Section: .. / linux / security /
| /// File Name: |
linux-2.2.19-ow4.tar.gz |
Description:
|
The Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.
| | Author: | Solar Designer | | Homepage: | http://www.openwall.com/linux | | Changes: | Fixes two Linux kernel vulnerabilities. A non-security symbol export issue was fixed and support for ELF executables was put into a separate configuration option. Readme available | | File Size: | 28920 | | Last Modified: | Oct 23 12:27:36 2001 |
| MD5 Checksum: | 07a55b30cb52a8646d42037965695df7 |
|
| /// File Name: |
umbrella-0.5.1.tar.bz2 |
Description:
|
The Umbrella security mechanism implements a combination of process-based Mandatory Access Control (MAC) and authentication of files through Digital Signed Binaries (DSB) for Linux based consumer electronics devices ranging from mobile phones to settop boxes. Umbrella is implemented on top of the Linux Security Modules (LSM) framework. The MAC scheme is enforced by a set of restrictions on each process. This policy is distributed with a binary in form of execute restrictions (in the file signature) and within the program, where the developer has the opportunity of making a restricted fork.
| | Homepage: | http://umbrella.sourceforge.net/ | | Changes: | Fixed a memory allocation bug. | | File Size: | 28397 | | Last Modified: | Dec 11 15:21:11 2004 |
| MD5 Checksum: | 23c9015571cf975a65338feed9e3ba8b |
|
| /// File Name: |
linux-2.2.20-ow1.tar.gz |
Description:
|
The Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.
| | Author: | Solar Designer | | Homepage: | http://www.openwall.com/linux | | Changes: | Ported to 2.2.0. This version moves even more of the support for combined ELF/a.out setups under the configuration option introduced with 2.2.19-ow4. Readme available | | File Size: | 28332 | | Last Modified: | Nov 6 01:53:16 2001 |
| MD5 Checksum: | 1567d99da210896db17c3eee79f49969 |
|
| /// File Name: |
linux-2.2.19-ow3.tar.gz |
Description:
|
The Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.
| | Author: | Solar Designer | | Homepage: | http://www.openwall.com/linux | | Changes: | Fixes the possible local root vulnerability discovered recently in kernel v2.2.19. Readme available | | File Size: | 27976 | | Last Modified: | Oct 20 04:40:42 2001 |
| MD5 Checksum: | 26fd536156c5f44070817cd512e42fa0 |
|
| /// File Name: |
linux-2.2.22-ow2.tar.gz |
Description:
|
The Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.
| | Author: | Solar Designer | | Homepage: | http://www.openwall.com/linux | | Changes: | Linux 2.2.22-ow2 improves the "lcall" DoS fix for the Linux kernel to cover the NT (Nested Task) flag attack discovered by Christopher Devine. | | File Size: | 27701 | | Last Modified: | Nov 27 01:19:29 2002 |
| MD5 Checksum: | 2db63ab8503cd8a8df7b903e06c0cf0c |
|
| /// File Name: |
linux-2.2.22-ow1.tar.gz |
Description:
|
The Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.
| | Author: | Solar Designer | | Homepage: | http://www.openwall.com/linux | | Changes: | Updated for Kernel v2.2.22. | | File Size: | 27415 | | Last Modified: | Sep 20 12:33:11 2002 |
| MD5 Checksum: | acb8ef1aa99d283e7a9a06fc7ab9a406 |
|
| /// File Name: |
linux-2.2.25-ow1.tar.gz |
Description:
|
The Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.
| | Author: | Solar Designer | | Homepage: | http://www.openwall.com/linux | | Changes: | Ported to kernel v2.2.25. | | File Size: | 27302 | | Last Modified: | Nov 30 22:49:27 2003 |
| MD5 Checksum: | 0ff48567fc27c329d28965e057c2c8a6 |
|
| /// File Name: |
pax-linux-2.2.17.patch |
Description:
|
PaX is an implementation of non-executable pages for IA-32 processors (i.e. pages which user mode code can read or write, but cannot execute code in). Since the processor's native page table/directory entry format has no provision for such a feature, it is a non-trivial task. The project was designed to provide Linux with protection from buffer overflows. Making parts of the memory pages read/write access enabled, but not executable provides the protection.
| | Author: | PaX | | Homepage: | http://pageexec.virtualave.net | | File Size: | 27234 | | Last Modified: | Nov 15 22:14:52 2000 |
| MD5 Checksum: | 49103bb0e247182182de7b1ece4708b0 |
|
| /// File Name: |
pam_usb-0.3.3.tar.gz |
Description:
|
pam_usb is a PAM module that enables authentication using a USB storage device through DSA private/public keys. It can also work with floppy disks, CD-ROMs, or any kind of mountable device.
| | Author: | Andrea Luzzardi | | Homepage: | http://www.sig11.org/~al/pam_usb/ | | Changes: | The option keypath is now split into local_keypath and device_keypath. Fixed a bug that occurred when the TTY entry was empty. Various other fixes and enhancements. | | File Size: | 27211 | | Last Modified: | Oct 26 12:12:50 2005 |
| MD5 Checksum: | 45e73035b706ff6dd20d002210bf0cb3 |
|
| /// File Name: |
vlogger-2.1.1.tar.gz |
Description:
|
vlogger is a new release from THC that logs keystrokes on a Linux box. It logs all console, serial, and remote sessions, and does not use syscall modification. It allows for both local and remote logging methods.
| | Author: | rd | | Homepage: | http://www.thc.org | | File Size: | 27206 | | Last Modified: | Dec 23 04:27:37 2003 |
| MD5 Checksum: | d6b86be186c6ed1992142a5f2285f72f |
|
| /// File Name: |
multiadm-1.0.7.tar.bz2 |
Description:
|
The MultiAdmin security framework kernel module provides a means to have multiple root users with unique UIDs. This bypasses collation order problems with NSCD, allows you to have files with unique owners, and allows you to track the quota usage for every real user. It also implements a sub-admin, a partially restricted root user who has full read-only access to most subsystems, but write rights only to a limited subset, for example writing to files or killing processes only of certain users.
| | Author: | Jan Engelhardt | | Homepage: | http://alphagate.hopto.org/multiadm/ | | Changes: | Updated for 2.6.22. | | File Size: | 27152 | | Last Modified: | Aug 13 22:59:17 2007 |
| MD5 Checksum: | b585bfa752448ee0b4ede7e7675366c9 |
|
| /// File Name: |
StMichael_LKM-0.06.tar.gz |
Description:
|
StMichael is a LKM that attempts to detect and divert attempts to install a kernel-module backdoor into a running linux system. This is done by monitoring the init_module and delete_module process for changes in the system call table. Detects most modern LKM's, including KIS.
| | Author: | Tim Lawless | | Homepage: | http://www.sourceforge.net/projects/stjude | | Changes: | Began code and signature obfuscation work to conceal commonly found strings, Introduced permanent immutability to files on ext2 fs, and other misc code beautification. | | File Size: | 27115 | | Last Modified: | Oct 24 23:57:23 2001 |
| MD5 Checksum: | 9f0d2f9612b1daa97a68c9678fde0348 |
|
| /// File Name: |
linux-2.2.23-ow1.tar.gz |
Description:
|
The Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.
| | Author: | Solar Designer | | Homepage: | http://www.openwall.com/linux | | Changes: | Ported to kernel v2.2.23. | | File Size: | 26894 | | Last Modified: | Dec 5 10:33:49 2002 |
| MD5 Checksum: | cb51cfdd978eba987ca39d09960e17c3 |
|
| /// File Name: |
linux-2.2.26-ow1.tar.gz |
Description:
|
The Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.
| | Author: | Solar Designer | | Homepage: | http://www.openwall.com/linux | | Changes: | Ported to kernel v2.2.26. | | File Size: | 26836 | | Last Modified: | Mar 1 13:26:00 2004 |
| MD5 Checksum: | 55d6ce3e95bfd88632987c170c360aed |
|
| /// File Name: |
pam_usb-0.3.0.tar.gz |
Description:
|
pam_usb is a PAM module that enables authentication using a USB storage device through DSA private/public keys. It can also work with floppy disks, CD-ROMs, or any kind of mountable device.
| | Author: | Andrea Luzzardi | | Homepage: | http://www.sig11.org/~al/pam_usb/ | | Changes: | Fixed gcc compile problem. | | File Size: | 26689 | | Last Modified: | Jul 5 06:43:00 2004 |
| MD5 Checksum: | 032c187ca04c922bf791c5e7780dd6f4 |
|
| /// File Name: |
pam_usb-0.3.2.tar.gz |
Description:
|
pam_usb is a PAM module that enables authentication using a USB storage device through DSA private/public keys. It can also work with floppy disks, CD-ROMs, or any kind of mountable device.
| | Author: | Andrea Luzzardi | | Homepage: | http://www.sig11.org/~al/pam_usb/ | | Changes: | Will try to autodetect /dev/sdN devices (not just /dev/sdNX). Fixed a bug that happened when the application using PAM did not set PAM_TTY correctly. Added the use_first_pass and try_first_pass options. Now if you enter your password on another PAM module (such as pam_mount or pam_ssh), pam_usb will use that password to decrypt the private key. | | File Size: | 26659 | | Last Modified: | Jan 16 01:37:06 2005 |
| MD5 Checksum: | e3e011e54b992a3c0330f825609fb07d |
|
| /// File Name: |
pam_usb-0.3.1.tar.gz |
Description:
|
pam_usb is a PAM module that enables authentication using a USB storage device through DSA private/public keys. It can also work with floppy disks, CD-ROMs, or any kind of mountable device.
| | Author: | Andrea Luzzardi | | Homepage: | http://www.sig11.org/~al/pam_usb/ | | Changes: | Various fixes. | | File Size: | 26626 | | Last Modified: | Aug 5 02:05:07 2004 |
| MD5 Checksum: | 4755ebf481d0732c5b5edbf3987a8dd4 |
|
| /// File Name: |
linux-2.0.39-ow3.tar.gz |
Description:
|
The Secure-Linux patch adds a few security features to the kernel which, while not a complete method of protection, will stop most of the 'cookbook' buffer overflow exploits cold. It also adds the option of restricting the use of symlinks and named pipes in +t (temp) directories which fixes most tmp-race exploits as well. It can also add a little bit more privacy to the system by restricting access to parts of /proc to root so that users may not see who else is logged on or what they're doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction, and privileged IP aliases for kernel 2.0.
| | Author: | Solar Designer | | Homepage: | http://www.openwall.com/linux | | Changes: | There are important bugfixes, including to an older kernel vulnerability fix. Readme available | | File Size: | 26383 | | Last Modified: | Mar 28 20:23:29 2001 |
| MD5 Checksum: | f444dae268d4523ac7a96cef7b23776c |
|
| /// File Name: |
linux-2.0.39-ow2.tar.gz |
Description:
|
The Secure-Linux patch adds a few security features to the kernel which, while not a complete method of protection, will stop most of the 'cookbook' buffer overflow exploits cold. It also adds the option of restricting the use of symlinks and named pipes in +t (temp) directories which fixes most tmp-race exploits as well. It can also add a little bit more privacy to the system by restricting access to parts of /proc to root so that users may not see who else is logged on or what they're doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction, and privileged IP aliases for kernel 2.0.
| | Author: | Solar Designer | | Homepage: | http://www.openwall.com/linux | | Changes: | A fix for the recently announced execve(2)/ptrace(2) race condition vulnerability in the Linux kernel. Readme available | | File Size: | 26114 | | Last Modified: | Feb 10 17:23:54 2001 |
| MD5 Checksum: | 448e15e2a0268611ce885dc7162ee74a |
|
| /// File Name: |
StMichael_LKM-0.07.tar.gz |
Description:
|
StMichael is a LKM that attempts to detect and divert attempts to install a kernel-module backdoor into a running linux system. This is done by monitoring the init_module and delete_module process for changes in the system call table. Detects most modern LKM's, including KIS.
| | Author: | Tim Lawless | | Homepage: | http://www.sourceforge.net/projects/stjude | | Changes: | Fixed a serious bug that could cause a kernel Oops if StMichael was not the first module loaded into the system. | | File Size: | 25698 | | Last Modified: | Oct 30 03:19:16 2001 |
| MD5 Checksum: | e5cb4205fd25c95563a84be8b4fa8cf6 |
|
| /// File Name: |
linux-2.0.38-ow4.tar.gz |
Description:
|
This patch (for kernel version 2.0.38) is a collection of security-related features for the Linux kernel, all configurable via the new 'Security options' configuration section. In addition to the new features, some versions of the patch contain various security fixes. The number of such fixes changes from version to version, as some are becoming obsolete (such as because of the same problem getting fixed with a new kernel release), while other security issues are discovered.
| | Homepage: | http://www.openwall.com/linux/ | | File Size: | 25659 | | Last Modified: | Oct 27 16:53:49 1999 |
| MD5 Checksum: | 247a853497a9864d913c86ea4725fdee |
|
| /// File Name: |
linux-2.2.18-ow4.tar.gz |
Description:
|
The Secure-Linux patch adds a few security features to the kernel which, while not a complete method of protection, will stop most of the 'cookbook' buffer overflow exploits cold. It also adds the option of restricting the use of symlinks and named pipes in +t (temp) directories which fixes most tmp-race exploits as well. It can also add a little bit more privacy to the system by restricting access to parts of /proc to root so that users may not see who else is logged on or what they're doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction, and privileged IP aliases for kernel 2.0.
| | Author: | Solar Designer | | Homepage: | http://www.openwall.com/linux | | Changes: | A fix for the recently announced execve(2)/ptrace(2) race condition vulnerability in the Linux kernel. Readme available | | File Size: | 25353 | | Last Modified: | Feb 10 17:26:26 2001 |
| MD5 Checksum: | 3778930319d1d3040f9fc598005cbad2 |
|
| /// File Name: |
rsx.tar.gz |
Description:
|
RSX is a Linux LKM which stops most buffer overflow attacks. It is a Runtime addressSpace eXtender providing on the fly code remapping of existing Linux binaries in order to implement non-executable stack as well as non-exec short/long heap areas. RSX targets common buffer-overflow problems preventing code execution in mapped data-only areas. Currently a 2.4.x version of the kernel module is available.
| | Author: | Paul Starzetz | | Homepage: | http://www.ihaquer.com/software/rsx | | File Size: | 25284 | | Last Modified: | Jun 6 18:58:13 2001 |
| MD5 Checksum: | ca73f0cf8a75d55e1c127d88b96e0f8c |
|
| /// File Name: |
psad-0.8.7.tar.gz |
Description:
|
Port Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap.
| | Homepage: | http://www.cipherdyne.com/psad | | Changes: | New automatic danger level assigned for known trouble IPs, signature checking and updating done on the fly, and improvements to the install.pl script to parse ipchains rulesets better. | | File Size: | 24631 | | Last Modified: | May 2 23:10:37 2001 |
| MD5 Checksum: | 0c8959af19da07c0bd496241ac1f4e92 |
|
| /// File Name: |
linux-2.2.12-ow6.tar.gz |
Description:
|
The Secure-Linux patch adds a few security features to the kernel which, while not a complete method of protection, will stop most of the 'cookbook' buffer overflow exploits cold. It also adds the option of restricting the use of symlinks in +t (temp) directories which fixes most tmp-race exploits as well. It can also add a little bit more privacy to the system by restricting access to parts of /proc to root so that users may not see who else is logged on or what they're doing.
| | Author: | Solar Designer | | File Size: | 24545 | | Last Modified: | Oct 12 14:33:52 1999 |
| MD5 Checksum: | 40457e12e96bbc0c9305d1a6dfb88cf4 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
