Section: .. / linux / security /
| /// File Name: |
kstat24_v1.1-2.tgz |
Description:
|
Kernel Security Therapy Anti-Trolls (KSTAT) is a very powerful security tool to detect many kinds of rogue kernel rootkits. It analyzes the kernel through /dev/kmem and detects modified syscalls as well as various other problems. This version runs on 2.4.x only, and can assist in finding and removing trojan LKMs. It supports network socket dumps, sys_call fingerprinting, stealth module scanning, and more.
| | Author: | FuSyS | | Homepage: | http://www.s0ftpj.org/en/site.html | | File Size: | 24472 | | Last Modified: | Nov 30 22:53:12 2003 |
| MD5 Checksum: | 96954a3d4b4dd623480b5ed05a7b7523 |
|
| /// File Name: |
linux-2.2.19-ow1.tar.gz |
Description:
|
The Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.
| | Author: | Solar Designer | | Homepage: | http://www.openwall.com/linux | | Changes: | Updated to Linux 2.2.19, which contains security fixes not included in older versions of the patch. Readme available | | File Size: | 24414 | | Last Modified: | Mar 28 20:28:48 2001 |
| MD5 Checksum: | 944a6566a057ca99a3b1575e67db8aea |
|
| /// File Name: |
linux-2.2.18-ow1.tar.gz |
Description:
|
The Secure-Linux patch adds a few security features to the kernel which, while not a complete method of protection, will stop most of the 'cookbook' buffer overflow exploits cold. It also adds the option of restricting the use of symlinks and named pipes in +t (temp) directories which fixes most tmp-race exploits as well. It can also add a little bit more privacy to the system by restricting access to parts of /proc to root so that users may not see who else is logged on or what they're doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction, and priveledged IP aliases for kernel 2.0.
| | Author: | Solar Designer | | Homepage: | http://www.openwall.com/linux | | Changes: | Now works on kernel 2.2.18! Also includes workarounds for GNU MailMan and Courier Mail. Readme available | | File Size: | 24200 | | Last Modified: | Dec 15 03:38:45 2000 |
| MD5 Checksum: | 5e901962c353d8424e51297ff4158b50 |
|
| /// File Name: |
StMichael_LKM-0.05.tar.gz |
Description:
|
StMichael is a LKM that attempts to detect and divert attempts to install a kernel-module backdoor into a running linux system. This is done by monitoring the init_module and delete_module process for changes in the system call table. Detects most modern LKM's, including KIS.
| | Author: | Tim Lawless | | Homepage: | http://www.sourceforge.net/projects/stjude | | Changes: | Added Checks to Detect modules hiding their presence, Added Read-Only /dev/kmem, and Added VFS checking. | | File Size: | 23606 | | Last Modified: | Jul 12 04:16:03 2001 |
| MD5 Checksum: | fda543690273352eaa367dd9d0fbdb92 |
|
| /// File Name: |
pacgen.tar.gz |
Description:
|
Pacgen v1.0 is an Ethernet IP TCP/UDP packet generating tool for Linux. This tool enables custom packets with configurable Ethernet, IP, TCP, and UDP layers as well as custom payloads. Experimental ARP generation is included.
| | Author: | Bo Cato | | File Size: | 23517 | | Last Modified: | Jun 25 02:06:15 2002 |
| MD5 Checksum: | 4322a06ffbd0704f4583608e9346c750 |
|
| /// File Name: |
linux-2.2.15-ow1.tar.gz |
Description:
|
The Secure-Linux patch adds a few security features to the kernel which, while not a complete method of protection, will stop most of the 'cookbook' buffer overflow exploits cold. It also adds the option of restricting the use of symlinks and named pipes in +t (temp) directories which fixes most tmp-race exploits as well. It can also add a little bit more privacy to the system by restricting access to parts of /proc to root so that users may not see who else is logged on or what they're doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction, and priveledged IP aliases for kernel 2.0.
| | Homepage: | http://www.openwall.com/linux/ | | Changes: | Now works on kernel 2.2.15! Readme available | | File Size: | 23489 | | Last Modified: | May 7 18:19:35 2000 |
| MD5 Checksum: | b1c235e1b3ce9a7b35c11f61cbd32cca |
|
| /// File Name: |
linux-2.2.17-ow1.tar.gz |
Description:
|
The Secure-Linux patch adds a few security features to the kernel which, while not a complete method of protection, will stop most of the 'cookbook' buffer overflow exploits cold. It also adds the option of restricting the use of symlinks and named pipes in +t (temp) directories which fixes most tmp-race exploits as well. It can also add a little bit more privacy to the system by restricting access to parts of /proc to root so that users may not see who else is logged on or what they're doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction, and priveledged IP aliases for kernel 2.0.
| | Author: | Solar Designer | | Homepage: | http://www.openwall.com/linux | | Changes: | Now works on kernel 2.2.17! Readme available | | File Size: | 23355 | | Last Modified: | Sep 12 17:11:29 2000 |
| MD5 Checksum: | a1f3c71fadf1ae585e07078e0bd34f15 |
|
| /// File Name: |
linux-2.2.16-ow1.tar.gz |
Description:
|
The Secure-Linux patch adds a few security features to the kernel which, while not a complete method of protection, will stop most of the 'cookbook' buffer overflow exploits cold. It also adds the option of restricting the use of symlinks and named pipes in +t (temp) directories which fixes most tmp-race exploits as well. It can also add a little bit more privacy to the system by restricting access to parts of /proc to root so that users may not see who else is logged on or what they're doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction, and priveledged IP aliases for kernel 2.0.
| | Author: | Solar Designer | | Homepage: | http://www.openwall.com/linux | | Changes: | Now works on kernel 2.2.16! Readme available | | File Size: | 23329 | | Last Modified: | Jul 8 02:49:12 2000 |
| MD5 Checksum: | 6645dc1717ea40439d94aad3e3aea608 |
|
| /// File Name: |
linux-2.2.14-ow1.tar.gz |
Description:
|
This patch (for kernel version 2.2.14) is a collection of security-related features for the Linux kernel, all configurable via the new 'Security options' configuration section. Features a Non-executable user stack area, Restricted links in /tmp, Restricted FIFOs in /tmp, Restricted /proc, Special handling of fd 0, 1, and 2, Enforce RLIMIT_NPROC on execve(2), Destroy shared memory segments not in use, and Privileged IP aliases.
| | Homepage: | http://www.openwall.com/linux/ | | File Size: | 21992 | | Last Modified: | Jan 7 20:37:44 2000 |
| MD5 Checksum: | 0069ea6077f5bcad6113e2f1554f22b6 |
|
| /// File Name: |
zeppoo-0.0.1.tar.gz |
Description:
|
Zeppoo is a tool that attempts to detect if a rootkit is installed on your system. It also makes it possible to detect hidden tasks, modules, syscalls, some corrupted symbols and also hidden connections. Written in Python.
| | Homepage: | http://www.zeppoo.net | | File Size: | 21430 | | Last Modified: | Mar 2 22:46:05 2006 |
| MD5 Checksum: | 25a91c8b134988ff4319ab0c667f72d3 |
|
| /// File Name: |
pam_usb-0.2.2.tar.gz |
Description:
|
pam_usb is a PAM module that enables authentication using a USB storage device through DSA private/public keys. It can also work with floppy disks, CD-ROMs, or any kind of mountable device.
| | Author: | Andrea Luzzardi | | Homepage: | http://www.sig11.org/~al/pam_usb/ | | Changes: | Added support for multiple filesystems, various other enhancements. | | File Size: | 21354 | | Last Modified: | Apr 18 21:18:00 2004 |
| MD5 Checksum: | 71b64a8bc198d94d549666c2690d367d |
|
| /// File Name: |
carbonite.tar.gz |
Description:
|
Carbonite v1.0 is a LKM which is designed to investigate and detect rootkits, even LKM rootkits which patch calls to /proc. It works like lsof and ps at the kernel level, querying every process in Linux's task_struct, which is the kernel structure that maintains information on every running process in Linux. It gives administrators a more reliable method to identify all running processes on the system.
| | Homepage: | http://www.foundstone.com/rdlabs/proddesc/carbonite.html | | File Size: | 21141 | | Last Modified: | Apr 16 22:22:50 2001 |
| MD5 Checksum: | 33ec818ce2fca235c1b925deb4e490df |
|
| /// File Name: |
linux-2.2.14-ow2.tar.gz |
Description:
|
The Secure-Linux patch adds a few security features to the kernel which, while not a complete method of protection, will stop most of the 'cookbook' buffer overflow exploits cold. It also adds the option of restricting the use of symlinks in +t (temp) directories which fixes most tmp-race exploits as well. It can also add a little bit more privacy to the system by restricting access to parts of /proc to root so that users may not see who else is logged on or what they're doing.
| | Homepage: | http://www.openwall.com/linux/ | | Changes: | Now works on kernel 2.2.14! | | File Size: | 20899 | | Last Modified: | Feb 29 03:56:52 2000 |
| MD5 Checksum: | ffde0d2742e866b5d92ef7a944710641 |
|
| /// File Name: |
kstat24.tgz |
Description:
|
Kstat is a powerful tool for Linux v2.4.x which displays information taken directly from kernel structures taken from /dev/kmem. This is especially useful when we can't trust output from usual sources and applications, for example after an unauthorized access to our systems. Effective if something like ps, ifconfig, lsmod, or system calls are patched.
| | Author: | Fusys | | Homepage: | http://www.s0ftpj.org | | Changes: | This is a major update of kstat, since its release for the 2.2.x kernels. This runs on 2.4.x only, and can better assist in finding and removing trojan LKMs. It sports network socket dumps, sys_call fingerprinting, stealth modules scanning and more. | | File Size: | 20741 | | Last Modified: | Jun 5 12:34:42 2002 |
| MD5 Checksum: | 01bdbde57c74a4e9a0c01c7eaf5b9794 |
|
| /// File Name: |
psad-0.8.6.tar.gz |
Description:
|
Port Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap.
| | Homepage: | http://www.cipherdyne.com/psad | | File Size: | 20457 | | Last Modified: | Apr 16 20:47:59 2001 |
| MD5 Checksum: | 31a96bab23794fbfcb0391b502f9ee65 |
|
| /// File Name: |
pam_usb-0.2.1.tar.gz |
Description:
|
pam_usb is a PAM module that enables authentication using a USB storage device through DSA private/public keys. It can also work with floppy disks, CD-ROMs, or any kind of mountable device.
| | Author: | Andrea Luzzardi | | Homepage: | http://www.sig11.org/~al/pam_usb/ | | File Size: | 20094 | | Last Modified: | Apr 5 16:09:00 2004 |
| MD5 Checksum: | 84638d92e9b6cc060c55c49e5a9efd35 |
|
| /// File Name: |
linux-2.2.13-ow1.tar.gz |
Description:
|
This patch (for kernel version 2.2.13) is a collection of security-related features for the Linux kernel, all configurable via the new 'Security options' configuration section. In addition to the new features, some versions of the patch contain various security fixes. The number of such fixes changes from version to version, as some are becoming obsolete (such as because of the same problem getting fixed with a new kernel release), while other security issues are discovered.
| | Homepage: | http://www.openwall.com/linux/ | | File Size: | 19873 | | Last Modified: | Oct 27 16:53:38 1999 |
| MD5 Checksum: | 416792c6dfbedf0e4b71f6c642372f78 |
|
| /// File Name: |
multiadm-1.0.5.tar.bz2 |
Description:
|
The MultiAdmin security framework kernel module provides a means to have multiple root users with unique UIDs. This bypasses collation order problems with NSCD, allows you to have files with unique owners, and allows you to track the quota usage for every real user. It also implements a sub-admin, a partially restricted root user who has full read-only access to most subsystems, but write rights only to a limited subset, for example writing to files or killing processes only of certain users.
| | Author: | Jan Engelhardt | | Homepage: | http://alphagate.hopto.org/multiadm/ | | Changes: | Most LSM hooks have been collapsed and unused arguments have been removed. capable() was slightly changed which made the patch smaller. The MultiAdmin module and kernel patch were updated to 2.6.17-rc3. | | File Size: | 19686 | | Last Modified: | May 2 02:29:30 2006 |
| MD5 Checksum: | bb52729a71ea68c7b6f177ed1a85a738 |
|
| /// File Name: |
multiadm-1.0.6.tar.bz2 |
Description:
|
The MultiAdmin security framework kernel module provides a means to have multiple root users with unique UIDs. This bypasses collation order problems with NSCD, allows you to have files with unique owners, and allows you to track the quota usage for every real user. It also implements a sub-admin, a partially restricted root user who has full read-only access to most subsystems, but write rights only to a limited subset, for example writing to files or killing processes only of certain users.
| | Author: | Jan Engelhardt | | Homepage: | http://alphagate.hopto.org/multiadm/ | | Changes: | Rediffed for linux-2.6.18-rc1. | | File Size: | 19586 | | Last Modified: | Jul 14 03:28:56 2006 |
| MD5 Checksum: | c9405ed6a85cdf6ad4aa599009a27c7c |
|
| /// File Name: |
StMichael_LKM-0.04.tar.gz |
Description:
|
StMichael is a LKM that attempts to detect and divert attempts to install a kernel-module backdoor into a running linux system. This is done by monitoring the init_module and delete_module process for changes in the system call table. This is a experimental version, and a spin off from the Saint Jude Project.
| | Author: | Tim Lawless | | Homepage: | http://www.sourceforge.net/projects/stjude | | Changes: | Added the SHA1 checksum to complement the md5's, added timers to periodically revalidate the kernel, added a configuration script, and added some demos which will trigger StMichael. | | File Size: | 18715 | | Last Modified: | Jul 11 05:01:54 2001 |
| MD5 Checksum: | 617e56ab882299f50e8b27bf0fd267f4 |
|
| /// File Name: |
ip_scfw-0.9.1.tar.gz |
Description:
|
The SYN cookie firewall implements syn cookie syn flood protection on all hosts behind it. Contains a patch to Linux kernel 2.2.17 and an administration tool.
| | Homepage: | http://www.bronzesoft.org/projects/scfw | | File Size: | 18678 | | Last Modified: | Oct 21 03:02:27 2000 |
| MD5 Checksum: | 35b808ade7e0faa9571b7feb2fb0c5c4 |
|
| /// File Name: |
s4g-0.8.1.tgz |
Description:
|
Sandbox for Grids (s4g) is a Linux user-mode sandbox. It offers a secure execution environment for suspicious applications. Written in C, it tries to solve some typical problems of quarantine applications: efficiency and security.
| | Author: | Tangui Morlier | | Homepage: | http://www.lri.fr/~tmorlier/S4G/ | | Changes: | Correction of specific distribution bugs: s4g should now compile fine on RedHat and Slackware. | | File Size: | 18297 | | Last Modified: | Sep 29 02:50:08 2004 |
| MD5 Checksum: | 9ef8e7704925ec4920c74f9615d5715f |
|
| /// File Name: |
s4g-0.8.tgz |
Description:
|
Sandbox for Grids (s4g) is a Linux user-mode sandbox. It offers a secure execution environment for suspicious applications. Written in C, it tries to solve some typical problems of quarantine applications: efficiency and security.
| | Author: | Tangui Morlier | | Homepage: | http://www.lri.fr/~tmorlier/S4G/ | | File Size: | 17862 | | Last Modified: | Sep 17 02:14:55 2004 |
| MD5 Checksum: | fb0db7064e5ad0e97f2fcbfac5cfa103 |
|
| /// File Name: |
linux-2.2.19-stealth1.diff |
Description:
|
The Stealth Kernel Patch for Linux v2.2.19 makes the linux kernel discard the packets that many OS detection tools use to query the TCP/IP stack. Includes logging of the dropped query packets and packets with bogus flags. Does a very good job of confusing nmap and queso.
| | Author: | Sean Trifero | | Homepage: | http://www.innu.org/~sean | | Changes: | Now works with kernel v2.2.19. | | File Size: | 17837 | | Last Modified: | Apr 7 04:05:11 2001 |
| MD5 Checksum: | 29d386c15f8bd808ae57e44d43a61afc |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
