Section: .. / linux / security /
| /// File Name: |
Kfence.c |
Description:
|
Kfence provides kernel protection against basic exploitation techniques, including stack and heap overflows and format string exploits, by patching /dev/kmem and redirecting system_call to test if the eip of the caller is in the wrong memory region. Tested on Linux kernels 2.4.18-14 and 2.4.7-10.
| | Author: | ins1der | | File Size: | 6099 | | Last Modified: | Aug 10 18:21:17 2003 |
| MD5 Checksum: | c12aadfde8374d961c43c9fb2309870d |
|
| /// File Name: |
tcpspy-1.1.tar.gz |
Description:
|
tcpspy is a linux administrator's tool that logs information about incoming and outgoing TCP/IP connections: local address, remote address and, probably the most useful feature, the user name. The current version allows you to include and exclude certain users from logging - this may be useful if you suspect one of the users on your system is up to no good but do not want to violate the privacy of the other users.
| | Author: | Tim J Robbins | | Homepage: | http://box3n.gumbynet.org/~fyre/software | | File Size: | 5995 | | Last Modified: | Nov 13 14:55:49 2000 |
| MD5 Checksum: | bc76149841ec3fa415839855d27a181a |
|
| /// File Name: |
linux-2.2.14-stealth3.diff |
Description:
|
Patch for linux kernel 2.2.14 to discard packets that many OS detection tools use to query the TCP/IP stack.
| | Author: | Sean Trifero | | Homepage: | http://www.innu.org/~sean | | Changes: | Patch3 actually works! Includes logging of the dropped query packets. | | File Size: | 5565 | | Last Modified: | Feb 10 17:19:52 2000 |
| MD5 Checksum: | 49cf985220d9f9f7914dd7f6a1c3df3f |
|
| /// File Name: |
procmon.tar.gz |
Description:
|
Process Monitor v0.23 for Linux is a small kernel module that allows you to watch all programs executed on the system. It is useful for generating full listings of programs (and their supplied arguments) run by potentially dangerous users on a system.
| | Homepage: | http://freshmeat.net/projects/procmon | | Changes: | A fix for a bug which could cause an entire system to hang under very heavy loads. | | File Size: | 5224 | | Last Modified: | Dec 14 22:10:15 2002 |
| MD5 Checksum: | 79019293f8301380106fdb111d5f5f96 |
|
| /// File Name: |
libformat-1.0pre5.tar.gz |
Description:
|
libformat is a library for the Linux operating system that intercepts, among others, calls to the printf() family of functions to prevent format string attacks, in which a possibly malicious user supplied format string is used. This is a programming error, but has recently been used to break computer security. This library can be used to protect against compromises due to yet undiscovered vulnerabilities in privileged programs. libformat checks for format strings containing the %n format specifier in writable parts of a process' address space, and if found, the process is terminated with the KILL signal.
| | Author: | Tim J Robbins | | Homepage: | http://box3n.gumbynet.org/~fyre/software | | File Size: | 5211 | | Last Modified: | Nov 13 14:53:12 2000 |
| MD5 Checksum: | a013ee406d07defa367ceaece04bf493 |
|
| /// File Name: |
procwatch |
Description:
|
Procwatch is a perl script which watches a /proc filesystem for new processes. When a process is created, procwatch reports the time, the username, the PID, and the binary that was run. Its output is suitable for logging to log files and is geared for system administrators who are testing a new but as yet untrusted UNIX system. Although it cannot detect, and is not proof against, hacked loadable kernel modules that have modified /proc, it is useful in watching for possible rogue binaries.
| | Author: | Adam Guyot | | Homepage: | http://www.speakeasy.net/~aguyot | | File Size: | 5059 | | Last Modified: | Nov 24 16:21:32 2001 |
| MD5 Checksum: | a91a4fd73ea6a3e871efd7c377c36da8 |
|
| /// File Name: |
Cerberus_beta_1.tgz |
Description:
|
Cerberus is an experimental tool kernel based for hardening systems. The main idea in local is that, except particular cases, a process can't have better privileges than his father. If Cerberus intercepts anomalies it kills the process before it starts to run. Cerberus stops remote exploits by ensuring that processes like in.telnetd or tcpd will never drop a shell.
| | Author: | Dark Angel | | File Size: | 4908 | | Last Modified: | May 17 03:52:04 2002 |
| MD5 Checksum: | 84aee1b51dca788b15c2fa462a2a3dd4 |
|
| /// File Name: |
maxty.tar.gz |
Description:
|
Maxty is a small kernel-space tty sniffer. It is a LKM which will attach to read/write syscalls and save incoming/outgoing requests to opened tty devices into separate log files. It provides a way keeping a track what is happening on virtual consoles similar to a keystroke recorder.
| | Author: | Paul | | File Size: | 4867 | | Last Modified: | Apr 6 21:04:31 2001 |
| MD5 Checksum: | 8ed7a10a7153e74d0f1495d65783dc4d |
|
| /// File Name: |
spfx2.c |
Description:
|
spfx2.c is a linux kernel module which stops many exploits by protecting the system from code running on the stack. Works by limiting the use of key system calls to library functions. Although spfx2 does not prevent buffer-overflow related crashes, it does make it very difficult to break security with with a buffer-overflow attack, preventing most root compromises.
| | Author: | Justin Lesarge | | File Size: | 4754 | | Last Modified: | Apr 19 17:48:19 2001 |
| MD5 Checksum: | 4672dab270ac42e0779ae8e7752cdbcb |
|
| /// File Name: |
kpatch.sh |
Description:
|
kpatch.sh is a shell script illustrating runtime kernel memory patching. For demonstration purposes it shows how to break the kguard module. kpatch does not create any files on the system it runs on. So it is even possible to patch the kernel memory without creating any file on the target machine. It only requires basic shell utilities to work.
| | Author: | kilian klimek | | File Size: | 4447 | | Last Modified: | Feb 5 22:56:17 2006 |
| MD5 Checksum: | e872f9b2a0a9779b9c9083cefc77e03b |
|
| /// File Name: |
elfcmp-1.0.0.tar.gz |
Description:
|
Elfcmp compares running processes to the their respective binary image to ensure that the process image in memory has not been tampered with after execution. This is useful for security auditing, as other methods that rely strictly on checking disk image checksums are not reliable if only the process image is being tampered with.
| | Author: | Matt Miller | | Homepage: | http://www.hick.org/code.html | | File Size: | 4084 | | Last Modified: | Oct 21 13:24:01 2003 |
| MD5 Checksum: | ae293e91272d71698449a807ba109057 |
|
| /// File Name: |
toby.c |
Description:
|
Toby.c is a Linux LKM which intercepts, logs, and stops the setuid, setreuid, and setresuid syscalls from users.
| | Author: | Sacrine | | Homepage: | http://netric.org | | File Size: | 3973 | | Last Modified: | Jan 9 04:03:17 2003 |
| MD5 Checksum: | abea47c5169b3e9846363fa5c0e0cde8 |
|
| /// File Name: |
StMichael_LKM-0.02.tar.gz |
Description:
|
StMichael is a LKM that attempts to detect and divert attempts to install a kernel-module backdoor into a running linux system. This is done by monitoring the init_module and delete_module process for changes in the system call table. This is a experimental version, and a spin off from the Saint Jude Project.
| | Author: | Tim Lawless | | Homepage: | http://www.sourceforge.net/projects/stjude | | Changes: | Fixed an inverted match which could cause kernel to hang on attempt to unload StMichael. | | File Size: | 3769 | | Last Modified: | May 9 20:35:42 2001 |
| MD5 Checksum: | 531d16989e7b893bef78cffdbf033f81 |
|
| /// File Name: |
linux-2.3.99-pre5-securestack.tar.g..> |
Description:
|
This is the securestackpatch by Openwall, ported for linux 2.3.99-pre5. There are no fancy configuration options, when you use this patch, next time you compile your kernel, the stack will be secure.
| | Author: | Karin | | File Size: | 3719 | | Last Modified: | Apr 22 02:19:10 2000 |
| MD5 Checksum: | 53dd3994657144db59534a01dc45d81a |
|
| /// File Name: |
StMichael_LKM-0.01.tar.gz |
Description:
|
StMichael is a LKM that attempts to detect and divert attempts to install a kernel-module backdoor into a running linux system. This is done by monitoring the init_module and delete_module process for changes in the system call table. This is a experimental version, and a spin off from the Saint Jude Project.
| | Author: | Tim Lawless | | Homepage: | http://www.sourceforge.net/projects/stjude | | File Size: | 3656 | | Last Modified: | May 8 18:47:08 2001 |
| MD5 Checksum: | caa99d3b4772a1cc15352b72f6680686 |
|
| /// File Name: |
psreal.c |
Description:
|
Psreal.c for Linux kernel 2.4.x finds processes hidden even if a LKM is used.
| | Author: | ghQst | | Homepage: | http://es.xor.ru | | File Size: | 3372 | | Last Modified: | Jul 6 04:29:29 2002 |
| MD5 Checksum: | b66c0b8eddf1fcc10d9b1599f0f252e8 |
|
| /// File Name: |
lsi_v1.0_RH.sh |
Description:
|
TSS v1.0beta1 is a shell script to check the local security of a Red Hat 6.0 / 6.1 / 6.2 machine. It checks for crontab, userhelper, shadow passwords, and the piranha account.
| | Author: | Grazer | | Homepage: | http://team-tss.online.cx | | File Size: | 3328 | | Last Modified: | Jun 1 14:38:52 2000 |
| MD5 Checksum: | dd0d87e7c5d58c77d4b9974c8149408d |
|
| /// File Name: |
vma_rw_chk-1.0.tar.gz |
Description:
|
Vma_rw_chk is a small security module for Linux-2.2.19 which prevents most exploits from working by wrapping execve() and checking to see that the caller does not call from a writable memory segment. Since most local (and many remote) exploits call execve() or similar from the stack (and environment, which is also placed on the stack), which is writable, it prevents most standard exploits from working.
| | Author: | Proton | | Homepage: | http://www.energymech.net/users/proton | | File Size: | 2509 | | Last Modified: | Oct 4 02:31:32 2001 |
| MD5 Checksum: | a667768b03f30fbc2d1d31bd97eaecf0 |
|
| /// File Name: |
slog.c |
Description:
|
Slog.c is a simple linux keystroke logger without function hooking. Tested on Redhat 7.2.
| | Author: | Slacko | | File Size: | 2200 | | Last Modified: | Sep 5 01:21:52 2002 |
| MD5 Checksum: | 1527a47b813bd458beebc7b2d9ffad18 |
|
| /// File Name: |
spfx.c |
Description:
|
spfx.c is a linux kernel module which stops many exploits by protecting the system from code running on the stack.
| | File Size: | 2166 | | Last Modified: | Apr 9 01:22:45 2001 |
| MD5 Checksum: | cd17bdbfe61fba08502ab59be605cc97 |
|
| /// File Name: |
DumpRam.c |
Description:
|
A simple tool for Linux that allows the dumping of all physical memory (RAM).
| | Author: | WarGame | | File Size: | 1722 | | Last Modified: | Feb 26 19:15:18 2008 |
| MD5 Checksum: | 9226efe8cb4cc30143ed8d879af57099 |
|
| /// File Name: |
SACscan.tar.gz |
Description:
|
SACscan is a basic portscanner much alike Nmap
| | Author: | Levent Kayan | | Homepage: | http://www.sac.cc | | File Size: | 1582 | | Last Modified: | Jul 25 15:43:17 2003 |
| MD5 Checksum: | a57aca5df7a776f1e660a86210a164de |
|
| /// File Name: |
scandetect.tar.gz |
Description:
|
Scan Detect prevents attackers from running TCP port scanners against your Linux system by listening on a given TCP port and if any host on the internet connects to that TCP port, Scan Detect will use Ipchains to block that host completely.
| | Author: | Ryan Mann | | Homepage: | http://personal.mia.bellsouth.net/mia/k/f/kf4dez | | File Size: | 1531 | | Last Modified: | Jul 27 13:18:41 2000 |
| MD5 Checksum: | f8a50e5fa7da5758967174ea523038bf |
|
| /// File Name: |
local0.c |
Description:
|
Local0.c is a simple linux lkm that denies root access to remote users only. Tested on Redhat 7.2.
| | Author: | Slacko | | File Size: | 1070 | | Last Modified: | Sep 6 00:17:43 2002 |
| MD5 Checksum: | bc6350bf2a2af93eb541b9946dfcb2f2 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
