Section: .. / linux / security /
| /// File Name: |
psad-1.3.3.tar.gz |
Description:
|
Port Scan Attack Detector (psad) is a collection of four lightweight daemons written in Perl and C that are designed to work with Linux firewalling code (iptables and ipchains) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options, email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP, UDP, and ICMP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap. Psad also uses packet TTL, IP id, TOS, and TCP window sizes to passively fingerprint the remote operating system from which scans originate. Changelog available here.
| | Homepage: | http://www.cipherdyne.org | | Changes: | Automatic danger level assignments were fixed. The ability to ignore both ranges and specific ports/protocols was added with a new variable, IGNORE_PORTS in psad.conf. Many bugs were fixed. | | File Size: | 477616 | | Last Modified: | Sep 21 03:37:09 2004 |
| MD5 Checksum: | c8154e4ba9cc907513e76131814bc32f |
|
| /// File Name: |
psad-1.3.4.tar.gz |
Description:
|
Port Scan Attack Detector (psad) is a collection of four lightweight daemons written in Perl and C that are designed to work with Linux firewalling code (iptables and ipchains) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options, email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP, UDP, and ICMP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap. Psad also uses packet TTL, IP id, TOS, and TCP window sizes to passively fingerprint the remote operating system from which scans originate. Changelog available here.
| | Homepage: | http://www.cipherdyne.org | | Changes: | Added bidirectional iptables auto-blocking support for all chains. Added init script for Fedora systems, fixed some bugs, and added some new command line options. | | File Size: | 602480 | | Last Modified: | Oct 26 01:57:37 2004 |
| MD5 Checksum: | e1675b904ce9ece9782288ad656b1dde |
|
| /// File Name: |
psad-1.3.tar.gz |
Description:
|
Port Scan Attack Detector (psad) is a collection of four lightweight daemons written in Perl and C that are designed to work with Linux firewalling code (iptables and ipchains) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options, email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP, UDP, and ICMP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap. Psad also uses packet TTL, IP id, TOS, and TCP window sizes to passively fingerprint the remote operating system from which scans originate. Changelog available here.
| | Homepage: | http://www.cipherdyne.org | | Changes: | There is a buffer overflow bugfix in kmsgsd.c for the size of buf[MAX_LINE_BUF] buffer in read() call. 100 new signatures from snort have been added. Source and destination network processing has been added to the signature matching code, and chain tracking has been added to all signatures. Firewall policy parsing routines have been re-worked. GPG signature available here. | | File Size: | 577192 | | Last Modified: | Dec 3 15:01:54 2003 |
| MD5 Checksum: | 814ebd8147ea46e668e8f64fdd92657d |
|
| /// File Name: |
psad-1.4.0.tar.gz |
Description:
|
Port Scan Attack Detector (psad) is a collection of four lightweight daemons written in Perl and C that are designed to work with Linux firewalling code (iptables and ipchains) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options, email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP, UDP, and ICMP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap. Psad also uses packet TTL, IP id, TOS, and TCP window sizes to passively fingerprint the remote operating system from which scans originate. Changelog available here.
| | Homepage: | http://www.cipherdyne.org | | Changes: | p0f-style passive OS fingerprinting has been added through the use of the OPT field in iptables log messages. There is a bugfix for iptables log messages that include TCP sequence numbers, in addition to other bug fixes. | | File Size: | 614173 | | Last Modified: | Nov 28 14:40:13 2004 |
| MD5 Checksum: | f932bc9063810a8798fbc4c9730be9a4 |
|
| /// File Name: |
psad-1.4.4.tar.gz |
Description:
|
Port Scan Attack Detector (psad) is a collection of four lightweight daemons written in Perl and C that are designed to work with Linux firewalling code (iptables and ipchains) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options, email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP, UDP, and ICMP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap. Psad also uses packet TTL, IP id, TOS, and TCP window sizes to passively fingerprint the remote operating system from which scans originate. Changelog available here.
| | Homepage: | http://www.cipherdyne.org | | Changes: | Bug fixes and some cool new features. | | File Size: | 671256 | | Last Modified: | Dec 1 01:48:20 2005 |
| MD5 Checksum: | 6cae2812e016ebb0c30a4815844059c8 |
|
| /// File Name: |
psad-1.4.8.tar.gz |
Description:
|
Port Scan Attack Detector (psad) is a collection of four lightweight daemons written in Perl and C that are designed to work with Linux firewalling code (iptables and ipchains) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options, email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP, UDP, and ICMP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap. Psad also uses packet TTL, IP id, TOS, and TCP window sizes to passively fingerprint the remote operating system from which scans originate. Changelog available here.
| | Homepage: | http://www.cipherdyne.org | | Changes: | Bug fixes and some cool new features. | | File Size: | 698111 | | Last Modified: | Nov 30 03:57:57 2006 |
| MD5 Checksum: | ad500746d0991878816201f310239df5 |
|
| /// File Name: |
psad-2.0.5.tar.gz |
Description:
|
Port Scan Attack Detector (psad) is a collection of four lightweight daemons written in Perl and C that are designed to work with Linux firewalling code (iptables and ipchains) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options, email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP, UDP, and ICMP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap. Psad also uses packet TTL, IP id, TOS, and TCP window sizes to passively fingerprint the remote operating system from which scans originate. Changelog available here.
| | Homepage: | http://www.cipherdyne.org | | Changes: | Bug fixes and some cool new features. | | File Size: | 724162 | | Last Modified: | Mar 4 04:18:10 2007 |
| MD5 Checksum: | 47c9f35b3687df7fa5f5c9d3d4f13b45 |
|
| /// File Name: |
psreal.c |
Description:
|
Psreal.c for Linux kernel 2.4.x finds processes hidden even if a LKM is used.
| | Author: | ghQst | | Homepage: | http://es.xor.ru | | File Size: | 3372 | | Last Modified: | Jul 6 04:29:29 2002 |
| MD5 Checksum: | b66c0b8eddf1fcc10d9b1599f0f252e8 |
|
| /// File Name: |
ptracekm.tar.gz |
Description:
|
Ptracekm is a kernel module for Linux 2.2 (Possibly 2.4, but untested) that blocks the ptrace() syscall for all users except root. This should effectively prevent local root from being gained via the latest series of ptrace() exploits.
| | Author: | MadCamel | | File Size: | 970 | | Last Modified: | Oct 24 23:40:48 2001 |
| MD5 Checksum: | a5ebea914e825721d29e4eac84215e5a |
|
| /// File Name: |
rsbac-admin-1.2.5.tar.bz2 |
Description:
|
Admin tools for the Rule Set Based Access Control (RSBAC) system. Includes log viewers, special patches, nss and pam related functionality, and more.
| | Homepage: | http://www.rsbac.org | | File Size: | 279064 | | Last Modified: | Sep 27 18:54:58 2005 |
| MD5 Checksum: | 12560426f1724b5b140e661547356260 |
|
| /// File Name: |
rsbac-common-1.2.5.tar.bz2 |
Description:
|
Rule Set Based Access Control (RSBAC) is an open source security extension for current Linux kernels. It is based on the Generalized Framework for Access Control (GFAC) and provides a flexible system of access control implemented with the help of a kernel patch. All security relevant system calls are extended by security enforcement code. This code calls the central decision component, which in turn calls all active decision modules and generates a combined decision. This decision is then enforced by the system call extensions.
| | Homepage: | http://www.rsbac.org | | Changes: | Huge amount of bug fixes. | | File Size: | 349424 | | Last Modified: | Sep 27 18:53:35 2005 |
| MD5 Checksum: | cb643700dafea41bbd7c2a2e3a1b0df3 |
|
| /// File Name: |
rsbac-common-1.2.7.tar.bz2 |
Description:
|
Rule Set Based Access Control (RSBAC) is an open source security extension for current Linux kernels. It is based on the Generalized Framework for Access Control (GFAC) and provides a flexible system of access control implemented with the help of a kernel patch. All security relevant system calls are extended by security enforcement code. This code calls the central decision component, which in turn calls all active decision modules and generates a combined decision. This decision is then enforced by the system call extensions.
| | Homepage: | http://www.rsbac.org | | Changes: | Fixed spacing in debian changelog. | | File Size: | 381703 | | Last Modified: | Jun 12 03:19:58 2006 |
| MD5 Checksum: | bbf8a760689c2ff98904fa8eca7cbef3 |
|
| /// File Name: |
rsbac-common-1.2.8.tar.bz2 |
Description:
|
Rule Set Based Access Control (RSBAC) is an open source security extension for current Linux kernels. It is based on the Generalized Framework for Access Control (GFAC) and provides a flexible system of access control implemented with the help of a kernel patch. All security relevant system calls are extended by security enforcement code. This code calls the central decision component, which in turn calls all active decision modules and generates a combined decision. This decision is then enforced by the system call extensions.
| | Homepage: | http://www.rsbac.org | | Changes: | Change the i386 syscalls to the standard syscall3. New rsbac_printk / rsbac_syslog code from 1.3-pre as fix for logging related lockups on SMP systems. Changed RC and ACL default rights to UM GROUPs to include READ instead of GET_STATUS_DATA. | | File Size: | 375930 | | Last Modified: | Aug 30 04:29:37 2006 |
| MD5 Checksum: | f07465403dc074bc878d7f57275480a6 |
|
| /// File Name: |
rsbac-common-1.3.0.tar.bz2 |
Description:
|
Rule Set Based Access Control (RSBAC) is an open source security extension for current Linux kernels. It is based on the Generalized Framework for Access Control (GFAC) and provides a flexible system of access control implemented with the help of a kernel patch. All security relevant system calls are extended by security enforcement code. This code calls the central decision component, which in turn calls all active decision modules and generates a combined decision. This decision is then enforced by the system call extensions.
| | Homepage: | http://www.rsbac.org | | Changes: | Various updates and code fixes. | | File Size: | 361402 | | Last Modified: | Oct 18 19:59:23 2006 |
| MD5 Checksum: | 045b8ce1b4db9cbd87535a3949f56b8d |
|
| /// File Name: |
rsbac-common-1.3.1.tar.bz2 |
Description:
|
Rule Set Based Access Control (RSBAC) is an open source security extension for current Linux kernels. It is based on the Generalized Framework for Access Control (GFAC) and provides a flexible system of access control implemented with the help of a kernel patch. All security relevant system calls are extended by security enforcement code. This code calls the central decision component, which in turn calls all active decision modules and generates a combined decision. This decision is then enforced by the system call extensions.
| | Homepage: | http://www.rsbac.org | | Changes: | Various updates and code fixes. | | File Size: | 363596 | | Last Modified: | Jan 13 19:35:02 2007 |
| MD5 Checksum: | a7989821227c60210fd9321f45afc01d |
|
| /// File Name: |
rsbac-common-1.3.3.tar.bz2 |
Description:
|
Rule Set Based Access Control (RSBAC) is an open source security extension for current Linux kernels. It is based on the Generalized Framework for Access Control (GFAC) and provides a flexible system of access control implemented with the help of a kernel patch. All security relevant system calls are extended by security enforcement code. This code calls the central decision component, which in turn calls all active decision modules and generates a combined decision. This decision is then enforced by the system call extensions.
| | Homepage: | http://www.rsbac.org | | Changes: | Various updates and code fixes. | | File Size: | 367537 | | Last Modified: | May 15 02:55:21 2007 |
| MD5 Checksum: | 82af3502ef2eab1bc4b40a86505deced |
|
| /// File Name: |
rsbac-common-1.3.4.tar.bz2 |
Description:
|
Rule Set Based Access Control (RSBAC) is an open source security extension for current Linux kernels. It is based on the Generalized Framework for Access Control (GFAC) and provides a flexible system of access control implemented with the help of a kernel patch. All security relevant system calls are extended by security enforcement code. This code calls the central decision component, which in turn calls all active decision modules and generates a combined decision. This decision is then enforced by the system call extensions.
| | Homepage: | http://www.rsbac.org | | Changes: | See changelog. | | File Size: | 367947 | | Last Modified: | Jun 7 02:40:36 2007 |
| MD5 Checksum: | d87034b927b71203437cbdcb776a9df9 |
|
| /// File Name: |
rsbac-common-1.3.5.tar.bz2 |
Description:
|
Rule Set Based Access Control (RSBAC) is an open source security extension for current Linux kernels. It is based on the Generalized Framework for Access Control (GFAC) and provides a flexible system of access control implemented with the help of a kernel patch. All security relevant system calls are extended by security enforcement code. This code calls the central decision component, which in turn calls all active decision modules and generates a combined decision. This decision is then enforced by the system call extensions.
| | Homepage: | http://www.rsbac.org | | Changes: | Fixed compilation issue, various other tweaks. | | File Size: | 367814 | | Last Modified: | Jul 20 02:14:46 2007 |
| MD5 Checksum: | c5cc66633c3de30d334929309ef707f6 |
|
| /// File Name: |
rsbac-common-1.3.7.tar.bz2 |
Description:
|
Rule Set Based Access Control (RSBAC) is an open source security extension for current Linux kernels. It is based on the Generalized Framework for Access Control (GFAC) and provides a flexible system of access control implemented with the help of a kernel patch. All security relevant system calls are extended by security enforcement code. This code calls the central decision component, which in turn calls all active decision modules and generates a combined decision. This decision is then enforced by the system call extensions.
| | Homepage: | http://www.rsbac.org | | Changes: | Fixed secure_delete hanging on ext3, various other additions, improvements, and fixes. | | File Size: | 369430 | | Last Modified: | Feb 19 22:53:17 2008 |
| MD5 Checksum: | 4da0f85d10ac8b598838a843a322e187 |
|
| /// File Name: |
rsbac-v1.1.0.tar.gz |
Description:
|
Rule Set Based Access Control (RSBAC) is an open source security extension for current Linux kernels. It is based on the Generalized Framework for Access Control (GFAC) and provides a flexible system of access control implemented with the help of a kernel patch. All security relevant system calls are extended by security enforcement code. This code calls the central decision component, which in turn calls all active decision modules and generates a combined decision. This decision is then enforced by the system call extensions.
| | Homepage: | http://www.rsbac.org | | Changes: | This version was ported to 2.4.0-test11. sys_mmap and sys_mprotect are now intercepted. | | File Size: | 421092 | | Last Modified: | Dec 11 20:38:03 2000 |
| MD5 Checksum: | 3708122519a8dae5376bdaef92ba95cd |
|
| /// File Name: |
rsbac-v1.2.3.tar.gz |
Description:
|
Rule Set Based Access Control (RSBAC) is an open source security extension for current Linux kernels. It is based on the Generalized Framework for Access Control (GFAC) and provides a flexible system of access control implemented with the help of a kernel patch. All security relevant system calls are extended by security enforcement code. This code calls the central decision component, which in turn calls all active decision modules and generates a combined decision. This decision is then enforced by the system call extensions.
| | Homepage: | http://www.rsbac.org | | Changes: | Ported to Linux kernel 2.6.0-test with LSM, various new features and enhancements. | | File Size: | 642376 | | Last Modified: | Jul 1 08:20:00 2004 |
| MD5 Checksum: | 4b5d6f6ff477af8b9da5ba043b1c262e |
|
| /// File Name: |
rsbac-v1.2.4.tar.bz2 |
Description:
|
Rule Set Based Access Control (RSBAC) is an open source security extension for current Linux kernels. It is based on the Generalized Framework for Access Control (GFAC) and provides a flexible system of access control implemented with the help of a kernel patch. All security relevant system calls are extended by security enforcement code. This code calls the central decision component, which in turn calls all active decision modules and generates a combined decision. This decision is then enforced by the system call extensions.
| | Homepage: | http://www.rsbac.org | | Changes: | Fully access controlled kernel level user and group management, transaction support for administration. | | File Size: | 498358 | | Last Modified: | Feb 28 01:12:23 2005 |
| MD5 Checksum: | f6227bed8d1328c39a78a6d09f2f7602 |
|
| /// File Name: |
rsx.tar.gz |
Description:
|
RSX is a Linux LKM which stops most buffer overflow attacks. It is a Runtime addressSpace eXtender providing on the fly code remapping of existing Linux binaries in order to implement non-executable stack as well as non-exec short/long heap areas. RSX targets common buffer-overflow problems preventing code execution in mapped data-only areas. Currently a 2.4.x version of the kernel module is available.
| | Author: | Paul Starzetz | | Homepage: | http://www.ihaquer.com/software/rsx | | File Size: | 25284 | | Last Modified: | Jun 6 18:58:13 2001 |
| MD5 Checksum: | ca73f0cf8a75d55e1c127d88b96e0f8c |
|
| /// File Name: |
s4g-0.8.1.tgz |
Description:
|
Sandbox for Grids (s4g) is a Linux user-mode sandbox. It offers a secure execution environment for suspicious applications. Written in C, it tries to solve some typical problems of quarantine applications: efficiency and security.
| | Author: | Tangui Morlier | | Homepage: | http://www.lri.fr/~tmorlier/S4G/ | | Changes: | Correction of specific distribution bugs: s4g should now compile fine on RedHat and Slackware. | | File Size: | 18297 | | Last Modified: | Sep 29 02:50:08 2004 |
| MD5 Checksum: | 9ef8e7704925ec4920c74f9615d5715f |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
