Section: .. / linux / security /
| /// File Name: |
lsat-0.5.5.tgz |
Description:
|
Linux Security Auditing Tool (LSAT) is a post install security auditing tool. It is modular in design, so new features can be added quickly. It checks inetd entries and looks for unneeded RPM packages. It is being expanded to work with Linux distributions other than Red Hat, and checks for kernel versions.
| | Homepage: | http://www.dimlight.org/~number9/lsat/ | | Changes: | Fixed bugs and added checkrpm module to report RPM integrity on redhat based systems. | | File Size: | 43391 | | Last Modified: | May 10 03:16:21 2002 |
| MD5 Checksum: | 1953add42850b113d435de917f5c3ff6 |
|
| /// File Name: |
psad-0.9.8.tar.gz |
Description:
|
Port Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap.
| | Homepage: | http://www.cipherdyne.com/psad | | Changes: | All four psad daemons now reference the same configuration file (/etc/psad/psad.conf). TCP wrapper support was added in the auto-blocking code. A better install strategy is now used for psadfifo in /etc/syslog.conf. The main psad code was simplified by removing all references to the Scan hash and by shortening some of the function calls. | | File Size: | 101519 | | Last Modified: | May 5 02:09:40 2002 |
| MD5 Checksum: | 3b06c6c5a028f22b8320755058de646c |
|
| /// File Name: |
lsat-0.5.2.tgz |
Description:
|
Linux Security Auditing Tool (LSAT) is a post install security auditing tool. It is modular in design, so new features can be added quickly. It checks inetd entries and looks for unneeded RPM packages. It is being expanded to work with Linux distributions other than Red Hat, and checks for kernel versions.
| | Homepage: | http://www.dimlight.org/~number9/lsat/ | | Changes: | Now runs shellcode, reports error and keeps going if any module fails, and documentation updates. | | File Size: | 41544 | | Last Modified: | May 5 02:05:33 2002 |
| MD5 Checksum: | b6be1cf264d2cf9bd89d07295493eab4 |
|
| /// File Name: |
lsat-0.1.6.tgz |
Description:
|
Linux Security Auditing Tool (LSAT) is a post install security auditing tool for Red Hat. It is modular in design, so new features can be added quickly. It checks inetd entries and scans for unneeded RPM packages. It is being expanded to work with Linux distributions other than Red Hat, and checks for kernel versions.
| | Homepage: | http://www.dimlight.org/~number9/lsat/ | | Changes: | checkinetd module now checks hosts.allow and hosts.deny files. Lots of documentation has been added to the main file and modules. A changelog has been added. | | File Size: | 10693 | | Last Modified: | Apr 6 03:10:01 2002 |
| MD5 Checksum: | ac439a1b22d6463531ae229b1afc6d55 |
|
| /// File Name: |
linux-2.2.20-ow3.tar.gz |
Description:
|
The Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.
| | Author: | Solar Designer | | Homepage: | http://www.openwall.com/linux | | Changes: | Fixes the recent zlib (PPP/IrDA Deflate compression) problem and added fixes for two Alpha-specific bugs introduced in Linux 2.2.20. | | File Size: | 29267 | | Last Modified: | Apr 6 02:41:39 2002 |
| MD5 Checksum: | 021cc007b503daa3cad2bb0ef35c4fb5 |
|
| /// File Name: |
StMichael_LKM-0.10.tar.gz |
Description:
|
StMichael is a LKM that attempts to detect and divert attempts to install a kernel-module backdoor into a running linux system. This is done by monitoring the init_module and delete_module process for changes in the system call table. Detects most modern LKM's, including KIS.
| | Author: | Tim Lawless | | Homepage: | http://www.sourceforge.net/projects/stjude | | Changes: | Really Immutable filesystem support for ext3 fs added, Added in Kernel Licensing Code to Identify the Kernel License for newer kernels, Backup kernel is now obscured from string searches using the weak crypt function, Added needed modifications to support the newer Alan Cox Kernels, with the different VM system, fixed lots of compilation issues, and better docs. | | File Size: | 31492 | | Last Modified: | Mar 30 14:03:13 2002 |
| MD5 Checksum: | 16b42d7707d5dfa25214d8cd3768e7fa |
|
| /// File Name: |
psad-0.9.6.tar.gz |
Description:
|
Port Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap.
| | Homepage: | http://www.cipherdyne.com/psad | | Changes: | Compatible with more linux distributions now. The running time was added to --Status output. Support for "use strict" was added. Various small bugfixes and cleanups were made. | | File Size: | 82129 | | Last Modified: | Mar 8 01:36:54 2002 |
| MD5 Checksum: | 5b1badae2dbbb55ab980ef27b6c77f8e |
|
| /// File Name: |
linux-2.2.20-ow2.tar.gz |
Description:
|
The Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.
| | Author: | Solar Designer | | Homepage: | http://www.openwall.com/linux | | Changes: | Fixed an x86-specific Linux kernel vulnerability where local users could abuse a binary compatibility interface (lcall) to kill processes not belonging to them, including system processes. | | File Size: | 28948 | | Last Modified: | Mar 4 01:15:30 2002 |
| MD5 Checksum: | 789b9b631a3930e3ba765381278d04ea |
|
| /// File Name: |
syscalltrack-0.70.tar.gz |
Description:
|
Syscall Tracker is a very powerful tool for Linux 2.2 and 2.4 which allows you to write rules to track system calls. It includes a kernel module plus a userspace applications. Currently only logging the invocation is supported, but in the future, you will be able to fail the system call (i.e. force it to return some error code), or suspend the process executing it. Allows you find out info that is hard to find, for instance to determine which process touched a certain file.
| | Homepage: | http://syscalltrack.sourceforge.net | | Changes: | Supports a type-cast for 'struct' syscall parameters (useful for socket calls), 'fail syscall' actions, convenience-macros in rule config files, experimental device-driver control support, 'log_format' definition per rule, and some new syscalls (waitpid, close, creat). Major bugfixes include fixes for white-space parsing, a small memory leak when deserializing 'log' actions, and a bug in the kernel module that could leave dangling function pointers. | | File Size: | 225097 | | Last Modified: | Feb 26 22:56:09 2002 |
| MD5 Checksum: | c1af0ff5ce13f54b26696efca2642ecb |
|
| /// File Name: |
appcap.tar.gz |
Description:
|
Appcap is an application for x86 Linux which allows root on a machine to attach and redirect standard input and output of any application to his actual tty. Appcap can help admins running a multiuser machine to snoop on users. It is especially very useful for tracing and monitoring ssh and telnet sessions.
| | Author: | Paul Starzetz | | Homepage: | http://appcap.ihaquer.com | | File Size: | 12930 | | Last Modified: | Feb 12 01:11:08 2002 |
| MD5 Checksum: | 57e5a96a36f90b00238f3757fa3e557b |
|
| /// File Name: |
StMichael_LKM-0.08.tar.gz |
Description:
|
StMichael is a LKM that attempts to detect and divert attempts to install a kernel-module backdoor into a running linux system. This is done by monitoring the init_module and delete_module process for changes in the system call table. Detects most modern LKM's, including KIS.
| | Author: | Tim Lawless | | Homepage: | http://www.sourceforge.net/projects/stjude | | Changes: | Addition of ability to restore a system attacked using kernel modification techniques such as a Silvio Stealth syscall by reloading the kernel without a reboot. Addition of Checks to detect the possible subversion of the kernel at loadtime. Now does Full Kernel Text Validation. | | File Size: | 30545 | | Last Modified: | Jan 22 00:37:53 2002 |
| MD5 Checksum: | 56b40532ec8f1f3089de8ec4fe7f5f4f |
|
| /// File Name: |
SAStk-0.1.3.1.tgz |
Description:
|
SAStk (Slackware Administrators Security tool kit) aims to provide a set of tools and utilities to install and maintain a reasonable level of security for the Slackware GNU/Linux distribution. At the same time, it should ease administration with a new centralized initialization setup and background information on what each daemon does.
| | Homepage: | http://sourceforge.net/projects/sastk | | Changes: | Fixed a bug in 0.1.3.0 which set the wrong permissions for the system's root directory. The pkgmake.sh script has been fixed, along with the directory permissions. | | File Size: | 696012 | | Last Modified: | Jan 7 21:29:33 2002 |
| MD5 Checksum: | 75ae29add97cb811bac8fa6c6d8734d9 |
|
| /// File Name: |
syscalltrack-0.66.6.tar.gz |
Description:
|
Syscall Tracker is a powerful tool for Linux 2.2 and 2.4 which allows you to write rules to track system calls. Currently only logging the invocation is supported, but in the future, you will be able to fail the system call (i.e. force it to return some error code), or suspend the process executing it. Allows you find out info that is hard to find, for instance to determine which process touched a certain file.
| | Homepage: | http://syscalltrack.sourceforge.net | | Changes: | New process parameters PPID and PCOMM, a fix for a bug where filter expressions with '!' or '~' weren't parsed correctly, and a fix for a bug where if the filter expression first token was a '(' it looped endlessly because it never advanced to the next token. | | File Size: | 191492 | | Last Modified: | Jan 7 21:23:07 2002 |
| MD5 Checksum: | 08da34eda3066559dde39f6ae9b58027 |
|
| /// File Name: |
syscalltrack-0.64.tar.gz |
Description:
|
Syscall Tracker is a powerful tool for Linux 2.2 and 2.4 which allows you to write rules to track system calls. Currently only logging the invocation is supported, but in the future, you will be able to fail the system call (i.e. force it to return some error code), or suspend the process executing it. Allows you find out info that is hard to find, for instance to determine which process touched a certain file.
| | Homepage: | http://syscalltrack.sourceforge.net | | Changes: | Better support for filter expressions, better error messages, Unary operators ('~', '!') are now working. Fixed some crash bugs and memory leaks. | | File Size: | 168734 | | Last Modified: | Dec 8 23:18:51 2001 |
| MD5 Checksum: | d79f3e7472347cd637a544d6fb80a6ec |
|
| /// File Name: |
psad-0.9.4.tar.gz |
Description:
|
Port Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap.
| | Homepage: | http://www.cipherdyne.com/psad | | Changes: | Added h2xs support so psad will install Psad.pm The Right Way. Added the conntrack_patch kernel patch to fix the iptables ip_conntrack bug which causes packets to be dropped that are part of legitimate tcp sessions. Added the USR1 option to support automatic sending of a USR1 signal to a running psad process. Updated documentation and man page to reflect the above changes. | | File Size: | 80498 | | Last Modified: | Dec 8 21:42:20 2001 |
| MD5 Checksum: | 7fae1a92687d1491cb6d614dc71d4640 |
|
| /// File Name: |
capsel.tgz |
Description:
|
Capsel v1.9.99pre5 is a Linux kernel module for v2.2.x and 2.4.x with many features that increase your system security. It features the ability to stop chroot jail break, stop ptracing, control the execve call, and removes read permission from core dumps. It also changes the behavior of set*uid system calls which may be used by programs to drop almost all capabilities and UID without dropping capabilities that are needed to work correctly (i.e. bind sockets). Allows you to get rid of many of your SUID files.
| | Author: | Wojciech Purczynski | | Homepage: | http://www.elzabsoft.pl/~wp | | Changes: | Now works with kernel v2.2.20. Fixed some bugs. Readme available here. | | File Size: | 43720 | | Last Modified: | Nov 25 21:32:59 2001 |
| MD5 Checksum: | 6e981a98be9291757155b8786c88b34d |
|
| /// File Name: |
medusa-0.9.0.tar.gz |
Description:
|
Medusa DS9 is a tool used to increase Linux's security. It consists of two major parts - Linux kernel changes and the user-space daemon. Kernel changes do the monitoring of syscalls, filesystem actions, and processes, and they implement the communication protocol. The security daemon communicates with the kernel using the character device to send and receive packets.
| | Author: | Marek Zelem and Martin Ockajak | | Homepage: | http://medusa.fornax.sk | | Changes: | Patched for 2.2.20 and 2.4.15. Includes a bunch of bugfixes. | | File Size: | 121002 | | Last Modified: | Nov 24 23:29:34 2001 |
| MD5 Checksum: | 5546ab7e67b2b95244aa8c5550afd35a |
|
| /// File Name: |
procwatch |
Description:
|
Procwatch is a perl script which watches a /proc filesystem for new processes. When a process is created, procwatch reports the time, the username, the PID, and the binary that was run. Its output is suitable for logging to log files and is geared for system administrators who are testing a new but as yet untrusted UNIX system. Although it cannot detect, and is not proof against, hacked loadable kernel modules that have modified /proc, it is useful in watching for possible rogue binaries.
| | Author: | Adam Guyot | | Homepage: | http://www.speakeasy.net/~aguyot | | File Size: | 5059 | | Last Modified: | Nov 24 16:21:32 2001 |
| MD5 Checksum: | a91a4fd73ea6a3e871efd7c377c36da8 |
|
| /// File Name: |
psad-0.9.3.tar.gz |
Description:
|
Port Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap.
| | Homepage: | http://www.cipherdyne.com/psad | | Changes: | Fixed a problem that would drop packets that are part of legitimate TCP sessions. The --USR1 command line option was added to have psad automatically send a running psad process a USR1 signal, which is useful for peering into a running scan data structure. An email installation subroutine was added to install.pl. | | File Size: | 77491 | | Last Modified: | Nov 6 11:18:47 2001 |
| MD5 Checksum: | 13850681a769d0b08d85f67c99ad6ae3 |
|
| /// File Name: |
linux-2.2.20-ow1.tar.gz |
Description:
|
The Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.
| | Author: | Solar Designer | | Homepage: | http://www.openwall.com/linux | | Changes: | Ported to 2.2.0. This version moves even more of the support for combined ELF/a.out setups under the configuration option introduced with 2.2.19-ow4. Readme available | | File Size: | 28332 | | Last Modified: | Nov 6 01:53:16 2001 |
| MD5 Checksum: | 1567d99da210896db17c3eee79f49969 |
|
| /// File Name: |
StMichael_LKM-0.07.tar.gz |
Description:
|
StMichael is a LKM that attempts to detect and divert attempts to install a kernel-module backdoor into a running linux system. This is done by monitoring the init_module and delete_module process for changes in the system call table. Detects most modern LKM's, including KIS.
| | Author: | Tim Lawless | | Homepage: | http://www.sourceforge.net/projects/stjude | | Changes: | Fixed a serious bug that could cause a kernel Oops if StMichael was not the first module loaded into the system. | | File Size: | 25698 | | Last Modified: | Oct 30 03:19:16 2001 |
| MD5 Checksum: | e5cb4205fd25c95563a84be8b4fa8cf6 |
|
| /// File Name: |
StMichael_LKM-0.06.tar.gz |
Description:
|
StMichael is a LKM that attempts to detect and divert attempts to install a kernel-module backdoor into a running linux system. This is done by monitoring the init_module and delete_module process for changes in the system call table. Detects most modern LKM's, including KIS.
| | Author: | Tim Lawless | | Homepage: | http://www.sourceforge.net/projects/stjude | | Changes: | Began code and signature obfuscation work to conceal commonly found strings, Introduced permanent immutability to files on ext2 fs, and other misc code beautification. | | File Size: | 27115 | | Last Modified: | Oct 24 23:57:23 2001 |
| MD5 Checksum: | 9f0d2f9612b1daa97a68c9678fde0348 |
|
| /// File Name: |
ptracekm.tar.gz |
Description:
|
Ptracekm is a kernel module for Linux 2.2 (Possibly 2.4, but untested) that blocks the ptrace() syscall for all users except root. This should effectively prevent local root from being gained via the latest series of ptrace() exploits.
| | Author: | MadCamel | | File Size: | 970 | | Last Modified: | Oct 24 23:40:48 2001 |
| MD5 Checksum: | a5ebea914e825721d29e4eac84215e5a |
|
| /// File Name: |
linux-2.2.19-ow4.tar.gz |
Description:
|
The Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.
| | Author: | Solar Designer | | Homepage: | http://www.openwall.com/linux | | Changes: | Fixes two Linux kernel vulnerabilities. A non-security symbol export issue was fixed and support for ELF executables was put into a separate configuration option. Readme available | | File Size: | 28920 | | Last Modified: | Oct 23 12:27:36 2001 |
| MD5 Checksum: | 07a55b30cb52a8646d42037965695df7 |
|
| /// File Name: |
linux-2.2.19-ow3.tar.gz |
Description:
|
The Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.
| | Author: | Solar Designer | | Homepage: | http://www.openwall.com/linux | | Changes: | Fixes the possible local root vulnerability discovered recently in kernel v2.2.19. Readme available | | File Size: | 27976 | | Last Modified: | Oct 20 04:40:42 2001 |
| MD5 Checksum: | 26fd536156c5f44070817cd512e42fa0 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
