Section: .. / linux / security /
| /// File Name: |
lsat-0.9.2.tgz |
Description:
|
The Linux Security Auditing Tool (LSAT) is a post install security auditor for Linux/Unix. It checks many system configurations and local network settings on the system for common security/config errors and for packages that are not needed. It (for now) works under Linux (x86: Gentoo, RedHat, Debian, Mandrake; Sparc: SunOS (2.x), Redhat sparc, Mandrake Sparc; Apple OS X).
| | Homepage: | http://usat.sourceforge.net | | File Size: | 71565 | | Last Modified: | Nov 4 01:40:28 2004 |
| MD5 Checksum: | 0435a69e54e0f18b1a425bfc2c3abb17 |
|
| /// File Name: |
acl-0.5.4-4.tar.gz |
Description:
|
Linux, in the tradition of UNIX-like operating systems, implements file system permissions using a rather coarse scheme. While this is sufficient for a surprisingly large set of applications, it is too inflexible for many advanced scenarios. For that reason, all the major commercial UNIX operating systems have extended this simple scheme in one way or the other. For Linux, such extensions are not stable enough yet. Standard distributions do not include ACLs so far.
| | File Size: | 71557 | | Last Modified: | Oct 7 15:16:39 1999 |
| MD5 Checksum: | fabd13d7cc5beed59568fe5a88a2bf95 |
|
| /// File Name: |
lsat-0.8.9.tgz |
Description:
|
Linux Security Auditing Tool (LSAT) is a post install security auditing tool. It is modular in design, so new features can be added quickly. It checks many insecure system configurations and local network settings on the system for common security/config errors and for unneeded packages. It has been tested on Linux (Gentoo, Red Hat, Debian, etc.) and Solaris (SunOS 2.x).
| | Homepage: | http://usat.sourceforge.net | | Changes: | Added a checkftp module that checks FTP configurations. There are more repairs to the checkmd5 module, and several typo fixes and code cleanups. | | File Size: | 71003 | | Last Modified: | Dec 22 15:48:58 2003 |
| MD5 Checksum: | a5217f2946a0f39c289374d32b97822a |
|
| /// File Name: |
Komahayown-0.2b.tgz |
Description:
|
Komahayown is a utility that makes use of the Syscall proxying idea using shellcodes. Instructions are in Spanish.
| | Author: | Matias Sedalo | | Homepage: | http://www.shellcode.com.ar | | File Size: | 70236 | | Last Modified: | May 28 03:34:12 2003 |
| MD5 Checksum: | 80276e945e930c244d18f1bce06d87fa |
|
| /// File Name: |
lsat-0.8.7.tgz |
Description:
|
Linux Security Auditing Tool (LSAT) is a post install security auditing tool. It is modular in design, so new features can be added quickly. It checks many insecure system configurations and local network settings on the system for common security/config errors and for unneeded packages. It has been tested on Linux (Gentoo, Red Hat, Debian, etc.) and Solaris (SunOS 2.x).
| | Homepage: | http://usat.sourceforge.net | | Changes: | Fixed problems in the Makefile and in the checkpasswd and checkmd5 modules. More checking was added to the checkwww and checkssh modules. Basic X checking was added in the checkx module. | | File Size: | 65563 | | Last Modified: | Oct 21 13:16:51 2003 |
| MD5 Checksum: | f58e90592926fdf35ab6987e31af5c66 |
|
| /// File Name: |
psad-0.9.1.tar.gz |
Description:
|
Port Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap.
| | Homepage: | http://www.cipherdyne.com/psad | | Changes: | A security bugfix was made in config file processing. Deep scans are now detected properly. A man page and a set of benchmarks was added. | | File Size: | 64551 | | Last Modified: | Sep 5 02:12:59 2001 |
| MD5 Checksum: | 3608f0e66ea8244b793d8bbd367087a7 |
|
| /// File Name: |
psad-0.9.0.tar.gz |
Description:
|
Port Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap.
| | Homepage: | http://www.cipherdyne.com/psad | | Changes: | Support has been added for UDP scan detection along with a few UDP scan signatures, a new verbose mode is included in install.pl, improved check_flags() for better TCP flag recognition (nmap NULL scans are supported), and a fix for psadwatchd not parsing ps output correctly. | | File Size: | 57114 | | Last Modified: | Aug 4 08:24:31 2001 |
| MD5 Checksum: | 9ac41fc3e1b1a038c9b5d5a5e351687c |
|
| /// File Name: |
lsat-0.5.9.tgz |
Description:
|
Linux Security Auditing Tool (LSAT) is a post install security auditing tool. It is modular in design, so new features can be added quickly. It checks inetd entries and looks for unneeded RPM packages. It is being expanded to work with Linux distributions other than Red Hat, and checks for kernel versions.
| | Homepage: | http://www.dimlight.org/~number9/lsat/ | | Changes: | The -x option was added to skip local SUID/SGID and world/group read/write. A checkcfg module was added for Red Hat. Checkcfg prints the output of chkconfig --list, giving the user a visual inspection of all services run in each runlevel. | | File Size: | 53433 | | Last Modified: | Jul 24 00:11:02 2002 |
| MD5 Checksum: | f63d85ecd7e4ebce093b92ceb3873718 |
|
| /// File Name: |
psad-0.8.9.tar.gz |
Description:
|
Port Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap.
| | Homepage: | http://www.cipherdyne.com/psad | | Changes: | A seperate monitoring daemon, psadwatchd has been added which watches both psad and kmsgsd, support for multiple email address reporting, and a debugging mode for psad have all been added. Some bugs have been fixed. | | File Size: | 53255 | | Last Modified: | Jul 23 19:43:36 2001 |
| MD5 Checksum: | 8e3f0ec1dd35f1bf3386b8c268eed5f9 |
|
| /// File Name: |
lsat-0.5.8.tgz |
Description:
|
Linux Security Auditing Tool (LSAT) is a post install security auditing tool. It is modular in design, so new features can be added quickly. It checks inetd entries and looks for unneeded RPM packages. It is being expanded to work with Linux distributions other than Red Hat, and checks for kernel versions.
| | Homepage: | http://www.dimlight.org/~number9/lsat/ | | Changes: | Some basic sshd config checks were added. Buffer checks were added. | | File Size: | 52801 | | Last Modified: | Jul 4 03:54:49 2002 |
| MD5 Checksum: | 4274ed9d157c9d477d44473c493d9151 |
|
| /// File Name: |
psad-0.8.8.tar.gz |
Description:
|
Port Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap.
| | Homepage: | http://www.cipherdyne.com/psad | | Changes: | Whois lookups against scanning IPs were added. An uninstall option was added to install.pl. A bug in the 'stop' routine in psad-init was fixed. A bug in the syslog restart system call in install.pl was fixed. | | File Size: | 51593 | | Last Modified: | May 8 20:06:01 2001 |
| MD5 Checksum: | 280a7905ddcba14ed03ae517eb8be7a3 |
|
| /// File Name: |
dazuko-2.0.0-pre4.tar.gz |
Description:
|
Dazuko is a kernel module which provides 3rd-party applications with an interface for file access control. Useful for on-demand virus scanning, as a file-access monitor/logger or external security implementations. It operates by intercepting file-access calls and passing the file information to a 3rd-party application. The 3rd-party application then has the opportunity to tell the kernel module to allow or deny the file-access. The 3rd-party application also receives information about the file, such as type of access, process ID, user ID, etc.
| | Author: | John Ogness | | Homepage: | http://www.dazuko.org | | File Size: | 49364 | | Last Modified: | Nov 18 19:47:09 2003 |
| MD5 Checksum: | 5ff92758b9713d0d1756b9d1e15e5d4a |
|
| /// File Name: |
lsat-0.5.7.tgz |
Description:
|
Linux Security Auditing Tool (LSAT) is a post install security auditing tool. It is modular in design, so new features can be added quickly. It checks inetd entries and looks for unneeded RPM packages. It is being expanded to work with Linux distributions other than Red Hat, and checks for kernel versions.
| | Homepage: | http://www.dimlight.org/~number9/lsat/ | | Changes: | Fixed checkinetd (even under Red Hat 7.3), checkftpusers, and a symlink attack in checkfiles. | | File Size: | 46765 | | Last Modified: | Jun 3 01:24:35 2002 |
| MD5 Checksum: | 1cf21e26b25db0a2353bf63a7f886b54 |
|
| /// File Name: |
capsel.tgz |
Description:
|
Capsel v1.9.99pre5 is a Linux kernel module for v2.2.x and 2.4.x with many features that increase your system security. It features the ability to stop chroot jail break, stop ptracing, control the execve call, and removes read permission from core dumps. It also changes the behavior of set*uid system calls which may be used by programs to drop almost all capabilities and UID without dropping capabilities that are needed to work correctly (i.e. bind sockets). Allows you to get rid of many of your SUID files.
| | Author: | Wojciech Purczynski | | Homepage: | http://www.elzabsoft.pl/~wp | | Changes: | Now works with kernel v2.2.20. Fixed some bugs. Readme available here. | | File Size: | 43720 | | Last Modified: | Nov 25 21:32:59 2001 |
| MD5 Checksum: | 6e981a98be9291757155b8786c88b34d |
|
| /// File Name: |
lsat-0.5.5.tgz |
Description:
|
Linux Security Auditing Tool (LSAT) is a post install security auditing tool. It is modular in design, so new features can be added quickly. It checks inetd entries and looks for unneeded RPM packages. It is being expanded to work with Linux distributions other than Red Hat, and checks for kernel versions.
| | Homepage: | http://www.dimlight.org/~number9/lsat/ | | Changes: | Fixed bugs and added checkrpm module to report RPM integrity on redhat based systems. | | File Size: | 43391 | | Last Modified: | May 10 03:16:21 2002 |
| MD5 Checksum: | 1953add42850b113d435de917f5c3ff6 |
|
| /// File Name: |
lsat-0.5.6.tgz |
Description:
|
Linux Security Auditing Tool (LSAT) is a post install security auditing tool. It is modular in design, so new features can be added quickly. It checks inetd entries and looks for unneeded RPM packages. It is being expanded to work with Linux distributions other than Red Hat, and checks for kernel versions.
| | Homepage: | http://www.dimlight.org/~number9/lsat/ | | Changes: | Fixed a false negative in checkinetd module, now always finds inetd.conf and xinetd.d files, fixes for a tempfile problem in checkset module and the sticky dir check, and cleanups to typos and output. | | File Size: | 43230 | | Last Modified: | May 19 02:41:43 2002 |
| MD5 Checksum: | ec7a6ea820a765d4f2b0aa41318b4f06 |
|
| /// File Name: |
linux-2.2.21-ow2.tar.gz |
Description:
|
The Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.
| | Author: | Solar Designer | | Homepage: | http://www.openwall.com/linux | | Changes: | Added many security fixes for issues with the Linux kernel. | | File Size: | 43184 | | Last Modified: | Sep 11 03:17:15 2002 |
| MD5 Checksum: | f84249514f5ae1f7c445955725738174 |
|
| /// File Name: |
multiadm-1.0.3.tbz2 |
Description:
|
The MultiAdmin security framework kernel module provides a means to have multiple root users with unique UIDs. This bypasses collation order problems with NSCD, allows you to have files with unique owners, and allows you to track the quota usage for every real user. It also implements a sub-admin, a partially restricted root user who has full read-only access to most subsystems, but write rights only to a limited subset, for example writing to files or killing processes only of certain users.
| | Author: | Jan Engelhardt | | Homepage: | http://alphagate.hopto.org/multiadm/ | | File Size: | 42378 | | Last Modified: | Dec 28 19:05:40 2005 |
| MD5 Checksum: | f014a4fed15e3e18ac3607ea854f01c4 |
|
| /// File Name: |
lsat-0.5.2.tgz |
Description:
|
Linux Security Auditing Tool (LSAT) is a post install security auditing tool. It is modular in design, so new features can be added quickly. It checks inetd entries and looks for unneeded RPM packages. It is being expanded to work with Linux distributions other than Red Hat, and checks for kernel versions.
| | Homepage: | http://www.dimlight.org/~number9/lsat/ | | Changes: | Now runs shellcode, reports error and keeps going if any module fails, and documentation updates. | | File Size: | 41544 | | Last Modified: | May 5 02:05:33 2002 |
| MD5 Checksum: | b6be1cf264d2cf9bd89d07295493eab4 |
|
| /// File Name: |
zeppoo-0.0.4.tar.gz |
Description:
|
Zeppoo is a tool that attempts to detect if a rootkit is installed on your system. It also makes it possible to detect hidden tasks, modules, syscalls, some corrupted symbols and also hidden connections.
| | Homepage: | http://www.zeppoo.net | | Changes: | Support for Redhat, Ubuntu added, support for amd64 architecture, various bugfixes. | | File Size: | 41276 | | Last Modified: | Nov 3 17:59:38 2006 |
| MD5 Checksum: | 15378e27d08dc883354748d2f1a177d2 |
|
| /// File Name: |
StMichael_LKM-0.13.tar.gz |
Description:
|
StMichael is a LKM that attempts to provide a level of protection against kernel-module rootkits. StMichael is designed to be loaded early in the system boot process, and is intended to be present and running on its host system prior to the introduction of malicious kernel modules. StMichael provides this protection by monitoring various portions of the kernel, and optionally the entire kernel text itself, for modifications that may indicate the presence of a malicious kernel module. If rootkit-like activity is detected, StMichael will attempt to recover the kernel's integrity by rolling back the changes made to a previously known-good state.
| | Author: | Rodrigo Rubira Branco | | Homepage: | http://www.sourceforge.net/projects/stjude | | Changes: | Last release under the 2.4 kernel series. Only bug fixes will be made after this point. | | File Size: | 40668 | | Last Modified: | Aug 17 05:02:31 2006 |
| MD5 Checksum: | b6a8b2beb27ce81cd202593b35c71df7 |
|
| /// File Name: |
StMichael_LKM-0.12.tar.gz |
Description:
|
StMichael is a LKM that attempts to provide a level of protection against kernel-module rootkits. StMichael is designed to be loaded early in the system boot process, and is intended to be present and running on its host system prior to the introduction of malicious kernel modules. StMichael provides this protection by monitoring various portions of the kernel, and optionally the entire kernel text itself, for modifications that may indicate the presence of a malicious kernel module. If rootkit-like activity is detected, StMichael will attempt to recover the kernel's integrity by rolling back the changes made to a previously known-good state.
| | Author: | Rodrigo Rubira Branco | | Homepage: | http://www.sourceforge.net/projects/stjude | | Changes: | StJude/StMichael now has Rodrigo Rubira Branco as its new maintainer. This release fixes compilation problems with 2.4 kernels and also support MBR checksums. | | File Size: | 40651 | | Last Modified: | Oct 27 01:32:17 2005 |
| MD5 Checksum: | f313063dc584e55fdafe538507128366 |
|
| /// File Name: |
bmap-1.0.17.tar.gz |
Description:
|
The Linux kernel includes a powerful, filesystem independant mechanism for mapping logical files onto the sectors they occupy on disk, which can be subverted (with bmap and friends) to perform a variety of functions interesting to the computer forensics community and the computer security community.
| | Author: | Daniel Ridge | | Changes: | A fix for a casting error that created problems on files located above 2GB. | | File Size: | 39631 | | Last Modified: | Apr 17 16:04:00 2000 |
| MD5 Checksum: | 8b96a7f41b2de1a076dd4c00f32daee0 |
|
| /// File Name: |
linux-2.4.35-ow2.tar.gz |
Description:
|
The Openwall Linux kernel patch is a collection of security hardening features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.
| | Author: | Solar Designer | | Homepage: | http://www.openwall.com/linux | | File Size: | 38817 | | Last Modified: | Aug 15 00:53:03 2007 |
| MD5 Checksum: | 490369c60d5445c3a3912cd711091149 |
|
| /// File Name: |
linux-2.4.26-ow3.tar.gz |
Description:
|
The Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.
| | Author: | Solar Designer | | Homepage: | http://www.openwall.com/linux | | Changes: | Corrects the access control check in the Linux kernel which previously wrongly allowed any local user to change the group ownership of arbitrary NFS-exported/imported files (CAN-2004-0497). Also adds a workaround for the file offset pointer races (CAN-2004-0415). | | File Size: | 36303 | | Related CVE(s): | CAN-2004-0497, CAN-2004-0415 | | Last Modified: | Aug 10 03:48:46 2004 |
| MD5 Checksum: | a28962d6839f5f2511f28978393407c1 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
