Section: .. / linux / security /
| /// File Name: |
StMichael_LKM-0.08.tar.gz |
Description:
|
StMichael is a LKM that attempts to detect and divert attempts to install a kernel-module backdoor into a running linux system. This is done by monitoring the init_module and delete_module process for changes in the system call table. Detects most modern LKM's, including KIS.
| | Author: | Tim Lawless | | Homepage: | http://www.sourceforge.net/projects/stjude | | Changes: | Addition of ability to restore a system attacked using kernel modification techniques such as a Silvio Stealth syscall by reloading the kernel without a reboot. Addition of Checks to detect the possible subversion of the kernel at loadtime. Now does Full Kernel Text Validation. | | File Size: | 30545 | | Last Modified: | Jan 22 00:37:53 2002 |
| MD5 Checksum: | 56b40532ec8f1f3089de8ec4fe7f5f4f |
|
| /// File Name: |
StMichael_LKM-0.10.tar.gz |
Description:
|
StMichael is a LKM that attempts to detect and divert attempts to install a kernel-module backdoor into a running linux system. This is done by monitoring the init_module and delete_module process for changes in the system call table. Detects most modern LKM's, including KIS.
| | Author: | Tim Lawless | | Homepage: | http://www.sourceforge.net/projects/stjude | | Changes: | Really Immutable filesystem support for ext3 fs added, Added in Kernel Licensing Code to Identify the Kernel License for newer kernels, Backup kernel is now obscured from string searches using the weak crypt function, Added needed modifications to support the newer Alan Cox Kernels, with the different VM system, fixed lots of compilation issues, and better docs. | | File Size: | 31492 | | Last Modified: | Mar 30 14:03:13 2002 |
| MD5 Checksum: | 16b42d7707d5dfa25214d8cd3768e7fa |
|
| /// File Name: |
StMichael_LKM-0.11.tar.gz |
Description:
|
StMichael is a LKM that attempts to detect and divert attempts to install a kernel-module backdoor into a running linux system. This is done by monitoring the init_module and delete_module process for changes in the system call table. Detects most modern LKM's, including KIS.
| | Author: | Tim Lawless | | Homepage: | http://www.sourceforge.net/projects/stjude | | Changes: | Addition of Self Integrity Checks to Detect Attacks Against StMichael itself. Added of configuration options to hard-code memory offsets into the source instead of discovery during load time, permitting loading of Stmichael from an initrd, before init spawns and the filesystems are mounted. | | File Size: | 36028 | | Last Modified: | Aug 7 01:47:01 2002 |
| MD5 Checksum: | 77d653c5a129e32c59d85ef1451358d5 |
|
| /// File Name: |
StMichael_LKM-0.11.tar.gz.sig |
Description:
|
StMichael LKM 0.11 GPG signature. Gpg key is available from the public keyservers or from my webpage here.
| | File Size: | 65 | | Last Modified: | Aug 7 01:49:10 2002 |
| MD5 Checksum: | 5d92414f11a72add56ef18810e738c70 |
|
| /// File Name: |
StMichael_LKM-0.12.tar.gz |
Description:
|
StMichael is a LKM that attempts to provide a level of protection against kernel-module rootkits. StMichael is designed to be loaded early in the system boot process, and is intended to be present and running on its host system prior to the introduction of malicious kernel modules. StMichael provides this protection by monitoring various portions of the kernel, and optionally the entire kernel text itself, for modifications that may indicate the presence of a malicious kernel module. If rootkit-like activity is detected, StMichael will attempt to recover the kernel's integrity by rolling back the changes made to a previously known-good state.
| | Author: | Rodrigo Rubira Branco | | Homepage: | http://www.sourceforge.net/projects/stjude | | Changes: | StJude/StMichael now has Rodrigo Rubira Branco as its new maintainer. This release fixes compilation problems with 2.4 kernels and also support MBR checksums. | | File Size: | 40651 | | Last Modified: | Oct 27 01:32:17 2005 |
| MD5 Checksum: | f313063dc584e55fdafe538507128366 |
|
| /// File Name: |
StMichael_LKM-0.13-k2.6.tar.gz |
Description:
|
StMichael is a LKM that attempts to provide a level of protection against kernel-module rootkits. StMichael is designed to be loaded early in the system boot process, and is intended to be present and running on its host system prior to the introduction of malicious kernel modules. StMichael provides this protection by monitoring various portions of the kernel, and optionally the entire kernel text itself, for modifications that may indicate the presence of a malicious kernel module. If rootkit-like activity is detected, StMichael will attempt to recover the kernel's integrity by rolling back the changes made to a previously known-good state.
| | Author: | Rodrigo Rubira Branco | | Homepage: | http://www.sourceforge.net/projects/stjude | | Changes: | Special 2.6 release for Defcon. Intended for developers who want to help improve the project but no longer care to work on the 2.4 kernel related release. | | File Size: | 198786 | | Last Modified: | Aug 17 05:03:30 2006 |
| MD5 Checksum: | 44ecd426b3f7a5cb9de7cda5bb696bce |
|
| /// File Name: |
StMichael_LKM-0.13.tar.gz |
Description:
|
StMichael is a LKM that attempts to provide a level of protection against kernel-module rootkits. StMichael is designed to be loaded early in the system boot process, and is intended to be present and running on its host system prior to the introduction of malicious kernel modules. StMichael provides this protection by monitoring various portions of the kernel, and optionally the entire kernel text itself, for modifications that may indicate the presence of a malicious kernel module. If rootkit-like activity is detected, StMichael will attempt to recover the kernel's integrity by rolling back the changes made to a previously known-good state.
| | Author: | Rodrigo Rubira Branco | | Homepage: | http://www.sourceforge.net/projects/stjude | | Changes: | Last release under the 2.4 kernel series. Only bug fixes will be made after this point. | | File Size: | 40668 | | Last Modified: | Aug 17 05:02:31 2006 |
| MD5 Checksum: | b6a8b2beb27ce81cd202593b35c71df7 |
|
| /// File Name: |
SuSEcompartment-0.5.tar.gz |
Description:
|
SuSE Compartment is a program to build secure compartments for running untrsted/insecure programs, and has got the usual uid/gid setting and chrooting abilitity, but the nice thing is the easy access to linux per process capabilities.
| | Author: | Marc | | Homepage: | http://www.suse.de/~marc | | File Size: | 11745 | | Last Modified: | Jan 4 03:49:07 2000 |
| MD5 Checksum: | 36dba996d9a965fbdfaa8da84ed672fb |
|
| /// File Name: |
syscalltrack-0.60.tar.gz |
Description:
|
Syscall Tracker is a powerful tool for Linux 2.2 and 2.4 which allows you to write rules to track system calls. Currently only logging the invocation is supported, but in the future, you will be able to fail the system call (i.e. force it to return some error code), or suspend the process executing it. Allows you find out info that is hard to find, for instance to determine which process touched a certain file.
| | Homepage: | http://syscalltrack.sourceforge.net | | File Size: | 97246 | | Last Modified: | Sep 18 22:33:47 2001 |
| MD5 Checksum: | 8b677826ff04e2ccaf306387f3bcee6c |
|
| /// File Name: |
syscalltrack-0.64.tar.gz |
Description:
|
Syscall Tracker is a powerful tool for Linux 2.2 and 2.4 which allows you to write rules to track system calls. Currently only logging the invocation is supported, but in the future, you will be able to fail the system call (i.e. force it to return some error code), or suspend the process executing it. Allows you find out info that is hard to find, for instance to determine which process touched a certain file.
| | Homepage: | http://syscalltrack.sourceforge.net | | Changes: | Better support for filter expressions, better error messages, Unary operators ('~', '!') are now working. Fixed some crash bugs and memory leaks. | | File Size: | 168734 | | Last Modified: | Dec 8 23:18:51 2001 |
| MD5 Checksum: | d79f3e7472347cd637a544d6fb80a6ec |
|
| /// File Name: |
syscalltrack-0.66.6.tar.gz |
Description:
|
Syscall Tracker is a powerful tool for Linux 2.2 and 2.4 which allows you to write rules to track system calls. Currently only logging the invocation is supported, but in the future, you will be able to fail the system call (i.e. force it to return some error code), or suspend the process executing it. Allows you find out info that is hard to find, for instance to determine which process touched a certain file.
| | Homepage: | http://syscalltrack.sourceforge.net | | Changes: | New process parameters PPID and PCOMM, a fix for a bug where filter expressions with '!' or '~' weren't parsed correctly, and a fix for a bug where if the filter expression first token was a '(' it looped endlessly because it never advanced to the next token. | | File Size: | 191492 | | Last Modified: | Jan 7 21:23:07 2002 |
| MD5 Checksum: | 08da34eda3066559dde39f6ae9b58027 |
|
| /// File Name: |
syscalltrack-0.70.tar.gz |
Description:
|
Syscall Tracker is a very powerful tool for Linux 2.2 and 2.4 which allows you to write rules to track system calls. It includes a kernel module plus a userspace applications. Currently only logging the invocation is supported, but in the future, you will be able to fail the system call (i.e. force it to return some error code), or suspend the process executing it. Allows you find out info that is hard to find, for instance to determine which process touched a certain file.
| | Homepage: | http://syscalltrack.sourceforge.net | | Changes: | Supports a type-cast for 'struct' syscall parameters (useful for socket calls), 'fail syscall' actions, convenience-macros in rule config files, experimental device-driver control support, 'log_format' definition per rule, and some new syscalls (waitpid, close, creat). Major bugfixes include fixes for white-space parsing, a small memory leak when deserializing 'log' actions, and a bug in the kernel module that could leave dangling function pointers. | | File Size: | 225097 | | Last Modified: | Feb 26 22:56:09 2002 |
| MD5 Checksum: | c1af0ff5ce13f54b26696efca2642ecb |
|
| /// File Name: |
syscalltrack-0.71.tar.gz |
Description:
|
Syscall Tracker is a very powerful tool for Linux 2.2 and 2.4 which allows you to write rules to track system calls. It includes a kernel module plus a userspace applications. Currently only logging the invocation is supported, but in the future, you will be able to fail the system call (i.e. force it to return some error code), or suspend the process executing it. Allows you find out info that is hard to find, for instance to determine which process touched a certain file.
| | Homepage: | http://syscalltrack.sourceforge.net | | Changes: | Support was added for constants when specifying matching rules, for example, O_RDONLY, O_EXCL, and friends for open(2). Support was added for octal/hex numbers in filter expressions. Assorted internal cleanups, code refactoring, bugfixes, and memory leak plugs were done. | | File Size: | 248656 | | Last Modified: | Jun 3 00:26:20 2002 |
| MD5 Checksum: | 5541a2534f5976c0cf6b8469b82fa032 |
|
| /// File Name: |
syscalltrack-0.74.tar.gz |
Description:
|
Syscall Tracker is a very powerful tool for Linux 2.2 and 2.4 which allows you to write rules to track system calls. It includes a kernel module plus a userspace applications. Currently only logging the invocation is supported, but in the future, you will be able to fail the system call (i.e. force it to return some error code), or suspend the process executing it. Allows you find out info that is hard to find, for instance to determine which process touched a certain file.
| | Homepage: | http://syscalltrack.sourceforge.net | | Changes: | Now supports over 100 system calls! Includes infrastructure support for 64 bit system call parameters, such as long long and loff_t. This release also fixes bugs in various areas. This release has been extensively tested on 2.4 kernels. It should work on 2.5 kernels. It does not work on 2.2 kernels. | | File Size: | 404477 | | Last Modified: | Sep 13 07:44:27 2002 |
| MD5 Checksum: | adf2af846cf755cdc62d61f30fbf1f2a |
|
| /// File Name: |
Sysctl.sh |
Description:
|
Using the sysctl support in linux to enhance a system security against outside attacks. Includes a script to optimize these settings by echoing values to /proc/sys/net/ipv4/*, turning on kernel security features which lessen the effect of SYN floods, smurf attacks, and turn on source validation by reversed path to add more protection against spoofed packets. Tested on linux 2.2.x.
| | Author: | Spender | | File Size: | 6357 | | Last Modified: | Jun 19 01:21:13 2000 |
| MD5 Checksum: | 489208bede266aac78116d80abaf9d01 |
|
| /// File Name: |
sysmask-1.02.tgz |
Description:
|
Sysmask is a security package for Linux systems that can prevent arbitrary malicious codes from causing permanent damage. It protects the system against daemon exploits and user accounts against viruses and worms, whether known or unknown, without requiring the recompilation of existing software.
| | Author: | XIAO Gang | | Homepage: | http://wims.unice.fr/sysmask/doc/index.html | | File Size: | 176924 | | Last Modified: | Aug 24 03:30:02 2005 |
| MD5 Checksum: | b4c9d16ad0aa5ead3e5bb1e4ff383db3 |
|
| /// File Name: |
sysmask-1.04.tgz |
Description:
|
Sysmask is a security package for Linux systems that can prevent arbitrary malicious codes from causing permanent damage. It protects the system against daemon exploits and user accounts against viruses and worms, whether known or unknown, without requiring the recompilation of existing software.
| | Author: | XIAO Gang | | Homepage: | http://wims.unice.fr/sysmask/doc/index.html | | Changes: | Some minor fixes and improvements. | | File Size: | 177317 | | Last Modified: | Aug 26 02:05:33 2005 |
| MD5 Checksum: | 180cca0394264f471ca36e24b8e5197b |
|
| /// File Name: |
sysmask-1.06.tgz |
Description:
|
Sysmask is a security package for Linux systems that can prevent arbitrary malicious codes from causing permanent damage. It protects the system against daemon exploits and user accounts against viruses and worms, whether known or unknown, without requiring the recompilation of existing software.
| | Author: | XIAO Gang | | Homepage: | http://wims.unice.fr/sysmask/doc/index.html | | Changes: | Added skype configuration. Some minor fixes and improvements. | | File Size: | 183778 | | Last Modified: | Feb 8 00:42:48 2006 |
| MD5 Checksum: | 0b508e7103f184159c54d7e5cfd7d77a |
|
| /// File Name: |
sysmask-1.08.tgz |
Description:
|
Sysmask is a security package for Linux systems that can prevent arbitrary malicious codes from causing permanent damage. It protects the system against daemon exploits and user accounts against viruses and worms, whether known or unknown, without requiring the recompilation of existing software.
| | Author: | XIAO Gang | | Homepage: | http://wims.unice.fr/sysmask/doc/index.html | | Changes: | Kernel patch update for 2.6.17.13 and 2.4.33.3. Fixed malformed kernel patch problem. | | File Size: | 226076 | | Last Modified: | Oct 4 23:56:57 2006 |
| MD5 Checksum: | 065a77e7fef6c08ad0d590c084610ab2 |
|
| /// File Name: |
tcpspy-1.1.tar.gz |
Description:
|
tcpspy is a linux administrator's tool that logs information about incoming and outgoing TCP/IP connections: local address, remote address and, probably the most useful feature, the user name. The current version allows you to include and exclude certain users from logging - this may be useful if you suspect one of the users on your system is up to no good but do not want to violate the privacy of the other users.
| | Author: | Tim J Robbins | | Homepage: | http://box3n.gumbynet.org/~fyre/software | | File Size: | 5995 | | Last Modified: | Nov 13 14:55:49 2000 |
| MD5 Checksum: | bc76149841ec3fa415839855d27a181a |
|
| /// File Name: |
tcpspy-1.4.tar.gz |
Description:
|
tcpspy is a linux administrator's tool that logs information about incoming and outgoing TCP/IP connections: local address, remote address and, probably the most useful feature, the user name. The current version allows you to include and exclude certain users from logging - this may be useful if you suspect one of the users on your system is up to no good but do not want to violate the privacy of the other users.
| | Author: | Tim J Robbins | | Homepage: | http://box3n.gumbynet.org/~fyre/software | | Changes: | Can now log the filename of the executable that created or accepted connections. Assorted bug fixes and code cleanups. | | File Size: | 11051 | | Last Modified: | Dec 7 13:41:09 2000 |
| MD5 Checksum: | 320900fd99bc47d1f81a86cd78e934e7 |
|
| /// File Name: |
tcpspy-1.5.tar.gz |
Description:
|
tcpspy is a linux administrator's tool that logs information about incoming and outgoing TCP/IP connections: local address, remote address and, probably the most useful feature, the user name. The current version allows you to include and exclude certain users from logging - this may be useful if you suspect one of the users on your system is up to no good but do not want to violate the privacy of the other users.
| | Author: | Tim J Robbins | | Homepage: | http://box3n.gumbynet.org/~fyre/software | | Changes: | Bug fixes. | | File Size: | 13875 | | Last Modified: | Mar 16 20:51:16 2001 |
| MD5 Checksum: | fa5d567c487fa7f63b73fd15e2f6eddf |
|
| /// File Name: |
tcpspy-1.6.tar.gz |
Description:
|
tcpspy is a linux administrator's tool that logs information about incoming and outgoing TCP/IP connections: local address, remote address and, probably the most useful feature, the user name. The current version allows you to include and exclude certain users from logging - this may be useful if you suspect one of the users on your system is up to no good but do not want to violate the privacy of the other users.
| | Author: | Tim J Robbins | | Homepage: | http://box3n.gumbynet.org/~fyre/software | | Changes: | Rules can now be read from a file. Also includes code cleanup and optimizations. | | File Size: | 14215 | | Last Modified: | Apr 27 16:49:42 2001 |
| MD5 Checksum: | a8338ef64c32e16054457b47c91b9a49 |
|
| /// File Name: |
tcpspy-1.7.tar.gz |
Description:
|
tcpspy is a linux administrator's tool that logs information about incoming and outgoing TCP/IP connections: local address, remote address and, probably the most useful feature, the user name. The current version allows you to include and exclude certain users from logging - this may be useful if you suspect one of the users on your system is up to no good but do not want to violate the privacy of the other users.
| | Author: | Tim J Robbins | | Homepage: | http://box3n.gumbynet.org/~fyre/software | | Changes: | The syslog facility is no longer hardcoded, warnings are issued when running slowly, documentation updates, and a few minor bugfixes. | | File Size: | 14813 | | Last Modified: | Jun 1 19:55:18 2001 |
| MD5 Checksum: | 8bd8f850057990aacf105ae3b5b20127 |
|
| /// File Name: |
toby.c |
Description:
|
Toby.c is a Linux LKM which intercepts, logs, and stops the setuid, setreuid, and setresuid syscalls from users.
| | Author: | Sacrine | | Homepage: | http://netric.org | | File Size: | 3973 | | Last Modified: | Jan 9 04:03:17 2003 |
| MD5 Checksum: | abea47c5169b3e9846363fa5c0e0cde8 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
