aefa35cef737a4b2f |
|
| /// File Name: |
psad-0.9.8.tar.gz |
Description:
|
Port Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap.
| | Homepage: | http://www.cipherdyne.com/psad | | Changes: | All four psad daemons now reference the same configuration file (/etc/psad/psad.conf). TCP wrapper support was added in the auto-blocking code. A better install strategy is now used for psadfifo in /etc/syslog.conf. The main psad code was simplified by removing all references to the Scan hash and by shortening some of the function calls. | | File Size: | 101519 | | Last Modified: | May 5 02:09:40 2002 |
| MD5 Checksum: | 3b06c6c5a028f22b8320755058de646c |
|
| /// File Name: |
lomac-v1.0.1.tar.gz |
Description:
|
LOMAC is a security enhancement for Linux that uses Low Water-Mark Mandatory Access Control to protect the integrity of processes and data from viruses, Trojan horses, malicious remote users, and compromised root daemons. LOMAC is implemented as a loadable kernel module - no kernel recompilations or changes to existing applications are required. Although not all the planned features are currently implemented, it presently provides sufficient protection to thwart script-kiddies, and is stable enough for everyday use. Whitepaper available here. Manual available here.
| | Homepage: | http://www.pgp.com/research/nailabs/secure-execution/lomac.asp | | Changes: | This release fixes a dentry reference counting bug on BIND operations and includes some minor documentation corrections. | | File Size: | 100820 | | Last Modified: | Jan 9 19:41:24 2001 |
| MD5 Checksum: | e69762ea91e3e2f9ccb55199bfaaa8de |
|
| /// File Name: |
motiontrack-0.0.8.tar.gz |
Description:
|
Motiontrack is a set of tools that detects motion between two images. It is able to successfully distinguish random flicker from real object movement by applying a set of filters to the images, and can optionally ignore given colors and/or image regions. The roadmap provides for being able to identify objects by pattern detection and AI routines. Currently, this tool is able to turn line-art images into ASCII-art text as a demo feature.
| | Author: | Corvus V Corax | | Homepage: | http://motiontrack.sourceforge.net/ | | File Size: | 100309 | | Last Modified: | Mar 15 23:03:32 2004 |
| MD5 Checksum: | abd6344b89965488cef20600d9121655 |
|
| /// File Name: |
lomac-v1.0.tar.gz |
Description:
|
LOMAC is a security enhancement for Linux that uses Low Water-Mark Mandatory Access Control to protect the integrity of processes and data from viruses, Trojan horses, malicious remote users, and compromised root daemons. LOMAC is implemented as a loadable kernel module - no kernel recompilations or changes to existing applications are required. Although not all the planned features are currently implemented, it presently provides sufficient protection to thwart script-kiddies, and is stable enough for everyday use. Whitepaper available here. Manual available here.
| | Homepage: | http://www.pgp.com/research/nailabs/secure-execution/lomac.asp | | Changes: | First stable release! Includes a new manual, performance benchmarks, and bug fixes. | | File Size: | 100219 | | Last Modified: | Jan 3 01:13:05 2001 |
| MD5 Checksum: | 5433c76ced7a37f836184e3704514aec |
|
| /// File Name: |
dazuko-2.0.4.tar.gz |
Description:
|
Dazuko is a kernel module which provides 3rd-party applications with an interface for file access control. Useful for on-demand virus scanning, as a file-access monitor/logger or external security implementations. It operates by intercepting file-access calls and passing the file information to a 3rd-party application. The 3rd-party application then has the opportunity to tell the kernel module to allow or deny the file-access. The 3rd-party application also receives information about the file, such as type of access, process ID, user ID, etc.
| | Author: | John Ogness | | Homepage: | http://www.dazuko.org | | Changes: | 2.0.4 has now been officially released. This version represents a major improvement over 2.0.3 for Linux 2.6 users. It also includes many new features for FreeBSD 4 and FreeBSD 5. | | File Size: | 100126 | | Last Modified: | Nov 1 14:54:26 2004 |
| MD5 Checksum: | e16da48766eaaf58550809fb0f6dbbef |
|
| /// File Name: |
medusa-0.7.9.tar.gz |
Description:
|
Medusa is a package which improves overall security of Linux OS by extending standard Linux security architecture, but preserving backward compatibility. There is a small kernel patch and a user space security daemon. Kernel changes do the monitoring of syscalls, filesystem actions, and processes, and they implement the communication protocol. The security daemon communicates with the kernel using the character device to send and receive packets.
| | Author: | Marek Zelem and Martin Ockajak | | Homepage: | http://medusa.fornax.sk | | Changes: | file hiding, new sample config file, and many documentation fixes and updates. | | File Size: | 98825 | | Last Modified: | Feb 16 15:18:02 2000 |
| MD5 Checksum: | 9972e5dcc9f92d88fbd7959dcac3421c |
|
| /// File Name: |
syscalltrack-0.60.tar.gz |
Description:
|
Syscall Tracker is a powerful tool for Linux 2.2 and 2.4 which allows you to write rules to track system calls. Currently only logging the invocation is supported, but in the future, you will be able to fail the system call (i.e. force it to return some error code), or suspend the process executing it. Allows you find out info that is hard to find, for instance to determine which process touched a certain file.
| | Homepage: | http://syscalltrack.sourceforge.net | | File Size: | 97246 | | Last Modified: | Sep 18 22:33:47 2001 |
| MD5 Checksum: | 8b677826ff04e2ccaf306387f3bcee6c |
|
| /// File Name: |
iptrap-0.3.tar.gz |
Description:
|
IPtrap listens to several TCP ports to simulate fake services (X11, Netbios, DNS, etc) . When a remote client connects to one of these ports, his IP address gets immediately firewalled and an alert is logged. It runs with iptables and ipchains, but any external script can also be launched. IPv6 is supported.
| | Homepage: | http://www.jedi.claranet.fr | | Changes: | Logging the scanned port, and no more iptables/ipchains zombies. | | File Size: | 86155 | | Last Modified: | May 3 17:38:22 2001 |
| MD5 Checksum: | 5581b89f08d851939c9cbdd38f3358eb |
|
| /// File Name: |
iptrap-0.2.tar.gz |
Description:
|
IPtrap listens to several TCP ports to simulate fake services (X11, Netbios, DNS, etc) . When a remote client connects to one of these ports, his IP address gets immediately firewalled and an alert is logged. It runs with iptables and ipchains, but any external script can also be launched. IPv6 is supported.
| | Homepage: | http://www.jedi.claranet.fr | | File Size: | 85904 | | Last Modified: | May 2 22:30:16 2001 |
| MD5 Checksum: | c22367c11e2ee3494b468bb59acd0b0d |
|
| /// File Name: |
psad-0.9.6.tar.gz |
Description:
|
Port Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap.
| | Homepage: | http://www.cipherdyne.com/psad | | Changes: | Compatible with more linux distributions now. The running time was added to --Status output. Support for "use strict" was added. Various small bugfixes and cleanups were made. | | File Size: | 82129 | | Last Modified: | Mar 8 01:36:54 2002 |
| MD5 Checksum: | 5b1badae2dbbb55ab980ef27b6c77f8e |
|
| /// File Name: |
listener-1.7.2.tgz |
Description:
|
This program listens for sound. If it detects any, it starts recording automatically and also automatically stops when things become silent again.
| | Author: | Folkert van Heusden | | Homepage: | http://www.vanheusden.com/listener/ | | Changes: | Added one-shot recording. Can now write its pid to a file when running in daemon mode. | | File Size: | 81920 | | Last Modified: | Dec 28 18:52:53 2005 |
| MD5 Checksum: | 98d73f957d902dd17e7b4d334dcdeaa0 |
|
| /// File Name: |
psad-0.9.4.tar.gz |
Description:
|
Port Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap.
| | Homepage: | http://www.cipherdyne.com/psad | | Changes: | Added h2xs support so psad will install Psad.pm The Right Way. Added the conntrack_patch kernel patch to fix the iptables ip_conntrack bug which causes packets to be dropped that are part of legitimate tcp sessions. Added the USR1 option to support automatic sending of a USR1 signal to a running psad process. Updated documentation and man page to reflect the above changes. | | File Size: | 80498 | | Last Modified: | Dec 8 21:42:20 2001 |
| MD5 Checksum: | 7fae1a92687d1491cb6d614dc71d4640 |
|
| /// File Name: |
psad-0.9.3.tar.gz |
Description:
|
Port Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap.
| | Homepage: | http://www.cipherdyne.com/psad | | Changes: | Fixed a problem that would drop packets that are part of legitimate TCP sessions. The --USR1 command line option was added to have psad automatically send a running psad process a USR1 signal, which is useful for peering into a running scan data structure. An email installation subroutine was added to install.pl. | | File Size: | 77491 | | Last Modified: | Nov 6 11:18:47 2001 |
| MD5 Checksum: | 13850681a769d0b08d85f67c99ad6ae3 |
|
| /// File Name: |
psad-0.9.2.tar.gz |
Description:
|
Port Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap.
| | Homepage: | http://www.cipherdyne.com/psad | | Changes: | Filesystem Hierarchy Standard (FHS) support, Red Hat 7.0/7.1 support, a process management system which is used by the psad init script, and support for ipchains firewalls on the 2.4.x kernels. | | File Size: | 75038 | | Last Modified: | Oct 5 01:49:52 2001 |
| MD5 Checksum: | 7d85d3437d9bcb04bd793b553a65c43f |
|
| /// File Name: |
virtualftpd.tgz |
Description:
|
Virtual FTPD v6.4 is a secure FTP daemon which is derived from the OpenBSD ftp daemon and can allows virtual FTP accounts which do not have an /etc/passwd entry.
| | Author: | Michael Saarna | | Homepage: | http://startuplinux.com/software.html | | File Size: | 74931 | | Last Modified: | Jul 24 15:37:32 2000 |
| MD5 Checksum: | 946726205644f0b6a1b6f8c52710e9dd |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
